fireside.fm.rss.xml - sfeed_tests - sfeed tests and RSS and Atom files
(HTM) git clone git://git.codemadness.org/sfeed_tests
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
fireside.fm.rss.xml (5523779B)
---
1 <?xml version="1.0" encoding="UTF-8"?>
2 <rss version="2.0" encoding="UTF-8" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:sy="http://purl.org/rss/1.0/modules/syndication/" xmlns:admin="http://webns.net/mvcb/" xmlns:atom="http://www.w3.org/2005/Atom/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:googleplay="http://www.google.com/schemas/play-podcasts/1.0" xmlns:itunes="http://www.itunes.com/dtds/podcast-1.0.dtd" xmlns:podcast="https://github.com/Podcastindex-org/podcast-namespace/blob/main/docs/1.0.md" xmlns:fireside="http://fireside.fm/modules/rss/fireside">
3 <channel>
4 <fireside:hostname>feed03.fireside.fm</fireside:hostname>
5 <fireside:genDate>Thu, 12 Nov 2020 05:56:22 -0600</fireside:genDate>
6 <generator>Fireside (https://fireside.fm)</generator>
7 <title>BSD Now</title>
8 <link>https://www.bsdnow.tv</link>
9 <pubDate>Thu, 12 Nov 2020 11:45:06 -0000</pubDate>
10 <description>Created by three guys who love BSD, we cover the latest news and have an extensive series of tutorials, as well as interviews with various people from all areas of the BSD community. It also serves as a platform for support and questions. We love and advocate FreeBSD, OpenBSD, NetBSD, DragonFlyBSD and TrueOS. Our show aims to be helpful and informative for new users that want to learn about them, but still be entertaining for the people who are already pros.
11 The show airs on Wednesdays at 2:00PM (US Eastern time) and the edited version is usually up the following day.
12 </description>
13 <language>en-us</language>
14 <itunes:type>episodic</itunes:type>
15 <itunes:subtitle>A weekly podcast and the place to B...SD</itunes:subtitle>
16 <itunes:author>Allan Jude</itunes:author>
17 <itunes:summary>Created by three guys who love BSD, we cover the latest news and have an extensive series of tutorials, as well as interviews with various people from all areas of the BSD community. It also serves as a platform for support and questions. We love and advocate FreeBSD, OpenBSD, NetBSD, DragonFlyBSD and TrueOS. Our show aims to be helpful and informative for new users that want to learn about them, but still be entertaining for the people who are already pros.
18 The show airs on Wednesdays at 2:00PM (US Eastern time) and the edited version is usually up the following day.
19 </itunes:summary>
20 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
21 <itunes:explicit>no</itunes:explicit>
22 <itunes:keywords>berkeley,freebsd,openbsd,netbsd,dragonflybsd,trueos,trident,hardenedbsd,tutorial,howto,guide,bsd,interview</itunes:keywords>
23 <itunes:owner>
24 <itunes:name>Allan Jude</itunes:name>
25 <itunes:email>feedback@bsdnow.tv</itunes:email>
26 </itunes:owner>
27 <podcast:locked email="feedback@bsdnow.tv">yes</podcast:locked>
28 <itunes:category text="News">
29 <itunes:category text="Tech News"/>
30 </itunes:category>
31 <itunes:category text="Education">
32 <itunes:category text="How To"/>
33 </itunes:category>
34 <item>
35 <title>376: Build stable packages</title>
36 <link>https://www.bsdnow.tv/376</link>
37 <guid isPermaLink="false">f32e4d71-13e3-4cfa-a98d-c3806ac0c665</guid>
38 <pubDate>Thu, 12 Nov 2020 03:00:00 -0800</pubDate>
39 <author>Allan Jude</author>
40 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/f32e4d71-13e3-4cfa-a98d-c3806ac0c665.mp3" length="45514920" type="audio/mpeg"/>
41 <itunes:episodeType>full</itunes:episodeType>
42 <itunes:author>Allan Jude</itunes:author>
43 <itunes:subtitle>FreeBSD 12.2 is available, ZFS Webinar, Enhancing Syzkaller support for NetBSD, how the OpenBSD -stable packages are built, OPNsense 20.7.4 released, and more</itunes:subtitle>
44 <itunes:duration>46:20</itunes:duration>
45 <itunes:explicit>no</itunes:explicit>
46 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
47 <description>FreeBSD 12.2 is available, ZFS Webinar, Enhancing Syzkaller support for NetBSD, how the OpenBSD -stable packages are built, OPNsense 20.7.4 released, and more
48 NOTES
49 This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow)
50 Headlines
51 FreeBSD 12.2 Release (https://www.freebsd.org/releases/12.2R/relnotes.html)
52 The release notes for FreeBSD 12.2-RELEASE contain a summary of the changes made to the FreeBSD base system on the 12-STABLE development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented.
53 ZFS Webinar: November 18th (https://klarasystems.com/learning/best-practices-for-optimizing-zfs1/)
54 Join us on November 18th for a live discussion with Allan Jude (VP of Engineering at Klara Inc) in this webinar centred on “best practices of ZFS”
55 Building Your Storage Array – Everything from picking the best hardware to RAID-Z and using mirrors.
56 Keeping up with Data Growth – Expanding and growing your pool, and of course, shrinking with device evacuation.
57 Datasets and Properties – Controlling settings with properties and many other tricks!
58 News Roundup
59 Google Summer of Code 2020: [Final Report] Enhancing Syzkaller support for NetBSD (https://blog.netbsd.org/tnf/entry/google_summer_of_code_20202)
60 Sys2syz would give an extra edge to Syzkaller for NetBSD. It has a potential of efficiently automating the conversion of syscall definitions to syzkaller’s grammar. This can aid in increasing the number of syscalls covered by Syzkaller significantly with the minimum possibility of manual errors. Let’s delve into its internals.
61 How the OpenBSD -stable packages are built (https://dataswamp.org/~solene/2020-10-29-official-openbsd-stable-architecture.html)
62 In this long blog post, I will write about the technical details of the OpenBSD stable packages building infrastructure. I have setup the infrastructure with the help of Theo De Raadt who provided me the hardware in summer 2019, since then, OpenBSD users can upgrade their packages using pkg_add -u for critical updates that has been backported by the contributors. Many thanks to them, without their work there would be no packages to build. Thanks to pea@ who is my backup for operating this infrastructure in case something happens to me.
63 OPNsense 20.7.4 released (https://opnsense.org/opnsense-20-7-4-released/)
64 This release finally wraps up the recent Netmap kernel changes and tests.
65 The Realtek vendor driver was updated as well as third party software cURL,
66 libxml2, OpenSSL, PHP, Suricata, Syslog-ng and Unbound just to name a couple
67 of them.
68 Beastie Bits
69 Binutils and linker changes (https://www.dragonflydigest.com/2020/11/03/25120.html)
70 28 Years of NetBSD contributions (https://github.com/NetBSD/src/graphs/contributors)
71 Bluetooth Audio on OpenBSD (https://ifconfig.se/bluetooth-audio-openbsd.html)
72 K8s Bhyve (https://k8s-bhyve.convectix.com)
73 ***
74 Tarsnap
75 This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.
76 Feedback/Questions
77 Sean - C Flags (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/376/feedback/Sean%20-%20C%20Flags.md)
78 Thierry - RPI ZFS question (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/376/feedback/Thierry%20-%20RPI%20ZFS%20question.md)
79 Thierry's script (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/376/feedback/script.md)
80 ***
81 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
82 ***
83 </description>
84 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, operating system, shell, unix, os, berkeley, software, distribution, zfs, zpool, dataset, interview, 12.2, webinar, syzkaller, stable, packages, package building, opnsense, release</itunes:keywords>
85 <content:encoded>
86 <![CDATA[<p>FreeBSD 12.2 is available, ZFS Webinar, Enhancing Syzkaller support for NetBSD, how the OpenBSD -stable packages are built, OPNsense 20.7.4 released, and more</p>
87
88 <p><strong><em>NOTES</em></strong><br>
89 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow">Tarsnap</a></p>
90
91 <h2>Headlines</h2>
92
93 <h3><a href="https://www.freebsd.org/releases/12.2R/relnotes.html" rel="nofollow">FreeBSD 12.2 Release</a></h3>
94
95 <blockquote>
96 <p>The release notes for FreeBSD 12.2-RELEASE contain a summary of the changes made to the FreeBSD base system on the 12-STABLE development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented.</p>
97
98 <hr>
99
100 <h3><a href="https://klarasystems.com/learning/best-practices-for-optimizing-zfs1/" rel="nofollow">ZFS Webinar: November 18th</a></h3>
101
102 <p>Join us on November 18th for a live discussion with Allan Jude (VP of Engineering at Klara Inc) in this webinar centred on “best practices of ZFS”<br>
103 Building Your Storage Array – Everything from picking the best hardware to RAID-Z and using mirrors.<br>
104 Keeping up with Data Growth – Expanding and growing your pool, and of course, shrinking with device evacuation.<br>
105 Datasets and Properties – Controlling settings with properties and many other tricks!</p>
106
107 <hr>
108 </blockquote>
109
110 <h2>News Roundup</h2>
111
112 <h3><a href="https://blog.netbsd.org/tnf/entry/google_summer_of_code_20202" rel="nofollow">Google Summer of Code 2020: [Final Report] Enhancing Syzkaller support for NetBSD</a></h3>
113
114 <blockquote>
115 <p>Sys2syz would give an extra edge to Syzkaller for NetBSD. It has a potential of efficiently automating the conversion of syscall definitions to syzkaller’s grammar. This can aid in increasing the number of syscalls covered by Syzkaller significantly with the minimum possibility of manual errors. Let’s delve into its internals.</p>
116
117 <hr>
118 </blockquote>
119
120 <h3><a href="https://dataswamp.org/%7Esolene/2020-10-29-official-openbsd-stable-architecture.html" rel="nofollow">How the OpenBSD -stable packages are built</a></h3>
121
122 <blockquote>
123 <p>In this long blog post, I will write about the technical details of the OpenBSD stable packages building infrastructure. I have setup the infrastructure with the help of Theo De Raadt who provided me the hardware in summer 2019, since then, OpenBSD users can upgrade their packages using pkg_add -u for critical updates that has been backported by the contributors. Many thanks to them, without their work there would be no packages to build. Thanks to pea@ who is my backup for operating this infrastructure in case something happens to me.</p>
124
125 <hr>
126 </blockquote>
127
128 <h3><a href="https://opnsense.org/opnsense-20-7-4-released/" rel="nofollow">OPNsense 20.7.4 released</a></h3>
129
130 <blockquote>
131 <p>This release finally wraps up the recent Netmap kernel changes and tests.<br>
132 The Realtek vendor driver was updated as well as third party software cURL,<br>
133 libxml2, OpenSSL, PHP, Suricata, Syslog-ng and Unbound just to name a couple<br>
134 of them.</p>
135
136 <hr>
137 </blockquote>
138
139 <h2>Beastie Bits</h2>
140
141 <ul>
142 <li><a href="https://www.dragonflydigest.com/2020/11/03/25120.html" rel="nofollow">Binutils and linker changes</a></li>
143 <li><a href="https://github.com/NetBSD/src/graphs/contributors" rel="nofollow">28 Years of NetBSD contributions</a></li>
144 <li><a href="https://ifconfig.se/bluetooth-audio-openbsd.html" rel="nofollow">Bluetooth Audio on OpenBSD</a></li>
145 <li><a href="https://k8s-bhyve.convectix.com" rel="nofollow">K8s Bhyve</a>
146 ***</li>
147 </ul>
148
149 <h3>Tarsnap</h3>
150
151 <ul>
152 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
153 </ul>
154
155 <h2>Feedback/Questions</h2>
156
157 <ul>
158 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/376/feedback/Sean%20-%20C%20Flags.md" rel="nofollow">Sean - C Flags</a></li>
159 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/376/feedback/Thierry%20-%20RPI%20ZFS%20question.md" rel="nofollow">Thierry - RPI ZFS question</a>
160
161 <ul>
162 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/376/feedback/script.md" rel="nofollow">Thierry's script</a>
163 ***</li>
164 </ul></li>
165 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a>
166 ***</li>
167 </ul>]]>
168 </content:encoded>
169 <itunes:summary>
170 <![CDATA[<p>FreeBSD 12.2 is available, ZFS Webinar, Enhancing Syzkaller support for NetBSD, how the OpenBSD -stable packages are built, OPNsense 20.7.4 released, and more</p>
171
172 <p><strong><em>NOTES</em></strong><br>
173 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow">Tarsnap</a></p>
174
175 <h2>Headlines</h2>
176
177 <h3><a href="https://www.freebsd.org/releases/12.2R/relnotes.html" rel="nofollow">FreeBSD 12.2 Release</a></h3>
178
179 <blockquote>
180 <p>The release notes for FreeBSD 12.2-RELEASE contain a summary of the changes made to the FreeBSD base system on the 12-STABLE development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented.</p>
181
182 <hr>
183
184 <h3><a href="https://klarasystems.com/learning/best-practices-for-optimizing-zfs1/" rel="nofollow">ZFS Webinar: November 18th</a></h3>
185
186 <p>Join us on November 18th for a live discussion with Allan Jude (VP of Engineering at Klara Inc) in this webinar centred on “best practices of ZFS”<br>
187 Building Your Storage Array – Everything from picking the best hardware to RAID-Z and using mirrors.<br>
188 Keeping up with Data Growth – Expanding and growing your pool, and of course, shrinking with device evacuation.<br>
189 Datasets and Properties – Controlling settings with properties and many other tricks!</p>
190
191 <hr>
192 </blockquote>
193
194 <h2>News Roundup</h2>
195
196 <h3><a href="https://blog.netbsd.org/tnf/entry/google_summer_of_code_20202" rel="nofollow">Google Summer of Code 2020: [Final Report] Enhancing Syzkaller support for NetBSD</a></h3>
197
198 <blockquote>
199 <p>Sys2syz would give an extra edge to Syzkaller for NetBSD. It has a potential of efficiently automating the conversion of syscall definitions to syzkaller’s grammar. This can aid in increasing the number of syscalls covered by Syzkaller significantly with the minimum possibility of manual errors. Let’s delve into its internals.</p>
200
201 <hr>
202 </blockquote>
203
204 <h3><a href="https://dataswamp.org/%7Esolene/2020-10-29-official-openbsd-stable-architecture.html" rel="nofollow">How the OpenBSD -stable packages are built</a></h3>
205
206 <blockquote>
207 <p>In this long blog post, I will write about the technical details of the OpenBSD stable packages building infrastructure. I have setup the infrastructure with the help of Theo De Raadt who provided me the hardware in summer 2019, since then, OpenBSD users can upgrade their packages using pkg_add -u for critical updates that has been backported by the contributors. Many thanks to them, without their work there would be no packages to build. Thanks to pea@ who is my backup for operating this infrastructure in case something happens to me.</p>
208
209 <hr>
210 </blockquote>
211
212 <h3><a href="https://opnsense.org/opnsense-20-7-4-released/" rel="nofollow">OPNsense 20.7.4 released</a></h3>
213
214 <blockquote>
215 <p>This release finally wraps up the recent Netmap kernel changes and tests.<br>
216 The Realtek vendor driver was updated as well as third party software cURL,<br>
217 libxml2, OpenSSL, PHP, Suricata, Syslog-ng and Unbound just to name a couple<br>
218 of them.</p>
219
220 <hr>
221 </blockquote>
222
223 <h2>Beastie Bits</h2>
224
225 <ul>
226 <li><a href="https://www.dragonflydigest.com/2020/11/03/25120.html" rel="nofollow">Binutils and linker changes</a></li>
227 <li><a href="https://github.com/NetBSD/src/graphs/contributors" rel="nofollow">28 Years of NetBSD contributions</a></li>
228 <li><a href="https://ifconfig.se/bluetooth-audio-openbsd.html" rel="nofollow">Bluetooth Audio on OpenBSD</a></li>
229 <li><a href="https://k8s-bhyve.convectix.com" rel="nofollow">K8s Bhyve</a>
230 ***</li>
231 </ul>
232
233 <h3>Tarsnap</h3>
234
235 <ul>
236 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
237 </ul>
238
239 <h2>Feedback/Questions</h2>
240
241 <ul>
242 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/376/feedback/Sean%20-%20C%20Flags.md" rel="nofollow">Sean - C Flags</a></li>
243 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/376/feedback/Thierry%20-%20RPI%20ZFS%20question.md" rel="nofollow">Thierry - RPI ZFS question</a>
244
245 <ul>
246 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/376/feedback/script.md" rel="nofollow">Thierry's script</a>
247 ***</li>
248 </ul></li>
249 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a>
250 ***</li>
251 </ul>]]>
252 </itunes:summary>
253 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+L190wi99</fireside:playerURL>
254 <fireside:playerEmbedCode>
255 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+L190wi99" width="740" height="200" frameborder="0" scrolling="no">]]>
256 </fireside:playerEmbedCode>
257 </item>
258 <item>
259 <title>375: Virtually everything</title>
260 <link>https://www.bsdnow.tv/375</link>
261 <guid isPermaLink="false">66a4f529-c2fb-4a8e-83db-9f6cd6ff0809</guid>
262 <pubDate>Thu, 05 Nov 2020 03:00:00 -0800</pubDate>
263 <author>Allan Jude</author>
264 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/66a4f529-c2fb-4a8e-83db-9f6cd6ff0809.mp3" length="43394088" type="audio/mpeg"/>
265 <itunes:episodeType>full</itunes:episodeType>
266 <itunes:author>Allan Jude</itunes:author>
267 <itunes:subtitle> bhyve - The FreeBSD Hypervisor, udf information leak, being a vim user instead of classic vi, FreeBSD on ESXi ARM Fling: Fixing Virtual Hardware, new FreeBSD Remote Process Plugin in LLDB, OpenBSD Laptop, and more.</itunes:subtitle>
268 <itunes:duration>44:48</itunes:duration>
269 <itunes:explicit>no</itunes:explicit>
270 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
271 <description> bhyve - The FreeBSD Hypervisor, udf information leak, being a vim user instead of classic vi, FreeBSD on ESXi ARM Fling: Fixing Virtual Hardware, new FreeBSD Remote Process Plugin in LLDB, OpenBSD Laptop, and more.
272 NOTES
273 This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow)
274 Headlines
275 bhyve - The FreeBSD Hypervisor (https://klarasystems.com/articles/bhyve-the-freebsd-hypervisor/)
276 FreeBSD has had varying degrees of support as a hypervisor host throughout its history. For a time during the mid-2000s, VMWare Workstation 3.x could be made to run under FreeBSD’s Linux Emulation, and Qemu was ported in 2004, and later the kQemu accelerator in 2005. Then in 2009 a port for VirtualBox was introduced. All of these solutions suffered from being a solution designed for a different operating system and then ported to FreeBSD, requiring constant maintenance.
277 ZFS and FreeBSD Support
278 Klara offers flexible Support Subscriptions for your ZFS and FreeBSD infrastructure. Get a world class team of experts to back you up. Check it out on our website! (https://klarasystems.com/support/)
279 udf info leak (https://gist.github.com/CTurt/a00fb4164e13342567830b052aaed94b)
280 FreeBSD UDF driver info leak
281 Analysis done on FreeBSD release 11.0 because that's what I had around.
282 + Fix committed to FreeBSD (https://svnweb.freebsd.org/changeset/base/366005)
283 News Roundup
284 I'm now a user of Vim, not classical Vi (partly because of windows) (https://utcc.utoronto.ca/~cks/space/blog/unix/VimNowAUser)
285 In the past I've written entries (such as this one) where I said that I was pretty much a Vi user, not really a Vim user, because I almost entirely stuck to Vi features. In a comment on my entry on not using and exploring Vim features, rjc reinforced this, saying that I seemed to be using vi instead of vim (and that there was nothing wrong with this). For a long time I thought this way myself, but these days this is not true any more. These days I really want Vim, not classical Vi.
286 FreeBSD on ESXi ARM Fling: Fixing Virtual Hardware (https://vincerants.com/freebsd-on-esxi-arm-fling-fixing-virtual-hardware/)
287 With the current state of FreeBSD on ARM in general, a number of hardware drivers are either set to not auto-load on boot, or are entirely missing altogether. This page is to document my findings with various bits of hardware, and if possible, list fixes.
288 Introduction of a new FreeBSD Remote Process Plugin in LLDB (https://www.moritz.systems/blog/introduction-of-a-new-freebsd-remote-process-plugin-in-lldb/)
289 Moritz Systems have been contracted by the FreeBSD Foundation to modernize the LLDB debugger’s support for FreeBSD. We are writing a new plugin utilizing the more modern client-server layout that is already used by Darwin, Linux, NetBSD and (unofficially) OpenBSD. The new plugin is going to gradually replace the legacy one.
290 OpenBSD Laptop (https://functionallyparanoid.com/2020/10/14/openbsd-laptop/)
291 Hi, I know it’s been a while. I recently had to nuke and re-pave my personal laptop and I thought it would be a nice thing to share with the community how I set up OpenBSD on it so that I have a useful, modern, secure environment for getting work done. I’m not going to say I’m the expert on this or that this is the BEST way to set up OpenBSD, but I thought it would be worthwhile for folks doing Google searches to at least get my opinion on this. So, given that, let’s go…
292 Tarsnap
293 This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.
294 Feedback/Questions
295 Ethan - Linux user wanting to try out OpenBSD (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/375/feedback/Ethan%20-%20Linux%20user%20wanting%20to%20try%20out%20OpenBSD.md)
296 iian - Learning IT (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/375/feedback/iian%20-%20Learning%20IT.md)
297 johnny - bsd swag (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/375/feedback/johnny%20-%20bsd%20swag.md)
298 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
299 ***
300 </description>
301 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, operating system, shell, unix, os, berkeley, software, distribution, zfs, zpool, dataset, interview, bhyve, hypervisor, udf, udf driver, information leak, vim, vi, esxi, arm, virtual hardware, remote process plugin, lldb, laptop</itunes:keywords>
302 <content:encoded>
303 <![CDATA[<p>bhyve - The FreeBSD Hypervisor, udf information leak, being a vim user instead of classic vi, FreeBSD on ESXi ARM Fling: Fixing Virtual Hardware, new FreeBSD Remote Process Plugin in LLDB, OpenBSD Laptop, and more. </p>
304
305 <p><strong><em>NOTES</em></strong><br>
306 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow">Tarsnap</a></p>
307
308 <h2>Headlines</h2>
309
310 <h3><a href="https://klarasystems.com/articles/bhyve-the-freebsd-hypervisor/" rel="nofollow">bhyve - The FreeBSD Hypervisor</a></h3>
311
312 <blockquote>
313 <p>FreeBSD has had varying degrees of support as a hypervisor host throughout its history. For a time during the mid-2000s, VMWare Workstation 3.x could be made to run under FreeBSD’s Linux Emulation, and Qemu was ported in 2004, and later the kQemu accelerator in 2005. Then in 2009 a port for VirtualBox was introduced. All of these solutions suffered from being a solution designed for a different operating system and then ported to FreeBSD, requiring constant maintenance.</p>
314
315 <hr>
316
317 <h3>ZFS and FreeBSD Support</h3>
318
319 <p>Klara offers flexible Support Subscriptions for your ZFS and FreeBSD infrastructure. Get a world class team of experts to back you up. <a href="https://klarasystems.com/support/" rel="nofollow">Check it out on our website!</a></p>
320 </blockquote>
321
322 <h3><a href="https://gist.github.com/CTurt/a00fb4164e13342567830b052aaed94b" rel="nofollow">udf info leak</a></h3>
323
324 <blockquote>
325 <p>FreeBSD UDF driver info leak<br>
326 Analysis done on FreeBSD release 11.0 because that's what I had around.</p>
327
328 <ul>
329 <li><a href="https://svnweb.freebsd.org/changeset/base/366005" rel="nofollow">Fix committed to FreeBSD</a>
330 ***</li>
331 </ul>
332 </blockquote>
333
334 <h2>News Roundup</h2>
335
336 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/unix/VimNowAUser" rel="nofollow">I'm now a user of Vim, not classical Vi (partly because of windows)</a></h3>
337
338 <blockquote>
339 <p>In the past I've written entries (such as this one) where I said that I was pretty much a Vi user, not really a Vim user, because I almost entirely stuck to Vi features. In a comment on my entry on not using and exploring Vim features, rjc reinforced this, saying that I seemed to be using vi instead of vim (and that there was nothing wrong with this). For a long time I thought this way myself, but these days this is not true any more. These days I really want Vim, not classical Vi.</p>
340
341 <hr>
342
343 <h3><a href="https://vincerants.com/freebsd-on-esxi-arm-fling-fixing-virtual-hardware/" rel="nofollow">FreeBSD on ESXi ARM Fling: Fixing Virtual Hardware</a></h3>
344
345 <p>With the current state of FreeBSD on ARM in general, a number of hardware drivers are either set to not auto-load on boot, or are entirely missing altogether. This page is to document my findings with various bits of hardware, and if possible, list fixes.</p>
346
347 <hr>
348
349 <h3><a href="https://www.moritz.systems/blog/introduction-of-a-new-freebsd-remote-process-plugin-in-lldb/" rel="nofollow">Introduction of a new FreeBSD Remote Process Plugin in LLDB</a></h3>
350
351 <p>Moritz Systems have been contracted by the FreeBSD Foundation to modernize the LLDB debugger’s support for FreeBSD. We are writing a new plugin utilizing the more modern client-server layout that is already used by Darwin, Linux, NetBSD and (unofficially) OpenBSD. The new plugin is going to gradually replace the legacy one.</p>
352 </blockquote>
353
354 <hr>
355
356 <h3><a href="https://functionallyparanoid.com/2020/10/14/openbsd-laptop/" rel="nofollow">OpenBSD Laptop</a></h3>
357
358 <blockquote>
359 <p>Hi, I know it’s been a while. I recently had to nuke and re-pave my personal laptop and I thought it would be a nice thing to share with the community how I set up OpenBSD on it so that I have a useful, modern, secure environment for getting work done. I’m not going to say I’m the expert on this or that this is the BEST way to set up OpenBSD, but I thought it would be worthwhile for folks doing Google searches to at least get my opinion on this. So, given that, let’s go…</p>
360
361 <hr>
362 </blockquote>
363
364 <h3>Tarsnap</h3>
365
366 <ul>
367 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
368 </ul>
369
370 <h2>Feedback/Questions</h2>
371
372 <ul>
373 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/375/feedback/Ethan%20-%20Linux%20user%20wanting%20to%20try%20out%20OpenBSD.md" rel="nofollow">Ethan - Linux user wanting to try out OpenBSD</a></li>
374 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/375/feedback/iian%20-%20Learning%20IT.md" rel="nofollow">iian - Learning IT</a></li>
375 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/375/feedback/johnny%20-%20bsd%20swag.md" rel="nofollow">johnny - bsd swag</a></li>
376 </ul>
377
378 <hr>
379
380 <ul>
381 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a>
382 ***</li>
383 </ul>]]>
384 </content:encoded>
385 <itunes:summary>
386 <![CDATA[<p>bhyve - The FreeBSD Hypervisor, udf information leak, being a vim user instead of classic vi, FreeBSD on ESXi ARM Fling: Fixing Virtual Hardware, new FreeBSD Remote Process Plugin in LLDB, OpenBSD Laptop, and more. </p>
387
388 <p><strong><em>NOTES</em></strong><br>
389 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow">Tarsnap</a></p>
390
391 <h2>Headlines</h2>
392
393 <h3><a href="https://klarasystems.com/articles/bhyve-the-freebsd-hypervisor/" rel="nofollow">bhyve - The FreeBSD Hypervisor</a></h3>
394
395 <blockquote>
396 <p>FreeBSD has had varying degrees of support as a hypervisor host throughout its history. For a time during the mid-2000s, VMWare Workstation 3.x could be made to run under FreeBSD’s Linux Emulation, and Qemu was ported in 2004, and later the kQemu accelerator in 2005. Then in 2009 a port for VirtualBox was introduced. All of these solutions suffered from being a solution designed for a different operating system and then ported to FreeBSD, requiring constant maintenance.</p>
397
398 <hr>
399
400 <h3>ZFS and FreeBSD Support</h3>
401
402 <p>Klara offers flexible Support Subscriptions for your ZFS and FreeBSD infrastructure. Get a world class team of experts to back you up. <a href="https://klarasystems.com/support/" rel="nofollow">Check it out on our website!</a></p>
403 </blockquote>
404
405 <h3><a href="https://gist.github.com/CTurt/a00fb4164e13342567830b052aaed94b" rel="nofollow">udf info leak</a></h3>
406
407 <blockquote>
408 <p>FreeBSD UDF driver info leak<br>
409 Analysis done on FreeBSD release 11.0 because that's what I had around.</p>
410
411 <ul>
412 <li><a href="https://svnweb.freebsd.org/changeset/base/366005" rel="nofollow">Fix committed to FreeBSD</a>
413 ***</li>
414 </ul>
415 </blockquote>
416
417 <h2>News Roundup</h2>
418
419 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/unix/VimNowAUser" rel="nofollow">I'm now a user of Vim, not classical Vi (partly because of windows)</a></h3>
420
421 <blockquote>
422 <p>In the past I've written entries (such as this one) where I said that I was pretty much a Vi user, not really a Vim user, because I almost entirely stuck to Vi features. In a comment on my entry on not using and exploring Vim features, rjc reinforced this, saying that I seemed to be using vi instead of vim (and that there was nothing wrong with this). For a long time I thought this way myself, but these days this is not true any more. These days I really want Vim, not classical Vi.</p>
423
424 <hr>
425
426 <h3><a href="https://vincerants.com/freebsd-on-esxi-arm-fling-fixing-virtual-hardware/" rel="nofollow">FreeBSD on ESXi ARM Fling: Fixing Virtual Hardware</a></h3>
427
428 <p>With the current state of FreeBSD on ARM in general, a number of hardware drivers are either set to not auto-load on boot, or are entirely missing altogether. This page is to document my findings with various bits of hardware, and if possible, list fixes.</p>
429
430 <hr>
431
432 <h3><a href="https://www.moritz.systems/blog/introduction-of-a-new-freebsd-remote-process-plugin-in-lldb/" rel="nofollow">Introduction of a new FreeBSD Remote Process Plugin in LLDB</a></h3>
433
434 <p>Moritz Systems have been contracted by the FreeBSD Foundation to modernize the LLDB debugger’s support for FreeBSD. We are writing a new plugin utilizing the more modern client-server layout that is already used by Darwin, Linux, NetBSD and (unofficially) OpenBSD. The new plugin is going to gradually replace the legacy one.</p>
435 </blockquote>
436
437 <hr>
438
439 <h3><a href="https://functionallyparanoid.com/2020/10/14/openbsd-laptop/" rel="nofollow">OpenBSD Laptop</a></h3>
440
441 <blockquote>
442 <p>Hi, I know it’s been a while. I recently had to nuke and re-pave my personal laptop and I thought it would be a nice thing to share with the community how I set up OpenBSD on it so that I have a useful, modern, secure environment for getting work done. I’m not going to say I’m the expert on this or that this is the BEST way to set up OpenBSD, but I thought it would be worthwhile for folks doing Google searches to at least get my opinion on this. So, given that, let’s go…</p>
443
444 <hr>
445 </blockquote>
446
447 <h3>Tarsnap</h3>
448
449 <ul>
450 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
451 </ul>
452
453 <h2>Feedback/Questions</h2>
454
455 <ul>
456 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/375/feedback/Ethan%20-%20Linux%20user%20wanting%20to%20try%20out%20OpenBSD.md" rel="nofollow">Ethan - Linux user wanting to try out OpenBSD</a></li>
457 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/375/feedback/iian%20-%20Learning%20IT.md" rel="nofollow">iian - Learning IT</a></li>
458 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/375/feedback/johnny%20-%20bsd%20swag.md" rel="nofollow">johnny - bsd swag</a></li>
459 </ul>
460
461 <hr>
462
463 <ul>
464 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a>
465 ***</li>
466 </ul>]]>
467 </itunes:summary>
468 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+sVFXzFru</fireside:playerURL>
469 <fireside:playerEmbedCode>
470 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+sVFXzFru" width="740" height="200" frameborder="0" scrolling="no">]]>
471 </fireside:playerEmbedCode>
472 </item>
473 <item>
474 <title>374: OpenBSD’s 25th anniversary</title>
475 <link>https://www.bsdnow.tv/374</link>
476 <guid isPermaLink="false">4e2796a1-1895-47bd-81ca-fc3c80f043e6</guid>
477 <pubDate>Thu, 29 Oct 2020 04:00:00 -0700</pubDate>
478 <author>Allan Jude</author>
479 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4e2796a1-1895-47bd-81ca-fc3c80f043e6.mp3" length="52402776" type="audio/mpeg"/>
480 <itunes:episodeType>full</itunes:episodeType>
481 <itunes:author>Allan Jude</itunes:author>
482 <itunes:subtitle>OpenBSD 6.8 has been released, NetBSD 9.1 is out, OpenZFS devsummit report, BastilleBSD’s native container management for FreeBSD, cleaning up old tarsnap backups, Michael W. Lucas’ book sale, and more.</itunes:subtitle>
483 <itunes:duration>54:40</itunes:duration>
484 <itunes:explicit>no</itunes:explicit>
485 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
486 <description>OpenBSD 6.8 has been released, NetBSD 9.1 is out, OpenZFS devsummit report, BastilleBSD’s native container management for FreeBSD, cleaning up old tarsnap backups, Michael W. Lucas’ book sale, and more.
487 NOTES
488 This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow)
489 Headlines
490 OpenBSD 6.8 (https://www.openbsd.org/68.html)
491 Released Oct 18, 2020. (OpenBSD's 25th anniversary)
492 NetBSD 9.1 Released (https://www.netbsd.org/releases/formal-9/NetBSD-9.1.html)
493 The NetBSD Project is pleased to announce NetBSD 9.1, the first update of the NetBSD 9 release branch. It represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements.
494 OpenZFS Developer Summit 2020 (https://klarasystems.com/articles/openzfs-developer-summit-part-1/)
495 As with most other conferences in the last six months, this year’s OpenZFS Developer’s Summit was a bit different than usual. Held via Zoom to accommodate for 2020’s new normal in terms of social engagements, the conference featured a mix of talks delivered live via webinars, and breakout sessions held as regular meetings. This helped recapture some of the “hallway track” that would be lost in an online conference.
496 • After attending the conference, I wrote up some of my notes from each of the talks
497 • Part 2 (https://klarasystems.com/articles/openzfs-developer-summit-part-2/)
498 ZFS and FreeBSD Support
499 Klara offers flexible Support Subscriptions for your ZFS and FreeBSD infrastructure, simply sign up for our monthly subscription! What's even better is that for the month of October we are giving away 3 months for free, for every yearly subscription, and one month free when you sign up for a 6-months subscription! Check it out on our website! (https://klarasystems.com/support/)
500 News Roundup
501 BastilleBSD - native container management for FreeBSD (https://fibric.hashnode.dev/bastillebsd-native-container-management-for-freebsd)
502 Some time ago, I had the requirement to use FreeBSD in a project, and soon the question came up if Docker and Kubernetes can be used.
503 On FreeBSD, Docker is not very well supported, and even if you can get it running, Linux is used in a Docker container. My experience with Docker on FreeBSD is awful, and so I started looking for alternatives.
504 A quick search on one of the most significant online search engines led me to Jails and then to BastilleBSD.
505 Tarsnap – cleaning up old backups (https://dan.langille.org/2020/09/10/tarsnap-cleaning-up-old-backups/)
506 I use Tarsnap for my critical data. Case in point, I use it to backup my Bacula database dump. I use Bacula to backup my hosts. The database in question keeps track of what was backed up, from what host, the file size, checksum, where that backup is now, and many other items. Losing this data is annoying but not a disaster. It can be recreated from the backup volumes, but that is time consuming. As it is, the file is dumped daily, and rsynced to multiple locations.
507 MWL - BookSale (https://mwl.io/archives/8009)
508 For those interested in such things, I recently posted my 60,000th tweet. This prodded me to try an experiment I’ve been pondering for a while.
509 Over at my ebookstore, two of my books are now on a “Name Your Own Price” sale. You can get git commit murder and PAM Mastery for any price you wish, with a minimum of $1.
510 Beastie Bits
511 Brian Kernighan: UNIX, C, AWK, AMPL, and Go Programming | Lex Fridman Podcast #109 (https://www.youtube.com/watch?v=O9upVbGSBFo)
512 The UNIX Time-Sharing System - Dennis M. Ritchie and Ken Thompson - July 1974 (https://chsasank.github.io/classic_papers/unix-time-sharing-system.html#)
513 Using a 1930 Teletype as a Linux Terminal (https://www.youtube.com/watch?v=2XLZ4Z8LpEE)
514 ***
515 ###Tarsnap
516 This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.
517 Feedback/Questions
518 lars - infosec handbook (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/374/feedback/lars%20-%20infosec%20handbook.md)
519 scott - zfs import (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/374/feedback/scott%20-%20zfs%20import.md)
520 zhong - first episode (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/374/feedback/zhong%20-%20first%20episode.md)
521 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
522 ***
523 </description>
524 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, operating system, shell, unix, os, berkeley, software, distribution, zfs, zpool, dataset, interview, backup, 25th anniversary, release, openzfs, devsummit, report, bastillebsd, container, container management, backup, book, books, book sale, </itunes:keywords>
525 <content:encoded>
526 <![CDATA[<p>OpenBSD 6.8 has been released, NetBSD 9.1 is out, OpenZFS devsummit report, BastilleBSD’s native container management for FreeBSD, cleaning up old tarsnap backups, Michael W. Lucas’ book sale, and more.</p>
527
528 <p><strong><em>NOTES</em></strong><br>
529 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow">Tarsnap</a></p>
530
531 <h2>Headlines</h2>
532
533 <h3><a href="https://www.openbsd.org/68.html" rel="nofollow">OpenBSD 6.8</a></h3>
534
535 <blockquote>
536 <p>Released Oct 18, 2020. (OpenBSD's 25th anniversary)</p>
537
538 <hr>
539
540 <h3><a href="https://www.netbsd.org/releases/formal-9/NetBSD-9.1.html" rel="nofollow">NetBSD 9.1 Released</a></h3>
541
542 <p>The NetBSD Project is pleased to announce NetBSD 9.1, the first update of the NetBSD 9 release branch. It represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements.</p>
543
544 <hr>
545 </blockquote>
546
547 <h3><a href="https://klarasystems.com/articles/openzfs-developer-summit-part-1/" rel="nofollow">OpenZFS Developer Summit 2020</a></h3>
548
549 <blockquote>
550 <p>As with most other conferences in the last six months, this year’s OpenZFS Developer’s Summit was a bit different than usual. Held via Zoom to accommodate for 2020’s new normal in terms of social engagements, the conference featured a mix of talks delivered live via webinars, and breakout sessions held as regular meetings. This helped recapture some of the “hallway track” that would be lost in an online conference.<br>
551 • After attending the conference, I wrote up some of my notes from each of the talks<br>
552 • <a href="https://klarasystems.com/articles/openzfs-developer-summit-part-2/" rel="nofollow">Part 2</a></p>
553
554 <hr>
555 </blockquote>
556
557 <h3>ZFS and FreeBSD Support</h3>
558
559 <p>Klara offers flexible Support Subscriptions for your ZFS and FreeBSD infrastructure, simply sign up for our monthly subscription! What's even better is that for the month of October we are giving away 3 months for free, for every yearly subscription, and one month free when you sign up for a 6-months subscription! <a href="https://klarasystems.com/support/" rel="nofollow">Check it out on our website!</a></p>
560
561 <h2>News Roundup</h2>
562
563 <h3><a href="https://fibric.hashnode.dev/bastillebsd-native-container-management-for-freebsd" rel="nofollow">BastilleBSD - native container management for FreeBSD</a></h3>
564
565 <blockquote>
566 <p>Some time ago, I had the requirement to use FreeBSD in a project, and soon the question came up if Docker and Kubernetes can be used.<br>
567 On FreeBSD, Docker is not very well supported, and even if you can get it running, Linux is used in a Docker container. My experience with Docker on FreeBSD is awful, and so I started looking for alternatives.<br>
568 A quick search on one of the most significant online search engines led me to Jails and then to BastilleBSD.</p>
569 </blockquote>
570
571 <hr>
572
573 <h3><a href="https://dan.langille.org/2020/09/10/tarsnap-cleaning-up-old-backups/" rel="nofollow">Tarsnap – cleaning up old backups</a></h3>
574
575 <blockquote>
576 <p>I use Tarsnap for my critical data. Case in point, I use it to backup my Bacula database dump. I use Bacula to backup my hosts. The database in question keeps track of what was backed up, from what host, the file size, checksum, where that backup is now, and many other items. Losing this data is annoying but not a disaster. It can be recreated from the backup volumes, but that is time consuming. As it is, the file is dumped daily, and rsynced to multiple locations.</p>
577 </blockquote>
578
579 <hr>
580
581 <h3><a href="https://mwl.io/archives/8009" rel="nofollow">MWL - BookSale</a></h3>
582
583 <blockquote>
584 <p>For those interested in such things, I recently posted my 60,000th tweet. This prodded me to try an experiment I’ve been pondering for a while.<br>
585 Over at my ebookstore, two of my books are now on a “Name Your Own Price” sale. You can get git commit murder and PAM Mastery for any price you wish, with a minimum of $1.</p>
586
587 <hr>
588 </blockquote>
589
590 <h2>Beastie Bits</h2>
591
592 <ul>
593 <li><a href="https://www.youtube.com/watch?v=O9upVbGSBFo" rel="nofollow">Brian Kernighan: UNIX, C, AWK, AMPL, and Go Programming | Lex Fridman Podcast #109</a></li>
594 <li><a href="https://chsasank.github.io/classic_papers/unix-time-sharing-system.html#" rel="nofollow">The UNIX Time-Sharing System - Dennis M. Ritchie and Ken Thompson - July 1974</a></li>
595 <li><a href="https://www.youtube.com/watch?v=2XLZ4Z8LpEE" rel="nofollow">Using a 1930 Teletype as a Linux Terminal</a>
596 ***
597 ###Tarsnap</li>
598 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
599 </ul>
600
601 <h2>Feedback/Questions</h2>
602
603 <ul>
604 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/374/feedback/lars%20-%20infosec%20handbook.md" rel="nofollow">lars - infosec handbook</a></li>
605 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/374/feedback/scott%20-%20zfs%20import.md" rel="nofollow">scott - zfs import</a></li>
606 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/374/feedback/zhong%20-%20first%20episode.md" rel="nofollow">zhong - first episode</a></li>
607 </ul>
608
609 <hr>
610
611 <ul>
612 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a>
613 ***</li>
614 </ul>]]>
615 </content:encoded>
616 <itunes:summary>
617 <![CDATA[<p>OpenBSD 6.8 has been released, NetBSD 9.1 is out, OpenZFS devsummit report, BastilleBSD’s native container management for FreeBSD, cleaning up old tarsnap backups, Michael W. Lucas’ book sale, and more.</p>
618
619 <p><strong><em>NOTES</em></strong><br>
620 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow">Tarsnap</a></p>
621
622 <h2>Headlines</h2>
623
624 <h3><a href="https://www.openbsd.org/68.html" rel="nofollow">OpenBSD 6.8</a></h3>
625
626 <blockquote>
627 <p>Released Oct 18, 2020. (OpenBSD's 25th anniversary)</p>
628
629 <hr>
630
631 <h3><a href="https://www.netbsd.org/releases/formal-9/NetBSD-9.1.html" rel="nofollow">NetBSD 9.1 Released</a></h3>
632
633 <p>The NetBSD Project is pleased to announce NetBSD 9.1, the first update of the NetBSD 9 release branch. It represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements.</p>
634
635 <hr>
636 </blockquote>
637
638 <h3><a href="https://klarasystems.com/articles/openzfs-developer-summit-part-1/" rel="nofollow">OpenZFS Developer Summit 2020</a></h3>
639
640 <blockquote>
641 <p>As with most other conferences in the last six months, this year’s OpenZFS Developer’s Summit was a bit different than usual. Held via Zoom to accommodate for 2020’s new normal in terms of social engagements, the conference featured a mix of talks delivered live via webinars, and breakout sessions held as regular meetings. This helped recapture some of the “hallway track” that would be lost in an online conference.<br>
642 • After attending the conference, I wrote up some of my notes from each of the talks<br>
643 • <a href="https://klarasystems.com/articles/openzfs-developer-summit-part-2/" rel="nofollow">Part 2</a></p>
644
645 <hr>
646 </blockquote>
647
648 <h3>ZFS and FreeBSD Support</h3>
649
650 <p>Klara offers flexible Support Subscriptions for your ZFS and FreeBSD infrastructure, simply sign up for our monthly subscription! What's even better is that for the month of October we are giving away 3 months for free, for every yearly subscription, and one month free when you sign up for a 6-months subscription! <a href="https://klarasystems.com/support/" rel="nofollow">Check it out on our website!</a></p>
651
652 <h2>News Roundup</h2>
653
654 <h3><a href="https://fibric.hashnode.dev/bastillebsd-native-container-management-for-freebsd" rel="nofollow">BastilleBSD - native container management for FreeBSD</a></h3>
655
656 <blockquote>
657 <p>Some time ago, I had the requirement to use FreeBSD in a project, and soon the question came up if Docker and Kubernetes can be used.<br>
658 On FreeBSD, Docker is not very well supported, and even if you can get it running, Linux is used in a Docker container. My experience with Docker on FreeBSD is awful, and so I started looking for alternatives.<br>
659 A quick search on one of the most significant online search engines led me to Jails and then to BastilleBSD.</p>
660 </blockquote>
661
662 <hr>
663
664 <h3><a href="https://dan.langille.org/2020/09/10/tarsnap-cleaning-up-old-backups/" rel="nofollow">Tarsnap – cleaning up old backups</a></h3>
665
666 <blockquote>
667 <p>I use Tarsnap for my critical data. Case in point, I use it to backup my Bacula database dump. I use Bacula to backup my hosts. The database in question keeps track of what was backed up, from what host, the file size, checksum, where that backup is now, and many other items. Losing this data is annoying but not a disaster. It can be recreated from the backup volumes, but that is time consuming. As it is, the file is dumped daily, and rsynced to multiple locations.</p>
668 </blockquote>
669
670 <hr>
671
672 <h3><a href="https://mwl.io/archives/8009" rel="nofollow">MWL - BookSale</a></h3>
673
674 <blockquote>
675 <p>For those interested in such things, I recently posted my 60,000th tweet. This prodded me to try an experiment I’ve been pondering for a while.<br>
676 Over at my ebookstore, two of my books are now on a “Name Your Own Price” sale. You can get git commit murder and PAM Mastery for any price you wish, with a minimum of $1.</p>
677
678 <hr>
679 </blockquote>
680
681 <h2>Beastie Bits</h2>
682
683 <ul>
684 <li><a href="https://www.youtube.com/watch?v=O9upVbGSBFo" rel="nofollow">Brian Kernighan: UNIX, C, AWK, AMPL, and Go Programming | Lex Fridman Podcast #109</a></li>
685 <li><a href="https://chsasank.github.io/classic_papers/unix-time-sharing-system.html#" rel="nofollow">The UNIX Time-Sharing System - Dennis M. Ritchie and Ken Thompson - July 1974</a></li>
686 <li><a href="https://www.youtube.com/watch?v=2XLZ4Z8LpEE" rel="nofollow">Using a 1930 Teletype as a Linux Terminal</a>
687 ***
688 ###Tarsnap</li>
689 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
690 </ul>
691
692 <h2>Feedback/Questions</h2>
693
694 <ul>
695 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/374/feedback/lars%20-%20infosec%20handbook.md" rel="nofollow">lars - infosec handbook</a></li>
696 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/374/feedback/scott%20-%20zfs%20import.md" rel="nofollow">scott - zfs import</a></li>
697 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/374/feedback/zhong%20-%20first%20episode.md" rel="nofollow">zhong - first episode</a></li>
698 </ul>
699
700 <hr>
701
702 <ul>
703 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a>
704 ***</li>
705 </ul>]]>
706 </itunes:summary>
707 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+f6UgaFgV</fireside:playerURL>
708 <fireside:playerEmbedCode>
709 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+f6UgaFgV" width="740" height="200" frameborder="0" scrolling="no">]]>
710 </fireside:playerEmbedCode>
711 </item>
712 <item>
713 <title>373: Kyle Evans Interview</title>
714 <link>https://www.bsdnow.tv/373</link>
715 <guid isPermaLink="false">acdecc6a-f7b7-4d64-b64d-f7be713b78e2</guid>
716 <pubDate>Thu, 22 Oct 2020 04:00:00 -0700</pubDate>
717 <author>Allan Jude</author>
718 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/acdecc6a-f7b7-4d64-b64d-f7be713b78e2.mp3" length="34011936" type="audio/mpeg"/>
719 <itunes:episodeType>full</itunes:episodeType>
720 <itunes:author>Allan Jude</itunes:author>
721 <itunes:subtitle>We have an interview with Kyle Evans for you this week. We talk about his grep project, lua and flua in base, as well as bectl, being on the core team and a whole lot of other stuff.</itunes:subtitle>
722 <itunes:duration>33:33</itunes:duration>
723 <itunes:explicit>no</itunes:explicit>
724 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
725 <description>We have an interview with Kyle Evans for you this week. We talk about his grep project, lua and flua in base, as well as bectl, being on the core team and a whole lot of other stuff.
726 NOTES
727 This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow)
728 Interview - Kyle Evans - kevans@freebsd.org (mailto:kevans@freebsd.org) / @kaevans91 (https://twitter.com/kaevans91)
729 Tarsnap
730 This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.
731 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
732 </description>
733 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, operating system, unix, os, berkeley, software, distribution, zfs, zpool, dataset, interview, kyle evans, bsd grep, lua, flua, bectl, core team, certctl, </itunes:keywords>
734 <content:encoded>
735 <![CDATA[<p>We have an interview with Kyle Evans for you this week. We talk about his grep project, lua and flua in base, as well as bectl, being on the core team and a whole lot of other stuff.</p>
736
737 <p><strong><em>NOTES</em></strong><br>
738 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow">Tarsnap</a></p>
739
740 <h2>Interview - Kyle Evans - <a href="mailto:kevans@freebsd.org" rel="nofollow">kevans@freebsd.org</a> / <a href="https://twitter.com/kaevans91" rel="nofollow">@kaevans91</a></h2>
741
742 <hr>
743
744 <h3>Tarsnap</h3>
745
746 <ul>
747 <li><p>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</p></li>
748 <li><p>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></p>
749
750 <hr></li>
751 </ul>]]>
752 </content:encoded>
753 <itunes:summary>
754 <![CDATA[<p>We have an interview with Kyle Evans for you this week. We talk about his grep project, lua and flua in base, as well as bectl, being on the core team and a whole lot of other stuff.</p>
755
756 <p><strong><em>NOTES</em></strong><br>
757 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow">Tarsnap</a></p>
758
759 <h2>Interview - Kyle Evans - <a href="mailto:kevans@freebsd.org" rel="nofollow">kevans@freebsd.org</a> / <a href="https://twitter.com/kaevans91" rel="nofollow">@kaevans91</a></h2>
760
761 <hr>
762
763 <h3>Tarsnap</h3>
764
765 <ul>
766 <li><p>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</p></li>
767 <li><p>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></p>
768
769 <hr></li>
770 </ul>]]>
771 </itunes:summary>
772 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+6GkMlMGe</fireside:playerURL>
773 <fireside:playerEmbedCode>
774 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+6GkMlMGe" width="740" height="200" frameborder="0" scrolling="no">]]>
775 </fireside:playerEmbedCode>
776 </item>
777 <item>
778 <title>372: Slow SSD scrubs</title>
779 <link>https://www.bsdnow.tv/372</link>
780 <guid isPermaLink="false">30f77e86-34d4-4e1a-a1c7-32e62f393980</guid>
781 <pubDate>Thu, 15 Oct 2020 03:00:00 -0700</pubDate>
782 <author>Allan Jude</author>
783 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/30f77e86-34d4-4e1a-a1c7-32e62f393980.mp3" length="47975808" type="audio/mpeg"/>
784 <itunes:episodeType>full</itunes:episodeType>
785 <itunes:author>Allan Jude</itunes:author>
786 <itunes:subtitle>Wayland on BSD, My BSD sucks less than yours, Even on SSDs, ongoing activity can slow down ZFS scrubs drastically, OpenBSD on the Desktop, simple shell status bar for OpenBSD and cwm, and more.</itunes:subtitle>
787 <itunes:duration>48:04</itunes:duration>
788 <itunes:explicit>no</itunes:explicit>
789 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
790 <description>Wayland on BSD, My BSD sucks less than yours, Even on SSDs, ongoing activity can slow down ZFS scrubs drastically, OpenBSD on the Desktop, simple shell status bar for OpenBSD and cwm, and more.
791 NOTES
792 This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow)
793 Headlines
794 Wayland on BSD (https://blog.netbsd.org/tnf/entry/wayland_on_netbsd_trials_and)
795 After I posted about the new default window manager in NetBSD I got a few questions, including "when is NetBSD switching from X11 to Wayland?", Wayland being X11's "new" rival. In this blog post, hopefully I can explain why we aren't yet!
796 My BSD sucks less than yours (https://www.bsdfrog.org/pub/events/my_bsd_sucks_less_than_yours-full_paper.pdf)
797 This paper will look at some of the differences between the FreeBSD and OpenBSD operating systems. It is not intended to be solely technical but will also show the different "visions" and design decisions that rule the way things are implemented. It is expected to be a subjective view from two BSD developers and does not pretend to represent these projects in any way.
798 Video
799 + EuroBSDCon 2017 Part 1 (https://www.youtube.com/watch?v=ZhpaKuXKob4)
800 + EuroBSDCon 2017 Part 2 (https://www.youtube.com/watch?v=cYp70KWD824)
801 News Roundup
802 Even on SSDs, ongoing activity can slow down ZFS scrubs drastically (https://utcc.utoronto.ca/~cks/space/blog/solaris/ZFSSSDActivitySlowsScrubs)
803 Back in the days of our OmniOS fileservers, which used HDs (spinning rust) across iSCSI, we wound up changing kernel tunables to speed up ZFS scrubs and saw a significant improvement. When we migrated to our current Linux fileservers with SSDs, I didn't bother including these tunables (or the Linux equivalent), because I expected that SSDs were fast enough that it didn't matter. Indeed, our SSD pools generally scrub like lightning.
804 OpenBSD on the Desktop (Part I) (https://paedubucher.ch/articles/2020-09-05-openbsd-on-the-desktop-part-i.html)
805 Let's install OpenBSD on a Lenovo Thinkpad X270. I used this computer for my computer science studies. It has both Arch Linux and Windows 10 installed as dual boot. Now that I'm no longer required to run Windows, I can ditch the dual boot and install an operating system of my choice.
806 A simple shell status bar for OpenBSD and cwm(1) (https://www.tumfatig.net/20200923/a-simple-shell-status-bar-for-cwm/)
807 These days, I try to use simple and stock software as much as possible on my OpenBSD laptop. I’ve been playing with cwm(1) for weeks and I was missing a status bar. After trying things like Tint2, Polybar etc, I discovered @gonzalo’s termbar. Thanks a lot!
808 As I love scripting, I decided to build my own.
809 Beastie Bits
810 DragonFly v5.8.3 released to address to issues (http://lists.dragonflybsd.org/pipermail/commits/2020-September/769777.html)
811 OpenSSH 8.4 released (http://www.openssh.com/txt/release-8.4)
812 Tarsnap
813 This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.
814 Feedback/Questions
815 Dane - FreeBSD vs Linux in Microservices and Containters (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/372/feedback/Dane%20-%20FreeBSD%20vs%20Linux%20in%20Microservices%20and%20Containters.md)
816 Mason - questions.md (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/372/feedback/Mason%20-%20questions.md)
817 Michael - Tmux License.md (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/372/feedback/Michael%20-%20Tmux%20License.md)
818 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
819 ***
820 </description>
821 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, operating system, unix, os, berkeley, software, distribution, zfs, zpool, dataset, interview, wayland, ssd, scrub, desktop, shell, status, status bar, cwm</itunes:keywords>
822 <content:encoded>
823 <![CDATA[<p>Wayland on BSD, My BSD sucks less than yours, Even on SSDs, ongoing activity can slow down ZFS scrubs drastically, OpenBSD on the Desktop, simple shell status bar for OpenBSD and cwm, and more.</p>
824
825 <p><strong><em>NOTES</em></strong><br>
826 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow">Tarsnap</a></p>
827
828 <h2>Headlines</h2>
829
830 <h3><a href="https://blog.netbsd.org/tnf/entry/wayland_on_netbsd_trials_and" rel="nofollow">Wayland on BSD</a></h3>
831
832 <blockquote>
833 <p>After I posted about the new default window manager in NetBSD I got a few questions, including "when is NetBSD switching from X11 to Wayland?", Wayland being X11's "new" rival. In this blog post, hopefully I can explain why we aren't yet!</p>
834
835 <hr>
836
837 <h3><a href="https://www.bsdfrog.org/pub/events/my_bsd_sucks_less_than_yours-full_paper.pdf" rel="nofollow">My BSD sucks less than yours</a></h3>
838
839 <p>This paper will look at some of the differences between the FreeBSD and OpenBSD operating systems. It is not intended to be solely technical but will also show the different "visions" and design decisions that rule the way things are implemented. It is expected to be a subjective view from two BSD developers and does not pretend to represent these projects in any way.</p>
840
841 <p>Video</p>
842
843 <ul>
844 <li><a href="https://www.youtube.com/watch?v=ZhpaKuXKob4" rel="nofollow">EuroBSDCon 2017 Part 1</a></li>
845 <li><a href="https://www.youtube.com/watch?v=cYp70KWD824" rel="nofollow">EuroBSDCon 2017 Part 2</a></li>
846 </ul>
847 </blockquote>
848
849 <hr>
850
851 <h2>News Roundup</h2>
852
853 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/solaris/ZFSSSDActivitySlowsScrubs" rel="nofollow">Even on SSDs, ongoing activity can slow down ZFS scrubs drastically</a></h3>
854
855 <blockquote>
856 <p>Back in the days of our OmniOS fileservers, which used HDs (spinning rust) across iSCSI, we wound up changing kernel tunables to speed up ZFS scrubs and saw a significant improvement. When we migrated to our current Linux fileservers with SSDs, I didn't bother including these tunables (or the Linux equivalent), because I expected that SSDs were fast enough that it didn't matter. Indeed, our SSD pools generally scrub like lightning.</p>
857
858 <hr>
859
860 <h3><a href="https://paedubucher.ch/articles/2020-09-05-openbsd-on-the-desktop-part-i.html" rel="nofollow">OpenBSD on the Desktop (Part I)</a></h3>
861
862 <p>Let's install OpenBSD on a Lenovo Thinkpad X270. I used this computer for my computer science studies. It has both Arch Linux and Windows 10 installed as dual boot. Now that I'm no longer required to run Windows, I can ditch the dual boot and install an operating system of my choice.</p>
863
864 <hr>
865
866 <h3><a href="https://www.tumfatig.net/20200923/a-simple-shell-status-bar-for-cwm/" rel="nofollow">A simple shell status bar for OpenBSD and cwm(1)</a></h3>
867
868 <p>These days, I try to use simple and stock software as much as possible on my OpenBSD laptop. I’ve been playing with cwm(1) for weeks and I was missing a status bar. After trying things like Tint2, Polybar etc, I discovered @gonzalo’s termbar. Thanks a lot!<br>
869 As I love scripting, I decided to build my own.</p>
870
871 <hr>
872
873 <h2>Beastie Bits</h2>
874
875 <p><a href="http://lists.dragonflybsd.org/pipermail/commits/2020-September/769777.html" rel="nofollow">DragonFly v5.8.3 released to address to issues</a><br>
876 <a href="http://www.openssh.com/txt/release-8.4" rel="nofollow">OpenSSH 8.4 released</a></p>
877
878 <hr>
879
880 <h3>Tarsnap</h3>
881
882 <ul>
883 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
884 </ul>
885 </blockquote>
886
887 <h2>Feedback/Questions</h2>
888
889 <ul>
890 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/372/feedback/Dane%20-%20FreeBSD%20vs%20Linux%20in%20Microservices%20and%20Containters.md" rel="nofollow">Dane - FreeBSD vs Linux in Microservices and Containters</a></li>
891 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/372/feedback/Mason%20-%20questions.md" rel="nofollow">Mason - questions.md</a></li>
892 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/372/feedback/Michael%20-%20Tmux%20License.md" rel="nofollow">Michael - Tmux License.md</a></li>
893 </ul>
894
895 <hr>
896
897 <ul>
898 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a>
899 ***</li>
900 </ul>]]>
901 </content:encoded>
902 <itunes:summary>
903 <![CDATA[<p>Wayland on BSD, My BSD sucks less than yours, Even on SSDs, ongoing activity can slow down ZFS scrubs drastically, OpenBSD on the Desktop, simple shell status bar for OpenBSD and cwm, and more.</p>
904
905 <p><strong><em>NOTES</em></strong><br>
906 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow">Tarsnap</a></p>
907
908 <h2>Headlines</h2>
909
910 <h3><a href="https://blog.netbsd.org/tnf/entry/wayland_on_netbsd_trials_and" rel="nofollow">Wayland on BSD</a></h3>
911
912 <blockquote>
913 <p>After I posted about the new default window manager in NetBSD I got a few questions, including "when is NetBSD switching from X11 to Wayland?", Wayland being X11's "new" rival. In this blog post, hopefully I can explain why we aren't yet!</p>
914
915 <hr>
916
917 <h3><a href="https://www.bsdfrog.org/pub/events/my_bsd_sucks_less_than_yours-full_paper.pdf" rel="nofollow">My BSD sucks less than yours</a></h3>
918
919 <p>This paper will look at some of the differences between the FreeBSD and OpenBSD operating systems. It is not intended to be solely technical but will also show the different "visions" and design decisions that rule the way things are implemented. It is expected to be a subjective view from two BSD developers and does not pretend to represent these projects in any way.</p>
920
921 <p>Video</p>
922
923 <ul>
924 <li><a href="https://www.youtube.com/watch?v=ZhpaKuXKob4" rel="nofollow">EuroBSDCon 2017 Part 1</a></li>
925 <li><a href="https://www.youtube.com/watch?v=cYp70KWD824" rel="nofollow">EuroBSDCon 2017 Part 2</a></li>
926 </ul>
927 </blockquote>
928
929 <hr>
930
931 <h2>News Roundup</h2>
932
933 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/solaris/ZFSSSDActivitySlowsScrubs" rel="nofollow">Even on SSDs, ongoing activity can slow down ZFS scrubs drastically</a></h3>
934
935 <blockquote>
936 <p>Back in the days of our OmniOS fileservers, which used HDs (spinning rust) across iSCSI, we wound up changing kernel tunables to speed up ZFS scrubs and saw a significant improvement. When we migrated to our current Linux fileservers with SSDs, I didn't bother including these tunables (or the Linux equivalent), because I expected that SSDs were fast enough that it didn't matter. Indeed, our SSD pools generally scrub like lightning.</p>
937
938 <hr>
939
940 <h3><a href="https://paedubucher.ch/articles/2020-09-05-openbsd-on-the-desktop-part-i.html" rel="nofollow">OpenBSD on the Desktop (Part I)</a></h3>
941
942 <p>Let's install OpenBSD on a Lenovo Thinkpad X270. I used this computer for my computer science studies. It has both Arch Linux and Windows 10 installed as dual boot. Now that I'm no longer required to run Windows, I can ditch the dual boot and install an operating system of my choice.</p>
943
944 <hr>
945
946 <h3><a href="https://www.tumfatig.net/20200923/a-simple-shell-status-bar-for-cwm/" rel="nofollow">A simple shell status bar for OpenBSD and cwm(1)</a></h3>
947
948 <p>These days, I try to use simple and stock software as much as possible on my OpenBSD laptop. I’ve been playing with cwm(1) for weeks and I was missing a status bar. After trying things like Tint2, Polybar etc, I discovered @gonzalo’s termbar. Thanks a lot!<br>
949 As I love scripting, I decided to build my own.</p>
950
951 <hr>
952
953 <h2>Beastie Bits</h2>
954
955 <p><a href="http://lists.dragonflybsd.org/pipermail/commits/2020-September/769777.html" rel="nofollow">DragonFly v5.8.3 released to address to issues</a><br>
956 <a href="http://www.openssh.com/txt/release-8.4" rel="nofollow">OpenSSH 8.4 released</a></p>
957
958 <hr>
959
960 <h3>Tarsnap</h3>
961
962 <ul>
963 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
964 </ul>
965 </blockquote>
966
967 <h2>Feedback/Questions</h2>
968
969 <ul>
970 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/372/feedback/Dane%20-%20FreeBSD%20vs%20Linux%20in%20Microservices%20and%20Containters.md" rel="nofollow">Dane - FreeBSD vs Linux in Microservices and Containters</a></li>
971 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/372/feedback/Mason%20-%20questions.md" rel="nofollow">Mason - questions.md</a></li>
972 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/372/feedback/Michael%20-%20Tmux%20License.md" rel="nofollow">Michael - Tmux License.md</a></li>
973 </ul>
974
975 <hr>
976
977 <ul>
978 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a>
979 ***</li>
980 </ul>]]>
981 </itunes:summary>
982 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+QUB2QlXN</fireside:playerURL>
983 <fireside:playerEmbedCode>
984 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+QUB2QlXN" width="740" height="200" frameborder="0" scrolling="no">]]>
985 </fireside:playerEmbedCode>
986 </item>
987 <item>
988 <title>371: Wildcards running wild</title>
989 <link>https://www.bsdnow.tv/371</link>
990 <guid isPermaLink="false">8f2644a5-d6f7-49ca-bcd6-1a6336110611</guid>
991 <pubDate>Thu, 08 Oct 2020 03:00:00 -0700</pubDate>
992 <author>Allan Jude</author>
993 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/8f2644a5-d6f7-49ca-bcd6-1a6336110611.mp3" length="40775352" type="audio/mpeg"/>
994 <itunes:episodeType>full</itunes:episodeType>
995 <itunes:author>Allan Jude</itunes:author>
996 <itunes:subtitle>New Project: zedfs.com, TrueNAS CORE Ready for Deployment, IPC in FreeBSD 11: Performance Analysis, Unix Wildcards Gone Wild, Unix Wars, and more</itunes:subtitle>
997 <itunes:duration>41:17</itunes:duration>
998 <itunes:explicit>no</itunes:explicit>
999 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
1000 <description>New Project: zedfs.com, TrueNAS CORE Ready for Deployment, IPC in FreeBSD 11: Performance Analysis, Unix Wildcards Gone Wild, Unix Wars, and more
1001 NOTES
1002 This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow)
1003 Headlines
1004 My New Project: zedfs.com (https://www.oshogbo.vexillium.org/blog/80/)
1005 Have you ever had an idea that keeps coming back to you over and over again? For a week? For a month? I know that feeling. My new project was born from this feeling.
1006 On this blog, I mix content a lot. I have written personal posts (not many of them, but still), FreeBSD development posts, development posts, security posts, and ZFS posts. This mixed content can be problematic sometimes. I share a lot of stuff here, and readers don’t know what to expect next. I am just excited by so many things, and I want to share that excitement with you!
1007 TrueNAS CORE is Ready for Deployment (https://www.ixsystems.com/blog/truenas-12-rc-1/)
1008 TrueNAS 12.0 RC1 was released yesterday and with it, TrueNAS CORE is ready for deployment. The merger of FreeNAS and TrueNAS into a unified software image can now begin its path into mainstream use. TrueNAS CORE is the new FreeNAS and is on schedule.
1009 The TrueNAS 12.0 BETA process started in June and has been the most successful BETA release ever with more than 3,000 users and only minor issues. Ars Technica provided a detailed technical walkthrough of the original BETA. There is a long list of features and performance improvements. During the BETA process, TrueNAS 12.0 demonstrated over 1.2 Million IOPS and over 23GB/s on a TrueNAS M60.
1010 News Roundup
1011 Interprocess Communication in FreeBSD 11: Performance Analysis (https://arxiv.org/pdf/2008.02145.pdf)
1012 Interprocess communication, IPC, is one of the most fundamental functions of a modern operating system, playing an essential role in the fabric of contemporary applications. This report conducts an investigation in FreeBSD of the real world performance considerations behind two of the most common IPC mechanisms; pipes and sockets. A simple benchmark provides a fair sense of effective bandwidth for each, and analysis using DTrace, hardware performance counters and the operating system’s source code is presented. We note that pipes outperform sockets by 63% on average across all configurations, and further that the size of userspace transmission buffers has a profound effect on performance — larger buffers are beneficial up to a point (∼ 32-64 KiB) after which performance collapses as a result of devastating cache exhaustion. A deep scrutiny of the probe effects at play is also presented, justifying the validity of conclusions drawn from these experiments.
1013 Back To The Future: Unix Wildcards Gone Wild (https://www.defensecode.com/public/DefenseCode_Unix_WildCards_Gone_Wild.txt)
1014 First of all, this article has nothing to do with modern hacking techniques like ASLR bypass, ROP exploits, 0day remote kernel exploits or Chrome's Chain-14-Different-Bugs-To-Get-There... Nope, nothing of the above. This article will cover one interesting old-school Unix hacking technique, that will still work nowadays in 2013.
1015 Unix Wars (https://www.livinginternet.com/i/iw_unix_war.htm)
1016 Dozens of different operating systems have been developed over the years, but only Unix has grown in so many varieties. There are three main branches. Four factors have facilitated this growth...
1017 Tarsnap
1018 This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.
1019 Feedback/Questions
1020 Chris - installing FreeBSD 13-current (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/371/feedback/Chris%20-%20installing%20FreeBSD%2013-current.md)
1021 Dane - FreeBSD History Lesson (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/371/feedback/Dane%20-%20FreeBSD%20History%20Lesson.md)
1022 Marc - linux compat (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/371/feedback/Marc%20-%20linux%20compat.md)
1023 Mason - apropos battery (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/371/feedback/Mason%20-%20apropos%20battery.md)
1024 Paul - a topic idea (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/371/feedback/Paul%20-%20a%20topic%20idea.md)
1025 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
1026 </description>
1027 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, operating system, os, berkeley, software, distribution, zfs, zpool, dataset, interview, truenas, truenas core, IPC, interprocess, communication, performance, performance analysis, Unix, wildcards, Unix wars</itunes:keywords>
1028 <content:encoded>
1029 <![CDATA[<p>New Project: zedfs.com, TrueNAS CORE Ready for Deployment, IPC in FreeBSD 11: Performance Analysis, Unix Wildcards Gone Wild, Unix Wars, and more</p>
1030
1031 <p><strong><em>NOTES</em></strong><br>
1032 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow">Tarsnap</a></p>
1033
1034 <h2>Headlines</h2>
1035
1036 <h3><a href="https://www.oshogbo.vexillium.org/blog/80/" rel="nofollow">My New Project: zedfs.com</a></h3>
1037
1038 <blockquote>
1039 <p>Have you ever had an idea that keeps coming back to you over and over again? For a week? For a month? I know that feeling. My new project was born from this feeling.<br>
1040 On this blog, I mix content a lot. I have written personal posts (not many of them, but still), FreeBSD development posts, development posts, security posts, and ZFS posts. This mixed content can be problematic sometimes. I share a lot of stuff here, and readers don’t know what to expect next. I am just excited by so many things, and I want to share that excitement with you!</p>
1041
1042 <hr>
1043 </blockquote>
1044
1045 <h3><a href="https://www.ixsystems.com/blog/truenas-12-rc-1/" rel="nofollow">TrueNAS CORE is Ready for Deployment</a></h3>
1046
1047 <blockquote>
1048 <p>TrueNAS 12.0 RC1 was released yesterday and with it, TrueNAS CORE is ready for deployment. The merger of FreeNAS and TrueNAS into a unified software image can now begin its path into mainstream use. TrueNAS CORE is the new FreeNAS and is on schedule.<br>
1049 The TrueNAS 12.0 BETA process started in June and has been the most successful BETA release ever with more than 3,000 users and only minor issues. Ars Technica provided a detailed technical walkthrough of the original BETA. There is a long list of features and performance improvements. During the BETA process, TrueNAS 12.0 demonstrated over 1.2 Million IOPS and over 23GB/s on a TrueNAS M60.</p>
1050
1051 <hr>
1052 </blockquote>
1053
1054 <h2>News Roundup</h2>
1055
1056 <h3><a href="https://arxiv.org/pdf/2008.02145.pdf" rel="nofollow">Interprocess Communication in FreeBSD 11: Performance Analysis</a></h3>
1057
1058 <blockquote>
1059 <p>Interprocess communication, IPC, is one of the most fundamental functions of a modern operating system, playing an essential role in the fabric of contemporary applications. This report conducts an investigation in FreeBSD of the real world performance considerations behind two of the most common IPC mechanisms; pipes and sockets. A simple benchmark provides a fair sense of effective bandwidth for each, and analysis using DTrace, hardware performance counters and the operating system’s source code is presented. We note that pipes outperform sockets by 63% on average across all configurations, and further that the size of userspace transmission buffers has a profound effect on performance — larger buffers are beneficial up to a point (∼ 32-64 KiB) after which performance collapses as a result of devastating cache exhaustion. A deep scrutiny of the probe effects at play is also presented, justifying the validity of conclusions drawn from these experiments.</p>
1060
1061 <hr>
1062 </blockquote>
1063
1064 <h3><a href="https://www.defensecode.com/public/DefenseCode_Unix_WildCards_Gone_Wild.txt" rel="nofollow">Back To The Future: Unix Wildcards Gone Wild</a></h3>
1065
1066 <blockquote>
1067 <p>First of all, this article has nothing to do with modern hacking techniques like ASLR bypass, ROP exploits, 0day remote kernel exploits or Chrome's Chain-14-Different-Bugs-To-Get-There... Nope, nothing of the above. This article will cover one interesting old-school Unix hacking technique, that will still work nowadays in 2013.</p>
1068
1069 <hr>
1070 </blockquote>
1071
1072 <h3><a href="https://www.livinginternet.com/i/iw_unix_war.htm" rel="nofollow">Unix Wars</a></h3>
1073
1074 <blockquote>
1075 <p>Dozens of different operating systems have been developed over the years, but only Unix has grown in so many varieties. There are three main branches. Four factors have facilitated this growth...</p>
1076
1077 <hr>
1078 </blockquote>
1079
1080 <h3>Tarsnap</h3>
1081
1082 <ul>
1083 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
1084 </ul>
1085
1086 <h2>Feedback/Questions</h2>
1087
1088 <ul>
1089 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/371/feedback/Chris%20-%20installing%20FreeBSD%2013-current.md" rel="nofollow">Chris - installing FreeBSD 13-current</a></li>
1090 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/371/feedback/Dane%20-%20FreeBSD%20History%20Lesson.md" rel="nofollow">Dane - FreeBSD History Lesson</a></li>
1091 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/371/feedback/Marc%20-%20linux%20compat.md" rel="nofollow">Marc - linux compat</a></li>
1092 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/371/feedback/Mason%20-%20apropos%20battery.md" rel="nofollow">Mason - apropos battery</a></li>
1093 <li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/371/feedback/Paul%20-%20a%20topic%20idea.md" rel="nofollow">Paul - a topic idea</a></p>
1094
1095 <hr></li>
1096 <li><p>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></p>
1097
1098 <hr></li>
1099 </ul>]]>
1100 </content:encoded>
1101 <itunes:summary>
1102 <![CDATA[<p>New Project: zedfs.com, TrueNAS CORE Ready for Deployment, IPC in FreeBSD 11: Performance Analysis, Unix Wildcards Gone Wild, Unix Wars, and more</p>
1103
1104 <p><strong><em>NOTES</em></strong><br>
1105 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow">Tarsnap</a></p>
1106
1107 <h2>Headlines</h2>
1108
1109 <h3><a href="https://www.oshogbo.vexillium.org/blog/80/" rel="nofollow">My New Project: zedfs.com</a></h3>
1110
1111 <blockquote>
1112 <p>Have you ever had an idea that keeps coming back to you over and over again? For a week? For a month? I know that feeling. My new project was born from this feeling.<br>
1113 On this blog, I mix content a lot. I have written personal posts (not many of them, but still), FreeBSD development posts, development posts, security posts, and ZFS posts. This mixed content can be problematic sometimes. I share a lot of stuff here, and readers don’t know what to expect next. I am just excited by so many things, and I want to share that excitement with you!</p>
1114
1115 <hr>
1116 </blockquote>
1117
1118 <h3><a href="https://www.ixsystems.com/blog/truenas-12-rc-1/" rel="nofollow">TrueNAS CORE is Ready for Deployment</a></h3>
1119
1120 <blockquote>
1121 <p>TrueNAS 12.0 RC1 was released yesterday and with it, TrueNAS CORE is ready for deployment. The merger of FreeNAS and TrueNAS into a unified software image can now begin its path into mainstream use. TrueNAS CORE is the new FreeNAS and is on schedule.<br>
1122 The TrueNAS 12.0 BETA process started in June and has been the most successful BETA release ever with more than 3,000 users and only minor issues. Ars Technica provided a detailed technical walkthrough of the original BETA. There is a long list of features and performance improvements. During the BETA process, TrueNAS 12.0 demonstrated over 1.2 Million IOPS and over 23GB/s on a TrueNAS M60.</p>
1123
1124 <hr>
1125 </blockquote>
1126
1127 <h2>News Roundup</h2>
1128
1129 <h3><a href="https://arxiv.org/pdf/2008.02145.pdf" rel="nofollow">Interprocess Communication in FreeBSD 11: Performance Analysis</a></h3>
1130
1131 <blockquote>
1132 <p>Interprocess communication, IPC, is one of the most fundamental functions of a modern operating system, playing an essential role in the fabric of contemporary applications. This report conducts an investigation in FreeBSD of the real world performance considerations behind two of the most common IPC mechanisms; pipes and sockets. A simple benchmark provides a fair sense of effective bandwidth for each, and analysis using DTrace, hardware performance counters and the operating system’s source code is presented. We note that pipes outperform sockets by 63% on average across all configurations, and further that the size of userspace transmission buffers has a profound effect on performance — larger buffers are beneficial up to a point (∼ 32-64 KiB) after which performance collapses as a result of devastating cache exhaustion. A deep scrutiny of the probe effects at play is also presented, justifying the validity of conclusions drawn from these experiments.</p>
1133
1134 <hr>
1135 </blockquote>
1136
1137 <h3><a href="https://www.defensecode.com/public/DefenseCode_Unix_WildCards_Gone_Wild.txt" rel="nofollow">Back To The Future: Unix Wildcards Gone Wild</a></h3>
1138
1139 <blockquote>
1140 <p>First of all, this article has nothing to do with modern hacking techniques like ASLR bypass, ROP exploits, 0day remote kernel exploits or Chrome's Chain-14-Different-Bugs-To-Get-There... Nope, nothing of the above. This article will cover one interesting old-school Unix hacking technique, that will still work nowadays in 2013.</p>
1141
1142 <hr>
1143 </blockquote>
1144
1145 <h3><a href="https://www.livinginternet.com/i/iw_unix_war.htm" rel="nofollow">Unix Wars</a></h3>
1146
1147 <blockquote>
1148 <p>Dozens of different operating systems have been developed over the years, but only Unix has grown in so many varieties. There are three main branches. Four factors have facilitated this growth...</p>
1149
1150 <hr>
1151 </blockquote>
1152
1153 <h3>Tarsnap</h3>
1154
1155 <ul>
1156 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
1157 </ul>
1158
1159 <h2>Feedback/Questions</h2>
1160
1161 <ul>
1162 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/371/feedback/Chris%20-%20installing%20FreeBSD%2013-current.md" rel="nofollow">Chris - installing FreeBSD 13-current</a></li>
1163 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/371/feedback/Dane%20-%20FreeBSD%20History%20Lesson.md" rel="nofollow">Dane - FreeBSD History Lesson</a></li>
1164 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/371/feedback/Marc%20-%20linux%20compat.md" rel="nofollow">Marc - linux compat</a></li>
1165 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/371/feedback/Mason%20-%20apropos%20battery.md" rel="nofollow">Mason - apropos battery</a></li>
1166 <li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/371/feedback/Paul%20-%20a%20topic%20idea.md" rel="nofollow">Paul - a topic idea</a></p>
1167
1168 <hr></li>
1169 <li><p>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></p>
1170
1171 <hr></li>
1172 </ul>]]>
1173 </itunes:summary>
1174 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+WJtuVorY</fireside:playerURL>
1175 <fireside:playerEmbedCode>
1176 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+WJtuVorY" width="740" height="200" frameborder="0" scrolling="no">]]>
1177 </fireside:playerEmbedCode>
1178 </item>
1179 <item>
1180 <title>370: Testing shutdown</title>
1181 <link>https://www.bsdnow.tv/370</link>
1182 <guid isPermaLink="false">4bc93957-8853-4c7a-b016-604d770c5b71</guid>
1183 <pubDate>Thu, 01 Oct 2020 03:15:00 -0700</pubDate>
1184 <author>Allan Jude</author>
1185 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4bc93957-8853-4c7a-b016-604d770c5b71.mp3" length="43353456" type="audio/mpeg"/>
1186 <itunes:episodeType>full</itunes:episodeType>
1187 <itunes:author>Allan Jude</itunes:author>
1188 <itunes:subtitle>The world’s first OpenZFS based live image, FreeBSD Subversion to Git Migration video, FreeBSD Instant-workstation 2020, testing the shutdown mechanism, login_ldap added to OpenBSD, and more</itunes:subtitle>
1189 <itunes:duration>45:12</itunes:duration>
1190 <itunes:explicit>no</itunes:explicit>
1191 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
1192 <description>The world’s first OpenZFS based live image, FreeBSD Subversion to Git Migration video, FreeBSD Instant-workstation 2020, testing the shutdown mechanism, login_ldap added to OpenBSD, and more
1193 NOTES
1194 This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow)
1195 Headlines
1196 FuryBSD 2020-Q3 The world’s first OpenZFS based live image (https://www.furybsd.org/furybsd-2020-q3-the-worlds-first-openzfs-based-live-image/)
1197 FuryBSD is a tool to test drive stock FreeBSD desktop images in read write mode to see if it will work for you before installing. In order to provide the most reliable experience possible while preserving the integrity of the system the LiveCD now leverages ZFS, compression, replication, a memory file system, and reroot (pivot root).
1198 FreeBSD Subversion to Git Migration: Pt 1 Why? (https://bsdimp.blogspot.com/2020/09/freebsd-subversion-to-git-migration.html)
1199 FreeBSD moving to Git: Why? With luck, I'll be writing a few blogs on FreeBSD's move to git later this year. Today, we'll start with "why"?
1200 Video from Warner Losh (https://www.youtube.com/watch?v=Lx9lKr_M-DI)
1201 News Roundup
1202 FreeBSD Instant-workstation 2020 (https://euroquis.nl/freebsd/2020/09/17/instant-workstation.html)
1203 A little over a year ago I published an instant-workstation script for FreeBSD. The idea is to have an installed FreeBSD system, then run a shell script that uses only base-system utilities and installs and configures a workstation setup for you.
1204 nut – testing the shutdown mechanism (https://dan.langille.org/2020/09/10/nut-testing-the-shutdown-mechanism/)
1205 Following on from my recent nut setup, this is the second in a series of three posts.
1206 The next post will deal with adjusting startup and shutdown times to be sure everything proceeds as required.
1207 login_ldap added to OpenBSD -current (https://undeadly.org/cgi?action=article;sid=20200913081040)
1208 With this commit, Martijn van Duren (martijn@) added login_ldap(8) to -current
1209 + https://marc.info/?l=openbsd-cvs&m=159992319027593&w=2
1210 Beastie Bits
1211 NetBSD current now has GCC 9.3.0 for x86/ARM (https://twitter.com/netbsd/status/1305082782457245696)
1212 MidnightBSD 1.2.8 (https://www.justjournal.com/users/mbsd/entry/33802)
1213 MidnightBSD 2.0-Current (https://www.justjournal.com/users/mbsd/entry/33806)
1214 Retro UNIX 8086 v1 operating system has been developed by Erdogan Tan as a special purposed derivation of original UNIX v1 (https://www.singlix.com/runix/)
1215 ***
1216 Tarsnap
1217 This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.
1218 Feedback/Questions
1219 Rick - rcorder (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/370/feedback/Rick%20-%20rcorder.md)
1220 Dan - machiatto bin (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/370/feedback/dan%20-%20machiatto%20bin.md)
1221 Luis - old episodes (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/370/feedback/luis%20-%20old%20episodes.md)
1222 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
1223 </description>
1224 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, operating system, os, berkeley, software, distribution, zfs, zpool, dataset, interview, live image, migration, git, video, workstation, testing, shutdown, mechanism, login_ldap, ldap, login</itunes:keywords>
1225 <content:encoded>
1226 <![CDATA[<p>The world’s first OpenZFS based live image, FreeBSD Subversion to Git Migration video, FreeBSD Instant-workstation 2020, testing the shutdown mechanism, login_ldap added to OpenBSD, and more</p>
1227
1228 <p><strong><em>NOTES</em></strong><br>
1229 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow">Tarsnap</a></p>
1230
1231 <h2>Headlines</h2>
1232
1233 <h3><a href="https://www.furybsd.org/furybsd-2020-q3-the-worlds-first-openzfs-based-live-image/" rel="nofollow">FuryBSD 2020-Q3 The world’s first OpenZFS based live image</a></h3>
1234
1235 <blockquote>
1236 <p>FuryBSD is a tool to test drive stock FreeBSD desktop images in read write mode to see if it will work for you before installing. In order to provide the most reliable experience possible while preserving the integrity of the system the LiveCD now leverages ZFS, compression, replication, a memory file system, and reroot (pivot root).</p>
1237
1238 <hr>
1239 </blockquote>
1240
1241 <h3><a href="https://bsdimp.blogspot.com/2020/09/freebsd-subversion-to-git-migration.html" rel="nofollow">FreeBSD Subversion to Git Migration: Pt 1 Why?</a></h3>
1242
1243 <blockquote>
1244 <p>FreeBSD moving to Git: Why? With luck, I'll be writing a few blogs on FreeBSD's move to git later this year. Today, we'll start with "why"?<br>
1245 <a href="https://www.youtube.com/watch?v=Lx9lKr_M-DI" rel="nofollow">Video from Warner Losh</a></p>
1246
1247 <hr>
1248 </blockquote>
1249
1250 <h2>News Roundup</h2>
1251
1252 <h3><a href="https://euroquis.nl/freebsd/2020/09/17/instant-workstation.html" rel="nofollow">FreeBSD Instant-workstation 2020</a></h3>
1253
1254 <blockquote>
1255 <p>A little over a year ago I published an instant-workstation script for FreeBSD. The idea is to have an installed FreeBSD system, then run a shell script that uses only base-system utilities and installs and configures a workstation setup for you.</p>
1256
1257 <hr>
1258 </blockquote>
1259
1260 <h3><a href="https://dan.langille.org/2020/09/10/nut-testing-the-shutdown-mechanism/" rel="nofollow">nut – testing the shutdown mechanism</a></h3>
1261
1262 <blockquote>
1263 <p>Following on from my recent nut setup, this is the second in a series of three posts.<br>
1264 The next post will deal with adjusting startup and shutdown times to be sure everything proceeds as required.</p>
1265
1266 <hr>
1267 </blockquote>
1268
1269 <h3><a href="https://undeadly.org/cgi?action=article;sid=20200913081040" rel="nofollow">login_ldap added to OpenBSD -current</a></h3>
1270
1271 <blockquote>
1272 <p>With this commit, Martijn van Duren (martijn@) added login_ldap(8) to -current</p>
1273
1274 <ul>
1275 <li><a href="https://marc.info/?l=openbsd-cvs&m=159992319027593&w=2" rel="nofollow">https://marc.info/?l=openbsd-cvs&m=159992319027593&w=2</a>
1276 ***</li>
1277 </ul>
1278 </blockquote>
1279
1280 <h2>Beastie Bits</h2>
1281
1282 <ul>
1283 <li><a href="https://twitter.com/netbsd/status/1305082782457245696" rel="nofollow">NetBSD current now has GCC 9.3.0 for x86/ARM</a></li>
1284 <li><a href="https://www.justjournal.com/users/mbsd/entry/33802" rel="nofollow">MidnightBSD 1.2.8</a></li>
1285 <li><a href="https://www.justjournal.com/users/mbsd/entry/33806" rel="nofollow">MidnightBSD 2.0-Current</a></li>
1286 <li><a href="https://www.singlix.com/runix/" rel="nofollow">Retro UNIX 8086 v1 operating system has been developed by Erdogan Tan as a special purposed derivation of original UNIX v1</a>
1287 ***</li>
1288 </ul>
1289
1290 <h3>Tarsnap</h3>
1291
1292 <ul>
1293 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
1294 </ul>
1295
1296 <h2>Feedback/Questions</h2>
1297
1298 <ul>
1299 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/370/feedback/Rick%20-%20rcorder.md" rel="nofollow">Rick - rcorder</a></li>
1300 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/370/feedback/dan%20-%20machiatto%20bin.md" rel="nofollow">Dan - machiatto bin</a></li>
1301 <li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/370/feedback/luis%20-%20old%20episodes.md" rel="nofollow">Luis - old episodes</a></p>
1302
1303 <hr></li>
1304 <li><p>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></p>
1305
1306 <hr></li>
1307 </ul>]]>
1308 </content:encoded>
1309 <itunes:summary>
1310 <![CDATA[<p>The world’s first OpenZFS based live image, FreeBSD Subversion to Git Migration video, FreeBSD Instant-workstation 2020, testing the shutdown mechanism, login_ldap added to OpenBSD, and more</p>
1311
1312 <p><strong><em>NOTES</em></strong><br>
1313 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow">Tarsnap</a></p>
1314
1315 <h2>Headlines</h2>
1316
1317 <h3><a href="https://www.furybsd.org/furybsd-2020-q3-the-worlds-first-openzfs-based-live-image/" rel="nofollow">FuryBSD 2020-Q3 The world’s first OpenZFS based live image</a></h3>
1318
1319 <blockquote>
1320 <p>FuryBSD is a tool to test drive stock FreeBSD desktop images in read write mode to see if it will work for you before installing. In order to provide the most reliable experience possible while preserving the integrity of the system the LiveCD now leverages ZFS, compression, replication, a memory file system, and reroot (pivot root).</p>
1321
1322 <hr>
1323 </blockquote>
1324
1325 <h3><a href="https://bsdimp.blogspot.com/2020/09/freebsd-subversion-to-git-migration.html" rel="nofollow">FreeBSD Subversion to Git Migration: Pt 1 Why?</a></h3>
1326
1327 <blockquote>
1328 <p>FreeBSD moving to Git: Why? With luck, I'll be writing a few blogs on FreeBSD's move to git later this year. Today, we'll start with "why"?<br>
1329 <a href="https://www.youtube.com/watch?v=Lx9lKr_M-DI" rel="nofollow">Video from Warner Losh</a></p>
1330
1331 <hr>
1332 </blockquote>
1333
1334 <h2>News Roundup</h2>
1335
1336 <h3><a href="https://euroquis.nl/freebsd/2020/09/17/instant-workstation.html" rel="nofollow">FreeBSD Instant-workstation 2020</a></h3>
1337
1338 <blockquote>
1339 <p>A little over a year ago I published an instant-workstation script for FreeBSD. The idea is to have an installed FreeBSD system, then run a shell script that uses only base-system utilities and installs and configures a workstation setup for you.</p>
1340
1341 <hr>
1342 </blockquote>
1343
1344 <h3><a href="https://dan.langille.org/2020/09/10/nut-testing-the-shutdown-mechanism/" rel="nofollow">nut – testing the shutdown mechanism</a></h3>
1345
1346 <blockquote>
1347 <p>Following on from my recent nut setup, this is the second in a series of three posts.<br>
1348 The next post will deal with adjusting startup and shutdown times to be sure everything proceeds as required.</p>
1349
1350 <hr>
1351 </blockquote>
1352
1353 <h3><a href="https://undeadly.org/cgi?action=article;sid=20200913081040" rel="nofollow">login_ldap added to OpenBSD -current</a></h3>
1354
1355 <blockquote>
1356 <p>With this commit, Martijn van Duren (martijn@) added login_ldap(8) to -current</p>
1357
1358 <ul>
1359 <li><a href="https://marc.info/?l=openbsd-cvs&m=159992319027593&w=2" rel="nofollow">https://marc.info/?l=openbsd-cvs&m=159992319027593&w=2</a>
1360 ***</li>
1361 </ul>
1362 </blockquote>
1363
1364 <h2>Beastie Bits</h2>
1365
1366 <ul>
1367 <li><a href="https://twitter.com/netbsd/status/1305082782457245696" rel="nofollow">NetBSD current now has GCC 9.3.0 for x86/ARM</a></li>
1368 <li><a href="https://www.justjournal.com/users/mbsd/entry/33802" rel="nofollow">MidnightBSD 1.2.8</a></li>
1369 <li><a href="https://www.justjournal.com/users/mbsd/entry/33806" rel="nofollow">MidnightBSD 2.0-Current</a></li>
1370 <li><a href="https://www.singlix.com/runix/" rel="nofollow">Retro UNIX 8086 v1 operating system has been developed by Erdogan Tan as a special purposed derivation of original UNIX v1</a>
1371 ***</li>
1372 </ul>
1373
1374 <h3>Tarsnap</h3>
1375
1376 <ul>
1377 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
1378 </ul>
1379
1380 <h2>Feedback/Questions</h2>
1381
1382 <ul>
1383 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/370/feedback/Rick%20-%20rcorder.md" rel="nofollow">Rick - rcorder</a></li>
1384 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/370/feedback/dan%20-%20machiatto%20bin.md" rel="nofollow">Dan - machiatto bin</a></li>
1385 <li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/370/feedback/luis%20-%20old%20episodes.md" rel="nofollow">Luis - old episodes</a></p>
1386
1387 <hr></li>
1388 <li><p>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></p>
1389
1390 <hr></li>
1391 </ul>]]>
1392 </itunes:summary>
1393 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+XvT_6M-Z</fireside:playerURL>
1394 <fireside:playerEmbedCode>
1395 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+XvT_6M-Z" width="740" height="200" frameborder="0" scrolling="no">]]>
1396 </fireside:playerEmbedCode>
1397 </item>
1398 <item>
1399 <title>369: Where rc.d belongs</title>
1400 <link>https://www.bsdnow.tv/369</link>
1401 <guid isPermaLink="false">3594bb2c-b1c8-4f13-bcb9-6ad5094179a5</guid>
1402 <pubDate>Thu, 24 Sep 2020 09:00:00 -0700</pubDate>
1403 <author>Allan Jude</author>
1404 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/3594bb2c-b1c8-4f13-bcb9-6ad5094179a5.mp3" length="43421016" type="audio/mpeg"/>
1405 <itunes:episodeType>full</itunes:episodeType>
1406 <itunes:author>Allan Jude</itunes:author>
1407 <itunes:subtitle>High Availability Router/Firewall Using OpenBSD, CARP, pfsync, and ifstated, Building the Development Version of Emacs on NetBSD, rc.d belongs in libexec, not etc, FreeBSD 11.3 EOL, OPNsense 20.7.1 Released, MidnightBSD 1.2.7 out, and more.</itunes:subtitle>
1408 <itunes:duration>44:09</itunes:duration>
1409 <itunes:explicit>no</itunes:explicit>
1410 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
1411 <description>High Availability Router/Firewall Using OpenBSD, CARP, pfsync, and ifstated, Building the Development Version of Emacs on NetBSD, rc.d belongs in libexec, not etc, FreeBSD 11.3 EOL, OPNsense 20.7.1 Released, MidnightBSD 1.2.7 out, and more.
1412 NOTES
1413 This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow)
1414 Headlines
1415 High Availability Router/Firewall Using OpenBSD, CARP, pfsync, and ifstated (https://dzone.com/articles/high-availability-routerfirewall-using-openbsd-car)
1416 I have been running OpenBSD on a Soekris net5501 for my router/firewall since early 2012. Because I run a multitude of services on this system (more on that later), the meager 500Mhz AMD Geode + 512MB SDRAM was starting to get a little sluggish while trying to do anything via the terminal. Despite the perceived performance hit during interactive SSH sessions, it still supported a full 100Mbit connection with NAT, so I wasn’t overly eager to change anything. Luckily though, my ISP increased the bandwidth available on my plan tier to 150Mbit+. Unfortunately, the Soekris only contained 4xVIA Rhine Fast Ethernet. So now, I was using a slow system and wasting money by not being able to fully utilize my connection.
1417 Building the Development Version of Emacs on NetBSD (https://lars.ingebrigtsen.no/2020/08/25/building-the-development-version-of-emacs-on-netbsd/)
1418 I hadn’t really planned on installing a NetBSD VM (after doing all the other two BSDs), but then a NetBSD-related Emacs bug report arrived.
1419 News Roundup
1420 rc.d belongs in libexec, not etc (https://jmmv.dev/2020/08/rcd-libexec-etc.html)
1421 Let’s open with the controversy: the scripts that live under /etc/rc.d/ in FreeBSD, NetBSD, and OpenBSD are in the wrong place. They all should live in /libexec/rc.d/ because they are code, not configuration.
1422 This misplacement is something that has bugged me for ages but I never had the energy to open this can of worms back when I was very involved in NetBSD. I suspect it would have been a draining discussion and a very difficult thing to change.
1423 FreeBSD 11.3 EOL (https://lists.freebsd.org/pipermail/freebsd-announce/2020-September/001982.html)
1424 As of September 30, 2020, FreeBSD 11.3 will reach end-of-life and will no longer
1425 be supported by the FreeBSD Security Team. Users of FreeBSD 11.3 are strongly
1426 encouraged to upgrade to a newer release as soon as possible.
1427 OPNsense 20.7.1 Released (https://opnsense.org/opnsense-20-7-1-released/)
1428 Overall, the jump to HardenedBSD 12.1 is looking promising from our end. From the reported issues we still have more logging quirks to investigate and especially Netmap support (used in IPS and Sensei) is lacking in some areas that were previously working. Patches are being worked on already so we shall get there soon enough. Stay tuned.
1429 MidnightBSD 1.2.7 out (https://www.justjournal.com/users/mbsd/entry/33801)
1430 MidnightBSD 1.2.7 is available via the FTP/HTTP and mirrors as well as github.
1431 It includes several bug fixes and security updates over the last ISO release and is recommended for new installations.
1432 Users who don't want to updatee the whole OS, should consider at least updating libmport as there are many package management fixes
1433 Beastie Bits
1434 Tarsnap podcast (https://blog.firosolutions.com/2020/08/tarsnap-podcast/)
1435 NetBSD Tips and Tricks (http://students.engr.scu.edu/~sschaeck/netbsd/index.html)
1436 FreeBSD mini-git Primer (https://hackmd.io/hJgnfzd5TMK-VHgUzshA2g)
1437 GhostBSD Financial Reports (https://ghostbsd.org/financial_reports_from_January_to_June_2020)
1438 ***
1439 Tarsnap
1440 This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.
1441 Feedback/Questions
1442 Daniel - Documentation Tooling (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/369/feedback/Daniel%20-%20Documentation%20Tooling.md)
1443 Fongaboo - Where did the ZFS tutorial Go? (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/369/feedback/Fongaboo%20-%20Where%20did%20the%20ZFS%20Tutorial%20Go.md)
1444 Johnny - Browser Cold Wars (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/369/feedback/Johnny%20-%20Browser%20Cold%20Wars.md)
1445 ***
1446 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
1447 </description>
1448 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, operating system, os, berkeley, software, distribution, zfs, zpool, dataset, interview, ha, high availability, carp, pfsync, ifstated, development, emacs, rc.d, libexec, etc, end of life, release, opnsense, midnightbsd </itunes:keywords>
1449 <content:encoded>
1450 <![CDATA[<p>High Availability Router/Firewall Using OpenBSD, CARP, pfsync, and ifstated, Building the Development Version of Emacs on NetBSD, rc.d belongs in libexec, not etc, FreeBSD 11.3 EOL, OPNsense 20.7.1 Released, MidnightBSD 1.2.7 out, and more.</p>
1451
1452 <p><strong><em>NOTES</em></strong><br>
1453 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow">Tarsnap</a></p>
1454
1455 <h2>Headlines</h2>
1456
1457 <h3><a href="https://dzone.com/articles/high-availability-routerfirewall-using-openbsd-car" rel="nofollow">High Availability Router/Firewall Using OpenBSD, CARP, pfsync, and ifstated</a></h3>
1458
1459 <blockquote>
1460 <p>I have been running OpenBSD on a Soekris net5501 for my router/firewall since early 2012. Because I run a multitude of services on this system (more on that later), the meager 500Mhz AMD Geode + 512MB SDRAM was starting to get a little sluggish while trying to do anything via the terminal. Despite the perceived performance hit during interactive SSH sessions, it still supported a full 100Mbit connection with NAT, so I wasn’t overly eager to change anything. Luckily though, my ISP increased the bandwidth available on my plan tier to 150Mbit+. Unfortunately, the Soekris only contained 4xVIA Rhine Fast Ethernet. So now, I was using a slow system and wasting money by not being able to fully utilize my connection.</p>
1461 </blockquote>
1462
1463 <hr>
1464
1465 <h3><a href="https://lars.ingebrigtsen.no/2020/08/25/building-the-development-version-of-emacs-on-netbsd/" rel="nofollow">Building the Development Version of Emacs on NetBSD</a></h3>
1466
1467 <blockquote>
1468 <p>I hadn’t really planned on installing a NetBSD VM (after doing all the other two BSDs), but then a NetBSD-related Emacs bug report arrived.</p>
1469 </blockquote>
1470
1471 <hr>
1472
1473 <h2>News Roundup</h2>
1474
1475 <h3><a href="https://jmmv.dev/2020/08/rcd-libexec-etc.html" rel="nofollow">rc.d belongs in libexec, not etc</a></h3>
1476
1477 <blockquote>
1478 <p>Let’s open with the controversy: the scripts that live under /etc/rc.d/ in FreeBSD, NetBSD, and OpenBSD are in the wrong place. They all should live in /libexec/rc.d/ because they are code, not configuration.<br>
1479 This misplacement is something that has bugged me for ages but I never had the energy to open this can of worms back when I was very involved in NetBSD. I suspect it would have been a draining discussion and a very difficult thing to change.</p>
1480 </blockquote>
1481
1482 <hr>
1483
1484 <h3><a href="https://lists.freebsd.org/pipermail/freebsd-announce/2020-September/001982.html" rel="nofollow">FreeBSD 11.3 EOL</a></h3>
1485
1486 <blockquote>
1487 <p>As of September 30, 2020, FreeBSD 11.3 will reach end-of-life and will no longer<br>
1488 be supported by the FreeBSD Security Team. Users of FreeBSD 11.3 are strongly<br>
1489 encouraged to upgrade to a newer release as soon as possible.</p>
1490 </blockquote>
1491
1492 <hr>
1493
1494 <h3><a href="https://opnsense.org/opnsense-20-7-1-released/" rel="nofollow">OPNsense 20.7.1 Released</a></h3>
1495
1496 <blockquote>
1497 <p>Overall, the jump to HardenedBSD 12.1 is looking promising from our end. From the reported issues we still have more logging quirks to investigate and especially Netmap support (used in IPS and Sensei) is lacking in some areas that were previously working. Patches are being worked on already so we shall get there soon enough. Stay tuned.</p>
1498 </blockquote>
1499
1500 <hr>
1501
1502 <h3><a href="https://www.justjournal.com/users/mbsd/entry/33801" rel="nofollow">MidnightBSD 1.2.7 out</a></h3>
1503
1504 <blockquote>
1505 <p>MidnightBSD 1.2.7 is available via the FTP/HTTP and mirrors as well as github.<br><br>
1506 It includes several bug fixes and security updates over the last ISO release and is recommended for new installations.<br><br>
1507 Users who don't want to updatee the whole OS, should consider at least updating libmport as there are many package management fixes</p>
1508 </blockquote>
1509
1510 <hr>
1511
1512 <h2>Beastie Bits</h2>
1513
1514 <ul>
1515 <li><a href="https://blog.firosolutions.com/2020/08/tarsnap-podcast/" rel="nofollow">Tarsnap podcast</a></li>
1516 <li><a href="http://students.engr.scu.edu/%7Esschaeck/netbsd/index.html" rel="nofollow">NetBSD Tips and Tricks</a></li>
1517 <li><a href="https://hackmd.io/hJgnfzd5TMK-VHgUzshA2g" rel="nofollow">FreeBSD mini-git Primer</a></li>
1518 <li><a href="https://ghostbsd.org/financial_reports_from_January_to_June_2020" rel="nofollow">GhostBSD Financial Reports</a>
1519 ***</li>
1520 </ul>
1521
1522 <h3>Tarsnap</h3>
1523
1524 <ul>
1525 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
1526 </ul>
1527
1528 <h2>Feedback/Questions</h2>
1529
1530 <ul>
1531 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/369/feedback/Daniel%20-%20Documentation%20Tooling.md" rel="nofollow">Daniel - Documentation Tooling</a></li>
1532 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/369/feedback/Fongaboo%20-%20Where%20did%20the%20ZFS%20Tutorial%20Go.md" rel="nofollow">Fongaboo - Where did the ZFS tutorial Go?</a></li>
1533 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/369/feedback/Johnny%20-%20Browser%20Cold%20Wars.md" rel="nofollow">Johnny - Browser Cold Wars</a>
1534 ***</li>
1535 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
1536 </ul>
1537
1538 <hr>]]>
1539 </content:encoded>
1540 <itunes:summary>
1541 <![CDATA[<p>High Availability Router/Firewall Using OpenBSD, CARP, pfsync, and ifstated, Building the Development Version of Emacs on NetBSD, rc.d belongs in libexec, not etc, FreeBSD 11.3 EOL, OPNsense 20.7.1 Released, MidnightBSD 1.2.7 out, and more.</p>
1542
1543 <p><strong><em>NOTES</em></strong><br>
1544 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow">Tarsnap</a></p>
1545
1546 <h2>Headlines</h2>
1547
1548 <h3><a href="https://dzone.com/articles/high-availability-routerfirewall-using-openbsd-car" rel="nofollow">High Availability Router/Firewall Using OpenBSD, CARP, pfsync, and ifstated</a></h3>
1549
1550 <blockquote>
1551 <p>I have been running OpenBSD on a Soekris net5501 for my router/firewall since early 2012. Because I run a multitude of services on this system (more on that later), the meager 500Mhz AMD Geode + 512MB SDRAM was starting to get a little sluggish while trying to do anything via the terminal. Despite the perceived performance hit during interactive SSH sessions, it still supported a full 100Mbit connection with NAT, so I wasn’t overly eager to change anything. Luckily though, my ISP increased the bandwidth available on my plan tier to 150Mbit+. Unfortunately, the Soekris only contained 4xVIA Rhine Fast Ethernet. So now, I was using a slow system and wasting money by not being able to fully utilize my connection.</p>
1552 </blockquote>
1553
1554 <hr>
1555
1556 <h3><a href="https://lars.ingebrigtsen.no/2020/08/25/building-the-development-version-of-emacs-on-netbsd/" rel="nofollow">Building the Development Version of Emacs on NetBSD</a></h3>
1557
1558 <blockquote>
1559 <p>I hadn’t really planned on installing a NetBSD VM (after doing all the other two BSDs), but then a NetBSD-related Emacs bug report arrived.</p>
1560 </blockquote>
1561
1562 <hr>
1563
1564 <h2>News Roundup</h2>
1565
1566 <h3><a href="https://jmmv.dev/2020/08/rcd-libexec-etc.html" rel="nofollow">rc.d belongs in libexec, not etc</a></h3>
1567
1568 <blockquote>
1569 <p>Let’s open with the controversy: the scripts that live under /etc/rc.d/ in FreeBSD, NetBSD, and OpenBSD are in the wrong place. They all should live in /libexec/rc.d/ because they are code, not configuration.<br>
1570 This misplacement is something that has bugged me for ages but I never had the energy to open this can of worms back when I was very involved in NetBSD. I suspect it would have been a draining discussion and a very difficult thing to change.</p>
1571 </blockquote>
1572
1573 <hr>
1574
1575 <h3><a href="https://lists.freebsd.org/pipermail/freebsd-announce/2020-September/001982.html" rel="nofollow">FreeBSD 11.3 EOL</a></h3>
1576
1577 <blockquote>
1578 <p>As of September 30, 2020, FreeBSD 11.3 will reach end-of-life and will no longer<br>
1579 be supported by the FreeBSD Security Team. Users of FreeBSD 11.3 are strongly<br>
1580 encouraged to upgrade to a newer release as soon as possible.</p>
1581 </blockquote>
1582
1583 <hr>
1584
1585 <h3><a href="https://opnsense.org/opnsense-20-7-1-released/" rel="nofollow">OPNsense 20.7.1 Released</a></h3>
1586
1587 <blockquote>
1588 <p>Overall, the jump to HardenedBSD 12.1 is looking promising from our end. From the reported issues we still have more logging quirks to investigate and especially Netmap support (used in IPS and Sensei) is lacking in some areas that were previously working. Patches are being worked on already so we shall get there soon enough. Stay tuned.</p>
1589 </blockquote>
1590
1591 <hr>
1592
1593 <h3><a href="https://www.justjournal.com/users/mbsd/entry/33801" rel="nofollow">MidnightBSD 1.2.7 out</a></h3>
1594
1595 <blockquote>
1596 <p>MidnightBSD 1.2.7 is available via the FTP/HTTP and mirrors as well as github.<br><br>
1597 It includes several bug fixes and security updates over the last ISO release and is recommended for new installations.<br><br>
1598 Users who don't want to updatee the whole OS, should consider at least updating libmport as there are many package management fixes</p>
1599 </blockquote>
1600
1601 <hr>
1602
1603 <h2>Beastie Bits</h2>
1604
1605 <ul>
1606 <li><a href="https://blog.firosolutions.com/2020/08/tarsnap-podcast/" rel="nofollow">Tarsnap podcast</a></li>
1607 <li><a href="http://students.engr.scu.edu/%7Esschaeck/netbsd/index.html" rel="nofollow">NetBSD Tips and Tricks</a></li>
1608 <li><a href="https://hackmd.io/hJgnfzd5TMK-VHgUzshA2g" rel="nofollow">FreeBSD mini-git Primer</a></li>
1609 <li><a href="https://ghostbsd.org/financial_reports_from_January_to_June_2020" rel="nofollow">GhostBSD Financial Reports</a>
1610 ***</li>
1611 </ul>
1612
1613 <h3>Tarsnap</h3>
1614
1615 <ul>
1616 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
1617 </ul>
1618
1619 <h2>Feedback/Questions</h2>
1620
1621 <ul>
1622 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/369/feedback/Daniel%20-%20Documentation%20Tooling.md" rel="nofollow">Daniel - Documentation Tooling</a></li>
1623 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/369/feedback/Fongaboo%20-%20Where%20did%20the%20ZFS%20Tutorial%20Go.md" rel="nofollow">Fongaboo - Where did the ZFS tutorial Go?</a></li>
1624 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/369/feedback/Johnny%20-%20Browser%20Cold%20Wars.md" rel="nofollow">Johnny - Browser Cold Wars</a>
1625 ***</li>
1626 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
1627 </ul>
1628
1629 <hr>]]>
1630 </itunes:summary>
1631 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+ZB3tUsid</fireside:playerURL>
1632 <fireside:playerEmbedCode>
1633 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+ZB3tUsid" width="740" height="200" frameborder="0" scrolling="no">]]>
1634 </fireside:playerEmbedCode>
1635 </item>
1636 <item>
1637 <title>368: Changing OS roles</title>
1638 <link>https://www.bsdnow.tv/368</link>
1639 <guid isPermaLink="false">4d186dc4-b8ee-4824-bfcc-3bacf18ba5da</guid>
1640 <pubDate>Thu, 17 Sep 2020 03:00:00 -0700</pubDate>
1641 <author>Allan Jude</author>
1642 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4d186dc4-b8ee-4824-bfcc-3bacf18ba5da.mp3" length="48070680" type="audio/mpeg"/>
1643 <itunes:episodeType>full</itunes:episodeType>
1644 <itunes:author>Allan Jude</itunes:author>
1645 <itunes:subtitle>Modernizing the OpenBSD Console, OS roles have changed, FreeBSD Cluster with Pacemaker and Corosync, Wine in a 32-bit sandbox on 64-bit NetBSD, Find package which provides a file in OpenBSD, and more.</itunes:subtitle>
1646 <itunes:duration>48:32</itunes:duration>
1647 <itunes:explicit>no</itunes:explicit>
1648 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
1649 <description> Modernizing the OpenBSD Console, OS roles have changed, FreeBSD Cluster with Pacemaker and Corosync, Wine in a 32-bit sandbox on 64-bit NetBSD, Find package which provides a file in OpenBSD, and more.
1650 NOTES
1651 This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/)
1652 Headlines
1653 Modernizing the OpenBSD Console (https://www.cambus.net/modernizing-the-openbsd-console/)
1654 At the beginning were text mode consoles. Traditionally, *BSD and Linux on i386 and amd64 used text mode consoles which by default provided 25 rows of 80 columns, the "80x25 mode". This mode uses a 8x16 font stored in the VGA BIOS (which can be slightly different across vendors).
1655 OpenBSD uses the wscons(4) console framework, inherited from NetBSD
1656 OS roles have changed (https://rubenerd.com/the-roles-of-oss-have-changed/)
1657 Though I do wonder sometimes, with just a slight tweak to history, how things might have been different. In another dimension somewhere, I’m using the latest BeOS-powered PowerPC laptop, and a shiny new Palm smartphone. Both of these represented the pinnacle of UI design in the 1990s, and still in the 2020s have yet to be surpassed. People call me an Apple fanboy, but I’d drop all of it in a second for that gear.
1658 News Roundup
1659 FreeBSD Cluster with Pacemaker and Corosync (https://vermaden.wordpress.com/2020/09/03/freebsd-cluster-with-pacemaker-and-corosync/)
1660 I always missed ‘proper’ cluster software for FreeBSD systems. Recently I got to run several Pacemaker/Corosync based clusters on Linux systems. I thought how to make similar high availability solutions on FreeBSD and I was really shocked when I figured out that both Pacemaker and Corosync tools are available in the FreeBSD Ports and packages as net/pacemaker2 and net/corosync2 respectively.
1661 Wine in a 32-bit sandbox on 64-bit NetBSD (https://washbear.neocities.org/wine-sandbox.html)
1662 "Mainline pkgsrc" can't do strange multi-arch Wine builds yet, so a 32-bit sandbox seems like a reasonable way to use 32-bit Wine on amd64 without resorting to running real Windows in NVMM. We'll see if this was a viable alternative to re-reviewing the multi-arch support in pkgsrc-wip...
1663 We're using sandboxctl, which is a neat tool for quickly shelling into a different NetBSD userspace. Maybe you also don't trust the Windows applications you're running too much - sandboxctl creates a chroot based on a fresh system image, and chroot on NetBSD is fairly bombproof.
1664 Find package which provides a file in OpenBSD (https://dataswamp.org/~solene/2020-09-04-pkglocate-openbsd.html)
1665 There is one very handy package on OpenBSD named pkglocatedb which provides the command pkglocate.
1666 If you need to find a file or binary/program and you don’t know which package contains it, use pkglocate.
1667 Beastie Bits
1668 OpenBSD for 1.5 Years: Confessions of a Linux Heretic (https://www.youtube.com/watch?v=oTShQIXSdqM)
1669 OpenBSD 6.8 Beta Tagged (https://undeadly.org/cgi?action=article;sid=20200831192811)
1670 Hammer2 and growth (https://www.dragonflydigest.com/2020/09/08/24933.html)
1671 Understanding a FreeBSD kernel vulnerability (https://www.thezdi.com/blog/2020/9/1/cve-2020-7460-freebsd-kernel-privilege-escalation)
1672 ***
1673 Tarsnap
1674 This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.
1675 Feedback/Questions
1676 Rob - 7 years (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/368/feedback/Bruce%20-%207%20years.md)
1677 Kurt - Microserver (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/368/feedback/Kurt%20-%20Microserver.md)
1678 Rob - Interviews (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/368/feedback/Rob%20-%20Interviews.md)
1679 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
1680 ***
1681 </description>
1682 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, operating system, os, berkeley, software, distribution, zfs, zpool, dataset, interview, console, modernizing, modern, operating system, role, cluster, pacemaker, corosync, wine, 32-bit, 64-bit, sandbox, package manager</itunes:keywords>
1683 <content:encoded>
1684 <![CDATA[<p>Modernizing the OpenBSD Console, OS roles have changed, FreeBSD Cluster with Pacemaker and Corosync, Wine in a 32-bit sandbox on 64-bit NetBSD, Find package which provides a file in OpenBSD, and more. </p>
1685
1686 <p><strong><em>NOTES</em></strong><br>
1687 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/" rel="nofollow">Tarsnap</a></p>
1688
1689 <h2>Headlines</h2>
1690
1691 <h3><a href="https://www.cambus.net/modernizing-the-openbsd-console/" rel="nofollow">Modernizing the OpenBSD Console</a></h3>
1692
1693 <blockquote>
1694 <p>At the beginning were text mode consoles. Traditionally, *BSD and Linux on i386 and amd64 used text mode consoles which by default provided 25 rows of 80 columns, the "80x25 mode". This mode uses a 8x16 font stored in the VGA BIOS (which can be slightly different across vendors).<br>
1695 OpenBSD uses the wscons(4) console framework, inherited from NetBSD</p>
1696
1697 <hr>
1698 </blockquote>
1699
1700 <h3><a href="https://rubenerd.com/the-roles-of-oss-have-changed/" rel="nofollow">OS roles have changed</a></h3>
1701
1702 <blockquote>
1703 <p>Though I do wonder sometimes, with just a slight tweak to history, how things might have been different. In another dimension somewhere, I’m using the latest BeOS-powered PowerPC laptop, and a shiny new Palm smartphone. Both of these represented the pinnacle of UI design in the 1990s, and still in the 2020s have yet to be surpassed. People call me an Apple fanboy, but I’d drop all of it in a second for that gear.</p>
1704
1705 <hr>
1706 </blockquote>
1707
1708 <h2>News Roundup</h2>
1709
1710 <h3><a href="https://vermaden.wordpress.com/2020/09/03/freebsd-cluster-with-pacemaker-and-corosync/" rel="nofollow">FreeBSD Cluster with Pacemaker and Corosync</a></h3>
1711
1712 <blockquote>
1713 <p>I always missed ‘proper’ cluster software for FreeBSD systems. Recently I got to run several Pacemaker/Corosync based clusters on Linux systems. I thought how to make similar high availability solutions on FreeBSD and I was really shocked when I figured out that both Pacemaker and Corosync tools are available in the FreeBSD Ports and packages as net/pacemaker2 and net/corosync2 respectively.</p>
1714
1715 <hr>
1716 </blockquote>
1717
1718 <h3><a href="https://washbear.neocities.org/wine-sandbox.html" rel="nofollow">Wine in a 32-bit sandbox on 64-bit NetBSD</a></h3>
1719
1720 <blockquote>
1721 <p>"Mainline pkgsrc" can't do strange multi-arch Wine builds yet, so a 32-bit sandbox seems like a reasonable way to use 32-bit Wine on amd64 without resorting to running real Windows in NVMM. We'll see if this was a viable alternative to re-reviewing the multi-arch support in pkgsrc-wip...<br>
1722 We're using sandboxctl, which is a neat tool for quickly shelling into a different NetBSD userspace. Maybe you also don't trust the Windows applications you're running too much - sandboxctl creates a chroot based on a fresh system image, and chroot on NetBSD is fairly bombproof.</p>
1723
1724 <hr>
1725 </blockquote>
1726
1727 <h3><a href="https://dataswamp.org/%7Esolene/2020-09-04-pkglocate-openbsd.html" rel="nofollow">Find package which provides a file in OpenBSD</a></h3>
1728
1729 <blockquote>
1730 <p>There is one very handy package on OpenBSD named pkglocatedb which provides the command pkglocate.<br>
1731 If you need to find a file or binary/program and you don’t know which package contains it, use pkglocate.</p>
1732 </blockquote>
1733
1734 <hr>
1735
1736 <h2>Beastie Bits</h2>
1737
1738 <ul>
1739 <li><a href="https://www.youtube.com/watch?v=oTShQIXSdqM" rel="nofollow">OpenBSD for 1.5 Years: Confessions of a Linux Heretic</a></li>
1740 <li><a href="https://undeadly.org/cgi?action=article;sid=20200831192811" rel="nofollow">OpenBSD 6.8 Beta Tagged</a></li>
1741 <li><a href="https://www.dragonflydigest.com/2020/09/08/24933.html" rel="nofollow">Hammer2 and growth</a></li>
1742 <li><a href="https://www.thezdi.com/blog/2020/9/1/cve-2020-7460-freebsd-kernel-privilege-escalation" rel="nofollow">Understanding a FreeBSD kernel vulnerability</a>
1743 ***</li>
1744 </ul>
1745
1746 <h3>Tarsnap</h3>
1747
1748 <ul>
1749 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
1750 </ul>
1751
1752 <h2>Feedback/Questions</h2>
1753
1754 <ul>
1755 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/368/feedback/Bruce%20-%207%20years.md" rel="nofollow">Rob - 7 years</a></li>
1756 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/368/feedback/Kurt%20-%20Microserver.md" rel="nofollow">Kurt - Microserver</a></li>
1757 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/368/feedback/Rob%20-%20Interviews.md" rel="nofollow">Rob - Interviews</a></li>
1758 </ul>
1759
1760 <hr>
1761
1762 <ul>
1763 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a>
1764 ***</li>
1765 </ul>]]>
1766 </content:encoded>
1767 <itunes:summary>
1768 <![CDATA[<p>Modernizing the OpenBSD Console, OS roles have changed, FreeBSD Cluster with Pacemaker and Corosync, Wine in a 32-bit sandbox on 64-bit NetBSD, Find package which provides a file in OpenBSD, and more. </p>
1769
1770 <p><strong><em>NOTES</em></strong><br>
1771 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/" rel="nofollow">Tarsnap</a></p>
1772
1773 <h2>Headlines</h2>
1774
1775 <h3><a href="https://www.cambus.net/modernizing-the-openbsd-console/" rel="nofollow">Modernizing the OpenBSD Console</a></h3>
1776
1777 <blockquote>
1778 <p>At the beginning were text mode consoles. Traditionally, *BSD and Linux on i386 and amd64 used text mode consoles which by default provided 25 rows of 80 columns, the "80x25 mode". This mode uses a 8x16 font stored in the VGA BIOS (which can be slightly different across vendors).<br>
1779 OpenBSD uses the wscons(4) console framework, inherited from NetBSD</p>
1780
1781 <hr>
1782 </blockquote>
1783
1784 <h3><a href="https://rubenerd.com/the-roles-of-oss-have-changed/" rel="nofollow">OS roles have changed</a></h3>
1785
1786 <blockquote>
1787 <p>Though I do wonder sometimes, with just a slight tweak to history, how things might have been different. In another dimension somewhere, I’m using the latest BeOS-powered PowerPC laptop, and a shiny new Palm smartphone. Both of these represented the pinnacle of UI design in the 1990s, and still in the 2020s have yet to be surpassed. People call me an Apple fanboy, but I’d drop all of it in a second for that gear.</p>
1788
1789 <hr>
1790 </blockquote>
1791
1792 <h2>News Roundup</h2>
1793
1794 <h3><a href="https://vermaden.wordpress.com/2020/09/03/freebsd-cluster-with-pacemaker-and-corosync/" rel="nofollow">FreeBSD Cluster with Pacemaker and Corosync</a></h3>
1795
1796 <blockquote>
1797 <p>I always missed ‘proper’ cluster software for FreeBSD systems. Recently I got to run several Pacemaker/Corosync based clusters on Linux systems. I thought how to make similar high availability solutions on FreeBSD and I was really shocked when I figured out that both Pacemaker and Corosync tools are available in the FreeBSD Ports and packages as net/pacemaker2 and net/corosync2 respectively.</p>
1798
1799 <hr>
1800 </blockquote>
1801
1802 <h3><a href="https://washbear.neocities.org/wine-sandbox.html" rel="nofollow">Wine in a 32-bit sandbox on 64-bit NetBSD</a></h3>
1803
1804 <blockquote>
1805 <p>"Mainline pkgsrc" can't do strange multi-arch Wine builds yet, so a 32-bit sandbox seems like a reasonable way to use 32-bit Wine on amd64 without resorting to running real Windows in NVMM. We'll see if this was a viable alternative to re-reviewing the multi-arch support in pkgsrc-wip...<br>
1806 We're using sandboxctl, which is a neat tool for quickly shelling into a different NetBSD userspace. Maybe you also don't trust the Windows applications you're running too much - sandboxctl creates a chroot based on a fresh system image, and chroot on NetBSD is fairly bombproof.</p>
1807
1808 <hr>
1809 </blockquote>
1810
1811 <h3><a href="https://dataswamp.org/%7Esolene/2020-09-04-pkglocate-openbsd.html" rel="nofollow">Find package which provides a file in OpenBSD</a></h3>
1812
1813 <blockquote>
1814 <p>There is one very handy package on OpenBSD named pkglocatedb which provides the command pkglocate.<br>
1815 If you need to find a file or binary/program and you don’t know which package contains it, use pkglocate.</p>
1816 </blockquote>
1817
1818 <hr>
1819
1820 <h2>Beastie Bits</h2>
1821
1822 <ul>
1823 <li><a href="https://www.youtube.com/watch?v=oTShQIXSdqM" rel="nofollow">OpenBSD for 1.5 Years: Confessions of a Linux Heretic</a></li>
1824 <li><a href="https://undeadly.org/cgi?action=article;sid=20200831192811" rel="nofollow">OpenBSD 6.8 Beta Tagged</a></li>
1825 <li><a href="https://www.dragonflydigest.com/2020/09/08/24933.html" rel="nofollow">Hammer2 and growth</a></li>
1826 <li><a href="https://www.thezdi.com/blog/2020/9/1/cve-2020-7460-freebsd-kernel-privilege-escalation" rel="nofollow">Understanding a FreeBSD kernel vulnerability</a>
1827 ***</li>
1828 </ul>
1829
1830 <h3>Tarsnap</h3>
1831
1832 <ul>
1833 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
1834 </ul>
1835
1836 <h2>Feedback/Questions</h2>
1837
1838 <ul>
1839 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/368/feedback/Bruce%20-%207%20years.md" rel="nofollow">Rob - 7 years</a></li>
1840 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/368/feedback/Kurt%20-%20Microserver.md" rel="nofollow">Kurt - Microserver</a></li>
1841 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/368/feedback/Rob%20-%20Interviews.md" rel="nofollow">Rob - Interviews</a></li>
1842 </ul>
1843
1844 <hr>
1845
1846 <ul>
1847 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a>
1848 ***</li>
1849 </ul>]]>
1850 </itunes:summary>
1851 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+MbyMomIr</fireside:playerURL>
1852 <fireside:playerEmbedCode>
1853 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+MbyMomIr" width="740" height="200" frameborder="0" scrolling="no">]]>
1854 </fireside:playerEmbedCode>
1855 </item>
1856 <item>
1857 <title>367: Changing jail datasets</title>
1858 <link>https://www.bsdnow.tv/367</link>
1859 <guid isPermaLink="false">056d15d3-4908-4073-955a-88e7700ba566</guid>
1860 <pubDate>Thu, 10 Sep 2020 03:00:00 -0700</pubDate>
1861 <author>Allan Jude</author>
1862 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/056d15d3-4908-4073-955a-88e7700ba566.mp3" length="47196984" type="audio/mpeg"/>
1863 <itunes:episodeType>full</itunes:episodeType>
1864 <itunes:author>Allan Jude</itunes:author>
1865 <itunes:subtitle>A 35 Year Old Bug in Patch, Sandbox for FreeBSD, Changing from one dataset to another within a jail, You don’t need tmux or screen for ZFS, HardenedBSD August 2020 Status Report and Call for Donations, and more.</itunes:subtitle>
1866 <itunes:duration>45:28</itunes:duration>
1867 <itunes:explicit>no</itunes:explicit>
1868 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
1869 <description>A 35 Year Old Bug in Patch, Sandbox for FreeBSD, Changing from one dataset to another within a jail, You don’t need tmux or screen for ZFS, HardenedBSD August 2020 Status Report and Call for Donations, and more.
1870 NOTES
1871 This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/)
1872 Headlines
1873 A 35 Year Old Bug in Patch (http://bsdimp.blogspot.com/2020/08/a-35-year-old-bug-in-patch-found-in.html)
1874 Larry Wall posted patch 1.3 to mod.sources on May 8, 1985. A number of versions followed over the years. It's been a faithful alley for a long, long time. I've never had a problem with patch until I embarked on the 2.11BSD restoration project. In going over the logs very carefully, I've discovered a bug that bites this effort twice. It's quite interesting to use 27 year old patches to find this bug while restoring a 29 year old OS...
1875 Sandbox for FreeBSD (https://www.relkom.sk/en/fbsd_sandbox.shtml)
1876 A sandbox is a software which artificially limits access to the specific resources on the target according to the assigned policy. The sandbox installs hooks to the kernel syscalls and other sub-systems in order to interrupt the events triggered by the application. From the application point of view, application working as usual, but when it wants to access, for instance, /dev/kmem the sandbox software decides against the assigned sandbox scheme whether to grant or deny access.
1877 In our case, the sandbox is a kernel module which uses MAC (Mandatory Access Control) Framework developed by the TrustedBSD team. All necessary hooks were introduced to the FreeBSD kernel.
1878 Source Code (https://gitlab.com/relkom/sandbox)
1879 Documentation (https://www.relkom.sk/en/fbsd_sandbox_docs.shtml)
1880 News Roundup
1881 Changing from one dataset to another within a jail (https://dan.langille.org/2020/08/16/changing-from-one-dataset-to-another-within-a-freebsd-iocage-jail/)
1882 ZFS has a the ability to share itself within a jail. That gives the jail some autonomy, and I like that.
1883 I’ve written briefly about that, specifically for iocage. More recently, I started using a zfs snapshot for caching clearing.
1884 The purpose of this post is to document the existing configuration of the production FreshPorts webserver and outline the plan on how to modify it for more zfs-snapshot-based cache clearing.
1885 You don’t need tmux or screen for ZFS (https://rubenerd.com/you-dont-need-tmux-or-screen-for-zfs/)
1886 Back in January I mentioned how to add redundancy to a ZFS pool by adding a mirrored drive. Someone with a private account on Twitter asked me why FreeBSD—and NetBSD!—doesn’t ship with a tmux or screen equivilent in base in order to daemonise the process and let them run in the background.
1887 ZFS already does this for its internal commands.
1888 HardenedBSD August 2020 Status Report and Call for Donations (https://hardenedbsd.org/article/shawn-webb/2020-08-15/hardenedbsd-august-2020-status-report-and-call-donations)
1889 This last month has largely been a quiet one. I've restarted work on porting five-year-old work from the Code Pointer Integrity (CPI) project into HardenedBSD. Chiefly, I've started forward-porting the libc and rtld bits from the CPI project and now need to look at llvm compiler/linker enhancements. We need to be able to apply SafeStack to shared objects, not just application binaries. This forward-porting work I'm doing is to support that effort.
1890 The infrastructure has settled and is now churning normally and happily. We're still working out bandwidth issues. We hope to have a new fiber line ran by the end of September.
1891 As part of this status report, I'm issuing a formal call for donations. I'm aiming for $4,000.00 USD for a newer self-hosted Gitea server. I hope to purchase the new server before the end of 2020.
1892 Important parts of Unix's history happened before readline support was common (https://utcc.utoronto.ca/~cks/space/blog/unix/TimeBeforeReadline)
1893 Unix and things that run on Unix have been around for a long time now. In particular, GNU Readline was first released in 1989 (as was Bash), which is long enough ago for it (or lookalikes) to become pretty much pervasive, especially in Unix shells. Today it's easy to think of readline support as something that's always been there. But of course this isn't the case. Unix in its modern form dates from V7 in 1979 and 4.2 BSD in 1983, so a lot of Unix was developed before readline and was to some degree shaped by the lack of it.
1894 Tarsnap
1895 This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.
1896 Feedback/Questions
1897 Mason - mailserver (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/367/feedback/Mason%20-%20mailserver.md)
1898 casey - freebsd on decline (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/367/feedback/casey%20-%20freebsd%20on%20decline.md)
1899 denis - postgres (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/367/feedback/denis%20-%20postgres.md)
1900 ***
1901 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
1902 ***
1903 </description>
1904 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, operating system, os, berkeley, software, distribution, zfs, interview, patch, bug, bugfix, sandbox, dataset, jail, tmux, screen, status, status report, call for donations, donation</itunes:keywords>
1905 <content:encoded>
1906 <![CDATA[<p>A 35 Year Old Bug in Patch, Sandbox for FreeBSD, Changing from one dataset to another within a jail, You don’t need tmux or screen for ZFS, HardenedBSD August 2020 Status Report and Call for Donations, and more.</p>
1907
1908 <p><strong><em>NOTES</em></strong><br>
1909 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/" rel="nofollow">Tarsnap</a></p>
1910
1911 <h2>Headlines</h2>
1912
1913 <h3><a href="http://bsdimp.blogspot.com/2020/08/a-35-year-old-bug-in-patch-found-in.html" rel="nofollow">A 35 Year Old Bug in Patch</a></h3>
1914
1915 <blockquote>
1916 <p>Larry Wall posted patch 1.3 to mod.sources on May 8, 1985. A number of versions followed over the years. It's been a faithful alley for a long, long time. I've never had a problem with patch until I embarked on the 2.11BSD restoration project. In going over the logs very carefully, I've discovered a bug that bites this effort twice. It's quite interesting to use 27 year old patches to find this bug while restoring a 29 year old OS...</p>
1917 </blockquote>
1918
1919 <hr>
1920
1921 <h3><a href="https://www.relkom.sk/en/fbsd_sandbox.shtml" rel="nofollow">Sandbox for FreeBSD</a></h3>
1922
1923 <blockquote>
1924 <p>A sandbox is a software which artificially limits access to the specific resources on the target according to the assigned policy. The sandbox installs hooks to the kernel syscalls and other sub-systems in order to interrupt the events triggered by the application. From the application point of view, application working as usual, but when it wants to access, for instance, /dev/kmem the sandbox software decides against the assigned sandbox scheme whether to grant or deny access.<br>
1925 In our case, the sandbox is a kernel module which uses MAC (Mandatory Access Control) Framework developed by the TrustedBSD team. All necessary hooks were introduced to the FreeBSD kernel.</p>
1926 </blockquote>
1927
1928 <ul>
1929 <li><a href="https://gitlab.com/relkom/sandbox" rel="nofollow">Source Code</a></li>
1930 <li><a href="https://www.relkom.sk/en/fbsd_sandbox_docs.shtml" rel="nofollow">Documentation</a></li>
1931 </ul>
1932
1933 <hr>
1934
1935 <h2>News Roundup</h2>
1936
1937 <h3><a href="https://dan.langille.org/2020/08/16/changing-from-one-dataset-to-another-within-a-freebsd-iocage-jail/" rel="nofollow">Changing from one dataset to another within a jail</a></h3>
1938
1939 <blockquote>
1940 <p>ZFS has a the ability to share itself within a jail. That gives the jail some autonomy, and I like that.<br>
1941 I’ve written briefly about that, specifically for iocage. More recently, I started using a zfs snapshot for caching clearing.<br>
1942 The purpose of this post is to document the existing configuration of the production FreshPorts webserver and outline the plan on how to modify it for more zfs-snapshot-based cache clearing.</p>
1943 </blockquote>
1944
1945 <hr>
1946
1947 <h3><a href="https://rubenerd.com/you-dont-need-tmux-or-screen-for-zfs/" rel="nofollow">You don’t need tmux or screen for ZFS</a></h3>
1948
1949 <blockquote>
1950 <p>Back in January I mentioned how to add redundancy to a ZFS pool by adding a mirrored drive. Someone with a private account on Twitter asked me why FreeBSD—and NetBSD!—doesn’t ship with a tmux or screen equivilent in base in order to daemonise the process and let them run in the background.<br>
1951 ZFS already does this for its internal commands.</p>
1952 </blockquote>
1953
1954 <hr>
1955
1956 <h3><a href="https://hardenedbsd.org/article/shawn-webb/2020-08-15/hardenedbsd-august-2020-status-report-and-call-donations" rel="nofollow">HardenedBSD August 2020 Status Report and Call for Donations</a></h3>
1957
1958 <blockquote>
1959 <p>This last month has largely been a quiet one. I've restarted work on porting five-year-old work from the Code Pointer Integrity (CPI) project into HardenedBSD. Chiefly, I've started forward-porting the libc and rtld bits from the CPI project and now need to look at llvm compiler/linker enhancements. We need to be able to apply SafeStack to shared objects, not just application binaries. This forward-porting work I'm doing is to support that effort.<br>
1960 The infrastructure has settled and is now churning normally and happily. We're still working out bandwidth issues. We hope to have a new fiber line ran by the end of September.<br>
1961 As part of this status report, I'm issuing a formal call for donations. I'm aiming for $4,000.00 USD for a newer self-hosted Gitea server. I hope to purchase the new server before the end of 2020.</p>
1962 </blockquote>
1963
1964 <hr>
1965
1966 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/unix/TimeBeforeReadline" rel="nofollow">Important parts of Unix's history happened before readline support was common</a></h3>
1967
1968 <blockquote>
1969 <p>Unix and things that run on Unix have been around for a long time now. In particular, GNU Readline was first released in 1989 (as was Bash), which is long enough ago for it (or lookalikes) to become pretty much pervasive, especially in Unix shells. Today it's easy to think of readline support as something that's always been there. But of course this isn't the case. Unix in its modern form dates from V7 in 1979 and 4.2 BSD in 1983, so a lot of Unix was developed before readline and was to some degree shaped by the lack of it.</p>
1970 </blockquote>
1971
1972 <hr>
1973
1974 <h3>Tarsnap</h3>
1975
1976 <ul>
1977 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
1978 </ul>
1979
1980 <h2>Feedback/Questions</h2>
1981
1982 <ul>
1983 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/367/feedback/Mason%20-%20mailserver.md" rel="nofollow">Mason - mailserver</a></li>
1984 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/367/feedback/casey%20-%20freebsd%20on%20decline.md" rel="nofollow">casey - freebsd on decline</a></li>
1985 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/367/feedback/denis%20-%20postgres.md" rel="nofollow">denis - postgres</a>
1986 ***</li>
1987 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a>
1988 ***</li>
1989 </ul>]]>
1990 </content:encoded>
1991 <itunes:summary>
1992 <![CDATA[<p>A 35 Year Old Bug in Patch, Sandbox for FreeBSD, Changing from one dataset to another within a jail, You don’t need tmux or screen for ZFS, HardenedBSD August 2020 Status Report and Call for Donations, and more.</p>
1993
1994 <p><strong><em>NOTES</em></strong><br>
1995 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/" rel="nofollow">Tarsnap</a></p>
1996
1997 <h2>Headlines</h2>
1998
1999 <h3><a href="http://bsdimp.blogspot.com/2020/08/a-35-year-old-bug-in-patch-found-in.html" rel="nofollow">A 35 Year Old Bug in Patch</a></h3>
2000
2001 <blockquote>
2002 <p>Larry Wall posted patch 1.3 to mod.sources on May 8, 1985. A number of versions followed over the years. It's been a faithful alley for a long, long time. I've never had a problem with patch until I embarked on the 2.11BSD restoration project. In going over the logs very carefully, I've discovered a bug that bites this effort twice. It's quite interesting to use 27 year old patches to find this bug while restoring a 29 year old OS...</p>
2003 </blockquote>
2004
2005 <hr>
2006
2007 <h3><a href="https://www.relkom.sk/en/fbsd_sandbox.shtml" rel="nofollow">Sandbox for FreeBSD</a></h3>
2008
2009 <blockquote>
2010 <p>A sandbox is a software which artificially limits access to the specific resources on the target according to the assigned policy. The sandbox installs hooks to the kernel syscalls and other sub-systems in order to interrupt the events triggered by the application. From the application point of view, application working as usual, but when it wants to access, for instance, /dev/kmem the sandbox software decides against the assigned sandbox scheme whether to grant or deny access.<br>
2011 In our case, the sandbox is a kernel module which uses MAC (Mandatory Access Control) Framework developed by the TrustedBSD team. All necessary hooks were introduced to the FreeBSD kernel.</p>
2012 </blockquote>
2013
2014 <ul>
2015 <li><a href="https://gitlab.com/relkom/sandbox" rel="nofollow">Source Code</a></li>
2016 <li><a href="https://www.relkom.sk/en/fbsd_sandbox_docs.shtml" rel="nofollow">Documentation</a></li>
2017 </ul>
2018
2019 <hr>
2020
2021 <h2>News Roundup</h2>
2022
2023 <h3><a href="https://dan.langille.org/2020/08/16/changing-from-one-dataset-to-another-within-a-freebsd-iocage-jail/" rel="nofollow">Changing from one dataset to another within a jail</a></h3>
2024
2025 <blockquote>
2026 <p>ZFS has a the ability to share itself within a jail. That gives the jail some autonomy, and I like that.<br>
2027 I’ve written briefly about that, specifically for iocage. More recently, I started using a zfs snapshot for caching clearing.<br>
2028 The purpose of this post is to document the existing configuration of the production FreshPorts webserver and outline the plan on how to modify it for more zfs-snapshot-based cache clearing.</p>
2029 </blockquote>
2030
2031 <hr>
2032
2033 <h3><a href="https://rubenerd.com/you-dont-need-tmux-or-screen-for-zfs/" rel="nofollow">You don’t need tmux or screen for ZFS</a></h3>
2034
2035 <blockquote>
2036 <p>Back in January I mentioned how to add redundancy to a ZFS pool by adding a mirrored drive. Someone with a private account on Twitter asked me why FreeBSD—and NetBSD!—doesn’t ship with a tmux or screen equivilent in base in order to daemonise the process and let them run in the background.<br>
2037 ZFS already does this for its internal commands.</p>
2038 </blockquote>
2039
2040 <hr>
2041
2042 <h3><a href="https://hardenedbsd.org/article/shawn-webb/2020-08-15/hardenedbsd-august-2020-status-report-and-call-donations" rel="nofollow">HardenedBSD August 2020 Status Report and Call for Donations</a></h3>
2043
2044 <blockquote>
2045 <p>This last month has largely been a quiet one. I've restarted work on porting five-year-old work from the Code Pointer Integrity (CPI) project into HardenedBSD. Chiefly, I've started forward-porting the libc and rtld bits from the CPI project and now need to look at llvm compiler/linker enhancements. We need to be able to apply SafeStack to shared objects, not just application binaries. This forward-porting work I'm doing is to support that effort.<br>
2046 The infrastructure has settled and is now churning normally and happily. We're still working out bandwidth issues. We hope to have a new fiber line ran by the end of September.<br>
2047 As part of this status report, I'm issuing a formal call for donations. I'm aiming for $4,000.00 USD for a newer self-hosted Gitea server. I hope to purchase the new server before the end of 2020.</p>
2048 </blockquote>
2049
2050 <hr>
2051
2052 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/unix/TimeBeforeReadline" rel="nofollow">Important parts of Unix's history happened before readline support was common</a></h3>
2053
2054 <blockquote>
2055 <p>Unix and things that run on Unix have been around for a long time now. In particular, GNU Readline was first released in 1989 (as was Bash), which is long enough ago for it (or lookalikes) to become pretty much pervasive, especially in Unix shells. Today it's easy to think of readline support as something that's always been there. But of course this isn't the case. Unix in its modern form dates from V7 in 1979 and 4.2 BSD in 1983, so a lot of Unix was developed before readline and was to some degree shaped by the lack of it.</p>
2056 </blockquote>
2057
2058 <hr>
2059
2060 <h3>Tarsnap</h3>
2061
2062 <ul>
2063 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
2064 </ul>
2065
2066 <h2>Feedback/Questions</h2>
2067
2068 <ul>
2069 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/367/feedback/Mason%20-%20mailserver.md" rel="nofollow">Mason - mailserver</a></li>
2070 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/367/feedback/casey%20-%20freebsd%20on%20decline.md" rel="nofollow">casey - freebsd on decline</a></li>
2071 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/367/feedback/denis%20-%20postgres.md" rel="nofollow">denis - postgres</a>
2072 ***</li>
2073 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a>
2074 ***</li>
2075 </ul>]]>
2076 </itunes:summary>
2077 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+3cJUa1-D</fireside:playerURL>
2078 <fireside:playerEmbedCode>
2079 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+3cJUa1-D" width="740" height="200" frameborder="0" scrolling="no">]]>
2080 </fireside:playerEmbedCode>
2081 </item>
2082 <item>
2083 <title>366: Bootloader zpool checkpoints</title>
2084 <link>https://www.bsdnow.tv/366</link>
2085 <guid isPermaLink="false">ac66cef0-02a8-44b9-b915-813b8e26c643</guid>
2086 <pubDate>Thu, 03 Sep 2020 03:00:00 -0700</pubDate>
2087 <author>Allan Jude</author>
2088 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ac66cef0-02a8-44b9-b915-813b8e26c643.mp3" length="54891512" type="audio/mpeg"/>
2089 <itunes:episodeType>full</itunes:episodeType>
2090 <itunes:author>Allan Jude</itunes:author>
2091 <itunes:subtitle>OpenZFS with ZSTD lands in FreeBSD 13, LibreSSL doc status update, FreeBSD on SPARC64 (is dead), Bringing zpool checkpoints to a FreeBSD bootloader, and more</itunes:subtitle>
2092 <itunes:duration>53:02</itunes:duration>
2093 <itunes:explicit>no</itunes:explicit>
2094 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
2095 <description>OpenZFS with ZSTD lands in FreeBSD 13, LibreSSL doc status update, FreeBSD on SPARC64 (is dead), Bringing zpool checkpoints to a FreeBSD bootloader, and more
2096 NOTES
2097 This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/)
2098 Headlines
2099 OpenZFS with ZSTD land in FreeBSD 13 (https://svnweb.freebsd.org/base?view=revision&revision=364746)
2100 ZStandard Compression for OpenZFS (https://github.com/openzfs/zfs/commit/10b3c7f5e424f54b3ba82dbf1600d866e64ec0a0)
2101 > The primary benefit is maintaining a completely shared code base with the community allowing FreeBSD to receive new features sooner and with less effort.
2102 > I would advise against doing 'zpool upgrade' or creating indispensable pools using new features until this change has had a month+ to soak.
2103 Rebasing FreeBSD’s OpenZFS on the new upstream was sponsored by iXsystems
2104 The competition of ZSTD support for OpenZFS was sponsored by the FreeBSD Foundation
2105 ***
2106 LibreSSL documentation status update (https://undeadly.org/cgi?action=article;sid=20200817063735)
2107 More than six years ago, LibreSSL was forked from OpenSSL, and almost two years ago, i explained the status of LibreSSL documentation during EuroBSDCon 2018 in Bucuresti. So it seems providing an update might be in order.
2108 Note that this is not an update regarding LibreSSL status in general because i'm not the right person to talk about the big picture of working on the LibreSSL code, my work has been quite focussed on documentation. All the same, it is fair to say that even though the number of developers working on it is somewhat limited, the LibreSSL project is quite alive, typically having a release every few months. Progress continues being made with respect to porting and adding new functionality (for example regarding TLSv1.3, CMS, RSA-PSS, RSA-OAEP, GOST, SM3, SM4, XChaCha20 during the last two years), OpenSSL compatibility improvements (including providing additional OpenSSL-1.1 APIs), and lots of bug fixes and code cleanup.
2109 FreeBSD on SPARC64 (is dead) (https://eerielinux.wordpress.com/2020/02/15/freebsd-on-sparc64-is-dead/)
2110 ’m coming pretty late to the party, because SPARC64 support in FreeBSD is apparently doomed: After the POWER platform made the switch to a LLVM/Clang-based toolchain, SPARC64 is one of the last ones that still uses the ancient GCC 4.2-based toolchain that the project wants to finally get rid off (it has already happened as I was writing this – looks like the firm plan was not so firm after all, since they killed it off early). And compared to the other platforms it has seen not too much love in recent times… SPARC64 being a great platform, I’d be quite sad to see it go. But before that happens let’s see what the current status is and what would need to be done if it were to survive, shall we?
2111 News Roundup
2112 Bringing zpool checkpoints to a FreeBSD bootloader (https://www.oshogbo.vexillium.org/blog/79/)
2113 Almost two years ago I wrote a blog post about checkpoints in ZFS. I didn’t hide that I was a big fan of them. That said, after those two years, I still feel that there are underappreciated features in the ZFS world, so I decided to do something about that.
2114 Currently, one of the best practices for upgrading your operating system is to use boot environments. They are a great feature for managing multiple kernels and userlands. They are based on juggling which ZFS datasets are mounted. Each dataset has its own version of the system. Unfortunately, boot environments have their limitations. If we, for example, upgrade our ZFS pool, we may not be able to use older versions of the system anymore.
2115 The big advantage of boot environments is that they have very good tools. Two main tools are beadm (which was created by vermaden) and bectl (which currently is in the FreeBSD base system). These tools allow us to create and manage boot environments.
2116 Beastie Bits
2117 The First Unix Port (https://documents.uow.edu.au/content/groups/public/@web/@inf/@scsse/documents/doc/uow103747.pdf)
2118 TLS Mastery updates, August 2020 (https://mwl.io/archives/7346)
2119 What is the Oldest BSD Distribution still around today (https://www.youtube.com/watch?v=ww60o940kEk)
2120 Tarsnap
2121 This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.
2122 Feedback/Questions
2123 ben - zfs send questions (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/366/feedback/ben%20-%20zfs%20send%20questions.md)
2124 lars - zfs pool question (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/366/feedback/lars%20-%20zfs%20pool%20question.md)
2125 neutron - bectl vs beadm (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/366/feedback/neutron%20-%20bectl%20vs%20beadm.md)
2126 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
2127 </description>
2128 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, operating system, os, berkeley, software, distribution, zfs, interview, libressl, ssl, documentation, doc, status, status update, sparc64, zpool, checkpoint, bootloader</itunes:keywords>
2129 <content:encoded>
2130 <![CDATA[<p>OpenZFS with ZSTD lands in FreeBSD 13, LibreSSL doc status update, FreeBSD on SPARC64 (is dead), Bringing zpool checkpoints to a FreeBSD bootloader, and more</p>
2131
2132 <p><strong><em>NOTES</em></strong><br>
2133 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/" rel="nofollow">Tarsnap</a></p>
2134
2135 <h2>Headlines</h2>
2136
2137 <h3><a href="https://svnweb.freebsd.org/base?view=revision&revision=364746" rel="nofollow">OpenZFS with ZSTD land in FreeBSD 13</a></h3>
2138
2139 <ul>
2140 <li><a href="https://github.com/openzfs/zfs/commit/10b3c7f5e424f54b3ba82dbf1600d866e64ec0a0" rel="nofollow">ZStandard Compression for OpenZFS</a>
2141 > The primary benefit is maintaining a completely shared code base with the community allowing FreeBSD to receive new features sooner and with less effort.
2142 > I would advise against doing 'zpool upgrade' or creating indispensable pools using new features until this change has had a month+ to soak.</li>
2143 <li>Rebasing FreeBSD’s OpenZFS on the new upstream was sponsored by iXsystems</li>
2144 <li>The competition of ZSTD support for OpenZFS was sponsored by the FreeBSD Foundation
2145 ***</li>
2146 </ul>
2147
2148 <h3><a href="https://undeadly.org/cgi?action=article;sid=20200817063735" rel="nofollow">LibreSSL documentation status update</a></h3>
2149
2150 <blockquote>
2151 <p>More than six years ago, LibreSSL was forked from OpenSSL, and almost two years ago, i explained the status of LibreSSL documentation during EuroBSDCon 2018 in Bucuresti. So it seems providing an update might be in order.<br>
2152 Note that this is not an update regarding LibreSSL status in general because i'm not the right person to talk about the big picture of working on the LibreSSL code, my work has been quite focussed on documentation. All the same, it is fair to say that even though the number of developers working on it is somewhat limited, the LibreSSL project is quite alive, typically having a release every few months. Progress continues being made with respect to porting and adding new functionality (for example regarding TLSv1.3, CMS, RSA-PSS, RSA-OAEP, GOST, SM3, SM4, XChaCha20 during the last two years), OpenSSL compatibility improvements (including providing additional OpenSSL-1.1 APIs), and lots of bug fixes and code cleanup.</p>
2153 </blockquote>
2154
2155 <hr>
2156
2157 <h3><a href="https://eerielinux.wordpress.com/2020/02/15/freebsd-on-sparc64-is-dead/" rel="nofollow">FreeBSD on SPARC64 (is dead)</a></h3>
2158
2159 <blockquote>
2160 <p>’m coming pretty late to the party, because SPARC64 support in FreeBSD is apparently doomed: After the POWER platform made the switch to a LLVM/Clang-based toolchain, SPARC64 is one of the last ones that still uses the ancient GCC 4.2-based toolchain that the project wants to finally get rid off (it has already happened as I was writing this – looks like the firm plan was not so firm after all, since they killed it off early). And compared to the other platforms it has seen not too much love in recent times… SPARC64 being a great platform, I’d be quite sad to see it go. But before that happens let’s see what the current status is and what would need to be done if it were to survive, shall we?</p>
2161 </blockquote>
2162
2163 <hr>
2164
2165 <h2>News Roundup</h2>
2166
2167 <h3><a href="https://www.oshogbo.vexillium.org/blog/79/" rel="nofollow">Bringing zpool checkpoints to a FreeBSD bootloader</a></h3>
2168
2169 <blockquote>
2170 <p>Almost two years ago I wrote a blog post about checkpoints in ZFS. I didn’t hide that I was a big fan of them. That said, after those two years, I still feel that there are underappreciated features in the ZFS world, so I decided to do something about that.<br>
2171 Currently, one of the best practices for upgrading your operating system is to use boot environments. They are a great feature for managing multiple kernels and userlands. They are based on juggling which ZFS datasets are mounted. Each dataset has its own version of the system. Unfortunately, boot environments have their limitations. If we, for example, upgrade our ZFS pool, we may not be able to use older versions of the system anymore. <br>
2172 The big advantage of boot environments is that they have very good tools. Two main tools are beadm (which was created by vermaden) and bectl (which currently is in the FreeBSD base system). These tools allow us to create and manage boot environments.</p>
2173 </blockquote>
2174
2175 <hr>
2176
2177 <h2>Beastie Bits</h2>
2178
2179 <ul>
2180 <li><a href="https://documents.uow.edu.au/content/groups/public/@web/@inf/@scsse/documents/doc/uow103747.pdf" rel="nofollow">The First Unix Port</a></li>
2181 <li><a href="https://mwl.io/archives/7346" rel="nofollow">TLS Mastery updates, August 2020</a></li>
2182 <li><a href="https://www.youtube.com/watch?v=ww60o940kEk" rel="nofollow">What is the Oldest BSD Distribution still around today</a></li>
2183 </ul>
2184
2185 <hr>
2186
2187 <h3>Tarsnap</h3>
2188
2189 <ul>
2190 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
2191 </ul>
2192
2193 <h2>Feedback/Questions</h2>
2194
2195 <ul>
2196 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/366/feedback/ben%20-%20zfs%20send%20questions.md" rel="nofollow">ben - zfs send questions</a></li>
2197 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/366/feedback/lars%20-%20zfs%20pool%20question.md" rel="nofollow">lars - zfs pool question</a></li>
2198 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/366/feedback/neutron%20-%20bectl%20vs%20beadm.md" rel="nofollow">neutron - bectl vs beadm</a></li>
2199 </ul>
2200
2201 <hr>
2202
2203 <ul>
2204 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
2205 </ul>
2206
2207 <hr>]]>
2208 </content:encoded>
2209 <itunes:summary>
2210 <![CDATA[<p>OpenZFS with ZSTD lands in FreeBSD 13, LibreSSL doc status update, FreeBSD on SPARC64 (is dead), Bringing zpool checkpoints to a FreeBSD bootloader, and more</p>
2211
2212 <p><strong><em>NOTES</em></strong><br>
2213 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/" rel="nofollow">Tarsnap</a></p>
2214
2215 <h2>Headlines</h2>
2216
2217 <h3><a href="https://svnweb.freebsd.org/base?view=revision&revision=364746" rel="nofollow">OpenZFS with ZSTD land in FreeBSD 13</a></h3>
2218
2219 <ul>
2220 <li><a href="https://github.com/openzfs/zfs/commit/10b3c7f5e424f54b3ba82dbf1600d866e64ec0a0" rel="nofollow">ZStandard Compression for OpenZFS</a>
2221 > The primary benefit is maintaining a completely shared code base with the community allowing FreeBSD to receive new features sooner and with less effort.
2222 > I would advise against doing 'zpool upgrade' or creating indispensable pools using new features until this change has had a month+ to soak.</li>
2223 <li>Rebasing FreeBSD’s OpenZFS on the new upstream was sponsored by iXsystems</li>
2224 <li>The competition of ZSTD support for OpenZFS was sponsored by the FreeBSD Foundation
2225 ***</li>
2226 </ul>
2227
2228 <h3><a href="https://undeadly.org/cgi?action=article;sid=20200817063735" rel="nofollow">LibreSSL documentation status update</a></h3>
2229
2230 <blockquote>
2231 <p>More than six years ago, LibreSSL was forked from OpenSSL, and almost two years ago, i explained the status of LibreSSL documentation during EuroBSDCon 2018 in Bucuresti. So it seems providing an update might be in order.<br>
2232 Note that this is not an update regarding LibreSSL status in general because i'm not the right person to talk about the big picture of working on the LibreSSL code, my work has been quite focussed on documentation. All the same, it is fair to say that even though the number of developers working on it is somewhat limited, the LibreSSL project is quite alive, typically having a release every few months. Progress continues being made with respect to porting and adding new functionality (for example regarding TLSv1.3, CMS, RSA-PSS, RSA-OAEP, GOST, SM3, SM4, XChaCha20 during the last two years), OpenSSL compatibility improvements (including providing additional OpenSSL-1.1 APIs), and lots of bug fixes and code cleanup.</p>
2233 </blockquote>
2234
2235 <hr>
2236
2237 <h3><a href="https://eerielinux.wordpress.com/2020/02/15/freebsd-on-sparc64-is-dead/" rel="nofollow">FreeBSD on SPARC64 (is dead)</a></h3>
2238
2239 <blockquote>
2240 <p>’m coming pretty late to the party, because SPARC64 support in FreeBSD is apparently doomed: After the POWER platform made the switch to a LLVM/Clang-based toolchain, SPARC64 is one of the last ones that still uses the ancient GCC 4.2-based toolchain that the project wants to finally get rid off (it has already happened as I was writing this – looks like the firm plan was not so firm after all, since they killed it off early). And compared to the other platforms it has seen not too much love in recent times… SPARC64 being a great platform, I’d be quite sad to see it go. But before that happens let’s see what the current status is and what would need to be done if it were to survive, shall we?</p>
2241 </blockquote>
2242
2243 <hr>
2244
2245 <h2>News Roundup</h2>
2246
2247 <h3><a href="https://www.oshogbo.vexillium.org/blog/79/" rel="nofollow">Bringing zpool checkpoints to a FreeBSD bootloader</a></h3>
2248
2249 <blockquote>
2250 <p>Almost two years ago I wrote a blog post about checkpoints in ZFS. I didn’t hide that I was a big fan of them. That said, after those two years, I still feel that there are underappreciated features in the ZFS world, so I decided to do something about that.<br>
2251 Currently, one of the best practices for upgrading your operating system is to use boot environments. They are a great feature for managing multiple kernels and userlands. They are based on juggling which ZFS datasets are mounted. Each dataset has its own version of the system. Unfortunately, boot environments have their limitations. If we, for example, upgrade our ZFS pool, we may not be able to use older versions of the system anymore. <br>
2252 The big advantage of boot environments is that they have very good tools. Two main tools are beadm (which was created by vermaden) and bectl (which currently is in the FreeBSD base system). These tools allow us to create and manage boot environments.</p>
2253 </blockquote>
2254
2255 <hr>
2256
2257 <h2>Beastie Bits</h2>
2258
2259 <ul>
2260 <li><a href="https://documents.uow.edu.au/content/groups/public/@web/@inf/@scsse/documents/doc/uow103747.pdf" rel="nofollow">The First Unix Port</a></li>
2261 <li><a href="https://mwl.io/archives/7346" rel="nofollow">TLS Mastery updates, August 2020</a></li>
2262 <li><a href="https://www.youtube.com/watch?v=ww60o940kEk" rel="nofollow">What is the Oldest BSD Distribution still around today</a></li>
2263 </ul>
2264
2265 <hr>
2266
2267 <h3>Tarsnap</h3>
2268
2269 <ul>
2270 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
2271 </ul>
2272
2273 <h2>Feedback/Questions</h2>
2274
2275 <ul>
2276 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/366/feedback/ben%20-%20zfs%20send%20questions.md" rel="nofollow">ben - zfs send questions</a></li>
2277 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/366/feedback/lars%20-%20zfs%20pool%20question.md" rel="nofollow">lars - zfs pool question</a></li>
2278 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/366/feedback/neutron%20-%20bectl%20vs%20beadm.md" rel="nofollow">neutron - bectl vs beadm</a></li>
2279 </ul>
2280
2281 <hr>
2282
2283 <ul>
2284 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
2285 </ul>
2286
2287 <hr>]]>
2288 </itunes:summary>
2289 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+aus-j6B3</fireside:playerURL>
2290 <fireside:playerEmbedCode>
2291 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+aus-j6B3" width="740" height="200" frameborder="0" scrolling="no">]]>
2292 </fireside:playerEmbedCode>
2293 </item>
2294 <item>
2295 <title>365: Whole year round</title>
2296 <link>https://www.bsdnow.tv/365</link>
2297 <guid isPermaLink="false">818d1dc0-da99-423a-a552-4ac52474c66c</guid>
2298 <pubDate>Thu, 27 Aug 2020 04:00:00 -0700</pubDate>
2299 <author>Allan Jude</author>
2300 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/818d1dc0-da99-423a-a552-4ac52474c66c.mp3" length="49050296" type="audio/mpeg"/>
2301 <itunes:episodeType>full</itunes:episodeType>
2302 <itunes:author>Allan Jude</itunes:author>
2303 <itunes:subtitle>FreeBSD USB Audio, Kyua: An introduction for NetBSD users, Keeping backup ZFS on Linux kernel modules around, CLI Tools 235x Faster than Hadoop, FreeBSD Laptop Battery Life Status Command, and more.</itunes:subtitle>
2304 <itunes:duration>46:54</itunes:duration>
2305 <itunes:explicit>no</itunes:explicit>
2306 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
2307 <description>FreeBSD USB Audio, Kyua: An introduction for NetBSD users, Keeping backup ZFS on Linux kernel modules around, CLI Tools 235x Faster than Hadoop, FreeBSD Laptop Battery Life Status Command, and more.
2308 NOTES
2309 This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/)
2310 Headlines
2311 FreeBSD USB Audio (https://www.davidschlachter.com/misc/freebsd-usb-audio)
2312 I recently got a Behringer UMC22 sound card for video conferencing and DJing. This page documents what I’ve learned about using this sound card, and USB audio in general, on FreeBSD.
2313 tl;dr: Everything works as long as the sound card follows the USB audio device class specification.
2314 Kyua: An introduction for NetBSD users (https://wiki.netbsd.org/kyua/)
2315 Kyua's current goal is to reimplement only the ATF tools while maintaining backwards compatibility with the tests written with the ATF libraries (i.e. with the NetBSD test suite).
2316 Because Kyua is a replacement of some ATF components, the end goal is to integrate Kyua into the NetBSD base system (just as ATF is) and remove the deprecated ATF components. Removing the deprecated components will allow us to make the above-mentioned improvements to Kyua, as well as many others, without having to deal with the obsolete ATF code base. Discussing how and when this transition might happen is out of the scope of this document at the moment.
2317 News Roundup
2318 Keeping backup ZFS on Linux kernel modules around (https://utcc.utoronto.ca/~cks/space/blog/linux/ZFSOnLinuxModuleBackups)
2319 I'm a long term user of ZFS on Linux and over pretty much all of the time I've used it, I've built it from the latest development version. Generally this means I update my ZoL build at the same time as I update my Fedora kernel, since a ZoL update requires a kernel reboot anyway. This is a little bit daring, of course, although the ZoL development version has generally been quite solid (and this way I get the latest features and improvements long before I otherwise would).
2320 Command-line Tools can be 235x Faster than your Hadoop Cluster (https://adamdrake.com/command-line-tools-can-be-235x-faster-than-your-hadoop-cluster.html)
2321 As I was browsing the web and catching up on some sites I visit periodically, I found a cool article from Tom Hayden about using Amazon Elastic Map Reduce (EMR) and mrjob in order to compute some statistics on win/loss ratios for chess games he downloaded from the millionbase archive, and generally have fun with EMR. Since the data volume was only about 1.75GB containing around 2 million chess games, I was skeptical of using Hadoop for the task, but I can understand his goal of learning and having fun with mrjob and EMR. Since the problem is basically just to look at the result lines of each file and aggregate the different results, it seems ideally suited to stream processing with shell commands. I tried this out, and for the same amount of data I was able to use my laptop to get the results in about 12 seconds (processing speed of about 270MB/sec), while the Hadoop processing took about 26 minutes (processing speed of about 1.14MB/sec).
2322 FreeBSD Laptop Find Out Battery Life Status Command (https://www.cyberciti.biz/faq/freebsd-finding-out-battery-life-state-on-laptop/)
2323 I know how to find out battery life status using Linux operating system. How do I monitor battery status on a laptop running FreeBSD version 9.x/10.x/11.x/12.x?
2324 You can use any one of the following commands to get battery status under FreeBSD laptop including remaining battery life and more.
2325 Beastie Bits
2326 BSD Beer (https://i.redd.it/hlh8luidzgg51.jpg)
2327 Awk for JSON (https://github.com/mohd-akram/jawk)
2328 Drawing Pictures The Unix Way - with pic and troff (https://youtu.be/oG2A_1vC6aM)
2329 Refactoring the FreeBSD Kernel with Checked C (https://www.cs.rochester.edu/u/jzhou41/papers/freebsd_checkedc.pdf)
2330 Tarsnap
2331 This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.
2332 Feedback/Questions
2333 Jason - German Locales (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/365/jason%20-%20german%20locale.md)
2334 pcwizz - Router Style Device (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/365/pcwizz%20-%20router%20style%20device.md)
2335 predrag - OpenBSD Router Hardware (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/365/predrag%20-%20openbsd%20router%20hardware.md)
2336 ***
2337 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
2338 ***
2339 </description>
2340 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, operating system, os, berkeley, software, distribution, zfs, interview, USB, audio, kyua, testing, test framework, backup, ZFS, kernel, kernel module, command line, CLI, hadoop, laptop, battery, battery life, status, status command</itunes:keywords>
2341 <content:encoded>
2342 <![CDATA[<p>FreeBSD USB Audio, Kyua: An introduction for NetBSD users, Keeping backup ZFS on Linux kernel modules around, CLI Tools 235x Faster than Hadoop, FreeBSD Laptop Battery Life Status Command, and more.</p>
2343
2344 <p><strong><em>NOTES</em></strong><br>
2345 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/" rel="nofollow">Tarsnap</a></p>
2346
2347 <h2>Headlines</h2>
2348
2349 <h3><a href="https://www.davidschlachter.com/misc/freebsd-usb-audio" rel="nofollow">FreeBSD USB Audio</a></h3>
2350
2351 <blockquote>
2352 <p>I recently got a Behringer UMC22 sound card for video conferencing and DJing. This page documents what I’ve learned about using this sound card, and USB audio in general, on FreeBSD.<br>
2353 tl;dr: Everything works as long as the sound card follows the USB audio device class specification.</p>
2354
2355 <hr>
2356
2357 <h3><a href="https://wiki.netbsd.org/kyua/" rel="nofollow">Kyua: An introduction for NetBSD users</a></h3>
2358
2359 <p>Kyua's current goal is to reimplement only the ATF tools while maintaining backwards compatibility with the tests written with the ATF libraries (i.e. with the NetBSD test suite).<br>
2360 Because Kyua is a replacement of some ATF components, the end goal is to integrate Kyua into the NetBSD base system (just as ATF is) and remove the deprecated ATF components. Removing the deprecated components will allow us to make the above-mentioned improvements to Kyua, as well as many others, without having to deal with the obsolete ATF code base. Discussing how and when this transition might happen is out of the scope of this document at the moment.</p>
2361
2362 <hr>
2363 </blockquote>
2364
2365 <h2>News Roundup</h2>
2366
2367 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/linux/ZFSOnLinuxModuleBackups" rel="nofollow">Keeping backup ZFS on Linux kernel modules around</a></h3>
2368
2369 <blockquote>
2370 <p>I'm a long term user of ZFS on Linux and over pretty much all of the time I've used it, I've built it from the latest development version. Generally this means I update my ZoL build at the same time as I update my Fedora kernel, since a ZoL update requires a kernel reboot anyway. This is a little bit daring, of course, although the ZoL development version has generally been quite solid (and this way I get the latest features and improvements long before I otherwise would).</p>
2371
2372 <hr>
2373 </blockquote>
2374
2375 <h3><a href="https://adamdrake.com/command-line-tools-can-be-235x-faster-than-your-hadoop-cluster.html" rel="nofollow">Command-line Tools can be 235x Faster than your Hadoop Cluster</a></h3>
2376
2377 <blockquote>
2378 <p>As I was browsing the web and catching up on some sites I visit periodically, I found a cool article from Tom Hayden about using Amazon Elastic Map Reduce (EMR) and mrjob in order to compute some statistics on win/loss ratios for chess games he downloaded from the millionbase archive, and generally have fun with EMR. Since the data volume was only about 1.75GB containing around 2 million chess games, I was skeptical of using Hadoop for the task, but I can understand his goal of learning and having fun with mrjob and EMR. Since the problem is basically just to look at the result lines of each file and aggregate the different results, it seems ideally suited to stream processing with shell commands. I tried this out, and for the same amount of data I was able to use my laptop to get the results in about 12 seconds (processing speed of about 270MB/sec), while the Hadoop processing took about 26 minutes (processing speed of about 1.14MB/sec).</p>
2379 </blockquote>
2380
2381 <hr>
2382
2383 <h3><a href="https://www.cyberciti.biz/faq/freebsd-finding-out-battery-life-state-on-laptop/" rel="nofollow">FreeBSD Laptop Find Out Battery Life Status Command</a></h3>
2384
2385 <blockquote>
2386 <p>I know how to find out battery life status using Linux operating system. How do I monitor battery status on a laptop running FreeBSD version 9.x/10.x/11.x/12.x?<br>
2387 You can use any one of the following commands to get battery status under FreeBSD laptop including remaining battery life and more.</p>
2388
2389 <hr>
2390 </blockquote>
2391
2392 <h2>Beastie Bits</h2>
2393
2394 <p><a href="https://i.redd.it/hlh8luidzgg51.jpg" rel="nofollow">BSD Beer</a><br>
2395 <a href="https://github.com/mohd-akram/jawk" rel="nofollow">Awk for JSON</a><br>
2396 <a href="https://youtu.be/oG2A_1vC6aM" rel="nofollow">Drawing Pictures The Unix Way - with pic and troff</a><br>
2397 <a href="https://www.cs.rochester.edu/u/jzhou41/papers/freebsd_checkedc.pdf" rel="nofollow">Refactoring the FreeBSD Kernel with Checked C</a></p>
2398
2399 <hr>
2400
2401 <h3>Tarsnap</h3>
2402
2403 <ul>
2404 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
2405 </ul>
2406
2407 <h2>Feedback/Questions</h2>
2408
2409 <ul>
2410 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/365/jason%20-%20german%20locale.md" rel="nofollow">Jason - German Locales</a></li>
2411 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/365/pcwizz%20-%20router%20style%20device.md" rel="nofollow">pcwizz - Router Style Device</a></li>
2412 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/365/predrag%20-%20openbsd%20router%20hardware.md" rel="nofollow">predrag - OpenBSD Router Hardware</a>
2413 ***</li>
2414 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a>
2415 ***</li>
2416 </ul>]]>
2417 </content:encoded>
2418 <itunes:summary>
2419 <![CDATA[<p>FreeBSD USB Audio, Kyua: An introduction for NetBSD users, Keeping backup ZFS on Linux kernel modules around, CLI Tools 235x Faster than Hadoop, FreeBSD Laptop Battery Life Status Command, and more.</p>
2420
2421 <p><strong><em>NOTES</em></strong><br>
2422 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/" rel="nofollow">Tarsnap</a></p>
2423
2424 <h2>Headlines</h2>
2425
2426 <h3><a href="https://www.davidschlachter.com/misc/freebsd-usb-audio" rel="nofollow">FreeBSD USB Audio</a></h3>
2427
2428 <blockquote>
2429 <p>I recently got a Behringer UMC22 sound card for video conferencing and DJing. This page documents what I’ve learned about using this sound card, and USB audio in general, on FreeBSD.<br>
2430 tl;dr: Everything works as long as the sound card follows the USB audio device class specification.</p>
2431
2432 <hr>
2433
2434 <h3><a href="https://wiki.netbsd.org/kyua/" rel="nofollow">Kyua: An introduction for NetBSD users</a></h3>
2435
2436 <p>Kyua's current goal is to reimplement only the ATF tools while maintaining backwards compatibility with the tests written with the ATF libraries (i.e. with the NetBSD test suite).<br>
2437 Because Kyua is a replacement of some ATF components, the end goal is to integrate Kyua into the NetBSD base system (just as ATF is) and remove the deprecated ATF components. Removing the deprecated components will allow us to make the above-mentioned improvements to Kyua, as well as many others, without having to deal with the obsolete ATF code base. Discussing how and when this transition might happen is out of the scope of this document at the moment.</p>
2438
2439 <hr>
2440 </blockquote>
2441
2442 <h2>News Roundup</h2>
2443
2444 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/linux/ZFSOnLinuxModuleBackups" rel="nofollow">Keeping backup ZFS on Linux kernel modules around</a></h3>
2445
2446 <blockquote>
2447 <p>I'm a long term user of ZFS on Linux and over pretty much all of the time I've used it, I've built it from the latest development version. Generally this means I update my ZoL build at the same time as I update my Fedora kernel, since a ZoL update requires a kernel reboot anyway. This is a little bit daring, of course, although the ZoL development version has generally been quite solid (and this way I get the latest features and improvements long before I otherwise would).</p>
2448
2449 <hr>
2450 </blockquote>
2451
2452 <h3><a href="https://adamdrake.com/command-line-tools-can-be-235x-faster-than-your-hadoop-cluster.html" rel="nofollow">Command-line Tools can be 235x Faster than your Hadoop Cluster</a></h3>
2453
2454 <blockquote>
2455 <p>As I was browsing the web and catching up on some sites I visit periodically, I found a cool article from Tom Hayden about using Amazon Elastic Map Reduce (EMR) and mrjob in order to compute some statistics on win/loss ratios for chess games he downloaded from the millionbase archive, and generally have fun with EMR. Since the data volume was only about 1.75GB containing around 2 million chess games, I was skeptical of using Hadoop for the task, but I can understand his goal of learning and having fun with mrjob and EMR. Since the problem is basically just to look at the result lines of each file and aggregate the different results, it seems ideally suited to stream processing with shell commands. I tried this out, and for the same amount of data I was able to use my laptop to get the results in about 12 seconds (processing speed of about 270MB/sec), while the Hadoop processing took about 26 minutes (processing speed of about 1.14MB/sec).</p>
2456 </blockquote>
2457
2458 <hr>
2459
2460 <h3><a href="https://www.cyberciti.biz/faq/freebsd-finding-out-battery-life-state-on-laptop/" rel="nofollow">FreeBSD Laptop Find Out Battery Life Status Command</a></h3>
2461
2462 <blockquote>
2463 <p>I know how to find out battery life status using Linux operating system. How do I monitor battery status on a laptop running FreeBSD version 9.x/10.x/11.x/12.x?<br>
2464 You can use any one of the following commands to get battery status under FreeBSD laptop including remaining battery life and more.</p>
2465
2466 <hr>
2467 </blockquote>
2468
2469 <h2>Beastie Bits</h2>
2470
2471 <p><a href="https://i.redd.it/hlh8luidzgg51.jpg" rel="nofollow">BSD Beer</a><br>
2472 <a href="https://github.com/mohd-akram/jawk" rel="nofollow">Awk for JSON</a><br>
2473 <a href="https://youtu.be/oG2A_1vC6aM" rel="nofollow">Drawing Pictures The Unix Way - with pic and troff</a><br>
2474 <a href="https://www.cs.rochester.edu/u/jzhou41/papers/freebsd_checkedc.pdf" rel="nofollow">Refactoring the FreeBSD Kernel with Checked C</a></p>
2475
2476 <hr>
2477
2478 <h3>Tarsnap</h3>
2479
2480 <ul>
2481 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
2482 </ul>
2483
2484 <h2>Feedback/Questions</h2>
2485
2486 <ul>
2487 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/365/jason%20-%20german%20locale.md" rel="nofollow">Jason - German Locales</a></li>
2488 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/365/pcwizz%20-%20router%20style%20device.md" rel="nofollow">pcwizz - Router Style Device</a></li>
2489 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/365/predrag%20-%20openbsd%20router%20hardware.md" rel="nofollow">predrag - OpenBSD Router Hardware</a>
2490 ***</li>
2491 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a>
2492 ***</li>
2493 </ul>]]>
2494 </itunes:summary>
2495 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+RnG_03K-</fireside:playerURL>
2496 <fireside:playerEmbedCode>
2497 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+RnG_03K-" width="740" height="200" frameborder="0" scrolling="no">]]>
2498 </fireside:playerEmbedCode>
2499 </item>
2500 <item>
2501 <title>364: FreeBSD Wireless Grind</title>
2502 <link>https://www.bsdnow.tv/364</link>
2503 <guid isPermaLink="false">7581b101-10df-4469-8e37-0ddb82f82696</guid>
2504 <pubDate>Thu, 20 Aug 2020 04:00:00 -0700</pubDate>
2505 <author>Allan Jude</author>
2506 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/7581b101-10df-4469-8e37-0ddb82f82696.mp3" length="41078792" type="audio/mpeg"/>
2507 <itunes:episodeType>full</itunes:episodeType>
2508 <itunes:author>Allan Jude</itunes:author>
2509 <itunes:subtitle>FreeBSD Qt WebEngine GPU Acceleration, the grind of FreeBSD’s wireless stack, thoughts on overlooking Illumos's syseventadm, when Unix learned to reboot, New EXT2/3/4 File-System driver in DragonflyBSD, and more.</itunes:subtitle>
2510 <itunes:duration>46:58</itunes:duration>
2511 <itunes:explicit>no</itunes:explicit>
2512 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
2513 <description>FreeBSD Qt WebEngine GPU Acceleration, the grind of FreeBSD’s wireless stack, thoughts on overlooking Illumos's syseventadm, when Unix learned to reboot, New EXT2/3/4 File-System driver in DragonflyBSD, and more.
2514 NOTES
2515 This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/)
2516 Headlines
2517 FreeBSD Qt WebEngine GPU Acceleration (https://euroquis.nl/freebsd/2020/07/21/webengine.html)
2518 FreeBSD has a handful of Qt WebEngine-based browsers. Falkon, and Otter-Browser, and qutebrowser and probably others, too. All of them can run into issues on FreeBSD with GPU-accelerated rendering not working. Let’s look at some of the workarounds.
2519 NetBSD on the Nanopi Neo2 (https://www.cambus.net/netbsd-on-the-nanopi-neo2/)
2520 The NanoPi NEO2 from FriendlyARM has been serving me well since 2018, being my test machine for OpenBSD/arm64 related things.
2521 As NetBSD/evbarm finally gained support for AArch64 in NetBSD 9.0, released back in February, I decided to give it a try on this device. The board only has 512MB of RAM, and this is where NetBSD really shines. Things have become a lot easier since jmcneill@ now provides bootable ARM images for a variety of devices, including the NanoPi NEO2.
2522 I'm back into the grind of FreeBSD's wireless stack and 802.11ac (https://adrianchadd.blogspot.com/2020/07/im-back-into-grind-of-freebsds-wireless.html)
2523 Yes, it's been a while since I posted here and yes, it's been a while since I was actively working on FreeBSD's wireless stack. Life's been .. well, life. I started the ath10k port in 2015. I wasn't expecting it to take 5 years, but here we are. My life has changed quite a lot since 2015 and a lot of the things I was doing in 2015 just stopped being fun for a while.
2524 But the stars have aligned and it's fun again, so here I am.
2525 News Roundup
2526 Some thoughts on us overlooking Illumos's syseventadm (https://utcc.utoronto.ca/~cks/space/blog/solaris/OverlookingSyseventadm)
2527 In a comment on my praise of ZFS on Linux's ZFS event daemon, Joshua M. Clulow noted that Illumos (and thus OmniOS) has an equivalent in syseventadm, which dates back to Solaris. I hadn't previously known about syseventadm, despite having run Solaris fileservers and OmniOS fileservers for the better part of a decade, and that gives me some tangled feelings.
2528 When Unix learned to reboot (https://bsdimp.blogspot.com/2020/07/when-unix-learned-to-reboot2.html)
2529 Recently, a friend asked me the history of halt, and when did we have to stop with the sync / sync / sync dance before running halt or reboot. The two are related, it turns out.
2530 DragonFlyBSD Lands New EXT2/3/4 File-System Driver (https://www.phoronix.com/scan.php?page=news_item&px=DragonFlyBSD-New-EXT2FS)
2531 While DragonFlyBSD has its own, original HAMMER2 file-system, for those needing to access data from EXT2/EXT3/EXT4 file-systems, there is a brand new "ext2fs" driver implementation for this BSD operating system.
2532 DragonFlyBSD has long offered an EXT2 file-system driver (that also handles EXT3 and EXT4) while hitting their Git tree this week is a new version. The new sys/vfs/ext2fs driver, which will ultimately replace their existing sys/gnu/vfs/ext2fs driver is based on a port from FreeBSD code. As such, this driver is BSD licensed rather than GPL. But besides the more liberal license to jive with the BSD world, this new driver has various feature/functionality improvements over the prior version. However, there are some known bugs so for the time being both file-system drivers will co-exist.
2533 Beastie Bits
2534 LibreOffice 7.0 call for testing (https://lists.freebsd.org/pipermail/freebsd-office/2020-July/005822.html)
2535 More touchpad support (https://www.dragonflydigest.com/2020/07/15/24747.html)
2536 Tarsnap
2537 This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.
2538 Feedback/Questions
2539 Casey - openbsd wirewall (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/364/feedback/casey%20-%20openbsd%20wirewall.md)
2540 Daryl - zfs (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/364/feedback/daryl%20-%20zfs.md)
2541 Raymond - hpe microserver (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/364/feedback/raymond%20-%20hpe%20microserver.md)
2542 - Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
2543 ***
2544 </description>
2545 <itunes:keywords> freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, operating system, os, berkeley, software, distribution, zfs, interview, QT, WebEngine, acceleration, GPU, wireless, 802.11ac, syseventadm, reboot, sync, ext2, ext3, ext4, filesystem, driver </itunes:keywords>
2546 <content:encoded>
2547 <![CDATA[<p>FreeBSD Qt WebEngine GPU Acceleration, the grind of FreeBSD’s wireless stack, thoughts on overlooking Illumos's syseventadm, when Unix learned to reboot, New EXT2/3/4 File-System driver in DragonflyBSD, and more.</p>
2548
2549 <p><strong><em>NOTES</em></strong><br>
2550 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/" rel="nofollow">Tarsnap</a></p>
2551
2552 <h2>Headlines</h2>
2553
2554 <h3><a href="https://euroquis.nl/freebsd/2020/07/21/webengine.html" rel="nofollow">FreeBSD Qt WebEngine GPU Acceleration</a></h3>
2555
2556 <blockquote>
2557 <p>FreeBSD has a handful of Qt WebEngine-based browsers. Falkon, and Otter-Browser, and qutebrowser and probably others, too. All of them can run into issues on FreeBSD with GPU-accelerated rendering not working. Let’s look at some of the workarounds.</p>
2558 </blockquote>
2559
2560 <hr>
2561
2562 <h3><a href="https://www.cambus.net/netbsd-on-the-nanopi-neo2/" rel="nofollow">NetBSD on the Nanopi Neo2</a></h3>
2563
2564 <blockquote>
2565 <p>The NanoPi NEO2 from FriendlyARM has been serving me well since 2018, being my test machine for OpenBSD/arm64 related things.<br>
2566 As NetBSD/evbarm finally gained support for AArch64 in NetBSD 9.0, released back in February, I decided to give it a try on this device. The board only has 512MB of RAM, and this is where NetBSD really shines. Things have become a lot easier since jmcneill@ now provides bootable ARM images for a variety of devices, including the NanoPi NEO2.</p>
2567 </blockquote>
2568
2569 <hr>
2570
2571 <h3><a href="https://adrianchadd.blogspot.com/2020/07/im-back-into-grind-of-freebsds-wireless.html" rel="nofollow">I'm back into the grind of FreeBSD's wireless stack and 802.11ac</a></h3>
2572
2573 <blockquote>
2574 <p>Yes, it's been a while since I posted here and yes, it's been a while since I was actively working on FreeBSD's wireless stack. Life's been .. well, life. I started the ath10k port in 2015. I wasn't expecting it to take 5 years, but here we are. My life has changed quite a lot since 2015 and a lot of the things I was doing in 2015 just stopped being fun for a while.<br>
2575 But the stars have aligned and it's fun again, so here I am. </p>
2576 </blockquote>
2577
2578 <hr>
2579
2580 <h2>News Roundup</h2>
2581
2582 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/solaris/OverlookingSyseventadm" rel="nofollow">Some thoughts on us overlooking Illumos's syseventadm</a></h3>
2583
2584 <blockquote>
2585 <p>In a comment on my praise of ZFS on Linux's ZFS event daemon, Joshua M. Clulow noted that Illumos (and thus OmniOS) has an equivalent in syseventadm, which dates back to Solaris. I hadn't previously known about syseventadm, despite having run Solaris fileservers and OmniOS fileservers for the better part of a decade, and that gives me some tangled feelings.</p>
2586 </blockquote>
2587
2588 <hr>
2589
2590 <h3><a href="https://bsdimp.blogspot.com/2020/07/when-unix-learned-to-reboot2.html" rel="nofollow">When Unix learned to reboot</a></h3>
2591
2592 <blockquote>
2593 <p>Recently, a friend asked me the history of halt, and when did we have to stop with the sync / sync / sync dance before running halt or reboot. The two are related, it turns out.</p>
2594 </blockquote>
2595
2596 <hr>
2597
2598 <h3><a href="https://www.phoronix.com/scan.php?page=news_item&px=DragonFlyBSD-New-EXT2FS" rel="nofollow">DragonFlyBSD Lands New EXT2/3/4 File-System Driver</a></h3>
2599
2600 <blockquote>
2601 <p>While DragonFlyBSD has its own, original HAMMER2 file-system, for those needing to access data from EXT2/EXT3/EXT4 file-systems, there is a brand new "ext2fs" driver implementation for this BSD operating system.<br>
2602 DragonFlyBSD has long offered an EXT2 file-system driver (that also handles EXT3 and EXT4) while hitting their Git tree this week is a new version. The new sys/vfs/ext2fs driver, which will ultimately replace their existing sys/gnu/vfs/ext2fs driver is based on a port from FreeBSD code. As such, this driver is BSD licensed rather than GPL. But besides the more liberal license to jive with the BSD world, this new driver has various feature/functionality improvements over the prior version. However, there are some known bugs so for the time being both file-system drivers will co-exist.</p>
2603 </blockquote>
2604
2605 <hr>
2606
2607 <h2>Beastie Bits</h2>
2608
2609 <ul>
2610 <li><a href="https://lists.freebsd.org/pipermail/freebsd-office/2020-July/005822.html" rel="nofollow">LibreOffice 7.0 call for testing</a></li>
2611 <li><a href="https://www.dragonflydigest.com/2020/07/15/24747.html" rel="nofollow">More touchpad support</a></li>
2612 </ul>
2613
2614 <hr>
2615
2616 <h3>Tarsnap</h3>
2617
2618 <ul>
2619 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
2620 </ul>
2621
2622 <h2>Feedback/Questions</h2>
2623
2624 <p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/364/feedback/casey%20-%20openbsd%20wirewall.md" rel="nofollow">Casey - openbsd wirewall</a><br>
2625 <a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/364/feedback/daryl%20-%20zfs.md" rel="nofollow">Daryl - zfs</a><br>
2626 <a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/364/feedback/raymond%20-%20hpe%20microserver.md" rel="nofollow">Raymond - hpe microserver</a></p>
2627
2628 <hr>
2629
2630 <ul>
2631 <li>- Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a>
2632 ***</li>
2633 </ul>]]>
2634 </content:encoded>
2635 <itunes:summary>
2636 <![CDATA[<p>FreeBSD Qt WebEngine GPU Acceleration, the grind of FreeBSD’s wireless stack, thoughts on overlooking Illumos's syseventadm, when Unix learned to reboot, New EXT2/3/4 File-System driver in DragonflyBSD, and more.</p>
2637
2638 <p><strong><em>NOTES</em></strong><br>
2639 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/" rel="nofollow">Tarsnap</a></p>
2640
2641 <h2>Headlines</h2>
2642
2643 <h3><a href="https://euroquis.nl/freebsd/2020/07/21/webengine.html" rel="nofollow">FreeBSD Qt WebEngine GPU Acceleration</a></h3>
2644
2645 <blockquote>
2646 <p>FreeBSD has a handful of Qt WebEngine-based browsers. Falkon, and Otter-Browser, and qutebrowser and probably others, too. All of them can run into issues on FreeBSD with GPU-accelerated rendering not working. Let’s look at some of the workarounds.</p>
2647 </blockquote>
2648
2649 <hr>
2650
2651 <h3><a href="https://www.cambus.net/netbsd-on-the-nanopi-neo2/" rel="nofollow">NetBSD on the Nanopi Neo2</a></h3>
2652
2653 <blockquote>
2654 <p>The NanoPi NEO2 from FriendlyARM has been serving me well since 2018, being my test machine for OpenBSD/arm64 related things.<br>
2655 As NetBSD/evbarm finally gained support for AArch64 in NetBSD 9.0, released back in February, I decided to give it a try on this device. The board only has 512MB of RAM, and this is where NetBSD really shines. Things have become a lot easier since jmcneill@ now provides bootable ARM images for a variety of devices, including the NanoPi NEO2.</p>
2656 </blockquote>
2657
2658 <hr>
2659
2660 <h3><a href="https://adrianchadd.blogspot.com/2020/07/im-back-into-grind-of-freebsds-wireless.html" rel="nofollow">I'm back into the grind of FreeBSD's wireless stack and 802.11ac</a></h3>
2661
2662 <blockquote>
2663 <p>Yes, it's been a while since I posted here and yes, it's been a while since I was actively working on FreeBSD's wireless stack. Life's been .. well, life. I started the ath10k port in 2015. I wasn't expecting it to take 5 years, but here we are. My life has changed quite a lot since 2015 and a lot of the things I was doing in 2015 just stopped being fun for a while.<br>
2664 But the stars have aligned and it's fun again, so here I am. </p>
2665 </blockquote>
2666
2667 <hr>
2668
2669 <h2>News Roundup</h2>
2670
2671 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/solaris/OverlookingSyseventadm" rel="nofollow">Some thoughts on us overlooking Illumos's syseventadm</a></h3>
2672
2673 <blockquote>
2674 <p>In a comment on my praise of ZFS on Linux's ZFS event daemon, Joshua M. Clulow noted that Illumos (and thus OmniOS) has an equivalent in syseventadm, which dates back to Solaris. I hadn't previously known about syseventadm, despite having run Solaris fileservers and OmniOS fileservers for the better part of a decade, and that gives me some tangled feelings.</p>
2675 </blockquote>
2676
2677 <hr>
2678
2679 <h3><a href="https://bsdimp.blogspot.com/2020/07/when-unix-learned-to-reboot2.html" rel="nofollow">When Unix learned to reboot</a></h3>
2680
2681 <blockquote>
2682 <p>Recently, a friend asked me the history of halt, and when did we have to stop with the sync / sync / sync dance before running halt or reboot. The two are related, it turns out.</p>
2683 </blockquote>
2684
2685 <hr>
2686
2687 <h3><a href="https://www.phoronix.com/scan.php?page=news_item&px=DragonFlyBSD-New-EXT2FS" rel="nofollow">DragonFlyBSD Lands New EXT2/3/4 File-System Driver</a></h3>
2688
2689 <blockquote>
2690 <p>While DragonFlyBSD has its own, original HAMMER2 file-system, for those needing to access data from EXT2/EXT3/EXT4 file-systems, there is a brand new "ext2fs" driver implementation for this BSD operating system.<br>
2691 DragonFlyBSD has long offered an EXT2 file-system driver (that also handles EXT3 and EXT4) while hitting their Git tree this week is a new version. The new sys/vfs/ext2fs driver, which will ultimately replace their existing sys/gnu/vfs/ext2fs driver is based on a port from FreeBSD code. As such, this driver is BSD licensed rather than GPL. But besides the more liberal license to jive with the BSD world, this new driver has various feature/functionality improvements over the prior version. However, there are some known bugs so for the time being both file-system drivers will co-exist.</p>
2692 </blockquote>
2693
2694 <hr>
2695
2696 <h2>Beastie Bits</h2>
2697
2698 <ul>
2699 <li><a href="https://lists.freebsd.org/pipermail/freebsd-office/2020-July/005822.html" rel="nofollow">LibreOffice 7.0 call for testing</a></li>
2700 <li><a href="https://www.dragonflydigest.com/2020/07/15/24747.html" rel="nofollow">More touchpad support</a></li>
2701 </ul>
2702
2703 <hr>
2704
2705 <h3>Tarsnap</h3>
2706
2707 <ul>
2708 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
2709 </ul>
2710
2711 <h2>Feedback/Questions</h2>
2712
2713 <p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/364/feedback/casey%20-%20openbsd%20wirewall.md" rel="nofollow">Casey - openbsd wirewall</a><br>
2714 <a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/364/feedback/daryl%20-%20zfs.md" rel="nofollow">Daryl - zfs</a><br>
2715 <a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/364/feedback/raymond%20-%20hpe%20microserver.md" rel="nofollow">Raymond - hpe microserver</a></p>
2716
2717 <hr>
2718
2719 <ul>
2720 <li>- Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a>
2721 ***</li>
2722 </ul>]]>
2723 </itunes:summary>
2724 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+d-2_vYWR</fireside:playerURL>
2725 <fireside:playerEmbedCode>
2726 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+d-2_vYWR" width="740" height="200" frameborder="0" scrolling="no">]]>
2727 </fireside:playerEmbedCode>
2728 </item>
2729 <item>
2730 <title>363: Traditional Unix toolchains</title>
2731 <link>https://www.bsdnow.tv/363</link>
2732 <guid isPermaLink="false">5152316f-4859-4e73-8c1c-18f2b9965f5d</guid>
2733 <pubDate>Thu, 13 Aug 2020 04:00:00 -0700</pubDate>
2734 <author>Allan Jude</author>
2735 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/5152316f-4859-4e73-8c1c-18f2b9965f5d.mp3" length="36468128" type="audio/mpeg"/>
2736 <itunes:episodeType>full</itunes:episodeType>
2737 <itunes:author>Allan Jude</itunes:author>
2738 <itunes:subtitle>FreeBSD Q2 Quarterly Status report of 2020, Traditional Unix Toolchains, BastilleBSD 0.7 released, Finding meltdown on DragonflyBSD, and more</itunes:subtitle>
2739 <itunes:duration>34:45</itunes:duration>
2740 <itunes:explicit>no</itunes:explicit>
2741 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
2742 <description>FreeBSD Q2 Quarterly Status report of 2020, Traditional Unix Toolchains, BastilleBSD 0.7 released, Finding meltdown on DragonflyBSD, and more
2743 NOTES
2744 This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/)
2745 Headlines
2746 FreeBSD Quarterly Report (https://www.freebsd.org/news/status/report-2020-04-2020-06.html)
2747 This report will be covering FreeBSD related projects between April and June, and covers a diverse set of topics ranging from kernel updates over userland and ports, as well to third-party work.
2748 Some highlights picked with the roll of a d100 include, but are not limited to, the ability to forcibly unmounting UFS when the underlying media becomes inaccessible, added preliminary support for Bluetooth Low Energy, a introduction to the FreeBSD Office Hours, and a repository of software collections called potluck to be installed with the pot utility, as well as many many more things.
2749 As a little treat, readers can also get a rare report from the quarterly team.
2750 Finally, on behalf of the quarterly team, I would like to extend my deepest appreciation and thank you to salvadore@, who decided to take down his shingle. His contributions not just the quarterly reports themselves, but also the surrounding tooling to many-fold ease the work, are immeasurable.
2751 Traditional Unix Toolchains (https://bsdimp.blogspot.com/2020/07/traditional-unix-toolchains.html?m=1)
2752 Older Unix systems tend to be fairly uniform in how they handle the so-called 'toolchain' for creating binaries. This blog will give a quick overview of the toolchain pipeline for Unix systems that follow the V7 tradition (which evolved along with Unix, a topic for a separate blog maybe).
2753 Unix is a pipeline based system, either physically or logically. One program takes input, process the data and produces output. The input and output have some interface they obey, usually text-based. The Unix toolchain is no different.
2754 News Roundup
2755 Bastille Day 2020 : v0.7 released (https://github.com/BastilleBSD/bastille/releases/tag/0.7.20200714)
2756 This release matures the project from 0.6.x -> 0.7.x. Continued testing and bug fixes are proving Bastille capable for a range of use-cases. New (experimental) features are examples of innovation from community contribution and feedback. Thank you.
2757 Beastie Bits
2758 Finding meltdown on DragonFly (https://www.dragonflydigest.com/2020/07/28/24787.html)
2759 NetBSD Server Outage (https://mobile.twitter.com/netbsd/status/1286898183923277829)
2760 ***
2761 Tarsnap
2762 This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.
2763 Feedback/Questions
2764 Vincent - Gnome 3 question (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/363/feedback/vincent%20-%20gnome3.md)
2765 Malcolm - ZFS question (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/363/feedback/malcolm%20-%20zfs.md)
2766 Hassan - Video question (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/363/feedback/hassan%20-%20video.md)
2767 For those that watch on youtube, don’t forget to subscribe to our new YouTube Channel if you want updates when we post them on YT (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/363/feedback/new-bsdnow-youtube-channel.md)
2768 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
2769 ***
2770 </description>
2771 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, operating system, os, berkeley, software, distribution, zfs, quarterly status, status report, traditional, Unix, toolchain, meltdown</itunes:keywords>
2772 <content:encoded>
2773 <![CDATA[<p>FreeBSD Q2 Quarterly Status report of 2020, Traditional Unix Toolchains, BastilleBSD 0.7 released, Finding meltdown on DragonflyBSD, and more</p>
2774
2775 <p><strong><em>NOTES</em></strong><br>
2776 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/" rel="nofollow">Tarsnap</a></p>
2777
2778 <h2>Headlines</h2>
2779
2780 <h3><a href="https://www.freebsd.org/news/status/report-2020-04-2020-06.html" rel="nofollow">FreeBSD Quarterly Report</a></h3>
2781
2782 <blockquote>
2783 <p>This report will be covering FreeBSD related projects between April and June, and covers a diverse set of topics ranging from kernel updates over userland and ports, as well to third-party work.<br>
2784 Some highlights picked with the roll of a d100 include, but are not limited to, the ability to forcibly unmounting UFS when the underlying media becomes inaccessible, added preliminary support for Bluetooth Low Energy, a introduction to the FreeBSD Office Hours, and a repository of software collections called potluck to be installed with the pot utility, as well as many many more things.<br>
2785 As a little treat, readers can also get a rare report from the quarterly team.<br>
2786 Finally, on behalf of the quarterly team, I would like to extend my deepest appreciation and thank you to salvadore@, who decided to take down his shingle. His contributions not just the quarterly reports themselves, but also the surrounding tooling to many-fold ease the work, are immeasurable.</p>
2787
2788 <hr>
2789 </blockquote>
2790
2791 <h3><a href="https://bsdimp.blogspot.com/2020/07/traditional-unix-toolchains.html?m=1" rel="nofollow">Traditional Unix Toolchains</a></h3>
2792
2793 <blockquote>
2794 <p>Older Unix systems tend to be fairly uniform in how they handle the so-called 'toolchain' for creating binaries. This blog will give a quick overview of the toolchain pipeline for Unix systems that follow the V7 tradition (which evolved along with Unix, a topic for a separate blog maybe).<br>
2795 Unix is a pipeline based system, either physically or logically. One program takes input, process the data and produces output. The input and output have some interface they obey, usually text-based. The Unix toolchain is no different.</p>
2796
2797 <hr>
2798 </blockquote>
2799
2800 <h2>News Roundup</h2>
2801
2802 <h3><a href="https://github.com/BastilleBSD/bastille/releases/tag/0.7.20200714" rel="nofollow">Bastille Day 2020 : v0.7 released</a></h3>
2803
2804 <blockquote>
2805 <p>This release matures the project from 0.6.x -> 0.7.x. Continued testing and bug fixes are proving Bastille capable for a range of use-cases. New (experimental) features are examples of innovation from community contribution and feedback. Thank you.</p>
2806
2807 <hr>
2808 </blockquote>
2809
2810 <h2>Beastie Bits</h2>
2811
2812 <ul>
2813 <li><a href="https://www.dragonflydigest.com/2020/07/28/24787.html" rel="nofollow">Finding meltdown on DragonFly</a></li>
2814 <li><a href="https://mobile.twitter.com/netbsd/status/1286898183923277829" rel="nofollow">NetBSD Server Outage</a>
2815 ***</li>
2816 </ul>
2817
2818 <h3>Tarsnap</h3>
2819
2820 <ul>
2821 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
2822 </ul>
2823
2824 <h2>Feedback/Questions</h2>
2825
2826 <ul>
2827 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/363/feedback/vincent%20-%20gnome3.md" rel="nofollow">Vincent - Gnome 3 question</a></li>
2828 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/363/feedback/malcolm%20-%20zfs.md" rel="nofollow">Malcolm - ZFS question</a></li>
2829 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/363/feedback/hassan%20-%20video.md" rel="nofollow">Hassan - Video question</a>
2830
2831 <ul>
2832 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/363/feedback/new-bsdnow-youtube-channel.md" rel="nofollow">For those that watch on youtube, don’t forget to subscribe to our new YouTube Channel if you want updates when we post them on YT</a></li>
2833 </ul></li>
2834 </ul>
2835
2836 <hr>
2837
2838 <ul>
2839 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a>
2840 ***</li>
2841 </ul>]]>
2842 </content:encoded>
2843 <itunes:summary>
2844 <![CDATA[<p>FreeBSD Q2 Quarterly Status report of 2020, Traditional Unix Toolchains, BastilleBSD 0.7 released, Finding meltdown on DragonflyBSD, and more</p>
2845
2846 <p><strong><em>NOTES</em></strong><br>
2847 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/" rel="nofollow">Tarsnap</a></p>
2848
2849 <h2>Headlines</h2>
2850
2851 <h3><a href="https://www.freebsd.org/news/status/report-2020-04-2020-06.html" rel="nofollow">FreeBSD Quarterly Report</a></h3>
2852
2853 <blockquote>
2854 <p>This report will be covering FreeBSD related projects between April and June, and covers a diverse set of topics ranging from kernel updates over userland and ports, as well to third-party work.<br>
2855 Some highlights picked with the roll of a d100 include, but are not limited to, the ability to forcibly unmounting UFS when the underlying media becomes inaccessible, added preliminary support for Bluetooth Low Energy, a introduction to the FreeBSD Office Hours, and a repository of software collections called potluck to be installed with the pot utility, as well as many many more things.<br>
2856 As a little treat, readers can also get a rare report from the quarterly team.<br>
2857 Finally, on behalf of the quarterly team, I would like to extend my deepest appreciation and thank you to salvadore@, who decided to take down his shingle. His contributions not just the quarterly reports themselves, but also the surrounding tooling to many-fold ease the work, are immeasurable.</p>
2858
2859 <hr>
2860 </blockquote>
2861
2862 <h3><a href="https://bsdimp.blogspot.com/2020/07/traditional-unix-toolchains.html?m=1" rel="nofollow">Traditional Unix Toolchains</a></h3>
2863
2864 <blockquote>
2865 <p>Older Unix systems tend to be fairly uniform in how they handle the so-called 'toolchain' for creating binaries. This blog will give a quick overview of the toolchain pipeline for Unix systems that follow the V7 tradition (which evolved along with Unix, a topic for a separate blog maybe).<br>
2866 Unix is a pipeline based system, either physically or logically. One program takes input, process the data and produces output. The input and output have some interface they obey, usually text-based. The Unix toolchain is no different.</p>
2867
2868 <hr>
2869 </blockquote>
2870
2871 <h2>News Roundup</h2>
2872
2873 <h3><a href="https://github.com/BastilleBSD/bastille/releases/tag/0.7.20200714" rel="nofollow">Bastille Day 2020 : v0.7 released</a></h3>
2874
2875 <blockquote>
2876 <p>This release matures the project from 0.6.x -> 0.7.x. Continued testing and bug fixes are proving Bastille capable for a range of use-cases. New (experimental) features are examples of innovation from community contribution and feedback. Thank you.</p>
2877
2878 <hr>
2879 </blockquote>
2880
2881 <h2>Beastie Bits</h2>
2882
2883 <ul>
2884 <li><a href="https://www.dragonflydigest.com/2020/07/28/24787.html" rel="nofollow">Finding meltdown on DragonFly</a></li>
2885 <li><a href="https://mobile.twitter.com/netbsd/status/1286898183923277829" rel="nofollow">NetBSD Server Outage</a>
2886 ***</li>
2887 </ul>
2888
2889 <h3>Tarsnap</h3>
2890
2891 <ul>
2892 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
2893 </ul>
2894
2895 <h2>Feedback/Questions</h2>
2896
2897 <ul>
2898 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/363/feedback/vincent%20-%20gnome3.md" rel="nofollow">Vincent - Gnome 3 question</a></li>
2899 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/363/feedback/malcolm%20-%20zfs.md" rel="nofollow">Malcolm - ZFS question</a></li>
2900 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/363/feedback/hassan%20-%20video.md" rel="nofollow">Hassan - Video question</a>
2901
2902 <ul>
2903 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/363/feedback/new-bsdnow-youtube-channel.md" rel="nofollow">For those that watch on youtube, don’t forget to subscribe to our new YouTube Channel if you want updates when we post them on YT</a></li>
2904 </ul></li>
2905 </ul>
2906
2907 <hr>
2908
2909 <ul>
2910 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a>
2911 ***</li>
2912 </ul>]]>
2913 </itunes:summary>
2914 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+lPxz4DVx</fireside:playerURL>
2915 <fireside:playerEmbedCode>
2916 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+lPxz4DVx" width="740" height="200" frameborder="0" scrolling="no">]]>
2917 </fireside:playerEmbedCode>
2918 </item>
2919 <item>
2920 <title>362: 2.11-BSD restoration</title>
2921 <link>https://www.bsdnow.tv/362</link>
2922 <guid isPermaLink="false">5822b2f7-0440-44f4-8f73-70609c960a3d</guid>
2923 <pubDate>Thu, 06 Aug 2020 05:00:00 -0700</pubDate>
2924 <author>Allan Jude</author>
2925 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/5822b2f7-0440-44f4-8f73-70609c960a3d.mp3" length="58166072" type="audio/mpeg"/>
2926 <itunes:episodeType>full</itunes:episodeType>
2927 <itunes:author>Allan Jude</itunes:author>
2928 <itunes:subtitle>Interview with Warner Losh about Unix history, the 2.11-BSD restoration project, the Unix heritage society, proper booting, and what devmatch is.</itunes:subtitle>
2929 <itunes:duration>1:02:30</itunes:duration>
2930 <itunes:explicit>no</itunes:explicit>
2931 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
2932 <description>Interview with Warner Losh about Unix history, the 2.11-BSD restoration project, the Unix heritage society, proper booting, and what devmatch is.
2933 Interview - Warner Losh - imp@freebsd.org (mailto:imp@freebsd.org) / @bsdimp (https://twitter.com/bsdimp)
2934 BSD 2.11 restoration project
2935 Tarsnap
2936 This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.
2937 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
2938 Special Guest: Warner Losh.
2939 </description>
2940 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, operating system, os, berkeley, software, distribution, zfs, interview</itunes:keywords>
2941 <content:encoded>
2942 <![CDATA[<p>Interview with Warner Losh about Unix history, the 2.11-BSD restoration project, the Unix heritage society, proper booting, and what devmatch is.</p>
2943
2944 <h4>Interview - Warner Losh - <a href="mailto:imp@freebsd.org" rel="nofollow">imp@freebsd.org</a> / <a href="https://twitter.com/bsdimp" rel="nofollow">@bsdimp</a></h4>
2945
2946 <h2>BSD 2.11 restoration project</h2>
2947
2948 <h3>Tarsnap</h3>
2949
2950 <ul>
2951 <li><p>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</p></li>
2952 <li><p>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></p>
2953
2954 <hr></li>
2955 </ul><p>Special Guest: Warner Losh.</p>]]>
2956 </content:encoded>
2957 <itunes:summary>
2958 <![CDATA[<p>Interview with Warner Losh about Unix history, the 2.11-BSD restoration project, the Unix heritage society, proper booting, and what devmatch is.</p>
2959
2960 <h4>Interview - Warner Losh - <a href="mailto:imp@freebsd.org" rel="nofollow">imp@freebsd.org</a> / <a href="https://twitter.com/bsdimp" rel="nofollow">@bsdimp</a></h4>
2961
2962 <h2>BSD 2.11 restoration project</h2>
2963
2964 <h3>Tarsnap</h3>
2965
2966 <ul>
2967 <li><p>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</p></li>
2968 <li><p>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></p>
2969
2970 <hr></li>
2971 </ul><p>Special Guest: Warner Losh.</p>]]>
2972 </itunes:summary>
2973 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+0CTjOBcg</fireside:playerURL>
2974 <fireside:playerEmbedCode>
2975 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+0CTjOBcg" width="740" height="200" frameborder="0" scrolling="no">]]>
2976 </fireside:playerEmbedCode>
2977 </item>
2978 <item>
2979 <title>361: Function-based MicroVM</title>
2980 <link>https://www.bsdnow.tv/361</link>
2981 <guid isPermaLink="false">e7930697-b2c2-4603-b015-19d1070a7c69</guid>
2982 <pubDate>Thu, 30 Jul 2020 04:00:00 -0700</pubDate>
2983 <author>Allan Jude</author>
2984 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/e7930697-b2c2-4603-b015-19d1070a7c69.mp3" length="64248344" type="audio/mpeg"/>
2985 <itunes:episodeType>full</itunes:episodeType>
2986 <itunes:author>Allan Jude</itunes:author>
2987 <itunes:subtitle>Emulex: The Cheapest 10gbe for Your Homelab, In Search of 2.11BSD, as released, Fakecracker: NetBSD as a Function Based MicroVM, First powerpc64 snapshots available for OpenBSD, OPNsense 20.1.8 released, and more.
2988 </itunes:subtitle>
2989 <itunes:duration>1:02:10</itunes:duration>
2990 <itunes:explicit>no</itunes:explicit>
2991 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
2992 <description>Emulex: The Cheapest 10gbe for Your Homelab, In Search of 2.11BSD, as released, Fakecracker: NetBSD as a Function Based MicroVM, First powerpc64 snapshots available for OpenBSD, OPNsense 20.1.8 released, and more.
2993 NOTES
2994 This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/)
2995 Headlines
2996 Emulex: The Cheapest 10gbe for Your Homelab (https://vincerants.com/emulex-the-cheapest-10gbe/)
2997 Years ago, the hunt for the cheapest 10gbe NICs resulted in buying Mellanox ConnectX-2 single-port 10gbe network cards from eBay for around $10. Nowadays those cards have increased in cost to around $20-30. While still cheap, not quite the cheapest. There are now alternatives!
2998 Before diving into details, let’s get something very clear. If you want the absolute simplest plug-and-play 10gbe LAN for your homelab, pay the extra for Mellanox. If you’re willing to go hands-on, do some simple manual configuration and installation, read on for my experiences with Emulex 10gbe NICs.
2999 Emulex NICs can often be had for around $15 on eBay, sometimes even cheaper. I recently picked up a set of 4 of these cards, which came bundled with 6 SFP+ 10g-SR modules for a grand total of $47.48. Considering I can usually find SFP+ modules for about $5/ea, these alone were worth $30.
3000 + I have also tried some Solarflare cards that I found cheap, they work ok, but are pickier about optics, and tend to be focused on low-latency, so often don’t manage to saturate the full 10 gbps, topping out around 8 gbps.
3001 + I have been using fs.com for optics, patch cables, and DACs. I find DACs are usually cheaper if you are just going between a server and a switch in the same rack, or direct between 2 servers.
3002 In Search of 2.11BSD, as released (https://bsdimp.blogspot.com/2020/07/211bsd-original-tapes-recreation.html)
3003 Almost all of the BSD releases have been well preserved. If you want to find 1BSD, or 2BSD or 4.3-TAHOE BSD you can find them online with little fuss. However, if you search for 2.11BSD, you'll find it easily enough, but it won't be the original. You'll find either the latest patched version (2.11BSD pl 469), or one of the earlier popular version (pl 430 is popular). You can even find the RetroBSD project which used 2.11BSD as a starting point to create systems for tiny mips-based PIC controllers. You'll find every single patch that's been issued for the system.
3004 News Roundup
3005 Fakecracker: NetBSD as a Function Based MicroVM (https://imil.net/blog/posts/2020/fakecracker-netbsd-as-a-function-based-microvm/)
3006 In November 2018 AWS published an Open Source tool called Firecracker, mostly a virtual machine monitor relying on KVM, a small sized Linux kernel, and a stripped down version of Qemu. What baffled me was the speed at which the virtual machine would fire up and run the service. The whole process is to be compared to a container, but safer, as it does not share the kernel nor any resource, it is a separate and dedicated virtual machine.
3007 If you want to learn more on Firecracker‘s internals, here’s a very well put article.
3008 First powerpc64 snapshots available for OpenBSD (https://undeadly.org/cgi?action=article;sid=20200707001113)
3009 Since we reported the first bits of powerpc64 support going into the tree on 16 May, work has progressed at a steady pace, resulting in snapshots now being available for this platform.
3010 So, if you have a POWER9 system idling around, go to your nearest mirror and fetch this snapshot. Keep in mind that as this is still very early days, very little handholding is available - you are basically on your own.
3011 OPNsense 20.1.8 released (https://opnsense.org/opnsense-20-1-8-released/)
3012 Sorry about the delay while we chased a race condition in the updates back to an issue with the latest FreeBSD package manager updates. For now we reverted to our current version but all relevant third party packages have been updated as updates became available over the last weeks, e.g. cURL and Python, and hostapd / wpa_supplicant amongst others.
3013 Beastie Bits
3014 Old School Disk Partitioning (https://bsdimp.blogspot.com/2020/07/old-school-disk-partitioning.html)
3015 Nomad BSD 1.3.2 Released (http://nomadbsd.org/index.html#1.3.2)
3016 Chai-Fi (https://github.com/gonzoua/chaifi)
3017 Tarsnap
3018 This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.
3019 Feedback/Questions
3020 Poojan - ZFS Question (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/361/feedback/Poojan%20-%20ZFS%20question.md)
3021 graceon - supermicro (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/361/feedback/graceon%20-%20supermicro.md)
3022 zenbum - groff (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/361/feedback/zenbum%20-%20groff.md)
3023 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
3024 ***
3025 Special Guest: Warner Losh.
3026 </description>
3027 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, operating system, os, berkeley, software, distribution, zfs, interview, emulex, homelab, 2.11 BSD, function based microvm, microvm, powerpc64, snapshots, opnsense, release</itunes:keywords>
3028 <content:encoded>
3029 <![CDATA[<p>Emulex: The Cheapest 10gbe for Your Homelab, In Search of 2.11BSD, as released, Fakecracker: NetBSD as a Function Based MicroVM, First powerpc64 snapshots available for OpenBSD, OPNsense 20.1.8 released, and more.</p>
3030
3031 <p><strong><em>NOTES</em></strong><br>
3032 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/" rel="nofollow">Tarsnap</a></p>
3033
3034 <h2>Headlines</h2>
3035
3036 <h3><a href="https://vincerants.com/emulex-the-cheapest-10gbe/" rel="nofollow">Emulex: The Cheapest 10gbe for Your Homelab</a></h3>
3037
3038 <blockquote>
3039 <p>Years ago, the hunt for the cheapest 10gbe NICs resulted in buying Mellanox ConnectX-2 single-port 10gbe network cards from eBay for around $10. Nowadays those cards have increased in cost to around $20-30. While still cheap, not quite the cheapest. There are now alternatives!<br>
3040 Before diving into details, let’s get something very clear. If you want the absolute simplest plug-and-play 10gbe LAN for your homelab, pay the extra for Mellanox. If you’re willing to go hands-on, do some simple manual configuration and installation, read on for my experiences with Emulex 10gbe NICs.<br>
3041 Emulex NICs can often be had for around $15 on eBay, sometimes even cheaper. I recently picked up a set of 4 of these cards, which came bundled with 6 SFP+ 10g-SR modules for a grand total of $47.48. Considering I can usually find SFP+ modules for about $5/ea, these alone were worth $30.</p>
3042
3043 <ul>
3044 <li>I have also tried some Solarflare cards that I found cheap, they work ok, but are pickier about optics, and tend to be focused on low-latency, so often don’t manage to saturate the full 10 gbps, topping out around 8 gbps.</li>
3045 <li>I have been using fs.com for optics, patch cables, and DACs. I find DACs are usually cheaper if you are just going between a server and a switch in the same rack, or direct between 2 servers.
3046 ***</li>
3047 </ul>
3048 </blockquote>
3049
3050 <h3><a href="https://bsdimp.blogspot.com/2020/07/211bsd-original-tapes-recreation.html" rel="nofollow">In Search of 2.11BSD, as released</a></h3>
3051
3052 <blockquote>
3053 <p>Almost all of the BSD releases have been well preserved. If you want to find 1BSD, or 2BSD or 4.3-TAHOE BSD you can find them online with little fuss. However, if you search for 2.11BSD, you'll find it easily enough, but it won't be the original. You'll find either the latest patched version (2.11BSD pl 469), or one of the earlier popular version (pl 430 is popular). You can even find the RetroBSD project which used 2.11BSD as a starting point to create systems for tiny mips-based PIC controllers. You'll find every single patch that's been issued for the system.</p>
3054
3055 <hr>
3056 </blockquote>
3057
3058 <h2>News Roundup</h2>
3059
3060 <h3><a href="https://imil.net/blog/posts/2020/fakecracker-netbsd-as-a-function-based-microvm/" rel="nofollow">Fakecracker: NetBSD as a Function Based MicroVM</a></h3>
3061
3062 <blockquote>
3063 <p>In November 2018 AWS published an Open Source tool called Firecracker, mostly a virtual machine monitor relying on KVM, a small sized Linux kernel, and a stripped down version of Qemu. What baffled me was the speed at which the virtual machine would fire up and run the service. The whole process is to be compared to a container, but safer, as it does not share the kernel nor any resource, it is a separate and dedicated virtual machine.<br>
3064 If you want to learn more on Firecracker‘s internals, here’s a very well put article.</p>
3065
3066 <hr>
3067 </blockquote>
3068
3069 <h3><a href="https://undeadly.org/cgi?action=article;sid=20200707001113" rel="nofollow">First powerpc64 snapshots available for OpenBSD</a></h3>
3070
3071 <blockquote>
3072 <p>Since we reported the first bits of powerpc64 support going into the tree on 16 May, work has progressed at a steady pace, resulting in snapshots now being available for this platform.<br>
3073 So, if you have a POWER9 system idling around, go to your nearest mirror and fetch this snapshot. Keep in mind that as this is still very early days, very little handholding is available - you are basically on your own.</p>
3074
3075 <hr>
3076 </blockquote>
3077
3078 <h3><a href="https://opnsense.org/opnsense-20-1-8-released/" rel="nofollow">OPNsense 20.1.8 released</a></h3>
3079
3080 <blockquote>
3081 <p>Sorry about the delay while we chased a race condition in the updates back to an issue with the latest FreeBSD package manager updates. For now we reverted to our current version but all relevant third party packages have been updated as updates became available over the last weeks, e.g. cURL and Python, and hostapd / wpa_supplicant amongst others.</p>
3082
3083 <hr>
3084 </blockquote>
3085
3086 <h2>Beastie Bits</h2>
3087
3088 <ul>
3089 <li><a href="https://bsdimp.blogspot.com/2020/07/old-school-disk-partitioning.html" rel="nofollow">Old School Disk Partitioning</a></li>
3090 <li><a href="http://nomadbsd.org/index.html#1.3.2" rel="nofollow">Nomad BSD 1.3.2 Released</a></li>
3091 <li><a href="https://github.com/gonzoua/chaifi" rel="nofollow">Chai-Fi</a></li>
3092 </ul>
3093
3094 <hr>
3095
3096 <h3>Tarsnap</h3>
3097
3098 <ul>
3099 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
3100 </ul>
3101
3102 <h2>Feedback/Questions</h2>
3103
3104 <ul>
3105 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/361/feedback/Poojan%20-%20ZFS%20question.md" rel="nofollow">Poojan - ZFS Question</a></li>
3106 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/361/feedback/graceon%20-%20supermicro.md" rel="nofollow">graceon - supermicro</a></li>
3107 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/361/feedback/zenbum%20-%20groff.md" rel="nofollow">zenbum - groff</a></li>
3108 </ul>
3109
3110 <hr>
3111
3112 <ul>
3113 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a>
3114 ***</li>
3115 </ul><p>Special Guest: Warner Losh.</p>]]>
3116 </content:encoded>
3117 <itunes:summary>
3118 <![CDATA[<p>Emulex: The Cheapest 10gbe for Your Homelab, In Search of 2.11BSD, as released, Fakecracker: NetBSD as a Function Based MicroVM, First powerpc64 snapshots available for OpenBSD, OPNsense 20.1.8 released, and more.</p>
3119
3120 <p><strong><em>NOTES</em></strong><br>
3121 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/" rel="nofollow">Tarsnap</a></p>
3122
3123 <h2>Headlines</h2>
3124
3125 <h3><a href="https://vincerants.com/emulex-the-cheapest-10gbe/" rel="nofollow">Emulex: The Cheapest 10gbe for Your Homelab</a></h3>
3126
3127 <blockquote>
3128 <p>Years ago, the hunt for the cheapest 10gbe NICs resulted in buying Mellanox ConnectX-2 single-port 10gbe network cards from eBay for around $10. Nowadays those cards have increased in cost to around $20-30. While still cheap, not quite the cheapest. There are now alternatives!<br>
3129 Before diving into details, let’s get something very clear. If you want the absolute simplest plug-and-play 10gbe LAN for your homelab, pay the extra for Mellanox. If you’re willing to go hands-on, do some simple manual configuration and installation, read on for my experiences with Emulex 10gbe NICs.<br>
3130 Emulex NICs can often be had for around $15 on eBay, sometimes even cheaper. I recently picked up a set of 4 of these cards, which came bundled with 6 SFP+ 10g-SR modules for a grand total of $47.48. Considering I can usually find SFP+ modules for about $5/ea, these alone were worth $30.</p>
3131
3132 <ul>
3133 <li>I have also tried some Solarflare cards that I found cheap, they work ok, but are pickier about optics, and tend to be focused on low-latency, so often don’t manage to saturate the full 10 gbps, topping out around 8 gbps.</li>
3134 <li>I have been using fs.com for optics, patch cables, and DACs. I find DACs are usually cheaper if you are just going between a server and a switch in the same rack, or direct between 2 servers.
3135 ***</li>
3136 </ul>
3137 </blockquote>
3138
3139 <h3><a href="https://bsdimp.blogspot.com/2020/07/211bsd-original-tapes-recreation.html" rel="nofollow">In Search of 2.11BSD, as released</a></h3>
3140
3141 <blockquote>
3142 <p>Almost all of the BSD releases have been well preserved. If you want to find 1BSD, or 2BSD or 4.3-TAHOE BSD you can find them online with little fuss. However, if you search for 2.11BSD, you'll find it easily enough, but it won't be the original. You'll find either the latest patched version (2.11BSD pl 469), or one of the earlier popular version (pl 430 is popular). You can even find the RetroBSD project which used 2.11BSD as a starting point to create systems for tiny mips-based PIC controllers. You'll find every single patch that's been issued for the system.</p>
3143
3144 <hr>
3145 </blockquote>
3146
3147 <h2>News Roundup</h2>
3148
3149 <h3><a href="https://imil.net/blog/posts/2020/fakecracker-netbsd-as-a-function-based-microvm/" rel="nofollow">Fakecracker: NetBSD as a Function Based MicroVM</a></h3>
3150
3151 <blockquote>
3152 <p>In November 2018 AWS published an Open Source tool called Firecracker, mostly a virtual machine monitor relying on KVM, a small sized Linux kernel, and a stripped down version of Qemu. What baffled me was the speed at which the virtual machine would fire up and run the service. The whole process is to be compared to a container, but safer, as it does not share the kernel nor any resource, it is a separate and dedicated virtual machine.<br>
3153 If you want to learn more on Firecracker‘s internals, here’s a very well put article.</p>
3154
3155 <hr>
3156 </blockquote>
3157
3158 <h3><a href="https://undeadly.org/cgi?action=article;sid=20200707001113" rel="nofollow">First powerpc64 snapshots available for OpenBSD</a></h3>
3159
3160 <blockquote>
3161 <p>Since we reported the first bits of powerpc64 support going into the tree on 16 May, work has progressed at a steady pace, resulting in snapshots now being available for this platform.<br>
3162 So, if you have a POWER9 system idling around, go to your nearest mirror and fetch this snapshot. Keep in mind that as this is still very early days, very little handholding is available - you are basically on your own.</p>
3163
3164 <hr>
3165 </blockquote>
3166
3167 <h3><a href="https://opnsense.org/opnsense-20-1-8-released/" rel="nofollow">OPNsense 20.1.8 released</a></h3>
3168
3169 <blockquote>
3170 <p>Sorry about the delay while we chased a race condition in the updates back to an issue with the latest FreeBSD package manager updates. For now we reverted to our current version but all relevant third party packages have been updated as updates became available over the last weeks, e.g. cURL and Python, and hostapd / wpa_supplicant amongst others.</p>
3171
3172 <hr>
3173 </blockquote>
3174
3175 <h2>Beastie Bits</h2>
3176
3177 <ul>
3178 <li><a href="https://bsdimp.blogspot.com/2020/07/old-school-disk-partitioning.html" rel="nofollow">Old School Disk Partitioning</a></li>
3179 <li><a href="http://nomadbsd.org/index.html#1.3.2" rel="nofollow">Nomad BSD 1.3.2 Released</a></li>
3180 <li><a href="https://github.com/gonzoua/chaifi" rel="nofollow">Chai-Fi</a></li>
3181 </ul>
3182
3183 <hr>
3184
3185 <h3>Tarsnap</h3>
3186
3187 <ul>
3188 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
3189 </ul>
3190
3191 <h2>Feedback/Questions</h2>
3192
3193 <ul>
3194 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/361/feedback/Poojan%20-%20ZFS%20question.md" rel="nofollow">Poojan - ZFS Question</a></li>
3195 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/361/feedback/graceon%20-%20supermicro.md" rel="nofollow">graceon - supermicro</a></li>
3196 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/361/feedback/zenbum%20-%20groff.md" rel="nofollow">zenbum - groff</a></li>
3197 </ul>
3198
3199 <hr>
3200
3201 <ul>
3202 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a>
3203 ***</li>
3204 </ul><p>Special Guest: Warner Losh.</p>]]>
3205 </itunes:summary>
3206 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+PKuj5dD2</fireside:playerURL>
3207 <fireside:playerEmbedCode>
3208 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+PKuj5dD2" width="740" height="200" frameborder="0" scrolling="no">]]>
3209 </fireside:playerEmbedCode>
3210 </item>
3211 <item>
3212 <title>360: Full circle</title>
3213 <link>https://www.bsdnow.tv/360</link>
3214 <guid isPermaLink="false">69d88af7-54da-4612-9fc2-84ffae001c46</guid>
3215 <pubDate>Thu, 23 Jul 2020 05:00:00 -0700</pubDate>
3216 <author>Allan Jude</author>
3217 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/69d88af7-54da-4612-9fc2-84ffae001c46.mp3" length="42925160" type="audio/mpeg"/>
3218 <itunes:episodeType>full</itunes:episodeType>
3219 <itunes:author>Allan Jude</itunes:author>
3220 <itunes:subtitle>Chasing a bad commit, New FreeBSD Core Team elected, Getting Started with NetBSD on the Pinebook Pro, FreeBSD on the Intel 10th Gen i3 NUC, pf table size check and change, and more.</itunes:subtitle>
3221 <itunes:duration>42:27</itunes:duration>
3222 <itunes:explicit>no</itunes:explicit>
3223 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
3224 <description>Chasing a bad commit, New FreeBSD Core Team elected, Getting Started with NetBSD on the Pinebook Pro, FreeBSD on the Intel 10th Gen i3 NUC, pf table size check and change, and more.
3225 NOTES
3226 This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/)
3227 Headlines
3228 Chasing a bad commit (https://vishaltelangre.com/chasing-a-bad-commit/)
3229 While working on a big project where multiple teams merge their feature branches frequently into a release Git branch, developers often run into situations where they find that some of their work have been either removed, modified or affected by someone else's work accidentally. It can happen in smaller teams as well. Two features could have been working perfectly fine until they got merged together and broke something. That's a highly possible case. There are many other cases which could cause such hard to understand and subtle bugs which even continuous integration (CI) systems running the entire test suite of our projects couldn't catch.
3230 We are not going to discuss how such subtle bugs can get into our release branch because that's just a wild territory out there. Instead, we can definitely discuss about how to find a commit that deviated from an expected outcome of a certain feature. The deviation could be any behaviour of our code that we can measure distinctively — either good or bad in general.
3231 New FreeBSD Core Team Elected (https://www.freebsdnews.com/2020/07/14/new-freebsd-core-team-elected/)
3232 The FreeBSD Project is pleased to announce the completion of the 2020 Core Team election. Active committers to the project have elected your Eleventh FreeBSD Core Team.!
3233 Baptiste Daroussin (bapt)
3234 Ed Maste (emaste)
3235 George V. Neville-Neil (gnn)
3236 Hiroki Sato (hrs)
3237 Kyle Evans (kevans)
3238 Mark Johnston (markj)
3239 Scott Long (scottl)
3240 Sean Chittenden (seanc)
3241 Warner Losh (imp)
3242 ***
3243 News Roundup
3244 Getting Started with NetBSD on the Pinebook Pro (https://bentsukun.ch/posts/pinebook-pro-netbsd/)
3245 If you buy a Pinebook Pro now, it comes with Manjaro Linux on the internal eMMC storage. Let’s install NetBSD instead!
3246 The easiest way to get started is to buy a decent micro-SD card (what sort of markings it should have is a science of its own, by the way) and install NetBSD on that. On a warm boot (i.e. when rebooting a running system), the micro-SD card has priority compared to the eMMC, so the system will boot from there.
3247 + A FreeBSD developer has borrowed some of the NetBSD code to get audio working on RockPro64 and Pinebook Pro: https://twitter.com/kernelnomicon/status/1282790609778905088
3248 FreeBSD on the Intel 10th Gen i3 NUC (https://adventurist.me/posts/00300)
3249 I have ended up with some 10th Gen i3 NUC's (NUC10i3FNH to be specific) to put to work in my testbed. These are quite new devices, the build date on the boxes is 13APR2020. Before I figure out what their true role is (one of them might have to run linux) I need to install FreeBSD -CURRENT and see how performance and hardware support is.
3250 pf table size check and change (https://www.dragonflydigest.com/2020/06/29/24698.html)
3251 Did you know there’s a default size limit to pf’s state table? I did not, but it makes sense that there is one. If for some reason you bump into this limit (difficult for home use, I’d think), here’s how you change it (http://lists.dragonflybsd.org/pipermail/users/2020-June/381261.html)
3252 There is a table-entries limit specified, you can see current settings with
3253 'pfctl -s all'. You can adjust the limits in the /etc/pf.conf file
3254 containing the rules with a line like this near the top:
3255 set limit table-entries 100000
3256 + In the original mail thread, there is mention of the FreeBSD sysctl net.pf.request_maxcount, which controls the maximum number of entries that can be sent as a single ioctl(). This allows the user to adjust the memory limit for how big of a list the kernel is willing to allocate memory for.
3257 Beastie Bits
3258 tmux and bhyve (https://callfortesting.org/tmux/)
3259 Azure and FreeBSD (https://azuremarketplace.microsoft.com/en-us/marketplace/apps/thefreebsdfoundation.freebsd-12_1)
3260 Groff Tutorial (https://www.youtube.com/watch?v=bvkmnK6-qao&feature=youtu.be)
3261 ***
3262 ###Tarsnap
3263 This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.
3264 Tarsnap Mastery (https://mwl.io/nonfiction/tools#tarsnap)
3265 Feedback/Questions
3266 Chris - ZFS Question (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/360/feedback/Chris%20-%20zfs%20question.md)
3267 Patrick - Tarsnap (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/360/feedback/Patrick%20-%20Tarsnap.md)
3268 Pin - pkgsrc (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/360/feedback/pin%20-%20pkgsrc.md)
3269 ***
3270 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
3271 ***
3272 </description>
3273 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, operating system, os, berkeley, software, distribution, zfs, interview, commit, core team, freebsd core team, election, elected, pinebook, pinebook pro, i3, Intel, Intel i3, i3 NUC, pf, packet filter, table size, table size check</itunes:keywords>
3274 <content:encoded>
3275 <![CDATA[<p>Chasing a bad commit, New FreeBSD Core Team elected, Getting Started with NetBSD on the Pinebook Pro, FreeBSD on the Intel 10th Gen i3 NUC, pf table size check and change, and more.</p>
3276
3277 <p><strong><em>NOTES</em></strong><br>
3278 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/" rel="nofollow">Tarsnap</a></p>
3279
3280 <h2>Headlines</h2>
3281
3282 <h3><a href="https://vishaltelangre.com/chasing-a-bad-commit/" rel="nofollow">Chasing a bad commit</a></h3>
3283
3284 <blockquote>
3285 <p>While working on a big project where multiple teams merge their feature branches frequently into a release Git branch, developers often run into situations where they find that some of their work have been either removed, modified or affected by someone else's work accidentally. It can happen in smaller teams as well. Two features could have been working perfectly fine until they got merged together and broke something. That's a highly possible case. There are many other cases which could cause such hard to understand and subtle bugs which even continuous integration (CI) systems running the entire test suite of our projects couldn't catch.<br>
3286 We are not going to discuss how such subtle bugs can get into our release branch because that's just a wild territory out there. Instead, we can definitely discuss about how to find a commit that deviated from an expected outcome of a certain feature. The deviation could be any behaviour of our code that we can measure distinctively — either good or bad in general.</p>
3287 </blockquote>
3288
3289 <hr>
3290
3291 <h3><a href="https://www.freebsdnews.com/2020/07/14/new-freebsd-core-team-elected/" rel="nofollow">New FreeBSD Core Team Elected</a></h3>
3292
3293 <blockquote>
3294 <p>The FreeBSD Project is pleased to announce the completion of the 2020 Core Team election. Active committers to the project have elected your Eleventh FreeBSD Core Team.!</p>
3295 </blockquote>
3296
3297 <ul>
3298 <li>Baptiste Daroussin (bapt)</li>
3299 <li>Ed Maste (emaste)</li>
3300 <li>George V. Neville-Neil (gnn)</li>
3301 <li>Hiroki Sato (hrs)</li>
3302 <li>Kyle Evans (kevans)</li>
3303 <li>Mark Johnston (markj)</li>
3304 <li>Scott Long (scottl)</li>
3305 <li>Sean Chittenden (seanc)</li>
3306 <li>Warner Losh (imp)
3307 ***</li>
3308 </ul>
3309
3310 <h2>News Roundup</h2>
3311
3312 <h3><a href="https://bentsukun.ch/posts/pinebook-pro-netbsd/" rel="nofollow">Getting Started with NetBSD on the Pinebook Pro</a></h3>
3313
3314 <blockquote>
3315 <p>If you buy a Pinebook Pro now, it comes with Manjaro Linux on the internal eMMC storage. Let’s install NetBSD instead!<br>
3316 The easiest way to get started is to buy a decent micro-SD card (what sort of markings it should have is a science of its own, by the way) and install NetBSD on that. On a warm boot (i.e. when rebooting a running system), the micro-SD card has priority compared to the eMMC, so the system will boot from there.</p>
3317
3318 <ul>
3319 <li>A FreeBSD developer has borrowed some of the NetBSD code to get audio working on RockPro64 and Pinebook Pro: <a href="https://twitter.com/kernelnomicon/status/1282790609778905088" rel="nofollow">https://twitter.com/kernelnomicon/status/1282790609778905088</a>
3320 ***</li>
3321 </ul>
3322 </blockquote>
3323
3324 <h3><a href="https://adventurist.me/posts/00300" rel="nofollow">FreeBSD on the Intel 10th Gen i3 NUC</a></h3>
3325
3326 <blockquote>
3327 <p>I have ended up with some 10th Gen i3 NUC's (NUC10i3FNH to be specific) to put to work in my testbed. These are quite new devices, the build date on the boxes is 13APR2020. Before I figure out what their true role is (one of them might have to run linux) I need to install FreeBSD -CURRENT and see how performance and hardware support is.</p>
3328 </blockquote>
3329
3330 <hr>
3331
3332 <h3><a href="https://www.dragonflydigest.com/2020/06/29/24698.html" rel="nofollow">pf table size check and change</a></h3>
3333
3334 <blockquote>
3335 <p>Did you know there’s a default size limit to pf’s state table? I did not, but it makes sense that there is one. If for some reason you bump into this limit (difficult for home use, I’d think), <a href="http://lists.dragonflybsd.org/pipermail/users/2020-June/381261.html" rel="nofollow">here’s how you change it</a><br>
3336 There is a table-entries limit specified, you can see current settings with<br>
3337 'pfctl -s all'. You can adjust the limits in the /etc/pf.conf file<br>
3338 containing the rules with a line like this near the top:<br>
3339 <code>set limit table-entries 100000</code></p>
3340
3341 <ul>
3342 <li>In the original mail thread, there is mention of the FreeBSD sysctl net.pf.request_maxcount, which controls the maximum number of entries that can be sent as a single ioctl(). This allows the user to adjust the memory limit for how big of a list the kernel is willing to allocate memory for.
3343 ***</li>
3344 </ul>
3345 </blockquote>
3346
3347 <h2>Beastie Bits</h2>
3348
3349 <ul>
3350 <li><a href="https://callfortesting.org/tmux/" rel="nofollow">tmux and bhyve</a></li>
3351 <li><a href="https://azuremarketplace.microsoft.com/en-us/marketplace/apps/thefreebsdfoundation.freebsd-12_1" rel="nofollow">Azure and FreeBSD</a></li>
3352 <li><a href="https://www.youtube.com/watch?v=bvkmnK6-qao&feature=youtu.be" rel="nofollow">Groff Tutorial</a>
3353 ***
3354 ###Tarsnap</li>
3355 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.
3356 <a href="https://mwl.io/nonfiction/tools#tarsnap" rel="nofollow">Tarsnap Mastery</a></li>
3357 </ul>
3358
3359 <h2>Feedback/Questions</h2>
3360
3361 <ul>
3362 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/360/feedback/Chris%20-%20zfs%20question.md" rel="nofollow">Chris - ZFS Question</a></li>
3363 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/360/feedback/Patrick%20-%20Tarsnap.md" rel="nofollow">Patrick - Tarsnap</a></li>
3364 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/360/feedback/pin%20-%20pkgsrc.md" rel="nofollow">Pin - pkgsrc</a>
3365 ***</li>
3366 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a>
3367 ***</li>
3368 </ul>]]>
3369 </content:encoded>
3370 <itunes:summary>
3371 <![CDATA[<p>Chasing a bad commit, New FreeBSD Core Team elected, Getting Started with NetBSD on the Pinebook Pro, FreeBSD on the Intel 10th Gen i3 NUC, pf table size check and change, and more.</p>
3372
3373 <p><strong><em>NOTES</em></strong><br>
3374 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/" rel="nofollow">Tarsnap</a></p>
3375
3376 <h2>Headlines</h2>
3377
3378 <h3><a href="https://vishaltelangre.com/chasing-a-bad-commit/" rel="nofollow">Chasing a bad commit</a></h3>
3379
3380 <blockquote>
3381 <p>While working on a big project where multiple teams merge their feature branches frequently into a release Git branch, developers often run into situations where they find that some of their work have been either removed, modified or affected by someone else's work accidentally. It can happen in smaller teams as well. Two features could have been working perfectly fine until they got merged together and broke something. That's a highly possible case. There are many other cases which could cause such hard to understand and subtle bugs which even continuous integration (CI) systems running the entire test suite of our projects couldn't catch.<br>
3382 We are not going to discuss how such subtle bugs can get into our release branch because that's just a wild territory out there. Instead, we can definitely discuss about how to find a commit that deviated from an expected outcome of a certain feature. The deviation could be any behaviour of our code that we can measure distinctively — either good or bad in general.</p>
3383 </blockquote>
3384
3385 <hr>
3386
3387 <h3><a href="https://www.freebsdnews.com/2020/07/14/new-freebsd-core-team-elected/" rel="nofollow">New FreeBSD Core Team Elected</a></h3>
3388
3389 <blockquote>
3390 <p>The FreeBSD Project is pleased to announce the completion of the 2020 Core Team election. Active committers to the project have elected your Eleventh FreeBSD Core Team.!</p>
3391 </blockquote>
3392
3393 <ul>
3394 <li>Baptiste Daroussin (bapt)</li>
3395 <li>Ed Maste (emaste)</li>
3396 <li>George V. Neville-Neil (gnn)</li>
3397 <li>Hiroki Sato (hrs)</li>
3398 <li>Kyle Evans (kevans)</li>
3399 <li>Mark Johnston (markj)</li>
3400 <li>Scott Long (scottl)</li>
3401 <li>Sean Chittenden (seanc)</li>
3402 <li>Warner Losh (imp)
3403 ***</li>
3404 </ul>
3405
3406 <h2>News Roundup</h2>
3407
3408 <h3><a href="https://bentsukun.ch/posts/pinebook-pro-netbsd/" rel="nofollow">Getting Started with NetBSD on the Pinebook Pro</a></h3>
3409
3410 <blockquote>
3411 <p>If you buy a Pinebook Pro now, it comes with Manjaro Linux on the internal eMMC storage. Let’s install NetBSD instead!<br>
3412 The easiest way to get started is to buy a decent micro-SD card (what sort of markings it should have is a science of its own, by the way) and install NetBSD on that. On a warm boot (i.e. when rebooting a running system), the micro-SD card has priority compared to the eMMC, so the system will boot from there.</p>
3413
3414 <ul>
3415 <li>A FreeBSD developer has borrowed some of the NetBSD code to get audio working on RockPro64 and Pinebook Pro: <a href="https://twitter.com/kernelnomicon/status/1282790609778905088" rel="nofollow">https://twitter.com/kernelnomicon/status/1282790609778905088</a>
3416 ***</li>
3417 </ul>
3418 </blockquote>
3419
3420 <h3><a href="https://adventurist.me/posts/00300" rel="nofollow">FreeBSD on the Intel 10th Gen i3 NUC</a></h3>
3421
3422 <blockquote>
3423 <p>I have ended up with some 10th Gen i3 NUC's (NUC10i3FNH to be specific) to put to work in my testbed. These are quite new devices, the build date on the boxes is 13APR2020. Before I figure out what their true role is (one of them might have to run linux) I need to install FreeBSD -CURRENT and see how performance and hardware support is.</p>
3424 </blockquote>
3425
3426 <hr>
3427
3428 <h3><a href="https://www.dragonflydigest.com/2020/06/29/24698.html" rel="nofollow">pf table size check and change</a></h3>
3429
3430 <blockquote>
3431 <p>Did you know there’s a default size limit to pf’s state table? I did not, but it makes sense that there is one. If for some reason you bump into this limit (difficult for home use, I’d think), <a href="http://lists.dragonflybsd.org/pipermail/users/2020-June/381261.html" rel="nofollow">here’s how you change it</a><br>
3432 There is a table-entries limit specified, you can see current settings with<br>
3433 'pfctl -s all'. You can adjust the limits in the /etc/pf.conf file<br>
3434 containing the rules with a line like this near the top:<br>
3435 <code>set limit table-entries 100000</code></p>
3436
3437 <ul>
3438 <li>In the original mail thread, there is mention of the FreeBSD sysctl net.pf.request_maxcount, which controls the maximum number of entries that can be sent as a single ioctl(). This allows the user to adjust the memory limit for how big of a list the kernel is willing to allocate memory for.
3439 ***</li>
3440 </ul>
3441 </blockquote>
3442
3443 <h2>Beastie Bits</h2>
3444
3445 <ul>
3446 <li><a href="https://callfortesting.org/tmux/" rel="nofollow">tmux and bhyve</a></li>
3447 <li><a href="https://azuremarketplace.microsoft.com/en-us/marketplace/apps/thefreebsdfoundation.freebsd-12_1" rel="nofollow">Azure and FreeBSD</a></li>
3448 <li><a href="https://www.youtube.com/watch?v=bvkmnK6-qao&feature=youtu.be" rel="nofollow">Groff Tutorial</a>
3449 ***
3450 ###Tarsnap</li>
3451 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.
3452 <a href="https://mwl.io/nonfiction/tools#tarsnap" rel="nofollow">Tarsnap Mastery</a></li>
3453 </ul>
3454
3455 <h2>Feedback/Questions</h2>
3456
3457 <ul>
3458 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/360/feedback/Chris%20-%20zfs%20question.md" rel="nofollow">Chris - ZFS Question</a></li>
3459 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/360/feedback/Patrick%20-%20Tarsnap.md" rel="nofollow">Patrick - Tarsnap</a></li>
3460 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/360/feedback/pin%20-%20pkgsrc.md" rel="nofollow">Pin - pkgsrc</a>
3461 ***</li>
3462 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a>
3463 ***</li>
3464 </ul>]]>
3465 </itunes:summary>
3466 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+Wa_ddHyR</fireside:playerURL>
3467 <fireside:playerEmbedCode>
3468 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+Wa_ddHyR" width="740" height="200" frameborder="0" scrolling="no">]]>
3469 </fireside:playerEmbedCode>
3470 </item>
3471 <item>
3472 <title>359: Throwaway Browser</title>
3473 <link>https://www.bsdnow.tv/359</link>
3474 <guid isPermaLink="false">b066740d-03a5-423b-9ab9-8936c3246979</guid>
3475 <pubDate>Thu, 16 Jul 2020 04:00:00 -0700</pubDate>
3476 <author>Allan Jude</author>
3477 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/b066740d-03a5-423b-9ab9-8936c3246979.mp3" length="44787992" type="audio/mpeg"/>
3478 <itunes:episodeType>full</itunes:episodeType>
3479 <itunes:author>Allan Jude</itunes:author>
3480 <itunes:subtitle>Throw-Away Browser on FreeBSD With "pot" within 5 minutes, OmniOS as OpenBSD guest with bhyve, BSD vs Linux distro development, My FreeBSD Laptop Build, FreeBSD CURRENT Binary Upgrades, and more.</itunes:subtitle>
3481 <itunes:duration>43:25</itunes:duration>
3482 <itunes:explicit>no</itunes:explicit>
3483 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
3484 <description>Throw-Away Browser on FreeBSD With "pot" within 5 minutes, OmniOS as OpenBSD guest with bhyve, BSD vs Linux distro development, My FreeBSD Laptop Build, FreeBSD CURRENT Binary Upgrades, and more.
3485 NOTES
3486 This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/)
3487 Headlines
3488 Throw-Away Browser on FreeBSD With "pot" Within 5 Minutes (https://honeyguide.eu/posts/pot-throwaway-firefox/)
3489 pot is a great and relatively new jail management tool. It offers DevOps style provisioning and can even be used to provide Docker-like, scalable cloud services together with nomad and consul (more about this in Orchestrating jails with nomad and pot).
3490 OpenBSD guest with bhyve - OmniOS (https://www.pbdigital.org/omniosce/bhyve/openbsd/2020/06/08/bhyve-zones-omnios.html)
3491 Today I will be creating a OpenBSD guest via bhyve on OmniOS. I will also be adding a Pass Through Ethernet Controller so I can have a multi-homed guest that will serve as a firewall/router.
3492 This post will cover setting up bhyve on OmniOS, so it will also be a good introduction to bhyve. As well, I look into OpenBSD’s uEFI boot loader so if you have had trouble with this, then you are in the right place.
3493 News Roundup
3494 BSD versus Linux distribution development (https://distrowatch.com/weekly.php?issue=20200622#qa)
3495 Q: Comparing-apples-to-BSDs asks: I was reading one of the old articles from the archive. One of the things mentioned was how the BSDs have a distinct approach in terms of packaging the base system relative to userland apps, and that the Linux distros at the time were not following the same practice. Are there Linux distros that have adopted the same approach in modern times? If not, are there technical limitations that are preventing them from doing so, such as some distros supporting multiple kernel versions maybe?
3496 DistroWatch answers: In the article mentioned above, I made the observation that Linux distributions tend to take one of two approaches when it comes to packaging software. Generally a Linux distribution will either offer a rolling release, where virtually all packages are regularly upgraded to their latest stable releases, or a fixed release where almost all packages are kept at a set version number and only receive bug fixes for the life cycle of the distribution. Projects like Arch Linux and Void are popular examples of rolling, always-up-to-date distributions while Fedora and Ubuntu offer fixed platforms.
3497 My FreeBSD Laptop Build (https://corrupted.io/2020/06/21/my-freebsd-laptop-build.html)
3498 I have always liked Thinkpad hardware and when I started to do more commuting I decided I needed something that had a decent sized screen but fit well on a bus. Luckily about this time Lenovo gave me a nice gift in the Thinkpad X390. Its basically the famous X2xx series but with a 13” screen and smaller bezel.
3499 So with this laptop I figured it was time to actually put the docs together on how I got my FreeBSD workstation working on it. I will here in the near future have another post that will cover this for HardenedBSD as well since the steps are similar but have a few extra gotchas due to the extra hardening.
3500 FreeBSD CURRENT Binary Upgrades (http://up.bsd.lv)
3501 Disclaimer
3502 This proof-of-concept is not a publication of FreeBSD.
3503 Description
3504 up.bsd.lv is a proof-of-concept of binary updates for FreeBSD/amd64 CURRENT/HEAD to facilitate the exhaustive testing of FreeBSD and the bhyve hypervisor and OpenZFS 2.0 specifically. Updates are based on the SVN revisions of official FreeBSD Release Engineering bi-monthly snapshots.
3505 Tarsnap
3506 This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.
3507 Feedback/Questions
3508 Karl - pfsense (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/359/Feedback/Karl%20-%20pfsense.md)
3509 Val - esxi question (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/359/Feedback/Val%20-%20esxi%20question.md)
3510 lars - openbsd router hardware (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/359/Feedback/lars%20-%20openbsd%20router%20hardware.md)
3511 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
3512 </description>
3513 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, operating system, os, zfs, interview, browser, throw-away, throw away, pot, omnios, vm, guest, virtualization, bhyve, linux, development, distribution, laptop, binary upgrades</itunes:keywords>
3514 <content:encoded>
3515 <![CDATA[<p>Throw-Away Browser on FreeBSD With "pot" within 5 minutes, OmniOS as OpenBSD guest with bhyve, BSD vs Linux distro development, My FreeBSD Laptop Build, FreeBSD CURRENT Binary Upgrades, and more.</p>
3516
3517 <p><strong><em>NOTES</em></strong><br>
3518 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/" rel="nofollow">Tarsnap</a></p>
3519
3520 <h2>Headlines</h2>
3521
3522 <h3><a href="https://honeyguide.eu/posts/pot-throwaway-firefox/" rel="nofollow">Throw-Away Browser on FreeBSD With "pot" Within 5 Minutes</a></h3>
3523
3524 <blockquote>
3525 <p>pot is a great and relatively new jail management tool. It offers DevOps style provisioning and can even be used to provide Docker-like, scalable cloud services together with nomad and consul (more about this in Orchestrating jails with nomad and pot).</p>
3526 </blockquote>
3527
3528 <hr>
3529
3530 <h3><a href="https://www.pbdigital.org/omniosce/bhyve/openbsd/2020/06/08/bhyve-zones-omnios.html" rel="nofollow">OpenBSD guest with bhyve - OmniOS</a></h3>
3531
3532 <blockquote>
3533 <p>Today I will be creating a OpenBSD guest via bhyve on OmniOS. I will also be adding a Pass Through Ethernet Controller so I can have a multi-homed guest that will serve as a firewall/router.<br>
3534 This post will cover setting up bhyve on OmniOS, so it will also be a good introduction to bhyve. As well, I look into OpenBSD’s uEFI boot loader so if you have had trouble with this, then you are in the right place.</p>
3535 </blockquote>
3536
3537 <hr>
3538
3539 <h2>News Roundup</h2>
3540
3541 <h3><a href="https://distrowatch.com/weekly.php?issue=20200622#qa" rel="nofollow">BSD versus Linux distribution development</a></h3>
3542
3543 <blockquote>
3544 <p>Q: Comparing-apples-to-BSDs asks: I was reading one of the old articles from the archive. One of the things mentioned was how the BSDs have a distinct approach in terms of packaging the base system relative to userland apps, and that the Linux distros at the time were not following the same practice. Are there Linux distros that have adopted the same approach in modern times? If not, are there technical limitations that are preventing them from doing so, such as some distros supporting multiple kernel versions maybe?<br>
3545 DistroWatch answers: In the article mentioned above, I made the observation that Linux distributions tend to take one of two approaches when it comes to packaging software. Generally a Linux distribution will either offer a rolling release, where virtually all packages are regularly upgraded to their latest stable releases, or a fixed release where almost all packages are kept at a set version number and only receive bug fixes for the life cycle of the distribution. Projects like Arch Linux and Void are popular examples of rolling, always-up-to-date distributions while Fedora and Ubuntu offer fixed platforms.</p>
3546
3547 <hr>
3548
3549 <h3><a href="https://corrupted.io/2020/06/21/my-freebsd-laptop-build.html" rel="nofollow">My FreeBSD Laptop Build</a></h3>
3550
3551 <p>I have always liked Thinkpad hardware and when I started to do more commuting I decided I needed something that had a decent sized screen but fit well on a bus. Luckily about this time Lenovo gave me a nice gift in the Thinkpad X390. Its basically the famous X2xx series but with a 13” screen and smaller bezel.<br>
3552 So with this laptop I figured it was time to actually put the docs together on how I got my FreeBSD workstation working on it. I will here in the near future have another post that will cover this for HardenedBSD as well since the steps are similar but have a few extra gotchas due to the extra hardening.</p>
3553
3554 <hr>
3555
3556 <h3><a href="http://up.bsd.lv" rel="nofollow">FreeBSD CURRENT Binary Upgrades</a></h3>
3557
3558 <ul>
3559 <li>Disclaimer
3560 This proof-of-concept is not a publication of FreeBSD.</li>
3561 <li>Description
3562 up.bsd.lv is a proof-of-concept of binary updates for FreeBSD/amd64 CURRENT/HEAD to facilitate the exhaustive testing of FreeBSD and the bhyve hypervisor and OpenZFS 2.0 specifically. Updates are based on the SVN revisions of official FreeBSD Release Engineering bi-monthly snapshots.</li>
3563 </ul>
3564 </blockquote>
3565
3566 <hr>
3567
3568 <h3>Tarsnap</h3>
3569
3570 <ul>
3571 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
3572 </ul>
3573
3574 <h2>Feedback/Questions</h2>
3575
3576 <ul>
3577 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/359/Feedback/Karl%20-%20pfsense.md" rel="nofollow">Karl - pfsense</a></li>
3578 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/359/Feedback/Val%20-%20esxi%20question.md" rel="nofollow">Val - esxi question</a></li>
3579 <li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/359/Feedback/lars%20-%20openbsd%20router%20hardware.md" rel="nofollow">lars - openbsd router hardware</a></p>
3580
3581 <hr></li>
3582 <li><p>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></p>
3583
3584 <hr></li>
3585 </ul>]]>
3586 </content:encoded>
3587 <itunes:summary>
3588 <![CDATA[<p>Throw-Away Browser on FreeBSD With "pot" within 5 minutes, OmniOS as OpenBSD guest with bhyve, BSD vs Linux distro development, My FreeBSD Laptop Build, FreeBSD CURRENT Binary Upgrades, and more.</p>
3589
3590 <p><strong><em>NOTES</em></strong><br>
3591 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/" rel="nofollow">Tarsnap</a></p>
3592
3593 <h2>Headlines</h2>
3594
3595 <h3><a href="https://honeyguide.eu/posts/pot-throwaway-firefox/" rel="nofollow">Throw-Away Browser on FreeBSD With "pot" Within 5 Minutes</a></h3>
3596
3597 <blockquote>
3598 <p>pot is a great and relatively new jail management tool. It offers DevOps style provisioning and can even be used to provide Docker-like, scalable cloud services together with nomad and consul (more about this in Orchestrating jails with nomad and pot).</p>
3599 </blockquote>
3600
3601 <hr>
3602
3603 <h3><a href="https://www.pbdigital.org/omniosce/bhyve/openbsd/2020/06/08/bhyve-zones-omnios.html" rel="nofollow">OpenBSD guest with bhyve - OmniOS</a></h3>
3604
3605 <blockquote>
3606 <p>Today I will be creating a OpenBSD guest via bhyve on OmniOS. I will also be adding a Pass Through Ethernet Controller so I can have a multi-homed guest that will serve as a firewall/router.<br>
3607 This post will cover setting up bhyve on OmniOS, so it will also be a good introduction to bhyve. As well, I look into OpenBSD’s uEFI boot loader so if you have had trouble with this, then you are in the right place.</p>
3608 </blockquote>
3609
3610 <hr>
3611
3612 <h2>News Roundup</h2>
3613
3614 <h3><a href="https://distrowatch.com/weekly.php?issue=20200622#qa" rel="nofollow">BSD versus Linux distribution development</a></h3>
3615
3616 <blockquote>
3617 <p>Q: Comparing-apples-to-BSDs asks: I was reading one of the old articles from the archive. One of the things mentioned was how the BSDs have a distinct approach in terms of packaging the base system relative to userland apps, and that the Linux distros at the time were not following the same practice. Are there Linux distros that have adopted the same approach in modern times? If not, are there technical limitations that are preventing them from doing so, such as some distros supporting multiple kernel versions maybe?<br>
3618 DistroWatch answers: In the article mentioned above, I made the observation that Linux distributions tend to take one of two approaches when it comes to packaging software. Generally a Linux distribution will either offer a rolling release, where virtually all packages are regularly upgraded to their latest stable releases, or a fixed release where almost all packages are kept at a set version number and only receive bug fixes for the life cycle of the distribution. Projects like Arch Linux and Void are popular examples of rolling, always-up-to-date distributions while Fedora and Ubuntu offer fixed platforms.</p>
3619
3620 <hr>
3621
3622 <h3><a href="https://corrupted.io/2020/06/21/my-freebsd-laptop-build.html" rel="nofollow">My FreeBSD Laptop Build</a></h3>
3623
3624 <p>I have always liked Thinkpad hardware and when I started to do more commuting I decided I needed something that had a decent sized screen but fit well on a bus. Luckily about this time Lenovo gave me a nice gift in the Thinkpad X390. Its basically the famous X2xx series but with a 13” screen and smaller bezel.<br>
3625 So with this laptop I figured it was time to actually put the docs together on how I got my FreeBSD workstation working on it. I will here in the near future have another post that will cover this for HardenedBSD as well since the steps are similar but have a few extra gotchas due to the extra hardening.</p>
3626
3627 <hr>
3628
3629 <h3><a href="http://up.bsd.lv" rel="nofollow">FreeBSD CURRENT Binary Upgrades</a></h3>
3630
3631 <ul>
3632 <li>Disclaimer
3633 This proof-of-concept is not a publication of FreeBSD.</li>
3634 <li>Description
3635 up.bsd.lv is a proof-of-concept of binary updates for FreeBSD/amd64 CURRENT/HEAD to facilitate the exhaustive testing of FreeBSD and the bhyve hypervisor and OpenZFS 2.0 specifically. Updates are based on the SVN revisions of official FreeBSD Release Engineering bi-monthly snapshots.</li>
3636 </ul>
3637 </blockquote>
3638
3639 <hr>
3640
3641 <h3>Tarsnap</h3>
3642
3643 <ul>
3644 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
3645 </ul>
3646
3647 <h2>Feedback/Questions</h2>
3648
3649 <ul>
3650 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/359/Feedback/Karl%20-%20pfsense.md" rel="nofollow">Karl - pfsense</a></li>
3651 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/359/Feedback/Val%20-%20esxi%20question.md" rel="nofollow">Val - esxi question</a></li>
3652 <li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/359/Feedback/lars%20-%20openbsd%20router%20hardware.md" rel="nofollow">lars - openbsd router hardware</a></p>
3653
3654 <hr></li>
3655 <li><p>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></p>
3656
3657 <hr></li>
3658 </ul>]]>
3659 </itunes:summary>
3660 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+UVrL7cMz</fireside:playerURL>
3661 <fireside:playerEmbedCode>
3662 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+UVrL7cMz" width="740" height="200" frameborder="0" scrolling="no">]]>
3663 </fireside:playerEmbedCode>
3664 </item>
3665 <item>
3666 <title>358: OpenBSD Kubernetes Clusters</title>
3667 <link>https://www.bsdnow.tv/358</link>
3668 <guid isPermaLink="false">dd2d31ad-23bc-492d-b813-caf9f661e315</guid>
3669 <pubDate>Thu, 09 Jul 2020 06:00:00 -0700</pubDate>
3670 <author>Allan Jude</author>
3671 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/dd2d31ad-23bc-492d-b813-caf9f661e315.mp3" length="43199240" type="audio/mpeg"/>
3672 <itunes:episodeType>full</itunes:episodeType>
3673 <itunes:author>Allan Jude</itunes:author>
3674 <itunes:subtitle>Yubikey-agent on FreeBSD, Managing Kubernetes clusters from OpenBSD, History of FreeBSD part 1, Running Jitsi-Meet in a FreeBSD Jail, Command Line Bug Hunting in FreeBSD, Game of Github, Wireguard official merged into OpenBSD, and more</itunes:subtitle>
3675 <itunes:duration>43:32</itunes:duration>
3676 <itunes:explicit>no</itunes:explicit>
3677 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
3678 <description>Yubikey-agent on FreeBSD, Managing Kubernetes clusters from OpenBSD, History of FreeBSD part 1, Running Jitsi-Meet in a FreeBSD Jail, Command Line Bug Hunting in FreeBSD, Game of Github, Wireguard official merged into OpenBSD, and more
3679 NOTES
3680 This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/)
3681 Headlines
3682 yubikey-agent on FreeBSD (https://kernelnomicon.org/?p=855)
3683 Some time ago Filippo Valsorda wrote yubikey-agent, seamless SSH agent for YubiKeys. I really like YubiKeys and worked on the FreeBSD support for U2F in Chromium and pyu2f, getting yubikey-agent ported looked like an interesting project. It took some hacking to make it work but overall it wasn’t hard. Following is the roadmap on how to get it set up on FreeBSD. The actual details depend on your system (as you will see)
3684 Manage Kubernetes clusters from OpenBSD (https://e1e0.net/manage-k8s-from-openbsd.html)
3685 This should work with OpenBSD 6.7. I write this while the source tree is locked for release, so even if I use -current this is as close as -current gets to -release
3686 Update 2020-06-05: we now have a port for kubectl. So, at least in -current things get a bit easier.
3687 News Roundup
3688 History of FreeBSD Part 1: Unix and BSD (https://klarasystems.com/articles/history-of-freebsd-unix-and-bsd/?utm_source=bsdnow)
3689 FreeBSD, a free and open-source Unix-like operating system has been around since 1993. However, its origins are directly linked to that of BSD, and further back, those of Unix. During this History of FreeBSD series, we will talk about how Unix came to be, and how Berkeley’s Unix developed at Bell Labs.
3690 Running Jitsi-Meet in a FreeBSD Jail (https://honeyguide.eu/posts/jitsi-freebsd/)
3691 Due to the situation with COVID-19 that also lead to people being confined to their homes in South Africa as well, we decided to provide a (freely usable of course) Jitsi Meet instance to the community being hosted in South Africa on our FreeBSD environment.
3692 That way, communities in South Africa and beyond have a free alternative to the commercial conferencing solutions with sometimes dubious security and privacy histories and at the same time improved user experience due to the lower latency of local hosting.
3693 + Grafana for Jitsi-Meet (https://honeyguide.eu/posts/jitsi-grafana/)
3694 Command Line Bug Hunting in FreeBSD (https://adventurist.me/posts/00301)
3695 FreeBSD uses bugzilla for tracking bugs, taking feature requests, regressions and issues in the Operating System. The web interface for bugzilla is okay, but if you want to do a lot of batch operations it is slow to deal with. We are planning to run a bugsquash on July 11th and that really needs some tooling to help any hackers that show up process the giant bug list we have.
3696 Beastie Bits
3697 Game of Github (https://glebbahmutov.com/game-of-github/)
3698 + Wireguard official merged into OpenBSD (https://marc.info/?l=openbsd-cvs&m=159274150512676&w=2)
3699 ***
3700 Tarsnap
3701 This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.
3702 Feedback/Questions
3703 Florian : Lua for $HOME (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/358/feedback/Florian%20-%20Lua%20for%20%24HOME)
3704 Kevin : FreeBSD Source Question (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/358/feedback/Kevin%20-%20FreeBSD%20Source%20Question)
3705 Tom : HomeLabs (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/358/feedback/Tom%20-%20HomeLabs)
3706 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
3707 </description>
3708 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, operating system, os, zfs, interview, yubikey, yubikey-agent, yubikey agent, agent, kubernetes, cluster, kubernetes cluster, history, jitsi, jitsi-meet, conference, video conferencing, conferencing, conferencing software, command line, bug, bug hunting, git, github, wireguard, merge</itunes:keywords>
3709 <content:encoded>
3710 <![CDATA[<p>Yubikey-agent on FreeBSD, Managing Kubernetes clusters from OpenBSD, History of FreeBSD part 1, Running Jitsi-Meet in a FreeBSD Jail, Command Line Bug Hunting in FreeBSD, Game of Github, Wireguard official merged into OpenBSD, and more</p>
3711
3712 <p><strong><em>NOTES</em></strong><br>
3713 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/" rel="nofollow">Tarsnap</a></p>
3714
3715 <h2>Headlines</h2>
3716
3717 <h3><a href="https://kernelnomicon.org/?p=855" rel="nofollow">yubikey-agent on FreeBSD</a></h3>
3718
3719 <blockquote>
3720 <p>Some time ago Filippo Valsorda wrote yubikey-agent, seamless SSH agent for YubiKeys. I really like YubiKeys and worked on the FreeBSD support for U2F in Chromium and pyu2f, getting yubikey-agent ported looked like an interesting project. It took some hacking to make it work but overall it wasn’t hard. Following is the roadmap on how to get it set up on FreeBSD. The actual details depend on your system (as you will see)</p>
3721
3722 <hr>
3723 </blockquote>
3724
3725 <h3><a href="https://e1e0.net/manage-k8s-from-openbsd.html" rel="nofollow">Manage Kubernetes clusters from OpenBSD</a></h3>
3726
3727 <blockquote>
3728 <p>This should work with OpenBSD 6.7. I write this while the source tree is locked for release, so even if I use -current this is as close as -current gets to -release<br>
3729 Update 2020-06-05: we now have a port for kubectl. So, at least in -current things get a bit easier.</p>
3730
3731 <hr>
3732 </blockquote>
3733
3734 <h2>News Roundup</h2>
3735
3736 <h3><a href="https://klarasystems.com/articles/history-of-freebsd-unix-and-bsd/?utm_source=bsdnow" rel="nofollow">History of FreeBSD Part 1: Unix and BSD</a></h3>
3737
3738 <blockquote>
3739 <p>FreeBSD, a free and open-source Unix-like operating system has been around since 1993. However, its origins are directly linked to that of BSD, and further back, those of Unix. During this History of FreeBSD series, we will talk about how Unix came to be, and how Berkeley’s Unix developed at Bell Labs.</p>
3740
3741 <hr>
3742 </blockquote>
3743
3744 <h3><a href="https://honeyguide.eu/posts/jitsi-freebsd/" rel="nofollow">Running Jitsi-Meet in a FreeBSD Jail</a></h3>
3745
3746 <blockquote>
3747 <p>Due to the situation with COVID-19 that also lead to people being confined to their homes in South Africa as well, we decided to provide a (freely usable of course) Jitsi Meet instance to the community being hosted in South Africa on our FreeBSD environment.<br>
3748 That way, communities in South Africa and beyond have a free alternative to the commercial conferencing solutions with sometimes dubious security and privacy histories and at the same time improved user experience due to the lower latency of local hosting.</p>
3749
3750 <ul>
3751 <li><a href="https://honeyguide.eu/posts/jitsi-grafana/" rel="nofollow">Grafana for Jitsi-Meet</a>
3752 ***</li>
3753 </ul>
3754 </blockquote>
3755
3756 <h3><a href="https://adventurist.me/posts/00301" rel="nofollow">Command Line Bug Hunting in FreeBSD</a></h3>
3757
3758 <blockquote>
3759 <p>FreeBSD uses bugzilla for tracking bugs, taking feature requests, regressions and issues in the Operating System. The web interface for bugzilla is okay, but if you want to do a lot of batch operations it is slow to deal with. We are planning to run a bugsquash on July 11th and that really needs some tooling to help any hackers that show up process the giant bug list we have.</p>
3760
3761 <hr>
3762 </blockquote>
3763
3764 <h2>Beastie Bits</h2>
3765
3766 <ul>
3767 <li><a href="https://glebbahmutov.com/game-of-github/" rel="nofollow">Game of Github</a></li>
3768 <li>+ <a href="https://marc.info/?l=openbsd-cvs&m=159274150512676&w=2" rel="nofollow">Wireguard official merged into OpenBSD</a>
3769 ***</li>
3770 </ul>
3771
3772 <h3>Tarsnap</h3>
3773
3774 <ul>
3775 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
3776 </ul>
3777
3778 <h2>Feedback/Questions</h2>
3779
3780 <ul>
3781 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/358/feedback/Florian%20-%20Lua%20for%20%24HOME" rel="nofollow">Florian : Lua for $HOME</a></li>
3782 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/358/feedback/Kevin%20-%20FreeBSD%20Source%20Question" rel="nofollow">Kevin : FreeBSD Source Question</a></li>
3783 <li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/358/feedback/Tom%20-%20HomeLabs" rel="nofollow">Tom : HomeLabs</a></p>
3784
3785 <hr></li>
3786 <li><p>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></p>
3787
3788 <hr></li>
3789 </ul>]]>
3790 </content:encoded>
3791 <itunes:summary>
3792 <![CDATA[<p>Yubikey-agent on FreeBSD, Managing Kubernetes clusters from OpenBSD, History of FreeBSD part 1, Running Jitsi-Meet in a FreeBSD Jail, Command Line Bug Hunting in FreeBSD, Game of Github, Wireguard official merged into OpenBSD, and more</p>
3793
3794 <p><strong><em>NOTES</em></strong><br>
3795 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/" rel="nofollow">Tarsnap</a></p>
3796
3797 <h2>Headlines</h2>
3798
3799 <h3><a href="https://kernelnomicon.org/?p=855" rel="nofollow">yubikey-agent on FreeBSD</a></h3>
3800
3801 <blockquote>
3802 <p>Some time ago Filippo Valsorda wrote yubikey-agent, seamless SSH agent for YubiKeys. I really like YubiKeys and worked on the FreeBSD support for U2F in Chromium and pyu2f, getting yubikey-agent ported looked like an interesting project. It took some hacking to make it work but overall it wasn’t hard. Following is the roadmap on how to get it set up on FreeBSD. The actual details depend on your system (as you will see)</p>
3803
3804 <hr>
3805 </blockquote>
3806
3807 <h3><a href="https://e1e0.net/manage-k8s-from-openbsd.html" rel="nofollow">Manage Kubernetes clusters from OpenBSD</a></h3>
3808
3809 <blockquote>
3810 <p>This should work with OpenBSD 6.7. I write this while the source tree is locked for release, so even if I use -current this is as close as -current gets to -release<br>
3811 Update 2020-06-05: we now have a port for kubectl. So, at least in -current things get a bit easier.</p>
3812
3813 <hr>
3814 </blockquote>
3815
3816 <h2>News Roundup</h2>
3817
3818 <h3><a href="https://klarasystems.com/articles/history-of-freebsd-unix-and-bsd/?utm_source=bsdnow" rel="nofollow">History of FreeBSD Part 1: Unix and BSD</a></h3>
3819
3820 <blockquote>
3821 <p>FreeBSD, a free and open-source Unix-like operating system has been around since 1993. However, its origins are directly linked to that of BSD, and further back, those of Unix. During this History of FreeBSD series, we will talk about how Unix came to be, and how Berkeley’s Unix developed at Bell Labs.</p>
3822
3823 <hr>
3824 </blockquote>
3825
3826 <h3><a href="https://honeyguide.eu/posts/jitsi-freebsd/" rel="nofollow">Running Jitsi-Meet in a FreeBSD Jail</a></h3>
3827
3828 <blockquote>
3829 <p>Due to the situation with COVID-19 that also lead to people being confined to their homes in South Africa as well, we decided to provide a (freely usable of course) Jitsi Meet instance to the community being hosted in South Africa on our FreeBSD environment.<br>
3830 That way, communities in South Africa and beyond have a free alternative to the commercial conferencing solutions with sometimes dubious security and privacy histories and at the same time improved user experience due to the lower latency of local hosting.</p>
3831
3832 <ul>
3833 <li><a href="https://honeyguide.eu/posts/jitsi-grafana/" rel="nofollow">Grafana for Jitsi-Meet</a>
3834 ***</li>
3835 </ul>
3836 </blockquote>
3837
3838 <h3><a href="https://adventurist.me/posts/00301" rel="nofollow">Command Line Bug Hunting in FreeBSD</a></h3>
3839
3840 <blockquote>
3841 <p>FreeBSD uses bugzilla for tracking bugs, taking feature requests, regressions and issues in the Operating System. The web interface for bugzilla is okay, but if you want to do a lot of batch operations it is slow to deal with. We are planning to run a bugsquash on July 11th and that really needs some tooling to help any hackers that show up process the giant bug list we have.</p>
3842
3843 <hr>
3844 </blockquote>
3845
3846 <h2>Beastie Bits</h2>
3847
3848 <ul>
3849 <li><a href="https://glebbahmutov.com/game-of-github/" rel="nofollow">Game of Github</a></li>
3850 <li>+ <a href="https://marc.info/?l=openbsd-cvs&m=159274150512676&w=2" rel="nofollow">Wireguard official merged into OpenBSD</a>
3851 ***</li>
3852 </ul>
3853
3854 <h3>Tarsnap</h3>
3855
3856 <ul>
3857 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
3858 </ul>
3859
3860 <h2>Feedback/Questions</h2>
3861
3862 <ul>
3863 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/358/feedback/Florian%20-%20Lua%20for%20%24HOME" rel="nofollow">Florian : Lua for $HOME</a></li>
3864 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/358/feedback/Kevin%20-%20FreeBSD%20Source%20Question" rel="nofollow">Kevin : FreeBSD Source Question</a></li>
3865 <li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/358/feedback/Tom%20-%20HomeLabs" rel="nofollow">Tom : HomeLabs</a></p>
3866
3867 <hr></li>
3868 <li><p>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></p>
3869
3870 <hr></li>
3871 </ul>]]>
3872 </itunes:summary>
3873 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+P91Xgc5O</fireside:playerURL>
3874 <fireside:playerEmbedCode>
3875 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+P91Xgc5O" width="740" height="200" frameborder="0" scrolling="no">]]>
3876 </fireside:playerEmbedCode>
3877 </item>
3878 <item>
3879 <title>357: Study the Code</title>
3880 <link>https://www.bsdnow.tv/357</link>
3881 <guid isPermaLink="false">3155c049-a0b4-4449-9ecb-1f820e68f542</guid>
3882 <pubDate>Thu, 02 Jul 2020 04:00:00 -0700</pubDate>
3883 <author>Allan Jude</author>
3884 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/3155c049-a0b4-4449-9ecb-1f820e68f542.mp3" length="36249920" type="audio/mpeg"/>
3885 <itunes:episodeType>full</itunes:episodeType>
3886 <itunes:author>Allan Jude</itunes:author>
3887 <itunes:subtitle>OpenBSD 6.7 on PC Engines, NetBSD code study, DRM Update on OpenBSD, Booting FreeBSD on HPE Microserver SATA port, 3 ways to multiboot, and more.</itunes:subtitle>
3888 <itunes:duration>37:59</itunes:duration>
3889 <itunes:explicit>no</itunes:explicit>
3890 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
3891 <description>OpenBSD 6.7 on PC Engines, NetBSD code study, DRM Update on OpenBSD, Booting FreeBSD on HPE Microserver SATA port, 3 ways to multiboot, and more.
3892 NOTES
3893 This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/)
3894 Headlines
3895 OpenBSD 6.7 on PC Engines APU4D4 (https://www.tumfatig.net/20200530/openbsd-6-7-on-pc-engines-apu4d4/)
3896 I just got myself a PC Engines APU4D4. I miss an OpenBSD box providing home services. It’s quite simple to install and run OpenBSD on this machine. And you can even update the BIOS from OpenBSD.
3897 NetBSD code study (http://silas.net.br/codereading/netbsd-code.html)
3898 News Roundup
3899 Booting FreeBSD off the HPE MicroServer Gen8 ODD SATA port (https://rubenerd.com/booting-freebsd-off-the-microserver-odd-sata-port/)
3900 My small homelab post generated a ton of questions and comments, most of them specific to running FreeBSD on the HP MicroServer. I’ll try and answer these over the coming week.
3901 Josh Paxton emailed to ask how I got FreeBSD booting on it, given the unconventional booting limitations of the hardware. I thought I wrote about it a few years ago, but maybe it’s on my proverbial draft heap. If you’re impatient, the script is in my lunchbox.
3902 3 ways to multiboot (https://marc.info/?l=openbsd-misc&m=159146428705118&w=2)
3903 multiboot installation of a BSD system with other operating systems
3904 (OSs) on UEFI hardware is not officially supported by any of the
3905 popular
3906 Beastie Bits
3907 pfSense2.4.5-Release-p1 now available (https://www.netgate.com/blog/pfsense-2-4-5-release-p1-now-available.html)
3908 BSDCan 2020 TomSmyth - OpenBSD And OpenBGPD As ISP Controlplane (https://www.youtube.com/watch?v=_eOVlaYWqS8)
3909 OpenBSD DRM Update (https://undeadly.org/cgi?action=article;sid=20200608075708)
3910 ***
3911 ###Tarsnap
3912 This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.
3913 Feedback/Questions
3914 James - Apple T2 (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/357/feedback/James%20-%20Apple%20T2)
3915 Michael - Jordyns ZFS Question (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/357/feedback/Michael%20-%20Jordyns%20ZFS%20Question)
3916 Note from JT (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/357/feedback/Note%20from%20JT)
3917 Rob - FreeBSD Freindly Registrar (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/357/feedback/Rob%20-%20FreeBSD%20Freindly%20Registrar)
3918 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
3919 ***
3920 </description>
3921 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, operating system, os, zfs, interview, pc engines, APU4D4, code study, code, study, drm, update, updates, booting, boot, HPE, MicroServer, SATA, SATA port</itunes:keywords>
3922 <content:encoded>
3923 <![CDATA[<p>OpenBSD 6.7 on PC Engines, NetBSD code study, DRM Update on OpenBSD, Booting FreeBSD on HPE Microserver SATA port, 3 ways to multiboot, and more.</p>
3924
3925 <p><strong><em>NOTES</em></strong><br>
3926 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/" rel="nofollow">Tarsnap</a></p>
3927
3928 <h2>Headlines</h2>
3929
3930 <h3><a href="https://www.tumfatig.net/20200530/openbsd-6-7-on-pc-engines-apu4d4/" rel="nofollow">OpenBSD 6.7 on PC Engines APU4D4</a></h3>
3931
3932 <blockquote>
3933 <p>I just got myself a PC Engines APU4D4. I miss an OpenBSD box providing home services. It’s quite simple to install and run OpenBSD on this machine. And you can even update the BIOS from OpenBSD.</p>
3934
3935 <hr>
3936
3937 <h3><a href="http://silas.net.br/codereading/netbsd-code.html" rel="nofollow">NetBSD code study</a></h3>
3938
3939 <hr>
3940 </blockquote>
3941
3942 <h2>News Roundup</h2>
3943
3944 <h3><a href="https://rubenerd.com/booting-freebsd-off-the-microserver-odd-sata-port/" rel="nofollow">Booting FreeBSD off the HPE MicroServer Gen8 ODD SATA port</a></h3>
3945
3946 <blockquote>
3947 <p>My small homelab post generated a ton of questions and comments, most of them specific to running FreeBSD on the HP MicroServer. I’ll try and answer these over the coming week.<br>
3948 Josh Paxton emailed to ask how I got FreeBSD booting on it, given the unconventional booting limitations of the hardware. I thought I wrote about it a few years ago, but maybe it’s on my proverbial draft heap. If you’re impatient, the script is in my lunchbox.</p>
3949
3950 <hr>
3951 </blockquote>
3952
3953 <h3><a href="https://marc.info/?l=openbsd-misc&m=159146428705118&w=2" rel="nofollow">3 ways to multiboot</a></h3>
3954
3955 <blockquote>
3956 <p>multiboot installation of a BSD system with other operating systems<br>
3957 (OSs) on UEFI hardware is not officially supported by any of the<br>
3958 popular</p>
3959
3960 <hr>
3961 </blockquote>
3962
3963 <h2>Beastie Bits</h2>
3964
3965 <ul>
3966 <li><a href="https://www.netgate.com/blog/pfsense-2-4-5-release-p1-now-available.html" rel="nofollow">pfSense2.4.5-Release-p1 now available</a></li>
3967 <li><a href="https://www.youtube.com/watch?v=_eOVlaYWqS8" rel="nofollow">BSDCan 2020 TomSmyth - OpenBSD And OpenBGPD As ISP Controlplane</a></li>
3968 <li><a href="https://undeadly.org/cgi?action=article;sid=20200608075708" rel="nofollow">OpenBSD DRM Update</a>
3969 ***
3970 ###Tarsnap</li>
3971 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
3972 </ul>
3973
3974 <h2>Feedback/Questions</h2>
3975
3976 <ul>
3977 <li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/357/feedback/James%20-%20Apple%20T2" rel="nofollow"> James - Apple T2</a></p></li>
3978 <li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/357/feedback/Michael%20-%20Jordyns%20ZFS%20Question" rel="nofollow">Michael - Jordyns ZFS Question</a></p>
3979
3980 <ul>
3981 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/357/feedback/Note%20from%20JT" rel="nofollow">Note from JT</a></li>
3982 </ul></li>
3983 <li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/357/feedback/Rob%20-%20FreeBSD%20Freindly%20Registrar" rel="nofollow">Rob - FreeBSD Freindly Registrar</a></p></li>
3984 </ul>
3985
3986 <hr>
3987
3988 <ul>
3989 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a>
3990 ***</li>
3991 </ul>]]>
3992 </content:encoded>
3993 <itunes:summary>
3994 <![CDATA[<p>OpenBSD 6.7 on PC Engines, NetBSD code study, DRM Update on OpenBSD, Booting FreeBSD on HPE Microserver SATA port, 3 ways to multiboot, and more.</p>
3995
3996 <p><strong><em>NOTES</em></strong><br>
3997 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/" rel="nofollow">Tarsnap</a></p>
3998
3999 <h2>Headlines</h2>
4000
4001 <h3><a href="https://www.tumfatig.net/20200530/openbsd-6-7-on-pc-engines-apu4d4/" rel="nofollow">OpenBSD 6.7 on PC Engines APU4D4</a></h3>
4002
4003 <blockquote>
4004 <p>I just got myself a PC Engines APU4D4. I miss an OpenBSD box providing home services. It’s quite simple to install and run OpenBSD on this machine. And you can even update the BIOS from OpenBSD.</p>
4005
4006 <hr>
4007
4008 <h3><a href="http://silas.net.br/codereading/netbsd-code.html" rel="nofollow">NetBSD code study</a></h3>
4009
4010 <hr>
4011 </blockquote>
4012
4013 <h2>News Roundup</h2>
4014
4015 <h3><a href="https://rubenerd.com/booting-freebsd-off-the-microserver-odd-sata-port/" rel="nofollow">Booting FreeBSD off the HPE MicroServer Gen8 ODD SATA port</a></h3>
4016
4017 <blockquote>
4018 <p>My small homelab post generated a ton of questions and comments, most of them specific to running FreeBSD on the HP MicroServer. I’ll try and answer these over the coming week.<br>
4019 Josh Paxton emailed to ask how I got FreeBSD booting on it, given the unconventional booting limitations of the hardware. I thought I wrote about it a few years ago, but maybe it’s on my proverbial draft heap. If you’re impatient, the script is in my lunchbox.</p>
4020
4021 <hr>
4022 </blockquote>
4023
4024 <h3><a href="https://marc.info/?l=openbsd-misc&m=159146428705118&w=2" rel="nofollow">3 ways to multiboot</a></h3>
4025
4026 <blockquote>
4027 <p>multiboot installation of a BSD system with other operating systems<br>
4028 (OSs) on UEFI hardware is not officially supported by any of the<br>
4029 popular</p>
4030
4031 <hr>
4032 </blockquote>
4033
4034 <h2>Beastie Bits</h2>
4035
4036 <ul>
4037 <li><a href="https://www.netgate.com/blog/pfsense-2-4-5-release-p1-now-available.html" rel="nofollow">pfSense2.4.5-Release-p1 now available</a></li>
4038 <li><a href="https://www.youtube.com/watch?v=_eOVlaYWqS8" rel="nofollow">BSDCan 2020 TomSmyth - OpenBSD And OpenBGPD As ISP Controlplane</a></li>
4039 <li><a href="https://undeadly.org/cgi?action=article;sid=20200608075708" rel="nofollow">OpenBSD DRM Update</a>
4040 ***
4041 ###Tarsnap</li>
4042 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
4043 </ul>
4044
4045 <h2>Feedback/Questions</h2>
4046
4047 <ul>
4048 <li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/357/feedback/James%20-%20Apple%20T2" rel="nofollow"> James - Apple T2</a></p></li>
4049 <li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/357/feedback/Michael%20-%20Jordyns%20ZFS%20Question" rel="nofollow">Michael - Jordyns ZFS Question</a></p>
4050
4051 <ul>
4052 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/357/feedback/Note%20from%20JT" rel="nofollow">Note from JT</a></li>
4053 </ul></li>
4054 <li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/357/feedback/Rob%20-%20FreeBSD%20Freindly%20Registrar" rel="nofollow">Rob - FreeBSD Freindly Registrar</a></p></li>
4055 </ul>
4056
4057 <hr>
4058
4059 <ul>
4060 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a>
4061 ***</li>
4062 </ul>]]>
4063 </itunes:summary>
4064 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+vQ-bTN1-</fireside:playerURL>
4065 <fireside:playerEmbedCode>
4066 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+vQ-bTN1-" width="740" height="200" frameborder="0" scrolling="no">]]>
4067 </fireside:playerEmbedCode>
4068 </item>
4069 <item>
4070 <title>356: Dig in Deeper</title>
4071 <link>https://www.bsdnow.tv/356</link>
4072 <guid isPermaLink="false">666c3655-32bf-4341-a986-ab085baa9c10</guid>
4073 <pubDate>Thu, 25 Jun 2020 04:00:00 -0700</pubDate>
4074 <author>Allan Jude</author>
4075 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/666c3655-32bf-4341-a986-ab085baa9c10.mp3" length="31946816" type="audio/mpeg"/>
4076 <itunes:episodeType>full</itunes:episodeType>
4077 <itunes:author>Allan Jude</itunes:author>
4078 <itunes:subtitle>TrueNAS is Multi-OS, Encrypted ZFS on NetBSD, FreeBSD’s new Code of Conduct, Gaming on OpenBSD, dig a little deeper, Hammer2 and periodic snapshots, and more.</itunes:subtitle>
4079 <itunes:duration>32:08</itunes:duration>
4080 <itunes:explicit>no</itunes:explicit>
4081 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
4082 <description>TrueNAS is Multi-OS, Encrypted ZFS on NetBSD, FreeBSD’s new Code of Conduct, Gaming on OpenBSD, dig a little deeper, Hammer2 and periodic snapshots, and more.
4083 NOTES
4084 This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/)
4085 Headlines
4086 TrueNAS is Multi-OS (https://www.ixsystems.com/blog/truenas-multi-os/)
4087 There was a time in history where all that mattered was an Operating System (OS) and the hardware it ran on — the “pre-software era”, if you will. Your hardware dictated the OS you used.
4088 Once software applications became prominent, your hardware’s OS determined the applications you could run. Application vendors were forced to juggle the burden of “portability” between OS platforms, choosing carefully the operating systems they’d develop their software to. Then, there were the great OS Wars of the 1990s, replete with the rampant competition, licensing battles, and nasty lawsuits, which more or less gave birth to the “open source OS” era.
4089 The advent of the hypervisor simultaneously gave way to the “virtual era” which set us on a path of agnosticism toward the OS. Instead of choosing from the applications available for your chosen OS, you could simply install another OS on the same hardware for your chosen application. The OS became nothing but a necessary cog in the stack.
4090 TrueNAS open storage enables this “post-OS era” with support for storage clients of all UNIX flavors, Linux, FreeBSD, Windows, MacOS, VMware, Citrix, and many others. Containerization has carried that mentality even further. An operating system, like the hardware that runs it, is now just thought of as part of the “infrastructure”.
4091 Encrypted ZFS on NetBSD 9.0, for a FreeBSD guy (https://rubenerd.com/encrypted-zfs-on-netbsd-9-for-a-freebsd-guy/)
4092 I had one of my other HP Microservers brought back from the office last week to help with this working-from-home world we’re in right now. I was going to wipe an old version of Debian Wheezy/Xen and install FreeBSD to mirror my other machines before thinking: why not NetBSD?
4093 News Roundup
4094 FreeBSD's New Code of Conduct (https://www.freebsd.org/internal/code-of-conduct.html)
4095 FreeBSD Announcement Email (https://raw.githubusercontent.com/BSDNow/bsdnow.tv/master/episodes/356/FBSD-CoC-Email)
4096 Gaming on OpenBSD (https://dataswamp.org/~solene/2020-06-05-openbsd-gaming.html)
4097 While no one would expect this, there are huge efforts from a small team to bring more games into OpenBSD. In fact, now some commercial games works natively now, thanks to Mono or Java. There are no wine or linux emulation layer in OpenBSD.
4098 Here is a small list of most well known games that run on OpenBSD:
4099 'dig' a little deeper (https://vishaltelangre.com/dig-a-little-deeper/)
4100 I knew the existence of the dig command but didn't exactly know when and how to use it. Then, just recently I encountered an issue that allowed me to learn and make use of it.
4101 HAMMER2 and periodic snapshots (https://www.dragonflydigest.com/2020/06/15/24635.html)
4102 The first version of HAMMER took automatic snapshots, set within the config for each filesystem. HAMMER2 now also takes automatic snapshots, via periodic(8) like most every repeating task on your DragonFly system.
4103 + git: Implement periodic hammer2 snapshots (http://lists.dragonflybsd.org/pipermail/commits/2020-June/769247.html)
4104 Tarsnap
4105 This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.
4106 Feedback/Questions
4107 Cy - OpenSSL relicensing (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/356/feedback/Cy%20-%20OPenSSL%20relicensing.md)
4108 Christian - lagg vlans and iocage (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/356/feedback/Christian%20-%20lagg%20vlans%20and%20iocage)
4109 Brad - SMR (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/356/feedback/Brad%20-%20SMR)
4110 ***
4111 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
4112 ***
4113 </description>
4114 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, truenas, multi os, os, operating system, code of conduct, code, conduct, encryption, encrypted, zfs, gaming, dig, hammer2, snapshot, snapshots, periodic, periodic snapshots</itunes:keywords>
4115 <content:encoded>
4116 <![CDATA[<p>TrueNAS is Multi-OS, Encrypted ZFS on NetBSD, FreeBSD’s new Code of Conduct, Gaming on OpenBSD, dig a little deeper, Hammer2 and periodic snapshots, and more.</p>
4117
4118 <p><strong><em>NOTES</em></strong><br>
4119 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/" rel="nofollow">Tarsnap</a></p>
4120
4121 <h2>Headlines</h2>
4122
4123 <h3><a href="https://www.ixsystems.com/blog/truenas-multi-os/" rel="nofollow">TrueNAS is Multi-OS</a></h3>
4124
4125 <blockquote>
4126 <p>There was a time in history where all that mattered was an Operating System (OS) and the hardware it ran on — the “pre-software era”, if you will. Your hardware dictated the OS you used.<br>
4127 Once software applications became prominent, your hardware’s OS determined the applications you could run. Application vendors were forced to juggle the burden of “portability” between OS platforms, choosing carefully the operating systems they’d develop their software to. Then, there were the great OS Wars of the 1990s, replete with the rampant competition, licensing battles, and nasty lawsuits, which more or less gave birth to the “open source OS” era.<br>
4128 The advent of the hypervisor simultaneously gave way to the “virtual era” which set us on a path of agnosticism toward the OS. Instead of choosing from the applications available for your chosen OS, you could simply install another OS on the same hardware for your chosen application. The OS became nothing but a necessary cog in the stack.<br>
4129 TrueNAS open storage enables this “post-OS era” with support for storage clients of all UNIX flavors, Linux, FreeBSD, Windows, MacOS, VMware, Citrix, and many others. Containerization has carried that mentality even further. An operating system, like the hardware that runs it, is now just thought of as part of the “infrastructure”.</p>
4130
4131 <hr>
4132
4133 <h3><a href="https://rubenerd.com/encrypted-zfs-on-netbsd-9-for-a-freebsd-guy/" rel="nofollow">Encrypted ZFS on NetBSD 9.0, for a FreeBSD guy</a></h3>
4134
4135 <p>I had one of my other HP Microservers brought back from the office last week to help with this working-from-home world we’re in right now. I was going to wipe an old version of Debian Wheezy/Xen and install FreeBSD to mirror my other machines before thinking: why not NetBSD?</p>
4136
4137 <hr>
4138 </blockquote>
4139
4140 <h2>News Roundup</h2>
4141
4142 <h3><a href="https://www.freebsd.org/internal/code-of-conduct.html" rel="nofollow">FreeBSD's New Code of Conduct</a></h3>
4143
4144 <ul>
4145 <li><a href="https://raw.githubusercontent.com/BSDNow/bsdnow.tv/master/episodes/356/FBSD-CoC-Email" rel="nofollow">FreeBSD Announcement Email</a></li>
4146 </ul>
4147
4148 <hr>
4149
4150 <h3><a href="https://dataswamp.org/%7Esolene/2020-06-05-openbsd-gaming.html" rel="nofollow">Gaming on OpenBSD</a></h3>
4151
4152 <blockquote>
4153 <p>While no one would expect this, there are huge efforts from a small team to bring more games into OpenBSD. In fact, now some commercial games works natively now, thanks to Mono or Java. There are no wine or linux emulation layer in OpenBSD.<br>
4154 Here is a small list of most well known games that run on OpenBSD:</p>
4155
4156 <hr>
4157
4158 <h3><a href="https://vishaltelangre.com/dig-a-little-deeper/" rel="nofollow">'dig' a little deeper</a></h3>
4159
4160 <p>I knew the existence of the dig command but didn't exactly know when and how to use it. Then, just recently I encountered an issue that allowed me to learn and make use of it.</p>
4161
4162 <hr>
4163
4164 <h3><a href="https://www.dragonflydigest.com/2020/06/15/24635.html" rel="nofollow">HAMMER2 and periodic snapshots</a></h3>
4165
4166 <p>The first version of HAMMER took automatic snapshots, set within the config for each filesystem. HAMMER2 now also takes automatic snapshots, via periodic(8) like most every repeating task on your DragonFly system.</p>
4167
4168 <ul>
4169 <li><a href="http://lists.dragonflybsd.org/pipermail/commits/2020-June/769247.html" rel="nofollow">git: Implement periodic hammer2 snapshots</a>
4170 ***</li>
4171 </ul>
4172 </blockquote>
4173
4174 <h3>Tarsnap</h3>
4175
4176 <ul>
4177 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
4178 </ul>
4179
4180 <h2>Feedback/Questions</h2>
4181
4182 <ul>
4183 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/356/feedback/Cy%20-%20OPenSSL%20relicensing.md" rel="nofollow">Cy - OpenSSL relicensing</a></li>
4184 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/356/feedback/Christian%20-%20lagg%20vlans%20and%20iocage" rel="nofollow">Christian - lagg vlans and iocage</a></li>
4185 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/356/feedback/Brad%20-%20SMR" rel="nofollow">Brad - SMR</a>
4186 ***</li>
4187 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a>
4188 ***</li>
4189 </ul>]]>
4190 </content:encoded>
4191 <itunes:summary>
4192 <![CDATA[<p>TrueNAS is Multi-OS, Encrypted ZFS on NetBSD, FreeBSD’s new Code of Conduct, Gaming on OpenBSD, dig a little deeper, Hammer2 and periodic snapshots, and more.</p>
4193
4194 <p><strong><em>NOTES</em></strong><br>
4195 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/" rel="nofollow">Tarsnap</a></p>
4196
4197 <h2>Headlines</h2>
4198
4199 <h3><a href="https://www.ixsystems.com/blog/truenas-multi-os/" rel="nofollow">TrueNAS is Multi-OS</a></h3>
4200
4201 <blockquote>
4202 <p>There was a time in history where all that mattered was an Operating System (OS) and the hardware it ran on — the “pre-software era”, if you will. Your hardware dictated the OS you used.<br>
4203 Once software applications became prominent, your hardware’s OS determined the applications you could run. Application vendors were forced to juggle the burden of “portability” between OS platforms, choosing carefully the operating systems they’d develop their software to. Then, there were the great OS Wars of the 1990s, replete with the rampant competition, licensing battles, and nasty lawsuits, which more or less gave birth to the “open source OS” era.<br>
4204 The advent of the hypervisor simultaneously gave way to the “virtual era” which set us on a path of agnosticism toward the OS. Instead of choosing from the applications available for your chosen OS, you could simply install another OS on the same hardware for your chosen application. The OS became nothing but a necessary cog in the stack.<br>
4205 TrueNAS open storage enables this “post-OS era” with support for storage clients of all UNIX flavors, Linux, FreeBSD, Windows, MacOS, VMware, Citrix, and many others. Containerization has carried that mentality even further. An operating system, like the hardware that runs it, is now just thought of as part of the “infrastructure”.</p>
4206
4207 <hr>
4208
4209 <h3><a href="https://rubenerd.com/encrypted-zfs-on-netbsd-9-for-a-freebsd-guy/" rel="nofollow">Encrypted ZFS on NetBSD 9.0, for a FreeBSD guy</a></h3>
4210
4211 <p>I had one of my other HP Microservers brought back from the office last week to help with this working-from-home world we’re in right now. I was going to wipe an old version of Debian Wheezy/Xen and install FreeBSD to mirror my other machines before thinking: why not NetBSD?</p>
4212
4213 <hr>
4214 </blockquote>
4215
4216 <h2>News Roundup</h2>
4217
4218 <h3><a href="https://www.freebsd.org/internal/code-of-conduct.html" rel="nofollow">FreeBSD's New Code of Conduct</a></h3>
4219
4220 <ul>
4221 <li><a href="https://raw.githubusercontent.com/BSDNow/bsdnow.tv/master/episodes/356/FBSD-CoC-Email" rel="nofollow">FreeBSD Announcement Email</a></li>
4222 </ul>
4223
4224 <hr>
4225
4226 <h3><a href="https://dataswamp.org/%7Esolene/2020-06-05-openbsd-gaming.html" rel="nofollow">Gaming on OpenBSD</a></h3>
4227
4228 <blockquote>
4229 <p>While no one would expect this, there are huge efforts from a small team to bring more games into OpenBSD. In fact, now some commercial games works natively now, thanks to Mono or Java. There are no wine or linux emulation layer in OpenBSD.<br>
4230 Here is a small list of most well known games that run on OpenBSD:</p>
4231
4232 <hr>
4233
4234 <h3><a href="https://vishaltelangre.com/dig-a-little-deeper/" rel="nofollow">'dig' a little deeper</a></h3>
4235
4236 <p>I knew the existence of the dig command but didn't exactly know when and how to use it. Then, just recently I encountered an issue that allowed me to learn and make use of it.</p>
4237
4238 <hr>
4239
4240 <h3><a href="https://www.dragonflydigest.com/2020/06/15/24635.html" rel="nofollow">HAMMER2 and periodic snapshots</a></h3>
4241
4242 <p>The first version of HAMMER took automatic snapshots, set within the config for each filesystem. HAMMER2 now also takes automatic snapshots, via periodic(8) like most every repeating task on your DragonFly system.</p>
4243
4244 <ul>
4245 <li><a href="http://lists.dragonflybsd.org/pipermail/commits/2020-June/769247.html" rel="nofollow">git: Implement periodic hammer2 snapshots</a>
4246 ***</li>
4247 </ul>
4248 </blockquote>
4249
4250 <h3>Tarsnap</h3>
4251
4252 <ul>
4253 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
4254 </ul>
4255
4256 <h2>Feedback/Questions</h2>
4257
4258 <ul>
4259 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/356/feedback/Cy%20-%20OPenSSL%20relicensing.md" rel="nofollow">Cy - OpenSSL relicensing</a></li>
4260 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/356/feedback/Christian%20-%20lagg%20vlans%20and%20iocage" rel="nofollow">Christian - lagg vlans and iocage</a></li>
4261 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/356/feedback/Brad%20-%20SMR" rel="nofollow">Brad - SMR</a>
4262 ***</li>
4263 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a>
4264 ***</li>
4265 </ul>]]>
4266 </itunes:summary>
4267 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+HzIuofKd</fireside:playerURL>
4268 <fireside:playerEmbedCode>
4269 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+HzIuofKd" width="740" height="200" frameborder="0" scrolling="no">]]>
4270 </fireside:playerEmbedCode>
4271 </item>
4272 <item>
4273 <title>355: Man Page Origins</title>
4274 <link>https://www.bsdnow.tv/355</link>
4275 <guid isPermaLink="false">369decb7-b522-4745-b385-2339d05211d9</guid>
4276 <pubDate>Thu, 18 Jun 2020 04:00:00 -0700</pubDate>
4277 <author>Allan Jude</author>
4278 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/369decb7-b522-4745-b385-2339d05211d9.mp3" length="40900704" type="audio/mpeg"/>
4279 <itunes:episodeType>full</itunes:episodeType>
4280 <itunes:author>Allan Jude</itunes:author>
4281 <itunes:subtitle>Upgrading OpenBSD, Where do Unix man pages come from?, Help for NetBSD’s VAX port, FreeBSD on Dell Latitude 7390, PFS Tool changes in DragonflyBSD, and more.</itunes:subtitle>
4282 <itunes:duration>40:39</itunes:duration>
4283 <itunes:explicit>no</itunes:explicit>
4284 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
4285 <description>Upgrading OpenBSD, Where do Unix man pages come from?, Help for NetBSD’s VAX port, FreeBSD on Dell Latitude 7390, PFS Tool changes in DragonflyBSD, and more.
4286 NOTES
4287 This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/)
4288 Headlines
4289 How to Upgrade OpenBSD and Build a Kernel (https://cromwell-intl.com/open-source/openbsd-kernel.html)
4290 Let's see how to upgrade your OpenBSD system. Maybe you are doing this because the latest release just came out. If so, this is pretty simple: back up your data, boot from install media, and select "Upgrade" instead of "Install". But maybe the latest release has been out for a few months. Why would we go through the trouble of building and installing a new kernel or other core system components? Maybe some patches have been released to improve system security or stability. It is pretty easy to build and install a kernel on OpenBSD, easier and simpler in many ways than it is on Linux.
4291 The History of man pages (https://manpages.bsd.lv/history.html)
4292 Where do UNIX manpages come from? Who introduced the section-based layout of NAME, SYNOPSIS, and so on? And for manpage authors: where were those economical two- and three-letter instructions developed?
4293 VAX port needs help (http://blog.netbsd.org/tnf/entry/vax_port_needs_help)
4294 The VAX is the oldest machine architecture still supported by NetBSD.
4295 Unfortunately there is another challenge, totally outside of NetBSD, but affecting the VAX port big time: the compiler support for VAX is ... let's say sub-optimal. It is also risking to be dropped completely by gcc upstream.
4296 Now here is where people can help: there is a bounty campaign to finance a gcc hacker to fix the hardest and most immediate issue with gcc for VAX. Without this being resolved, gcc will drop support for VAX in a near future version.
4297 My new FreeBSD Laptop: Dell Latitude 7390 (http://www.daemonology.net/blog/2020-05-22-my-new-FreeBSD-laptop-Dell-7390.html)
4298 As a FreeBSD developer, I make a point of using FreeBSD whenever I can — including on the desktop. I've been running FreeBSD on laptops since 2004; this hasn't always been easy, but over the years I've found that the situation has generally been improving. One of the things we still lack is adequate documentation, however — so I'm writing this to provide an example for users and also Google bait in case anyone runs into some of the problems I had to address.
4299 PFS tool changes in DragonFly (https://www.dragonflydigest.com/2020/06/09/24612.html)
4300 HAMMER2 just became a little more DWIM: the pfs-list and pfs-delete directives will now look across all mounted filesystems, not just the current directory’s mount path. pfs-delete won’t delete any filesystem name that appears in more than one place, though
4301 + git: hammer2 - Enhance pfs-list and pfs-delete (http://lists.dragonflybsd.org/pipermail/commits/2020-June/769226.html)
4302 Enhance pfs-list to list PFSs available across all mounted hammer2 filesystems instead of just the current directory's mount. A specific mount may be specified via -s mountpt.
4303 Enhance pfs-delete to look for the PFS name across all mounted hammer2 filesystems instead of just the current directory's mount.
4304 As a safety, pfs-delete will refuse to delete PFS names which are duplicated across multiple mounts. A specific mount may be specified via -s mountpt.
4305 Beastie Bits
4306 BastilleBSD Templates (https://gitlab.com/bastillebsd-templates)
4307 Tianocore update (https://www.dragonflydigest.com/2020/06/08/24610.html)
4308 Reminder: FreeBSD Office Hours on June 24, 2020 (https://wiki.freebsd.org/OfficeHours)
4309 ***
4310 ###Tarsnap
4311 This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.
4312 Feedback/Questions
4313 Niclas - Regarding the Lenovo E595 user from Episode 340 (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/355/feedback/Niclas%20-%20Regarding%20the%20Lenovo%20E595%20user%20from%20Episode%20340.md)
4314 Erik - What happened with the video (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/355/feedback/Erik%20-%20What%20happened%20with%20the%20video.md)
4315 Igor - Boot Environments (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/355/feedback/Igor%20-%20Boot%20Environments.md)
4316 ***
4317 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
4318 ***
4319 </description>
4320 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, upgrade, upgrading, manual, manual pages, man pages, manpages, VAX, dell, dell latitude, latitude 7390, dell latitude 7390, pfs</itunes:keywords>
4321 <content:encoded>
4322 <![CDATA[<p>Upgrading OpenBSD, Where do Unix man pages come from?, Help for NetBSD’s VAX port, FreeBSD on Dell Latitude 7390, PFS Tool changes in DragonflyBSD, and more.</p>
4323
4324 <p><strong><em>NOTES</em></strong><br>
4325 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/" rel="nofollow">Tarsnap</a></p>
4326
4327 <h2>Headlines</h2>
4328
4329 <h3><a href="https://cromwell-intl.com/open-source/openbsd-kernel.html" rel="nofollow">How to Upgrade OpenBSD and Build a Kernel</a></h3>
4330
4331 <blockquote>
4332 <p>Let's see how to upgrade your OpenBSD system. Maybe you are doing this because the latest release just came out. If so, this is pretty simple: back up your data, boot from install media, and select "Upgrade" instead of "Install". But maybe the latest release has been out for a few months. Why would we go through the trouble of building and installing a new kernel or other core system components? Maybe some patches have been released to improve system security or stability. It is pretty easy to build and install a kernel on OpenBSD, easier and simpler in many ways than it is on Linux.</p>
4333 </blockquote>
4334
4335 <hr>
4336
4337 <h3><a href="https://manpages.bsd.lv/history.html" rel="nofollow">The History of man pages</a></h3>
4338
4339 <blockquote>
4340 <p>Where do UNIX manpages come from? Who introduced the section-based layout of NAME, SYNOPSIS, and so on? And for manpage authors: where were those economical two- and three-letter instructions developed?</p>
4341
4342 <hr>
4343 </blockquote>
4344
4345 <h3><a href="http://blog.netbsd.org/tnf/entry/vax_port_needs_help" rel="nofollow">VAX port needs help</a></h3>
4346
4347 <blockquote>
4348 <p>The VAX is the oldest machine architecture still supported by NetBSD.<br>
4349 Unfortunately there is another challenge, totally outside of NetBSD, but affecting the VAX port big time: the compiler support for VAX is ... let's say sub-optimal. It is also risking to be dropped completely by gcc upstream.<br>
4350 Now here is where people can help: there is a bounty campaign to finance a gcc hacker to fix the hardest and most immediate issue with gcc for VAX. Without this being resolved, gcc will drop support for VAX in a near future version.</p>
4351
4352 <hr>
4353 </blockquote>
4354
4355 <h3><a href="http://www.daemonology.net/blog/2020-05-22-my-new-FreeBSD-laptop-Dell-7390.html" rel="nofollow">My new FreeBSD Laptop: Dell Latitude 7390</a></h3>
4356
4357 <blockquote>
4358 <p>As a FreeBSD developer, I make a point of using FreeBSD whenever I can — including on the desktop. I've been running FreeBSD on laptops since 2004; this hasn't always been easy, but over the years I've found that the situation has generally been improving. One of the things we still lack is adequate documentation, however — so I'm writing this to provide an example for users and also Google bait in case anyone runs into some of the problems I had to address.</p>
4359
4360 <hr>
4361 </blockquote>
4362
4363 <h3><a href="https://www.dragonflydigest.com/2020/06/09/24612.html" rel="nofollow">PFS tool changes in DragonFly</a></h3>
4364
4365 <blockquote>
4366 <p>HAMMER2 just became a little more DWIM: the pfs-list and pfs-delete directives will now look across all mounted filesystems, not just the current directory’s mount path. pfs-delete won’t delete any filesystem name that appears in more than one place, though</p>
4367
4368 <ul>
4369 <li><a href="http://lists.dragonflybsd.org/pipermail/commits/2020-June/769226.html" rel="nofollow">git: hammer2 - Enhance pfs-list and pfs-delete</a>
4370 Enhance pfs-list to list PFSs available across all mounted hammer2 filesystems instead of just the current directory's mount. A specific mount may be specified via -s mountpt.
4371 Enhance pfs-delete to look for the PFS name across all mounted hammer2 filesystems instead of just the current directory's mount.
4372 As a safety, pfs-delete will refuse to delete PFS names which are duplicated across multiple mounts. A specific mount may be specified via -s mountpt.</li>
4373 </ul>
4374 </blockquote>
4375
4376 <hr>
4377
4378 <h2>Beastie Bits</h2>
4379
4380 <ul>
4381 <li><a href="https://gitlab.com/bastillebsd-templates" rel="nofollow">BastilleBSD Templates</a></li>
4382 <li><a href="https://www.dragonflydigest.com/2020/06/08/24610.html" rel="nofollow">Tianocore update</a></li>
4383 <li><a href="https://wiki.freebsd.org/OfficeHours" rel="nofollow">Reminder: FreeBSD Office Hours on June 24, 2020</a>
4384 ***
4385 ###Tarsnap</li>
4386 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
4387 </ul>
4388
4389 <h2>Feedback/Questions</h2>
4390
4391 <ul>
4392 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/355/feedback/Niclas%20-%20Regarding%20the%20Lenovo%20E595%20user%20from%20Episode%20340.md" rel="nofollow">Niclas - Regarding the Lenovo E595 user from Episode 340</a></li>
4393 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/355/feedback/Erik%20-%20What%20happened%20with%20the%20video.md" rel="nofollow">Erik - What happened with the video</a></li>
4394 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/355/feedback/Igor%20-%20Boot%20Environments.md" rel="nofollow">Igor - Boot Environments</a>
4395 ***</li>
4396 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a>
4397 ***</li>
4398 </ul>]]>
4399 </content:encoded>
4400 <itunes:summary>
4401 <![CDATA[<p>Upgrading OpenBSD, Where do Unix man pages come from?, Help for NetBSD’s VAX port, FreeBSD on Dell Latitude 7390, PFS Tool changes in DragonflyBSD, and more.</p>
4402
4403 <p><strong><em>NOTES</em></strong><br>
4404 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/" rel="nofollow">Tarsnap</a></p>
4405
4406 <h2>Headlines</h2>
4407
4408 <h3><a href="https://cromwell-intl.com/open-source/openbsd-kernel.html" rel="nofollow">How to Upgrade OpenBSD and Build a Kernel</a></h3>
4409
4410 <blockquote>
4411 <p>Let's see how to upgrade your OpenBSD system. Maybe you are doing this because the latest release just came out. If so, this is pretty simple: back up your data, boot from install media, and select "Upgrade" instead of "Install". But maybe the latest release has been out for a few months. Why would we go through the trouble of building and installing a new kernel or other core system components? Maybe some patches have been released to improve system security or stability. It is pretty easy to build and install a kernel on OpenBSD, easier and simpler in many ways than it is on Linux.</p>
4412 </blockquote>
4413
4414 <hr>
4415
4416 <h3><a href="https://manpages.bsd.lv/history.html" rel="nofollow">The History of man pages</a></h3>
4417
4418 <blockquote>
4419 <p>Where do UNIX manpages come from? Who introduced the section-based layout of NAME, SYNOPSIS, and so on? And for manpage authors: where were those economical two- and three-letter instructions developed?</p>
4420
4421 <hr>
4422 </blockquote>
4423
4424 <h3><a href="http://blog.netbsd.org/tnf/entry/vax_port_needs_help" rel="nofollow">VAX port needs help</a></h3>
4425
4426 <blockquote>
4427 <p>The VAX is the oldest machine architecture still supported by NetBSD.<br>
4428 Unfortunately there is another challenge, totally outside of NetBSD, but affecting the VAX port big time: the compiler support for VAX is ... let's say sub-optimal. It is also risking to be dropped completely by gcc upstream.<br>
4429 Now here is where people can help: there is a bounty campaign to finance a gcc hacker to fix the hardest and most immediate issue with gcc for VAX. Without this being resolved, gcc will drop support for VAX in a near future version.</p>
4430
4431 <hr>
4432 </blockquote>
4433
4434 <h3><a href="http://www.daemonology.net/blog/2020-05-22-my-new-FreeBSD-laptop-Dell-7390.html" rel="nofollow">My new FreeBSD Laptop: Dell Latitude 7390</a></h3>
4435
4436 <blockquote>
4437 <p>As a FreeBSD developer, I make a point of using FreeBSD whenever I can — including on the desktop. I've been running FreeBSD on laptops since 2004; this hasn't always been easy, but over the years I've found that the situation has generally been improving. One of the things we still lack is adequate documentation, however — so I'm writing this to provide an example for users and also Google bait in case anyone runs into some of the problems I had to address.</p>
4438
4439 <hr>
4440 </blockquote>
4441
4442 <h3><a href="https://www.dragonflydigest.com/2020/06/09/24612.html" rel="nofollow">PFS tool changes in DragonFly</a></h3>
4443
4444 <blockquote>
4445 <p>HAMMER2 just became a little more DWIM: the pfs-list and pfs-delete directives will now look across all mounted filesystems, not just the current directory’s mount path. pfs-delete won’t delete any filesystem name that appears in more than one place, though</p>
4446
4447 <ul>
4448 <li><a href="http://lists.dragonflybsd.org/pipermail/commits/2020-June/769226.html" rel="nofollow">git: hammer2 - Enhance pfs-list and pfs-delete</a>
4449 Enhance pfs-list to list PFSs available across all mounted hammer2 filesystems instead of just the current directory's mount. A specific mount may be specified via -s mountpt.
4450 Enhance pfs-delete to look for the PFS name across all mounted hammer2 filesystems instead of just the current directory's mount.
4451 As a safety, pfs-delete will refuse to delete PFS names which are duplicated across multiple mounts. A specific mount may be specified via -s mountpt.</li>
4452 </ul>
4453 </blockquote>
4454
4455 <hr>
4456
4457 <h2>Beastie Bits</h2>
4458
4459 <ul>
4460 <li><a href="https://gitlab.com/bastillebsd-templates" rel="nofollow">BastilleBSD Templates</a></li>
4461 <li><a href="https://www.dragonflydigest.com/2020/06/08/24610.html" rel="nofollow">Tianocore update</a></li>
4462 <li><a href="https://wiki.freebsd.org/OfficeHours" rel="nofollow">Reminder: FreeBSD Office Hours on June 24, 2020</a>
4463 ***
4464 ###Tarsnap</li>
4465 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
4466 </ul>
4467
4468 <h2>Feedback/Questions</h2>
4469
4470 <ul>
4471 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/355/feedback/Niclas%20-%20Regarding%20the%20Lenovo%20E595%20user%20from%20Episode%20340.md" rel="nofollow">Niclas - Regarding the Lenovo E595 user from Episode 340</a></li>
4472 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/355/feedback/Erik%20-%20What%20happened%20with%20the%20video.md" rel="nofollow">Erik - What happened with the video</a></li>
4473 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/355/feedback/Igor%20-%20Boot%20Environments.md" rel="nofollow">Igor - Boot Environments</a>
4474 ***</li>
4475 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a>
4476 ***</li>
4477 </ul>]]>
4478 </itunes:summary>
4479 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+r7kZ_1JZ</fireside:playerURL>
4480 <fireside:playerEmbedCode>
4481 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+r7kZ_1JZ" width="740" height="200" frameborder="0" scrolling="no">]]>
4482 </fireside:playerEmbedCode>
4483 </item>
4484 <item>
4485 <title>354: ZFS safekeeps data</title>
4486 <link>https://www.bsdnow.tv/354</link>
4487 <guid isPermaLink="false">2b93f76f-bbea-49a0-8cf1-80c997d4510e</guid>
4488 <pubDate>Thu, 11 Jun 2020 04:00:00 -0700</pubDate>
4489 <author>Allan Jude</author>
4490 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/2b93f76f-bbea-49a0-8cf1-80c997d4510e.mp3" length="33544616" type="audio/mpeg"/>
4491 <itunes:episodeType>full</itunes:episodeType>
4492 <itunes:author>Allan Jude</itunes:author>
4493 <itunes:subtitle>FreeBSD 11.4-RC 2 available, OpenBSD 6.7 on a PineBook Pro 64, How OpenZFS Keeps Your Data Safe, Bringing FreeBSD to EC2, FreeBSD 2020 Community Survey, and more.</itunes:subtitle>
4494 <itunes:duration>35:07</itunes:duration>
4495 <itunes:explicit>no</itunes:explicit>
4496 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
4497 <description>FreeBSD 11.4-RC 2 available, OpenBSD 6.7 on a PineBook Pro 64, How OpenZFS Keeps Your Data Safe, Bringing FreeBSD to EC2, FreeBSD 2020 Community Survey, and more.
4498 NOTES
4499 This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/)
4500 Headlines
4501 FreeBSD 11.4-RC2 Now Available (https://lists.freebsd.org/pipermail/freebsd-stable/2020-May/092320.html)
4502 The second RC build of the 11.4-RELEASE release cycle is now available.
4503 + 11.4-RELEASE notes (https://www.freebsd.org/releases/11.4R/relnotes.html) (still in progress at the time of recording)
4504 Install OpenBSD 6.7-current on a PineBook Pro 64 (https://xosc.org/pinebookpro.html)
4505 This document is work in progress and I'll update the date above once I change something. If you have something to add, remarks, etc please contact me. Preferably via Mastodon but other means of communication are also fine.
4506 News Roundup
4507 Understanding How OpenZFS Keeps Your Data Safe (https://www.ixsystems.com/blog/openzfs-keeps-your-data-safe/)
4508 Veteran technology writer Jim Salter wrote an excellent guide on the ZFS file system’s features and performance that we absolutely had to share. There’s plenty of information in the article for ZFS newbies and advanced users alike. Be sure to check out the article over at Ars Technica to learn more about ZFS concepts including pools, vdevs, datasets, snapshots, and replication, just to name a few.
4509 Bringing FreeBSD to ec2 (https://www.lastweekinaws.com/podcast/screaming-in-the-cloud/bringing-freebsd-to-ec2-with-colin-percival/)
4510 Colin is the founder of Tarsnap, a secure online backup service which combines the flexibility and scriptability of the standard UNIX "tar" utility with strong encryption, deduplication, and the reliability of Amazon S3 storage. Having started work on Tarsnap in 2006, Colin is among the first generation of users of Amazon Web Services, and has written dozens of articles about his experiences with AWS on his blog.
4511 FreeBSD 2020 Community Survey (https://www.research.net/r/freebsd-2020-community-survey)
4512 The FreeBSD Core Team invites you to complete the 2020 FreeBSD Community Survey. The purpose of this survey is to collect quantitative data from the public in order to help guide the project’s priorities and efforts. This is only the second time a survey has been conducted by the FreeBSD Project and your input is valued.
4513 The survey will remain open for 14 days and will close on June 16th at 17:00 UTC (Tuesday 10am PDT).
4514 Beastie Bits
4515 FreeBSD Project Proposals (https://www.freebsdfoundation.org/blog/submit-your-freebsd-project-proposal)
4516 TJ Hacking (https://www.youtube.com/channel/UCknj_nW8JWcFJOAbgd5_Zgw)
4517 Scotland Open Source podcast (https://twitter.com/ScotlandOSUM/status/1265987126321188864?s=19)
4518 Next FreeBSD Office Hours on June 24, 2020 (https://wiki.freebsd.org/OfficeHours)
4519 ***
4520 Feedback/Questions
4521 Tom - Writing for LPIrstudio (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/354/feedback/Tom%20-%20Wriitng%20for%20LPI.md)
4522 Luke - rstudio (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/354/feedback/Luke%20-%20rstudio.md)
4523 Matt - Vlans and Jails (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/354/feedback/Matt%20-%20Vlans%20and%20Jails.md)
4524 Morgan - Can I get some commentary on this issue (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/354/feedback/Morgan%20-%20Can%20I%20get%20some%20commentary%20on%20this%20issue.md)
4525 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
4526 </description>
4527 <itunes:keywords> freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, pinebook, pinebook pro, pinebook pro 64, openzfs, data safety, ec2, EC2, Amazon EC2, community survey, freebsd community survey</itunes:keywords>
4528 <content:encoded>
4529 <![CDATA[<p>FreeBSD 11.4-RC 2 available, OpenBSD 6.7 on a PineBook Pro 64, How OpenZFS Keeps Your Data Safe, Bringing FreeBSD to EC2, FreeBSD 2020 Community Survey, and more.</p>
4530
4531 <p><strong><em>NOTES</em></strong><br>
4532 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/" rel="nofollow">Tarsnap</a></p>
4533
4534 <h2>Headlines</h2>
4535
4536 <h3><a href="https://lists.freebsd.org/pipermail/freebsd-stable/2020-May/092320.html" rel="nofollow">FreeBSD 11.4-RC2 Now Available</a></h3>
4537
4538 <blockquote>
4539 <p>The second RC build of the 11.4-RELEASE release cycle is now available.</p>
4540
4541 <ul>
4542 <li><a href="https://www.freebsd.org/releases/11.4R/relnotes.html" rel="nofollow">11.4-RELEASE notes</a> (still in progress at the time of recording)
4543 ***</li>
4544 </ul>
4545 </blockquote>
4546
4547 <h3><a href="https://xosc.org/pinebookpro.html" rel="nofollow">Install OpenBSD 6.7-current on a PineBook Pro 64</a></h3>
4548
4549 <blockquote>
4550 <p>This document is work in progress and I'll update the date above once I change something. If you have something to add, remarks, etc please contact me. Preferably via Mastodon but other means of communication are also fine.</p>
4551
4552 <hr>
4553 </blockquote>
4554
4555 <h2>News Roundup</h2>
4556
4557 <h3><a href="https://www.ixsystems.com/blog/openzfs-keeps-your-data-safe/" rel="nofollow">Understanding How OpenZFS Keeps Your Data Safe</a></h3>
4558
4559 <blockquote>
4560 <p>Veteran technology writer Jim Salter wrote an excellent guide on the ZFS file system’s features and performance that we absolutely had to share. There’s plenty of information in the article for ZFS newbies and advanced users alike. Be sure to check out the article over at Ars Technica to learn more about ZFS concepts including pools, vdevs, datasets, snapshots, and replication, just to name a few. </p>
4561
4562 <hr>
4563 </blockquote>
4564
4565 <h3><a href="https://www.lastweekinaws.com/podcast/screaming-in-the-cloud/bringing-freebsd-to-ec2-with-colin-percival/" rel="nofollow">Bringing FreeBSD to ec2</a></h3>
4566
4567 <blockquote>
4568 <p>Colin is the founder of Tarsnap, a secure online backup service which combines the flexibility and scriptability of the standard UNIX "tar" utility with strong encryption, deduplication, and the reliability of Amazon S3 storage. Having started work on Tarsnap in 2006, Colin is among the first generation of users of Amazon Web Services, and has written dozens of articles about his experiences with AWS on his blog.</p>
4569
4570 <hr>
4571 </blockquote>
4572
4573 <h3><a href="https://www.research.net/r/freebsd-2020-community-survey" rel="nofollow">FreeBSD 2020 Community Survey</a></h3>
4574
4575 <blockquote>
4576 <p>The FreeBSD Core Team invites you to complete the 2020 FreeBSD Community Survey. The purpose of this survey is to collect quantitative data from the public in order to help guide the project’s priorities and efforts. This is only the second time a survey has been conducted by the FreeBSD Project and your input is valued.<br>
4577 The survey will remain open for 14 days and will close on June 16th at 17:00 UTC (Tuesday 10am PDT).</p>
4578
4579 <hr>
4580 </blockquote>
4581
4582 <h2>Beastie Bits</h2>
4583
4584 <ul>
4585 <li><a href="https://www.freebsdfoundation.org/blog/submit-your-freebsd-project-proposal" rel="nofollow">FreeBSD Project Proposals</a></li>
4586 <li><a href="https://www.youtube.com/channel/UCknj_nW8JWcFJOAbgd5_Zgw" rel="nofollow">TJ Hacking</a></li>
4587 <li><a href="https://twitter.com/ScotlandOSUM/status/1265987126321188864?s=19" rel="nofollow">Scotland Open Source podcast</a></li>
4588 <li><a href="https://wiki.freebsd.org/OfficeHours" rel="nofollow">Next FreeBSD Office Hours on June 24, 2020</a>
4589 ***</li>
4590 </ul>
4591
4592 <h2>Feedback/Questions</h2>
4593
4594 <ul>
4595 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/354/feedback/Tom%20-%20Wriitng%20for%20LPI.md" rel="nofollow">Tom - Writing for LPIrstudio</a></li>
4596 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/354/feedback/Luke%20-%20rstudio.md" rel="nofollow">Luke - rstudio</a></li>
4597 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/354/feedback/Matt%20-%20Vlans%20and%20Jails.md" rel="nofollow">Matt - Vlans and Jails</a></li>
4598 <li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/354/feedback/Morgan%20-%20Can%20I%20get%20some%20commentary%20on%20this%20issue.md" rel="nofollow">Morgan - Can I get some commentary on this issue</a></p>
4599
4600 <hr></li>
4601 <li><p>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></p>
4602
4603 <hr></li>
4604 </ul><p>Sponsored By:</p><ul><li><a href="https://www.tarsnap.com/bsdnow" rel="nofollow">Tarsnap</a> Promo Code: bsdnow</li></ul>]]>
4605 </content:encoded>
4606 <itunes:summary>
4607 <![CDATA[<p>FreeBSD 11.4-RC 2 available, OpenBSD 6.7 on a PineBook Pro 64, How OpenZFS Keeps Your Data Safe, Bringing FreeBSD to EC2, FreeBSD 2020 Community Survey, and more.</p>
4608
4609 <p><strong><em>NOTES</em></strong><br>
4610 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/" rel="nofollow">Tarsnap</a></p>
4611
4612 <h2>Headlines</h2>
4613
4614 <h3><a href="https://lists.freebsd.org/pipermail/freebsd-stable/2020-May/092320.html" rel="nofollow">FreeBSD 11.4-RC2 Now Available</a></h3>
4615
4616 <blockquote>
4617 <p>The second RC build of the 11.4-RELEASE release cycle is now available.</p>
4618
4619 <ul>
4620 <li><a href="https://www.freebsd.org/releases/11.4R/relnotes.html" rel="nofollow">11.4-RELEASE notes</a> (still in progress at the time of recording)
4621 ***</li>
4622 </ul>
4623 </blockquote>
4624
4625 <h3><a href="https://xosc.org/pinebookpro.html" rel="nofollow">Install OpenBSD 6.7-current on a PineBook Pro 64</a></h3>
4626
4627 <blockquote>
4628 <p>This document is work in progress and I'll update the date above once I change something. If you have something to add, remarks, etc please contact me. Preferably via Mastodon but other means of communication are also fine.</p>
4629
4630 <hr>
4631 </blockquote>
4632
4633 <h2>News Roundup</h2>
4634
4635 <h3><a href="https://www.ixsystems.com/blog/openzfs-keeps-your-data-safe/" rel="nofollow">Understanding How OpenZFS Keeps Your Data Safe</a></h3>
4636
4637 <blockquote>
4638 <p>Veteran technology writer Jim Salter wrote an excellent guide on the ZFS file system’s features and performance that we absolutely had to share. There’s plenty of information in the article for ZFS newbies and advanced users alike. Be sure to check out the article over at Ars Technica to learn more about ZFS concepts including pools, vdevs, datasets, snapshots, and replication, just to name a few. </p>
4639
4640 <hr>
4641 </blockquote>
4642
4643 <h3><a href="https://www.lastweekinaws.com/podcast/screaming-in-the-cloud/bringing-freebsd-to-ec2-with-colin-percival/" rel="nofollow">Bringing FreeBSD to ec2</a></h3>
4644
4645 <blockquote>
4646 <p>Colin is the founder of Tarsnap, a secure online backup service which combines the flexibility and scriptability of the standard UNIX "tar" utility with strong encryption, deduplication, and the reliability of Amazon S3 storage. Having started work on Tarsnap in 2006, Colin is among the first generation of users of Amazon Web Services, and has written dozens of articles about his experiences with AWS on his blog.</p>
4647
4648 <hr>
4649 </blockquote>
4650
4651 <h3><a href="https://www.research.net/r/freebsd-2020-community-survey" rel="nofollow">FreeBSD 2020 Community Survey</a></h3>
4652
4653 <blockquote>
4654 <p>The FreeBSD Core Team invites you to complete the 2020 FreeBSD Community Survey. The purpose of this survey is to collect quantitative data from the public in order to help guide the project’s priorities and efforts. This is only the second time a survey has been conducted by the FreeBSD Project and your input is valued.<br>
4655 The survey will remain open for 14 days and will close on June 16th at 17:00 UTC (Tuesday 10am PDT).</p>
4656
4657 <hr>
4658 </blockquote>
4659
4660 <h2>Beastie Bits</h2>
4661
4662 <ul>
4663 <li><a href="https://www.freebsdfoundation.org/blog/submit-your-freebsd-project-proposal" rel="nofollow">FreeBSD Project Proposals</a></li>
4664 <li><a href="https://www.youtube.com/channel/UCknj_nW8JWcFJOAbgd5_Zgw" rel="nofollow">TJ Hacking</a></li>
4665 <li><a href="https://twitter.com/ScotlandOSUM/status/1265987126321188864?s=19" rel="nofollow">Scotland Open Source podcast</a></li>
4666 <li><a href="https://wiki.freebsd.org/OfficeHours" rel="nofollow">Next FreeBSD Office Hours on June 24, 2020</a>
4667 ***</li>
4668 </ul>
4669
4670 <h2>Feedback/Questions</h2>
4671
4672 <ul>
4673 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/354/feedback/Tom%20-%20Wriitng%20for%20LPI.md" rel="nofollow">Tom - Writing for LPIrstudio</a></li>
4674 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/354/feedback/Luke%20-%20rstudio.md" rel="nofollow">Luke - rstudio</a></li>
4675 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/354/feedback/Matt%20-%20Vlans%20and%20Jails.md" rel="nofollow">Matt - Vlans and Jails</a></li>
4676 <li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/354/feedback/Morgan%20-%20Can%20I%20get%20some%20commentary%20on%20this%20issue.md" rel="nofollow">Morgan - Can I get some commentary on this issue</a></p>
4677
4678 <hr></li>
4679 <li><p>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></p>
4680
4681 <hr></li>
4682 </ul><p>Sponsored By:</p><ul><li><a href="https://www.tarsnap.com/bsdnow" rel="nofollow">Tarsnap</a> Promo Code: bsdnow</li></ul>]]>
4683 </itunes:summary>
4684 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+CuC931dK</fireside:playerURL>
4685 <fireside:playerEmbedCode>
4686 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+CuC931dK" width="740" height="200" frameborder="0" scrolling="no">]]>
4687 </fireside:playerEmbedCode>
4688 </item>
4689 <item>
4690 <title>353: ZFS on Ironwolf</title>
4691 <link>https://www.bsdnow.tv/353</link>
4692 <guid isPermaLink="false">fe0e809c-411c-4156-bf80-80c98028f1ae</guid>
4693 <pubDate>Thu, 04 Jun 2020 08:00:00 -0700</pubDate>
4694 <author>Allan Jude</author>
4695 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/fe0e809c-411c-4156-bf80-80c98028f1ae.mp3" length="36491000" type="audio/mpeg"/>
4696 <itunes:episodeType>full</itunes:episodeType>
4697 <itunes:author>Allan Jude</itunes:author>
4698 <itunes:subtitle>Scheduling in NetBSD, ZFS vs. RAID on Ironwolf disks, OpenBSD on Microsoft Surface Go 2, FreeBSD for Linux sysadmins, FreeBSD on Lenovo T480, and more</itunes:subtitle>
4699 <itunes:duration>38:31</itunes:duration>
4700 <itunes:explicit>no</itunes:explicit>
4701 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
4702 <description>Scheduling in NetBSD, ZFS vs. RAID on Ironwolf disks, OpenBSD on Microsoft Surface Go 2, FreeBSD for Linux sysadmins, FreeBSD on Lenovo T480, and more.
4703 NOTES
4704 This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/)
4705 Headlines
4706 Scheduling in NetBSD – Part 1 (https://manikishan.wordpress.com/2020/05/10/scheduling-in-netbsd-part-1/)
4707 In this blog, we will discuss about the 4.4BSD Thread scheduler one of the two schedulers in NetBSD and a few OS APIs that can be used to control the schedulers and get information while executing.
4708 ZFS versus RAID: Eight Ironwolf disks, two filesystems, one winner (https://arstechnica.com/gadgets/2020/05/zfs-versus-raid-eight-ironwolf-disks-two-filesystems-one-winner/)
4709 This has been a long while in the making—it's test results time. To truly understand the fundamentals of computer storage, it's important to explore the impact of various conventional RAID (Redundant Array of Inexpensive Disks) topologies on performance. It's also important to understand what ZFS is and how it works. But at some point, people (particularly computer enthusiasts on the Internet) want numbers.
4710 If you want to hear more from Jim, he has a new bi-weekly podcast with Allan and Joe Ressington over at 2.5admins.com (https://2.5admins.com/)
4711 News Roundup
4712 OpenBSD on the Microsoft Surface Go 2 (https://jcs.org/2020/05/15/surface_go2)
4713 I used OpenBSD on the original Surface Go back in 2018 and many things worked with the big exception of the internal Atheros WiFi. This meant I had to keep it tethered to a USB-C dock for Ethernet or use a small USB-A WiFi dongle plugged into a less-than-small USB-A-to-USB-C adapter.
4714 FreeBSD UNIX for Linux sysadmins (https://triosdevelopers.com/jason.eckert/blog/Entries/2020/5/2_FreeBSD_UNIX_for_Linux_sysadmins.html)
4715 If you’ve ever installed and explored another Linux distro (what Linux sysadmin hasn’t?!?), then exploring FreeBSD is going be somewhat similar with a few key differences.
4716 While there is no graphical installation, the installation process is straightforward and similar to installing a server-based Linux distro. Just make sure you choose the local_unbound package when prompted if you want to cache DNS lookups locally, as FreeBSD doesn’t have a built-in local DNS resolver that does this.
4717 Following installation, the directory structure is almost identical to Linux. Of course, you’ll notice some small differences here and there (e.g. regular user home directories are located under /usr/home instead of /home). Standard UNIX commands such as ls, chmod, find, which, ps, nice, ifconfig, netstat, sockstat (the ss command in Linux) are exactly as you’d expect, but with some different options here and there that you’ll see in the man pages. And yes, reboot and poweroff are there too.
4718 FreeBSD on the Lenovo Thinkpad T480 (https://www.davidschlachter.com/misc/t480-freebsd)
4719 Recently I replaced my 2014 MacBook Air with a Lenovo Thinkpad T480, on which I've installed FreeBSD, currently 12.1-RELEASE. This page documents my set-up along with various configuration tweaks and fixes.
4720 Tarsnap
4721 This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.
4722 Feedback/Questions
4723 Benjamin - ZFS Question (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/353/feedback/Benjamin%20-%20ZFS%20Question.md)
4724 Brad - swappagergetswapspace errors (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/353/feedback/Brad%20-%20swap_pager_getswapspace%20errors.md)
4725 Brandon - gaming (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/353/feedback/Brandon%20-%20gaming.md)
4726 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
4727 </description>
4728 <itunes:keywords>bsd, dragonflybsd, freebsd, guide, hardenedbsd, howto, interview, ironwolf, lenovo t480, microsoft, netbsd, openbsd, raid, scheduler, scheduling, surface go, sysadmin, system administration, system administrator, t480, trident, trueos, tutorial, zfs</itunes:keywords>
4729 <content:encoded>
4730 <![CDATA[<p>Scheduling in NetBSD, ZFS vs. RAID on Ironwolf disks, OpenBSD on Microsoft Surface Go 2, FreeBSD for Linux sysadmins, FreeBSD on Lenovo T480, and more.</p>
4731
4732 <p><strong><em>NOTES</em></strong><br>
4733 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/" rel="nofollow">Tarsnap</a></p>
4734
4735 <h2>Headlines</h2>
4736
4737 <h3><a href="https://manikishan.wordpress.com/2020/05/10/scheduling-in-netbsd-part-1/" rel="nofollow">Scheduling in NetBSD – Part 1</a></h3>
4738
4739 <blockquote>
4740 <p>In this blog, we will discuss about the 4.4BSD Thread scheduler one of the two schedulers in NetBSD and a few OS APIs that can be used to control the schedulers and get information while executing.</p>
4741 </blockquote>
4742
4743 <hr>
4744
4745 <h3><a href="https://arstechnica.com/gadgets/2020/05/zfs-versus-raid-eight-ironwolf-disks-two-filesystems-one-winner/" rel="nofollow">ZFS versus RAID: Eight Ironwolf disks, two filesystems, one winner</a></h3>
4746
4747 <blockquote>
4748 <p>This has been a long while in the making—it's test results time. To truly understand the fundamentals of computer storage, it's important to explore the impact of various conventional RAID (Redundant Array of Inexpensive Disks) topologies on performance. It's also important to understand what ZFS is and how it works. But at some point, people (particularly computer enthusiasts on the Internet) want numbers.</p>
4749 </blockquote>
4750
4751 <ul>
4752 <li>If you want to hear more from Jim, he has a new bi-weekly podcast with Allan and Joe Ressington over at <a href="https://2.5admins.com/" rel="nofollow">2.5admins.com</a></li>
4753 </ul>
4754
4755 <hr>
4756
4757 <h2>News Roundup</h2>
4758
4759 <h3><a href="https://jcs.org/2020/05/15/surface_go2" rel="nofollow">OpenBSD on the Microsoft Surface Go 2</a></h3>
4760
4761 <blockquote>
4762 <p>I used OpenBSD on the original Surface Go back in 2018 and many things worked with the big exception of the internal Atheros WiFi. This meant I had to keep it tethered to a USB-C dock for Ethernet or use a small USB-A WiFi dongle plugged into a less-than-small USB-A-to-USB-C adapter.</p>
4763 </blockquote>
4764
4765 <hr>
4766
4767 <h3><a href="https://triosdevelopers.com/jason.eckert/blog/Entries/2020/5/2_FreeBSD_UNIX_for_Linux_sysadmins.html" rel="nofollow">FreeBSD UNIX for Linux sysadmins</a></h3>
4768
4769 <blockquote>
4770 <p>If you’ve ever installed and explored another Linux distro (what Linux sysadmin hasn’t?!?), then exploring FreeBSD is going be somewhat similar with a few key differences.<br>
4771 While there is no graphical installation, the installation process is straightforward and similar to installing a server-based Linux distro. Just make sure you choose the local_unbound package when prompted if you want to cache DNS lookups locally, as FreeBSD doesn’t have a built-in local DNS resolver that does this.<br>
4772 Following installation, the directory structure is almost identical to Linux. Of course, you’ll notice some small differences here and there (e.g. regular user home directories are located under /usr/home instead of /home). Standard UNIX commands such as ls, chmod, find, which, ps, nice, ifconfig, netstat, sockstat (the ss command in Linux) are exactly as you’d expect, but with some different options here and there that you’ll see in the man pages. And yes, reboot and poweroff are there too.</p>
4773 </blockquote>
4774
4775 <hr>
4776
4777 <h3><a href="https://www.davidschlachter.com/misc/t480-freebsd" rel="nofollow">FreeBSD on the Lenovo Thinkpad T480</a></h3>
4778
4779 <blockquote>
4780 <p>Recently I replaced my 2014 MacBook Air with a Lenovo Thinkpad T480, on which I've installed FreeBSD, currently 12.1-RELEASE. This page documents my set-up along with various configuration tweaks and fixes.</p>
4781 </blockquote>
4782
4783 <hr>
4784
4785 <h3>Tarsnap</h3>
4786
4787 <ul>
4788 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
4789 </ul>
4790
4791 <hr>
4792
4793 <h2>Feedback/Questions</h2>
4794
4795 <ul>
4796 <li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/353/feedback/Benjamin%20-%20ZFS%20Question.md" rel="nofollow">Benjamin - ZFS Question</a></p></li>
4797 <li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/353/feedback/Brad%20-%20swap_pager_getswapspace%20errors.md" rel="nofollow">Brad - swap_pager_getswapspace errors</a></p></li>
4798 <li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/353/feedback/Brandon%20-%20gaming.md" rel="nofollow">Brandon - gaming</a></p></li>
4799 </ul>
4800
4801 <hr>
4802
4803 <ul>
4804 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
4805 </ul>
4806
4807 <hr><p>Sponsored By:</p><ul><li><a href="https://www.tarsnap.com/bsdnow" rel="nofollow">Tarsnap</a> Promo Code: bsdnow</li></ul>]]>
4808 </content:encoded>
4809 <itunes:summary>
4810 <![CDATA[<p>Scheduling in NetBSD, ZFS vs. RAID on Ironwolf disks, OpenBSD on Microsoft Surface Go 2, FreeBSD for Linux sysadmins, FreeBSD on Lenovo T480, and more.</p>
4811
4812 <p><strong><em>NOTES</em></strong><br>
4813 This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/" rel="nofollow">Tarsnap</a></p>
4814
4815 <h2>Headlines</h2>
4816
4817 <h3><a href="https://manikishan.wordpress.com/2020/05/10/scheduling-in-netbsd-part-1/" rel="nofollow">Scheduling in NetBSD – Part 1</a></h3>
4818
4819 <blockquote>
4820 <p>In this blog, we will discuss about the 4.4BSD Thread scheduler one of the two schedulers in NetBSD and a few OS APIs that can be used to control the schedulers and get information while executing.</p>
4821 </blockquote>
4822
4823 <hr>
4824
4825 <h3><a href="https://arstechnica.com/gadgets/2020/05/zfs-versus-raid-eight-ironwolf-disks-two-filesystems-one-winner/" rel="nofollow">ZFS versus RAID: Eight Ironwolf disks, two filesystems, one winner</a></h3>
4826
4827 <blockquote>
4828 <p>This has been a long while in the making—it's test results time. To truly understand the fundamentals of computer storage, it's important to explore the impact of various conventional RAID (Redundant Array of Inexpensive Disks) topologies on performance. It's also important to understand what ZFS is and how it works. But at some point, people (particularly computer enthusiasts on the Internet) want numbers.</p>
4829 </blockquote>
4830
4831 <ul>
4832 <li>If you want to hear more from Jim, he has a new bi-weekly podcast with Allan and Joe Ressington over at <a href="https://2.5admins.com/" rel="nofollow">2.5admins.com</a></li>
4833 </ul>
4834
4835 <hr>
4836
4837 <h2>News Roundup</h2>
4838
4839 <h3><a href="https://jcs.org/2020/05/15/surface_go2" rel="nofollow">OpenBSD on the Microsoft Surface Go 2</a></h3>
4840
4841 <blockquote>
4842 <p>I used OpenBSD on the original Surface Go back in 2018 and many things worked with the big exception of the internal Atheros WiFi. This meant I had to keep it tethered to a USB-C dock for Ethernet or use a small USB-A WiFi dongle plugged into a less-than-small USB-A-to-USB-C adapter.</p>
4843 </blockquote>
4844
4845 <hr>
4846
4847 <h3><a href="https://triosdevelopers.com/jason.eckert/blog/Entries/2020/5/2_FreeBSD_UNIX_for_Linux_sysadmins.html" rel="nofollow">FreeBSD UNIX for Linux sysadmins</a></h3>
4848
4849 <blockquote>
4850 <p>If you’ve ever installed and explored another Linux distro (what Linux sysadmin hasn’t?!?), then exploring FreeBSD is going be somewhat similar with a few key differences.<br>
4851 While there is no graphical installation, the installation process is straightforward and similar to installing a server-based Linux distro. Just make sure you choose the local_unbound package when prompted if you want to cache DNS lookups locally, as FreeBSD doesn’t have a built-in local DNS resolver that does this.<br>
4852 Following installation, the directory structure is almost identical to Linux. Of course, you’ll notice some small differences here and there (e.g. regular user home directories are located under /usr/home instead of /home). Standard UNIX commands such as ls, chmod, find, which, ps, nice, ifconfig, netstat, sockstat (the ss command in Linux) are exactly as you’d expect, but with some different options here and there that you’ll see in the man pages. And yes, reboot and poweroff are there too.</p>
4853 </blockquote>
4854
4855 <hr>
4856
4857 <h3><a href="https://www.davidschlachter.com/misc/t480-freebsd" rel="nofollow">FreeBSD on the Lenovo Thinkpad T480</a></h3>
4858
4859 <blockquote>
4860 <p>Recently I replaced my 2014 MacBook Air with a Lenovo Thinkpad T480, on which I've installed FreeBSD, currently 12.1-RELEASE. This page documents my set-up along with various configuration tweaks and fixes.</p>
4861 </blockquote>
4862
4863 <hr>
4864
4865 <h3>Tarsnap</h3>
4866
4867 <ul>
4868 <li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
4869 </ul>
4870
4871 <hr>
4872
4873 <h2>Feedback/Questions</h2>
4874
4875 <ul>
4876 <li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/353/feedback/Benjamin%20-%20ZFS%20Question.md" rel="nofollow">Benjamin - ZFS Question</a></p></li>
4877 <li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/353/feedback/Brad%20-%20swap_pager_getswapspace%20errors.md" rel="nofollow">Brad - swap_pager_getswapspace errors</a></p></li>
4878 <li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/353/feedback/Brandon%20-%20gaming.md" rel="nofollow">Brandon - gaming</a></p></li>
4879 </ul>
4880
4881 <hr>
4882
4883 <ul>
4884 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
4885 </ul>
4886
4887 <hr><p>Sponsored By:</p><ul><li><a href="https://www.tarsnap.com/bsdnow" rel="nofollow">Tarsnap</a> Promo Code: bsdnow</li></ul>]]>
4888 </itunes:summary>
4889 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+fXSNRG9o</fireside:playerURL>
4890 <fireside:playerEmbedCode>
4891 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+fXSNRG9o" width="740" height="200" frameborder="0" scrolling="no">]]>
4892 </fireside:playerEmbedCode>
4893 </item>
4894 <item>
4895 <title>352: Introducing Randomness</title>
4896 <link>https://www.bsdnow.tv/352</link>
4897 <guid isPermaLink="false">a4aba73b-ccc0-41d3-bd39-45783e594bd3</guid>
4898 <pubDate>Thu, 28 May 2020 05:00:00 -0700</pubDate>
4899 <author>Allan Jude</author>
4900 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/a4aba73b-ccc0-41d3-bd39-45783e594bd3.mp3" length="45132517" type="audio/mpeg"/>
4901 <itunes:episodeType>full</itunes:episodeType>
4902 <itunes:author>Allan Jude</itunes:author>
4903 <itunes:subtitle>A brief introduction to randomness, logs grinding netatalk to a halt, NetBSD core team changes, Using qemu guest agent on OpenBSD kvm/qemu guests, WireGuard patchset for OpenBSD, FreeBSD 12.1 on a laptop, and more.</itunes:subtitle>
4904 <itunes:duration>50:56</itunes:duration>
4905 <itunes:explicit>no</itunes:explicit>
4906 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
4907 <description>A brief introduction to randomness, logs grinding netatalk to a halt, NetBSD core team changes, Using qemu guest agent on OpenBSD kvm/qemu guests, WireGuard patchset for OpenBSD, FreeBSD 12.1 on a laptop, and more.
4908 Headlines
4909 Entropy (https://washbear.neocities.org/entropy.html)
4910 A brief introduction to randomness
4911 Problem: Computers are very predictable. This is by design.
4912 But what if we want them to act unpredictably? This is very useful if we want to secure our private communications with randomized keys, or not let people cheat at video games, or if we're doing statistical simulations or similar.
4913 Logs grinding Netatalk on FreeBSD to a hault (https://rubenerd.com/logs-grinding-netatalk-on-freebsd-to-a-hault/)
4914 I’ve heard it said the cobbler’s children walk barefoot. While posessing the qualities of a famed financial investment strategy, it speaks to how we generally put more effort into things for others than ourselves; at least in business.
4915 The HP Microserver I share with Clara is a modest affair compared to what we run at work. It has six spinning rust drives and two SSDs which are ZFS-mirrored; not even in a RAID 10 equivalent. This is underlaid with GELI for encryption, and served to our Macs with Netatalk over gigabit Ethernet with jumbo frames.
4916 News Roundup
4917 NetBSD Core Team Changes (https://mail-index.netbsd.org/netbsd-announce/2020/05/07/msg000314.html)
4918 Matt Thomas (matt@) has served on the NetBSD core team for over ten years, and has made many contributions, including ELF functionality, being the long-time VAX maintainer, gcc contributor, the generic pmap, and also networking functionality, and platform bring-up over the years. Matt has stepped down from the NetBSD core team, and we thank him for his many, extensive contributions.
4919 Robert Elz (kre@), a long time BSD contributor, has kindly accepted the offer to join the core team, and help us out with the benefit of his experience and advice over many years. Amongst other things, Robert has been maintaining our shell, liaising with the Austin Group, and bringing it up to date with modern functionality.
4920 Using qemu guest agent on OpenBSD kvm/qemu guests (https://undeadly.org/cgi?action=article;sid=20200514073852)
4921 In a post to the ports@ mailing list, Landry Breuil (landry@) shared some of his notes on using qemu guest agent on OpenBSD kvm/qemu guests.
4922 WireGuard patchset for OpenBSD (https://undeadly.org/cgi?action=article;sid=20200512080047)
4923 A while ago I wanted to learn more about OpenBSD development. So I picked a project, in this case WireGuard, to develop a native client for. Over the last two years, with many different iterations, and working closely with the WireGuard's creator (Jason [Jason A. Donenfeld - Ed.], CC'd), it started to become a serious project eventually reaching parity with other official implementations. Finally, we are here and I think it is time for any further development to happen inside the src tree.
4924 FreeBSD 12.1 on a laptop (https://dataswamp.org/~solene/2020-05-11-freebsd-workstation.html)
4925 I’m using FreeBSD again on a laptop for some reasons so expect to read more about FreeBSD here. This tutorial explain how to get a graphical desktop using FreeBSD 12.1.
4926 Beastie Bits
4927 List of useful FreeBSD Commands (https://medium.com/@tdebarbora/list-of-useful-freebsd-commands-92dffb8f8c57)
4928 Master Your Network With Unix Command Line Tools (https://itnext.io/master-your-network-with-unix-command-line-tools-790bdd3b3b87)
4929 Original Unix containers aka FreeBSD jails (https://twitter.com/nixcraft/status/1257674069387993088)
4930 Flashback : 2003 Article : Bill Joy's greatest gift to man – the vi editor (https://www.theregister.co.uk/2003/09/11/bill_joys_greatest_gift/)
4931 FreeBSD Journal March/April 2020 Filesystems: ZFS Encryption, FUSE, and more, plus Network Bridges (https://www.freebsdfoundation.org/past-issues/filesystems/)
4932 HAMBug meeting will be online again in June, so those from all over the world are welcome to join, June 9th (2nd Tuesday of each month) at 18:30 Eastern (https://www.hambug.ca/)
4933 Feedback/Questions
4934 + Lyubomir - GELI and ZFS (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/352/feedback/Lyubomir%20-%20GELI%20and%20ZFS.md)
4935 Patrick - powerd and powerd++ (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/352/feedback/Patrick%20-%20powerd%20and%20powerd%2B%2B.md)
4936 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
4937 </description>
4938 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, random, randomness, entropy, logs, netatalk, core team, changes, qemu, guest agent, kvm, wireguard, patchset, laptop, notebook</itunes:keywords>
4939 <content:encoded>
4940 <![CDATA[<p>A brief introduction to randomness, logs grinding netatalk to a halt, NetBSD core team changes, Using qemu guest agent on OpenBSD kvm/qemu guests, WireGuard patchset for OpenBSD, FreeBSD 12.1 on a laptop, and more.</p>
4941
4942 <h2>Headlines</h2>
4943
4944 <h3><a href="https://washbear.neocities.org/entropy.html" rel="nofollow">Entropy</a></h3>
4945
4946 <blockquote>
4947 <blockquote>
4948 <p>A brief introduction to randomness</p>
4949 </blockquote>
4950 </blockquote>
4951
4952 <ul>
4953 <li>Problem: Computers are very predictable. This is by design.</li>
4954 </ul>
4955
4956 <blockquote>
4957 <p>But what if we want them to act unpredictably? This is very useful if we want to secure our private communications with randomized keys, or not let people cheat at video games, or if we're doing statistical simulations or similar.</p>
4958 </blockquote>
4959
4960 <hr>
4961
4962 <h3><a href="https://rubenerd.com/logs-grinding-netatalk-on-freebsd-to-a-hault/" rel="nofollow">Logs grinding Netatalk on FreeBSD to a hault</a></h3>
4963
4964 <blockquote>
4965 <blockquote>
4966 <p>I’ve heard it said the cobbler’s children walk barefoot. While posessing the qualities of a famed financial investment strategy, it speaks to how we generally put more effort into things for others than ourselves; at least in business.<br>
4967 The HP Microserver I share with Clara is a modest affair compared to what we run at work. It has six spinning rust drives and two SSDs which are ZFS-mirrored; not even in a RAID 10 equivalent. This is underlaid with GELI for encryption, and served to our Macs with Netatalk over gigabit Ethernet with jumbo frames.</p>
4968 </blockquote>
4969 </blockquote>
4970
4971 <hr>
4972
4973 <h2>News Roundup</h2>
4974
4975 <h3><a href="https://mail-index.netbsd.org/netbsd-announce/2020/05/07/msg000314.html" rel="nofollow">NetBSD Core Team Changes</a></h3>
4976
4977 <blockquote>
4978 <p>Matt Thomas (matt@) has served on the NetBSD core team for over ten years, and has made many contributions, including ELF functionality, being the long-time VAX maintainer, gcc contributor, the generic pmap, and also networking functionality, and platform bring-up over the years. Matt has stepped down from the NetBSD core team, and we thank him for his many, extensive contributions.<br>
4979 Robert Elz (kre@), a long time BSD contributor, has kindly accepted the offer to join the core team, and help us out with the benefit of his experience and advice over many years. Amongst other things, Robert has been maintaining our shell, liaising with the Austin Group, and bringing it up to date with modern functionality.</p>
4980
4981 <hr>
4982 </blockquote>
4983
4984 <h3><a href="https://undeadly.org/cgi?action=article;sid=20200514073852" rel="nofollow">Using qemu guest agent on OpenBSD kvm/qemu guests</a></h3>
4985
4986 <blockquote>
4987 <p>In a post to the ports@ mailing list, Landry Breuil (landry@) shared some of his notes on using qemu guest agent on OpenBSD kvm/qemu guests.</p>
4988 </blockquote>
4989
4990 <hr>
4991
4992 <h3><a href="https://undeadly.org/cgi?action=article;sid=20200512080047" rel="nofollow">WireGuard patchset for OpenBSD</a></h3>
4993
4994 <blockquote>
4995 <p>A while ago I wanted to learn more about OpenBSD development. So I picked a project, in this case WireGuard, to develop a native client for. Over the last two years, with many different iterations, and working closely with the WireGuard's creator (Jason [Jason A. Donenfeld - Ed.], CC'd), it started to become a serious project eventually reaching parity with other official implementations. Finally, we are here and I think it is time for any further development to happen inside the src tree.</p>
4996
4997 <hr>
4998 </blockquote>
4999
5000 <h3><a href="https://dataswamp.org/%7Esolene/2020-05-11-freebsd-workstation.html" rel="nofollow">FreeBSD 12.1 on a laptop</a></h3>
5001
5002 <blockquote>
5003 <p>I’m using FreeBSD again on a laptop for some reasons so expect to read more about FreeBSD here. This tutorial explain how to get a graphical desktop using FreeBSD 12.1.</p>
5004
5005 <hr>
5006 </blockquote>
5007
5008 <h2>Beastie Bits</h2>
5009
5010 <ul>
5011 <li><a href="https://medium.com/@tdebarbora/list-of-useful-freebsd-commands-92dffb8f8c57" rel="nofollow">List of useful FreeBSD Commands</a></li>
5012 <li><a href="https://itnext.io/master-your-network-with-unix-command-line-tools-790bdd3b3b87" rel="nofollow">Master Your Network With Unix Command Line Tools</a></li>
5013 <li><a href="https://twitter.com/nixcraft/status/1257674069387993088" rel="nofollow">Original Unix containers aka FreeBSD jails</a></li>
5014 <li><a href="https://www.theregister.co.uk/2003/09/11/bill_joys_greatest_gift/" rel="nofollow">Flashback : 2003 Article : Bill Joy's greatest gift to man – the vi editor</a></li>
5015 <li><a href="https://www.freebsdfoundation.org/past-issues/filesystems/" rel="nofollow">FreeBSD Journal March/April 2020 Filesystems: ZFS Encryption, FUSE, and more, plus Network Bridges</a></li>
5016 <li><a href="https://www.hambug.ca/" rel="nofollow">HAMBug meeting will be online again in June, so those from all over the world are welcome to join, June 9th (2nd Tuesday of each month) at 18:30 Eastern</a></li>
5017 </ul>
5018
5019 <hr>
5020
5021 <h2>Feedback/Questions</h2>
5022
5023 <ul>
5024 <li>+ <a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/352/feedback/Lyubomir%20-%20GELI%20and%20ZFS.md" rel="nofollow">Lyubomir - GELI and ZFS</a></li>
5025 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/352/feedback/Patrick%20-%20powerd%20and%20powerd%2B%2B.md" rel="nofollow">Patrick - powerd and powerd++</a></li>
5026 </ul>
5027
5028 <hr>
5029
5030 <ul>
5031 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
5032 </ul>
5033
5034 <hr>]]>
5035 </content:encoded>
5036 <itunes:summary>
5037 <![CDATA[<p>A brief introduction to randomness, logs grinding netatalk to a halt, NetBSD core team changes, Using qemu guest agent on OpenBSD kvm/qemu guests, WireGuard patchset for OpenBSD, FreeBSD 12.1 on a laptop, and more.</p>
5038
5039 <h2>Headlines</h2>
5040
5041 <h3><a href="https://washbear.neocities.org/entropy.html" rel="nofollow">Entropy</a></h3>
5042
5043 <blockquote>
5044 <blockquote>
5045 <p>A brief introduction to randomness</p>
5046 </blockquote>
5047 </blockquote>
5048
5049 <ul>
5050 <li>Problem: Computers are very predictable. This is by design.</li>
5051 </ul>
5052
5053 <blockquote>
5054 <p>But what if we want them to act unpredictably? This is very useful if we want to secure our private communications with randomized keys, or not let people cheat at video games, or if we're doing statistical simulations or similar.</p>
5055 </blockquote>
5056
5057 <hr>
5058
5059 <h3><a href="https://rubenerd.com/logs-grinding-netatalk-on-freebsd-to-a-hault/" rel="nofollow">Logs grinding Netatalk on FreeBSD to a hault</a></h3>
5060
5061 <blockquote>
5062 <blockquote>
5063 <p>I’ve heard it said the cobbler’s children walk barefoot. While posessing the qualities of a famed financial investment strategy, it speaks to how we generally put more effort into things for others than ourselves; at least in business.<br>
5064 The HP Microserver I share with Clara is a modest affair compared to what we run at work. It has six spinning rust drives and two SSDs which are ZFS-mirrored; not even in a RAID 10 equivalent. This is underlaid with GELI for encryption, and served to our Macs with Netatalk over gigabit Ethernet with jumbo frames.</p>
5065 </blockquote>
5066 </blockquote>
5067
5068 <hr>
5069
5070 <h2>News Roundup</h2>
5071
5072 <h3><a href="https://mail-index.netbsd.org/netbsd-announce/2020/05/07/msg000314.html" rel="nofollow">NetBSD Core Team Changes</a></h3>
5073
5074 <blockquote>
5075 <p>Matt Thomas (matt@) has served on the NetBSD core team for over ten years, and has made many contributions, including ELF functionality, being the long-time VAX maintainer, gcc contributor, the generic pmap, and also networking functionality, and platform bring-up over the years. Matt has stepped down from the NetBSD core team, and we thank him for his many, extensive contributions.<br>
5076 Robert Elz (kre@), a long time BSD contributor, has kindly accepted the offer to join the core team, and help us out with the benefit of his experience and advice over many years. Amongst other things, Robert has been maintaining our shell, liaising with the Austin Group, and bringing it up to date with modern functionality.</p>
5077
5078 <hr>
5079 </blockquote>
5080
5081 <h3><a href="https://undeadly.org/cgi?action=article;sid=20200514073852" rel="nofollow">Using qemu guest agent on OpenBSD kvm/qemu guests</a></h3>
5082
5083 <blockquote>
5084 <p>In a post to the ports@ mailing list, Landry Breuil (landry@) shared some of his notes on using qemu guest agent on OpenBSD kvm/qemu guests.</p>
5085 </blockquote>
5086
5087 <hr>
5088
5089 <h3><a href="https://undeadly.org/cgi?action=article;sid=20200512080047" rel="nofollow">WireGuard patchset for OpenBSD</a></h3>
5090
5091 <blockquote>
5092 <p>A while ago I wanted to learn more about OpenBSD development. So I picked a project, in this case WireGuard, to develop a native client for. Over the last two years, with many different iterations, and working closely with the WireGuard's creator (Jason [Jason A. Donenfeld - Ed.], CC'd), it started to become a serious project eventually reaching parity with other official implementations. Finally, we are here and I think it is time for any further development to happen inside the src tree.</p>
5093
5094 <hr>
5095 </blockquote>
5096
5097 <h3><a href="https://dataswamp.org/%7Esolene/2020-05-11-freebsd-workstation.html" rel="nofollow">FreeBSD 12.1 on a laptop</a></h3>
5098
5099 <blockquote>
5100 <p>I’m using FreeBSD again on a laptop for some reasons so expect to read more about FreeBSD here. This tutorial explain how to get a graphical desktop using FreeBSD 12.1.</p>
5101
5102 <hr>
5103 </blockquote>
5104
5105 <h2>Beastie Bits</h2>
5106
5107 <ul>
5108 <li><a href="https://medium.com/@tdebarbora/list-of-useful-freebsd-commands-92dffb8f8c57" rel="nofollow">List of useful FreeBSD Commands</a></li>
5109 <li><a href="https://itnext.io/master-your-network-with-unix-command-line-tools-790bdd3b3b87" rel="nofollow">Master Your Network With Unix Command Line Tools</a></li>
5110 <li><a href="https://twitter.com/nixcraft/status/1257674069387993088" rel="nofollow">Original Unix containers aka FreeBSD jails</a></li>
5111 <li><a href="https://www.theregister.co.uk/2003/09/11/bill_joys_greatest_gift/" rel="nofollow">Flashback : 2003 Article : Bill Joy's greatest gift to man – the vi editor</a></li>
5112 <li><a href="https://www.freebsdfoundation.org/past-issues/filesystems/" rel="nofollow">FreeBSD Journal March/April 2020 Filesystems: ZFS Encryption, FUSE, and more, plus Network Bridges</a></li>
5113 <li><a href="https://www.hambug.ca/" rel="nofollow">HAMBug meeting will be online again in June, so those from all over the world are welcome to join, June 9th (2nd Tuesday of each month) at 18:30 Eastern</a></li>
5114 </ul>
5115
5116 <hr>
5117
5118 <h2>Feedback/Questions</h2>
5119
5120 <ul>
5121 <li>+ <a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/352/feedback/Lyubomir%20-%20GELI%20and%20ZFS.md" rel="nofollow">Lyubomir - GELI and ZFS</a></li>
5122 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/352/feedback/Patrick%20-%20powerd%20and%20powerd%2B%2B.md" rel="nofollow">Patrick - powerd and powerd++</a></li>
5123 </ul>
5124
5125 <hr>
5126
5127 <ul>
5128 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
5129 </ul>
5130
5131 <hr>]]>
5132 </itunes:summary>
5133 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+_DSB34Bn</fireside:playerURL>
5134 <fireside:playerEmbedCode>
5135 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+_DSB34Bn" width="740" height="200" frameborder="0" scrolling="no">]]>
5136 </fireside:playerEmbedCode>
5137 </item>
5138 <item>
5139 <title>351: Heaven: OpenBSD 6.7</title>
5140 <link>https://www.bsdnow.tv/351</link>
5141 <guid isPermaLink="false">2a4b866e-d026-416c-9ab7-e0b95bf24043</guid>
5142 <pubDate>Thu, 21 May 2020 05:00:00 -0700</pubDate>
5143 <author>Allan Jude</author>
5144 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/2a4b866e-d026-416c-9ab7-e0b95bf24043.mp3" length="43675400" type="audio/mpeg"/>
5145 <itunes:episodeType>full</itunes:episodeType>
5146 <itunes:author>Allan Jude</itunes:author>
5147 <itunes:subtitle>Backup and Restore on NetBSD, OpenBSD 6.7 available, Building a WireGuard Jail with FreeBSD's standard tools, who gets to chown things and quotas, influence TrueNAS CORE roadmap, and more.
5148 Date: 2020-05-20</itunes:subtitle>
5149 <itunes:duration>49:09</itunes:duration>
5150 <itunes:explicit>no</itunes:explicit>
5151 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
5152 <description>Backup and Restore on NetBSD, OpenBSD 6.7 available, Building a WireGuard Jail with FreeBSD's standard tools, who gets to chown things and quotas, influence TrueNAS CORE roadmap, and more.
5153 Headlines
5154 Backup and Restore on NetBSD (https://e17i.github.io/articles-netbsd-backup/)
5155 Putting together the bits and pieces of a backup and restore concept, while not being rocket science, always seems to be a little bit ungrateful. Most Admin Handbooks handle this topic only within few pages. After replacing my old Mac Mini's OS by NetBSD, I tried to implement an automated backup, allowing me to handle it similarly to the time machine backups I've been using before. Suggestions on how to improve are always welcome.
5156 BSD Release: OpenBSD 6.7 (https://distrowatch.com/?newsid=10921)
5157 The OpenBSD project produces and operating system which places focus on portability, standardisation, code correctness, proactive security and integrated cryptography. The project's latest release is OpenBSD 6.7 which introduces several new improvements to the cron scheduling daemon, improvements to the web server daemon, and the top command now offers scrollable output. These and many more changes can be found in the project's release announcement: "This is a partial list of new features and systems included in OpenBSD 6.7. For a comprehensive list, see the changelog leading to 6.7. General improvements and bugfixes: Reduced the minimum allowed number of chunks in a CONCAT volume from 2 to 1, increasing the number of volumes which can be created on a single disk with bioctl(8) from 7 to 15. This can be used to create more partitions than previously. Rewrote the cron(8) flag-parsing code to be getopt-like, allowing tight formations like -ns and flag repetition. Renamed the 'options' field in crontab(5) to 'flags'. Added crontab(5) -s flag to the command field, indicating that only a single instance of the job should run concurrently. Added cron(8) support for random time values using the ~ operator. Allowed cwm(1) configuration of window size based on percentage of the master window during horizontal and vertical tiling actions."
5158 Release Announcement (https://marc.info/?l=openbsd-announce&m=158989783626149&w=2)
5159 Release Notes (https://www.openbsd.org/67.html)
5160 News Roundup
5161 Building a WireGuard Jail with the FreeBSD's Standard Tools (https://genneko.github.io/playing-with-bsd/networking/freebsd-wireguard-jail/)
5162 Recently, I had an opportunity to build a WireGuard jail on a FreeBSD 12.1 host.
5163 As it was really quick and easy to setup and it has been working completely fine for a month, I’d like to share my experience with anyone interested in this topic.
5164 The Unix divide over who gets to chown things, and (disk space) quotas (https://utcc.utoronto.ca/~cks/space/blog/unix/ChownDivideAndQuotas)
5165 One of the famous big splits between the BSD Unix world and the System V world is whether ordinary users can use chown (the command and the system call) to give away their own files. In System V derived Unixes you were generally allowed to; in BSD derived Unixes you weren't. Until I looked it up now to make sure, I thought that BSD changed this behavior from V7 and that V7 had an unrestricted chown. However, this turns out to be wrong; in V7 Unix, chown(2) was restricted to root only.
5166 You Can Influence the TrueNAS CORE Roadmap! (https://www.ixsystems.com/blog/truenas-bugs-and-suggestions/)
5167 As many of you know, we’ve historically had three ticket types available in our tracker: Bugs, Features, and Improvements, which are all fairly self-explanatory. After some discussion internally, we’ve decided to implement a new type of ticket, a “Suggestion”. These will be replacing Feature and Improvement requests for the TrueNAS Community, simplifying things down to two options: Bugs and Suggestions. This change also introduces a slightly different workflow than before.
5168 Beastie Bits
5169 FreeNAS Spare Parts Build: Testing ZFS With Imbalanced VDEVs and Mismatched Drives (https://www.youtube.com/watch?v=EFrlG3CUKFQ)
5170 TLSv1.3 server code enabled in LibreSSL in -current (https://undeadly.org/cgi?action=article;sid=20200512074150)
5171 Interview with Deb Goodkin (https://itsfoss.com/freebsd-interview-deb-goodkin/)
5172 ***
5173 Feedback/Questions
5174 Bostjan - WireGaurd (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/351/feedback/Bostjan%20-%20WireGaurd.md)
5175 Chad - ZFS Pool Design (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/351/feedback/Chad%20-%20ZFS%20Pool%20Design.md)
5176 Pedreo - Scale FreeBSD Jails (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/351/feedback/Pedreo%20-%20Scale%20FreeBSD%20Jails.md)
5177 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
5178 </description>
5179 <itunes:keywords> freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, backup, restore, release, wireguard, jail, chown, disk, disk space, quota, quotas, truenas, truenas core, roadmap </itunes:keywords>
5180 <content:encoded>
5181 <![CDATA[<p>Backup and Restore on NetBSD, OpenBSD 6.7 available, Building a WireGuard Jail with FreeBSD's standard tools, who gets to chown things and quotas, influence TrueNAS CORE roadmap, and more.</p>
5182
5183 <h2>Headlines</h2>
5184
5185 <h3><a href="https://e17i.github.io/articles-netbsd-backup/" rel="nofollow">Backup and Restore on NetBSD</a></h3>
5186
5187 <blockquote>
5188 <p>Putting together the bits and pieces of a backup and restore concept, while not being rocket science, always seems to be a little bit ungrateful. Most Admin Handbooks handle this topic only within few pages. After replacing my old Mac Mini's OS by NetBSD, I tried to implement an automated backup, allowing me to handle it similarly to the time machine backups I've been using before. Suggestions on how to improve are always welcome.</p>
5189 </blockquote>
5190
5191 <hr>
5192
5193 <h3><a href="https://distrowatch.com/?newsid=10921" rel="nofollow">BSD Release: OpenBSD 6.7</a></h3>
5194
5195 <blockquote>
5196 <p>The OpenBSD project produces and operating system which places focus on portability, standardisation, code correctness, proactive security and integrated cryptography. The project's latest release is OpenBSD 6.7 which introduces several new improvements to the cron scheduling daemon, improvements to the web server daemon, and the top command now offers scrollable output. These and many more changes can be found in the project's release announcement: "This is a partial list of new features and systems included in OpenBSD 6.7. For a comprehensive list, see the changelog leading to 6.7. General improvements and bugfixes: Reduced the minimum allowed number of chunks in a CONCAT volume from 2 to 1, increasing the number of volumes which can be created on a single disk with bioctl(8) from 7 to 15. This can be used to create more partitions than previously. Rewrote the cron(8) flag-parsing code to be getopt-like, allowing tight formations like -ns and flag repetition. Renamed the 'options' field in crontab(5) to 'flags'. Added crontab(5) -s flag to the command field, indicating that only a single instance of the job should run concurrently. Added cron(8) support for random time values using the ~ operator. Allowed cwm(1) configuration of window size based on percentage of the master window during horizontal and vertical tiling actions."</p>
5197 </blockquote>
5198
5199 <ul>
5200 <li><a href="https://marc.info/?l=openbsd-announce&m=158989783626149&w=2" rel="nofollow">Release Announcement</a></li>
5201 <li><a href="https://www.openbsd.org/67.html" rel="nofollow">Release Notes</a></li>
5202 </ul>
5203
5204 <hr>
5205
5206 <h2>News Roundup</h2>
5207
5208 <h3><a href="https://genneko.github.io/playing-with-bsd/networking/freebsd-wireguard-jail/" rel="nofollow">Building a WireGuard Jail with the FreeBSD's Standard Tools</a></h3>
5209
5210 <blockquote>
5211 <p>Recently, I had an opportunity to build a WireGuard jail on a FreeBSD 12.1 host.<br>
5212 As it was really quick and easy to setup and it has been working completely fine for a month, I’d like to share my experience with anyone interested in this topic. </p>
5213 </blockquote>
5214
5215 <hr>
5216
5217 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/unix/ChownDivideAndQuotas" rel="nofollow">The Unix divide over who gets to chown things, and (disk space) quotas</a></h3>
5218
5219 <blockquote>
5220 <p>One of the famous big splits between the BSD Unix world and the System V world is whether ordinary users can use chown (the command and the system call) to give away their own files. In System V derived Unixes you were generally allowed to; in BSD derived Unixes you weren't. Until I looked it up now to make sure, I thought that BSD changed this behavior from V7 and that V7 had an unrestricted chown. However, this turns out to be wrong; in V7 Unix, chown(2) was restricted to root only.</p>
5221 </blockquote>
5222
5223 <hr>
5224
5225 <h3><a href="https://www.ixsystems.com/blog/truenas-bugs-and-suggestions/" rel="nofollow">You Can Influence the TrueNAS CORE Roadmap!</a></h3>
5226
5227 <blockquote>
5228 <p>As many of you know, we’ve historically had three ticket types available in our tracker: Bugs, Features, and Improvements, which are all fairly self-explanatory. After some discussion internally, we’ve decided to implement a new type of ticket, a “Suggestion”. These will be replacing Feature and Improvement requests for the TrueNAS Community, simplifying things down to two options: Bugs and Suggestions. This change also introduces a slightly different workflow than before.</p>
5229
5230 <hr>
5231 </blockquote>
5232
5233 <h2>Beastie Bits</h2>
5234
5235 <ul>
5236 <li><a href="https://www.youtube.com/watch?v=EFrlG3CUKFQ" rel="nofollow">FreeNAS Spare Parts Build: Testing ZFS With Imbalanced VDEVs and Mismatched Drives</a></li>
5237 <li><a href="https://undeadly.org/cgi?action=article;sid=20200512074150" rel="nofollow">TLSv1.3 server code enabled in LibreSSL in -current</a></li>
5238 <li><a href="https://itsfoss.com/freebsd-interview-deb-goodkin/" rel="nofollow">Interview with Deb Goodkin</a>
5239 ***</li>
5240 </ul>
5241
5242 <h2>Feedback/Questions</h2>
5243
5244 <ul>
5245 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/351/feedback/Bostjan%20-%20WireGaurd.md" rel="nofollow">Bostjan - WireGaurd</a></li>
5246 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/351/feedback/Chad%20-%20ZFS%20Pool%20Design.md" rel="nofollow">Chad - ZFS Pool Design</a></li>
5247 <li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/351/feedback/Pedreo%20-%20Scale%20FreeBSD%20Jails.md" rel="nofollow">Pedreo - Scale FreeBSD Jails</a></p>
5248
5249 <hr></li>
5250 <li><p>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></p></li>
5251 </ul>
5252
5253 <hr>]]>
5254 </content:encoded>
5255 <itunes:summary>
5256 <![CDATA[<p>Backup and Restore on NetBSD, OpenBSD 6.7 available, Building a WireGuard Jail with FreeBSD's standard tools, who gets to chown things and quotas, influence TrueNAS CORE roadmap, and more.</p>
5257
5258 <h2>Headlines</h2>
5259
5260 <h3><a href="https://e17i.github.io/articles-netbsd-backup/" rel="nofollow">Backup and Restore on NetBSD</a></h3>
5261
5262 <blockquote>
5263 <p>Putting together the bits and pieces of a backup and restore concept, while not being rocket science, always seems to be a little bit ungrateful. Most Admin Handbooks handle this topic only within few pages. After replacing my old Mac Mini's OS by NetBSD, I tried to implement an automated backup, allowing me to handle it similarly to the time machine backups I've been using before. Suggestions on how to improve are always welcome.</p>
5264 </blockquote>
5265
5266 <hr>
5267
5268 <h3><a href="https://distrowatch.com/?newsid=10921" rel="nofollow">BSD Release: OpenBSD 6.7</a></h3>
5269
5270 <blockquote>
5271 <p>The OpenBSD project produces and operating system which places focus on portability, standardisation, code correctness, proactive security and integrated cryptography. The project's latest release is OpenBSD 6.7 which introduces several new improvements to the cron scheduling daemon, improvements to the web server daemon, and the top command now offers scrollable output. These and many more changes can be found in the project's release announcement: "This is a partial list of new features and systems included in OpenBSD 6.7. For a comprehensive list, see the changelog leading to 6.7. General improvements and bugfixes: Reduced the minimum allowed number of chunks in a CONCAT volume from 2 to 1, increasing the number of volumes which can be created on a single disk with bioctl(8) from 7 to 15. This can be used to create more partitions than previously. Rewrote the cron(8) flag-parsing code to be getopt-like, allowing tight formations like -ns and flag repetition. Renamed the 'options' field in crontab(5) to 'flags'. Added crontab(5) -s flag to the command field, indicating that only a single instance of the job should run concurrently. Added cron(8) support for random time values using the ~ operator. Allowed cwm(1) configuration of window size based on percentage of the master window during horizontal and vertical tiling actions."</p>
5272 </blockquote>
5273
5274 <ul>
5275 <li><a href="https://marc.info/?l=openbsd-announce&m=158989783626149&w=2" rel="nofollow">Release Announcement</a></li>
5276 <li><a href="https://www.openbsd.org/67.html" rel="nofollow">Release Notes</a></li>
5277 </ul>
5278
5279 <hr>
5280
5281 <h2>News Roundup</h2>
5282
5283 <h3><a href="https://genneko.github.io/playing-with-bsd/networking/freebsd-wireguard-jail/" rel="nofollow">Building a WireGuard Jail with the FreeBSD's Standard Tools</a></h3>
5284
5285 <blockquote>
5286 <p>Recently, I had an opportunity to build a WireGuard jail on a FreeBSD 12.1 host.<br>
5287 As it was really quick and easy to setup and it has been working completely fine for a month, I’d like to share my experience with anyone interested in this topic. </p>
5288 </blockquote>
5289
5290 <hr>
5291
5292 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/unix/ChownDivideAndQuotas" rel="nofollow">The Unix divide over who gets to chown things, and (disk space) quotas</a></h3>
5293
5294 <blockquote>
5295 <p>One of the famous big splits between the BSD Unix world and the System V world is whether ordinary users can use chown (the command and the system call) to give away their own files. In System V derived Unixes you were generally allowed to; in BSD derived Unixes you weren't. Until I looked it up now to make sure, I thought that BSD changed this behavior from V7 and that V7 had an unrestricted chown. However, this turns out to be wrong; in V7 Unix, chown(2) was restricted to root only.</p>
5296 </blockquote>
5297
5298 <hr>
5299
5300 <h3><a href="https://www.ixsystems.com/blog/truenas-bugs-and-suggestions/" rel="nofollow">You Can Influence the TrueNAS CORE Roadmap!</a></h3>
5301
5302 <blockquote>
5303 <p>As many of you know, we’ve historically had three ticket types available in our tracker: Bugs, Features, and Improvements, which are all fairly self-explanatory. After some discussion internally, we’ve decided to implement a new type of ticket, a “Suggestion”. These will be replacing Feature and Improvement requests for the TrueNAS Community, simplifying things down to two options: Bugs and Suggestions. This change also introduces a slightly different workflow than before.</p>
5304
5305 <hr>
5306 </blockquote>
5307
5308 <h2>Beastie Bits</h2>
5309
5310 <ul>
5311 <li><a href="https://www.youtube.com/watch?v=EFrlG3CUKFQ" rel="nofollow">FreeNAS Spare Parts Build: Testing ZFS With Imbalanced VDEVs and Mismatched Drives</a></li>
5312 <li><a href="https://undeadly.org/cgi?action=article;sid=20200512074150" rel="nofollow">TLSv1.3 server code enabled in LibreSSL in -current</a></li>
5313 <li><a href="https://itsfoss.com/freebsd-interview-deb-goodkin/" rel="nofollow">Interview with Deb Goodkin</a>
5314 ***</li>
5315 </ul>
5316
5317 <h2>Feedback/Questions</h2>
5318
5319 <ul>
5320 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/351/feedback/Bostjan%20-%20WireGaurd.md" rel="nofollow">Bostjan - WireGaurd</a></li>
5321 <li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/351/feedback/Chad%20-%20ZFS%20Pool%20Design.md" rel="nofollow">Chad - ZFS Pool Design</a></li>
5322 <li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/351/feedback/Pedreo%20-%20Scale%20FreeBSD%20Jails.md" rel="nofollow">Pedreo - Scale FreeBSD Jails</a></p>
5323
5324 <hr></li>
5325 <li><p>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></p></li>
5326 </ul>
5327
5328 <hr>]]>
5329 </itunes:summary>
5330 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+_SI7MUnf</fireside:playerURL>
5331 <fireside:playerEmbedCode>
5332 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+_SI7MUnf" width="740" height="200" frameborder="0" scrolling="no">]]>
5333 </fireside:playerEmbedCode>
5334 </item>
5335 <item>
5336 <title>350: Speedy Bridges</title>
5337 <link>https://www.bsdnow.tv/350</link>
5338 <guid isPermaLink="false">49114e72-83f1-43b6-ae71-9e608a059b3e</guid>
5339 <pubDate>Thu, 14 May 2020 05:00:00 -0700</pubDate>
5340 <author>Allan Jude</author>
5341 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/49114e72-83f1-43b6-ae71-9e608a059b3e.mp3" length="37173656" type="audio/mpeg"/>
5342 <itunes:episodeType>full</itunes:episodeType>
5343 <itunes:author>Allan Jude</itunes:author>
5344 <itunes:subtitle>5x if_bridge Performance Improvement, How Unix Won, Understanding VLAN Configuration on FreeBSD, Using bhyve PCI passthrough on OmniOS, TrueNAS 11.3-U2 Available, and more.</itunes:subtitle>
5345 <itunes:duration>34:40</itunes:duration>
5346 <itunes:explicit>no</itunes:explicit>
5347 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
5348 <description>5x if_bridge Performance Improvement, How Unix Won, Understanding VLAN Configuration on FreeBSD, Using bhyve PCI passthrough on OmniOS, TrueNAS 11.3-U2 Available, and more.
5349 Headlines
5350 5x if_bridge Performance Improvement (https://www.freebsdfoundation.org/blog/500-if_bridge-performance-improvement/)
5351 With FreeBSD Foundation grant, Kristof Provost harnesses new parallel techniques to uncork performance bottleneck
5352 + Kristof also streamed some of his work, providing an interesting insight into how such development work happens
5353 + > https://www.twitch.tv/provostk/videos
5354 How Unix Won (https://blog.vivekhaldar.com/post/617189040564928512/how-unix-won)
5355 +> Unix has won in every conceivable way. And in true mythic style, it contains the seeds of its own eclipse. This is my subjective historical narrative of how that happened.
5356 I’m using the name “Unix” to include the entire family of operating systems descended from it, or that have been heavily influenced by it. That includes Linux, SunOS, Solaris, BSD, Mac OS X, and many, many others.
5357 Both major mobile OSs, Android and iOS, have Unix roots. Their billions of users dwarf those using clunky things like laptops and desktops, but even there, Windows is only the non-Unix viable OS. Almost everything running server-side in giant datacenters is Linux.
5358 How did Unix win?
5359 News Roundup
5360 Check logs of central syslog-ng log host on FreeBSD (https://blog.socruel.nu/freebsd/check-logs-of-syslog-ng-log-host-on-freebsd.html)
5361 This blog post continues where the blog post A central log host with syslog-ng on FreeBSD left off. Open source solutions to check syslog log messages exist, such as Logcheck or Logwatch. Although these are not to difficult to implement and maintain, I still found these to much. So I went for my own home grown solution to check the syslog messages of the SoCruel.NU central log host. And the solution presented in this blog post works pretty well for me!
5362 Understanding VLAN Configuration on FreeBSD (https://genneko.github.io/playing-with-bsd/networking/freebsd-vlan/)
5363 Until recently, I’ve never had a chance to use VLANs on FreeBSD hosts, though I sometimes configure them on ethernet switches.
5364 But when I was playing with vnet jails, I suddenly got interested in VLAN configuration on FreeBSD and experimented with it for some time.
5365 I wrote this short article to summarize my current understanding of how to configure VLANs on FreeBSD.
5366 Using bhyve PCI passthrough on OmniOS (https://www.cyber-tec.org/2019/05/29/using-bhyve-pci-passthrough-on-omnios/)
5367 Some hardware is not supported in illumos yet, but luckily there is bhyve which supports pci passthrough to any guest operating system. To continue with my OmniOS desktop on "modern" hardware I would love wifi support, so why not using a bhyve guest as router zone which provide the required drivers?
5368 TrueNAS 11.3-U2 is Generally Available (https://www.ixsystems.com/blog/truenas-11-3-u2-is-available/)
5369 TrueNAS 11.3-U2.1 is generally available as of 4/22/2020. This update is based on FreeNAS 11.3-U2 which has had over 50k deployments and received excellent community and third party reviews. The Release Notes are available on the iXsystems.com website.
5370 Beastie Bits
5371 HardenedBSD April 2020 Status Report (https://hardenedbsd.org/article/shawn-webb/2020-04-24/hardenedbsd-april-2020-status-report)
5372 NYC Bug’s Mailing List - Listing of open Dev Jobs (http://lists.nycbug.org/pipermail/jobs/2020-April/000553.html)
5373 Feedback/Questions
5374 Greg - Lenovo (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/350/feedback/Greg%20-%20Lenovos.md)
5375 Matt - BSD Packaging (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/350/feedback/Matt%20-%20BSD%20Packaging.md)
5376 Morgan - Performance (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/350/feedback/Morgan%20-%20Performance.md)
5377 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
5378 </description>
5379 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, unix, bsd, interview, crash, crash dump, encryption, encrypted, dev environment, kernel development, TrueNAS</itunes:keywords>
5380 <content:encoded>
5381 <![CDATA[<p>5x if_bridge Performance Improvement, How Unix Won, Understanding VLAN Configuration on FreeBSD, Using bhyve PCI passthrough on OmniOS, TrueNAS 11.3-U2 Available, and more.</p>
5382
5383 <h2>Headlines</h2>
5384
5385 <h3><a href="https://www.freebsdfoundation.org/blog/500-if_bridge-performance-improvement/" rel="nofollow">5x if_bridge Performance Improvement</a></h3>
5386
5387 <blockquote>
5388 <p>With FreeBSD Foundation grant, Kristof Provost harnesses new parallel techniques to uncork performance bottleneck </p>
5389
5390 <ul>
5391 <li>Kristof also streamed some of his work, providing an interesting insight into how such development work happens</li>
5392 <li>> <a href="https://www.twitch.tv/provostk/videos" rel="nofollow">https://www.twitch.tv/provostk/videos</a>
5393 ***</li>
5394 </ul>
5395 </blockquote>
5396
5397 <h3><a href="https://blog.vivekhaldar.com/post/617189040564928512/how-unix-won" rel="nofollow">How Unix Won</a></h3>
5398
5399 <p>+> Unix has won in every conceivable way. And in true mythic style, it contains the seeds of its own eclipse. This is my subjective historical narrative of how that happened.</p>
5400
5401 <blockquote>
5402 <p>I’m using the name “Unix” to include the entire family of operating systems descended from it, or that have been heavily influenced by it. That includes Linux, SunOS, Solaris, BSD, Mac OS X, and many, many others.<br>
5403 Both major mobile OSs, Android and iOS, have Unix roots. Their billions of users dwarf those using clunky things like laptops and desktops, but even there, Windows is only the non-Unix viable OS. Almost everything running server-side in giant datacenters is Linux.<br>
5404 How did Unix win?</p>
5405
5406 <hr>
5407 </blockquote>
5408
5409 <h2>News Roundup</h2>
5410
5411 <h3><a href="https://blog.socruel.nu/freebsd/check-logs-of-syslog-ng-log-host-on-freebsd.html" rel="nofollow">Check logs of central syslog-ng log host on FreeBSD</a></h3>
5412
5413 <blockquote>
5414 <p>This blog post continues where the blog post A central log host with syslog-ng on FreeBSD left off. Open source solutions to check syslog log messages exist, such as Logcheck or Logwatch. Although these are not to difficult to implement and maintain, I still found these to much. So I went for my own home grown solution to check the syslog messages of the SoCruel.NU central log host. And the solution presented in this blog post works pretty well for me!</p>
5415
5416 <hr>
5417 </blockquote>
5418
5419 <h3><a href="https://genneko.github.io/playing-with-bsd/networking/freebsd-vlan/" rel="nofollow">Understanding VLAN Configuration on FreeBSD</a></h3>
5420
5421 <blockquote>
5422 <p>Until recently, I’ve never had a chance to use VLANs on FreeBSD hosts, though I sometimes configure them on ethernet switches.<br>
5423 But when I was playing with vnet jails, I suddenly got interested in VLAN configuration on FreeBSD and experimented with it for some time.<br>
5424 I wrote this short article to summarize my current understanding of how to configure VLANs on FreeBSD.</p>
5425
5426 <hr>
5427 </blockquote>
5428
5429 <h3><a href="https://www.cyber-tec.org/2019/05/29/using-bhyve-pci-passthrough-on-omnios/" rel="nofollow">Using bhyve PCI passthrough on OmniOS</a></h3>
5430
5431 <blockquote>
5432 <p>Some hardware is not supported in illumos yet, but luckily there is bhyve which supports pci passthrough to any guest operating system. To continue with my OmniOS desktop on "modern" hardware I would love wifi support, so why not using a bhyve guest as router zone which provide the required drivers?</p>
5433
5434 <hr>
5435 </blockquote>
5436
5437 <h3><a href="https://www.ixsystems.com/blog/truenas-11-3-u2-is-available/" rel="nofollow">TrueNAS 11.3-U2 is Generally Available</a></h3>
5438
5439 <blockquote>
5440 <p>TrueNAS 11.3-U2.1 is generally available as of 4/22/2020. This update is based on FreeNAS 11.3-U2 which has had over 50k deployments and received excellent community and third party reviews. The Release Notes are available on the iXsystems.com website.</p>
5441
5442 <hr>
5443 </blockquote>
5444
5445 <h2>Beastie Bits</h2>
5446
5447 <p><a href="https://hardenedbsd.org/article/shawn-webb/2020-04-24/hardenedbsd-april-2020-status-report" rel="nofollow">HardenedBSD April 2020 Status Report</a><br>
5448 <a href="http://lists.nycbug.org/pipermail/jobs/2020-April/000553.html" rel="nofollow">NYC Bug’s Mailing List - Listing of open Dev Jobs</a></p>
5449
5450 <hr>
5451
5452 <h2>Feedback/Questions</h2>
5453
5454 <ul>
5455 <li>Greg - <a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/350/feedback/Greg%20-%20Lenovos.md" rel="nofollow">Lenovo</a></li>
5456 <li>Matt - <a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/350/feedback/Matt%20-%20BSD%20Packaging.md" rel="nofollow">BSD Packaging</a></li>
5457 <li><p>Morgan - <a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/350/feedback/Morgan%20-%20Performance.md" rel="nofollow">Performance</a></p>
5458
5459 <hr></li>
5460 <li><p>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></p>
5461
5462 <hr></li>
5463 </ul>]]>
5464 </content:encoded>
5465 <itunes:summary>
5466 <![CDATA[<p>5x if_bridge Performance Improvement, How Unix Won, Understanding VLAN Configuration on FreeBSD, Using bhyve PCI passthrough on OmniOS, TrueNAS 11.3-U2 Available, and more.</p>
5467
5468 <h2>Headlines</h2>
5469
5470 <h3><a href="https://www.freebsdfoundation.org/blog/500-if_bridge-performance-improvement/" rel="nofollow">5x if_bridge Performance Improvement</a></h3>
5471
5472 <blockquote>
5473 <p>With FreeBSD Foundation grant, Kristof Provost harnesses new parallel techniques to uncork performance bottleneck </p>
5474
5475 <ul>
5476 <li>Kristof also streamed some of his work, providing an interesting insight into how such development work happens</li>
5477 <li>> <a href="https://www.twitch.tv/provostk/videos" rel="nofollow">https://www.twitch.tv/provostk/videos</a>
5478 ***</li>
5479 </ul>
5480 </blockquote>
5481
5482 <h3><a href="https://blog.vivekhaldar.com/post/617189040564928512/how-unix-won" rel="nofollow">How Unix Won</a></h3>
5483
5484 <p>+> Unix has won in every conceivable way. And in true mythic style, it contains the seeds of its own eclipse. This is my subjective historical narrative of how that happened.</p>
5485
5486 <blockquote>
5487 <p>I’m using the name “Unix” to include the entire family of operating systems descended from it, or that have been heavily influenced by it. That includes Linux, SunOS, Solaris, BSD, Mac OS X, and many, many others.<br>
5488 Both major mobile OSs, Android and iOS, have Unix roots. Their billions of users dwarf those using clunky things like laptops and desktops, but even there, Windows is only the non-Unix viable OS. Almost everything running server-side in giant datacenters is Linux.<br>
5489 How did Unix win?</p>
5490
5491 <hr>
5492 </blockquote>
5493
5494 <h2>News Roundup</h2>
5495
5496 <h3><a href="https://blog.socruel.nu/freebsd/check-logs-of-syslog-ng-log-host-on-freebsd.html" rel="nofollow">Check logs of central syslog-ng log host on FreeBSD</a></h3>
5497
5498 <blockquote>
5499 <p>This blog post continues where the blog post A central log host with syslog-ng on FreeBSD left off. Open source solutions to check syslog log messages exist, such as Logcheck or Logwatch. Although these are not to difficult to implement and maintain, I still found these to much. So I went for my own home grown solution to check the syslog messages of the SoCruel.NU central log host. And the solution presented in this blog post works pretty well for me!</p>
5500
5501 <hr>
5502 </blockquote>
5503
5504 <h3><a href="https://genneko.github.io/playing-with-bsd/networking/freebsd-vlan/" rel="nofollow">Understanding VLAN Configuration on FreeBSD</a></h3>
5505
5506 <blockquote>
5507 <p>Until recently, I’ve never had a chance to use VLANs on FreeBSD hosts, though I sometimes configure them on ethernet switches.<br>
5508 But when I was playing with vnet jails, I suddenly got interested in VLAN configuration on FreeBSD and experimented with it for some time.<br>
5509 I wrote this short article to summarize my current understanding of how to configure VLANs on FreeBSD.</p>
5510
5511 <hr>
5512 </blockquote>
5513
5514 <h3><a href="https://www.cyber-tec.org/2019/05/29/using-bhyve-pci-passthrough-on-omnios/" rel="nofollow">Using bhyve PCI passthrough on OmniOS</a></h3>
5515
5516 <blockquote>
5517 <p>Some hardware is not supported in illumos yet, but luckily there is bhyve which supports pci passthrough to any guest operating system. To continue with my OmniOS desktop on "modern" hardware I would love wifi support, so why not using a bhyve guest as router zone which provide the required drivers?</p>
5518
5519 <hr>
5520 </blockquote>
5521
5522 <h3><a href="https://www.ixsystems.com/blog/truenas-11-3-u2-is-available/" rel="nofollow">TrueNAS 11.3-U2 is Generally Available</a></h3>
5523
5524 <blockquote>
5525 <p>TrueNAS 11.3-U2.1 is generally available as of 4/22/2020. This update is based on FreeNAS 11.3-U2 which has had over 50k deployments and received excellent community and third party reviews. The Release Notes are available on the iXsystems.com website.</p>
5526
5527 <hr>
5528 </blockquote>
5529
5530 <h2>Beastie Bits</h2>
5531
5532 <p><a href="https://hardenedbsd.org/article/shawn-webb/2020-04-24/hardenedbsd-april-2020-status-report" rel="nofollow">HardenedBSD April 2020 Status Report</a><br>
5533 <a href="http://lists.nycbug.org/pipermail/jobs/2020-April/000553.html" rel="nofollow">NYC Bug’s Mailing List - Listing of open Dev Jobs</a></p>
5534
5535 <hr>
5536
5537 <h2>Feedback/Questions</h2>
5538
5539 <ul>
5540 <li>Greg - <a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/350/feedback/Greg%20-%20Lenovos.md" rel="nofollow">Lenovo</a></li>
5541 <li>Matt - <a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/350/feedback/Matt%20-%20BSD%20Packaging.md" rel="nofollow">BSD Packaging</a></li>
5542 <li><p>Morgan - <a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/350/feedback/Morgan%20-%20Performance.md" rel="nofollow">Performance</a></p>
5543
5544 <hr></li>
5545 <li><p>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></p>
5546
5547 <hr></li>
5548 </ul>]]>
5549 </itunes:summary>
5550 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+imj6JsXN</fireside:playerURL>
5551 <fireside:playerEmbedCode>
5552 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+imj6JsXN" width="740" height="200" frameborder="0" scrolling="no">]]>
5553 </fireside:playerEmbedCode>
5554 </item>
5555 <item>
5556 <title>349: Entropy Overhaul</title>
5557 <link>https://www.bsdnow.tv/349</link>
5558 <guid isPermaLink="false">468d2fe0-ed8f-4e89-aaae-8aa4a0fbf66f</guid>
5559 <pubDate>Thu, 07 May 2020 05:00:00 -0700</pubDate>
5560 <author>Allan Jude</author>
5561 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/468d2fe0-ed8f-4e89-aaae-8aa4a0fbf66f.mp3" length="41444019" type="audio/mp3"/>
5562 <itunes:episodeType>full</itunes:episodeType>
5563 <itunes:author>Allan Jude</itunes:author>
5564 <itunes:subtitle>Encrypted Crash Dumps in FreeBSD, Time on Unix, Improve ZVOL sync write performance with a taskq, central log host with syslog-ng, NetBSD Entropy overhaul, Setting Up NetBSD Kernel Dev Environment, and more.</itunes:subtitle>
5565 <itunes:duration>57:33</itunes:duration>
5566 <itunes:explicit>no</itunes:explicit>
5567 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
5568 <description>Encrypted Crash Dumps in FreeBSD, Time on Unix, Improve ZVOL sync write performance with a taskq, central log host with syslog-ng, NetBSD Entropy overhaul, Setting Up NetBSD Kernel Dev Environment, and more.
5569 Headlines
5570 EKCD - Encrypted Crash Dumps in FreeBSD (https://oshogbo.vexillium.org/blog/74/)
5571 Some time ago, I was describing how to configure networking crash dumps. In that post, I mentioned that there is also the possibility to encrypt crash dumps. Today we will look into this functionality. Initially, it was implemented during Google Summer of Code 2013 by my friend Konrad Witaszczyk, who made it available in FreeBSD 12. If you can understand Polish, you can also look into his presentation on BSD-PL on which he gave a comprehensive review of all kernel crash dumps features.
5572 The main issue with crash dumps is that they may include sensitive information available in memory during a crash. They will contain all the data from the kernel and the userland, like passwords, private keys, etc. While dumping them, they are written to unencrypted storage, so if somebody took out the hard drive, they could access sensitive data. If you are sending a crash dump through the network, it may be captured by third parties. Locally the data are written directly to a dump device, skipping the GEOM subsystem. The purpose of that is to allow a kernel to write a crash dump even in case a panic occurs in the GEOM subsystem. It means that a crash dump cannot be automatically encrypted with GELI.
5573 Time on Unix (https://venam.nixers.net/blog/unix/2020/05/02/time-on-unix.html)
5574 Time, a word that is entangled in everything in our lives, something we’re intimately familiar with. Keeping track of it is important for many activities we do.
5575 Over millennia we’ve developed different ways to calculate it. Most prominently, we’ve relied on the position the sun appears to be at in the sky, what is called apparent solar time.
5576 We’ve decided to split it as seasons pass, counting one full cycle of the 4 seasons as a year, a full rotation around the sun. We’ve also divided the passing of light to the lack thereof as days, a rotation of the earth on itself. Moving on to more precise clock divisions such as seconds, minutes, and hours, units that meant different things at different points in history. Ultimately, as travel got faster, the different ways of counting time that evolved in multiple places had to converge. People had to agree on what it all meant.
5577 See the article for more
5578 News Roundup
5579 Improve ZVOL sync write performance by using a taskq (https://github.com/openzfs/zfs/commit/0929c4de398606f8305057ca540cf577e6771c30)
5580 A central log host with syslog-ng on FreeBSD - Part 1 (https://blog.socruel.nu/freebsd/a-central-log-host-with-syslog-ng-on-freebsd.html)
5581 syslog-ng is the Swiss army knife of log management. You can collect logs from any source, process them in real time and deliver them to wide range of destinations. It allows you to flexibly collect, parse, classify, rewrite and correlate logs from across your infrastructure. This is why syslog-ng is the perfect solution for the central log host of my (mainly) FreeBSD based infrastructure.
5582 HEADS UP: NetBSD Entropy Overhaul (https://mail-index.netbsd.org/current-users/2020/05/01/msg038495.html)
5583 This week I committed an overhaul of the kernel entropy system. Please let me know if you observe any snags! For the technical background, see the thread on tech-kern a few months ago: https://mail-index.NetBSD.org/tech-kern/2019/12/21/msg025876.html.
5584 Setting Up NetBSD Kernel Dev Environment (https://adityapadala.com/2020/04/20/Setting-Up-NetBSD-Kernel-Dev-Environment/)
5585 I used T_PAGEFLT’s blog post as a reference for setting my NetBSD kernel development environment since his website is down I’m putting down the steps here so it would be helpful for starters.
5586 Beastie Bits
5587 You can now use ccache to speed up dsynth even more. (https://www.dragonflydigest.com/2020/05/04/24480.html)
5588 Improving libossaudio, and the future of OSS in NetBSD (http://blog.netbsd.org/tnf/entry/improving_libossaudio_and_the_future)
5589 DragonFlyBSD DHCPCD Import dhcpcd-9.0.2 with the following changes (http://lists.dragonflybsd.org/pipermail/commits/2020-April/769021.html)
5590 Reminder: watch this space for upcoming FreeBSD Office Hours, next is May 13th at 2pm Eastern, 18:00 UTC (https://wiki.freebsd.org/OfficeHours)
5591 Feedback/Questions
5592 Ghislain - ZFS Question (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/349/feedback/Ghislain%20-%20ZFS%20Question.md)
5593 Jake - Paypal Donations (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/349/feedback/Jake%20-%20Paypal%20Donations.md)
5594 Oswin - Hammer tutorial (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/349/feedback/Oswin%20-%20Hammer%20tutorial.md)
5595 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
5596 <video controls preload="metadata" style=" width:426px; height:240px;">
5597 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0348.mp4" type="video/mp4">
5598 Your browser does not support the HTML5 video tag.
5599 </video>
5600 </description>
5601 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, crash, crash dump, encryption, encrypted, unix time, zvol, sync, synchronous, sync write, taskq, syslog, syslog-ng, log host, entropy, entropy overhaul, dev environment, kernel development</itunes:keywords>
5602 <content:encoded>
5603 <![CDATA[<p>Encrypted Crash Dumps in FreeBSD, Time on Unix, Improve ZVOL sync write performance with a taskq, central log host with syslog-ng, NetBSD Entropy overhaul, Setting Up NetBSD Kernel Dev Environment, and more.</p>
5604
5605 <h2>Headlines</h2>
5606
5607 <h3><a href="https://oshogbo.vexillium.org/blog/74/" rel="nofollow">EKCD - Encrypted Crash Dumps in FreeBSD</a></h3>
5608
5609 <blockquote>
5610 <p>Some time ago, I was describing how to configure networking crash dumps. In that post, I mentioned that there is also the possibility to encrypt crash dumps. Today we will look into this functionality. Initially, it was implemented during Google Summer of Code 2013 by my friend Konrad Witaszczyk, who made it available in FreeBSD 12. If you can understand Polish, you can also look into his presentation on BSD-PL on which he gave a comprehensive review of all kernel crash dumps features.</p>
5611
5612 <p>The main issue with crash dumps is that they may include sensitive information available in memory during a crash. They will contain all the data from the kernel and the userland, like passwords, private keys, etc. While dumping them, they are written to unencrypted storage, so if somebody took out the hard drive, they could access sensitive data. If you are sending a crash dump through the network, it may be captured by third parties. Locally the data are written directly to a dump device, skipping the GEOM subsystem. The purpose of that is to allow a kernel to write a crash dump even in case a panic occurs in the GEOM subsystem. It means that a crash dump cannot be automatically encrypted with GELI.</p>
5613 </blockquote>
5614
5615 <hr>
5616
5617 <h3><a href="https://venam.nixers.net/blog/unix/2020/05/02/time-on-unix.html" rel="nofollow">Time on Unix</a></h3>
5618
5619 <blockquote>
5620 <p>Time, a word that is entangled in everything in our lives, something we’re intimately familiar with. Keeping track of it is important for many activities we do.</p>
5621
5622 <p>Over millennia we’ve developed different ways to calculate it. Most prominently, we’ve relied on the position the sun appears to be at in the sky, what is called apparent solar time.</p>
5623
5624 <p>We’ve decided to split it as seasons pass, counting one full cycle of the 4 seasons as a year, a full rotation around the sun. We’ve also divided the passing of light to the lack thereof as days, a rotation of the earth on itself. Moving on to more precise clock divisions such as seconds, minutes, and hours, units that meant different things at different points in history. Ultimately, as travel got faster, the different ways of counting time that evolved in multiple places had to converge. People had to agree on what it all meant.</p>
5625 </blockquote>
5626
5627 <p>See the article for more</p>
5628
5629 <hr>
5630
5631 <h2>News Roundup</h2>
5632
5633 <h3><a href="https://github.com/openzfs/zfs/commit/0929c4de398606f8305057ca540cf577e6771c30" rel="nofollow">Improve ZVOL sync write performance by using a taskq</a></h3>
5634
5635 <hr>
5636
5637 <h3><a href="https://blog.socruel.nu/freebsd/a-central-log-host-with-syslog-ng-on-freebsd.html" rel="nofollow">A central log host with syslog-ng on FreeBSD - Part 1</a></h3>
5638
5639 <blockquote>
5640 <p>syslog-ng is the Swiss army knife of log management. You can collect logs from any source, process them in real time and deliver them to wide range of destinations. It allows you to flexibly collect, parse, classify, rewrite and correlate logs from across your infrastructure. This is why syslog-ng is the perfect solution for the central log host of my (mainly) FreeBSD based infrastructure.</p>
5641 </blockquote>
5642
5643 <hr>
5644
5645 <h3><a href="https://mail-index.netbsd.org/current-users/2020/05/01/msg038495.html" rel="nofollow">HEADS UP: NetBSD Entropy Overhaul</a></h3>
5646
5647 <blockquote>
5648 <p>This week I committed an overhaul of the kernel entropy system. Please let me know if you observe any snags! For the technical background, see the thread on tech-kern a few months ago: <a href="https://mail-index.NetBSD.org/tech-kern/2019/12/21/msg025876.html" rel="nofollow">https://mail-index.NetBSD.org/tech-kern/2019/12/21/msg025876.html</a>.</p>
5649 </blockquote>
5650
5651 <hr>
5652
5653 <h3><a href="https://adityapadala.com/2020/04/20/Setting-Up-NetBSD-Kernel-Dev-Environment/" rel="nofollow">Setting Up NetBSD Kernel Dev Environment</a></h3>
5654
5655 <blockquote>
5656 <p>I used T_PAGEFLT’s blog post as a reference for setting my NetBSD kernel development environment since his website is down I’m putting down the steps here so it would be helpful for starters.</p>
5657 </blockquote>
5658
5659 <hr>
5660
5661 <h2>Beastie Bits</h2>
5662
5663 <ul>
5664 <li><a href="https://www.dragonflydigest.com/2020/05/04/24480.html" rel="nofollow">You can now use ccache to speed up dsynth even more.</a></li>
5665 <li><a href="http://blog.netbsd.org/tnf/entry/improving_libossaudio_and_the_future" rel="nofollow">Improving libossaudio, and the future of OSS in NetBSD</a></li>
5666 <li><a href="http://lists.dragonflybsd.org/pipermail/commits/2020-April/769021.html" rel="nofollow">DragonFlyBSD DHCPCD Import dhcpcd-9.0.2 with the following changes</a></li>
5667 <li><a href="https://wiki.freebsd.org/OfficeHours" rel="nofollow">Reminder: watch this space for upcoming FreeBSD Office Hours, next is May 13th at 2pm Eastern, 18:00 UTC</a></li>
5668 </ul>
5669
5670 <hr>
5671
5672 <h2>Feedback/Questions</h2>
5673
5674 <ul>
5675 <li>Ghislain - <a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/349/feedback/Ghislain%20-%20ZFS%20Question.md" rel="nofollow">ZFS Question</a></li>
5676 <li>Jake - <a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/349/feedback/Jake%20-%20Paypal%20Donations.md" rel="nofollow">Paypal Donations</a></li>
5677 <li>Oswin - <a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/349/feedback/Oswin%20-%20Hammer%20tutorial.md" rel="nofollow">Hammer tutorial</a></li>
5678 </ul>
5679
5680 <hr>
5681
5682 <ul>
5683 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
5684 </ul>
5685
5686 <hr>
5687
5688 <video controls preload="metadata" style=" width:426px; height:240px;">
5689 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0348.mp4" type="video/mp4">
5690 Your browser does not support the HTML5 video tag.
5691 </video>]]>
5692 </content:encoded>
5693 <itunes:summary>
5694 <![CDATA[<p>Encrypted Crash Dumps in FreeBSD, Time on Unix, Improve ZVOL sync write performance with a taskq, central log host with syslog-ng, NetBSD Entropy overhaul, Setting Up NetBSD Kernel Dev Environment, and more.</p>
5695
5696 <h2>Headlines</h2>
5697
5698 <h3><a href="https://oshogbo.vexillium.org/blog/74/" rel="nofollow">EKCD - Encrypted Crash Dumps in FreeBSD</a></h3>
5699
5700 <blockquote>
5701 <p>Some time ago, I was describing how to configure networking crash dumps. In that post, I mentioned that there is also the possibility to encrypt crash dumps. Today we will look into this functionality. Initially, it was implemented during Google Summer of Code 2013 by my friend Konrad Witaszczyk, who made it available in FreeBSD 12. If you can understand Polish, you can also look into his presentation on BSD-PL on which he gave a comprehensive review of all kernel crash dumps features.</p>
5702
5703 <p>The main issue with crash dumps is that they may include sensitive information available in memory during a crash. They will contain all the data from the kernel and the userland, like passwords, private keys, etc. While dumping them, they are written to unencrypted storage, so if somebody took out the hard drive, they could access sensitive data. If you are sending a crash dump through the network, it may be captured by third parties. Locally the data are written directly to a dump device, skipping the GEOM subsystem. The purpose of that is to allow a kernel to write a crash dump even in case a panic occurs in the GEOM subsystem. It means that a crash dump cannot be automatically encrypted with GELI.</p>
5704 </blockquote>
5705
5706 <hr>
5707
5708 <h3><a href="https://venam.nixers.net/blog/unix/2020/05/02/time-on-unix.html" rel="nofollow">Time on Unix</a></h3>
5709
5710 <blockquote>
5711 <p>Time, a word that is entangled in everything in our lives, something we’re intimately familiar with. Keeping track of it is important for many activities we do.</p>
5712
5713 <p>Over millennia we’ve developed different ways to calculate it. Most prominently, we’ve relied on the position the sun appears to be at in the sky, what is called apparent solar time.</p>
5714
5715 <p>We’ve decided to split it as seasons pass, counting one full cycle of the 4 seasons as a year, a full rotation around the sun. We’ve also divided the passing of light to the lack thereof as days, a rotation of the earth on itself. Moving on to more precise clock divisions such as seconds, minutes, and hours, units that meant different things at different points in history. Ultimately, as travel got faster, the different ways of counting time that evolved in multiple places had to converge. People had to agree on what it all meant.</p>
5716 </blockquote>
5717
5718 <p>See the article for more</p>
5719
5720 <hr>
5721
5722 <h2>News Roundup</h2>
5723
5724 <h3><a href="https://github.com/openzfs/zfs/commit/0929c4de398606f8305057ca540cf577e6771c30" rel="nofollow">Improve ZVOL sync write performance by using a taskq</a></h3>
5725
5726 <hr>
5727
5728 <h3><a href="https://blog.socruel.nu/freebsd/a-central-log-host-with-syslog-ng-on-freebsd.html" rel="nofollow">A central log host with syslog-ng on FreeBSD - Part 1</a></h3>
5729
5730 <blockquote>
5731 <p>syslog-ng is the Swiss army knife of log management. You can collect logs from any source, process them in real time and deliver them to wide range of destinations. It allows you to flexibly collect, parse, classify, rewrite and correlate logs from across your infrastructure. This is why syslog-ng is the perfect solution for the central log host of my (mainly) FreeBSD based infrastructure.</p>
5732 </blockquote>
5733
5734 <hr>
5735
5736 <h3><a href="https://mail-index.netbsd.org/current-users/2020/05/01/msg038495.html" rel="nofollow">HEADS UP: NetBSD Entropy Overhaul</a></h3>
5737
5738 <blockquote>
5739 <p>This week I committed an overhaul of the kernel entropy system. Please let me know if you observe any snags! For the technical background, see the thread on tech-kern a few months ago: <a href="https://mail-index.NetBSD.org/tech-kern/2019/12/21/msg025876.html" rel="nofollow">https://mail-index.NetBSD.org/tech-kern/2019/12/21/msg025876.html</a>.</p>
5740 </blockquote>
5741
5742 <hr>
5743
5744 <h3><a href="https://adityapadala.com/2020/04/20/Setting-Up-NetBSD-Kernel-Dev-Environment/" rel="nofollow">Setting Up NetBSD Kernel Dev Environment</a></h3>
5745
5746 <blockquote>
5747 <p>I used T_PAGEFLT’s blog post as a reference for setting my NetBSD kernel development environment since his website is down I’m putting down the steps here so it would be helpful for starters.</p>
5748 </blockquote>
5749
5750 <hr>
5751
5752 <h2>Beastie Bits</h2>
5753
5754 <ul>
5755 <li><a href="https://www.dragonflydigest.com/2020/05/04/24480.html" rel="nofollow">You can now use ccache to speed up dsynth even more.</a></li>
5756 <li><a href="http://blog.netbsd.org/tnf/entry/improving_libossaudio_and_the_future" rel="nofollow">Improving libossaudio, and the future of OSS in NetBSD</a></li>
5757 <li><a href="http://lists.dragonflybsd.org/pipermail/commits/2020-April/769021.html" rel="nofollow">DragonFlyBSD DHCPCD Import dhcpcd-9.0.2 with the following changes</a></li>
5758 <li><a href="https://wiki.freebsd.org/OfficeHours" rel="nofollow">Reminder: watch this space for upcoming FreeBSD Office Hours, next is May 13th at 2pm Eastern, 18:00 UTC</a></li>
5759 </ul>
5760
5761 <hr>
5762
5763 <h2>Feedback/Questions</h2>
5764
5765 <ul>
5766 <li>Ghislain - <a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/349/feedback/Ghislain%20-%20ZFS%20Question.md" rel="nofollow">ZFS Question</a></li>
5767 <li>Jake - <a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/349/feedback/Jake%20-%20Paypal%20Donations.md" rel="nofollow">Paypal Donations</a></li>
5768 <li>Oswin - <a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/349/feedback/Oswin%20-%20Hammer%20tutorial.md" rel="nofollow">Hammer tutorial</a></li>
5769 </ul>
5770
5771 <hr>
5772
5773 <ul>
5774 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
5775 </ul>
5776
5777 <hr>
5778
5779 <video controls preload="metadata" style=" width:426px; height:240px;">
5780 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0348.mp4" type="video/mp4">
5781 Your browser does not support the HTML5 video tag.
5782 </video>]]>
5783 </itunes:summary>
5784 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+FD10Ly1u</fireside:playerURL>
5785 <fireside:playerEmbedCode>
5786 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+FD10Ly1u" width="740" height="200" frameborder="0" scrolling="no">]]>
5787 </fireside:playerEmbedCode>
5788 </item>
5789 <item>
5790 <title>348: BSD Community Collections</title>
5791 <link>https://www.bsdnow.tv/348</link>
5792 <guid isPermaLink="false">ed288ede-fe94-433f-85a4-6eebb8cb2478</guid>
5793 <pubDate>Thu, 30 Apr 2020 05:00:00 -0700</pubDate>
5794 <author>Allan Jude</author>
5795 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ed288ede-fe94-433f-85a4-6eebb8cb2478.mp3" length="43398814" type="audio/mp3"/>
5796 <itunes:episodeType>full</itunes:episodeType>
5797 <itunes:author>Allan Jude</itunes:author>
5798 <itunes:subtitle>FuryBSD 2020Q2 Images Available, Technical reasons to choose FreeBSD over GNU/Linux, Ars technica reviews GhostBSD, “TLS Mastery” sponsorships open, BSD community show their various collections, a tale of OpenBSD secure memory allocator internals, learn to stop worrying and love SSDs, and more.</itunes:subtitle>
5799 <itunes:duration>1:00:16</itunes:duration>
5800 <itunes:explicit>no</itunes:explicit>
5801 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
5802 <description>FuryBSD 2020Q2 Images Available, Technical reasons to choose FreeBSD over GNU/Linux, Ars technica reviews GhostBSD, “TLS Mastery” sponsorships open, BSD community show their various collections, a tale of OpenBSD secure memory allocator internals, learn to stop worrying and love SSDs, and more.
5803 Headlines
5804 FuryBSD 2020Q2 Images Available for XFCE and KDE (https://www.furybsd.org/furybsd-2020-q2-images-are-available-for-xfce-and-kde/)
5805 The Q2 2020 images are not a visible leap forward but a functional leap forward. Most effort was spent creating a better out of box experience for automatic Ethernet configuration, working WiFi, webcam, and improved hypervisor support.
5806 Technical reasons to choose FreeBSD over GNU/Linux (https://unixsheikh.com/articles/technical-reasons-to-choose-freebsd-over-linux.html)
5807 Since I wrote my article "Why you should migrate everything from Linux to BSD" I have been wanting to write something about the technical reasons to choose FreeBSD over GNU/Linux and while I cannot possibly cover every single reason, I can write about some of the things that I consider worth noting.
5808 News Roundup
5809 + Not actually Linux distro review deux: GhostBSD (https://arstechnica.com/gadgets/2020/04/not-actually-linux-distro-review-deux-ghostbsd/)
5810 When I began work on the FreeBSD 12.1-RELEASE review last week, it didn't take long to figure out that the desktop portion wasn't going very smoothly.
5811 I think it's important for BSD-curious users to know of easier, gentler alternatives, so I did a little looking around and settled on GhostBSD for a follow-up review.
5812 GhostBSD is based on TrueOS, which itself derives from FreeBSD Stable. It was originally a Canadian distro, but—like most successful distributions—it has transcended its country of origin and can now be considered worldwide. Significant GhostBSD development takes place now in Canada, Italy, Germany, and the United States.
5813 “TLS Mastery” sponsorships open (https://mwl.io/archives/6265)
5814 My next book will be TLS Mastery, all about Transport Layer Encryption, Let’s Encrypt, OCSP, and so on.
5815 This should be a shorter book, more like my DNSSEC or Tarsnap titles, or the first edition of Sudo Mastery. I would like a break from writing doorstops like the SNMP and jails books.
5816 JT (our producer) shared his Open Source Retail Box Collection on twitter this past weekend and there was a nice response from a few in the BSD Community showing their collections:
5817 JT's post: https://twitter.com/q5sys/status/1251194823589138432
5818 High Resolution Image to see the bottom shelf better: https://photos.smugmug.com/photos/i-9QTs2RR/0/f1742096/O/i-9QTs2RR.jpg
5819 Closeup of the BSD Section: https://twitter.com/q5sys/status/1251294290782928897
5820 Others jumped in with their collections:
5821 Deb Goodkin's collection: https://twitter.com/dgoodkin/status/1251294016139743232 & https://twitter.com/dgoodkin/status/1251298125672660992
5822 FreeBSD Frau's FreeBSD Collection: https://twitter.com/freebsdfrau/status/1251290430475350018
5823 Jason Tubnor's OpenBSD Collection: https://twitter.com/Tubsta/status/1251265902214918144
5824 Do you have a nice collection, take a picture and send it in!
5825 Tale of OpenBSD secure memory allocator internals - malloc(3) (https://bsdb0y.github.io/blog/deep-dive-into-the-OpenBSD-malloc-and-friends-internals-part-1.html)
5826 Hi there,
5827 It's been a very long time I haven't written anything after my last OpenBSD blogs, that is,
5828 OpenBSD Kernel Internals — Creation of process from user-space to kernel space.
5829 OpenBSD: Introduction to execpromises in the pledge(2)
5830 pledge(2): OpenBSD's defensive approach to OS Security
5831 So, again I started reading OpenBSD source codes with debugger after reducing my sleep timings and managing to get some time after professional life. This time I have picked one of my favourite item from my wishlist to learn and share, that is, OpenBSD malloc(3), secure allocator
5832 How I learned to stop worrying and love SSDs (https://www.ixsystems.com/community/threads/how-i-learned-to-stop-worrying-and-love-ssds.82617/)
5833 my home FreeNAS runs two pools for data. One RAIDZ2 with four spinning disk drives and one mirror with two SSDs. Toying with InfluxDB and Grafana in the last couple of days I found that I seem to have a constant write load of 1 Megabyte (!) per second on the SSDs. What the ...?
5834 So I run three VMs on the SSDs in total. One with Windows 10, two with Ubuntu running Confluence, A wiki essentially, with files for attachments and MySQL as the backend database. Clearly the writes had to stop when the wikis were not used at all, just sitting idle, right?
5835 Well even with a full query log and quite some experience in the operation of web applications I could not figure out what Confluence is doing (productively, no doubt) but trust me, it writes a couple of hundred kbytes to the database each second just sitting idle.
5836 My infrastructure as of 2019 (https://chown.me/blog/infrastructure-2019.html)
5837 I've wanted to write about my infrastructure for a while, but I kept thinking, "I'll wait until after I've done $nextthingonmytodo." Of course this cycle never ends, so I decided to write about its state at the end of 2019. Maybe I'll write an update on it in a couple of moons; who knows?
5838 For something different than our usual Beastie Bits… we bring you…
5839 We're all quarantined so lets install BSD on things! Install BSD on something this week, write it up and let us know about it, and maybe we'll feature you!
5840 Installation of NetBSD on a Mac Mini (https://e17i.github.io/articles-netbsd-install/)
5841 OpenBSD on the HP Envy 13 (https://icyphox.sh/blog/openbsd-hp-envy/)
5842 Install NetBSD on a Vintage Computer (https://www.rs-online.com/designspark/install-netbsd-on-a-vintage-computer)
5843 BSDCan Home Lab Panel recording session: May 5th at 18:00 UTC (https://twitter.com/allanjude/status/1251895348836143104)
5844 Allan started a series of FreeBSD Office Hours (https://wiki.freebsd.org/OfficeHours)
5845 BSDNow is going Independent
5846 After being part of Jupiter Broadcasting since we started back in 2013, BSDNow is moving to become independent. We extend a very large thank you to Jupiter Broadcasting and Linux Academy for hosting us for so many years, and allowing us to bring you over 100 episodes without advertisements.
5847 What does this mean for you, the listener? Not much will change, just make sure your subscription is via the RSS feed at BSDNow.tv rather than one of the Jupiter Broadcasting feeds. We will update you with more news as things settle out.
5848 Feedback/Questions
5849 Todd - LinusTechTips Claims about ZFS (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/348/feedback/Todd%20-%20LinusTechTips'%20claims%20on%20ZFS.md)
5850 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
5851 <video controls preload="metadata" style=" width:426px; height:240px;">
5852 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0348.mp4" type="video/mp4">
5853 Your browser does not support the HTML5 video tag.
5854 </video>
5855 </description>
5856 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, furybsd, kde, xfce, GhostBSD, Ars Technica, TLS, tls mastery, tls mastery book, book sponsorship, collections, secure memory allocator, internals, memory allocator, memory allocator internals, ssd, solid state drive</itunes:keywords>
5857 <content:encoded>
5858 <![CDATA[<p>FuryBSD 2020Q2 Images Available, Technical reasons to choose FreeBSD over GNU/Linux, Ars technica reviews GhostBSD, “TLS Mastery” sponsorships open, BSD community show their various collections, a tale of OpenBSD secure memory allocator internals, learn to stop worrying and love SSDs, and more.</p>
5859
5860 <h2>Headlines</h2>
5861
5862 <h3><a href="https://www.furybsd.org/furybsd-2020-q2-images-are-available-for-xfce-and-kde/" rel="nofollow">FuryBSD 2020Q2 Images Available for XFCE and KDE</a></h3>
5863
5864 <blockquote>
5865 <p>The Q2 2020 images are not a visible leap forward but a functional leap forward. Most effort was spent creating a better out of box experience for automatic Ethernet configuration, working WiFi, webcam, and improved hypervisor support. </p>
5866 </blockquote>
5867
5868 <hr>
5869
5870 <h3><a href="https://unixsheikh.com/articles/technical-reasons-to-choose-freebsd-over-linux.html" rel="nofollow">Technical reasons to choose FreeBSD over GNU/Linux</a></h3>
5871
5872 <blockquote>
5873 <p>Since I wrote my article "Why you should migrate everything from Linux to BSD" I have been wanting to write something about the technical reasons to choose FreeBSD over GNU/Linux and while I cannot possibly cover every single reason, I can write about some of the things that I consider worth noting.</p>
5874 </blockquote>
5875
5876 <hr>
5877
5878 <h2>News Roundup</h2>
5879
5880 <h3>+ <a href="https://arstechnica.com/gadgets/2020/04/not-actually-linux-distro-review-deux-ghostbsd/" rel="nofollow">Not actually Linux distro review deux: GhostBSD</a></h3>
5881
5882 <blockquote>
5883 <p>When I began work on the FreeBSD 12.1-RELEASE review last week, it didn't take long to figure out that the desktop portion wasn't going very smoothly.</p>
5884
5885 <p>I think it's important for BSD-curious users to know of easier, gentler alternatives, so I did a little looking around and settled on GhostBSD for a follow-up review.</p>
5886
5887 <p>GhostBSD is based on TrueOS, which itself derives from FreeBSD Stable. It was originally a Canadian distro, but—like most successful distributions—it has transcended its country of origin and can now be considered worldwide. Significant GhostBSD development takes place now in Canada, Italy, Germany, and the United States.</p>
5888 </blockquote>
5889
5890 <hr>
5891
5892 <h3><a href="https://mwl.io/archives/6265" rel="nofollow">“TLS Mastery” sponsorships open</a></h3>
5893
5894 <blockquote>
5895 <p>My next book will be TLS Mastery, all about Transport Layer Encryption, Let’s Encrypt, OCSP, and so on.</p>
5896
5897 <p>This should be a shorter book, more like my DNSSEC or Tarsnap titles, or the first edition of Sudo Mastery. I would like a break from writing doorstops like the SNMP and jails books.</p>
5898 </blockquote>
5899
5900 <hr>
5901
5902 <h3>JT (our producer) shared his Open Source Retail Box Collection on twitter this past weekend and there was a nice response from a few in the BSD Community showing their collections:</h3>
5903
5904 <ul>
5905 <li><p>JT's post: <a href="https://twitter.com/q5sys/status/1251194823589138432" rel="nofollow">https://twitter.com/q5sys/status/1251194823589138432</a></p>
5906
5907 <ul>
5908 <li>High Resolution Image to see the bottom shelf better: <a href="https://photos.smugmug.com/photos/i-9QTs2RR/0/f1742096/O/i-9QTs2RR.jpg" rel="nofollow">https://photos.smugmug.com/photos/i-9QTs2RR/0/f1742096/O/i-9QTs2RR.jpg</a></li>
5909 <li>Closeup of the BSD Section: <a href="https://twitter.com/q5sys/status/1251294290782928897" rel="nofollow">https://twitter.com/q5sys/status/1251294290782928897</a></li>
5910 </ul></li>
5911 <li><p>Others jumped in with their collections:</p>
5912
5913 <ul>
5914 <li>Deb Goodkin's collection: <a href="https://twitter.com/dgoodkin/status/1251294016139743232" rel="nofollow">https://twitter.com/dgoodkin/status/1251294016139743232</a> & <a href="https://twitter.com/dgoodkin/status/1251298125672660992" rel="nofollow">https://twitter.com/dgoodkin/status/1251298125672660992</a></li>
5915 <li>FreeBSD Frau's FreeBSD Collection: <a href="https://twitter.com/freebsdfrau/status/1251290430475350018" rel="nofollow">https://twitter.com/freebsdfrau/status/1251290430475350018</a></li>
5916 <li>Jason Tubnor's OpenBSD Collection: <a href="https://twitter.com/Tubsta/status/1251265902214918144" rel="nofollow">https://twitter.com/Tubsta/status/1251265902214918144</a></li>
5917 </ul></li>
5918 </ul>
5919
5920 <p>Do you have a nice collection, take a picture and send it in!</p>
5921
5922 <hr>
5923
5924 <h3><a href="https://bsdb0y.github.io/blog/deep-dive-into-the-OpenBSD-malloc-and-friends-internals-part-1.html" rel="nofollow">Tale of OpenBSD secure memory allocator internals - malloc(3)</a></h3>
5925
5926 <blockquote>
5927 <p>Hi there,</p>
5928
5929 <p>It's been a very long time I haven't written anything after my last OpenBSD blogs, that is, </p>
5930
5931 <p>OpenBSD Kernel Internals — Creation of process from user-space to kernel space.</p>
5932
5933 <p>OpenBSD: Introduction to <code>execpromises</code> in the pledge(2)</p>
5934
5935 <p>pledge(2): OpenBSD's defensive approach to OS Security</p>
5936
5937 <p>So, again I started reading OpenBSD source codes with debugger after reducing my sleep timings and managing to get some time after professional life. This time I have picked one of my favourite item from my wishlist to learn and share, that is, OpenBSD malloc(3), secure allocator</p>
5938 </blockquote>
5939
5940 <hr>
5941
5942 <h3><a href="https://www.ixsystems.com/community/threads/how-i-learned-to-stop-worrying-and-love-ssds.82617/" rel="nofollow">How I learned to stop worrying and love SSDs</a></h3>
5943
5944 <blockquote>
5945 <p>my home FreeNAS runs two pools for data. One RAIDZ2 with four spinning disk drives and one mirror with two SSDs. Toying with InfluxDB and Grafana in the last couple of days I found that I seem to have a constant write load of 1 Megabyte (!) per second on the SSDs. What the ...?</p>
5946
5947 <p>So I run three VMs on the SSDs in total. One with Windows 10, two with Ubuntu running Confluence, A wiki essentially, with files for attachments and MySQL as the backend database. Clearly the writes had to stop when the wikis were not used at all, just sitting idle, right?</p>
5948
5949 <p>Well even with a full query log and quite some experience in the operation of web applications I could not figure out what Confluence is doing (productively, no doubt) but trust me, it writes a couple of hundred kbytes to the database each second just sitting idle.</p>
5950 </blockquote>
5951
5952 <hr>
5953
5954 <h3><a href="https://chown.me/blog/infrastructure-2019.html" rel="nofollow">My infrastructure as of 2019</a></h3>
5955
5956 <blockquote>
5957 <p>I've wanted to write about my infrastructure for a while, but I kept thinking, "I'll wait until after I've done $next_thing_on_my_todo." Of course this cycle never ends, so I decided to write about its state at the end of 2019. Maybe I'll write an update on it in a couple of moons; who knows?</p>
5958 </blockquote>
5959
5960 <hr>
5961
5962 <h2>For something different than our usual Beastie Bits… we bring you…</h2>
5963
5964 <h2>We're all quarantined so lets install BSD on things! Install BSD on something this week, write it up and let us know about it, and maybe we'll feature you!</h2>
5965
5966 <ul>
5967 <li><p><a href="https://e17i.github.io/articles-netbsd-install/" rel="nofollow">Installation of NetBSD on a Mac Mini</a></p></li>
5968 <li><p><a href="https://icyphox.sh/blog/openbsd-hp-envy/" rel="nofollow">OpenBSD on the HP Envy 13</a></p></li>
5969 <li><p><a href="https://www.rs-online.com/designspark/install-netbsd-on-a-vintage-computer" rel="nofollow">Install NetBSD on a Vintage Computer</a></p></li>
5970 <li><p><a href="https://twitter.com/allanjude/status/1251895348836143104" rel="nofollow">BSDCan Home Lab Panel recording session: May 5th at 18:00 UTC</a></p></li>
5971 <li><p><a href="https://wiki.freebsd.org/OfficeHours" rel="nofollow">Allan started a series of FreeBSD Office Hours</a></p></li>
5972 </ul>
5973
5974 <hr>
5975
5976 <h2>BSDNow is going Independent</h2>
5977
5978 <ul>
5979 <li>After being part of Jupiter Broadcasting since we started back in 2013, BSDNow is moving to become independent. We extend a very large thank you to Jupiter Broadcasting and Linux Academy for hosting us for so many years, and allowing us to bring you over 100 episodes without advertisements.
5980 What does this mean for you, the listener? Not much will change, just make sure your subscription is via the RSS feed at BSDNow.tv rather than one of the Jupiter Broadcasting feeds. We will update you with more news as things settle out.</li>
5981 </ul>
5982
5983 <h2>Feedback/Questions</h2>
5984
5985 <ul>
5986 <li>Todd - <a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/348/feedback/Todd%20-%20LinusTechTips'%20claims%20on%20ZFS.md" rel="nofollow">LinusTechTips Claims about ZFS</a></li>
5987 </ul>
5988
5989 <hr>
5990
5991 <ul>
5992 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
5993 </ul>
5994
5995 <hr>
5996
5997 <video controls preload="metadata" style=" width:426px; height:240px;">
5998 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0348.mp4" type="video/mp4">
5999 Your browser does not support the HTML5 video tag.
6000 </video>]]>
6001 </content:encoded>
6002 <itunes:summary>
6003 <![CDATA[<p>FuryBSD 2020Q2 Images Available, Technical reasons to choose FreeBSD over GNU/Linux, Ars technica reviews GhostBSD, “TLS Mastery” sponsorships open, BSD community show their various collections, a tale of OpenBSD secure memory allocator internals, learn to stop worrying and love SSDs, and more.</p>
6004
6005 <h2>Headlines</h2>
6006
6007 <h3><a href="https://www.furybsd.org/furybsd-2020-q2-images-are-available-for-xfce-and-kde/" rel="nofollow">FuryBSD 2020Q2 Images Available for XFCE and KDE</a></h3>
6008
6009 <blockquote>
6010 <p>The Q2 2020 images are not a visible leap forward but a functional leap forward. Most effort was spent creating a better out of box experience for automatic Ethernet configuration, working WiFi, webcam, and improved hypervisor support. </p>
6011 </blockquote>
6012
6013 <hr>
6014
6015 <h3><a href="https://unixsheikh.com/articles/technical-reasons-to-choose-freebsd-over-linux.html" rel="nofollow">Technical reasons to choose FreeBSD over GNU/Linux</a></h3>
6016
6017 <blockquote>
6018 <p>Since I wrote my article "Why you should migrate everything from Linux to BSD" I have been wanting to write something about the technical reasons to choose FreeBSD over GNU/Linux and while I cannot possibly cover every single reason, I can write about some of the things that I consider worth noting.</p>
6019 </blockquote>
6020
6021 <hr>
6022
6023 <h2>News Roundup</h2>
6024
6025 <h3>+ <a href="https://arstechnica.com/gadgets/2020/04/not-actually-linux-distro-review-deux-ghostbsd/" rel="nofollow">Not actually Linux distro review deux: GhostBSD</a></h3>
6026
6027 <blockquote>
6028 <p>When I began work on the FreeBSD 12.1-RELEASE review last week, it didn't take long to figure out that the desktop portion wasn't going very smoothly.</p>
6029
6030 <p>I think it's important for BSD-curious users to know of easier, gentler alternatives, so I did a little looking around and settled on GhostBSD for a follow-up review.</p>
6031
6032 <p>GhostBSD is based on TrueOS, which itself derives from FreeBSD Stable. It was originally a Canadian distro, but—like most successful distributions—it has transcended its country of origin and can now be considered worldwide. Significant GhostBSD development takes place now in Canada, Italy, Germany, and the United States.</p>
6033 </blockquote>
6034
6035 <hr>
6036
6037 <h3><a href="https://mwl.io/archives/6265" rel="nofollow">“TLS Mastery” sponsorships open</a></h3>
6038
6039 <blockquote>
6040 <p>My next book will be TLS Mastery, all about Transport Layer Encryption, Let’s Encrypt, OCSP, and so on.</p>
6041
6042 <p>This should be a shorter book, more like my DNSSEC or Tarsnap titles, or the first edition of Sudo Mastery. I would like a break from writing doorstops like the SNMP and jails books.</p>
6043 </blockquote>
6044
6045 <hr>
6046
6047 <h3>JT (our producer) shared his Open Source Retail Box Collection on twitter this past weekend and there was a nice response from a few in the BSD Community showing their collections:</h3>
6048
6049 <ul>
6050 <li><p>JT's post: <a href="https://twitter.com/q5sys/status/1251194823589138432" rel="nofollow">https://twitter.com/q5sys/status/1251194823589138432</a></p>
6051
6052 <ul>
6053 <li>High Resolution Image to see the bottom shelf better: <a href="https://photos.smugmug.com/photos/i-9QTs2RR/0/f1742096/O/i-9QTs2RR.jpg" rel="nofollow">https://photos.smugmug.com/photos/i-9QTs2RR/0/f1742096/O/i-9QTs2RR.jpg</a></li>
6054 <li>Closeup of the BSD Section: <a href="https://twitter.com/q5sys/status/1251294290782928897" rel="nofollow">https://twitter.com/q5sys/status/1251294290782928897</a></li>
6055 </ul></li>
6056 <li><p>Others jumped in with their collections:</p>
6057
6058 <ul>
6059 <li>Deb Goodkin's collection: <a href="https://twitter.com/dgoodkin/status/1251294016139743232" rel="nofollow">https://twitter.com/dgoodkin/status/1251294016139743232</a> & <a href="https://twitter.com/dgoodkin/status/1251298125672660992" rel="nofollow">https://twitter.com/dgoodkin/status/1251298125672660992</a></li>
6060 <li>FreeBSD Frau's FreeBSD Collection: <a href="https://twitter.com/freebsdfrau/status/1251290430475350018" rel="nofollow">https://twitter.com/freebsdfrau/status/1251290430475350018</a></li>
6061 <li>Jason Tubnor's OpenBSD Collection: <a href="https://twitter.com/Tubsta/status/1251265902214918144" rel="nofollow">https://twitter.com/Tubsta/status/1251265902214918144</a></li>
6062 </ul></li>
6063 </ul>
6064
6065 <p>Do you have a nice collection, take a picture and send it in!</p>
6066
6067 <hr>
6068
6069 <h3><a href="https://bsdb0y.github.io/blog/deep-dive-into-the-OpenBSD-malloc-and-friends-internals-part-1.html" rel="nofollow">Tale of OpenBSD secure memory allocator internals - malloc(3)</a></h3>
6070
6071 <blockquote>
6072 <p>Hi there,</p>
6073
6074 <p>It's been a very long time I haven't written anything after my last OpenBSD blogs, that is, </p>
6075
6076 <p>OpenBSD Kernel Internals — Creation of process from user-space to kernel space.</p>
6077
6078 <p>OpenBSD: Introduction to <code>execpromises</code> in the pledge(2)</p>
6079
6080 <p>pledge(2): OpenBSD's defensive approach to OS Security</p>
6081
6082 <p>So, again I started reading OpenBSD source codes with debugger after reducing my sleep timings and managing to get some time after professional life. This time I have picked one of my favourite item from my wishlist to learn and share, that is, OpenBSD malloc(3), secure allocator</p>
6083 </blockquote>
6084
6085 <hr>
6086
6087 <h3><a href="https://www.ixsystems.com/community/threads/how-i-learned-to-stop-worrying-and-love-ssds.82617/" rel="nofollow">How I learned to stop worrying and love SSDs</a></h3>
6088
6089 <blockquote>
6090 <p>my home FreeNAS runs two pools for data. One RAIDZ2 with four spinning disk drives and one mirror with two SSDs. Toying with InfluxDB and Grafana in the last couple of days I found that I seem to have a constant write load of 1 Megabyte (!) per second on the SSDs. What the ...?</p>
6091
6092 <p>So I run three VMs on the SSDs in total. One with Windows 10, two with Ubuntu running Confluence, A wiki essentially, with files for attachments and MySQL as the backend database. Clearly the writes had to stop when the wikis were not used at all, just sitting idle, right?</p>
6093
6094 <p>Well even with a full query log and quite some experience in the operation of web applications I could not figure out what Confluence is doing (productively, no doubt) but trust me, it writes a couple of hundred kbytes to the database each second just sitting idle.</p>
6095 </blockquote>
6096
6097 <hr>
6098
6099 <h3><a href="https://chown.me/blog/infrastructure-2019.html" rel="nofollow">My infrastructure as of 2019</a></h3>
6100
6101 <blockquote>
6102 <p>I've wanted to write about my infrastructure for a while, but I kept thinking, "I'll wait until after I've done $next_thing_on_my_todo." Of course this cycle never ends, so I decided to write about its state at the end of 2019. Maybe I'll write an update on it in a couple of moons; who knows?</p>
6103 </blockquote>
6104
6105 <hr>
6106
6107 <h2>For something different than our usual Beastie Bits… we bring you…</h2>
6108
6109 <h2>We're all quarantined so lets install BSD on things! Install BSD on something this week, write it up and let us know about it, and maybe we'll feature you!</h2>
6110
6111 <ul>
6112 <li><p><a href="https://e17i.github.io/articles-netbsd-install/" rel="nofollow">Installation of NetBSD on a Mac Mini</a></p></li>
6113 <li><p><a href="https://icyphox.sh/blog/openbsd-hp-envy/" rel="nofollow">OpenBSD on the HP Envy 13</a></p></li>
6114 <li><p><a href="https://www.rs-online.com/designspark/install-netbsd-on-a-vintage-computer" rel="nofollow">Install NetBSD on a Vintage Computer</a></p></li>
6115 <li><p><a href="https://twitter.com/allanjude/status/1251895348836143104" rel="nofollow">BSDCan Home Lab Panel recording session: May 5th at 18:00 UTC</a></p></li>
6116 <li><p><a href="https://wiki.freebsd.org/OfficeHours" rel="nofollow">Allan started a series of FreeBSD Office Hours</a></p></li>
6117 </ul>
6118
6119 <hr>
6120
6121 <h2>BSDNow is going Independent</h2>
6122
6123 <ul>
6124 <li>After being part of Jupiter Broadcasting since we started back in 2013, BSDNow is moving to become independent. We extend a very large thank you to Jupiter Broadcasting and Linux Academy for hosting us for so many years, and allowing us to bring you over 100 episodes without advertisements.
6125 What does this mean for you, the listener? Not much will change, just make sure your subscription is via the RSS feed at BSDNow.tv rather than one of the Jupiter Broadcasting feeds. We will update you with more news as things settle out.</li>
6126 </ul>
6127
6128 <h2>Feedback/Questions</h2>
6129
6130 <ul>
6131 <li>Todd - <a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/348/feedback/Todd%20-%20LinusTechTips'%20claims%20on%20ZFS.md" rel="nofollow">LinusTechTips Claims about ZFS</a></li>
6132 </ul>
6133
6134 <hr>
6135
6136 <ul>
6137 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
6138 </ul>
6139
6140 <hr>
6141
6142 <video controls preload="metadata" style=" width:426px; height:240px;">
6143 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0348.mp4" type="video/mp4">
6144 Your browser does not support the HTML5 video tag.
6145 </video>]]>
6146 </itunes:summary>
6147 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+jG9EN0xK</fireside:playerURL>
6148 <fireside:playerEmbedCode>
6149 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+jG9EN0xK" width="740" height="200" frameborder="0" scrolling="no">]]>
6150 </fireside:playerEmbedCode>
6151 </item>
6152 <item>
6153 <title>347: New Directions</title>
6154 <link>https://www.bsdnow.tv/347</link>
6155 <guid isPermaLink="false">25cb0a70-b178-4702-8e8f-a8e7427a9ae2</guid>
6156 <pubDate>Thu, 23 Apr 2020 05:00:00 -0700</pubDate>
6157 <author>Allan Jude</author>
6158 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/25cb0a70-b178-4702-8e8f-a8e7427a9ae2.mp3" length="43806325" type="audio/mp3"/>
6159 <itunes:episodeType>full</itunes:episodeType>
6160 <itunes:author>Allan Jude</itunes:author>
6161 <itunes:subtitle>Rethinking OpenBSD security, FreeBSD 2020 Q1 status report, the notion of progress and user interfaces, Comments about Thomas E. Dickey on NetBSD curses, making Unix a little more Plan9-like, Not-actually Linux distro review: FreeBSD, and more.</itunes:subtitle>
6162 <itunes:duration>1:00:50</itunes:duration>
6163 <itunes:explicit>no</itunes:explicit>
6164 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
6165 <description>Rethinking OpenBSD security, FreeBSD 2020 Q1 status report, the notion of progress and user interfaces, Comments about Thomas E. Dickey on NetBSD curses, making Unix a little more Plan9-like, Not-actually Linux distro review: FreeBSD, and more.
6166 Headlines
6167 Rethinking OpenBSD Security (https://flak.tedunangst.com/post/rethinking-openbsd-security)
6168 OpenBSD aims to be a secure operating system. In the past few months there were quite a few security errata, however. That’s not too unusual, but some of the recent ones were a bit special. One might even say bad. The OpenBSD approach to security has a few aspects, two of which might be avoiding errors and minimizing the risk of mistakes. Other people have other ideas about how to build secure systems. I think it’s worth examining whether the OpenBSD approach works, or if this is evidence that it’s doomed to failure.
6169 I picked a few errata, not all of them, that were interesting and happened to suit my narrative.
6170 FreeBSD 2020 Q1 Quarterly report (https://www.freebsd.org/news/status/report-2020-01-2020-03.html)
6171 Welcome, to the quarterly reports, of the future! Well, at least the first quarterly report from 2020. The new timeline, mentioned in the last few reports, still holds, which brings us to this report, which covers the period of January 2020 - March 2020.
6172 News Roundup
6173 The Notion of Progress and User Interfaces (https://herebeseaswines.net/essays/2020-04-13-the-notion-of-progress-and-user-interfaces)
6174 One trait of modern Western culture is the notion of progress. A view claiming, at large, everything is getting better and better.
6175 How should we think about progress? Both in general and regarding technology?
6176 Thomas E. Dickey on NetBSD curses (https://implementality.blogspot.com/2020/04/thomas-e-dickey-on-netbsd-curses.html)
6177 I was recently pointed at a web page on Thomas E. Dickeys site talking about NetBSD curses. It seems initially that the page was intended to be a pointer to some differences between ncurses and NetBSD curses and does appear to start off in this vein but it seems that the author has lost the plot as the document evolved and the tail end of it seems to be devolving into some sort of slanging match. I don't want to go through Mr. Dickey's document point by point, that would be tedious but I would like to pick out some of the things that I believe to be the most egregious. Please note that even though I am a NetBSD developer, the opinions below are my own and not the NetBSD projects.
6178 Making Unix a little more Plan9-like (https://woozle.org/papers/plan9.html)
6179 I’m not really interested in defending anything. I tried out plan9port and liked it, but I have to live in Unix land. Here’s how I set that up.
6180 A Warning
6181 The suckless community, and some of the plan9 communities, are dominated by jackasses. I hope that’s strong enough wording to impress the severity. Don’t go into IRC for help. Stay off the suckless email list. The software is great, the people who write it are well-spoken and well-reasoned, but for some reason the fandom is horrible to everyone.
6182 Not-actually Linux distro review: FreeBSD 12.1-RELEASE (https://arstechnica.com/gadgets/2020/04/not-actually-linux-distro-review-freebsd-12-1-release/)
6183 This month's Linux distro review isn't of a Linux distribution at all—instead, we're taking a look at FreeBSD, the original gangster of free Unix-like operating systems.
6184 The first FreeBSD release was in 1993, but the operating system's roots go further back—considerably further back. FreeBSD started out in 1992 as a patch-release of Bill and Lynne Jolitz's 386BSD—but 386BSD itself came from the original Berkeley Software Distribution (BSD). BSD itself goes back to 1977—for reference, Linus Torvalds was only seven years old then.
6185 Before we get started, I'd like to acknowledge something up front—our distro reviews include the desktop experience, and that is very much not FreeBSD's strength. FreeBSD is far, far better suited to running as a headless server than as a desktop! We're going to get a full desktop running on it anyway, because according to Lee Hutchinson, I hate myself—and also because we can't imagine readers wouldn't care about it.
6186 FreeBSD does not provide a good desktop experience, to say the least. But if you're hankering for a BSD-based desktop, don't worry—we're already planning a followup review of GhostBSD, a desktop-focused BSD distribution.
6187 Beastie Bits
6188 Wifi renewal restarted (https://blog.netbsd.org/tnf/entry/wifi_renewal_restarted)
6189 HAMMER2 and a quick start for DragonFly (https://www.dragonflydigest.com/2020/04/21/24421.html)
6190 Engineering NetBSD 9.0 (http://netbsd.org/~kamil/AsiaBSDCon/Kamil_Rytarowski_Engineering_NetBSD_9.0.pdf)
6191 Antivirus Protection using OPNsense Plugins (https://www.youtube.com/watch?v=94vz_-5lAkE)
6192 BSDCan Home Lab Panel recording session: May 5th at 18:00 UTC (https://twitter.com/allanjude/status/1251895348836143104)
6193 BSDNow is going Independent
6194 After being part of Jupiter Broadcasting since we started back in 2013, BSDNow is moving to become independent. We extend a very large thank you to Jupiter Broadcasting and Linux Academy for hosting us for so many years, and allowing us to bring you over 100 episodes without advertisements. LinuxAcademy is now under new leadership, and we understand that cutbacks needed to be made, and that BSD is not their core product. That does not mean your favourite BSD podcast is going away, we will continue and we expect things will not look much different.
6195 What does this mean for you, the listener? Not much will change, just make sure your subscription is via the RSS feed at BSDNow.tv rather than one of the Jupiter Broadcasting feeds. We will update you with more news as things settle out.
6196 Feedback/Questions
6197 Jordyn - ZFS Pool Problem (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/347/feedback/Jordyn%20zfs%20pool%20problem.md)
6198 debug - https://github.com/BSDNow/bsdnow.tv/raw/master/episodes/347/feedback/dbg.txt
6199 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
6200 <video controls preload="metadata" style=" width:426px; height:240px;">
6201 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0347.mp4" type="video/mp4">
6202 Your browser does not support the HTML5 video tag.
6203 </video>
6204 </description>
6205 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, security, status report, status, Q1, Q1 2020, progress, UI, user interface, Thomas Dickey, Thomas E. Dickey, curses, plan 9, distro, review, distro review, ars technica</itunes:keywords>
6206 <content:encoded>
6207 <![CDATA[<p>Rethinking OpenBSD security, FreeBSD 2020 Q1 status report, the notion of progress and user interfaces, Comments about Thomas E. Dickey on NetBSD curses, making Unix a little more Plan9-like, Not-actually Linux distro review: FreeBSD, and more.</p>
6208
6209 <h2>Headlines</h2>
6210
6211 <h3><a href="https://flak.tedunangst.com/post/rethinking-openbsd-security" rel="nofollow">Rethinking OpenBSD Security</a></h3>
6212
6213 <blockquote>
6214 <p>OpenBSD aims to be a secure operating system. In the past few months there were quite a few security errata, however. That’s not too unusual, but some of the recent ones were a bit special. One might even say bad. The OpenBSD approach to security has a few aspects, two of which might be avoiding errors and minimizing the risk of mistakes. Other people have other ideas about how to build secure systems. I think it’s worth examining whether the OpenBSD approach works, or if this is evidence that it’s doomed to failure.<br>
6215 I picked a few errata, not all of them, that were interesting and happened to suit my narrative.</p>
6216 </blockquote>
6217
6218 <hr>
6219
6220 <h3><a href="https://www.freebsd.org/news/status/report-2020-01-2020-03.html" rel="nofollow">FreeBSD 2020 Q1 Quarterly report</a></h3>
6221
6222 <blockquote>
6223 <p>Welcome, to the quarterly reports, of the future! Well, at least the first quarterly report from 2020. The new timeline, mentioned in the last few reports, still holds, which brings us to this report, which covers the period of January 2020 - March 2020.</p>
6224 </blockquote>
6225
6226 <hr>
6227
6228 <h2>News Roundup</h2>
6229
6230 <h3><a href="https://herebeseaswines.net/essays/2020-04-13-the-notion-of-progress-and-user-interfaces" rel="nofollow">The Notion of Progress and User Interfaces</a></h3>
6231
6232 <blockquote>
6233 <p>One trait of modern Western culture is the notion of progress. A view claiming, at large, everything is getting better and better.</p>
6234
6235 <p>How should we think about progress? Both in general and regarding technology?</p>
6236 </blockquote>
6237
6238 <hr>
6239
6240 <h3><a href="https://implementality.blogspot.com/2020/04/thomas-e-dickey-on-netbsd-curses.html" rel="nofollow">Thomas E. Dickey on NetBSD curses</a></h3>
6241
6242 <blockquote>
6243 <p>I was recently pointed at a web page on Thomas E. Dickeys site talking about NetBSD curses. It seems initially that the page was intended to be a pointer to some differences between ncurses and NetBSD curses and does appear to start off in this vein but it seems that the author has lost the plot as the document evolved and the tail end of it seems to be devolving into some sort of slanging match. I don't want to go through Mr. Dickey's document point by point, that would be tedious but I would like to pick out some of the things that I believe to be the most egregious. Please note that even though I am a NetBSD developer, the opinions below are my own and not the NetBSD projects.</p>
6244 </blockquote>
6245
6246 <hr>
6247
6248 <h3><a href="https://woozle.org/papers/plan9.html" rel="nofollow">Making Unix a little more Plan9-like</a></h3>
6249
6250 <blockquote>
6251 <p>I’m not really interested in defending anything. I tried out plan9port and liked it, but I have to live in Unix land. Here’s how I set that up.</p>
6252
6253 <p>A Warning</p>
6254
6255 <p>The suckless community, and some of the plan9 communities, are dominated by jackasses. I hope that’s strong enough wording to impress the severity. Don’t go into IRC for help. Stay off the suckless email list. The software is great, the people who write it are well-spoken and well-reasoned, but for some reason the fandom is horrible to everyone.</p>
6256 </blockquote>
6257
6258 <hr>
6259
6260 <h3><a href="https://arstechnica.com/gadgets/2020/04/not-actually-linux-distro-review-freebsd-12-1-release/" rel="nofollow">Not-actually Linux distro review: FreeBSD 12.1-RELEASE</a></h3>
6261
6262 <blockquote>
6263 <p>This month's Linux distro review isn't of a Linux distribution at all—instead, we're taking a look at FreeBSD, the original gangster of free Unix-like operating systems.</p>
6264
6265 <p>The first FreeBSD release was in 1993, but the operating system's roots go further back—considerably further back. FreeBSD started out in 1992 as a patch-release of Bill and Lynne Jolitz's 386BSD—but 386BSD itself came from the original Berkeley Software Distribution (BSD). BSD itself goes back to 1977—for reference, Linus Torvalds was only seven years old then.</p>
6266
6267 <p>Before we get started, I'd like to acknowledge something up front—our distro reviews include the desktop experience, and that is very much not FreeBSD's strength. FreeBSD is far, far better suited to running as a headless server than as a desktop! We're going to get a full desktop running on it anyway, because according to Lee Hutchinson, I hate myself—and also because we can't imagine readers wouldn't care about it.</p>
6268
6269 <p>FreeBSD does not provide a good desktop experience, to say the least. But if you're hankering for a BSD-based desktop, don't worry—we're already planning a followup review of GhostBSD, a desktop-focused BSD distribution.</p>
6270 </blockquote>
6271
6272 <hr>
6273
6274 <h2>Beastie Bits</h2>
6275
6276 <ul>
6277 <li><a href="https://blog.netbsd.org/tnf/entry/wifi_renewal_restarted" rel="nofollow">Wifi renewal restarted</a></li>
6278 <li><a href="https://www.dragonflydigest.com/2020/04/21/24421.html" rel="nofollow">HAMMER2 and a quick start for DragonFly</a></li>
6279 <li><a href="http://netbsd.org/%7Ekamil/AsiaBSDCon/Kamil_Rytarowski_Engineering_NetBSD_9.0.pdf" rel="nofollow">Engineering NetBSD 9.0</a></li>
6280 <li><a href="https://www.youtube.com/watch?v=94vz_-5lAkE" rel="nofollow">Antivirus Protection using OPNsense Plugins</a></li>
6281 <li><a href="https://twitter.com/allanjude/status/1251895348836143104" rel="nofollow">BSDCan Home Lab Panel recording session: May 5th at 18:00 UTC</a></li>
6282 </ul>
6283
6284 <hr>
6285
6286 <h2>BSDNow is going Independent</h2>
6287
6288 <ul>
6289 <li>After being part of Jupiter Broadcasting since we started back in 2013, BSDNow is moving to become independent. We extend a very large thank you to Jupiter Broadcasting and Linux Academy for hosting us for so many years, and allowing us to bring you over 100 episodes without advertisements. LinuxAcademy is now under new leadership, and we understand that cutbacks needed to be made, and that BSD is not their core product. That does not mean your favourite BSD podcast is going away, we will continue and we expect things will not look much different.
6290 What does this mean for you, the listener? Not much will change, just make sure your subscription is via the RSS feed at BSDNow.tv rather than one of the Jupiter Broadcasting feeds. We will update you with more news as things settle out.</li>
6291 </ul>
6292
6293 <hr>
6294
6295 <h2>Feedback/Questions</h2>
6296
6297 <ul>
6298 <li><p>Jordyn - <a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/347/feedback/Jordyn%20zfs%20pool%20problem.md" rel="nofollow">ZFS Pool Problem</a></p>
6299
6300 <ul>
6301 <li>debug - <a href="https://github.com/BSDNow/bsdnow.tv/raw/master/episodes/347/feedback/dbg.txt" rel="nofollow">https://github.com/BSDNow/bsdnow.tv/raw/master/episodes/347/feedback/dbg.txt</a></li>
6302 </ul></li>
6303 <li><p>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></p></li>
6304 </ul>
6305
6306 <hr>
6307
6308 <video controls preload="metadata" style=" width:426px; height:240px;">
6309 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0347.mp4" type="video/mp4">
6310 Your browser does not support the HTML5 video tag.
6311 </video>]]>
6312 </content:encoded>
6313 <itunes:summary>
6314 <![CDATA[<p>Rethinking OpenBSD security, FreeBSD 2020 Q1 status report, the notion of progress and user interfaces, Comments about Thomas E. Dickey on NetBSD curses, making Unix a little more Plan9-like, Not-actually Linux distro review: FreeBSD, and more.</p>
6315
6316 <h2>Headlines</h2>
6317
6318 <h3><a href="https://flak.tedunangst.com/post/rethinking-openbsd-security" rel="nofollow">Rethinking OpenBSD Security</a></h3>
6319
6320 <blockquote>
6321 <p>OpenBSD aims to be a secure operating system. In the past few months there were quite a few security errata, however. That’s not too unusual, but some of the recent ones were a bit special. One might even say bad. The OpenBSD approach to security has a few aspects, two of which might be avoiding errors and minimizing the risk of mistakes. Other people have other ideas about how to build secure systems. I think it’s worth examining whether the OpenBSD approach works, or if this is evidence that it’s doomed to failure.<br>
6322 I picked a few errata, not all of them, that were interesting and happened to suit my narrative.</p>
6323 </blockquote>
6324
6325 <hr>
6326
6327 <h3><a href="https://www.freebsd.org/news/status/report-2020-01-2020-03.html" rel="nofollow">FreeBSD 2020 Q1 Quarterly report</a></h3>
6328
6329 <blockquote>
6330 <p>Welcome, to the quarterly reports, of the future! Well, at least the first quarterly report from 2020. The new timeline, mentioned in the last few reports, still holds, which brings us to this report, which covers the period of January 2020 - March 2020.</p>
6331 </blockquote>
6332
6333 <hr>
6334
6335 <h2>News Roundup</h2>
6336
6337 <h3><a href="https://herebeseaswines.net/essays/2020-04-13-the-notion-of-progress-and-user-interfaces" rel="nofollow">The Notion of Progress and User Interfaces</a></h3>
6338
6339 <blockquote>
6340 <p>One trait of modern Western culture is the notion of progress. A view claiming, at large, everything is getting better and better.</p>
6341
6342 <p>How should we think about progress? Both in general and regarding technology?</p>
6343 </blockquote>
6344
6345 <hr>
6346
6347 <h3><a href="https://implementality.blogspot.com/2020/04/thomas-e-dickey-on-netbsd-curses.html" rel="nofollow">Thomas E. Dickey on NetBSD curses</a></h3>
6348
6349 <blockquote>
6350 <p>I was recently pointed at a web page on Thomas E. Dickeys site talking about NetBSD curses. It seems initially that the page was intended to be a pointer to some differences between ncurses and NetBSD curses and does appear to start off in this vein but it seems that the author has lost the plot as the document evolved and the tail end of it seems to be devolving into some sort of slanging match. I don't want to go through Mr. Dickey's document point by point, that would be tedious but I would like to pick out some of the things that I believe to be the most egregious. Please note that even though I am a NetBSD developer, the opinions below are my own and not the NetBSD projects.</p>
6351 </blockquote>
6352
6353 <hr>
6354
6355 <h3><a href="https://woozle.org/papers/plan9.html" rel="nofollow">Making Unix a little more Plan9-like</a></h3>
6356
6357 <blockquote>
6358 <p>I’m not really interested in defending anything. I tried out plan9port and liked it, but I have to live in Unix land. Here’s how I set that up.</p>
6359
6360 <p>A Warning</p>
6361
6362 <p>The suckless community, and some of the plan9 communities, are dominated by jackasses. I hope that’s strong enough wording to impress the severity. Don’t go into IRC for help. Stay off the suckless email list. The software is great, the people who write it are well-spoken and well-reasoned, but for some reason the fandom is horrible to everyone.</p>
6363 </blockquote>
6364
6365 <hr>
6366
6367 <h3><a href="https://arstechnica.com/gadgets/2020/04/not-actually-linux-distro-review-freebsd-12-1-release/" rel="nofollow">Not-actually Linux distro review: FreeBSD 12.1-RELEASE</a></h3>
6368
6369 <blockquote>
6370 <p>This month's Linux distro review isn't of a Linux distribution at all—instead, we're taking a look at FreeBSD, the original gangster of free Unix-like operating systems.</p>
6371
6372 <p>The first FreeBSD release was in 1993, but the operating system's roots go further back—considerably further back. FreeBSD started out in 1992 as a patch-release of Bill and Lynne Jolitz's 386BSD—but 386BSD itself came from the original Berkeley Software Distribution (BSD). BSD itself goes back to 1977—for reference, Linus Torvalds was only seven years old then.</p>
6373
6374 <p>Before we get started, I'd like to acknowledge something up front—our distro reviews include the desktop experience, and that is very much not FreeBSD's strength. FreeBSD is far, far better suited to running as a headless server than as a desktop! We're going to get a full desktop running on it anyway, because according to Lee Hutchinson, I hate myself—and also because we can't imagine readers wouldn't care about it.</p>
6375
6376 <p>FreeBSD does not provide a good desktop experience, to say the least. But if you're hankering for a BSD-based desktop, don't worry—we're already planning a followup review of GhostBSD, a desktop-focused BSD distribution.</p>
6377 </blockquote>
6378
6379 <hr>
6380
6381 <h2>Beastie Bits</h2>
6382
6383 <ul>
6384 <li><a href="https://blog.netbsd.org/tnf/entry/wifi_renewal_restarted" rel="nofollow">Wifi renewal restarted</a></li>
6385 <li><a href="https://www.dragonflydigest.com/2020/04/21/24421.html" rel="nofollow">HAMMER2 and a quick start for DragonFly</a></li>
6386 <li><a href="http://netbsd.org/%7Ekamil/AsiaBSDCon/Kamil_Rytarowski_Engineering_NetBSD_9.0.pdf" rel="nofollow">Engineering NetBSD 9.0</a></li>
6387 <li><a href="https://www.youtube.com/watch?v=94vz_-5lAkE" rel="nofollow">Antivirus Protection using OPNsense Plugins</a></li>
6388 <li><a href="https://twitter.com/allanjude/status/1251895348836143104" rel="nofollow">BSDCan Home Lab Panel recording session: May 5th at 18:00 UTC</a></li>
6389 </ul>
6390
6391 <hr>
6392
6393 <h2>BSDNow is going Independent</h2>
6394
6395 <ul>
6396 <li>After being part of Jupiter Broadcasting since we started back in 2013, BSDNow is moving to become independent. We extend a very large thank you to Jupiter Broadcasting and Linux Academy for hosting us for so many years, and allowing us to bring you over 100 episodes without advertisements. LinuxAcademy is now under new leadership, and we understand that cutbacks needed to be made, and that BSD is not their core product. That does not mean your favourite BSD podcast is going away, we will continue and we expect things will not look much different.
6397 What does this mean for you, the listener? Not much will change, just make sure your subscription is via the RSS feed at BSDNow.tv rather than one of the Jupiter Broadcasting feeds. We will update you with more news as things settle out.</li>
6398 </ul>
6399
6400 <hr>
6401
6402 <h2>Feedback/Questions</h2>
6403
6404 <ul>
6405 <li><p>Jordyn - <a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/347/feedback/Jordyn%20zfs%20pool%20problem.md" rel="nofollow">ZFS Pool Problem</a></p>
6406
6407 <ul>
6408 <li>debug - <a href="https://github.com/BSDNow/bsdnow.tv/raw/master/episodes/347/feedback/dbg.txt" rel="nofollow">https://github.com/BSDNow/bsdnow.tv/raw/master/episodes/347/feedback/dbg.txt</a></li>
6409 </ul></li>
6410 <li><p>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></p></li>
6411 </ul>
6412
6413 <hr>
6414
6415 <video controls preload="metadata" style=" width:426px; height:240px;">
6416 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0347.mp4" type="video/mp4">
6417 Your browser does not support the HTML5 video tag.
6418 </video>]]>
6419 </itunes:summary>
6420 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+hb1lnM1p</fireside:playerURL>
6421 <fireside:playerEmbedCode>
6422 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+hb1lnM1p" width="740" height="200" frameborder="0" scrolling="no">]]>
6423 </fireside:playerEmbedCode>
6424 </item>
6425 <item>
6426 <title>346: Core File Tales</title>
6427 <link>https://www.bsdnow.tv/346</link>
6428 <guid isPermaLink="false">8f8d0474-abb5-4b90-955c-8d8cfd6dc489</guid>
6429 <pubDate>Thu, 16 Apr 2020 05:00:00 -0700</pubDate>
6430 <author>Allan Jude</author>
6431 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/8f8d0474-abb5-4b90-955c-8d8cfd6dc489.mp3" length="40304872" type="audio/mp3"/>
6432 <itunes:episodeType>full</itunes:episodeType>
6433 <itunes:author>Allan Jude</itunes:author>
6434 <itunes:subtitle>Tales from a core file, Lenovo X260 BIOS Update with OpenBSD, the problem of Unix iowait and multi-CPU machines, Hugo workflow using FreeBSD Jails, Caddy, Restic; extending NetBSD-7 branch support, a tale of two hypervisor bugs, and more.</itunes:subtitle>
6435 <itunes:duration>55:58</itunes:duration>
6436 <itunes:explicit>no</itunes:explicit>
6437 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
6438 <description>Tales from a core file, Lenovo X260 BIOS Update with OpenBSD, the problem of Unix iowait and multi-CPU machines, Hugo workflow using FreeBSD Jails, Caddy, Restic; extending NetBSD-7 branch support, a tale of two hypervisor bugs, and more.
6439 Headlines
6440 Tales From a Core File - Lessons from the Unix stdio ABI: 40 Years Later (https://fingolfin.org/blog/20200327/stdio-abi.html)
6441 On the side, I’ve been wrapping up some improvements to the classic Unix stdio libraries in illumos. stdio contains the classic functions like fopen(), printf(), and the security nightmare gets(). While working on support for fmemopen() and friends I got to reacquaint myself with some of the joys of the stdio ABI and its history from 7th Edition Unix. With that in mind, let’s dive into this, history, and some mistakes not to repeat. While this is written from the perspective of the C programming language, aspects of it apply to many other languages.
6442 Update Lenovo X260 BIOS with OpenBSD (https://www.tumfatig.net/20200331/update-lenovo-x260-bios-with-openbsd/)
6443 My X260 only runs OpenBSD and has no CD driver. But I still need to upgrade its BIOS from time to time. And this is possible using the ISO BIOS image.
6444 First off all, you need to download the “BIOS Update (Bootable CD)” from the Lenovo Support Website.
6445 News Roundup
6446 The problem of Unix iowait and multi-CPU machines (https://utcc.utoronto.ca/~cks/space/blog/unix/IowaitAndMultipleCPUs)
6447 Various Unixes have had a 'iowait' statistic for a long time now (although I can't find a source for where it originated; it's not in 4.x BSD, so it may have come through System V and sar). The traditional and standard definition of iowait is that it's the amount of time the system was idle but had at least one process waiting on disk IO. Rather than count this time as 'idle' (as you would if you had a three-way division of CPU time between user, system, and idle), some Unixes evolved to count this as a new category, 'iowait'.
6448 My Latest Self Hosted Hugo Workflow using FreeBSD Jails, Caddy, Restic and More (https://www.jaredwolff.com/my-latest-self-hosted-hugo-workflow/)
6449 After hosting with Netlify for a few years, I decided to head back to self hosting. Theres a few reasons for that but the main reasoning was that I had more control over how things worked.
6450 In this post, i’ll show you my workflow for deploying my Hugo generated site (www.jaredwolff.com). Instead of using what most people would go for, i’ll be doing all of this using a FreeBSD Jails based server. Plus i’ll show you some tricks i’ve learned over the years on bulk image resizing and more.
6451 Let’s get to it.
6452 Extending support for the NetBSD-7 branch (http://blog.netbsd.org/tnf/entry/extending_support_for_the_netbsd)
6453 Typically, some time after releasing a new NetBSD major version (such as NetBSD 9.0), we will announce the end-of-life of the N-2 branch, in this case NetBSD-7.
6454 We've decided to hold off on doing that to ensure our users don't feel rushed to perform a major version update on any remote machines, possibly needing to reach the machine if anything goes wrong.
6455 Security fixes will still be made to the NetBSD-7 branch.
6456 We hope you're all safe. Stay home.
6457 Tale of two hypervisor bugs - Escaping from FreeBSD bhyve (http://phrack.org/papers/escaping_from_freebsd_bhyve.html)
6458 VM escape has become a popular topic of discussion over the last few years. A good amount of research on this topic has been published for various hypervisors like VMware, QEMU, VirtualBox, Xen and Hyper-V. Bhyve is a hypervisor for FreeBSD supporting hardware-assisted virtualization. This paper details the exploitation of two bugs in bhyve - FreeBSD-SA-16:32.bhyve (VGA emulation heap overflow) and CVE-2018-17160 (Firmware Configuration device bss buffer overflow) and some generic techniques which could be used for exploiting other bhyve bugs. Further, the paper also discusses sandbox escapes using PCI device passthrough, and Control-Flow Integrity bypasses in HardenedBSD 12-CURRENT
6459 Beastie Bits
6460 GhostBSD 20.02 Overview (https://www.youtube.com/watch?v=kFG-772WGwg)
6461 FuryBSD 12.1 Overview (https://www.youtube.com/watch?v=5V8680uoXxw)
6462 > Joe Maloney got in touch to say that the issues in the video and other ones found have since been fixed. Now that's community feedback in action, and an example of a developer who does his best to help the community. A great guy indeed.
6463 OS108-9.0 amd64 MATE released (https://forums.os108.org/d/27-os108-9-0-amd64-mate-released)
6464 FreeBSD hacking: carp panics & test (https://www.twitch.tv/videos/584064729)
6465 Inaugural FreeBSD Office Hours (https://www.youtube.com/watch?v=6qBm5NM3zTQ)
6466 Feedback/Questions
6467 Shody - systemd question (http://dpaste.com/2SAQDJJ#wrap)
6468 Ben - GELI and GPT (http://dpaste.com/1S0DGT3#wrap)
6469 Stig - DIY NAS (http://dpaste.com/2NGNZG5#wrap)
6470 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
6471 <video controls preload="metadata" style=" width:426px; height:240px;">
6472 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0345.mp4" type="video/mp4">
6473 Your browser does not support the HTML5 video tag.
6474 </video>
6475 </description>
6476 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, core, core file, core dump, bios, bios update, lenovo, x260, thinkpad, Unix, iowait, self-hosted, hugo, jails, caddy, restic, branch, branch support, hypervisor, bugs</itunes:keywords>
6477 <content:encoded>
6478 <![CDATA[<p>Tales from a core file, Lenovo X260 BIOS Update with OpenBSD, the problem of Unix iowait and multi-CPU machines, Hugo workflow using FreeBSD Jails, Caddy, Restic; extending NetBSD-7 branch support, a tale of two hypervisor bugs, and more.</p>
6479
6480 <h2>Headlines</h2>
6481
6482 <h3><a href="https://fingolfin.org/blog/20200327/stdio-abi.html" rel="nofollow">Tales From a Core File - Lessons from the Unix stdio ABI: 40 Years Later</a></h3>
6483
6484 <blockquote>
6485 <p>On the side, I’ve been wrapping up some improvements to the classic Unix stdio libraries in illumos. stdio contains the classic functions like fopen(), printf(), and the security nightmare gets(). While working on support for fmemopen() and friends I got to reacquaint myself with some of the joys of the stdio ABI and its history from 7th Edition Unix. With that in mind, let’s dive into this, history, and some mistakes not to repeat. While this is written from the perspective of the C programming language, aspects of it apply to many other languages.</p>
6486 </blockquote>
6487
6488 <hr>
6489
6490 <h3><a href="https://www.tumfatig.net/20200331/update-lenovo-x260-bios-with-openbsd/" rel="nofollow">Update Lenovo X260 BIOS with OpenBSD</a></h3>
6491
6492 <blockquote>
6493 <p>My X260 only runs OpenBSD and has no CD driver. But I still need to upgrade its BIOS from time to time. And this is possible using the ISO BIOS image.</p>
6494
6495 <p>First off all, you need to download the “BIOS Update (Bootable CD)” from the Lenovo Support Website.</p>
6496 </blockquote>
6497
6498 <hr>
6499
6500 <h2>News Roundup</h2>
6501
6502 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/unix/IowaitAndMultipleCPUs" rel="nofollow">The problem of Unix iowait and multi-CPU machines</a></h3>
6503
6504 <blockquote>
6505 <p>Various Unixes have had a 'iowait' statistic for a long time now (although I can't find a source for where it originated; it's not in 4.x BSD, so it may have come through System V and sar). The traditional and standard definition of iowait is that it's the amount of time the system was idle but had at least one process waiting on disk IO. Rather than count this time as 'idle' (as you would if you had a three-way division of CPU time between user, system, and idle), some Unixes evolved to count this as a new category, 'iowait'.</p>
6506 </blockquote>
6507
6508 <hr>
6509
6510 <h3><a href="https://www.jaredwolff.com/my-latest-self-hosted-hugo-workflow/" rel="nofollow">My Latest Self Hosted Hugo Workflow using FreeBSD Jails, Caddy, Restic and More</a></h3>
6511
6512 <blockquote>
6513 <p>After hosting with Netlify for a few years, I decided to head back to self hosting. Theres a few reasons for that but the main reasoning was that I had more control over how things worked.</p>
6514
6515 <p>In this post, i’ll show you my workflow for deploying my Hugo generated site (<a href="http://www.jaredwolff.com" rel="nofollow">www.jaredwolff.com</a>). Instead of using what most people would go for, i’ll be doing all of this using a FreeBSD Jails based server. Plus i’ll show you some tricks i’ve learned over the years on bulk image resizing and more.</p>
6516
6517 <p>Let’s get to it.</p>
6518 </blockquote>
6519
6520 <hr>
6521
6522 <h3><a href="http://blog.netbsd.org/tnf/entry/extending_support_for_the_netbsd" rel="nofollow">Extending support for the NetBSD-7 branch</a></h3>
6523
6524 <blockquote>
6525 <p>Typically, some time after releasing a new NetBSD major version (such as NetBSD 9.0), we will announce the end-of-life of the N-2 branch, in this case NetBSD-7.</p>
6526
6527 <p>We've decided to hold off on doing that to ensure our users don't feel rushed to perform a major version update on any remote machines, possibly needing to reach the machine if anything goes wrong.</p>
6528
6529 <p>Security fixes will still be made to the NetBSD-7 branch.</p>
6530
6531 <p>We hope you're all safe. Stay home.</p>
6532 </blockquote>
6533
6534 <hr>
6535
6536 <h3><a href="http://phrack.org/papers/escaping_from_freebsd_bhyve.html" rel="nofollow">Tale of two hypervisor bugs - Escaping from FreeBSD bhyve</a></h3>
6537
6538 <blockquote>
6539 <p>VM escape has become a popular topic of discussion over the last few years. A good amount of research on this topic has been published for various hypervisors like VMware, QEMU, VirtualBox, Xen and Hyper-V. Bhyve is a hypervisor for FreeBSD supporting hardware-assisted virtualization. This paper details the exploitation of two bugs in bhyve - FreeBSD-SA-16:32.bhyve (VGA emulation heap overflow) and CVE-2018-17160 (Firmware Configuration device bss buffer overflow) and some generic techniques which could be used for exploiting other bhyve bugs. Further, the paper also discusses sandbox escapes using PCI device passthrough, and Control-Flow Integrity bypasses in HardenedBSD 12-CURRENT</p>
6540 </blockquote>
6541
6542 <hr>
6543
6544 <h2>Beastie Bits</h2>
6545
6546 <ul>
6547 <li><a href="https://www.youtube.com/watch?v=kFG-772WGwg" rel="nofollow">GhostBSD 20.02 Overview</a></li>
6548 <li><a href="https://www.youtube.com/watch?v=5V8680uoXxw" rel="nofollow">FuryBSD 12.1 Overview</a>
6549 > Joe Maloney got in touch to say that the issues in the video and other ones found have since been fixed. Now that's community feedback in action, and an example of a developer who does his best to help the community. A great guy indeed.</li>
6550 <li><a href="https://forums.os108.org/d/27-os108-9-0-amd64-mate-released" rel="nofollow">OS108-9.0 amd64 MATE released</a></li>
6551 <li><a href="https://www.twitch.tv/videos/584064729" rel="nofollow">FreeBSD hacking: carp panics & test</a></li>
6552 <li><a href="https://www.youtube.com/watch?v=6qBm5NM3zTQ" rel="nofollow">Inaugural FreeBSD Office Hours</a></li>
6553 </ul>
6554
6555 <hr>
6556
6557 <h2>Feedback/Questions</h2>
6558
6559 <ul>
6560 <li>Shody - <a href="http://dpaste.com/2SAQDJJ#wrap" rel="nofollow">systemd question</a></li>
6561 <li>Ben - <a href="http://dpaste.com/1S0DGT3#wrap" rel="nofollow">GELI and GPT</a></li>
6562 <li>Stig - <a href="http://dpaste.com/2NGNZG5#wrap" rel="nofollow">DIY NAS</a></li>
6563 </ul>
6564
6565 <hr>
6566
6567 <ul>
6568 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
6569 </ul>
6570
6571 <hr>
6572
6573 <video controls preload="metadata" style=" width:426px; height:240px;">
6574 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0345.mp4" type="video/mp4">
6575 Your browser does not support the HTML5 video tag.
6576 </video>]]>
6577 </content:encoded>
6578 <itunes:summary>
6579 <![CDATA[<p>Tales from a core file, Lenovo X260 BIOS Update with OpenBSD, the problem of Unix iowait and multi-CPU machines, Hugo workflow using FreeBSD Jails, Caddy, Restic; extending NetBSD-7 branch support, a tale of two hypervisor bugs, and more.</p>
6580
6581 <h2>Headlines</h2>
6582
6583 <h3><a href="https://fingolfin.org/blog/20200327/stdio-abi.html" rel="nofollow">Tales From a Core File - Lessons from the Unix stdio ABI: 40 Years Later</a></h3>
6584
6585 <blockquote>
6586 <p>On the side, I’ve been wrapping up some improvements to the classic Unix stdio libraries in illumos. stdio contains the classic functions like fopen(), printf(), and the security nightmare gets(). While working on support for fmemopen() and friends I got to reacquaint myself with some of the joys of the stdio ABI and its history from 7th Edition Unix. With that in mind, let’s dive into this, history, and some mistakes not to repeat. While this is written from the perspective of the C programming language, aspects of it apply to many other languages.</p>
6587 </blockquote>
6588
6589 <hr>
6590
6591 <h3><a href="https://www.tumfatig.net/20200331/update-lenovo-x260-bios-with-openbsd/" rel="nofollow">Update Lenovo X260 BIOS with OpenBSD</a></h3>
6592
6593 <blockquote>
6594 <p>My X260 only runs OpenBSD and has no CD driver. But I still need to upgrade its BIOS from time to time. And this is possible using the ISO BIOS image.</p>
6595
6596 <p>First off all, you need to download the “BIOS Update (Bootable CD)” from the Lenovo Support Website.</p>
6597 </blockquote>
6598
6599 <hr>
6600
6601 <h2>News Roundup</h2>
6602
6603 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/unix/IowaitAndMultipleCPUs" rel="nofollow">The problem of Unix iowait and multi-CPU machines</a></h3>
6604
6605 <blockquote>
6606 <p>Various Unixes have had a 'iowait' statistic for a long time now (although I can't find a source for where it originated; it's not in 4.x BSD, so it may have come through System V and sar). The traditional and standard definition of iowait is that it's the amount of time the system was idle but had at least one process waiting on disk IO. Rather than count this time as 'idle' (as you would if you had a three-way division of CPU time between user, system, and idle), some Unixes evolved to count this as a new category, 'iowait'.</p>
6607 </blockquote>
6608
6609 <hr>
6610
6611 <h3><a href="https://www.jaredwolff.com/my-latest-self-hosted-hugo-workflow/" rel="nofollow">My Latest Self Hosted Hugo Workflow using FreeBSD Jails, Caddy, Restic and More</a></h3>
6612
6613 <blockquote>
6614 <p>After hosting with Netlify for a few years, I decided to head back to self hosting. Theres a few reasons for that but the main reasoning was that I had more control over how things worked.</p>
6615
6616 <p>In this post, i’ll show you my workflow for deploying my Hugo generated site (<a href="http://www.jaredwolff.com" rel="nofollow">www.jaredwolff.com</a>). Instead of using what most people would go for, i’ll be doing all of this using a FreeBSD Jails based server. Plus i’ll show you some tricks i’ve learned over the years on bulk image resizing and more.</p>
6617
6618 <p>Let’s get to it.</p>
6619 </blockquote>
6620
6621 <hr>
6622
6623 <h3><a href="http://blog.netbsd.org/tnf/entry/extending_support_for_the_netbsd" rel="nofollow">Extending support for the NetBSD-7 branch</a></h3>
6624
6625 <blockquote>
6626 <p>Typically, some time after releasing a new NetBSD major version (such as NetBSD 9.0), we will announce the end-of-life of the N-2 branch, in this case NetBSD-7.</p>
6627
6628 <p>We've decided to hold off on doing that to ensure our users don't feel rushed to perform a major version update on any remote machines, possibly needing to reach the machine if anything goes wrong.</p>
6629
6630 <p>Security fixes will still be made to the NetBSD-7 branch.</p>
6631
6632 <p>We hope you're all safe. Stay home.</p>
6633 </blockquote>
6634
6635 <hr>
6636
6637 <h3><a href="http://phrack.org/papers/escaping_from_freebsd_bhyve.html" rel="nofollow">Tale of two hypervisor bugs - Escaping from FreeBSD bhyve</a></h3>
6638
6639 <blockquote>
6640 <p>VM escape has become a popular topic of discussion over the last few years. A good amount of research on this topic has been published for various hypervisors like VMware, QEMU, VirtualBox, Xen and Hyper-V. Bhyve is a hypervisor for FreeBSD supporting hardware-assisted virtualization. This paper details the exploitation of two bugs in bhyve - FreeBSD-SA-16:32.bhyve (VGA emulation heap overflow) and CVE-2018-17160 (Firmware Configuration device bss buffer overflow) and some generic techniques which could be used for exploiting other bhyve bugs. Further, the paper also discusses sandbox escapes using PCI device passthrough, and Control-Flow Integrity bypasses in HardenedBSD 12-CURRENT</p>
6641 </blockquote>
6642
6643 <hr>
6644
6645 <h2>Beastie Bits</h2>
6646
6647 <ul>
6648 <li><a href="https://www.youtube.com/watch?v=kFG-772WGwg" rel="nofollow">GhostBSD 20.02 Overview</a></li>
6649 <li><a href="https://www.youtube.com/watch?v=5V8680uoXxw" rel="nofollow">FuryBSD 12.1 Overview</a>
6650 > Joe Maloney got in touch to say that the issues in the video and other ones found have since been fixed. Now that's community feedback in action, and an example of a developer who does his best to help the community. A great guy indeed.</li>
6651 <li><a href="https://forums.os108.org/d/27-os108-9-0-amd64-mate-released" rel="nofollow">OS108-9.0 amd64 MATE released</a></li>
6652 <li><a href="https://www.twitch.tv/videos/584064729" rel="nofollow">FreeBSD hacking: carp panics & test</a></li>
6653 <li><a href="https://www.youtube.com/watch?v=6qBm5NM3zTQ" rel="nofollow">Inaugural FreeBSD Office Hours</a></li>
6654 </ul>
6655
6656 <hr>
6657
6658 <h2>Feedback/Questions</h2>
6659
6660 <ul>
6661 <li>Shody - <a href="http://dpaste.com/2SAQDJJ#wrap" rel="nofollow">systemd question</a></li>
6662 <li>Ben - <a href="http://dpaste.com/1S0DGT3#wrap" rel="nofollow">GELI and GPT</a></li>
6663 <li>Stig - <a href="http://dpaste.com/2NGNZG5#wrap" rel="nofollow">DIY NAS</a></li>
6664 </ul>
6665
6666 <hr>
6667
6668 <ul>
6669 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
6670 </ul>
6671
6672 <hr>
6673
6674 <video controls preload="metadata" style=" width:426px; height:240px;">
6675 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0345.mp4" type="video/mp4">
6676 Your browser does not support the HTML5 video tag.
6677 </video>]]>
6678 </itunes:summary>
6679 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+dZhT2Pnp</fireside:playerURL>
6680 <fireside:playerEmbedCode>
6681 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+dZhT2Pnp" width="740" height="200" frameborder="0" scrolling="no">]]>
6682 </fireside:playerEmbedCode>
6683 </item>
6684 <item>
6685 <title>345: Switchers to BSD</title>
6686 <link>https://www.bsdnow.tv/345</link>
6687 <guid isPermaLink="false">c46952e4-8ea3-4506-b4eb-54f2870547ee</guid>
6688 <pubDate>Thu, 09 Apr 2020 05:00:00 -0700</pubDate>
6689 <author>Allan Jude</author>
6690 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/c46952e4-8ea3-4506-b4eb-54f2870547ee.mp3" length="34426694" type="audio/mp3"/>
6691 <itunes:episodeType>full</itunes:episodeType>
6692 <itunes:author>Allan Jude</itunes:author>
6693 <itunes:subtitle>NetBSD 8.2 is available, NextCloud on OpenBSD, X11 screen locking, NetBSD and RISC OS running parallel, community feedback about switching to BSD, and more.</itunes:subtitle>
6694 <itunes:duration>47:48</itunes:duration>
6695 <itunes:explicit>no</itunes:explicit>
6696 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
6697 <description>NetBSD 8.2 is available, NextCloud on OpenBSD, X11 screen locking, NetBSD and RISC OS running parallel, community feedback about switching to BSD, and more.
6698 Headlines
6699 NetBSD 8.2 is available! (http://blog.netbsd.org/tnf/entry/netbsd_8_2_is_available)
6700 The third release in the NetBSD-8 is now available.
6701 This release includes all the security fixes in NetBSD-8 up until this point, and other fixes deemed important for stability.
6702 Some highlights include:
6703 x86: fixed regression in booting old CPUs
6704 x86: Hyper-V Gen.2 VM framebuffer support
6705 httpd(8): fixed various security issues
6706 ixg(4): various fixes / improvements
6707 x86 efiboot: add tftp support, fix issues on machines with many memory segments, improve graphics mode logic to work on more machines.
6708 Various kernel memory info leaks fixes
6709 Update expat to 2.2.8
6710 Fix ryzen USB issues and support xHCI version 3.10.
6711 Accept root device specification as NAME=label.
6712 Add multiboot 2 support to x86 bootloaders.
6713 Fix for CVE-2019-9506: 'Key Negotiation of Bluetooth' attack.
6714 nouveau: limit the supported devices and fix firmware loading.
6715 radeon: fix loading of the TAHITI VCE firmware.
6716 named(8): stop using obsolete dnssec-lookaside.
6717 NextCloud on OpenBSD (https://h3artbl33d.nl/2020-nextcloud.html)
6718 NextCloud and OpenBSD are complementary to one another. NextCloud is an awesome, secure and private alternative for proprietary platforms, whereas OpenBSD forms the most secure and solid foundation to serve it on. Setting it up in the best way isn’t hard, especially using this step by step tutorial.
6719 Preface
6720 Back when this tutorial was initially written, things were different. The OpenBSD port relied on PHP 5.6 and there were no package updates. But the port improved (hats off, Gonzalo!) and package updates were introduced to the -stable branch (hats off, Solene!).
6721 A rewrite of this tutorial was long overdue. Right now, it is written for 6.6 -stable and will be updated once 6.7 is released. If you have any questions or desire some help, feel free to reach out.
6722 News Roundup
6723 X11 screen locking: a secure and modular approach (http://leahneukirchen.org/blog/archive/2020/01/x11-screen-locking-a-secure-and-modular-approach.html)
6724 For years I’ve been using XScreenSaver as a default, but I recently learned about xsecurelock and re-evaluated my screen-saving requirements
6725 NetBSD and RISC OS running parallel (http://www.update.uu.se/~micken/ronetbsd.html)
6726 I have been experimenting with running two systems at the same time on the RK3399 SoC.
6727 It all begun when I figured out how to switch to the A72 cpu for RISC OS. When the switch was done, the A53 cpu just continued to execute code.
6728 OK I thought why not give it something to do!
6729 My first step was to run some small programs.
6730 It worked!
6731 + Thanks to Tom Jones for the pointer to this article
6732 Several weeks ago we covered a story about switching from Linux to BSD. Benedict and JT asked for community feedback as to their thoughts on the matter. Allan was out that week, so this will give him an opportunity to chime in with his thoughts as well.
6733 Jamie - Dumping Linux for BSD (http://dpaste.com/0CH1YXQ#wrap)
6734 Matt - BSD Packaging (http://dpaste.com/2N68YPJ#wrap)
6735 Brad - Linux vs BS (http://dpaste.com/2SF9V38#wrap)
6736 MJ - Linux vs BSD Feedback (http://dpaste.com/0Z2ZT4V#wrap)
6737 Ben - Feedback for JT (http://dpaste.com/0B3M85X)
6738 Henrik - Why you should migrate everything to BSD (http://dpaste.com/3F36EQE#wrap)
6739 Beastie Bits
6740 ssh-copy-id now included (https://www.dragonflydigest.com/2020/04/06/24367.html)
6741 OPNsense 20.1.3 released (https://opnsense.org/opnsense-20-1-3-released/)
6742 A Collection of prebuilt BSD Cloud Images (https://bsd-cloud-image.org/)
6743 Instant terminal sharing (https://tmate.io/)
6744 Feedback/Questions
6745 Ales - Manually verify signature files for pkg package (http://dpaste.com/1EBWTK5#wrap)
6746 Shody - Yubikey (http://dpaste.com/340PM9Q#wrap)
6747 Mike - Site for hashes from old disks (http://dpaste.com/13W9SF0)
6748 Answer: https://docs.google.com/spreadsheets/d/19FmLs0jXxLkxAr0zwgdrXQd1qhbwvNHH6NvolvXKWTM/edit?usp=sharing
6749 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
6750 <video controls preload="metadata" style=" width:426px; height:240px;">
6751 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0345.mp4" type="video/mp4">
6752 Your browser does not support the HTML5 video tag.
6753 </video>
6754 </description>
6755 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, nextcloud, x11, screen locking, risc, risc os, community, feedback</itunes:keywords>
6756 <content:encoded>
6757 <![CDATA[<p>NetBSD 8.2 is available, NextCloud on OpenBSD, X11 screen locking, NetBSD and RISC OS running parallel, community feedback about switching to BSD, and more.</p>
6758
6759 <h2>Headlines</h2>
6760
6761 <h3><a href="http://blog.netbsd.org/tnf/entry/netbsd_8_2_is_available" rel="nofollow">NetBSD 8.2 is available!</a></h3>
6762
6763 <blockquote>
6764 <p>The third release in the NetBSD-8 is now available.</p>
6765
6766 <p>This release includes all the security fixes in NetBSD-8 up until this point, and other fixes deemed important for stability.</p>
6767 </blockquote>
6768
6769 <ul>
6770 <li>Some highlights include:
6771
6772 <ul>
6773 <li>x86: fixed regression in booting old CPUs</li>
6774 <li>x86: Hyper-V Gen.2 VM framebuffer support</li>
6775 <li>httpd(8): fixed various security issues</li>
6776 <li>ixg(4): various fixes / improvements</li>
6777 <li>x86 efiboot: add tftp support, fix issues on machines with many memory segments, improve graphics mode logic to work on more machines.</li>
6778 <li>Various kernel memory info leaks fixes</li>
6779 <li>Update expat to 2.2.8</li>
6780 <li>Fix ryzen USB issues and support xHCI version 3.10.</li>
6781 <li>Accept root device specification as NAME=label.</li>
6782 <li>Add multiboot 2 support to x86 bootloaders.</li>
6783 <li>Fix for CVE-2019-9506: 'Key Negotiation of Bluetooth' attack.</li>
6784 <li>nouveau: limit the supported devices and fix firmware loading.</li>
6785 <li>radeon: fix loading of the TAHITI VCE firmware.</li>
6786 <li>named(8): stop using obsolete dnssec-lookaside.</li>
6787 </ul></li>
6788 </ul>
6789
6790 <hr>
6791
6792 <h3><a href="https://h3artbl33d.nl/2020-nextcloud.html" rel="nofollow">NextCloud on OpenBSD</a></h3>
6793
6794 <blockquote>
6795 <p>NextCloud and OpenBSD are complementary to one another. NextCloud is an awesome, secure and private alternative for proprietary platforms, whereas OpenBSD forms the most secure and solid foundation to serve it on. Setting it up in the best way isn’t hard, especially using this step by step tutorial.</p>
6796 </blockquote>
6797
6798 <ul>
6799 <li>Preface</li>
6800 </ul>
6801
6802 <blockquote>
6803 <p>Back when this tutorial was initially written, things were different. The OpenBSD port relied on PHP 5.6 and there were no package updates. But the port improved (hats off, Gonzalo!) and package updates were introduced to the -stable branch (hats off, Solene!).</p>
6804
6805 <p>A rewrite of this tutorial was long overdue. Right now, it is written for 6.6 -stable and will be updated once 6.7 is released. If you have any questions or desire some help, feel free to reach out.</p>
6806 </blockquote>
6807
6808 <hr>
6809
6810 <h2>News Roundup</h2>
6811
6812 <h3><a href="http://leahneukirchen.org/blog/archive/2020/01/x11-screen-locking-a-secure-and-modular-approach.html" rel="nofollow">X11 screen locking: a secure and modular approach</a></h3>
6813
6814 <blockquote>
6815 <p>For years I’ve been using XScreenSaver as a default, but I recently learned about xsecurelock and re-evaluated my screen-saving requirements</p>
6816 </blockquote>
6817
6818 <hr>
6819
6820 <h3><a href="http://www.update.uu.se/%7Emicken/ronetbsd.html" rel="nofollow">NetBSD and RISC OS running parallel</a></h3>
6821
6822 <blockquote>
6823 <p>I have been experimenting with running two systems at the same time on the RK3399 SoC.<br>
6824 It all begun when I figured out how to switch to the A72 cpu for RISC OS. When the switch was done, the A53 cpu just continued to execute code.<br>
6825 OK I thought why not give it something to do!<br>
6826 My first step was to run some small programs.<br>
6827 It worked!</p>
6828
6829 <ul>
6830 <li>Thanks to Tom Jones for the pointer to this article</li>
6831 </ul>
6832 </blockquote>
6833
6834 <hr>
6835
6836 <h3>Several weeks ago we covered a story about switching from Linux to BSD. Benedict and JT asked for community feedback as to their thoughts on the matter. Allan was out that week, so this will give him an opportunity to chime in with his thoughts as well.</h3>
6837
6838 <ul>
6839 <li>Jamie - <a href="http://dpaste.com/0CH1YXQ#wrap" rel="nofollow">Dumping Linux for BSD</a></li>
6840 <li>Matt - <a href="http://dpaste.com/2N68YPJ#wrap" rel="nofollow">BSD Packaging</a></li>
6841 <li>Brad - <a href="http://dpaste.com/2SF9V38#wrap" rel="nofollow">Linux vs BS</a></li>
6842 <li>MJ - <a href="http://dpaste.com/0Z2ZT4V#wrap" rel="nofollow">Linux vs BSD Feedback</a></li>
6843 <li>Ben - <a href="http://dpaste.com/0B3M85X" rel="nofollow">Feedback for JT</a></li>
6844 <li>Henrik - <a href="http://dpaste.com/3F36EQE#wrap" rel="nofollow">Why you should migrate everything to BSD</a></li>
6845 </ul>
6846
6847 <hr>
6848
6849 <h2>Beastie Bits</h2>
6850
6851 <ul>
6852 <li><a href="https://www.dragonflydigest.com/2020/04/06/24367.html" rel="nofollow">ssh-copy-id now included</a></li>
6853 <li><a href="https://opnsense.org/opnsense-20-1-3-released/" rel="nofollow">OPNsense 20.1.3 released</a></li>
6854 <li><a href="https://bsd-cloud-image.org/" rel="nofollow">A Collection of prebuilt BSD Cloud Images</a></li>
6855 <li><a href="https://tmate.io/" rel="nofollow">Instant terminal sharing</a></li>
6856 </ul>
6857
6858 <hr>
6859
6860 <h2>Feedback/Questions</h2>
6861
6862 <ul>
6863 <li>Ales - <a href="http://dpaste.com/1EBWTK5#wrap" rel="nofollow">Manually verify signature files for pkg package</a></li>
6864 <li>Shody - <a href="http://dpaste.com/340PM9Q#wrap" rel="nofollow">Yubikey</a></li>
6865 <li>Mike - <a href="http://dpaste.com/13W9SF0" rel="nofollow">Site for hashes from old disks</a>
6866
6867 <ul>
6868 <li>Answer: <a href="https://docs.google.com/spreadsheets/d/19FmLs0jXxLkxAr0zwgdrXQd1qhbwvNHH6NvolvXKWTM/edit?usp=sharing" rel="nofollow">https://docs.google.com/spreadsheets/d/19FmLs0jXxLkxAr0zwgdrXQd1qhbwvNHH6NvolvXKWTM/edit?usp=sharing</a></li>
6869 </ul></li>
6870 </ul>
6871
6872 <hr>
6873
6874 <ul>
6875 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
6876 </ul>
6877
6878 <hr>
6879
6880 <video controls preload="metadata" style=" width:426px; height:240px;">
6881 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0345.mp4" type="video/mp4">
6882 Your browser does not support the HTML5 video tag.
6883 </video>]]>
6884 </content:encoded>
6885 <itunes:summary>
6886 <![CDATA[<p>NetBSD 8.2 is available, NextCloud on OpenBSD, X11 screen locking, NetBSD and RISC OS running parallel, community feedback about switching to BSD, and more.</p>
6887
6888 <h2>Headlines</h2>
6889
6890 <h3><a href="http://blog.netbsd.org/tnf/entry/netbsd_8_2_is_available" rel="nofollow">NetBSD 8.2 is available!</a></h3>
6891
6892 <blockquote>
6893 <p>The third release in the NetBSD-8 is now available.</p>
6894
6895 <p>This release includes all the security fixes in NetBSD-8 up until this point, and other fixes deemed important for stability.</p>
6896 </blockquote>
6897
6898 <ul>
6899 <li>Some highlights include:
6900
6901 <ul>
6902 <li>x86: fixed regression in booting old CPUs</li>
6903 <li>x86: Hyper-V Gen.2 VM framebuffer support</li>
6904 <li>httpd(8): fixed various security issues</li>
6905 <li>ixg(4): various fixes / improvements</li>
6906 <li>x86 efiboot: add tftp support, fix issues on machines with many memory segments, improve graphics mode logic to work on more machines.</li>
6907 <li>Various kernel memory info leaks fixes</li>
6908 <li>Update expat to 2.2.8</li>
6909 <li>Fix ryzen USB issues and support xHCI version 3.10.</li>
6910 <li>Accept root device specification as NAME=label.</li>
6911 <li>Add multiboot 2 support to x86 bootloaders.</li>
6912 <li>Fix for CVE-2019-9506: 'Key Negotiation of Bluetooth' attack.</li>
6913 <li>nouveau: limit the supported devices and fix firmware loading.</li>
6914 <li>radeon: fix loading of the TAHITI VCE firmware.</li>
6915 <li>named(8): stop using obsolete dnssec-lookaside.</li>
6916 </ul></li>
6917 </ul>
6918
6919 <hr>
6920
6921 <h3><a href="https://h3artbl33d.nl/2020-nextcloud.html" rel="nofollow">NextCloud on OpenBSD</a></h3>
6922
6923 <blockquote>
6924 <p>NextCloud and OpenBSD are complementary to one another. NextCloud is an awesome, secure and private alternative for proprietary platforms, whereas OpenBSD forms the most secure and solid foundation to serve it on. Setting it up in the best way isn’t hard, especially using this step by step tutorial.</p>
6925 </blockquote>
6926
6927 <ul>
6928 <li>Preface</li>
6929 </ul>
6930
6931 <blockquote>
6932 <p>Back when this tutorial was initially written, things were different. The OpenBSD port relied on PHP 5.6 and there were no package updates. But the port improved (hats off, Gonzalo!) and package updates were introduced to the -stable branch (hats off, Solene!).</p>
6933
6934 <p>A rewrite of this tutorial was long overdue. Right now, it is written for 6.6 -stable and will be updated once 6.7 is released. If you have any questions or desire some help, feel free to reach out.</p>
6935 </blockquote>
6936
6937 <hr>
6938
6939 <h2>News Roundup</h2>
6940
6941 <h3><a href="http://leahneukirchen.org/blog/archive/2020/01/x11-screen-locking-a-secure-and-modular-approach.html" rel="nofollow">X11 screen locking: a secure and modular approach</a></h3>
6942
6943 <blockquote>
6944 <p>For years I’ve been using XScreenSaver as a default, but I recently learned about xsecurelock and re-evaluated my screen-saving requirements</p>
6945 </blockquote>
6946
6947 <hr>
6948
6949 <h3><a href="http://www.update.uu.se/%7Emicken/ronetbsd.html" rel="nofollow">NetBSD and RISC OS running parallel</a></h3>
6950
6951 <blockquote>
6952 <p>I have been experimenting with running two systems at the same time on the RK3399 SoC.<br>
6953 It all begun when I figured out how to switch to the A72 cpu for RISC OS. When the switch was done, the A53 cpu just continued to execute code.<br>
6954 OK I thought why not give it something to do!<br>
6955 My first step was to run some small programs.<br>
6956 It worked!</p>
6957
6958 <ul>
6959 <li>Thanks to Tom Jones for the pointer to this article</li>
6960 </ul>
6961 </blockquote>
6962
6963 <hr>
6964
6965 <h3>Several weeks ago we covered a story about switching from Linux to BSD. Benedict and JT asked for community feedback as to their thoughts on the matter. Allan was out that week, so this will give him an opportunity to chime in with his thoughts as well.</h3>
6966
6967 <ul>
6968 <li>Jamie - <a href="http://dpaste.com/0CH1YXQ#wrap" rel="nofollow">Dumping Linux for BSD</a></li>
6969 <li>Matt - <a href="http://dpaste.com/2N68YPJ#wrap" rel="nofollow">BSD Packaging</a></li>
6970 <li>Brad - <a href="http://dpaste.com/2SF9V38#wrap" rel="nofollow">Linux vs BS</a></li>
6971 <li>MJ - <a href="http://dpaste.com/0Z2ZT4V#wrap" rel="nofollow">Linux vs BSD Feedback</a></li>
6972 <li>Ben - <a href="http://dpaste.com/0B3M85X" rel="nofollow">Feedback for JT</a></li>
6973 <li>Henrik - <a href="http://dpaste.com/3F36EQE#wrap" rel="nofollow">Why you should migrate everything to BSD</a></li>
6974 </ul>
6975
6976 <hr>
6977
6978 <h2>Beastie Bits</h2>
6979
6980 <ul>
6981 <li><a href="https://www.dragonflydigest.com/2020/04/06/24367.html" rel="nofollow">ssh-copy-id now included</a></li>
6982 <li><a href="https://opnsense.org/opnsense-20-1-3-released/" rel="nofollow">OPNsense 20.1.3 released</a></li>
6983 <li><a href="https://bsd-cloud-image.org/" rel="nofollow">A Collection of prebuilt BSD Cloud Images</a></li>
6984 <li><a href="https://tmate.io/" rel="nofollow">Instant terminal sharing</a></li>
6985 </ul>
6986
6987 <hr>
6988
6989 <h2>Feedback/Questions</h2>
6990
6991 <ul>
6992 <li>Ales - <a href="http://dpaste.com/1EBWTK5#wrap" rel="nofollow">Manually verify signature files for pkg package</a></li>
6993 <li>Shody - <a href="http://dpaste.com/340PM9Q#wrap" rel="nofollow">Yubikey</a></li>
6994 <li>Mike - <a href="http://dpaste.com/13W9SF0" rel="nofollow">Site for hashes from old disks</a>
6995
6996 <ul>
6997 <li>Answer: <a href="https://docs.google.com/spreadsheets/d/19FmLs0jXxLkxAr0zwgdrXQd1qhbwvNHH6NvolvXKWTM/edit?usp=sharing" rel="nofollow">https://docs.google.com/spreadsheets/d/19FmLs0jXxLkxAr0zwgdrXQd1qhbwvNHH6NvolvXKWTM/edit?usp=sharing</a></li>
6998 </ul></li>
6999 </ul>
7000
7001 <hr>
7002
7003 <ul>
7004 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
7005 </ul>
7006
7007 <hr>
7008
7009 <video controls preload="metadata" style=" width:426px; height:240px;">
7010 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0345.mp4" type="video/mp4">
7011 Your browser does not support the HTML5 video tag.
7012 </video>]]>
7013 </itunes:summary>
7014 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+BYpPSnzU</fireside:playerURL>
7015 <fireside:playerEmbedCode>
7016 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+BYpPSnzU" width="740" height="200" frameborder="0" scrolling="no">]]>
7017 </fireside:playerEmbedCode>
7018 </item>
7019 <item>
7020 <title>344: Grains of Salt</title>
7021 <link>https://www.bsdnow.tv/344</link>
7022 <guid isPermaLink="false">e17510a7-48e1-4fa3-9500-222f5e4904ee</guid>
7023 <pubDate>Thu, 02 Apr 2020 05:00:00 -0700</pubDate>
7024 <author>Allan Jude</author>
7025 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/e17510a7-48e1-4fa3-9500-222f5e4904ee.mp3" length="40072591" type="audio/mp3"/>
7026 <itunes:episodeType>full</itunes:episodeType>
7027 <itunes:author>Allan Jude</itunes:author>
7028 <itunes:subtitle>Shell text processing, data rebalancing on ZFS mirrors, Add Security Headers with OpenBSD relayd, ZFS filesystem hierarchy in ZFS pools, speeding up ZSH, How Unix pipes work, grow ZFS pools over time, the real reason ifconfig on Linux is deprecated, clear your terminal in style, and more.</itunes:subtitle>
7029 <itunes:duration>55:39</itunes:duration>
7030 <itunes:explicit>no</itunes:explicit>
7031 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
7032 <description>Shell text processing, data rebalancing on ZFS mirrors, Add Security Headers with OpenBSD relayd, ZFS filesystem hierarchy in ZFS pools, speeding up ZSH, How Unix pipes work, grow ZFS pools over time, the real reason ifconfig on Linux is deprecated, clear your terminal in style, and more.
7033 Headlines
7034 Text processing in the shell (https://blog.balthazar-rouberol.com/text-processing-in-the-shell)
7035 This article is part of a self-published book project by Balthazar Rouberol and Etienne Brodu, ex-roommates, friends and colleagues, aiming at empowering the up and coming generation of developers. We currently are hard at work on it!
7036 One of the things that makes the shell an invaluable tool is the amount of available text processing commands, and the ability to easily pipe them into each other to build complex text processing workflows. These commands can make it trivial to perform text and data analysis, convert data between different formats, filter lines, etc.
7037 When working with text data, the philosophy is to break any complex problem you have into a set of smaller ones, and to solve each of them with a specialized tool.
7038 Rebalancing data on ZFS mirrors (https://jrs-s.net/2020/03/10/rebalancing-data-on-zfs-mirrors/)
7039 One of the questions that comes up time and time again about ZFS is “how can I migrate my data to a pool on a few of my disks, then add the rest of the disks afterward?”
7040 If you just want to get the data moved and don’t care about balance, you can just copy the data over, then add the new disks and be done with it. But, it won’t be distributed evenly over the vdevs in your pool.
7041 Don’t fret, though, it’s actually pretty easy to rebalance mirrors. In the following example, we’ll assume you’ve got four disks in a RAID array on an old machine, and two disks available to copy the data to in the short term.
7042 News Roundup
7043 Using OpenBSD relayd to Add Security Headers (https://web.archive.org/web/20191109121500/https://goblackcat.com/posts/using-openbsd-relayd-to-add-security-headers/)
7044 I am a huge fan of OpenBSD’s built-in httpd server as it is simple, secure, and quite performant. With the modern push of the large search providers pushing secure websites, it is now important to add security headers to your website or risk having the search results for your website downgraded. Fortunately, it is very easy to do this when you combine httpd with relayd. While relayd is principally designed for layer 3 redirections and layer 7 relays, it just so happens that it makes a handy tool for adding the recommended security headers. My website automatically redirects users from http to https and this gets achieved using a simple redirection in /etc/httpd.conf So if you have a configuration similar to mine, then you will still want to have httpd listen on the egress interface on port 80. The key thing to change here is to have httpd listen on 127.0.0.1 on port 443.
7045 How we set up our ZFS filesystem hierarchy in our ZFS pools (https://utcc.utoronto.ca/~cks/space/blog/solaris/ZFSOurContainerFilesystems)
7046 Our long standing practice here, predating even the first generation of our ZFS fileservers, is that we have two main sorts of filesystems, home directories (homedir filesystems) and what we call 'work directory' (workdir) filesystems. Homedir filesystems are called /h/NNN (for some NNN) and workdir filesystems are called /w/NNN; the NNN is unique across all of the different sorts of filesystems. Users are encouraged to put as much stuff as possible in workdirs and can have as many of them as they want, which mattered a lot more in the days when we used Solaris DiskSuite and had fixed-sized filesystems.
7047 Speeding up ZSH (https://blog.jonlu.ca/posts/speeding-up-zsh)
7048 https://web.archive.org/web/20200315184849/https://blog.jonlu.ca/posts/speeding-up-zsh
7049 I was opening multiple shells for an unrelated project today and noticed how abysmal my shell load speed was. After the initial load it was relatively fast, but the actual shell start up was noticeably slow. I timed it with time and these were the results.
7050 In the future I hope to actually recompile zsh with additional profiling techniques and debug information - keeping an internal timer and having a flag output current time for each command in a tree fashion would make building heat maps really easy.
7051 How do Unix Pipes work (https://www.vegardstikbakke.com/how-do-pipes-work-sigpipe/)
7052 Pipes are cool! We saw how handy they are in a previous blog post. Let’s look at a typical way to use the pipe operator. We have some output, and we want to look at the first lines of the output. Let’s download The Brothers Karamazov by Fyodor Dostoevsky, a fairly long novel.
7053 What we do to enable us to grow our ZFS pools over time (https://utcc.utoronto.ca/~cks/space/blog/solaris/ZFSHowWeGrowPools)
7054 In my entry on why ZFS isn't good at growing and reshaping pools, I mentioned that we go to quite some lengths in our ZFS environment to be able to incrementally expand our pools. Today I want to put together all of the pieces of that in one place to discuss what those lengths are.
7055 Our big constraint is that not only do we need to add space to pools over time, but we have a fairly large number of pools and which pools will have space added to them is unpredictable. We need a solution to pool expansion that leaves us with as much flexibility as possible for as long as possible. This pretty much requires being able to expand pools in relatively small increments of space.
7056 Linux maintains bugs: The real reason ifconfig on Linux is deprecated (https://blog.farhan.codes/2018/06/25/linux-maintains-bugs-the-real-reason-ifconfig-on-linux-is-deprecated/)
7057 In my third installment of FreeBSD vs Linux, I will discuss underlying reasons for why Linux moved away from ifconfig(8) to ip(8).
7058 In the past, when people said, “Linux is a kernel, not an operating system”, I knew that was true but I always thought it was a rather pedantic criticism. Of course no one runs just the Linux kernel, you run a distribution of Linux. But after reviewing userland code, I understand the significant drawbacks to developing “just a kernel” in isolation from the rest of the system.
7059 Clear Your Terminal in Style (https://adammusciano.com/2020/03/04/2020-03-04-clear-your-terminal-in-style/)
7060 if you’re someone like me who habitually clears their terminal, sometimes you want a little excitement in your life. Here is a way to do just that.
7061 This post revolves around the idea of giving a command a percent chance of running. While the topic at hand is not serious, this simple technique has potential in your scripts.
7062 Feedback/Questions
7063 Guy - AMD GPU Help (http://dpaste.com/2NEPDHB)
7064 MLShroyer13 - VLANs and Jails (http://dpaste.com/31KBNP4#wrap)
7065 Master One - ZFS Suspend/resume (http://dpaste.com/0DKM8CF#wrap)
7066 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
7067 <video controls preload="metadata" style=" width:426px; height:240px;">
7068 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0344.mp4" type="video/mp4">
7069 Your browser does not support the HTML5 video tag.
7070 </video>
7071 </description>
7072 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, text processing, shell, rebalancing, mirror, mirror rebalancing, zfs, zpool, security, security headers, relayd, hierarchy, speed up, performance, zsh, pipe, pipes, Unix, ifconfig, terminal</itunes:keywords>
7073 <content:encoded>
7074 <![CDATA[<p>Shell text processing, data rebalancing on ZFS mirrors, Add Security Headers with OpenBSD relayd, ZFS filesystem hierarchy in ZFS pools, speeding up ZSH, How Unix pipes work, grow ZFS pools over time, the real reason ifconfig on Linux is deprecated, clear your terminal in style, and more.</p>
7075
7076 <h2>Headlines</h2>
7077
7078 <h3><a href="https://blog.balthazar-rouberol.com/text-processing-in-the-shell" rel="nofollow">Text processing in the shell</a></h3>
7079
7080 <blockquote>
7081 <p>This article is part of a self-published book project by Balthazar Rouberol and Etienne Brodu, ex-roommates, friends and colleagues, aiming at empowering the up and coming generation of developers. We currently are hard at work on it!</p>
7082
7083 <p>One of the things that makes the shell an invaluable tool is the amount of available text processing commands, and the ability to easily pipe them into each other to build complex text processing workflows. These commands can make it trivial to perform text and data analysis, convert data between different formats, filter lines, etc.</p>
7084
7085 <p>When working with text data, the philosophy is to break any complex problem you have into a set of smaller ones, and to solve each of them with a specialized tool.</p>
7086 </blockquote>
7087
7088 <hr>
7089
7090 <h3><a href="https://jrs-s.net/2020/03/10/rebalancing-data-on-zfs-mirrors/" rel="nofollow">Rebalancing data on ZFS mirrors</a></h3>
7091
7092 <blockquote>
7093 <p>One of the questions that comes up time and time again about ZFS is “how can I migrate my data to a pool on a few of my disks, then add the rest of the disks afterward?”</p>
7094
7095 <p>If you just want to get the data moved and don’t care about balance, you can just copy the data over, then add the new disks and be done with it. But, it won’t be distributed evenly over the vdevs in your pool.</p>
7096
7097 <p>Don’t fret, though, it’s actually pretty easy to rebalance mirrors. In the following example, we’ll assume you’ve got four disks in a RAID array on an old machine, and two disks available to copy the data to in the short term.</p>
7098 </blockquote>
7099
7100 <hr>
7101
7102 <h2>News Roundup</h2>
7103
7104 <h3><a href="https://web.archive.org/web/20191109121500/https://goblackcat.com/posts/using-openbsd-relayd-to-add-security-headers/" rel="nofollow">Using OpenBSD relayd to Add Security Headers</a></h3>
7105
7106 <blockquote>
7107 <p>I am a huge fan of OpenBSD’s built-in httpd server as it is simple, secure, and quite performant. With the modern push of the large search providers pushing secure websites, it is now important to add security headers to your website or risk having the search results for your website downgraded. Fortunately, it is very easy to do this when you combine httpd with relayd. While relayd is principally designed for layer 3 redirections and layer 7 relays, it just so happens that it makes a handy tool for adding the recommended security headers. My website automatically redirects users from http to https and this gets achieved using a simple redirection in /etc/httpd.conf So if you have a configuration similar to mine, then you will still want to have httpd listen on the egress interface on port 80. The key thing to change here is to have httpd listen on 127.0.0.1 on port 443.</p>
7108 </blockquote>
7109
7110 <hr>
7111
7112 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/solaris/ZFSOurContainerFilesystems" rel="nofollow">How we set up our ZFS filesystem hierarchy in our ZFS pools</a></h3>
7113
7114 <blockquote>
7115 <p>Our long standing practice here, predating even the first generation of our ZFS fileservers, is that we have two main sorts of filesystems, home directories (homedir filesystems) and what we call 'work directory' (workdir) filesystems. Homedir filesystems are called /h/NNN (for some NNN) and workdir filesystems are called /w/NNN; the NNN is unique across all of the different sorts of filesystems. Users are encouraged to put as much stuff as possible in workdirs and can have as many of them as they want, which mattered a lot more in the days when we used Solaris DiskSuite and had fixed-sized filesystems.</p>
7116 </blockquote>
7117
7118 <hr>
7119
7120 <h3><a href="https://blog.jonlu.ca/posts/speeding-up-zsh" rel="nofollow">Speeding up ZSH</a></h3>
7121
7122 <p><a href="https://web.archive.org/web/20200315184849/https://blog.jonlu.ca/posts/speeding-up-zsh" rel="nofollow">https://web.archive.org/web/20200315184849/https://blog.jonlu.ca/posts/speeding-up-zsh</a></p>
7123
7124 <blockquote>
7125 <p>I was opening multiple shells for an unrelated project today and noticed how abysmal my shell load speed was. After the initial load it was relatively fast, but the actual shell start up was noticeably slow. I timed it with time and these were the results.</p>
7126
7127 <p>In the future I hope to actually recompile zsh with additional profiling techniques and debug information - keeping an internal timer and having a flag output current time for each command in a tree fashion would make building heat maps really easy.</p>
7128 </blockquote>
7129
7130 <hr>
7131
7132 <h3><a href="https://www.vegardstikbakke.com/how-do-pipes-work-sigpipe/" rel="nofollow">How do Unix Pipes work</a></h3>
7133
7134 <blockquote>
7135 <p>Pipes are cool! We saw how handy they are in a previous blog post. Let’s look at a typical way to use the pipe operator. We have some output, and we want to look at the first lines of the output. Let’s download The Brothers Karamazov by Fyodor Dostoevsky, a fairly long novel.</p>
7136 </blockquote>
7137
7138 <hr>
7139
7140 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/solaris/ZFSHowWeGrowPools" rel="nofollow">What we do to enable us to grow our ZFS pools over time</a></h3>
7141
7142 <blockquote>
7143 <p>In my entry on why ZFS isn't good at growing and reshaping pools, I mentioned that we go to quite some lengths in our ZFS environment to be able to incrementally expand our pools. Today I want to put together all of the pieces of that in one place to discuss what those lengths are.<br>
7144 Our big constraint is that not only do we need to add space to pools over time, but we have a fairly large number of pools and which pools will have space added to them is unpredictable. We need a solution to pool expansion that leaves us with as much flexibility as possible for as long as possible. This pretty much requires being able to expand pools in relatively small increments of space.</p>
7145 </blockquote>
7146
7147 <hr>
7148
7149 <h3><a href="https://blog.farhan.codes/2018/06/25/linux-maintains-bugs-the-real-reason-ifconfig-on-linux-is-deprecated/" rel="nofollow">Linux maintains bugs: The real reason ifconfig on Linux is deprecated</a></h3>
7150
7151 <blockquote>
7152 <p>In my third installment of FreeBSD vs Linux, I will discuss underlying reasons for why Linux moved away from ifconfig(8) to ip(8).</p>
7153 </blockquote>
7154
7155 <p>In the past, when people said, “Linux is a kernel, not an operating system”, I knew that was true but I always thought it was a rather pedantic criticism. Of course no one runs just the Linux kernel, you run a distribution of Linux. But after reviewing userland code, I understand the significant drawbacks to developing “just a kernel” in isolation from the rest of the system.</p>
7156
7157 <hr>
7158
7159 <h3><a href="https://adammusciano.com/2020/03/04/2020-03-04-clear-your-terminal-in-style/" rel="nofollow">Clear Your Terminal in Style</a></h3>
7160
7161 <blockquote>
7162 <p>if you’re someone like me who habitually clears their terminal, sometimes you want a little excitement in your life. Here is a way to do just that.</p>
7163
7164 <p>This post revolves around the idea of giving a command a percent chance of running. While the topic at hand is not serious, this simple technique has potential in your scripts.</p>
7165 </blockquote>
7166
7167 <hr>
7168
7169 <h2>Feedback/Questions</h2>
7170
7171 <ul>
7172 <li>Guy - <a href="http://dpaste.com/2NEPDHB" rel="nofollow">AMD GPU Help</a></li>
7173 <li>MLShroyer13 - <a href="http://dpaste.com/31KBNP4#wrap" rel="nofollow">VLANs and Jails</a></li>
7174 <li>Master One - <a href="http://dpaste.com/0DKM8CF#wrap" rel="nofollow">ZFS Suspend/resume</a></li>
7175 </ul>
7176
7177 <hr>
7178
7179 <ul>
7180 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
7181 </ul>
7182
7183 <hr>
7184
7185 <video controls preload="metadata" style=" width:426px; height:240px;">
7186 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0344.mp4" type="video/mp4">
7187 Your browser does not support the HTML5 video tag.
7188 </video>]]>
7189 </content:encoded>
7190 <itunes:summary>
7191 <![CDATA[<p>Shell text processing, data rebalancing on ZFS mirrors, Add Security Headers with OpenBSD relayd, ZFS filesystem hierarchy in ZFS pools, speeding up ZSH, How Unix pipes work, grow ZFS pools over time, the real reason ifconfig on Linux is deprecated, clear your terminal in style, and more.</p>
7192
7193 <h2>Headlines</h2>
7194
7195 <h3><a href="https://blog.balthazar-rouberol.com/text-processing-in-the-shell" rel="nofollow">Text processing in the shell</a></h3>
7196
7197 <blockquote>
7198 <p>This article is part of a self-published book project by Balthazar Rouberol and Etienne Brodu, ex-roommates, friends and colleagues, aiming at empowering the up and coming generation of developers. We currently are hard at work on it!</p>
7199
7200 <p>One of the things that makes the shell an invaluable tool is the amount of available text processing commands, and the ability to easily pipe them into each other to build complex text processing workflows. These commands can make it trivial to perform text and data analysis, convert data between different formats, filter lines, etc.</p>
7201
7202 <p>When working with text data, the philosophy is to break any complex problem you have into a set of smaller ones, and to solve each of them with a specialized tool.</p>
7203 </blockquote>
7204
7205 <hr>
7206
7207 <h3><a href="https://jrs-s.net/2020/03/10/rebalancing-data-on-zfs-mirrors/" rel="nofollow">Rebalancing data on ZFS mirrors</a></h3>
7208
7209 <blockquote>
7210 <p>One of the questions that comes up time and time again about ZFS is “how can I migrate my data to a pool on a few of my disks, then add the rest of the disks afterward?”</p>
7211
7212 <p>If you just want to get the data moved and don’t care about balance, you can just copy the data over, then add the new disks and be done with it. But, it won’t be distributed evenly over the vdevs in your pool.</p>
7213
7214 <p>Don’t fret, though, it’s actually pretty easy to rebalance mirrors. In the following example, we’ll assume you’ve got four disks in a RAID array on an old machine, and two disks available to copy the data to in the short term.</p>
7215 </blockquote>
7216
7217 <hr>
7218
7219 <h2>News Roundup</h2>
7220
7221 <h3><a href="https://web.archive.org/web/20191109121500/https://goblackcat.com/posts/using-openbsd-relayd-to-add-security-headers/" rel="nofollow">Using OpenBSD relayd to Add Security Headers</a></h3>
7222
7223 <blockquote>
7224 <p>I am a huge fan of OpenBSD’s built-in httpd server as it is simple, secure, and quite performant. With the modern push of the large search providers pushing secure websites, it is now important to add security headers to your website or risk having the search results for your website downgraded. Fortunately, it is very easy to do this when you combine httpd with relayd. While relayd is principally designed for layer 3 redirections and layer 7 relays, it just so happens that it makes a handy tool for adding the recommended security headers. My website automatically redirects users from http to https and this gets achieved using a simple redirection in /etc/httpd.conf So if you have a configuration similar to mine, then you will still want to have httpd listen on the egress interface on port 80. The key thing to change here is to have httpd listen on 127.0.0.1 on port 443.</p>
7225 </blockquote>
7226
7227 <hr>
7228
7229 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/solaris/ZFSOurContainerFilesystems" rel="nofollow">How we set up our ZFS filesystem hierarchy in our ZFS pools</a></h3>
7230
7231 <blockquote>
7232 <p>Our long standing practice here, predating even the first generation of our ZFS fileservers, is that we have two main sorts of filesystems, home directories (homedir filesystems) and what we call 'work directory' (workdir) filesystems. Homedir filesystems are called /h/NNN (for some NNN) and workdir filesystems are called /w/NNN; the NNN is unique across all of the different sorts of filesystems. Users are encouraged to put as much stuff as possible in workdirs and can have as many of them as they want, which mattered a lot more in the days when we used Solaris DiskSuite and had fixed-sized filesystems.</p>
7233 </blockquote>
7234
7235 <hr>
7236
7237 <h3><a href="https://blog.jonlu.ca/posts/speeding-up-zsh" rel="nofollow">Speeding up ZSH</a></h3>
7238
7239 <p><a href="https://web.archive.org/web/20200315184849/https://blog.jonlu.ca/posts/speeding-up-zsh" rel="nofollow">https://web.archive.org/web/20200315184849/https://blog.jonlu.ca/posts/speeding-up-zsh</a></p>
7240
7241 <blockquote>
7242 <p>I was opening multiple shells for an unrelated project today and noticed how abysmal my shell load speed was. After the initial load it was relatively fast, but the actual shell start up was noticeably slow. I timed it with time and these were the results.</p>
7243
7244 <p>In the future I hope to actually recompile zsh with additional profiling techniques and debug information - keeping an internal timer and having a flag output current time for each command in a tree fashion would make building heat maps really easy.</p>
7245 </blockquote>
7246
7247 <hr>
7248
7249 <h3><a href="https://www.vegardstikbakke.com/how-do-pipes-work-sigpipe/" rel="nofollow">How do Unix Pipes work</a></h3>
7250
7251 <blockquote>
7252 <p>Pipes are cool! We saw how handy they are in a previous blog post. Let’s look at a typical way to use the pipe operator. We have some output, and we want to look at the first lines of the output. Let’s download The Brothers Karamazov by Fyodor Dostoevsky, a fairly long novel.</p>
7253 </blockquote>
7254
7255 <hr>
7256
7257 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/solaris/ZFSHowWeGrowPools" rel="nofollow">What we do to enable us to grow our ZFS pools over time</a></h3>
7258
7259 <blockquote>
7260 <p>In my entry on why ZFS isn't good at growing and reshaping pools, I mentioned that we go to quite some lengths in our ZFS environment to be able to incrementally expand our pools. Today I want to put together all of the pieces of that in one place to discuss what those lengths are.<br>
7261 Our big constraint is that not only do we need to add space to pools over time, but we have a fairly large number of pools and which pools will have space added to them is unpredictable. We need a solution to pool expansion that leaves us with as much flexibility as possible for as long as possible. This pretty much requires being able to expand pools in relatively small increments of space.</p>
7262 </blockquote>
7263
7264 <hr>
7265
7266 <h3><a href="https://blog.farhan.codes/2018/06/25/linux-maintains-bugs-the-real-reason-ifconfig-on-linux-is-deprecated/" rel="nofollow">Linux maintains bugs: The real reason ifconfig on Linux is deprecated</a></h3>
7267
7268 <blockquote>
7269 <p>In my third installment of FreeBSD vs Linux, I will discuss underlying reasons for why Linux moved away from ifconfig(8) to ip(8).</p>
7270 </blockquote>
7271
7272 <p>In the past, when people said, “Linux is a kernel, not an operating system”, I knew that was true but I always thought it was a rather pedantic criticism. Of course no one runs just the Linux kernel, you run a distribution of Linux. But after reviewing userland code, I understand the significant drawbacks to developing “just a kernel” in isolation from the rest of the system.</p>
7273
7274 <hr>
7275
7276 <h3><a href="https://adammusciano.com/2020/03/04/2020-03-04-clear-your-terminal-in-style/" rel="nofollow">Clear Your Terminal in Style</a></h3>
7277
7278 <blockquote>
7279 <p>if you’re someone like me who habitually clears their terminal, sometimes you want a little excitement in your life. Here is a way to do just that.</p>
7280
7281 <p>This post revolves around the idea of giving a command a percent chance of running. While the topic at hand is not serious, this simple technique has potential in your scripts.</p>
7282 </blockquote>
7283
7284 <hr>
7285
7286 <h2>Feedback/Questions</h2>
7287
7288 <ul>
7289 <li>Guy - <a href="http://dpaste.com/2NEPDHB" rel="nofollow">AMD GPU Help</a></li>
7290 <li>MLShroyer13 - <a href="http://dpaste.com/31KBNP4#wrap" rel="nofollow">VLANs and Jails</a></li>
7291 <li>Master One - <a href="http://dpaste.com/0DKM8CF#wrap" rel="nofollow">ZFS Suspend/resume</a></li>
7292 </ul>
7293
7294 <hr>
7295
7296 <ul>
7297 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
7298 </ul>
7299
7300 <hr>
7301
7302 <video controls preload="metadata" style=" width:426px; height:240px;">
7303 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0344.mp4" type="video/mp4">
7304 Your browser does not support the HTML5 video tag.
7305 </video>]]>
7306 </itunes:summary>
7307 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+1BYakFYj</fireside:playerURL>
7308 <fireside:playerEmbedCode>
7309 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+1BYakFYj" width="740" height="200" frameborder="0" scrolling="no">]]>
7310 </fireside:playerEmbedCode>
7311 </item>
7312 <item>
7313 <title>343: FreeBSD, Corona: Fight!</title>
7314 <link>https://www.bsdnow.tv/343</link>
7315 <guid isPermaLink="false">1752e8c2-3d6e-40dc-8bd9-5c7654660b15</guid>
7316 <pubDate>Thu, 26 Mar 2020 05:00:00 -0700</pubDate>
7317 <author>Allan Jude</author>
7318 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/1752e8c2-3d6e-40dc-8bd9-5c7654660b15.mp3" length="28131915" type="audio/mp3"/>
7319 <itunes:episodeType>full</itunes:episodeType>
7320 <itunes:author>Allan Jude</itunes:author>
7321 <itunes:subtitle>Fighting the Coronavirus with FreeBSD, Wireguard VPN Howto in OPNsense, NomadBSD 1.3.1 available, fresh GhostBSD 20.02, New FuryBSD XFCE and KDE images, pf-badhost 0.3 released, and more.</itunes:subtitle>
7322 <itunes:duration>39:04</itunes:duration>
7323 <itunes:explicit>no</itunes:explicit>
7324 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
7325 <description>Fighting the Coronavirus with FreeBSD, Wireguard VPN Howto in OPNsense, NomadBSD 1.3.1 available, fresh GhostBSD 20.02, New FuryBSD XFCE and KDE images, pf-badhost 0.3 released, and more.
7326 Headlines
7327 Fighting the Coronavirus with FreeBSD (https://www.leidinger.net/blog/2020/03/19/fighting-the-coronavirus-with-freebsd-foldinghome/)
7328 Here is a quick HOWTO for those who want to provide some FreeBSD based compute resources to help finding vaccines.
7329 UPDATE 2020-03-22: 0mp@ made a port out of this, it is in “biology/linux-foldingathome”.
7330 Per default it will now pick up some SARS-CoV‑2 (COVID-19) related folding tasks. There are some more config options (e.g. how much of the system resources are used). Please refer to the official Folding@Home site for more information about that. Be also aware that there is a big rise in compute resources donated to Folding@Home, so the pool of available work units may be empty from time to time, but they are working on adding more work units. Be patient.
7331 How to configure the Wireguard VPN in OPNsense (https://homenetworkguy.com/how-to/configure-wireguard-opnsense/)
7332 WireGuard is a modern designed VPN that uses the latest cryptography for stronger security, is very lightweight, and is relatively easy to set up (mostly). I say ‘mostly’ because I found setting up WireGuard in OPNsense to be more difficult than I anticipated. The basic setup of the WireGuard VPN itself was as easy as the authors claim on their website, but I came across a few gotcha's. The gotcha's occur with functionality that is beyond the scope of the WireGuard protocol so I cannot fault them for that. My greatest struggle was configuring WireGuard to function similarly to my OpenVPN server. I want the ability to connect remotely to my home network from my iPhone or iPad, tunnel all traffic through the VPN, have access to certain devices and services on my network, and have the VPN devices use my home's Internet connection.
7333 WireGuard behaves more like a SSH server than a typical VPN server. With WireGuard, devices which have shared their cryptographic keys with each other are able to connect via an encrypted tunnel (like a SSH server configured to use keys instead of passwords). The devices that are connecting to one another are referred to as “peer” devices. When the peer device is an OPNsense router with WireGuard installed, for instance, it can be configured to allow access to various resources on your network. It becomes a tunnel into your network similar to OpenVPN (with the appropriate firewall rules enabled). I will refer to the WireGuard installation on OPNsense as the server rather than a “peer” to make it more clear which device I am configuring unless I am describing the user interface because that is the terminology used interchangeably by WireGuard.
7334 The documentation I found on WireGuard in OPNsense is straightforward and relatively easy to understand, but I had to wrestle with it for a little while to gain a better understanding on how it should be configured. I believe it was partially due to differing end goals – I was trying to achieve something a little different than the authors of other wiki/blog/forum posts. Piecing together various sources of information, I finally ended up with a configuration that met the goals stated above.
7335 News Roundup
7336 NomadBSD 1.3.1 (https://nomadbsd.org/index.html#1.3.1)
7337 NomadBSD 1.3.1 has recently been made available. NomadBSD is a lightweight and portable FreeBSD distribution, designed to run on live on a USB flash drive, allowing you to plug, test, and play on different hardware. They have also started a forum as of yesterday, where you can ask questions and mingle with the NomadBSD community. Notable changes in 1.3.1 are base system upgraded to FreeBSD 12.1-p2. automatic network interface setup improved, image size increased to over 4GB, Thunderbird, Zeroconf, and some more listed below.
7338 GhostBSD 20.02 (https://ghostbsd.org/20.02_release_announcement)
7339 Eric Turgeon, main developer of GhostBSD, has announced version 20.02 of the FreeBSD based operating system. Notable changes are ZFS partition into the custom partition editor installer, allowing you to install alongside with Windows, Linux, or macOS. Other changes are force upgrade all packages on system upgrade, improved update station, and powerd by default for laptop battery performance.
7340 New FuryBSD XFCE and KDE images (https://www.furybsd.org/new-furybsd-12-1-based-images-are-available-for-xfce-and-kde/)
7341 This new release is now based on FreeBSD 12.1 with the latest FreeBSD quarterly packages. This brings XFCE up to 4.14, and KDE up to 5.17. In addition to updates this new ISO mostly addresses community bugs, community enhancement requests, and community pull requests. Due to the overwhelming amount of reports with GitHub hosting all new releases are now being pushed to SourceForge only for the time being. Previous releases will still be kept for archive purposes.
7342 pf-badhost 0.3 Released (https://www.geoghegan.ca/pfbadhost.html)
7343 pf-badhost is a simple, easy to use badhost blocker that uses the power of the pf firewall to block many of the internet's biggest irritants. Annoyances such as SSH and SMTP bruteforcers are largely eliminated. Shodan scans and bots looking for webservers to abuse are stopped dead in their tracks. When used to filter outbound traffic, pf-badhost blocks many seedy, spooky malware containing and/or compromised webhosts.
7344 Beastie Bits
7345 DragonFly i915 drm update (https://www.dragonflydigest.com/2020/03/23/24324.html)
7346 CShell is punk rock (http://blog.snailtext.com/posts/cshell-is-punk-rock.html)
7347 The most surprising Unix programs (https://minnie.tuhs.org/pipermail/tuhs/2020-March/020664.html)
7348 Feedback/Questions
7349 Master One - Torn between OpenBSD and FreeBSD (http://dpaste.com/102HKF5#wrap)
7350 Brad - Follow up to Linus ZFS story (http://dpaste.com/1VXQA2Y#wrap)
7351 Filipe Carvalho - Call for Portuguese BSD User Groups (http://dpaste.com/2H7S8YP)
7352 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
7353 <video controls preload="metadata" style=" width:426px; height:240px;">
7354 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0343.mp4" type="video/mp4">
7355 Your browser does not support the HTML5 video tag.
7356 </video>
7357 </description>
7358 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, corona, corona virus, covid-19, foldingathome, folding at home, wireguard, vpn, opnsense, nomadbsd, ghostbsd, furybsd, xfce, kde, pf, pf-badhost </itunes:keywords>
7359 <content:encoded>
7360 <![CDATA[<p>Fighting the Coronavirus with FreeBSD, Wireguard VPN Howto in OPNsense, NomadBSD 1.3.1 available, fresh GhostBSD 20.02, New FuryBSD XFCE and KDE images, pf-badhost 0.3 released, and more.</p>
7361
7362 <h2>Headlines</h2>
7363
7364 <h3><a href="https://www.leidinger.net/blog/2020/03/19/fighting-the-coronavirus-with-freebsd-foldinghome/" rel="nofollow">Fighting the Coronavirus with FreeBSD</a></h3>
7365
7366 <blockquote>
7367 <p>Here is a quick HOWTO for those who want to provide some FreeBSD based compute resources to help finding vaccines.</p>
7368
7369 <p>UPDATE 2020-03-22: 0mp@ made a port out of this, it is in “biology/linux-foldingathome”.</p>
7370
7371 <p>Per default it will now pick up some SARS-CoV‑2 (COVID-19) related folding tasks. There are some more config options (e.g. how much of the system resources are used). Please refer to the official Folding@Home site for more information about that. Be also aware that there is a big rise in compute resources donated to Folding@Home, so the pool of available work units may be empty from time to time, but they are working on adding more work units. Be patient.</p>
7372 </blockquote>
7373
7374 <hr>
7375
7376 <h3><a href="https://homenetworkguy.com/how-to/configure-wireguard-opnsense/" rel="nofollow">How to configure the Wireguard VPN in OPNsense</a></h3>
7377
7378 <blockquote>
7379 <p>WireGuard is a modern designed VPN that uses the latest cryptography for stronger security, is very lightweight, and is relatively easy to set up (mostly). I say ‘mostly’ because I found setting up WireGuard in OPNsense to be more difficult than I anticipated. The basic setup of the WireGuard VPN itself was as easy as the authors claim on their website, but I came across a few gotcha's. The gotcha's occur with functionality that is beyond the scope of the WireGuard protocol so I cannot fault them for that. My greatest struggle was configuring WireGuard to function similarly to my OpenVPN server. I want the ability to connect remotely to my home network from my iPhone or iPad, tunnel all traffic through the VPN, have access to certain devices and services on my network, and have the VPN devices use my home's Internet connection.</p>
7380
7381 <p>WireGuard behaves more like a SSH server than a typical VPN server. With WireGuard, devices which have shared their cryptographic keys with each other are able to connect via an encrypted tunnel (like a SSH server configured to use keys instead of passwords). The devices that are connecting to one another are referred to as “peer” devices. When the peer device is an OPNsense router with WireGuard installed, for instance, it can be configured to allow access to various resources on your network. It becomes a tunnel into your network similar to OpenVPN (with the appropriate firewall rules enabled). I will refer to the WireGuard installation on OPNsense as the server rather than a “peer” to make it more clear which device I am configuring unless I am describing the user interface because that is the terminology used interchangeably by WireGuard.</p>
7382
7383 <p>The documentation I found on WireGuard in OPNsense is straightforward and relatively easy to understand, but I had to wrestle with it for a little while to gain a better understanding on how it should be configured. I believe it was partially due to differing end goals – I was trying to achieve something a little different than the authors of other wiki/blog/forum posts. Piecing together various sources of information, I finally ended up with a configuration that met the goals stated above.</p>
7384 </blockquote>
7385
7386 <hr>
7387
7388 <h2>News Roundup</h2>
7389
7390 <h3><a href="https://nomadbsd.org/index.html#1.3.1" rel="nofollow">NomadBSD 1.3.1</a></h3>
7391
7392 <blockquote>
7393 <p>NomadBSD 1.3.1 has recently been made available. NomadBSD is a lightweight and portable FreeBSD distribution, designed to run on live on a USB flash drive, allowing you to plug, test, and play on different hardware. They have also started a forum as of yesterday, where you can ask questions and mingle with the NomadBSD community. Notable changes in 1.3.1 are base system upgraded to FreeBSD 12.1-p2. automatic network interface setup improved, image size increased to over 4GB, Thunderbird, Zeroconf, and some more listed below.</p>
7394 </blockquote>
7395
7396 <hr>
7397
7398 <h3><a href="https://ghostbsd.org/20.02_release_announcement" rel="nofollow">GhostBSD 20.02</a></h3>
7399
7400 <blockquote>
7401 <p>Eric Turgeon, main developer of GhostBSD, has announced version 20.02 of the FreeBSD based operating system. Notable changes are ZFS partition into the custom partition editor installer, allowing you to install alongside with Windows, Linux, or macOS. Other changes are force upgrade all packages on system upgrade, improved update station, and powerd by default for laptop battery performance.</p>
7402 </blockquote>
7403
7404 <hr>
7405
7406 <h3><a href="https://www.furybsd.org/new-furybsd-12-1-based-images-are-available-for-xfce-and-kde/" rel="nofollow">New FuryBSD XFCE and KDE images</a></h3>
7407
7408 <blockquote>
7409 <p>This new release is now based on FreeBSD 12.1 with the latest FreeBSD quarterly packages. This brings XFCE up to 4.14, and KDE up to 5.17. In addition to updates this new ISO mostly addresses community bugs, community enhancement requests, and community pull requests. Due to the overwhelming amount of reports with GitHub hosting all new releases are now being pushed to SourceForge only for the time being. Previous releases will still be kept for archive purposes.</p>
7410 </blockquote>
7411
7412 <hr>
7413
7414 <h3><a href="https://www.geoghegan.ca/pfbadhost.html" rel="nofollow">pf-badhost 0.3 Released</a></h3>
7415
7416 <blockquote>
7417 <p>pf-badhost is a simple, easy to use badhost blocker that uses the power of the pf firewall to block many of the internet's biggest irritants. Annoyances such as SSH and SMTP bruteforcers are largely eliminated. Shodan scans and bots looking for webservers to abuse are stopped dead in their tracks. When used to filter outbound traffic, pf-badhost blocks many seedy, spooky malware containing and/or compromised webhosts.</p>
7418 </blockquote>
7419
7420 <hr>
7421
7422 <h2>Beastie Bits</h2>
7423
7424 <ul>
7425 <li><a href="https://www.dragonflydigest.com/2020/03/23/24324.html" rel="nofollow">DragonFly i915 drm update</a></li>
7426 <li><a href="http://blog.snailtext.com/posts/cshell-is-punk-rock.html" rel="nofollow">CShell is punk rock</a></li>
7427 <li><a href="https://minnie.tuhs.org/pipermail/tuhs/2020-March/020664.html" rel="nofollow">The most surprising Unix programs</a></li>
7428 </ul>
7429
7430 <hr>
7431
7432 <h2>Feedback/Questions</h2>
7433
7434 <ul>
7435 <li>Master One - <a href="http://dpaste.com/102HKF5#wrap" rel="nofollow">Torn between OpenBSD and FreeBSD</a></li>
7436 <li>Brad - <a href="http://dpaste.com/1VXQA2Y#wrap" rel="nofollow">Follow up to Linus ZFS story</a></li>
7437 <li>Filipe Carvalho - <a href="http://dpaste.com/2H7S8YP" rel="nofollow">Call for Portuguese BSD User Groups</a></li>
7438 </ul>
7439
7440 <hr>
7441
7442 <ul>
7443 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
7444 </ul>
7445
7446 <hr>
7447
7448 <video controls preload="metadata" style=" width:426px; height:240px;">
7449 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0343.mp4" type="video/mp4">
7450 Your browser does not support the HTML5 video tag.
7451 </video>]]>
7452 </content:encoded>
7453 <itunes:summary>
7454 <![CDATA[<p>Fighting the Coronavirus with FreeBSD, Wireguard VPN Howto in OPNsense, NomadBSD 1.3.1 available, fresh GhostBSD 20.02, New FuryBSD XFCE and KDE images, pf-badhost 0.3 released, and more.</p>
7455
7456 <h2>Headlines</h2>
7457
7458 <h3><a href="https://www.leidinger.net/blog/2020/03/19/fighting-the-coronavirus-with-freebsd-foldinghome/" rel="nofollow">Fighting the Coronavirus with FreeBSD</a></h3>
7459
7460 <blockquote>
7461 <p>Here is a quick HOWTO for those who want to provide some FreeBSD based compute resources to help finding vaccines.</p>
7462
7463 <p>UPDATE 2020-03-22: 0mp@ made a port out of this, it is in “biology/linux-foldingathome”.</p>
7464
7465 <p>Per default it will now pick up some SARS-CoV‑2 (COVID-19) related folding tasks. There are some more config options (e.g. how much of the system resources are used). Please refer to the official Folding@Home site for more information about that. Be also aware that there is a big rise in compute resources donated to Folding@Home, so the pool of available work units may be empty from time to time, but they are working on adding more work units. Be patient.</p>
7466 </blockquote>
7467
7468 <hr>
7469
7470 <h3><a href="https://homenetworkguy.com/how-to/configure-wireguard-opnsense/" rel="nofollow">How to configure the Wireguard VPN in OPNsense</a></h3>
7471
7472 <blockquote>
7473 <p>WireGuard is a modern designed VPN that uses the latest cryptography for stronger security, is very lightweight, and is relatively easy to set up (mostly). I say ‘mostly’ because I found setting up WireGuard in OPNsense to be more difficult than I anticipated. The basic setup of the WireGuard VPN itself was as easy as the authors claim on their website, but I came across a few gotcha's. The gotcha's occur with functionality that is beyond the scope of the WireGuard protocol so I cannot fault them for that. My greatest struggle was configuring WireGuard to function similarly to my OpenVPN server. I want the ability to connect remotely to my home network from my iPhone or iPad, tunnel all traffic through the VPN, have access to certain devices and services on my network, and have the VPN devices use my home's Internet connection.</p>
7474
7475 <p>WireGuard behaves more like a SSH server than a typical VPN server. With WireGuard, devices which have shared their cryptographic keys with each other are able to connect via an encrypted tunnel (like a SSH server configured to use keys instead of passwords). The devices that are connecting to one another are referred to as “peer” devices. When the peer device is an OPNsense router with WireGuard installed, for instance, it can be configured to allow access to various resources on your network. It becomes a tunnel into your network similar to OpenVPN (with the appropriate firewall rules enabled). I will refer to the WireGuard installation on OPNsense as the server rather than a “peer” to make it more clear which device I am configuring unless I am describing the user interface because that is the terminology used interchangeably by WireGuard.</p>
7476
7477 <p>The documentation I found on WireGuard in OPNsense is straightforward and relatively easy to understand, but I had to wrestle with it for a little while to gain a better understanding on how it should be configured. I believe it was partially due to differing end goals – I was trying to achieve something a little different than the authors of other wiki/blog/forum posts. Piecing together various sources of information, I finally ended up with a configuration that met the goals stated above.</p>
7478 </blockquote>
7479
7480 <hr>
7481
7482 <h2>News Roundup</h2>
7483
7484 <h3><a href="https://nomadbsd.org/index.html#1.3.1" rel="nofollow">NomadBSD 1.3.1</a></h3>
7485
7486 <blockquote>
7487 <p>NomadBSD 1.3.1 has recently been made available. NomadBSD is a lightweight and portable FreeBSD distribution, designed to run on live on a USB flash drive, allowing you to plug, test, and play on different hardware. They have also started a forum as of yesterday, where you can ask questions and mingle with the NomadBSD community. Notable changes in 1.3.1 are base system upgraded to FreeBSD 12.1-p2. automatic network interface setup improved, image size increased to over 4GB, Thunderbird, Zeroconf, and some more listed below.</p>
7488 </blockquote>
7489
7490 <hr>
7491
7492 <h3><a href="https://ghostbsd.org/20.02_release_announcement" rel="nofollow">GhostBSD 20.02</a></h3>
7493
7494 <blockquote>
7495 <p>Eric Turgeon, main developer of GhostBSD, has announced version 20.02 of the FreeBSD based operating system. Notable changes are ZFS partition into the custom partition editor installer, allowing you to install alongside with Windows, Linux, or macOS. Other changes are force upgrade all packages on system upgrade, improved update station, and powerd by default for laptop battery performance.</p>
7496 </blockquote>
7497
7498 <hr>
7499
7500 <h3><a href="https://www.furybsd.org/new-furybsd-12-1-based-images-are-available-for-xfce-and-kde/" rel="nofollow">New FuryBSD XFCE and KDE images</a></h3>
7501
7502 <blockquote>
7503 <p>This new release is now based on FreeBSD 12.1 with the latest FreeBSD quarterly packages. This brings XFCE up to 4.14, and KDE up to 5.17. In addition to updates this new ISO mostly addresses community bugs, community enhancement requests, and community pull requests. Due to the overwhelming amount of reports with GitHub hosting all new releases are now being pushed to SourceForge only for the time being. Previous releases will still be kept for archive purposes.</p>
7504 </blockquote>
7505
7506 <hr>
7507
7508 <h3><a href="https://www.geoghegan.ca/pfbadhost.html" rel="nofollow">pf-badhost 0.3 Released</a></h3>
7509
7510 <blockquote>
7511 <p>pf-badhost is a simple, easy to use badhost blocker that uses the power of the pf firewall to block many of the internet's biggest irritants. Annoyances such as SSH and SMTP bruteforcers are largely eliminated. Shodan scans and bots looking for webservers to abuse are stopped dead in their tracks. When used to filter outbound traffic, pf-badhost blocks many seedy, spooky malware containing and/or compromised webhosts.</p>
7512 </blockquote>
7513
7514 <hr>
7515
7516 <h2>Beastie Bits</h2>
7517
7518 <ul>
7519 <li><a href="https://www.dragonflydigest.com/2020/03/23/24324.html" rel="nofollow">DragonFly i915 drm update</a></li>
7520 <li><a href="http://blog.snailtext.com/posts/cshell-is-punk-rock.html" rel="nofollow">CShell is punk rock</a></li>
7521 <li><a href="https://minnie.tuhs.org/pipermail/tuhs/2020-March/020664.html" rel="nofollow">The most surprising Unix programs</a></li>
7522 </ul>
7523
7524 <hr>
7525
7526 <h2>Feedback/Questions</h2>
7527
7528 <ul>
7529 <li>Master One - <a href="http://dpaste.com/102HKF5#wrap" rel="nofollow">Torn between OpenBSD and FreeBSD</a></li>
7530 <li>Brad - <a href="http://dpaste.com/1VXQA2Y#wrap" rel="nofollow">Follow up to Linus ZFS story</a></li>
7531 <li>Filipe Carvalho - <a href="http://dpaste.com/2H7S8YP" rel="nofollow">Call for Portuguese BSD User Groups</a></li>
7532 </ul>
7533
7534 <hr>
7535
7536 <ul>
7537 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
7538 </ul>
7539
7540 <hr>
7541
7542 <video controls preload="metadata" style=" width:426px; height:240px;">
7543 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0343.mp4" type="video/mp4">
7544 Your browser does not support the HTML5 video tag.
7545 </video>]]>
7546 </itunes:summary>
7547 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+TJd9WRjN</fireside:playerURL>
7548 <fireside:playerEmbedCode>
7549 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+TJd9WRjN" width="740" height="200" frameborder="0" scrolling="no">]]>
7550 </fireside:playerEmbedCode>
7551 </item>
7552 <item>
7553 <title>342: Layout the DVA</title>
7554 <link>https://www.bsdnow.tv/342</link>
7555 <guid isPermaLink="false">d6b1fa91-dcee-41e7-9e1c-b0f240d34ea0</guid>
7556 <pubDate>Thu, 19 Mar 2020 05:00:00 -0700</pubDate>
7557 <author>Allan Jude</author>
7558 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/d6b1fa91-dcee-41e7-9e1c-b0f240d34ea0.mp3" length="34437665" type="audio/mp3"/>
7559 <itunes:episodeType>full</itunes:episodeType>
7560 <itunes:author>Allan Jude</itunes:author>
7561 <itunes:subtitle>OpenBSD Full disk encryption with coreboot and tianocore, FreeBSD 12.0 EOL, ZFS DVA layout, OpenBSD’s Go situation, AD updates requires changes in TrueNAS and FreeNAS, full name of FreeBSD’s root account, and more.</itunes:subtitle>
7562 <itunes:duration>47:49</itunes:duration>
7563 <itunes:explicit>no</itunes:explicit>
7564 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
7565 <description>OpenBSD Full disk encryption with coreboot and tianocore, FreeBSD 12.0 EOL, ZFS DVA layout, OpenBSD’s Go situation, AD updates requires changes in TrueNAS and FreeNAS, full name of FreeBSD’s root account, and more.
7566 Headlines
7567 OpenBSD Full Disk Encryption with CoreBoot and Tianocore Payload (https://functionallyparanoid.com/2020/03/07/openbsd-full-disk-encryption-with-coreboot-and-tianocore-payload/)
7568 It has been a while since I have posted here so I wanted to share something that was surprisingly difficult for me to figure out. I have a Thinkpad T440p that I have flashed with Coreboot 4.11 with some special patches that allow the newer machine to work. When I got the laptop, the default BIOS was UEFI and I installed two operating systems.
7569 Windows 10 with bitlocker full disk encryption on the “normal” drive (I replaced the spinning 2.5″ disk with an SSD)
7570 Ubuntu 19.10 on the m.2 SATA drive that I installed using LUKS full disk encryption
7571 I purchased one of those carriers for the optical bay that allows you to install a third SSD and so I did that with the intent of putting OpenBSD on it. Since my other two operating systems were running full disk encryption, I wanted to do the same on OpenBSD.
7572 See article for rest of story
7573 FreeBSD 12.0 EOL (https://lists.freebsd.org/pipermail/freebsd-announce/2020-February/001930.html)
7574 Dear FreeBSD community,
7575 As of February 29, 2020, FreeBSD 12.0 will reach end-of-life and will no longer be supported by the FreeBSD Security Team. Users of FreeBSD 12.0 are strongly encouraged to upgrade to a newer release as soon as possible.
7576 12.1 Active release (https://www.freebsd.org/releases/12.1R/announce.html)
7577 12.2 Release Schedule (https://www.freebsd.org/releases/12.2R/schedule.html)
7578 News Roundup
7579 Some effects of the ZFS DVA format on data layout and growing ZFS pools (https://utcc.utoronto.ca/~cks/space/blog/solaris/ZFSDVAFormatAndGrowth)
7580 One piece of ZFS terminology is DVA and DVAs, which is short for Data Virtual Address. For ZFS, a DVA is the equivalent of a block number in other filesystems; it tells ZFS where to find whatever data we're talking about. The short summary of what fields DVAs have and what they mean is that DVAs tell us how to find blocks by giving us their vdev (by number) and their byte offset into that particular vdev (and then their size). A typical DVA might say that you find what it's talking about on vdev 0 at byte offset 0x53a40ed000. There are some consequences of this that I hadn't really thought about until the other day.
7581 Right away we can see why ZFS has a problem removing a vdev; the vdev's number is burned into every DVA that refers to data on it. If there's no vdev 0 in the pool, ZFS has no idea where to even start looking for data because all addressing is relative to the vdev. ZFS pool shrinking gets around this by adding a translation layer that says where to find the portions of vdev 0 that you care about after it's been removed.
7582 Warning! Active Directory Security Changes Require TrueNAS and FreeNAS Updates. (https://www.ixsystems.com/blog/active-directory-truenas-and-freenas/)
7583 Critical Information for Current FreeNAS and TrueNAS Users
7584 Microsoft is changing the security defaults for Active Directory to eliminate some security vulnerabilities in its protocols. Unfortunately, these new security defaults may disrupt existing FreeNAS/TrueNAS deployments once Windows systems are updated. The Windows updates may appear sometime in March 2020; no official date has been announced as of yet.
7585 FreeNAS and TrueNAS users that utilize Active Directory should update to version 11.3 (or 11.2-U8) to avoid potential disruption of their networks when updating to the latest versions of Windows software after March 1, 2020. Version 11.3 has been released and version 11.2-U8 will be available in early March.
7586 Full name of the FreeBSD Root Account (https://www.geeklan.co.uk/?p=2457)
7587 NetBSD now has a users(7) and groups(7) manual. Looking into what entries existed in the passwd and group files I wondered about root’s full name who we now know as Charlie Root in the BSDs....
7588 OpenBSD Go Situation (https://utcc.utoronto.ca/~cks/space/blog/programming/GoOpenBSDSituation)
7589 Over in the fediverse, Pete Zaitcev had a reaction to my entry on OpenBSD versus Prometheus for us:
7590 I don't think the situation is usually that bad. Our situation with Prometheus is basically a worst case scenario for Go on OpenBSD, and most people will have much better results, especially if you stick to supported OpenBSD versions.
7591 If you stick to supported OpenBSD versions, upgrading your machines as older OpenBSD releases fall out of support (as the OpenBSD people want you to do), you should not have any problems with your own Go programs. The latest Go release will support the currently supported OpenBSD versions (as long as OpenBSD remains a supported platform for Go), and the Go 1.0 compatibility guarantee means that you can always rebuild your current Go programs with newer versions of Go. You might have problems with compiled binaries that you don't want to rebuild, but my understanding is that this is the case for OpenBSD in general; it doesn't guarantee a stable ABI even for C programs (cf). If you use OpenBSD, you have to be prepared to rebuild your code after OpenBSD upgrades regardless of what language it's written in.
7592 Beastie Bits
7593 Test your TOR (http://lists.nycbug.org/pipermail/talk/2020-February/018174.html)
7594 OPNsense 20.1.1 released (https://opnsense.org/opnsense-20-1-1-released/)
7595 pkg for FreeBSD 1.13 (https://svnweb.freebsd.org/ports?view=revision&revision=525794)
7596 Feedback/Questions
7597 Bostjan writes in about Wireguard (http://dpaste.com/3WKG09D#wrap)
7598 Charlie has a followup to wpa_supplicant as lower class citizen (http://dpaste.com/0DDN99Q#wrap)
7599 Lars writes about LibreSSL as a positive example (http://dpaste.com/1N12HFB#wrap)
7600 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
7601 <video controls preload="metadata" style=" width:426px; height:240px;">
7602 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0342.mp4" type="video/mp4">
7603 Your browser does not support the HTML5 video tag.
7604 </video>
7605 </description>
7606 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, full disk encryption, crypto, coreboot, tianocore, payload, end of life, zfs, openzfs, dva, dva layout, pool, zpool, go, active directory, root account, root</itunes:keywords>
7607 <content:encoded>
7608 <![CDATA[<p>OpenBSD Full disk encryption with coreboot and tianocore, FreeBSD 12.0 EOL, ZFS DVA layout, OpenBSD’s Go situation, AD updates requires changes in TrueNAS and FreeNAS, full name of FreeBSD’s root account, and more.</p>
7609
7610 <h2>Headlines</h2>
7611
7612 <h3><a href="https://functionallyparanoid.com/2020/03/07/openbsd-full-disk-encryption-with-coreboot-and-tianocore-payload/" rel="nofollow">OpenBSD Full Disk Encryption with CoreBoot and Tianocore Payload</a></h3>
7613
7614 <blockquote>
7615 <p>It has been a while since I have posted here so I wanted to share something that was surprisingly difficult for me to figure out. I have a Thinkpad T440p that I have flashed with Coreboot 4.11 with some special patches that allow the newer machine to work. When I got the laptop, the default BIOS was UEFI and I installed two operating systems.</p>
7616
7617 <p>Windows 10 with bitlocker full disk encryption on the “normal” drive (I replaced the spinning 2.5″ disk with an SSD)</p>
7618
7619 <p>Ubuntu 19.10 on the m.2 SATA drive that I installed using LUKS full disk encryption</p>
7620
7621 <p>I purchased one of those carriers for the optical bay that allows you to install a third SSD and so I did that with the intent of putting OpenBSD on it. Since my other two operating systems were running full disk encryption, I wanted to do the same on OpenBSD.</p>
7622 </blockquote>
7623
7624 <ul>
7625 <li>See article for rest of story</li>
7626 </ul>
7627
7628 <hr>
7629
7630 <h3><a href="https://lists.freebsd.org/pipermail/freebsd-announce/2020-February/001930.html" rel="nofollow">FreeBSD 12.0 EOL</a></h3>
7631
7632 <blockquote>
7633 <p>Dear FreeBSD community,</p>
7634
7635 <p>As of February 29, 2020, FreeBSD 12.0 will reach end-of-life and will no longer be supported by the FreeBSD Security Team. Users of FreeBSD 12.0 are strongly encouraged to upgrade to a newer release as soon as possible.</p>
7636 </blockquote>
7637
7638 <ul>
7639 <li><a href="https://www.freebsd.org/releases/12.1R/announce.html" rel="nofollow">12.1 Active release</a></li>
7640 <li><a href="https://www.freebsd.org/releases/12.2R/schedule.html" rel="nofollow">12.2 Release Schedule</a></li>
7641 </ul>
7642
7643 <hr>
7644
7645 <h2>News Roundup</h2>
7646
7647 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/solaris/ZFSDVAFormatAndGrowth" rel="nofollow">Some effects of the ZFS DVA format on data layout and growing ZFS pools</a></h3>
7648
7649 <blockquote>
7650 <p>One piece of ZFS terminology is DVA and DVAs, which is short for Data Virtual Address. For ZFS, a DVA is the equivalent of a block number in other filesystems; it tells ZFS where to find whatever data we're talking about. The short summary of what fields DVAs have and what they mean is that DVAs tell us how to find blocks by giving us their vdev (by number) and their byte offset into that particular vdev (and then their size). A typical DVA might say that you find what it's talking about on vdev 0 at byte offset 0x53a40ed000. There are some consequences of this that I hadn't really thought about until the other day.</p>
7651
7652 <p>Right away we can see why ZFS has a problem removing a vdev; the vdev's number is burned into every DVA that refers to data on it. If there's no vdev 0 in the pool, ZFS has no idea where to even start looking for data because all addressing is relative to the vdev. ZFS pool shrinking gets around this by adding a translation layer that says where to find the portions of vdev 0 that you care about after it's been removed.</p>
7653 </blockquote>
7654
7655 <hr>
7656
7657 <h3><a href="https://www.ixsystems.com/blog/active-directory-truenas-and-freenas/" rel="nofollow">Warning! Active Directory Security Changes Require TrueNAS and FreeNAS Updates.</a></h3>
7658
7659 <ul>
7660 <li>Critical Information for Current FreeNAS and TrueNAS Users</li>
7661 </ul>
7662
7663 <blockquote>
7664 <p>Microsoft is changing the security defaults for Active Directory to eliminate some security vulnerabilities in its protocols. Unfortunately, these new security defaults may disrupt existing FreeNAS/TrueNAS deployments once Windows systems are updated. The Windows updates may appear sometime in March 2020; no official date has been announced as of yet.</p>
7665
7666 <p>FreeNAS and TrueNAS users that utilize Active Directory should update to version 11.3 (or 11.2-U8) to avoid potential disruption of their networks when updating to the latest versions of Windows software after March 1, 2020. Version 11.3 has been released and version 11.2-U8 will be available in early March.</p>
7667 </blockquote>
7668
7669 <hr>
7670
7671 <h3><a href="https://www.geeklan.co.uk/?p=2457" rel="nofollow">Full name of the FreeBSD Root Account</a></h3>
7672
7673 <blockquote>
7674 <p>NetBSD now has a users(7) and groups(7) manual. Looking into what entries existed in the passwd and group files I wondered about root’s full name who we now know as Charlie Root in the BSDs....</p>
7675 </blockquote>
7676
7677 <hr>
7678
7679 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/programming/GoOpenBSDSituation" rel="nofollow">OpenBSD Go Situation</a></h3>
7680
7681 <blockquote>
7682 <p>Over in the fediverse, Pete Zaitcev had a reaction to my entry on OpenBSD versus Prometheus for us:</p>
7683
7684 <p>I don't think the situation is usually that bad. Our situation with Prometheus is basically a worst case scenario for Go on OpenBSD, and most people will have much better results, especially if you stick to supported OpenBSD versions.</p>
7685
7686 <p>If you stick to supported OpenBSD versions, upgrading your machines as older OpenBSD releases fall out of support (as the OpenBSD people want you to do), you should not have any problems with your own Go programs. The latest Go release will support the currently supported OpenBSD versions (as long as OpenBSD remains a supported platform for Go), and the Go 1.0 compatibility guarantee means that you can always rebuild your current Go programs with newer versions of Go. You might have problems with compiled binaries that you don't want to rebuild, but my understanding is that this is the case for OpenBSD in general; it doesn't guarantee a stable ABI even for C programs (cf). If you use OpenBSD, you have to be prepared to rebuild your code after OpenBSD upgrades regardless of what language it's written in.</p>
7687 </blockquote>
7688
7689 <hr>
7690
7691 <h2>Beastie Bits</h2>
7692
7693 <ul>
7694 <li><a href="http://lists.nycbug.org/pipermail/talk/2020-February/018174.html" rel="nofollow">Test your TOR</a></li>
7695 <li><a href="https://opnsense.org/opnsense-20-1-1-released/" rel="nofollow">OPNsense 20.1.1 released</a></li>
7696 <li><a href="https://svnweb.freebsd.org/ports?view=revision&revision=525794" rel="nofollow">pkg for FreeBSD 1.13</a></li>
7697 </ul>
7698
7699 <hr>
7700
7701 <h2>Feedback/Questions</h2>
7702
7703 <ul>
7704 <li><a href="http://dpaste.com/3WKG09D#wrap" rel="nofollow">Bostjan writes in about Wireguard</a></li>
7705 <li><a href="http://dpaste.com/0DDN99Q#wrap" rel="nofollow">Charlie has a followup to wpa_supplicant as lower class citizen</a></li>
7706 <li><a href="http://dpaste.com/1N12HFB#wrap" rel="nofollow">Lars writes about LibreSSL as a positive example</a></li>
7707 </ul>
7708
7709 <hr>
7710
7711 <ul>
7712 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
7713 </ul>
7714
7715 <hr>
7716
7717 <video controls preload="metadata" style=" width:426px; height:240px;">
7718 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0342.mp4" type="video/mp4">
7719 Your browser does not support the HTML5 video tag.
7720 </video>]]>
7721 </content:encoded>
7722 <itunes:summary>
7723 <![CDATA[<p>OpenBSD Full disk encryption with coreboot and tianocore, FreeBSD 12.0 EOL, ZFS DVA layout, OpenBSD’s Go situation, AD updates requires changes in TrueNAS and FreeNAS, full name of FreeBSD’s root account, and more.</p>
7724
7725 <h2>Headlines</h2>
7726
7727 <h3><a href="https://functionallyparanoid.com/2020/03/07/openbsd-full-disk-encryption-with-coreboot-and-tianocore-payload/" rel="nofollow">OpenBSD Full Disk Encryption with CoreBoot and Tianocore Payload</a></h3>
7728
7729 <blockquote>
7730 <p>It has been a while since I have posted here so I wanted to share something that was surprisingly difficult for me to figure out. I have a Thinkpad T440p that I have flashed with Coreboot 4.11 with some special patches that allow the newer machine to work. When I got the laptop, the default BIOS was UEFI and I installed two operating systems.</p>
7731
7732 <p>Windows 10 with bitlocker full disk encryption on the “normal” drive (I replaced the spinning 2.5″ disk with an SSD)</p>
7733
7734 <p>Ubuntu 19.10 on the m.2 SATA drive that I installed using LUKS full disk encryption</p>
7735
7736 <p>I purchased one of those carriers for the optical bay that allows you to install a third SSD and so I did that with the intent of putting OpenBSD on it. Since my other two operating systems were running full disk encryption, I wanted to do the same on OpenBSD.</p>
7737 </blockquote>
7738
7739 <ul>
7740 <li>See article for rest of story</li>
7741 </ul>
7742
7743 <hr>
7744
7745 <h3><a href="https://lists.freebsd.org/pipermail/freebsd-announce/2020-February/001930.html" rel="nofollow">FreeBSD 12.0 EOL</a></h3>
7746
7747 <blockquote>
7748 <p>Dear FreeBSD community,</p>
7749
7750 <p>As of February 29, 2020, FreeBSD 12.0 will reach end-of-life and will no longer be supported by the FreeBSD Security Team. Users of FreeBSD 12.0 are strongly encouraged to upgrade to a newer release as soon as possible.</p>
7751 </blockquote>
7752
7753 <ul>
7754 <li><a href="https://www.freebsd.org/releases/12.1R/announce.html" rel="nofollow">12.1 Active release</a></li>
7755 <li><a href="https://www.freebsd.org/releases/12.2R/schedule.html" rel="nofollow">12.2 Release Schedule</a></li>
7756 </ul>
7757
7758 <hr>
7759
7760 <h2>News Roundup</h2>
7761
7762 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/solaris/ZFSDVAFormatAndGrowth" rel="nofollow">Some effects of the ZFS DVA format on data layout and growing ZFS pools</a></h3>
7763
7764 <blockquote>
7765 <p>One piece of ZFS terminology is DVA and DVAs, which is short for Data Virtual Address. For ZFS, a DVA is the equivalent of a block number in other filesystems; it tells ZFS where to find whatever data we're talking about. The short summary of what fields DVAs have and what they mean is that DVAs tell us how to find blocks by giving us their vdev (by number) and their byte offset into that particular vdev (and then their size). A typical DVA might say that you find what it's talking about on vdev 0 at byte offset 0x53a40ed000. There are some consequences of this that I hadn't really thought about until the other day.</p>
7766
7767 <p>Right away we can see why ZFS has a problem removing a vdev; the vdev's number is burned into every DVA that refers to data on it. If there's no vdev 0 in the pool, ZFS has no idea where to even start looking for data because all addressing is relative to the vdev. ZFS pool shrinking gets around this by adding a translation layer that says where to find the portions of vdev 0 that you care about after it's been removed.</p>
7768 </blockquote>
7769
7770 <hr>
7771
7772 <h3><a href="https://www.ixsystems.com/blog/active-directory-truenas-and-freenas/" rel="nofollow">Warning! Active Directory Security Changes Require TrueNAS and FreeNAS Updates.</a></h3>
7773
7774 <ul>
7775 <li>Critical Information for Current FreeNAS and TrueNAS Users</li>
7776 </ul>
7777
7778 <blockquote>
7779 <p>Microsoft is changing the security defaults for Active Directory to eliminate some security vulnerabilities in its protocols. Unfortunately, these new security defaults may disrupt existing FreeNAS/TrueNAS deployments once Windows systems are updated. The Windows updates may appear sometime in March 2020; no official date has been announced as of yet.</p>
7780
7781 <p>FreeNAS and TrueNAS users that utilize Active Directory should update to version 11.3 (or 11.2-U8) to avoid potential disruption of their networks when updating to the latest versions of Windows software after March 1, 2020. Version 11.3 has been released and version 11.2-U8 will be available in early March.</p>
7782 </blockquote>
7783
7784 <hr>
7785
7786 <h3><a href="https://www.geeklan.co.uk/?p=2457" rel="nofollow">Full name of the FreeBSD Root Account</a></h3>
7787
7788 <blockquote>
7789 <p>NetBSD now has a users(7) and groups(7) manual. Looking into what entries existed in the passwd and group files I wondered about root’s full name who we now know as Charlie Root in the BSDs....</p>
7790 </blockquote>
7791
7792 <hr>
7793
7794 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/programming/GoOpenBSDSituation" rel="nofollow">OpenBSD Go Situation</a></h3>
7795
7796 <blockquote>
7797 <p>Over in the fediverse, Pete Zaitcev had a reaction to my entry on OpenBSD versus Prometheus for us:</p>
7798
7799 <p>I don't think the situation is usually that bad. Our situation with Prometheus is basically a worst case scenario for Go on OpenBSD, and most people will have much better results, especially if you stick to supported OpenBSD versions.</p>
7800
7801 <p>If you stick to supported OpenBSD versions, upgrading your machines as older OpenBSD releases fall out of support (as the OpenBSD people want you to do), you should not have any problems with your own Go programs. The latest Go release will support the currently supported OpenBSD versions (as long as OpenBSD remains a supported platform for Go), and the Go 1.0 compatibility guarantee means that you can always rebuild your current Go programs with newer versions of Go. You might have problems with compiled binaries that you don't want to rebuild, but my understanding is that this is the case for OpenBSD in general; it doesn't guarantee a stable ABI even for C programs (cf). If you use OpenBSD, you have to be prepared to rebuild your code after OpenBSD upgrades regardless of what language it's written in.</p>
7802 </blockquote>
7803
7804 <hr>
7805
7806 <h2>Beastie Bits</h2>
7807
7808 <ul>
7809 <li><a href="http://lists.nycbug.org/pipermail/talk/2020-February/018174.html" rel="nofollow">Test your TOR</a></li>
7810 <li><a href="https://opnsense.org/opnsense-20-1-1-released/" rel="nofollow">OPNsense 20.1.1 released</a></li>
7811 <li><a href="https://svnweb.freebsd.org/ports?view=revision&revision=525794" rel="nofollow">pkg for FreeBSD 1.13</a></li>
7812 </ul>
7813
7814 <hr>
7815
7816 <h2>Feedback/Questions</h2>
7817
7818 <ul>
7819 <li><a href="http://dpaste.com/3WKG09D#wrap" rel="nofollow">Bostjan writes in about Wireguard</a></li>
7820 <li><a href="http://dpaste.com/0DDN99Q#wrap" rel="nofollow">Charlie has a followup to wpa_supplicant as lower class citizen</a></li>
7821 <li><a href="http://dpaste.com/1N12HFB#wrap" rel="nofollow">Lars writes about LibreSSL as a positive example</a></li>
7822 </ul>
7823
7824 <hr>
7825
7826 <ul>
7827 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
7828 </ul>
7829
7830 <hr>
7831
7832 <video controls preload="metadata" style=" width:426px; height:240px;">
7833 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0342.mp4" type="video/mp4">
7834 Your browser does not support the HTML5 video tag.
7835 </video>]]>
7836 </itunes:summary>
7837 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+VrbVWRDp</fireside:playerURL>
7838 <fireside:playerEmbedCode>
7839 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+VrbVWRDp" width="740" height="200" frameborder="0" scrolling="no">]]>
7840 </fireside:playerEmbedCode>
7841 </item>
7842 <item>
7843 <title>341: U-NAS-ification</title>
7844 <link>https://www.bsdnow.tv/341</link>
7845 <guid isPermaLink="false">28217a13-b389-4ab7-bc99-8a6f5d61e5b5</guid>
7846 <pubDate>Thu, 12 Mar 2020 05:00:00 -0700</pubDate>
7847 <author>Allan Jude</author>
7848 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/28217a13-b389-4ab7-bc99-8a6f5d61e5b5.mp3" length="36740725" type="audio/mp3"/>
7849 <itunes:episodeType>full</itunes:episodeType>
7850 <itunes:author>Allan Jude</itunes:author>
7851 <itunes:subtitle>FreeBSD on Power, DragonflyBSD 5.8 is here, Unifying FreeNAS/TrueNAS, OpenBSD vs. Prometheus and Go, gcc 4.2.1 removed from FreeBSD base, and more.</itunes:subtitle>
7852 <itunes:duration>51:01</itunes:duration>
7853 <itunes:explicit>no</itunes:explicit>
7854 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
7855 <description>FreeBSD on Power, DragonflyBSD 5.8 is here, Unifying FreeNAS/TrueNAS, OpenBSD vs. Prometheus and Go, gcc 4.2.1 removed from FreeBSD base, and more.
7856 Headlines
7857 FreeBSD on Power (https://www.freebsdfoundation.org/blog/power-to-the-people-making-freebsd-a-first-class-citizen-on-power/)
7858 The power and promise of all open source software is freedom. Another way to express freedom is choice — choice of platforms, deployment models, stacks, configurations, etc.
7859 The FreeBSD Foundation is dedicated to supporting and promoting the FreeBSD Project and community worldwide. But, what does this mean, exactly, you may wonder. The truth is it means many different things, but in all cases the Foundation acts to expand freedom and choice so that FreeBSD users have the power to serve their varied compute needs.
7860 This blog tells the story of one specific way the Foundation helps a member of the community provide greater hardware choice for all FreeBSD users.
7861 Dragonfly 5.8 (https://www.dragonflybsd.org/release58/)
7862 DragonFly version 5.8 brings a new dsynth utility for building your own binary dports packages, plus significant support work to speed up that build - up to and including the entire collection. Additional progress has been made on GPU and signal support.
7863 The details of all commits between the 5.6 and 5.8 branches are available in the associated commit messages for 5.8.0rc1 and 5.8.0. Also see /usr/src/UPDATING for specific file changes in PAM.
7864 See article for rest of information
7865 2nd HamBUG meeting recap (https://www.hambug.ca/)
7866 The second meeting of the Hamilton BSD Users Group took place last night
7867 The next meeting is scheduled for the 2nd Tuesday of the month, April 14th 2020
7868 News Roundup
7869 FreeNAS/TrueNAS Brand Unification (https://www.ixsystems.com/blog/freenas-truenas-unification/)
7870 FreeNAS and TrueNAS have been separate-but-related members of the #1 Open Source storage software family since 2012. FreeNAS is the free Open Source version with an expert community and has led the pursuit of innovations like Plugins and VMs. TrueNAS is the enterprise version for organizations of all sizes that need additional uptime and performance, as well as the enterprise-grade support necessary for critical data and applications.
7871 From the beginning at iXsystems, we’ve developed, tested, documented, and released both as separate products, even though the vast majority of code is shared. This was a deliberate technical decision in the beginning but over time became less of a necessity and more of “just how we’ve always done it”. Furthermore, to change it was going to require a serious overhaul to how we build and package both products, among other things, so we continued to kick the can down the road. As we made systematic improvements to development and QA efficiency over the past few years, the redundant release process became almost impossible to ignore as our next major efficiency roadblock to overcome. So, we’ve finally rolled up our sleeves.
7872 With the recent 11.3 release, TrueNAS gained parity with FreeNAS on features like VMs and Plugins, further homogenizing the code. Today, we announce the next phase of evolution for FreeNAS and TrueNAS.
7873 OpenBSD versus Prometheus (and Go). (https://utcc.utoronto.ca/~cks/space/blog/sysadmin/OpenBSDVsPrometheusAndGo)
7874 We have a decent number of OpenBSD machines that do important things (and that have sometimes experienced problems like running out of disk space), and we have a Prometheus based metrics and monitoring system. The Prometheus host agent has enough support for OpenBSD to be able to report on critical metrics, including things like local disk space. Despite all of this, after some investigation I've determined that it's not really sensible to even try to deploy the host agent on our OpenBSD machines. This is due to a combination of factors that have at their root OpenBSD's lack of ABI stability
7875 FreeBSD removed gcc from base (https://svnweb.freebsd.org/base?view=revision&revision=358454)
7876 As described in Warner's email message[1] to the FreeBSD-arch mailing list we have reached GCC 4.2.1's retirement date. At this time all supported architectures either use in-tree Clang, or rely on external toolchain (i.e., a contemporary GCC version from ports).
7877 GCC 4.2.1 was released July 18, 2007 and was imported into FreeBSD later that year, in r171825. GCC has served us well, but version 4.2.1 is obsolete and not used by default on any architecture in FreeBSD. It does not support modern C and does not support arm64 or RISC-V.
7878 Beastie Bits
7879 New Archive location for Dragonfly 4.x (https://www.dragonflydigest.com/2020/03/10/24276.html)
7880 A dead simple git cheat sheet (https://hub.iwebthings.com/a-dead-simple-git-cheatsheet/)
7881 Xorg 1.20.7 on HardenedBSD Comes with IE/RELRO+BIND_NOW/CFI/SafeStack Protections (https://twitter.com/lattera/status/1233412881569415168)
7882 Feedback/Questions
7883 Niclas writes in Regarding the Lenovo E595 user (episode 340) (http://dpaste.com/2YJ6PFW#wrap)
7884 Lyubomir writes about GELI and ZFS (http://dpaste.com/1S0DGT3#wrap)
7885 Peter writes in about scaling FreeBSD jails (http://dpaste.com/2FSZQ8V#wrap)
7886 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
7887 <video controls preload="metadata" style=" width:426px; height:240px;">
7888 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0341.mp4" type="video/mp4">
7889 Your browser does not support the HTML5 video tag.
7890 </video>
7891 </description>
7892 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, Power, Power architecture, freenas, truenas, prometheus, go, gcc</itunes:keywords>
7893 <content:encoded>
7894 <![CDATA[<p>FreeBSD on Power, DragonflyBSD 5.8 is here, Unifying FreeNAS/TrueNAS, OpenBSD vs. Prometheus and Go, gcc 4.2.1 removed from FreeBSD base, and more.</p>
7895
7896 <h2>Headlines</h2>
7897
7898 <h3><a href="https://www.freebsdfoundation.org/blog/power-to-the-people-making-freebsd-a-first-class-citizen-on-power/" rel="nofollow">FreeBSD on Power</a></h3>
7899
7900 <blockquote>
7901 <p>The power and promise of all open source software is freedom. Another way to express freedom is choice — choice of platforms, deployment models, stacks, configurations, etc.</p>
7902
7903 <p>The FreeBSD Foundation is dedicated to supporting and promoting the FreeBSD Project and community worldwide. But, what does this mean, exactly, you may wonder. The truth is it means many different things, but in all cases the Foundation acts to expand freedom and choice so that FreeBSD users have the power to serve their varied compute needs.</p>
7904
7905 <p>This blog tells the story of one specific way the Foundation helps a member of the community provide greater hardware choice for all FreeBSD users.</p>
7906 </blockquote>
7907
7908 <hr>
7909
7910 <h3><a href="https://www.dragonflybsd.org/release58/" rel="nofollow">Dragonfly 5.8</a></h3>
7911
7912 <blockquote>
7913 <p>DragonFly version 5.8 brings a new dsynth utility for building your own binary dports packages, plus significant support work to speed up that build - up to and including the entire collection. Additional progress has been made on GPU and signal support.</p>
7914
7915 <p>The details of all commits between the 5.6 and 5.8 branches are available in the associated commit messages for 5.8.0rc1 and 5.8.0. Also see /usr/src/UPDATING for specific file changes in PAM.</p>
7916 </blockquote>
7917
7918 <ul>
7919 <li>See article for rest of information</li>
7920 </ul>
7921
7922 <hr>
7923
7924 <h3><a href="https://www.hambug.ca/" rel="nofollow">2nd HamBUG meeting recap</a></h3>
7925
7926 <ul>
7927 <li>The second meeting of the Hamilton BSD Users Group took place last night</li>
7928 <li>The next meeting is scheduled for the 2nd Tuesday of the month, April 14th 2020</li>
7929 </ul>
7930
7931 <hr>
7932
7933 <h2>News Roundup</h2>
7934
7935 <h3><a href="https://www.ixsystems.com/blog/freenas-truenas-unification/" rel="nofollow">FreeNAS/TrueNAS Brand Unification</a></h3>
7936
7937 <blockquote>
7938 <p>FreeNAS and TrueNAS have been separate-but-related members of the #1 Open Source storage software family since 2012. FreeNAS is the free Open Source version with an expert community and has led the pursuit of innovations like Plugins and VMs. TrueNAS is the enterprise version for organizations of all sizes that need additional uptime and performance, as well as the enterprise-grade support necessary for critical data and applications. </p>
7939
7940 <p>From the beginning at iXsystems, we’ve developed, tested, documented, and released both as separate products, even though the vast majority of code is shared. This was a deliberate technical decision in the beginning but over time became less of a necessity and more of “just how we’ve always done it”. Furthermore, to change it was going to require a serious overhaul to how we build and package both products, among other things, so we continued to kick the can down the road. As we made systematic improvements to development and QA efficiency over the past few years, the redundant release process became almost impossible to ignore as our next major efficiency roadblock to overcome. So, we’ve finally rolled up our sleeves.</p>
7941
7942 <p>With the recent 11.3 release, TrueNAS gained parity with FreeNAS on features like VMs and Plugins, further homogenizing the code. Today, we announce the next phase of evolution for FreeNAS and TrueNAS. </p>
7943 </blockquote>
7944
7945 <hr>
7946
7947 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/sysadmin/OpenBSDVsPrometheusAndGo" rel="nofollow">OpenBSD versus Prometheus (and Go).</a></h3>
7948
7949 <blockquote>
7950 <p>We have a decent number of OpenBSD machines that do important things (and that have sometimes experienced problems like running out of disk space), and we have a Prometheus based metrics and monitoring system. The Prometheus host agent has enough support for OpenBSD to be able to report on critical metrics, including things like local disk space. Despite all of this, after some investigation I've determined that it's not really sensible to even try to deploy the host agent on our OpenBSD machines. This is due to a combination of factors that have at their root OpenBSD's lack of ABI stability</p>
7951 </blockquote>
7952
7953 <hr>
7954
7955 <h3><a href="https://svnweb.freebsd.org/base?view=revision&revision=358454" rel="nofollow">FreeBSD removed gcc from base</a></h3>
7956
7957 <blockquote>
7958 <p>As described in Warner's email message[1] to the FreeBSD-arch mailing list we have reached GCC 4.2.1's retirement date. At this time all supported architectures either use in-tree Clang, or rely on external toolchain (i.e., a contemporary GCC version from ports).</p>
7959
7960 <p>GCC 4.2.1 was released July 18, 2007 and was imported into FreeBSD later that year, in r171825. GCC has served us well, but version 4.2.1 is obsolete and not used by default on any architecture in FreeBSD. It does not support modern C and does not support arm64 or RISC-V.</p>
7961 </blockquote>
7962
7963 <hr>
7964
7965 <h2>Beastie Bits</h2>
7966
7967 <ul>
7968 <li><a href="https://www.dragonflydigest.com/2020/03/10/24276.html" rel="nofollow">New Archive location for Dragonfly 4.x</a></li>
7969 <li><a href="https://hub.iwebthings.com/a-dead-simple-git-cheatsheet/" rel="nofollow">A dead simple git cheat sheet</a></li>
7970 <li><a href="https://twitter.com/lattera/status/1233412881569415168" rel="nofollow">Xorg 1.20.7 on HardenedBSD Comes with IE/RELRO+BIND_NOW/CFI/SafeStack Protections</a></li>
7971 </ul>
7972
7973 <hr>
7974
7975 <h2>Feedback/Questions</h2>
7976
7977 <ul>
7978 <li><a href="http://dpaste.com/2YJ6PFW#wrap" rel="nofollow">Niclas writes in Regarding the Lenovo E595 user (episode 340)</a></li>
7979 <li><a href="http://dpaste.com/1S0DGT3#wrap" rel="nofollow">Lyubomir writes about GELI and ZFS</a></li>
7980 <li><a href="http://dpaste.com/2FSZQ8V#wrap" rel="nofollow">Peter writes in about scaling FreeBSD jails</a></li>
7981 </ul>
7982
7983 <hr>
7984
7985 <ul>
7986 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
7987 </ul>
7988
7989 <hr>
7990
7991 <video controls preload="metadata" style=" width:426px; height:240px;">
7992 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0341.mp4" type="video/mp4">
7993 Your browser does not support the HTML5 video tag.
7994 </video>]]>
7995 </content:encoded>
7996 <itunes:summary>
7997 <![CDATA[<p>FreeBSD on Power, DragonflyBSD 5.8 is here, Unifying FreeNAS/TrueNAS, OpenBSD vs. Prometheus and Go, gcc 4.2.1 removed from FreeBSD base, and more.</p>
7998
7999 <h2>Headlines</h2>
8000
8001 <h3><a href="https://www.freebsdfoundation.org/blog/power-to-the-people-making-freebsd-a-first-class-citizen-on-power/" rel="nofollow">FreeBSD on Power</a></h3>
8002
8003 <blockquote>
8004 <p>The power and promise of all open source software is freedom. Another way to express freedom is choice — choice of platforms, deployment models, stacks, configurations, etc.</p>
8005
8006 <p>The FreeBSD Foundation is dedicated to supporting and promoting the FreeBSD Project and community worldwide. But, what does this mean, exactly, you may wonder. The truth is it means many different things, but in all cases the Foundation acts to expand freedom and choice so that FreeBSD users have the power to serve their varied compute needs.</p>
8007
8008 <p>This blog tells the story of one specific way the Foundation helps a member of the community provide greater hardware choice for all FreeBSD users.</p>
8009 </blockquote>
8010
8011 <hr>
8012
8013 <h3><a href="https://www.dragonflybsd.org/release58/" rel="nofollow">Dragonfly 5.8</a></h3>
8014
8015 <blockquote>
8016 <p>DragonFly version 5.8 brings a new dsynth utility for building your own binary dports packages, plus significant support work to speed up that build - up to and including the entire collection. Additional progress has been made on GPU and signal support.</p>
8017
8018 <p>The details of all commits between the 5.6 and 5.8 branches are available in the associated commit messages for 5.8.0rc1 and 5.8.0. Also see /usr/src/UPDATING for specific file changes in PAM.</p>
8019 </blockquote>
8020
8021 <ul>
8022 <li>See article for rest of information</li>
8023 </ul>
8024
8025 <hr>
8026
8027 <h3><a href="https://www.hambug.ca/" rel="nofollow">2nd HamBUG meeting recap</a></h3>
8028
8029 <ul>
8030 <li>The second meeting of the Hamilton BSD Users Group took place last night</li>
8031 <li>The next meeting is scheduled for the 2nd Tuesday of the month, April 14th 2020</li>
8032 </ul>
8033
8034 <hr>
8035
8036 <h2>News Roundup</h2>
8037
8038 <h3><a href="https://www.ixsystems.com/blog/freenas-truenas-unification/" rel="nofollow">FreeNAS/TrueNAS Brand Unification</a></h3>
8039
8040 <blockquote>
8041 <p>FreeNAS and TrueNAS have been separate-but-related members of the #1 Open Source storage software family since 2012. FreeNAS is the free Open Source version with an expert community and has led the pursuit of innovations like Plugins and VMs. TrueNAS is the enterprise version for organizations of all sizes that need additional uptime and performance, as well as the enterprise-grade support necessary for critical data and applications. </p>
8042
8043 <p>From the beginning at iXsystems, we’ve developed, tested, documented, and released both as separate products, even though the vast majority of code is shared. This was a deliberate technical decision in the beginning but over time became less of a necessity and more of “just how we’ve always done it”. Furthermore, to change it was going to require a serious overhaul to how we build and package both products, among other things, so we continued to kick the can down the road. As we made systematic improvements to development and QA efficiency over the past few years, the redundant release process became almost impossible to ignore as our next major efficiency roadblock to overcome. So, we’ve finally rolled up our sleeves.</p>
8044
8045 <p>With the recent 11.3 release, TrueNAS gained parity with FreeNAS on features like VMs and Plugins, further homogenizing the code. Today, we announce the next phase of evolution for FreeNAS and TrueNAS. </p>
8046 </blockquote>
8047
8048 <hr>
8049
8050 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/sysadmin/OpenBSDVsPrometheusAndGo" rel="nofollow">OpenBSD versus Prometheus (and Go).</a></h3>
8051
8052 <blockquote>
8053 <p>We have a decent number of OpenBSD machines that do important things (and that have sometimes experienced problems like running out of disk space), and we have a Prometheus based metrics and monitoring system. The Prometheus host agent has enough support for OpenBSD to be able to report on critical metrics, including things like local disk space. Despite all of this, after some investigation I've determined that it's not really sensible to even try to deploy the host agent on our OpenBSD machines. This is due to a combination of factors that have at their root OpenBSD's lack of ABI stability</p>
8054 </blockquote>
8055
8056 <hr>
8057
8058 <h3><a href="https://svnweb.freebsd.org/base?view=revision&revision=358454" rel="nofollow">FreeBSD removed gcc from base</a></h3>
8059
8060 <blockquote>
8061 <p>As described in Warner's email message[1] to the FreeBSD-arch mailing list we have reached GCC 4.2.1's retirement date. At this time all supported architectures either use in-tree Clang, or rely on external toolchain (i.e., a contemporary GCC version from ports).</p>
8062
8063 <p>GCC 4.2.1 was released July 18, 2007 and was imported into FreeBSD later that year, in r171825. GCC has served us well, but version 4.2.1 is obsolete and not used by default on any architecture in FreeBSD. It does not support modern C and does not support arm64 or RISC-V.</p>
8064 </blockquote>
8065
8066 <hr>
8067
8068 <h2>Beastie Bits</h2>
8069
8070 <ul>
8071 <li><a href="https://www.dragonflydigest.com/2020/03/10/24276.html" rel="nofollow">New Archive location for Dragonfly 4.x</a></li>
8072 <li><a href="https://hub.iwebthings.com/a-dead-simple-git-cheatsheet/" rel="nofollow">A dead simple git cheat sheet</a></li>
8073 <li><a href="https://twitter.com/lattera/status/1233412881569415168" rel="nofollow">Xorg 1.20.7 on HardenedBSD Comes with IE/RELRO+BIND_NOW/CFI/SafeStack Protections</a></li>
8074 </ul>
8075
8076 <hr>
8077
8078 <h2>Feedback/Questions</h2>
8079
8080 <ul>
8081 <li><a href="http://dpaste.com/2YJ6PFW#wrap" rel="nofollow">Niclas writes in Regarding the Lenovo E595 user (episode 340)</a></li>
8082 <li><a href="http://dpaste.com/1S0DGT3#wrap" rel="nofollow">Lyubomir writes about GELI and ZFS</a></li>
8083 <li><a href="http://dpaste.com/2FSZQ8V#wrap" rel="nofollow">Peter writes in about scaling FreeBSD jails</a></li>
8084 </ul>
8085
8086 <hr>
8087
8088 <ul>
8089 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
8090 </ul>
8091
8092 <hr>
8093
8094 <video controls preload="metadata" style=" width:426px; height:240px;">
8095 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0341.mp4" type="video/mp4">
8096 Your browser does not support the HTML5 video tag.
8097 </video>]]>
8098 </itunes:summary>
8099 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+qoecV7uh</fireside:playerURL>
8100 <fireside:playerEmbedCode>
8101 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+qoecV7uh" width="740" height="200" frameborder="0" scrolling="no">]]>
8102 </fireside:playerEmbedCode>
8103 </item>
8104 <item>
8105 <title>340: Check My Sums</title>
8106 <link>https://www.bsdnow.tv/340</link>
8107 <guid isPermaLink="false">7e026ede-d713-4ed5-993a-9a39cab4aab1</guid>
8108 <pubDate>Thu, 05 Mar 2020 05:00:00 -0800</pubDate>
8109 <author>Allan Jude</author>
8110 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/7e026ede-d713-4ed5-993a-9a39cab4aab1.mp3" length="36478978" type="audio/mp3"/>
8111 <itunes:episodeType>full</itunes:episodeType>
8112 <itunes:author>Allan Jude</itunes:author>
8113 <itunes:subtitle>Why ZFS is doing filesystem checksumming right, better TMPFS throughput performance on DragonFlyBSD, reshaping pools with ZFS, PKGSRC on Manjaro aarch64 Pinebook-pro, central log host with syslog-ng on FreeBSD, and more.</itunes:subtitle>
8114 <itunes:duration>50:39</itunes:duration>
8115 <itunes:explicit>no</itunes:explicit>
8116 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
8117 <description>Why ZFS is doing filesystem checksumming right, better TMPFS throughput performance on DragonFlyBSD, reshaping pools with ZFS, PKGSRC on Manjaro aarch64 Pinebook-pro, central log host with syslog-ng on FreeBSD, and more.
8118 Headlines
8119 Checksumming in filesystems, and why ZFS is doing it right (https://oshogbo.vexillium.org/blog/73/)
8120 One of the best aspects of ZFS is its reliability. This can be accomplished using a few features like copy-on-write approach and checksumming. Today we will look at how ZFS does checksumming and why it does it the proper way. Most of the file systems don’t provide any integrity checking and fail in several scenarios:
8121 Data bit flips - when the data that we wanted to store are bit flipped by the hard drives, or cables, and the wrong data is stored on the hard drive.
8122 Misdirected writes - when the CPU/cable/hard drive will bit flip a block to which the data should be written.
8123 Misdirected read - when we miss reading the block when a bit flip occurred.
8124 Phantom writes - when the write operation never made it to the disk. For example, a disk or kernel may have some bug that it will return success even if the hard drive never made the write. This problem can also occur when data is kept only in the hard drive cache.
8125 Checksumming may help us detect errors in a few of those situations.
8126 DragonFlyBSD Improves Its TMPFS Implementation For Better Throughput Performance (https://www.phoronix.com/scan.php?page=news_item&px=DragonFlyBSD-TMPFS-Throughput)
8127 It's been a while since last having any new magical optimizations to talk about by DragonFlyBSD lead developer Matthew Dillon, but on Wednesday he landed some significant temporary file-system "TMPFS" optimizations for better throughput including with swap.
8128 Of several interesting commits merged tonight, the improved write clustering is a big one. In particular, "Reduces low-memory tmpfs paging I/O overheads by 4x and generally increases paging throughput to SSD-based swap by 2x-4x. Tmpfs is now able to issue a lot more 64KB I/Os when under memory pressure."
8129 https://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/4eb0bb82efc8ef32c4357cf812891c08d38d8860
8130 There's also a new tunable in the VM space as well as part of his commits on Wednesday night. This follows a lot of recent work on dsynth, improved page-out daemon pipelining, and other routine work.
8131 https://gitweb.dragonflybsd.org/dragonfly.git/commit/bc47dbc18bf832e4badb41f2fd79159479a7d351
8132 This work is building up towards the eventual DragonFlyBSD 5.8 while those wanting to try the latest improvements right away can find their daily snapshots.
8133 News Roundup
8134 Why ZFS is not good at growing and reshaping pools (or shrinking them) (https://utcc.utoronto.ca/~cks/space/blog/solaris/ZFSWhyNoRealReshaping)
8135 recently read Mark McBride's Five Years of Btrfs (via), which has a significant discussion of why McBride chose Btrfs over ZFS that boils down to ZFS not being very good at evolving your pool structure. You might doubt this judgment from a Btrfs user, so let me say as both a fan of ZFS and a long term user of it that this is unfortunately quite true; ZFS is not a good choice if you want to modify your pool disk layout significantly over time. ZFS works best if the only change in your pools that you do is replacing drives with bigger drives. In our ZFS environment we go to quite some lengths to be able to expand pools incrementally over time, and while this works it both leaves us with unbalanced pools and means that we're basically forced to use mirroring instead of RAIDZ.
8136 (An unbalanced pool is one where some vdevs and disks have much more data than others. This is less of an issue for us now that we're using SSDs instead of HDs.)
8137 Using PKGSRC on Manjaro Linux aarch64 Pinebook-pro (https://astr0baby.wordpress.com/2020/02/09/using-pkgsrc-on-manjaro-linux-aarch64-pinebook-pro/)
8138 I wanted to see how pkgsrc works on aarch64 Linux Manjaro since it is a very mature framework that is very portable and supported by many architectures – pkgsrc (package source) is a package management system for Unix-like operating systems. It was forked from the FreeBSD ports collection in 1997 as the primary package management system for NetBSD.
8139 One might question why use pkgsrc on Arch based Manjaro, since the pacman package repository is very good on its own. I see alternative pkgsrc as a good automated build framework that offers a way to produce independent build environment /usr/pkg that does not interfere with the current Linux distribution in any way (all libraries are statically built)
8140 I have used the latest Manjaro for Pinebookpro and standard recommended tools as mentioned here https://wiki.netbsd.org/pkgsrc/howtousepkgsrcon_linux/
8141 A Central Log Host with syslog-ng on FreeBSD
8142 Part 1 (https://blog.socruel.nu/freebsd/a-central-log-host-with-syslog-ng-on-freebsd.html)
8143 syslog-ng is the Swiss army knife of log management. You can collect logs from any source, process them in real time and deliver them to wide range of destinations. It allows you to flexibly collect, parse, classify, rewrite and correlate logs from across your infrastructure. This is why syslog-ng is the perfect solution for the central log host of my (mainly) FreeBSD based infrastructure.
8144 Part 2 (https://blog.socruel.nu/freebsd/check-logs-of-syslog-ng-log-host-on-freebsd.html)
8145 This blog post continues where the blog post A central log host with syslog-ng on FreeBSD left off. Open source solutions to check syslog log messages exist, such as Logcheck or Logwatch. Although these are not too difficult to implement and maintain, I still found these to much. So I went for my own home grown solution to check the syslog messages of the SoCruel.NU central log host.
8146 Beastie Bits
8147 FreeBSD at Linux Conf 2020 session videos now online (https://mirror.linux.org.au/pub/linux.conf.au/2020/room_9/Tuesday/)
8148 Unlock your laptop with your phone (https://vermaden.wordpress.com/2020/01/09/freebsd-desktop-part-20-configuration-unlock-your-laptop-with-phone/)
8149 Managing a database of vulnerabilities for a package system: the pkgsrc study (https://www.netbsd.org/gallery/presentations/leot/itasec20/pkgsrc-security.pdf)
8150 Hamilton BSD User group will meet again on March 10th](http://studybsd.com/)
8151 CharmBUG Meeting: March 24th 7pm in Severn, MD (https://www.meetup.com/en-AU/CharmBUG/events/268251508/)
8152 ***
8153 Feedback/Questions
8154 Andrew - ZFS feature Flags (http://dpaste.com/2YM23C0#wrap)
8155 Sam - TwinCat BSD (http://dpaste.com/0FCZV6R)
8156 Dacian - Freebsd + amdgpu + Lenovo E595 (http://dpaste.com/1R7F1JN#wrap)
8157 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
8158 <video controls preload="metadata" style=" width:426px; height:240px;">
8159 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0340.mp4" type="video/mp4">
8160 Your browser does not support the HTML5 video tag.
8161 </video>
8162 </description>
8163 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, checksumming, filesystem, checksum, zfs, tmpfs, throughput, performance, throughput performance, zpool, pool reshaping, resizing, shrinking, pinebook, pkgsrc, aarch64, log host, central logging, syslog, syslog-ng</itunes:keywords>
8164 <content:encoded>
8165 <![CDATA[<p>Why ZFS is doing filesystem checksumming right, better TMPFS throughput performance on DragonFlyBSD, reshaping pools with ZFS, PKGSRC on Manjaro aarch64 Pinebook-pro, central log host with syslog-ng on FreeBSD, and more.</p>
8166
8167 <h2>Headlines</h2>
8168
8169 <h3><a href="https://oshogbo.vexillium.org/blog/73/" rel="nofollow">Checksumming in filesystems, and why ZFS is doing it right</a></h3>
8170
8171 <blockquote>
8172 <p>One of the best aspects of ZFS is its reliability. This can be accomplished using a few features like copy-on-write approach and checksumming. Today we will look at how ZFS does checksumming and why it does it the proper way. Most of the file systems don’t provide any integrity checking and fail in several scenarios:</p>
8173 </blockquote>
8174
8175 <ul>
8176 <li>Data bit flips - when the data that we wanted to store are bit flipped by the hard drives, or cables, and the wrong data is stored on the hard drive.</li>
8177 <li>Misdirected writes - when the CPU/cable/hard drive will bit flip a block to which the data should be written.</li>
8178 <li>Misdirected read - when we miss reading the block when a bit flip occurred.</li>
8179 <li>Phantom writes - when the write operation never made it to the disk. For example, a disk or kernel may have some bug that it will return success even if the hard drive never made the write. This problem can also occur when data is kept only in the hard drive cache.</li>
8180 </ul>
8181
8182 <blockquote>
8183 <p>Checksumming may help us detect errors in a few of those situations.</p>
8184 </blockquote>
8185
8186 <hr>
8187
8188 <h3><a href="https://www.phoronix.com/scan.php?page=news_item&px=DragonFlyBSD-TMPFS-Throughput" rel="nofollow">DragonFlyBSD Improves Its TMPFS Implementation For Better Throughput Performance</a></h3>
8189
8190 <blockquote>
8191 <p>It's been a while since last having any new magical optimizations to talk about by DragonFlyBSD lead developer Matthew Dillon, but on Wednesday he landed some significant temporary file-system "TMPFS" optimizations for better throughput including with swap.</p>
8192
8193 <p>Of several interesting commits merged tonight, the improved write clustering is a big one. In particular, "Reduces low-memory tmpfs paging I/O overheads by 4x and generally increases paging throughput to SSD-based swap by 2x-4x. Tmpfs is now able to issue a lot more 64KB I/Os when under memory pressure."</p>
8194 </blockquote>
8195
8196 <ul>
8197 <li><a href="https://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/4eb0bb82efc8ef32c4357cf812891c08d38d8860" rel="nofollow">https://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/4eb0bb82efc8ef32c4357cf812891c08d38d8860</a></li>
8198 </ul>
8199
8200 <blockquote>
8201 <p>There's also a new tunable in the VM space as well as part of his commits on Wednesday night. This follows a lot of recent work on dsynth, improved page-out daemon pipelining, and other routine work.</p>
8202 </blockquote>
8203
8204 <ul>
8205 <li><a href="https://gitweb.dragonflybsd.org/dragonfly.git/commit/bc47dbc18bf832e4badb41f2fd79159479a7d351" rel="nofollow">https://gitweb.dragonflybsd.org/dragonfly.git/commit/bc47dbc18bf832e4badb41f2fd79159479a7d351</a></li>
8206 </ul>
8207
8208 <blockquote>
8209 <p>This work is building up towards the eventual DragonFlyBSD 5.8 while those wanting to try the latest improvements right away can find their daily snapshots.</p>
8210 </blockquote>
8211
8212 <hr>
8213
8214 <h2>News Roundup</h2>
8215
8216 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/solaris/ZFSWhyNoRealReshaping" rel="nofollow">Why ZFS is not good at growing and reshaping pools (or shrinking them)</a></h3>
8217
8218 <blockquote>
8219 <p>recently read Mark McBride's Five Years of Btrfs (via), which has a significant discussion of why McBride chose Btrfs over ZFS that boils down to ZFS not being very good at evolving your pool structure. You might doubt this judgment from a Btrfs user, so let me say as both a fan of ZFS and a long term user of it that this is unfortunately quite true; ZFS is not a good choice if you want to modify your pool disk layout significantly over time. ZFS works best if the only change in your pools that you do is replacing drives with bigger drives. In our ZFS environment we go to quite some lengths to be able to expand pools incrementally over time, and while this works it both leaves us with unbalanced pools and means that we're basically forced to use mirroring instead of RAIDZ.</p>
8220
8221 <p>(An unbalanced pool is one where some vdevs and disks have much more data than others. This is less of an issue for us now that we're using SSDs instead of HDs.)</p>
8222 </blockquote>
8223
8224 <hr>
8225
8226 <h3><a href="https://astr0baby.wordpress.com/2020/02/09/using-pkgsrc-on-manjaro-linux-aarch64-pinebook-pro/" rel="nofollow">Using PKGSRC on Manjaro Linux aarch64 Pinebook-pro</a></h3>
8227
8228 <blockquote>
8229 <p>I wanted to see how pkgsrc works on aarch64 Linux Manjaro since it is a very mature framework that is very portable and supported by many architectures – pkgsrc (package source) is a package management system for Unix-like operating systems. It was forked from the FreeBSD ports collection in 1997 as the primary package management system for NetBSD.</p>
8230
8231 <p>One might question why use pkgsrc on Arch based Manjaro, since the pacman package repository is very good on its own. I see alternative pkgsrc as a good automated build framework that offers a way to produce independent build environment /usr/pkg that does not interfere with the current Linux distribution in any way (all libraries are statically built)</p>
8232
8233 <p>I have used the latest Manjaro for Pinebookpro and standard recommended tools as mentioned here <a href="https://wiki.netbsd.org/pkgsrc/how_to_use_pkgsrc_on_linux/" rel="nofollow">https://wiki.netbsd.org/pkgsrc/how_to_use_pkgsrc_on_linux/</a></p>
8234 </blockquote>
8235
8236 <hr>
8237
8238 <h3>A Central Log Host with syslog-ng on FreeBSD</h3>
8239
8240 <ul>
8241 <li><a href="https://blog.socruel.nu/freebsd/a-central-log-host-with-syslog-ng-on-freebsd.html" rel="nofollow">Part 1</a></li>
8242 </ul>
8243
8244 <blockquote>
8245 <p>syslog-ng is the Swiss army knife of log management. You can collect logs from any source, process them in real time and deliver them to wide range of destinations. It allows you to flexibly collect, parse, classify, rewrite and correlate logs from across your infrastructure. This is why syslog-ng is the perfect solution for the central log host of my (mainly) FreeBSD based infrastructure.</p>
8246 </blockquote>
8247
8248 <ul>
8249 <li><a href="https://blog.socruel.nu/freebsd/check-logs-of-syslog-ng-log-host-on-freebsd.html" rel="nofollow">Part 2</a></li>
8250 </ul>
8251
8252 <blockquote>
8253 <p>This blog post continues where the blog post A central log host with syslog-ng on FreeBSD left off. Open source solutions to check syslog log messages exist, such as Logcheck or Logwatch. Although these are not too difficult to implement and maintain, I still found these to much. So I went for my own home grown solution to check the syslog messages of the SoCruel.NU central log host.</p>
8254 </blockquote>
8255
8256 <hr>
8257
8258 <h2>Beastie Bits</h2>
8259
8260 <ul>
8261 <li><a href="https://mirror.linux.org.au/pub/linux.conf.au/2020/room_9/Tuesday/" rel="nofollow">FreeBSD at Linux Conf 2020 session videos now online</a></li>
8262 <li><a href="https://vermaden.wordpress.com/2020/01/09/freebsd-desktop-part-20-configuration-unlock-your-laptop-with-phone/" rel="nofollow">Unlock your laptop with your phone</a></li>
8263 <li><a href="https://www.netbsd.org/gallery/presentations/leot/itasec20/pkgsrc-security.pdf" rel="nofollow">Managing a database of vulnerabilities for a package system: the pkgsrc study</a></li>
8264 <li>Hamilton BSD User group will meet again on March 10th](<a href="http://studybsd.com/" rel="nofollow">http://studybsd.com/</a>)</li>
8265 <li><a href="https://www.meetup.com/en-AU/CharmBUG/events/268251508/" rel="nofollow">CharmBUG Meeting: March 24th 7pm in Severn, MD</a>
8266 ***</li>
8267 </ul>
8268
8269 <h2>Feedback/Questions</h2>
8270
8271 <ul>
8272 <li>Andrew - <a href="http://dpaste.com/2YM23C0#wrap" rel="nofollow">ZFS feature Flags</a></li>
8273 <li>Sam - <a href="http://dpaste.com/0FCZV6R" rel="nofollow">TwinCat BSD</a></li>
8274 <li>Dacian - <a href="http://dpaste.com/1R7F1JN#wrap" rel="nofollow">Freebsd + amdgpu + Lenovo E595</a></li>
8275 </ul>
8276
8277 <hr>
8278
8279 <ul>
8280 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
8281 </ul>
8282
8283 <hr>
8284
8285 <video controls preload="metadata" style=" width:426px; height:240px;">
8286 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0340.mp4" type="video/mp4">
8287 Your browser does not support the HTML5 video tag.
8288 </video>]]>
8289 </content:encoded>
8290 <itunes:summary>
8291 <![CDATA[<p>Why ZFS is doing filesystem checksumming right, better TMPFS throughput performance on DragonFlyBSD, reshaping pools with ZFS, PKGSRC on Manjaro aarch64 Pinebook-pro, central log host with syslog-ng on FreeBSD, and more.</p>
8292
8293 <h2>Headlines</h2>
8294
8295 <h3><a href="https://oshogbo.vexillium.org/blog/73/" rel="nofollow">Checksumming in filesystems, and why ZFS is doing it right</a></h3>
8296
8297 <blockquote>
8298 <p>One of the best aspects of ZFS is its reliability. This can be accomplished using a few features like copy-on-write approach and checksumming. Today we will look at how ZFS does checksumming and why it does it the proper way. Most of the file systems don’t provide any integrity checking and fail in several scenarios:</p>
8299 </blockquote>
8300
8301 <ul>
8302 <li>Data bit flips - when the data that we wanted to store are bit flipped by the hard drives, or cables, and the wrong data is stored on the hard drive.</li>
8303 <li>Misdirected writes - when the CPU/cable/hard drive will bit flip a block to which the data should be written.</li>
8304 <li>Misdirected read - when we miss reading the block when a bit flip occurred.</li>
8305 <li>Phantom writes - when the write operation never made it to the disk. For example, a disk or kernel may have some bug that it will return success even if the hard drive never made the write. This problem can also occur when data is kept only in the hard drive cache.</li>
8306 </ul>
8307
8308 <blockquote>
8309 <p>Checksumming may help us detect errors in a few of those situations.</p>
8310 </blockquote>
8311
8312 <hr>
8313
8314 <h3><a href="https://www.phoronix.com/scan.php?page=news_item&px=DragonFlyBSD-TMPFS-Throughput" rel="nofollow">DragonFlyBSD Improves Its TMPFS Implementation For Better Throughput Performance</a></h3>
8315
8316 <blockquote>
8317 <p>It's been a while since last having any new magical optimizations to talk about by DragonFlyBSD lead developer Matthew Dillon, but on Wednesday he landed some significant temporary file-system "TMPFS" optimizations for better throughput including with swap.</p>
8318
8319 <p>Of several interesting commits merged tonight, the improved write clustering is a big one. In particular, "Reduces low-memory tmpfs paging I/O overheads by 4x and generally increases paging throughput to SSD-based swap by 2x-4x. Tmpfs is now able to issue a lot more 64KB I/Os when under memory pressure."</p>
8320 </blockquote>
8321
8322 <ul>
8323 <li><a href="https://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/4eb0bb82efc8ef32c4357cf812891c08d38d8860" rel="nofollow">https://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/4eb0bb82efc8ef32c4357cf812891c08d38d8860</a></li>
8324 </ul>
8325
8326 <blockquote>
8327 <p>There's also a new tunable in the VM space as well as part of his commits on Wednesday night. This follows a lot of recent work on dsynth, improved page-out daemon pipelining, and other routine work.</p>
8328 </blockquote>
8329
8330 <ul>
8331 <li><a href="https://gitweb.dragonflybsd.org/dragonfly.git/commit/bc47dbc18bf832e4badb41f2fd79159479a7d351" rel="nofollow">https://gitweb.dragonflybsd.org/dragonfly.git/commit/bc47dbc18bf832e4badb41f2fd79159479a7d351</a></li>
8332 </ul>
8333
8334 <blockquote>
8335 <p>This work is building up towards the eventual DragonFlyBSD 5.8 while those wanting to try the latest improvements right away can find their daily snapshots.</p>
8336 </blockquote>
8337
8338 <hr>
8339
8340 <h2>News Roundup</h2>
8341
8342 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/solaris/ZFSWhyNoRealReshaping" rel="nofollow">Why ZFS is not good at growing and reshaping pools (or shrinking them)</a></h3>
8343
8344 <blockquote>
8345 <p>recently read Mark McBride's Five Years of Btrfs (via), which has a significant discussion of why McBride chose Btrfs over ZFS that boils down to ZFS not being very good at evolving your pool structure. You might doubt this judgment from a Btrfs user, so let me say as both a fan of ZFS and a long term user of it that this is unfortunately quite true; ZFS is not a good choice if you want to modify your pool disk layout significantly over time. ZFS works best if the only change in your pools that you do is replacing drives with bigger drives. In our ZFS environment we go to quite some lengths to be able to expand pools incrementally over time, and while this works it both leaves us with unbalanced pools and means that we're basically forced to use mirroring instead of RAIDZ.</p>
8346
8347 <p>(An unbalanced pool is one where some vdevs and disks have much more data than others. This is less of an issue for us now that we're using SSDs instead of HDs.)</p>
8348 </blockquote>
8349
8350 <hr>
8351
8352 <h3><a href="https://astr0baby.wordpress.com/2020/02/09/using-pkgsrc-on-manjaro-linux-aarch64-pinebook-pro/" rel="nofollow">Using PKGSRC on Manjaro Linux aarch64 Pinebook-pro</a></h3>
8353
8354 <blockquote>
8355 <p>I wanted to see how pkgsrc works on aarch64 Linux Manjaro since it is a very mature framework that is very portable and supported by many architectures – pkgsrc (package source) is a package management system for Unix-like operating systems. It was forked from the FreeBSD ports collection in 1997 as the primary package management system for NetBSD.</p>
8356
8357 <p>One might question why use pkgsrc on Arch based Manjaro, since the pacman package repository is very good on its own. I see alternative pkgsrc as a good automated build framework that offers a way to produce independent build environment /usr/pkg that does not interfere with the current Linux distribution in any way (all libraries are statically built)</p>
8358
8359 <p>I have used the latest Manjaro for Pinebookpro and standard recommended tools as mentioned here <a href="https://wiki.netbsd.org/pkgsrc/how_to_use_pkgsrc_on_linux/" rel="nofollow">https://wiki.netbsd.org/pkgsrc/how_to_use_pkgsrc_on_linux/</a></p>
8360 </blockquote>
8361
8362 <hr>
8363
8364 <h3>A Central Log Host with syslog-ng on FreeBSD</h3>
8365
8366 <ul>
8367 <li><a href="https://blog.socruel.nu/freebsd/a-central-log-host-with-syslog-ng-on-freebsd.html" rel="nofollow">Part 1</a></li>
8368 </ul>
8369
8370 <blockquote>
8371 <p>syslog-ng is the Swiss army knife of log management. You can collect logs from any source, process them in real time and deliver them to wide range of destinations. It allows you to flexibly collect, parse, classify, rewrite and correlate logs from across your infrastructure. This is why syslog-ng is the perfect solution for the central log host of my (mainly) FreeBSD based infrastructure.</p>
8372 </blockquote>
8373
8374 <ul>
8375 <li><a href="https://blog.socruel.nu/freebsd/check-logs-of-syslog-ng-log-host-on-freebsd.html" rel="nofollow">Part 2</a></li>
8376 </ul>
8377
8378 <blockquote>
8379 <p>This blog post continues where the blog post A central log host with syslog-ng on FreeBSD left off. Open source solutions to check syslog log messages exist, such as Logcheck or Logwatch. Although these are not too difficult to implement and maintain, I still found these to much. So I went for my own home grown solution to check the syslog messages of the SoCruel.NU central log host.</p>
8380 </blockquote>
8381
8382 <hr>
8383
8384 <h2>Beastie Bits</h2>
8385
8386 <ul>
8387 <li><a href="https://mirror.linux.org.au/pub/linux.conf.au/2020/room_9/Tuesday/" rel="nofollow">FreeBSD at Linux Conf 2020 session videos now online</a></li>
8388 <li><a href="https://vermaden.wordpress.com/2020/01/09/freebsd-desktop-part-20-configuration-unlock-your-laptop-with-phone/" rel="nofollow">Unlock your laptop with your phone</a></li>
8389 <li><a href="https://www.netbsd.org/gallery/presentations/leot/itasec20/pkgsrc-security.pdf" rel="nofollow">Managing a database of vulnerabilities for a package system: the pkgsrc study</a></li>
8390 <li>Hamilton BSD User group will meet again on March 10th](<a href="http://studybsd.com/" rel="nofollow">http://studybsd.com/</a>)</li>
8391 <li><a href="https://www.meetup.com/en-AU/CharmBUG/events/268251508/" rel="nofollow">CharmBUG Meeting: March 24th 7pm in Severn, MD</a>
8392 ***</li>
8393 </ul>
8394
8395 <h2>Feedback/Questions</h2>
8396
8397 <ul>
8398 <li>Andrew - <a href="http://dpaste.com/2YM23C0#wrap" rel="nofollow">ZFS feature Flags</a></li>
8399 <li>Sam - <a href="http://dpaste.com/0FCZV6R" rel="nofollow">TwinCat BSD</a></li>
8400 <li>Dacian - <a href="http://dpaste.com/1R7F1JN#wrap" rel="nofollow">Freebsd + amdgpu + Lenovo E595</a></li>
8401 </ul>
8402
8403 <hr>
8404
8405 <ul>
8406 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
8407 </ul>
8408
8409 <hr>
8410
8411 <video controls preload="metadata" style=" width:426px; height:240px;">
8412 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0340.mp4" type="video/mp4">
8413 Your browser does not support the HTML5 video tag.
8414 </video>]]>
8415 </itunes:summary>
8416 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+z93p82E8</fireside:playerURL>
8417 <fireside:playerEmbedCode>
8418 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+z93p82E8" width="740" height="200" frameborder="0" scrolling="no">]]>
8419 </fireside:playerEmbedCode>
8420 </item>
8421 <item>
8422 <title>339: BSD Fundraising</title>
8423 <link>https://www.bsdnow.tv/339</link>
8424 <guid isPermaLink="false">581b71e1-6a98-41d7-b8d8-477eaaaba8db</guid>
8425 <pubDate>Thu, 27 Feb 2020 05:00:00 -0800</pubDate>
8426 <author>Allan Jude</author>
8427 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/581b71e1-6a98-41d7-b8d8-477eaaaba8db.mp3" length="38843791" type="audio/mp3"/>
8428 <itunes:episodeType>full</itunes:episodeType>
8429 <itunes:author>Allan Jude</itunes:author>
8430 <itunes:subtitle>Meet FuryBSD, NetBSD 9.0 has been released, OpenBSD Foundation 2019 campaign wrapup, a retrospective on OmniOS ZFS-based NFS fileservers, NetBSD Fundraising 2020 goal, OpenSSH 8.2 released, and more.</itunes:subtitle>
8431 <itunes:duration>53:56</itunes:duration>
8432 <itunes:explicit>no</itunes:explicit>
8433 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
8434 <description>Meet FuryBSD, NetBSD 9.0 has been released, OpenBSD Foundation 2019 campaign wrapup, a retrospective on OmniOS ZFS-based NFS fileservers, NetBSD Fundraising 2020 goal, OpenSSH 8.2 released, and more.## Headlines
8435 Meet FuryBSD: A New Desktop BSD Distribution (https://itsfoss.com/furybsd/)
8436 At its heart, FuryBSD is a very simple beast. According to the site, “FuryBSD is a back to basics lightweight desktop distribution based on stock FreeBSD.” It is basically FreeBSD with a desktop environment pre-configured and several apps preinstalled. The goal is to quickly get a FreeBSD-based system running on your computer.
8437 You might be thinking that this sounds a lot like a couple of other BSDs that are available, such as NomadBSD and GhostBSD. The major difference between those BSDs and FuryBSD is that FuryBSD is much closer to stock FreeBSD. For example, FuryBSD uses the FreeBSD installer, while others have created their own installers and utilities.
8438 As it states on the site, “Although FuryBSD may resemble past graphical BSD projects like PC-BSD and TrueOS, FuryBSD is created by a different team and takes a different approach focusing on tight integration with FreeBSD. This keeps overhead low and maintains compatibility with upstream.” The lead dev also told me that “One key focus for FuryBSD is for it to be a small live media with a few assistive tools to test drivers for hardware.”
8439 Currently, you can go to the FuryBSD homepage and download either an XFCE or KDE LiveCD. A GNOME version is in the works.
8440 NetBSD 9.0 (https://www.netbsd.org/releases/formal-9/NetBSD-9.0.html)
8441 The NetBSD Project is pleased to announce NetBSD 9.0, the seventeenth major release of the NetBSD operating system.
8442 This release brings significant improvements in terms of hardware support, quality assurance, security, along with new features and hundreds of bug fixes. Here are some highlights of this new release.
8443 News Roundup
8444 OpenBSD Foundation 2019 campaign wrapup (http://undeadly.org/cgi?action=article;sid=20200217001107)
8445 Our target for 2019 was CDN$300K. Our community's continued generosity combined with our corporate donors exceeded that nicely. In addition we received the largest single donation in our history, CDN$380K from Smartisan. The return of Google was another welcome event. Altogether 2019 was our most successful campaign to date, yielding CDN$692K in total.
8446 We thank all our donors, Iridium (Smartisan), Platinum (Yandex, Google), Gold (Microsoft, Facebook) Silver (2Keys) and Bronze (genua, Thinkst Canary). But especially our community of smaller donors whose contributions are the bedrock of our support. Thank you all!
8447 OpenBSD Foundation 2019 Fundraising Goal Exceeded (https://www.openbsdfoundation.org/campaign2019.html)
8448 A retrospective on our OmniOS ZFS-based NFS fileservers (https://utcc.utoronto.ca/~cks/space/blog/solaris/OmniOSFileserverRetrospective)
8449 Our OmniOS fileservers have now been out of service for about six months, which makes it somewhat past time for a retrospective on them. Our OmniOS fileservers followed on our Solaris fileservers, which I wrote a two part retrospective on (part 1, part 2), and have now been replaced by our Linux fileservers. To be honest, I have been sitting on my hands about writing this retrospective because we have mixed feelings about our OmniOS fileservers.
8450 I will put the summary up front. OmniOS worked reasonably well for us over its lifespan here and looking back I think it was almost certainly the right choice for us at the time we made that choice (which was 2013 and 2014). However it was not without issues that marred our experience with it in practice, although not enough to make me regret that we ran it (and ran it for as long as we did). Part of our issues are likely due to a design mistake in making our fileservers too big, although this design mistake was probably magnified when we were unable to use Intel 10G-T networking in OmniOS.
8451 On the one hand, our OmniOS fileservers worked, almost always reliably. Like our Solaris fileservers before them, they ran quietly for years without needing much attention, delivering NFS fileservice to our Ubuntu servers; specifically, we ran them for about five years (2014 through 2019, although we started migrating away at the end of 2018). Over this time we had only minor hardware issues and not all that many disk failures, and we suffered no data loss (with ZFS checksums likely saving us several times, and certainly providing good reassurances). Our overall environment was easy to manage and was pretty much problem free in the face of things like failed disks. I'm pretty sure that our users saw a NFS environment that was solid, reliable, and performed well pretty much all of the time, which is the important thing. So OmniOS basically delivered the fileserver environment we wanted.
8452 NetBSD Fundraising 2020 goal (http://blog.netbsd.org/tnf/entry/fundraising_2020)
8453 Is it really more than 10 years since we last had an official fundraising drive?
8454 Looking at old TNF financial reports I noticed that we have been doing quite well financially over the last years, with a steady stream of small and medium donations, and most of the time only moderate expenditures. The last fundraising drive back in 2009 was a giant success, and we have lived off it until now.
8455 OpenSSH 8.2 released February 14, 2020 (http://www.openssh.com/txt/release-8.2)
8456 OpenSSH 8.2 was released on 2020-02-14. It is available from the mirrors listed at https://www.openssh.com/.
8457 OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support.
8458 Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested snapshots or donated to the project. More information on donations may be found at:
8459 https://www.openssh.com/donations.html
8460 Beastie Bits
8461 FreeNAS vs. Unraid: GRUDGE MATCH! (https://www.youtube.com/watch?v=aXsRIrC5bjg)
8462 Unix Toolbox (http://cb.vu/unixtoolbox.xhtml)
8463 Rigs of Rods - OpenBSD Physics Game (https://docs.rigsofrods.org/)
8464 NYCBug - Dr Vixie (http://dpaste.com/0V35MAB#wrap)
8465 Hamilton BSD User group will meet again on March 10th](http://studybsd.com/)
8466 BSD Stockholm - Meetup March 3rd 2020 (https://www.meetup.com/BSD-Users-Stockholm/events/267873938/)
8467 Feedback/Questions
8468 Shirkdog - Question (http://dpaste.com/36E2BZ1)
8469 Master One - ZFS + Suspend/resume (http://dpaste.com/3B9M814#wrap)
8470 Micah Roth - ZFS write caching (http://dpaste.com/0D4GDX1#wrap)
8471 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
8472 <video controls preload="metadata" style=" width:426px; height:240px;">
8473 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0339.mp4" type="video/mp4">
8474 Your browser does not support the HTML5 video tag.
8475 </video>
8476 </description>
8477 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, furybsd, desktop, desktop bsd, netbsd 9.0, openbsd foundation, campaign wrapup, retrospective, omnios, zfs, nfs, fileserver, netbsd fundraising, fundraising goal, openssh</itunes:keywords>
8478 <content:encoded>
8479 <![CDATA[<p>Meet FuryBSD, NetBSD 9.0 has been released, OpenBSD Foundation 2019 campaign wrapup, a retrospective on OmniOS ZFS-based NFS fileservers, NetBSD Fundraising 2020 goal, OpenSSH 8.2 released, and more.## Headlines</p>
8480
8481 <h3><a href="https://itsfoss.com/furybsd/" rel="nofollow">Meet FuryBSD: A New Desktop BSD Distribution</a></h3>
8482
8483 <blockquote>
8484 <p>At its heart, FuryBSD is a very simple beast. According to the site, “FuryBSD is a back to basics lightweight desktop distribution based on stock FreeBSD.” It is basically FreeBSD with a desktop environment pre-configured and several apps preinstalled. The goal is to quickly get a FreeBSD-based system running on your computer.</p>
8485
8486 <p>You might be thinking that this sounds a lot like a couple of other BSDs that are available, such as NomadBSD and GhostBSD. The major difference between those BSDs and FuryBSD is that FuryBSD is much closer to stock FreeBSD. For example, FuryBSD uses the FreeBSD installer, while others have created their own installers and utilities.</p>
8487
8488 <p>As it states on the site, “Although FuryBSD may resemble past graphical BSD projects like PC-BSD and TrueOS, FuryBSD is created by a different team and takes a different approach focusing on tight integration with FreeBSD. This keeps overhead low and maintains compatibility with upstream.” The lead dev also told me that “One key focus for FuryBSD is for it to be a small live media with a few assistive tools to test drivers for hardware.”</p>
8489
8490 <p>Currently, you can go to the FuryBSD homepage and download either an XFCE or KDE LiveCD. A GNOME version is in the works.</p>
8491 </blockquote>
8492
8493 <hr>
8494
8495 <h3><a href="https://www.netbsd.org/releases/formal-9/NetBSD-9.0.html" rel="nofollow">NetBSD 9.0</a></h3>
8496
8497 <blockquote>
8498 <p>The NetBSD Project is pleased to announce NetBSD 9.0, the seventeenth major release of the NetBSD operating system.</p>
8499
8500 <p>This release brings significant improvements in terms of hardware support, quality assurance, security, along with new features and hundreds of bug fixes. Here are some highlights of this new release.</p>
8501 </blockquote>
8502
8503 <hr>
8504
8505 <h2>News Roundup</h2>
8506
8507 <h3><a href="http://undeadly.org/cgi?action=article;sid=20200217001107" rel="nofollow">OpenBSD Foundation 2019 campaign wrapup</a></h3>
8508
8509 <blockquote>
8510 <p>Our target for 2019 was CDN$300K. Our community's continued generosity combined with our corporate donors exceeded that nicely. In addition we received the largest single donation in our history, CDN$380K from Smartisan. The return of Google was another welcome event. Altogether 2019 was our most successful campaign to date, yielding CDN$692K in total.</p>
8511
8512 <p>We thank all our donors, Iridium (Smartisan), Platinum (Yandex, Google), Gold (Microsoft, Facebook) Silver (2Keys) and Bronze (genua, Thinkst Canary). But especially our community of smaller donors whose contributions are the bedrock of our support. Thank you all!</p>
8513 </blockquote>
8514
8515 <ul>
8516 <li><a href="https://www.openbsdfoundation.org/campaign2019.html" rel="nofollow">OpenBSD Foundation 2019 Fundraising Goal Exceeded</a></li>
8517 </ul>
8518
8519 <hr>
8520
8521 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/solaris/OmniOSFileserverRetrospective" rel="nofollow">A retrospective on our OmniOS ZFS-based NFS fileservers</a></h3>
8522
8523 <blockquote>
8524 <p>Our OmniOS fileservers have now been out of service for about six months, which makes it somewhat past time for a retrospective on them. Our OmniOS fileservers followed on our Solaris fileservers, which I wrote a two part retrospective on (part 1, part 2), and have now been replaced by our Linux fileservers. To be honest, I have been sitting on my hands about writing this retrospective because we have mixed feelings about our OmniOS fileservers.</p>
8525
8526 <p>I will put the summary up front. OmniOS worked reasonably well for us over its lifespan here and looking back I think it was almost certainly the right choice for us at the time we made that choice (which was 2013 and 2014). However it was not without issues that marred our experience with it in practice, although not enough to make me regret that we ran it (and ran it for as long as we did). Part of our issues are likely due to a design mistake in making our fileservers too big, although this design mistake was probably magnified when we were unable to use Intel 10G-T networking in OmniOS.</p>
8527
8528 <p>On the one hand, our OmniOS fileservers worked, almost always reliably. Like our Solaris fileservers before them, they ran quietly for years without needing much attention, delivering NFS fileservice to our Ubuntu servers; specifically, we ran them for about five years (2014 through 2019, although we started migrating away at the end of 2018). Over this time we had only minor hardware issues and not all that many disk failures, and we suffered no data loss (with ZFS checksums likely saving us several times, and certainly providing good reassurances). Our overall environment was easy to manage and was pretty much problem free in the face of things like failed disks. I'm pretty sure that our users saw a NFS environment that was solid, reliable, and performed well pretty much all of the time, which is the important thing. So OmniOS basically delivered the fileserver environment we wanted.</p>
8529 </blockquote>
8530
8531 <hr>
8532
8533 <h3><a href="http://blog.netbsd.org/tnf/entry/fundraising_2020" rel="nofollow">NetBSD Fundraising 2020 goal</a></h3>
8534
8535 <blockquote>
8536 <p>Is it really more than 10 years since we last had an official fundraising drive?</p>
8537
8538 <p>Looking at old TNF financial reports I noticed that we have been doing quite well financially over the last years, with a steady stream of small and medium donations, and most of the time only moderate expenditures. The last fundraising drive back in 2009 was a giant success, and we have lived off it until now.</p>
8539 </blockquote>
8540
8541 <hr>
8542
8543 <h3><a href="http://www.openssh.com/txt/release-8.2" rel="nofollow">OpenSSH 8.2 released February 14, 2020</a></h3>
8544
8545 <blockquote>
8546 <p>OpenSSH 8.2 was released on 2020-02-14. It is available from the mirrors listed at <a href="https://www.openssh.com/" rel="nofollow">https://www.openssh.com/</a>.</p>
8547
8548 <p>OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support.</p>
8549
8550 <p>Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested snapshots or donated to the project. More information on donations may be found at:</p>
8551 </blockquote>
8552
8553 <ul>
8554 <li><a href="https://www.openssh.com/donations.html" rel="nofollow">https://www.openssh.com/donations.html</a></li>
8555 </ul>
8556
8557 <hr>
8558
8559 <h2>Beastie Bits</h2>
8560
8561 <ul>
8562 <li><a href="https://www.youtube.com/watch?v=aXsRIrC5bjg" rel="nofollow">FreeNAS vs. Unraid: GRUDGE MATCH!</a></li>
8563 <li><a href="http://cb.vu/unixtoolbox.xhtml" rel="nofollow">Unix Toolbox</a></li>
8564 <li><a href="https://docs.rigsofrods.org/" rel="nofollow">Rigs of Rods - OpenBSD Physics Game</a></li>
8565 <li><a href="http://dpaste.com/0V35MAB#wrap" rel="nofollow">NYCBug - Dr Vixie</a></li>
8566 <li>Hamilton BSD User group will meet again on March 10th](<a href="http://studybsd.com/" rel="nofollow">http://studybsd.com/</a>)</li>
8567 <li><a href="https://www.meetup.com/BSD-Users-Stockholm/events/267873938/" rel="nofollow">BSD Stockholm - Meetup March 3rd 2020</a></li>
8568 </ul>
8569
8570 <hr>
8571
8572 <h2>Feedback/Questions</h2>
8573
8574 <ul>
8575 <li>Shirkdog - <a href="http://dpaste.com/36E2BZ1" rel="nofollow">Question</a></li>
8576 <li>Master One - <a href="http://dpaste.com/3B9M814#wrap" rel="nofollow">ZFS + Suspend/resume</a></li>
8577 <li>Micah Roth - <a href="http://dpaste.com/0D4GDX1#wrap" rel="nofollow">ZFS write caching</a></li>
8578 </ul>
8579
8580 <hr>
8581
8582 <ul>
8583 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
8584 </ul>
8585
8586 <hr>
8587
8588 <video controls preload="metadata" style=" width:426px; height:240px;">
8589 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0339.mp4" type="video/mp4">
8590 Your browser does not support the HTML5 video tag.
8591 </video>]]>
8592 </content:encoded>
8593 <itunes:summary>
8594 <![CDATA[<p>Meet FuryBSD, NetBSD 9.0 has been released, OpenBSD Foundation 2019 campaign wrapup, a retrospective on OmniOS ZFS-based NFS fileservers, NetBSD Fundraising 2020 goal, OpenSSH 8.2 released, and more.## Headlines</p>
8595
8596 <h3><a href="https://itsfoss.com/furybsd/" rel="nofollow">Meet FuryBSD: A New Desktop BSD Distribution</a></h3>
8597
8598 <blockquote>
8599 <p>At its heart, FuryBSD is a very simple beast. According to the site, “FuryBSD is a back to basics lightweight desktop distribution based on stock FreeBSD.” It is basically FreeBSD with a desktop environment pre-configured and several apps preinstalled. The goal is to quickly get a FreeBSD-based system running on your computer.</p>
8600
8601 <p>You might be thinking that this sounds a lot like a couple of other BSDs that are available, such as NomadBSD and GhostBSD. The major difference between those BSDs and FuryBSD is that FuryBSD is much closer to stock FreeBSD. For example, FuryBSD uses the FreeBSD installer, while others have created their own installers and utilities.</p>
8602
8603 <p>As it states on the site, “Although FuryBSD may resemble past graphical BSD projects like PC-BSD and TrueOS, FuryBSD is created by a different team and takes a different approach focusing on tight integration with FreeBSD. This keeps overhead low and maintains compatibility with upstream.” The lead dev also told me that “One key focus for FuryBSD is for it to be a small live media with a few assistive tools to test drivers for hardware.”</p>
8604
8605 <p>Currently, you can go to the FuryBSD homepage and download either an XFCE or KDE LiveCD. A GNOME version is in the works.</p>
8606 </blockquote>
8607
8608 <hr>
8609
8610 <h3><a href="https://www.netbsd.org/releases/formal-9/NetBSD-9.0.html" rel="nofollow">NetBSD 9.0</a></h3>
8611
8612 <blockquote>
8613 <p>The NetBSD Project is pleased to announce NetBSD 9.0, the seventeenth major release of the NetBSD operating system.</p>
8614
8615 <p>This release brings significant improvements in terms of hardware support, quality assurance, security, along with new features and hundreds of bug fixes. Here are some highlights of this new release.</p>
8616 </blockquote>
8617
8618 <hr>
8619
8620 <h2>News Roundup</h2>
8621
8622 <h3><a href="http://undeadly.org/cgi?action=article;sid=20200217001107" rel="nofollow">OpenBSD Foundation 2019 campaign wrapup</a></h3>
8623
8624 <blockquote>
8625 <p>Our target for 2019 was CDN$300K. Our community's continued generosity combined with our corporate donors exceeded that nicely. In addition we received the largest single donation in our history, CDN$380K from Smartisan. The return of Google was another welcome event. Altogether 2019 was our most successful campaign to date, yielding CDN$692K in total.</p>
8626
8627 <p>We thank all our donors, Iridium (Smartisan), Platinum (Yandex, Google), Gold (Microsoft, Facebook) Silver (2Keys) and Bronze (genua, Thinkst Canary). But especially our community of smaller donors whose contributions are the bedrock of our support. Thank you all!</p>
8628 </blockquote>
8629
8630 <ul>
8631 <li><a href="https://www.openbsdfoundation.org/campaign2019.html" rel="nofollow">OpenBSD Foundation 2019 Fundraising Goal Exceeded</a></li>
8632 </ul>
8633
8634 <hr>
8635
8636 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/solaris/OmniOSFileserverRetrospective" rel="nofollow">A retrospective on our OmniOS ZFS-based NFS fileservers</a></h3>
8637
8638 <blockquote>
8639 <p>Our OmniOS fileservers have now been out of service for about six months, which makes it somewhat past time for a retrospective on them. Our OmniOS fileservers followed on our Solaris fileservers, which I wrote a two part retrospective on (part 1, part 2), and have now been replaced by our Linux fileservers. To be honest, I have been sitting on my hands about writing this retrospective because we have mixed feelings about our OmniOS fileservers.</p>
8640
8641 <p>I will put the summary up front. OmniOS worked reasonably well for us over its lifespan here and looking back I think it was almost certainly the right choice for us at the time we made that choice (which was 2013 and 2014). However it was not without issues that marred our experience with it in practice, although not enough to make me regret that we ran it (and ran it for as long as we did). Part of our issues are likely due to a design mistake in making our fileservers too big, although this design mistake was probably magnified when we were unable to use Intel 10G-T networking in OmniOS.</p>
8642
8643 <p>On the one hand, our OmniOS fileservers worked, almost always reliably. Like our Solaris fileservers before them, they ran quietly for years without needing much attention, delivering NFS fileservice to our Ubuntu servers; specifically, we ran them for about five years (2014 through 2019, although we started migrating away at the end of 2018). Over this time we had only minor hardware issues and not all that many disk failures, and we suffered no data loss (with ZFS checksums likely saving us several times, and certainly providing good reassurances). Our overall environment was easy to manage and was pretty much problem free in the face of things like failed disks. I'm pretty sure that our users saw a NFS environment that was solid, reliable, and performed well pretty much all of the time, which is the important thing. So OmniOS basically delivered the fileserver environment we wanted.</p>
8644 </blockquote>
8645
8646 <hr>
8647
8648 <h3><a href="http://blog.netbsd.org/tnf/entry/fundraising_2020" rel="nofollow">NetBSD Fundraising 2020 goal</a></h3>
8649
8650 <blockquote>
8651 <p>Is it really more than 10 years since we last had an official fundraising drive?</p>
8652
8653 <p>Looking at old TNF financial reports I noticed that we have been doing quite well financially over the last years, with a steady stream of small and medium donations, and most of the time only moderate expenditures. The last fundraising drive back in 2009 was a giant success, and we have lived off it until now.</p>
8654 </blockquote>
8655
8656 <hr>
8657
8658 <h3><a href="http://www.openssh.com/txt/release-8.2" rel="nofollow">OpenSSH 8.2 released February 14, 2020</a></h3>
8659
8660 <blockquote>
8661 <p>OpenSSH 8.2 was released on 2020-02-14. It is available from the mirrors listed at <a href="https://www.openssh.com/" rel="nofollow">https://www.openssh.com/</a>.</p>
8662
8663 <p>OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support.</p>
8664
8665 <p>Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested snapshots or donated to the project. More information on donations may be found at:</p>
8666 </blockquote>
8667
8668 <ul>
8669 <li><a href="https://www.openssh.com/donations.html" rel="nofollow">https://www.openssh.com/donations.html</a></li>
8670 </ul>
8671
8672 <hr>
8673
8674 <h2>Beastie Bits</h2>
8675
8676 <ul>
8677 <li><a href="https://www.youtube.com/watch?v=aXsRIrC5bjg" rel="nofollow">FreeNAS vs. Unraid: GRUDGE MATCH!</a></li>
8678 <li><a href="http://cb.vu/unixtoolbox.xhtml" rel="nofollow">Unix Toolbox</a></li>
8679 <li><a href="https://docs.rigsofrods.org/" rel="nofollow">Rigs of Rods - OpenBSD Physics Game</a></li>
8680 <li><a href="http://dpaste.com/0V35MAB#wrap" rel="nofollow">NYCBug - Dr Vixie</a></li>
8681 <li>Hamilton BSD User group will meet again on March 10th](<a href="http://studybsd.com/" rel="nofollow">http://studybsd.com/</a>)</li>
8682 <li><a href="https://www.meetup.com/BSD-Users-Stockholm/events/267873938/" rel="nofollow">BSD Stockholm - Meetup March 3rd 2020</a></li>
8683 </ul>
8684
8685 <hr>
8686
8687 <h2>Feedback/Questions</h2>
8688
8689 <ul>
8690 <li>Shirkdog - <a href="http://dpaste.com/36E2BZ1" rel="nofollow">Question</a></li>
8691 <li>Master One - <a href="http://dpaste.com/3B9M814#wrap" rel="nofollow">ZFS + Suspend/resume</a></li>
8692 <li>Micah Roth - <a href="http://dpaste.com/0D4GDX1#wrap" rel="nofollow">ZFS write caching</a></li>
8693 </ul>
8694
8695 <hr>
8696
8697 <ul>
8698 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
8699 </ul>
8700
8701 <hr>
8702
8703 <video controls preload="metadata" style=" width:426px; height:240px;">
8704 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0339.mp4" type="video/mp4">
8705 Your browser does not support the HTML5 video tag.
8706 </video>]]>
8707 </itunes:summary>
8708 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+xxMI5wMP</fireside:playerURL>
8709 <fireside:playerEmbedCode>
8710 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+xxMI5wMP" width="740" height="200" frameborder="0" scrolling="no">]]>
8711 </fireside:playerEmbedCode>
8712 </item>
8713 <item>
8714 <title>338: iocage in Jail</title>
8715 <link>https://www.bsdnow.tv/338</link>
8716 <guid isPermaLink="false">7e9e4cfc-7a05-4ebe-8d45-a7282fe7ab0f</guid>
8717 <pubDate>Thu, 20 Feb 2020 05:00:00 -0800</pubDate>
8718 <author>Allan Jude</author>
8719 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/7e9e4cfc-7a05-4ebe-8d45-a7282fe7ab0f.mp3" length="45174932" type="audio/mp3"/>
8720 <itunes:episodeType>full</itunes:episodeType>
8721 <itunes:author>Allan Jude</itunes:author>
8722 <itunes:subtitle>Distrowatch reviews FuryBSD, LLDB on i386 for NetBSD, wpa_supplicant as lower-class citizen, KDE on FreeBSD updates, Travel Grant for BSDCan open, ZFS dataset for testing iocage within a jail, and more.</itunes:subtitle>
8723 <itunes:duration>1:02:44</itunes:duration>
8724 <itunes:explicit>no</itunes:explicit>
8725 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
8726 <description>Distrowatch reviews FuryBSD, LLDB on i386 for NetBSD, wpa_supplicant as lower-class citizen, KDE on FreeBSD updates, Travel Grant for BSDCan open, ZFS dataset for testing iocage within a jail, and more.
8727 Headlines
8728 Distrowatch Fury BSD Review (https://distrowatch.com/weekly.php?issue=20200127#furybsd)
8729 FuryBSD is the most recent addition to the DistroWatch database and provides a live desktop operating system based on FreeBSD. FuryBSD is not entirely different in its goals from NomadBSD, which we discussed recently. I wanted to take this FreeBSD-based project for a test drive and see how it compares to NomadBSD and other desktop-oriented projects in the FreeBSD family.
8730 FuryBSD supplies hybrid ISO/USB images which can be used to run a live desktop. There are two desktop editions currently, both for 64-bit (x86_64) machines: Xfce and KDE Plasma. The Xfce edition is 1.4GB in size and is the flavour I downloaded. The KDE Plasma edition is about 3.0GB in size.
8731 My fresh install of FuryBSD booted to a graphical login screen. From there I could sign into my account, which brings up the Xfce desktop. The installed version of Xfce is the same as the live version, with a few minor changes. Most of the desktop icons have been removed with just the file manager launchers remaining. The Getting Started and System Information icons have been removed. Otherwise the experience is virtually identical to the live media.
8732 FuryBSD uses a theme that is mostly grey and white with creamy yellow folder icons. The application menu launchers tend to have neutral icons, neither particularly bright and detailed or minimal.
8733 LLDB now works on i386 (http://blog.netbsd.org/tnf/entry/lldb_now_works_on_i386)
8734 Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.
8735 In February 2019, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD's ptrace interface to cover more register types and fix compat32 issues, fixing watchpoint and threading support.
8736 The original NetBSD port of LLDB was focused on amd64 only. In January, I have extended it to support i386 executables. This includes both 32-bit builds of LLDB (running natively on i386 kernel or via compat32) and debugging 32-bit programs from 64-bit LLDB.
8737 News Roundup
8738 wpa_supplicant is definitely a lower-class citizen, sorry (https://marc.info/?l=openbsd-misc&m=158068418807352&w=2)
8739 wpa_supplicant is definitely a lower-class citizen, sorry.
8740 I increasingly wonder why this stuff matters; transit costs are so much lower than the period when eduroam was setup, and their reliance on 802.11x is super weird in a world where, for the most part
8741 + entire cities have open wifi in their downtown core
8742 + edu vs edu+transit split horizon problems have to be solved anyways
8743 + many universities have parallel open wifi
8744 + rate limiting / fare-share approaches for the open-net, on unmetered
8745 + flat-rate solves the problem
8746 + LTE hotspot off a phone isn't a rip off anymore
8747 + other open networks exist
8748 essentially no one else feels compelled to do use 802.11x for a so called "semi-open access network", so I think they've lost the plot on friction vs benefit.
8749 (we've held hackathons at EDU campus that are locked down like that, and in every case we've said no way, gotten a wire with open net, and built our own wifi. we will not subject our developers to that extra complexity).
8750 KDE FreeBSD Updates Feb 2020 (https://euroquis.nl/freebsd/2020/02/08/freebsd.html)
8751 Some bits and bobs from the KDE FreeBSD team in february 2020. We met at the FreeBSD devsummit before FOSDEM, along with other FreeBSD people. Plans were made, schemes were forged, and Groff the Goat was introduced to some new people.
8752 The big ticket things:
8753 Frameworks are at 5.66
8754 Plasma is at 5.17.5 (the beta 5.18 hasn’t been tried)
8755 KDE release service has landed 19.12.2 (same day it was released)
8756 Developer-centric:
8757 KDevelop is at 5.5.0
8758 KUserfeedback landed its 1.0.0 release
8759 CMake is 3.16.3
8760 Applications:
8761 Musescore is at 3.4.2
8762 Elisa now part of the KDE release service updates
8763 Fuure work:
8764 KIO-Fuse probably needs extra real-world testing on FreeBSD. I don’t have that kind of mounts (just NFS in /etc/fstab) so I’m not the target audience.
8765 KTextEditor is missing .editorconfig support. That can come in with the next frameworks update, when consumers update anyway. Chasing it in an intermediate release is a bit problematic because it does require some rebuilds of consumers.
8766 Travel Grant Application for BSDCan is now open (https://lists.freebsd.org/pipermail/freebsd-announce/2020-February/001929.html)
8767 Hi everyone,
8768 The Travel Grant Application for BSDCan 2020 is now open. The Foundation can help you attend BSDCan through our travel grant program. Travel grants are available to FreeBSD developers and advocates who need assistance with travel expenses for attending conferences related to FreeBSD development. BSDCan 2020 applications are due April 9, 2020. Find out more and apply at: https://www.freebsdfoundation.org/what-we-do/grants/travel-grants/
8769 Did you know the Foundation also provides grants for technical events not specifically focused on BSD? If you feel that your attendance at one of these events will benefit the FreeBSD Project and Community and you need assistance getting there, please fill out the general travel grant application. Your application must be received 7 weeks prior to the event. The general application can be found here: https://goo.gl/forms/QzsOMR8Jra0vqFYH2
8770 Creating a ZFS dataset for testing iocage within a jail (https://dan.langille.org/2020/02/01/creating-a-zfs-dataset-for-testing-iocage-within-a-jail/)
8771 Be warned, this failed. I’m stalled and I have not completed this.
8772 I’m going to do jails within a jail. I already do that with poudriere in a jail but here I want to test an older version of iocage before upgrading my current jail hosts to a newer version.
8773 In this post:
8774 FreeBSD 12.1
8775 py36-iocage-1.2_3
8776 py36-iocage-1.2_4
8777 This post includes my errors and mistakes. Perhaps you should proceed carefully and read it all first.
8778 Beastie Bits
8779 Reminder: the FreeBSD Journal is free! Check out these great articles (https://www.freebsdfoundation.org/journal/browser-based-edition/)
8780 Serenity GUI desktop running on an OpenBSD kernel (https://twitter.com/jcs/status/1224205573656322048)
8781 The Open Source Parts of MacOS (https://github.com/apple-open-source/macos)
8782 FOSDEM videos available (https://www.fosdem.org/2020/schedule/track/bsd/)
8783 Feedback/Questions
8784 Michael - Install with ZFS (http://dpaste.com/3WRC9CQ#wrap)
8785 Mohammad - Server Freeze (http://dpaste.com/3BYZKMS#wrap)
8786 Todd - ZFS Questions (http://dpaste.com/2J50HSJ#wrap)
8787 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
8788 <video controls preload="metadata" style=" width:426px; height:240px;">
8789 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0338.mp4" type="video/mp4">
8790 Your browser does not support the HTML5 video tag.
8791 </video>
8792 </description>
8793 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, distrowatch, furybsd, review, lldb, i386, wpa_supplicant, KDE, desktop environment, DE, travel grant, grant, iocage, dataset, zfs, jail</itunes:keywords>
8794 <content:encoded>
8795 <![CDATA[<p>Distrowatch reviews FuryBSD, LLDB on i386 for NetBSD, wpa_supplicant as lower-class citizen, KDE on FreeBSD updates, Travel Grant for BSDCan open, ZFS dataset for testing iocage within a jail, and more.</p>
8796
8797 <h2>Headlines</h2>
8798
8799 <h3><a href="https://distrowatch.com/weekly.php?issue=20200127#furybsd" rel="nofollow">Distrowatch Fury BSD Review</a></h3>
8800
8801 <blockquote>
8802 <p>FuryBSD is the most recent addition to the DistroWatch database and provides a live desktop operating system based on FreeBSD. FuryBSD is not entirely different in its goals from NomadBSD, which we discussed recently. I wanted to take this FreeBSD-based project for a test drive and see how it compares to NomadBSD and other desktop-oriented projects in the FreeBSD family.</p>
8803
8804 <p>FuryBSD supplies hybrid ISO/USB images which can be used to run a live desktop. There are two desktop editions currently, both for 64-bit (x86_64) machines: Xfce and KDE Plasma. The Xfce edition is 1.4GB in size and is the flavour I downloaded. The KDE Plasma edition is about 3.0GB in size.</p>
8805
8806 <p>My fresh install of FuryBSD booted to a graphical login screen. From there I could sign into my account, which brings up the Xfce desktop. The installed version of Xfce is the same as the live version, with a few minor changes. Most of the desktop icons have been removed with just the file manager launchers remaining. The Getting Started and System Information icons have been removed. Otherwise the experience is virtually identical to the live media.</p>
8807
8808 <p>FuryBSD uses a theme that is mostly grey and white with creamy yellow folder icons. The application menu launchers tend to have neutral icons, neither particularly bright and detailed or minimal.</p>
8809 </blockquote>
8810
8811 <hr>
8812
8813 <h3><a href="http://blog.netbsd.org/tnf/entry/lldb_now_works_on_i386" rel="nofollow">LLDB now works on i386</a></h3>
8814
8815 <blockquote>
8816 <p>Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.</p>
8817
8818 <p>In February 2019, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD's ptrace interface to cover more register types and fix compat32 issues, fixing watchpoint and threading support.</p>
8819
8820 <p>The original NetBSD port of LLDB was focused on amd64 only. In January, I have extended it to support i386 executables. This includes both 32-bit builds of LLDB (running natively on i386 kernel or via compat32) and debugging 32-bit programs from 64-bit LLDB.</p>
8821 </blockquote>
8822
8823 <hr>
8824
8825 <h2>News Roundup</h2>
8826
8827 <h3><a href="https://marc.info/?l=openbsd-misc&m=158068418807352&w=2" rel="nofollow">wpa_supplicant is definitely a lower-class citizen, sorry</a></h3>
8828
8829 <blockquote>
8830 <p>wpa_supplicant is definitely a lower-class citizen, sorry.</p>
8831
8832 <p>I increasingly wonder why this stuff matters; transit costs are so much lower than the period when eduroam was setup, and their reliance on 802.11x is super weird in a world where, for the most part<br>
8833 + entire cities have open wifi in their downtown core<br>
8834 + edu vs edu+transit split horizon problems have to be solved anyways<br>
8835 + many universities have parallel open wifi<br>
8836 + rate limiting / fare-share approaches for the open-net, on unmetered<br>
8837 + flat-rate solves the problem<br>
8838 + LTE hotspot off a phone isn't a rip off anymore<br>
8839 + other open networks exist</p>
8840
8841 <p>essentially no one else feels compelled to do use 802.11x for a so called "semi-open access network", so I think they've lost the plot on friction vs benefit.</p>
8842
8843 <p>(we've held hackathons at EDU campus that are locked down like that, and in every case we've said no way, gotten a wire with open net, and built our own wifi. we will not subject our developers to that extra complexity).</p>
8844 </blockquote>
8845
8846 <hr>
8847
8848 <h3><a href="https://euroquis.nl/freebsd/2020/02/08/freebsd.html" rel="nofollow">KDE FreeBSD Updates Feb 2020</a></h3>
8849
8850 <blockquote>
8851 <p>Some bits and bobs from the KDE FreeBSD team in february 2020. We met at the FreeBSD devsummit before FOSDEM, along with other FreeBSD people. Plans were made, schemes were forged, and Groff the Goat was introduced to some new people. </p>
8852 </blockquote>
8853
8854 <ul>
8855 <li>The big ticket things:
8856
8857 <ul>
8858 <li> Frameworks are at 5.66</li>
8859 <li>Plasma is at 5.17.5 (the beta 5.18 hasn’t been tried)</li>
8860 <li>KDE release service has landed 19.12.2 (same day it was released)</li>
8861 </ul></li>
8862 <li>Developer-centric:
8863
8864 <ul>
8865 <li>KDevelop is at 5.5.0</li>
8866 <li>KUserfeedback landed its 1.0.0 release</li>
8867 <li>CMake is 3.16.3</li>
8868 </ul></li>
8869 <li>Applications:
8870
8871 <ul>
8872 <li>Musescore is at 3.4.2</li>
8873 <li>Elisa now part of the KDE release service updates</li>
8874 </ul></li>
8875 <li>Fuure work:
8876
8877 <ul>
8878 <li>KIO-Fuse probably needs extra real-world testing on FreeBSD. I don’t have that kind of mounts (just NFS in /etc/fstab) so I’m not the target audience.</li>
8879 <li>KTextEditor is missing .editorconfig support. That can come in with the next frameworks update, when consumers update anyway. Chasing it in an intermediate release is a bit problematic because it does require some rebuilds of consumers.</li>
8880 </ul></li>
8881 </ul>
8882
8883 <hr>
8884
8885 <h3><a href="https://lists.freebsd.org/pipermail/freebsd-announce/2020-February/001929.html" rel="nofollow">Travel Grant Application for BSDCan is now open</a></h3>
8886
8887 <blockquote>
8888 <p>Hi everyone,</p>
8889
8890 <p>The Travel Grant Application for BSDCan 2020 is now open. The Foundation can help you attend BSDCan through our travel grant program. Travel grants are available to FreeBSD developers and advocates who need assistance with travel expenses for attending conferences related to FreeBSD development. BSDCan 2020 applications are due April 9, 2020. Find out more and apply at: <a href="https://www.freebsdfoundation.org/what-we-do/grants/travel-grants/" rel="nofollow">https://www.freebsdfoundation.org/what-we-do/grants/travel-grants/</a></p>
8891
8892 <p>Did you know the Foundation also provides grants for technical events not specifically focused on BSD? If you feel that your attendance at one of these events will benefit the FreeBSD Project and Community and you need assistance getting there, please fill out the general travel grant application. Your application must be received 7 weeks prior to the event. The general application can be found here: <a href="https://goo.gl/forms/QzsOMR8Jra0vqFYH2" rel="nofollow">https://goo.gl/forms/QzsOMR8Jra0vqFYH2</a></p>
8893 </blockquote>
8894
8895 <hr>
8896
8897 <h3><a href="https://dan.langille.org/2020/02/01/creating-a-zfs-dataset-for-testing-iocage-within-a-jail/" rel="nofollow">Creating a ZFS dataset for testing iocage within a jail</a></h3>
8898
8899 <ul>
8900 <li>Be warned, this failed. I’m stalled and I have not completed this.</li>
8901 </ul>
8902
8903 <blockquote>
8904 <p>I’m going to do jails within a jail. I already do that with poudriere in a jail but here I want to test an older version of iocage before upgrading my current jail hosts to a newer version.</p>
8905 </blockquote>
8906
8907 <ul>
8908 <li>In this post:
8909
8910 <ul>
8911 <li>FreeBSD 12.1</li>
8912 <li>py36-iocage-1.2_3</li>
8913 <li>py36-iocage-1.2_4</li>
8914 </ul></li>
8915 </ul>
8916
8917 <blockquote>
8918 <p>This post includes my errors and mistakes. Perhaps you should proceed carefully and read it all first.</p>
8919 </blockquote>
8920
8921 <hr>
8922
8923 <h2>Beastie Bits</h2>
8924
8925 <ul>
8926 <li><a href="https://www.freebsdfoundation.org/journal/browser-based-edition/" rel="nofollow">Reminder: the FreeBSD Journal is free! Check out these great articles</a></li>
8927 <li><a href="https://twitter.com/jcs/status/1224205573656322048" rel="nofollow">Serenity GUI desktop running on an OpenBSD kernel</a></li>
8928 <li><a href="https://github.com/apple-open-source/macos" rel="nofollow">The Open Source Parts of MacOS</a></li>
8929 <li><a href="https://www.fosdem.org/2020/schedule/track/bsd/" rel="nofollow">FOSDEM videos available</a></li>
8930 </ul>
8931
8932 <hr>
8933
8934 <h2>Feedback/Questions</h2>
8935
8936 <ul>
8937 <li>Michael - <a href="http://dpaste.com/3WRC9CQ#wrap" rel="nofollow">Install with ZFS</a></li>
8938 <li>Mohammad - <a href="http://dpaste.com/3BYZKMS#wrap" rel="nofollow">Server Freeze</a></li>
8939 <li>Todd - <a href="http://dpaste.com/2J50HSJ#wrap" rel="nofollow">ZFS Questions</a></li>
8940 </ul>
8941
8942 <hr>
8943
8944 <ul>
8945 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
8946 </ul>
8947
8948 <hr>
8949
8950 <video controls preload="metadata" style=" width:426px; height:240px;">
8951 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0338.mp4" type="video/mp4">
8952 Your browser does not support the HTML5 video tag.
8953 </video>]]>
8954 </content:encoded>
8955 <itunes:summary>
8956 <![CDATA[<p>Distrowatch reviews FuryBSD, LLDB on i386 for NetBSD, wpa_supplicant as lower-class citizen, KDE on FreeBSD updates, Travel Grant for BSDCan open, ZFS dataset for testing iocage within a jail, and more.</p>
8957
8958 <h2>Headlines</h2>
8959
8960 <h3><a href="https://distrowatch.com/weekly.php?issue=20200127#furybsd" rel="nofollow">Distrowatch Fury BSD Review</a></h3>
8961
8962 <blockquote>
8963 <p>FuryBSD is the most recent addition to the DistroWatch database and provides a live desktop operating system based on FreeBSD. FuryBSD is not entirely different in its goals from NomadBSD, which we discussed recently. I wanted to take this FreeBSD-based project for a test drive and see how it compares to NomadBSD and other desktop-oriented projects in the FreeBSD family.</p>
8964
8965 <p>FuryBSD supplies hybrid ISO/USB images which can be used to run a live desktop. There are two desktop editions currently, both for 64-bit (x86_64) machines: Xfce and KDE Plasma. The Xfce edition is 1.4GB in size and is the flavour I downloaded. The KDE Plasma edition is about 3.0GB in size.</p>
8966
8967 <p>My fresh install of FuryBSD booted to a graphical login screen. From there I could sign into my account, which brings up the Xfce desktop. The installed version of Xfce is the same as the live version, with a few minor changes. Most of the desktop icons have been removed with just the file manager launchers remaining. The Getting Started and System Information icons have been removed. Otherwise the experience is virtually identical to the live media.</p>
8968
8969 <p>FuryBSD uses a theme that is mostly grey and white with creamy yellow folder icons. The application menu launchers tend to have neutral icons, neither particularly bright and detailed or minimal.</p>
8970 </blockquote>
8971
8972 <hr>
8973
8974 <h3><a href="http://blog.netbsd.org/tnf/entry/lldb_now_works_on_i386" rel="nofollow">LLDB now works on i386</a></h3>
8975
8976 <blockquote>
8977 <p>Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.</p>
8978
8979 <p>In February 2019, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD's ptrace interface to cover more register types and fix compat32 issues, fixing watchpoint and threading support.</p>
8980
8981 <p>The original NetBSD port of LLDB was focused on amd64 only. In January, I have extended it to support i386 executables. This includes both 32-bit builds of LLDB (running natively on i386 kernel or via compat32) and debugging 32-bit programs from 64-bit LLDB.</p>
8982 </blockquote>
8983
8984 <hr>
8985
8986 <h2>News Roundup</h2>
8987
8988 <h3><a href="https://marc.info/?l=openbsd-misc&m=158068418807352&w=2" rel="nofollow">wpa_supplicant is definitely a lower-class citizen, sorry</a></h3>
8989
8990 <blockquote>
8991 <p>wpa_supplicant is definitely a lower-class citizen, sorry.</p>
8992
8993 <p>I increasingly wonder why this stuff matters; transit costs are so much lower than the period when eduroam was setup, and their reliance on 802.11x is super weird in a world where, for the most part<br>
8994 + entire cities have open wifi in their downtown core<br>
8995 + edu vs edu+transit split horizon problems have to be solved anyways<br>
8996 + many universities have parallel open wifi<br>
8997 + rate limiting / fare-share approaches for the open-net, on unmetered<br>
8998 + flat-rate solves the problem<br>
8999 + LTE hotspot off a phone isn't a rip off anymore<br>
9000 + other open networks exist</p>
9001
9002 <p>essentially no one else feels compelled to do use 802.11x for a so called "semi-open access network", so I think they've lost the plot on friction vs benefit.</p>
9003
9004 <p>(we've held hackathons at EDU campus that are locked down like that, and in every case we've said no way, gotten a wire with open net, and built our own wifi. we will not subject our developers to that extra complexity).</p>
9005 </blockquote>
9006
9007 <hr>
9008
9009 <h3><a href="https://euroquis.nl/freebsd/2020/02/08/freebsd.html" rel="nofollow">KDE FreeBSD Updates Feb 2020</a></h3>
9010
9011 <blockquote>
9012 <p>Some bits and bobs from the KDE FreeBSD team in february 2020. We met at the FreeBSD devsummit before FOSDEM, along with other FreeBSD people. Plans were made, schemes were forged, and Groff the Goat was introduced to some new people. </p>
9013 </blockquote>
9014
9015 <ul>
9016 <li>The big ticket things:
9017
9018 <ul>
9019 <li> Frameworks are at 5.66</li>
9020 <li>Plasma is at 5.17.5 (the beta 5.18 hasn’t been tried)</li>
9021 <li>KDE release service has landed 19.12.2 (same day it was released)</li>
9022 </ul></li>
9023 <li>Developer-centric:
9024
9025 <ul>
9026 <li>KDevelop is at 5.5.0</li>
9027 <li>KUserfeedback landed its 1.0.0 release</li>
9028 <li>CMake is 3.16.3</li>
9029 </ul></li>
9030 <li>Applications:
9031
9032 <ul>
9033 <li>Musescore is at 3.4.2</li>
9034 <li>Elisa now part of the KDE release service updates</li>
9035 </ul></li>
9036 <li>Fuure work:
9037
9038 <ul>
9039 <li>KIO-Fuse probably needs extra real-world testing on FreeBSD. I don’t have that kind of mounts (just NFS in /etc/fstab) so I’m not the target audience.</li>
9040 <li>KTextEditor is missing .editorconfig support. That can come in with the next frameworks update, when consumers update anyway. Chasing it in an intermediate release is a bit problematic because it does require some rebuilds of consumers.</li>
9041 </ul></li>
9042 </ul>
9043
9044 <hr>
9045
9046 <h3><a href="https://lists.freebsd.org/pipermail/freebsd-announce/2020-February/001929.html" rel="nofollow">Travel Grant Application for BSDCan is now open</a></h3>
9047
9048 <blockquote>
9049 <p>Hi everyone,</p>
9050
9051 <p>The Travel Grant Application for BSDCan 2020 is now open. The Foundation can help you attend BSDCan through our travel grant program. Travel grants are available to FreeBSD developers and advocates who need assistance with travel expenses for attending conferences related to FreeBSD development. BSDCan 2020 applications are due April 9, 2020. Find out more and apply at: <a href="https://www.freebsdfoundation.org/what-we-do/grants/travel-grants/" rel="nofollow">https://www.freebsdfoundation.org/what-we-do/grants/travel-grants/</a></p>
9052
9053 <p>Did you know the Foundation also provides grants for technical events not specifically focused on BSD? If you feel that your attendance at one of these events will benefit the FreeBSD Project and Community and you need assistance getting there, please fill out the general travel grant application. Your application must be received 7 weeks prior to the event. The general application can be found here: <a href="https://goo.gl/forms/QzsOMR8Jra0vqFYH2" rel="nofollow">https://goo.gl/forms/QzsOMR8Jra0vqFYH2</a></p>
9054 </blockquote>
9055
9056 <hr>
9057
9058 <h3><a href="https://dan.langille.org/2020/02/01/creating-a-zfs-dataset-for-testing-iocage-within-a-jail/" rel="nofollow">Creating a ZFS dataset for testing iocage within a jail</a></h3>
9059
9060 <ul>
9061 <li>Be warned, this failed. I’m stalled and I have not completed this.</li>
9062 </ul>
9063
9064 <blockquote>
9065 <p>I’m going to do jails within a jail. I already do that with poudriere in a jail but here I want to test an older version of iocage before upgrading my current jail hosts to a newer version.</p>
9066 </blockquote>
9067
9068 <ul>
9069 <li>In this post:
9070
9071 <ul>
9072 <li>FreeBSD 12.1</li>
9073 <li>py36-iocage-1.2_3</li>
9074 <li>py36-iocage-1.2_4</li>
9075 </ul></li>
9076 </ul>
9077
9078 <blockquote>
9079 <p>This post includes my errors and mistakes. Perhaps you should proceed carefully and read it all first.</p>
9080 </blockquote>
9081
9082 <hr>
9083
9084 <h2>Beastie Bits</h2>
9085
9086 <ul>
9087 <li><a href="https://www.freebsdfoundation.org/journal/browser-based-edition/" rel="nofollow">Reminder: the FreeBSD Journal is free! Check out these great articles</a></li>
9088 <li><a href="https://twitter.com/jcs/status/1224205573656322048" rel="nofollow">Serenity GUI desktop running on an OpenBSD kernel</a></li>
9089 <li><a href="https://github.com/apple-open-source/macos" rel="nofollow">The Open Source Parts of MacOS</a></li>
9090 <li><a href="https://www.fosdem.org/2020/schedule/track/bsd/" rel="nofollow">FOSDEM videos available</a></li>
9091 </ul>
9092
9093 <hr>
9094
9095 <h2>Feedback/Questions</h2>
9096
9097 <ul>
9098 <li>Michael - <a href="http://dpaste.com/3WRC9CQ#wrap" rel="nofollow">Install with ZFS</a></li>
9099 <li>Mohammad - <a href="http://dpaste.com/3BYZKMS#wrap" rel="nofollow">Server Freeze</a></li>
9100 <li>Todd - <a href="http://dpaste.com/2J50HSJ#wrap" rel="nofollow">ZFS Questions</a></li>
9101 </ul>
9102
9103 <hr>
9104
9105 <ul>
9106 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
9107 </ul>
9108
9109 <hr>
9110
9111 <video controls preload="metadata" style=" width:426px; height:240px;">
9112 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0338.mp4" type="video/mp4">
9113 Your browser does not support the HTML5 video tag.
9114 </video>]]>
9115 </itunes:summary>
9116 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+w6Oc8D2s</fireside:playerURL>
9117 <fireside:playerEmbedCode>
9118 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+w6Oc8D2s" width="740" height="200" frameborder="0" scrolling="no">]]>
9119 </fireside:playerEmbedCode>
9120 </item>
9121 <item>
9122 <title>337: Kubernetes on bhyve</title>
9123 <link>https://www.bsdnow.tv/337</link>
9124 <guid isPermaLink="false">4a814adb-1ea5-41e3-baee-5645c60315d2</guid>
9125 <pubDate>Thu, 13 Feb 2020 08:30:00 -0800</pubDate>
9126 <author>Allan Jude</author>
9127 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4a814adb-1ea5-41e3-baee-5645c60315d2.mp3" length="57168584" type="audio/mp3"/>
9128 <itunes:episodeType>full</itunes:episodeType>
9129 <itunes:author>Allan Jude</itunes:author>
9130 <itunes:subtitle>Happinesses and stresses of full-time FOSS work, building a FreeBSD fileserver, Kubernetes on FreeBSD bhyve, NetBSD 9 RC1 available, OPNSense 20.1 is here, HardenedBSD’s idealistic future, and more.</itunes:subtitle>
9131 <itunes:duration>1:19:24</itunes:duration>
9132 <itunes:explicit>no</itunes:explicit>
9133 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
9134 <description>Happinesses and stresses of full-time FOSS work, building a FreeBSD fileserver, Kubernetes on FreeBSD bhyve, NetBSD 9 RC1 available, OPNSense 20.1 is here, HardenedBSD’s idealistic future, and more.
9135 Headlines
9136 The happinesses and stresses of full-time FOSS work (https://drewdevault.com//2020/01/21/Stress-and-happiness.html)
9137 In the past few days, several free software maintainers have come out to discuss the stresses of their work. Though the timing was suggestive, my article last week on the philosophy of project governance was, at best, only tangentially related to this topic - I had been working on that article for a while. I do have some thoughts that I’d like to share about what kind of stresses I’ve dealt with as a FOSS maintainer, and how I’ve managed (or often mismanaged) it.
9138 February will mark one year that I’ve been working on self-directed free software projects full-time. I was planning on writing an optimistic retrospective article around this time, but given the current mood of the ecosystem I think it would be better to be realistic. In this stage of my career, I now feel at once happier, busier, more fulfilled, more engaged, more stressed, and more depressed than I have at any other point in my life.
9139 The good parts are numerous. I’m able to work on my life’s passions, and my projects are in the best shape they’ve ever been thanks to the attention I’m able to pour into them. I’ve also been able to do more thoughtful, careful work; with the extra time I’ve been able to make my software more robust and reliable than it’s ever been. The variety of projects I can invest my time into has also increased substantially, with what was once relegated to minor curiosities now receiving a similar amount of attention as my larger projects were receiving in my spare time before. I can work from anywhere in the world, at any time, not worrying about when to take time off and when to put my head down and crank out a lot of code.
9140 The frustrations are numerous, as well. I often feel like I’ve bit off more than I can chew. This has been the default state of affairs for me for a long time; I’m often neglecting half of my projects in order to obtain progress by leaps and bounds in just a few. Working on FOSS full-time has cast this model’s disadvantages into greater relief, as I focus on a greater breadth of projects and spend more time on them.
9141 Building a FreeBSD File Server (https://www.vmwareblog.org/building-freebsd-file-server/)
9142 Recently at my job, I was faced with a task to develop a file server explicitly suited for the requirements of the company. Needless to say, any configuration of a kind depends on what the infrastructure needs. So, drawing from my personal experience and numerous materials on the web, I came up with the combination FreeBSD+SAMBA+AD as the most appropriate. It appears to be a perfect choice for this environment, and harmonic addition to the existing network configuration since FreeBSD + SAMBA + AD enables admins with the broad range of possibilities for access control. However, as nothing is perfect, this configuration isn’t the best choice if your priority is data protection because it won’t be able to reach the necessary levels of reliability and fault tolerance without outside improvements.
9143 Now, since we’ve established that, let’s move on to the next point. This article’s describing the process of building a test environment while concentrating primarily on the details of the configuration. As the author, though, I must say I’m in no way suggesting that this is the only way! The following configuration will be presented in its initial stage, with the minimum requirements necessary to get the job done, and its purpose in one specific situation only. Here, look at this as a useful strategy to solve similar tasks. Well, let’s get started!
9144 Report from the first Hamilton BSD Users Group Meeting (https://twitter.com/hambug_ca/status/1227664949914349569)
9145 February 11th was the first meeting of this new user group, founded by John Young and myself
9146 11 people attended, and a lot of good discussions were had
9147 One of the attendees already owns a domain that fits well for the group, so we will be getting that setup over the next few weeks, as well as the twitter account, and other organization stuff.
9148 Special thanks to the illumos users who drove in from Buffalo to attend, although they may have actually had a shorter drive than a few of the other attendees.
9149 The next meeting is scheduled again for the 2nd Tuesday of the month, March 10th.
9150 We are still discussing if we should meet at a restaurant again, or try to get a space at the local college or innovation hub where we can have a projector etc.
9151 News Roundup
9152 Kubernetes on FreeBSD Bhyve (https://www.bsdstore.ru/en/articles/cbsd_k8s_part1.html)
9153 There are quite a few solutions for container orchestration, but the most popular (or the most famous and highly advertised, is probably, a Kubernetes) Since I plan to conduct many experiments with installing and configuring k8s, I need a laboratory in which I can quickly and easily deploy a cluster in any quantities for myself. In my work and everyday life I use two OS very tightly - Linux and FreeBSD OS. Kubernetes and docker are Linux-centric projects, and at first glance, you should not expect any useful participation and help from FreeBSD here. As the saying goes, an elephant can be made out of a fly, but it will no longer fly. However, two tempting things come to mind - this is very good integration and work in the FreeBSD ZFS file system, from which it would be nice to use the snapshot mechanism, COW and reliability. And the second is the bhyve hypervisor, because we still need the docker and k8s loader in the form of the Linux kernel. Thus, we need to connect a certain number of actions in various ways, most of which are related to starting and pre-configuring virtual machines. This is typical of both a Linux-based server and FreeBSD. What exactly will work under the hood to run virtual machines does not play a big role. And if so - let's take a FreeBSD here!
9154 NetBSD 9 RC1 Available (http://blog.netbsd.org/tnf/entry/first_release_candidate_for_netbsd)
9155 We hope this will lead to the best NetBSD release ever (only to be topped by NetBSD 10 next year).
9156 Here are a few highlights of the new release:
9157 Support for Arm AArch64 (64-bit Armv8-A) machines, including "Arm ServerReady" compliant machines (SBBR+SBSA)
9158 Enhanced hardware support for Armv7-A
9159 Updated GPU drivers (e.g. support for Intel Kabylake)
9160 Enhanced virtualization support
9161 Support for hardware-accelerated virtualization (NVMM)
9162 Support for Performance Monitoring Counters
9163 Support for Kernel ASLR
9164 Support several kernel sanitizers (KLEAK, KASAN, KUBSAN)
9165 Support for userland sanitizers
9166 Audit of the network stack
9167 Many improvements in NPF
9168 Updated ZFS
9169 Reworked error handling and NCQ support in the SATA subsystem
9170 Support a common framework for USB Ethernet drivers (usbnet)
9171 You can download binaries of NetBSD 9.0RC1 from our Fastly-provided CDN: https://cdn.netbsd.org/pub/NetBSD/NetBSD-9.0RC1/
9172 OPNsense 20.1 Keen Kingfisher released (https://opnsense.org/opnsense-20-1-keen-kingfisher-released/)
9173 For over 5 years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.
9174 20.1, nicknamed "Keen Kingfisher", is a subtle improvement on sustainable firewall experience. This release adds VXLAN and additional loopback device support, IPsec public key authentication and elliptic curve TLS certificate creation amongst others. Third party software has been updated to their latest versions. The logging frontend was rewritten for MVC with seamless API support. On the far side the documentation increased in quality as well as quantity and now presents itself in a familiar menu layout.
9175 Idealistic Future for HardenedBSD (https://hardenedbsd.org/article/shawn-webb/2020-01-26/idealistic-future-hardenedbsd)
9176 Over the past month, we purchased and deployed the new 13-CURRENT/amd64 package building server. We published our first 13-CURRENT/amd64 production package build using that server. We then rebuilt the old package building server to act as the 12-STABLE/amd64 package building server. This post signifies a very important milestone: we have now fully recovered from last year's death of our infrastructure. Our 12-STABLE/amd64 repo, previously out-of-date by many months, is now fully up-to-date!
9177 HardenedBSD is in a very unique position to provide innovative solutions to at-risk and underprivileged populations. As such, we are making human rights endeavors a defining area of focus. Our infrastructure will integrate various privacy and anonymity enhancing technologies and techniques to protect lives. Our operating system's security posture will increase, especially with our focus on exploit mitigations.
9178 Navigating the intersection between human rights and information security directly impacts lives. HardenedBSD's 2020 mission and focus is to deliver an entire hardened ecosystem that is unfriendly towards those who would oppress or censor their people. This includes a subtle shift in priorities to match this new mission and focus. While we implement exploit mitigations and further harden the ecosystem, we will seek out opportunities to contribute a tangible and unique impact on human rights issues. Providing Tor Onion Services for our core infrastructure is the first step in likely many to come towards securely helping those in need.
9179 Beastie Bits
9180 Warner Losh's FOSDEM talk (https://fosdem.org/2020/interviews/warner-losh/)
9181 Relational Pipes v0.15 (https://relational-pipes.globalcode.info/v_0/release-v0.15.xhtml)
9182 A reminder for where to find NetBSD ARM images (http://www.armbsd.org/arm/)
9183 New Safe Memory Reclamation feature in UMA (https://lists.freebsd.org/pipermail/freebsd-arch/2020-January/019866.html)
9184 BSD Users Stockholm Meetup (https://twitter.com/niclaszeising/status/1216667359831842817)
9185 Feedback/Questions
9186 ZFS - Rosetta Stone Document? (http://dpaste.com/13EK8YH#wrap)
9187 Pat - Question (http://dpaste.com/2DN5RA4#wrap)
9188 Sigflup - Wayland on the BSDs (http://dpaste.com/03Y4FQ7#wrap)
9189 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
9190 <video controls preload="metadata" style=" width:426px; height:240px;">
9191 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0337.mp4" type="video/mp4">
9192 Your browser does not support the HTML5 video tag.
9193 </video>
9194 </description>
9195 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, happyness, stress, foss, full time open source, fileserver, file server, kubernetes, k8s, bhyve, netbsd 10, opnsense, keen kingfisher</itunes:keywords>
9196 <content:encoded>
9197 <![CDATA[<p>Happinesses and stresses of full-time FOSS work, building a FreeBSD fileserver, Kubernetes on FreeBSD bhyve, NetBSD 9 RC1 available, OPNSense 20.1 is here, HardenedBSD’s idealistic future, and more.</p>
9198
9199 <h2>Headlines</h2>
9200
9201 <h3><a href="https://drewdevault.com//2020/01/21/Stress-and-happiness.html" rel="nofollow">The happinesses and stresses of full-time FOSS work</a></h3>
9202
9203 <blockquote>
9204 <p>In the past few days, several free software maintainers have come out to discuss the stresses of their work. Though the timing was suggestive, my article last week on the philosophy of project governance was, at best, only tangentially related to this topic - I had been working on that article for a while. I do have some thoughts that I’d like to share about what kind of stresses I’ve dealt with as a FOSS maintainer, and how I’ve managed (or often mismanaged) it.</p>
9205
9206 <p>February will mark one year that I’ve been working on self-directed free software projects full-time. I was planning on writing an optimistic retrospective article around this time, but given the current mood of the ecosystem I think it would be better to be realistic. In this stage of my career, I now feel at once happier, busier, more fulfilled, more engaged, more stressed, and more depressed than I have at any other point in my life.</p>
9207
9208 <p>The good parts are numerous. I’m able to work on my life’s passions, and my projects are in the best shape they’ve ever been thanks to the attention I’m able to pour into them. I’ve also been able to do more thoughtful, careful work; with the extra time I’ve been able to make my software more robust and reliable than it’s ever been. The variety of projects I can invest my time into has also increased substantially, with what was once relegated to minor curiosities now receiving a similar amount of attention as my larger projects were receiving in my spare time before. I can work from anywhere in the world, at any time, not worrying about when to take time off and when to put my head down and crank out a lot of code.</p>
9209
9210 <p>The frustrations are numerous, as well. I often feel like I’ve bit off more than I can chew. This has been the default state of affairs for me for a long time; I’m often neglecting half of my projects in order to obtain progress by leaps and bounds in just a few. Working on FOSS full-time has cast this model’s disadvantages into greater relief, as I focus on a greater breadth of projects and spend more time on them.</p>
9211 </blockquote>
9212
9213 <hr>
9214
9215 <h3><a href="https://www.vmwareblog.org/building-freebsd-file-server/" rel="nofollow">Building a FreeBSD File Server</a></h3>
9216
9217 <blockquote>
9218 <p>Recently at my job, I was faced with a task to develop a file server explicitly suited for the requirements of the company. Needless to say, any configuration of a kind depends on what the infrastructure needs. So, drawing from my personal experience and numerous materials on the web, I came up with the combination FreeBSD+SAMBA+AD as the most appropriate. It appears to be a perfect choice for this environment, and harmonic addition to the existing network configuration since FreeBSD + SAMBA + AD enables admins with the broad range of possibilities for access control. However, as nothing is perfect, this configuration isn’t the best choice if your priority is data protection because it won’t be able to reach the necessary levels of reliability and fault tolerance without outside improvements.</p>
9219
9220 <p>Now, since we’ve established that, let’s move on to the next point. This article’s describing the process of building a test environment while concentrating primarily on the details of the configuration. As the author, though, I must say I’m in no way suggesting that this is the only way! The following configuration will be presented in its initial stage, with the minimum requirements necessary to get the job done, and its purpose in one specific situation only. Here, look at this as a useful strategy to solve similar tasks. Well, let’s get started!</p>
9221 </blockquote>
9222
9223 <hr>
9224
9225 <h3><a href="https://twitter.com/hambug_ca/status/1227664949914349569" rel="nofollow">Report from the first Hamilton BSD Users Group Meeting</a></h3>
9226
9227 <blockquote>
9228 <p>February 11th was the first meeting of this new user group, founded by John Young and myself</p>
9229
9230 <p>11 people attended, and a lot of good discussions were had</p>
9231
9232 <p>One of the attendees already owns a domain that fits well for the group, so we will be getting that setup over the next few weeks, as well as the twitter account, and other organization stuff.</p>
9233
9234 <p>Special thanks to the illumos users who drove in from Buffalo to attend, although they may have actually had a shorter drive than a few of the other attendees.</p>
9235
9236 <p>The next meeting is scheduled again for the 2nd Tuesday of the month, March 10th.</p>
9237
9238 <p>We are still discussing if we should meet at a restaurant again, or try to get a space at the local college or innovation hub where we can have a projector etc.</p>
9239 </blockquote>
9240
9241 <hr>
9242
9243 <h2>News Roundup</h2>
9244
9245 <h3><a href="https://www.bsdstore.ru/en/articles/cbsd_k8s_part1.html" rel="nofollow">Kubernetes on FreeBSD Bhyve</a></h3>
9246
9247 <blockquote>
9248 <p>There are quite a few solutions for container orchestration, but the most popular (or the most famous and highly advertised, is probably, a Kubernetes) Since I plan to conduct many experiments with installing and configuring k8s, I need a laboratory in which I can quickly and easily deploy a cluster in any quantities for myself. In my work and everyday life I use two OS very tightly - Linux and FreeBSD OS. Kubernetes and docker are Linux-centric projects, and at first glance, you should not expect any useful participation and help from FreeBSD here. As the saying goes, an elephant can be made out of a fly, but it will no longer fly. However, two tempting things come to mind - this is very good integration and work in the FreeBSD ZFS file system, from which it would be nice to use the snapshot mechanism, COW and reliability. And the second is the bhyve hypervisor, because we still need the docker and k8s loader in the form of the Linux kernel. Thus, we need to connect a certain number of actions in various ways, most of which are related to starting and pre-configuring virtual machines. This is typical of both a Linux-based server and FreeBSD. What exactly will work under the hood to run virtual machines does not play a big role. And if so - let's take a FreeBSD here!</p>
9249 </blockquote>
9250
9251 <hr>
9252
9253 <h3><a href="http://blog.netbsd.org/tnf/entry/first_release_candidate_for_netbsd" rel="nofollow">NetBSD 9 RC1 Available</a></h3>
9254
9255 <blockquote>
9256 <p>We hope this will lead to the best NetBSD release ever (only to be topped by NetBSD 10 next year).</p>
9257 </blockquote>
9258
9259 <ul>
9260 <li><p>Here are a few highlights of the new release:</p>
9261
9262 <ul>
9263 <li>Support for Arm AArch64 (64-bit Armv8-A) machines, including "Arm ServerReady" compliant machines (SBBR+SBSA)</li>
9264 <li>Enhanced hardware support for Armv7-A</li>
9265 <li>Updated GPU drivers (e.g. support for Intel Kabylake)</li>
9266 <li>Enhanced virtualization support</li>
9267 <li>Support for hardware-accelerated virtualization (NVMM)</li>
9268 <li>Support for Performance Monitoring Counters</li>
9269 <li>Support for Kernel ASLR</li>
9270 <li>Support several kernel sanitizers (KLEAK, KASAN, KUBSAN)</li>
9271 <li>Support for userland sanitizers</li>
9272 <li>Audit of the network stack</li>
9273 <li>Many improvements in NPF</li>
9274 <li>Updated ZFS</li>
9275 <li>Reworked error handling and NCQ support in the SATA subsystem</li>
9276 <li>Support a common framework for USB Ethernet drivers (usbnet)</li>
9277 </ul></li>
9278 <li><p>You can download binaries of NetBSD 9.0_RC1 from our Fastly-provided CDN: <a href="https://cdn.netbsd.org/pub/NetBSD/NetBSD-9.0_RC1/" rel="nofollow">https://cdn.netbsd.org/pub/NetBSD/NetBSD-9.0_RC1/</a></p></li>
9279 </ul>
9280
9281 <hr>
9282
9283 <h3><a href="https://opnsense.org/opnsense-20-1-keen-kingfisher-released/" rel="nofollow">OPNsense 20.1 Keen Kingfisher released</a></h3>
9284
9285 <blockquote>
9286 <p>For over 5 years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.</p>
9287
9288 <p>20.1, nicknamed "Keen Kingfisher", is a subtle improvement on sustainable firewall experience. This release adds VXLAN and additional loopback device support, IPsec public key authentication and elliptic curve TLS certificate creation amongst others. Third party software has been updated to their latest versions. The logging frontend was rewritten for MVC with seamless API support. On the far side the documentation increased in quality as well as quantity and now presents itself in a familiar menu layout.</p>
9289 </blockquote>
9290
9291 <hr>
9292
9293 <h3><a href="https://hardenedbsd.org/article/shawn-webb/2020-01-26/idealistic-future-hardenedbsd" rel="nofollow">Idealistic Future for HardenedBSD</a></h3>
9294
9295 <blockquote>
9296 <p>Over the past month, we purchased and deployed the new 13-CURRENT/amd64 package building server. We published our first 13-CURRENT/amd64 production package build using that server. We then rebuilt the old package building server to act as the 12-STABLE/amd64 package building server. This post signifies a very important milestone: we have now fully recovered from last year's death of our infrastructure. Our 12-STABLE/amd64 repo, previously out-of-date by many months, is now fully up-to-date!</p>
9297
9298 <p>HardenedBSD is in a very unique position to provide innovative solutions to at-risk and underprivileged populations. As such, we are making human rights endeavors a defining area of focus. Our infrastructure will integrate various privacy and anonymity enhancing technologies and techniques to protect lives. Our operating system's security posture will increase, especially with our focus on exploit mitigations.</p>
9299
9300 <p>Navigating the intersection between human rights and information security directly impacts lives. HardenedBSD's 2020 mission and focus is to deliver an entire hardened ecosystem that is unfriendly towards those who would oppress or censor their people. This includes a subtle shift in priorities to match this new mission and focus. While we implement exploit mitigations and further harden the ecosystem, we will seek out opportunities to contribute a tangible and unique impact on human rights issues. Providing Tor Onion Services for our core infrastructure is the first step in likely many to come towards securely helping those in need.</p>
9301 </blockquote>
9302
9303 <hr>
9304
9305 <h2>Beastie Bits</h2>
9306
9307 <ul>
9308 <li><a href="https://fosdem.org/2020/interviews/warner-losh/" rel="nofollow">Warner Losh's FOSDEM talk</a></li>
9309 <li><a href="https://relational-pipes.globalcode.info/v_0/release-v0.15.xhtml" rel="nofollow">Relational Pipes v0.15</a></li>
9310 <li><a href="http://www.armbsd.org/arm/" rel="nofollow">A reminder for where to find NetBSD ARM images</a></li>
9311 <li><a href="https://lists.freebsd.org/pipermail/freebsd-arch/2020-January/019866.html" rel="nofollow">New Safe Memory Reclamation feature in UMA</a></li>
9312 <li><a href="https://twitter.com/niclaszeising/status/1216667359831842817" rel="nofollow">BSD Users Stockholm Meetup</a></li>
9313 </ul>
9314
9315 <hr>
9316
9317 <h2>Feedback/Questions</h2>
9318
9319 <ul>
9320 <li>ZFS - <a href="http://dpaste.com/13EK8YH#wrap" rel="nofollow">Rosetta Stone Document?</a></li>
9321 <li>Pat - <a href="http://dpaste.com/2DN5RA4#wrap" rel="nofollow">Question</a></li>
9322 <li>Sigflup - <a href="http://dpaste.com/03Y4FQ7#wrap" rel="nofollow">Wayland on the BSDs</a></li>
9323 </ul>
9324
9325 <hr>
9326
9327 <ul>
9328 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
9329 </ul>
9330
9331 <hr>
9332
9333 <video controls preload="metadata" style=" width:426px; height:240px;">
9334 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0337.mp4" type="video/mp4">
9335 Your browser does not support the HTML5 video tag.
9336 </video>]]>
9337 </content:encoded>
9338 <itunes:summary>
9339 <![CDATA[<p>Happinesses and stresses of full-time FOSS work, building a FreeBSD fileserver, Kubernetes on FreeBSD bhyve, NetBSD 9 RC1 available, OPNSense 20.1 is here, HardenedBSD’s idealistic future, and more.</p>
9340
9341 <h2>Headlines</h2>
9342
9343 <h3><a href="https://drewdevault.com//2020/01/21/Stress-and-happiness.html" rel="nofollow">The happinesses and stresses of full-time FOSS work</a></h3>
9344
9345 <blockquote>
9346 <p>In the past few days, several free software maintainers have come out to discuss the stresses of their work. Though the timing was suggestive, my article last week on the philosophy of project governance was, at best, only tangentially related to this topic - I had been working on that article for a while. I do have some thoughts that I’d like to share about what kind of stresses I’ve dealt with as a FOSS maintainer, and how I’ve managed (or often mismanaged) it.</p>
9347
9348 <p>February will mark one year that I’ve been working on self-directed free software projects full-time. I was planning on writing an optimistic retrospective article around this time, but given the current mood of the ecosystem I think it would be better to be realistic. In this stage of my career, I now feel at once happier, busier, more fulfilled, more engaged, more stressed, and more depressed than I have at any other point in my life.</p>
9349
9350 <p>The good parts are numerous. I’m able to work on my life’s passions, and my projects are in the best shape they’ve ever been thanks to the attention I’m able to pour into them. I’ve also been able to do more thoughtful, careful work; with the extra time I’ve been able to make my software more robust and reliable than it’s ever been. The variety of projects I can invest my time into has also increased substantially, with what was once relegated to minor curiosities now receiving a similar amount of attention as my larger projects were receiving in my spare time before. I can work from anywhere in the world, at any time, not worrying about when to take time off and when to put my head down and crank out a lot of code.</p>
9351
9352 <p>The frustrations are numerous, as well. I often feel like I’ve bit off more than I can chew. This has been the default state of affairs for me for a long time; I’m often neglecting half of my projects in order to obtain progress by leaps and bounds in just a few. Working on FOSS full-time has cast this model’s disadvantages into greater relief, as I focus on a greater breadth of projects and spend more time on them.</p>
9353 </blockquote>
9354
9355 <hr>
9356
9357 <h3><a href="https://www.vmwareblog.org/building-freebsd-file-server/" rel="nofollow">Building a FreeBSD File Server</a></h3>
9358
9359 <blockquote>
9360 <p>Recently at my job, I was faced with a task to develop a file server explicitly suited for the requirements of the company. Needless to say, any configuration of a kind depends on what the infrastructure needs. So, drawing from my personal experience and numerous materials on the web, I came up with the combination FreeBSD+SAMBA+AD as the most appropriate. It appears to be a perfect choice for this environment, and harmonic addition to the existing network configuration since FreeBSD + SAMBA + AD enables admins with the broad range of possibilities for access control. However, as nothing is perfect, this configuration isn’t the best choice if your priority is data protection because it won’t be able to reach the necessary levels of reliability and fault tolerance without outside improvements.</p>
9361
9362 <p>Now, since we’ve established that, let’s move on to the next point. This article’s describing the process of building a test environment while concentrating primarily on the details of the configuration. As the author, though, I must say I’m in no way suggesting that this is the only way! The following configuration will be presented in its initial stage, with the minimum requirements necessary to get the job done, and its purpose in one specific situation only. Here, look at this as a useful strategy to solve similar tasks. Well, let’s get started!</p>
9363 </blockquote>
9364
9365 <hr>
9366
9367 <h3><a href="https://twitter.com/hambug_ca/status/1227664949914349569" rel="nofollow">Report from the first Hamilton BSD Users Group Meeting</a></h3>
9368
9369 <blockquote>
9370 <p>February 11th was the first meeting of this new user group, founded by John Young and myself</p>
9371
9372 <p>11 people attended, and a lot of good discussions were had</p>
9373
9374 <p>One of the attendees already owns a domain that fits well for the group, so we will be getting that setup over the next few weeks, as well as the twitter account, and other organization stuff.</p>
9375
9376 <p>Special thanks to the illumos users who drove in from Buffalo to attend, although they may have actually had a shorter drive than a few of the other attendees.</p>
9377
9378 <p>The next meeting is scheduled again for the 2nd Tuesday of the month, March 10th.</p>
9379
9380 <p>We are still discussing if we should meet at a restaurant again, or try to get a space at the local college or innovation hub where we can have a projector etc.</p>
9381 </blockquote>
9382
9383 <hr>
9384
9385 <h2>News Roundup</h2>
9386
9387 <h3><a href="https://www.bsdstore.ru/en/articles/cbsd_k8s_part1.html" rel="nofollow">Kubernetes on FreeBSD Bhyve</a></h3>
9388
9389 <blockquote>
9390 <p>There are quite a few solutions for container orchestration, but the most popular (or the most famous and highly advertised, is probably, a Kubernetes) Since I plan to conduct many experiments with installing and configuring k8s, I need a laboratory in which I can quickly and easily deploy a cluster in any quantities for myself. In my work and everyday life I use two OS very tightly - Linux and FreeBSD OS. Kubernetes and docker are Linux-centric projects, and at first glance, you should not expect any useful participation and help from FreeBSD here. As the saying goes, an elephant can be made out of a fly, but it will no longer fly. However, two tempting things come to mind - this is very good integration and work in the FreeBSD ZFS file system, from which it would be nice to use the snapshot mechanism, COW and reliability. And the second is the bhyve hypervisor, because we still need the docker and k8s loader in the form of the Linux kernel. Thus, we need to connect a certain number of actions in various ways, most of which are related to starting and pre-configuring virtual machines. This is typical of both a Linux-based server and FreeBSD. What exactly will work under the hood to run virtual machines does not play a big role. And if so - let's take a FreeBSD here!</p>
9391 </blockquote>
9392
9393 <hr>
9394
9395 <h3><a href="http://blog.netbsd.org/tnf/entry/first_release_candidate_for_netbsd" rel="nofollow">NetBSD 9 RC1 Available</a></h3>
9396
9397 <blockquote>
9398 <p>We hope this will lead to the best NetBSD release ever (only to be topped by NetBSD 10 next year).</p>
9399 </blockquote>
9400
9401 <ul>
9402 <li><p>Here are a few highlights of the new release:</p>
9403
9404 <ul>
9405 <li>Support for Arm AArch64 (64-bit Armv8-A) machines, including "Arm ServerReady" compliant machines (SBBR+SBSA)</li>
9406 <li>Enhanced hardware support for Armv7-A</li>
9407 <li>Updated GPU drivers (e.g. support for Intel Kabylake)</li>
9408 <li>Enhanced virtualization support</li>
9409 <li>Support for hardware-accelerated virtualization (NVMM)</li>
9410 <li>Support for Performance Monitoring Counters</li>
9411 <li>Support for Kernel ASLR</li>
9412 <li>Support several kernel sanitizers (KLEAK, KASAN, KUBSAN)</li>
9413 <li>Support for userland sanitizers</li>
9414 <li>Audit of the network stack</li>
9415 <li>Many improvements in NPF</li>
9416 <li>Updated ZFS</li>
9417 <li>Reworked error handling and NCQ support in the SATA subsystem</li>
9418 <li>Support a common framework for USB Ethernet drivers (usbnet)</li>
9419 </ul></li>
9420 <li><p>You can download binaries of NetBSD 9.0_RC1 from our Fastly-provided CDN: <a href="https://cdn.netbsd.org/pub/NetBSD/NetBSD-9.0_RC1/" rel="nofollow">https://cdn.netbsd.org/pub/NetBSD/NetBSD-9.0_RC1/</a></p></li>
9421 </ul>
9422
9423 <hr>
9424
9425 <h3><a href="https://opnsense.org/opnsense-20-1-keen-kingfisher-released/" rel="nofollow">OPNsense 20.1 Keen Kingfisher released</a></h3>
9426
9427 <blockquote>
9428 <p>For over 5 years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.</p>
9429
9430 <p>20.1, nicknamed "Keen Kingfisher", is a subtle improvement on sustainable firewall experience. This release adds VXLAN and additional loopback device support, IPsec public key authentication and elliptic curve TLS certificate creation amongst others. Third party software has been updated to their latest versions. The logging frontend was rewritten for MVC with seamless API support. On the far side the documentation increased in quality as well as quantity and now presents itself in a familiar menu layout.</p>
9431 </blockquote>
9432
9433 <hr>
9434
9435 <h3><a href="https://hardenedbsd.org/article/shawn-webb/2020-01-26/idealistic-future-hardenedbsd" rel="nofollow">Idealistic Future for HardenedBSD</a></h3>
9436
9437 <blockquote>
9438 <p>Over the past month, we purchased and deployed the new 13-CURRENT/amd64 package building server. We published our first 13-CURRENT/amd64 production package build using that server. We then rebuilt the old package building server to act as the 12-STABLE/amd64 package building server. This post signifies a very important milestone: we have now fully recovered from last year's death of our infrastructure. Our 12-STABLE/amd64 repo, previously out-of-date by many months, is now fully up-to-date!</p>
9439
9440 <p>HardenedBSD is in a very unique position to provide innovative solutions to at-risk and underprivileged populations. As such, we are making human rights endeavors a defining area of focus. Our infrastructure will integrate various privacy and anonymity enhancing technologies and techniques to protect lives. Our operating system's security posture will increase, especially with our focus on exploit mitigations.</p>
9441
9442 <p>Navigating the intersection between human rights and information security directly impacts lives. HardenedBSD's 2020 mission and focus is to deliver an entire hardened ecosystem that is unfriendly towards those who would oppress or censor their people. This includes a subtle shift in priorities to match this new mission and focus. While we implement exploit mitigations and further harden the ecosystem, we will seek out opportunities to contribute a tangible and unique impact on human rights issues. Providing Tor Onion Services for our core infrastructure is the first step in likely many to come towards securely helping those in need.</p>
9443 </blockquote>
9444
9445 <hr>
9446
9447 <h2>Beastie Bits</h2>
9448
9449 <ul>
9450 <li><a href="https://fosdem.org/2020/interviews/warner-losh/" rel="nofollow">Warner Losh's FOSDEM talk</a></li>
9451 <li><a href="https://relational-pipes.globalcode.info/v_0/release-v0.15.xhtml" rel="nofollow">Relational Pipes v0.15</a></li>
9452 <li><a href="http://www.armbsd.org/arm/" rel="nofollow">A reminder for where to find NetBSD ARM images</a></li>
9453 <li><a href="https://lists.freebsd.org/pipermail/freebsd-arch/2020-January/019866.html" rel="nofollow">New Safe Memory Reclamation feature in UMA</a></li>
9454 <li><a href="https://twitter.com/niclaszeising/status/1216667359831842817" rel="nofollow">BSD Users Stockholm Meetup</a></li>
9455 </ul>
9456
9457 <hr>
9458
9459 <h2>Feedback/Questions</h2>
9460
9461 <ul>
9462 <li>ZFS - <a href="http://dpaste.com/13EK8YH#wrap" rel="nofollow">Rosetta Stone Document?</a></li>
9463 <li>Pat - <a href="http://dpaste.com/2DN5RA4#wrap" rel="nofollow">Question</a></li>
9464 <li>Sigflup - <a href="http://dpaste.com/03Y4FQ7#wrap" rel="nofollow">Wayland on the BSDs</a></li>
9465 </ul>
9466
9467 <hr>
9468
9469 <ul>
9470 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
9471 </ul>
9472
9473 <hr>
9474
9475 <video controls preload="metadata" style=" width:426px; height:240px;">
9476 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0337.mp4" type="video/mp4">
9477 Your browser does not support the HTML5 video tag.
9478 </video>]]>
9479 </itunes:summary>
9480 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+dx_XMyZG</fireside:playerURL>
9481 <fireside:playerEmbedCode>
9482 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+dx_XMyZG" width="740" height="200" frameborder="0" scrolling="no">]]>
9483 </fireside:playerEmbedCode>
9484 </item>
9485 <item>
9486 <title>336: Archived Knowledge</title>
9487 <link>https://www.bsdnow.tv/336</link>
9488 <guid isPermaLink="false">3f404c97-d972-4734-9152-420ea4263317</guid>
9489 <pubDate>Thu, 06 Feb 2020 05:00:00 -0800</pubDate>
9490 <author>Allan Jude</author>
9491 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/3f404c97-d972-4734-9152-420ea4263317.mp3" length="41728650" type="audio/mp3"/>
9492 <itunes:episodeType>full</itunes:episodeType>
9493 <itunes:author>Allan Jude</itunes:author>
9494 <itunes:subtitle>Linux couldn’t duplicate OpenBSD, FreeBSD Q4 status report, OPNsense 19.7.9 released, archives retain and pass on knowledge, HardenedBSD Tor Onion Service v3 Nodes, and more.</itunes:subtitle>
9495 <itunes:duration>57:57</itunes:duration>
9496 <itunes:explicit>no</itunes:explicit>
9497 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
9498 <description>Linux couldn’t duplicate OpenBSD, FreeBSD Q4 status report, OPNsense 19.7.9 released, archives retain and pass on knowledge, HardenedBSD Tor Onion Service v3 Nodes, and more.
9499 Headlines
9500 OpenBSD has to be a BSD Unix and you couldn't duplicate it with Linux (https://utcc.utoronto.ca/~cks/space/blog/unix/OpenBSDMustBeABSD?showcomments)
9501 OpenBSD has a well deserved reputation for putting security and a clean system (for code, documentation, and so on) first, and everything else second. OpenBSD is of course based on BSD (it's right there in the name) and descends from FreeBSD NetBSD (you can read the history here). But one of the questions you could ask about it is whether it had to be that way, and in particular if you could build something like OpenBSD on top of Linux. I believe that the answer is no.
9502 Linux and the *BSDs have a significantly different model of what they are. BSDs have a 'base system' that provides an integrated and fully operational core Unix, covering the kernel, C library and compiler, and the normal Unix user level programs, all maintained and distributed by the particular BSD. Linux is not a single unit this way, and instead all of the component parts are maintained separately and assembled in various ways by various Linux distributions. Both approaches have their advantages, but one big one for the BSD approach is that it enables global changes.
9503 Making global changes is an important part of what makes OpenBSD's approach to improving security, code maintenance, and so on work. Because it directly maintains everything as a unit, OpenBSD is in a position to introduce new C library or kernel APIs (or change them) and then immediately update all sorts of things in user level programs to use the new API. This takes a certain amount of work, of course, but it's possible to do it at all. And because OpenBSD can do this sort of ambitious global change, it does.
9504 This goes further than just the ability to make global changes, because in theory you can patch in global changes on top of a bunch of separate upstream projects. Because OpenBSD is in control of its entire base system, it's not forced to try to reconcile different development priorities or integrate clashing changes. OpenBSD can decide (and has) that only certain sorts of changes will be accepted into its system at all, no matter what people want. If there are features or entire programs that don't fit into what OpenBSD will accept, they just lose out.
9505 FreeBSD Quarterly Status Report 2019Q4 (https://lists.freebsd.org/pipermail/freebsd-announce/2020-January/001923.html)
9506 Here is the last quarterly status report for 2019. As you might remember from last report, we changed our timeline: now we collect reports the last month of each quarter and we edit and publish the full document the next month. Thus, we cover here the period October 2019 - December 2019.
9507 If you thought that the FreeBSD community was less active in the Christmas' quarter you will be glad to be proven wrong: a quick glance at the summary will be sufficient to see that much work has been done in the last months.
9508 Have a nice read!
9509 News Roundup
9510 OPNsense 19.7.9 released (https://opnsense.org/opnsense-19-7-9-released/)
9511 As 20.1 nears we will be making adjustments to the scope of the release with an announcement following shortly.
9512 For now, this update brings you a GeoIP database configuration page for aliases which is now required due to upstream database policy changes and a number of prominent third-party software updates we are happy to see included.
9513 Archives are important to retain and pass on knowledge (https://dan.langille.org/2020/01/07/archives-are-important-to-retain-and-pass-on-knowledge/)
9514 Archives are important. When they are public and available for searching, it retains and passes on knowledge. It saves vast amounts of time.
9515 HardenedBSD Tor Onion Service v3 Nodes (https://hardenedbsd.org/article/shawn-webb/2020-01-30/hardenedbsd-tor-onion-service-v3-nodes)
9516 I've been working today on deploying Tor Onion Service v3 nodes across our build infrastructure. I'm happy to announce that the public portion of this is now completed. Below you will find various onion service hostnames and their match to our infrastructure.
9517 hardenedbsd.org: lkiw4tmbudbr43hbyhm636sarn73vuow77czzohdbqdpjuq3vdzvenyd.onion
9518 ci-01.nyi.hardenedbsd.org: qspcqclhifj3tcpojsbwoxgwanlo2wakti2ia4wozxjcldkxmw2yj3yd.onion
9519 ci-03.md.hardenedbsd.org: eqvnohly4tjrkpwatdhgptftabpesofirnhz5kq7jzn4zd6ernpvnpqd.onion
9520 ci-04.md.hardenedbsd.org: rfqabq2w65nhdkukeqwf27r7h5xfh53h3uns6n74feeyl7s5fbjxczqd.onion
9521 git-01.md.hardenedbsd.org: dacxzjk3kq5mmepbdd3ai2ifynlzxsnpl2cnkfhridqfywihrfftapid.onion
9522 Beastie Bits
9523 The Missing Semester of Your CS Education (MIT Course) (https://missing.csail.mit.edu/)
9524 An old Unix Ad (https://i.redd.it/503390rf7md41.png)
9525 OpenBSD syscall call-from verification (https://marc.info/?l=openbsd-tech&m=157488907117170&w=2)
9526 OpenBSD/arm64 on Pinebook (https://twitter.com/bluerise/status/1220963106563579909)
9527 Reminder: First Southern Ontario BSD user group meeting, February 11th (this coming Tuesday!) 18:30 at Boston Pizza on Upper James st, Hamilton. (http://studybsd.com/)
9528 NYCBUG: March meeting will feature Dr. Paul Vixie and his new talk “Operating Systems as Dumb Pipes” (https://www.nycbug.org/)
9529 8th Meetup of the Stockholm BUG: March 3 at 18:00 (https://www.meetup.com/de-DE/BSD-Users-Stockholm/events/267873938/)
9530 Polish BSD User Group meets on Feb 11, 2020 at 18:15 (https://bsd-pl.org/en)
9531 Feedback/Questions
9532 Sean - ZFS and Creation Dates (http://dpaste.com/3W5WBV0#wrap)
9533 Christopher - Help on ZFS Disaster Recovery (http://dpaste.com/3SE43PW)
9534 Mike - Encrypted ZFS Send (http://dpaste.com/00J5JZG#wrap)
9535 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
9536 <video controls preload="metadata" style=" width:426px; height:240px;">
9537 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0336.mp4" type="video/mp4">
9538 Your browser does not support the HTML5 video tag.
9539 </video>
9540 </description>
9541 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, status, status report, opnsense, firewall, router, archives, knowledge, tor, tor onion service node</itunes:keywords>
9542 <content:encoded>
9543 <![CDATA[<p>Linux couldn’t duplicate OpenBSD, FreeBSD Q4 status report, OPNsense 19.7.9 released, archives retain and pass on knowledge, HardenedBSD Tor Onion Service v3 Nodes, and more.</p>
9544
9545 <h2>Headlines</h2>
9546
9547 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/unix/OpenBSDMustBeABSD?showcomments" rel="nofollow">OpenBSD has to be a BSD Unix and you couldn't duplicate it with Linux</a></h3>
9548
9549 <blockquote>
9550 <p>OpenBSD has a well deserved reputation for putting security and a clean system (for code, documentation, and so on) first, and everything else second. OpenBSD is of course based on BSD (it's right there in the name) and descends from FreeBSD NetBSD (you can read the history here). But one of the questions you could ask about it is whether it had to be that way, and in particular if you could build something like OpenBSD on top of Linux. I believe that the answer is no.</p>
9551
9552 <p>Linux and the *BSDs have a significantly different model of what they are. BSDs have a 'base system' that provides an integrated and fully operational core Unix, covering the kernel, C library and compiler, and the normal Unix user level programs, all maintained and distributed by the particular BSD. Linux is not a single unit this way, and instead all of the component parts are maintained separately and assembled in various ways by various Linux distributions. Both approaches have their advantages, but one big one for the BSD approach is that it enables global changes.</p>
9553
9554 <p>Making global changes is an important part of what makes OpenBSD's approach to improving security, code maintenance, and so on work. Because it directly maintains everything as a unit, OpenBSD is in a position to introduce new C library or kernel APIs (or change them) and then immediately update all sorts of things in user level programs to use the new API. This takes a certain amount of work, of course, but it's possible to do it at all. And because OpenBSD can do this sort of ambitious global change, it does.</p>
9555
9556 <p>This goes further than just the ability to make global changes, because in theory you can patch in global changes on top of a bunch of separate upstream projects. Because OpenBSD is in control of its entire base system, it's not forced to try to reconcile different development priorities or integrate clashing changes. OpenBSD can decide (and has) that only certain sorts of changes will be accepted into its system at all, no matter what people want. If there are features or entire programs that don't fit into what OpenBSD will accept, they just lose out.</p>
9557 </blockquote>
9558
9559 <hr>
9560
9561 <h3><a href="https://lists.freebsd.org/pipermail/freebsd-announce/2020-January/001923.html" rel="nofollow">FreeBSD Quarterly Status Report 2019Q4</a></h3>
9562
9563 <blockquote>
9564 <p>Here is the last quarterly status report for 2019. As you might remember from last report, we changed our timeline: now we collect reports the last month of each quarter and we edit and publish the full document the next month. Thus, we cover here the period October 2019 - December 2019.</p>
9565
9566 <p>If you thought that the FreeBSD community was less active in the Christmas' quarter you will be glad to be proven wrong: a quick glance at the summary will be sufficient to see that much work has been done in the last months.</p>
9567
9568 <p>Have a nice read!</p>
9569 </blockquote>
9570
9571 <hr>
9572
9573 <h2>News Roundup</h2>
9574
9575 <h3><a href="https://opnsense.org/opnsense-19-7-9-released/" rel="nofollow">OPNsense 19.7.9 released</a></h3>
9576
9577 <blockquote>
9578 <p>As 20.1 nears we will be making adjustments to the scope of the release with an announcement following shortly.</p>
9579
9580 <p>For now, this update brings you a GeoIP database configuration page for aliases which is now required due to upstream database policy changes and a number of prominent third-party software updates we are happy to see included.</p>
9581 </blockquote>
9582
9583 <hr>
9584
9585 <h3><a href="https://dan.langille.org/2020/01/07/archives-are-important-to-retain-and-pass-on-knowledge/" rel="nofollow">Archives are important to retain and pass on knowledge</a></h3>
9586
9587 <blockquote>
9588 <p>Archives are important. When they are public and available for searching, it retains and passes on knowledge. It saves vast amounts of time.</p>
9589 </blockquote>
9590
9591 <hr>
9592
9593 <h3><a href="https://hardenedbsd.org/article/shawn-webb/2020-01-30/hardenedbsd-tor-onion-service-v3-nodes" rel="nofollow">HardenedBSD Tor Onion Service v3 Nodes</a></h3>
9594
9595 <blockquote>
9596 <p>I've been working today on deploying Tor Onion Service v3 nodes across our build infrastructure. I'm happy to announce that the public portion of this is now completed. Below you will find various onion service hostnames and their match to our infrastructure.</p>
9597 </blockquote>
9598
9599 <ul>
9600 <li>hardenedbsd.org: lkiw4tmbudbr43hbyhm636sarn73vuow77czzohdbqdpjuq3vdzvenyd.onion</li>
9601 <li>ci-01.nyi.hardenedbsd.org: qspcqclhifj3tcpojsbwoxgwanlo2wakti2ia4wozxjcldkxmw2yj3yd.onion</li>
9602 <li>ci-03.md.hardenedbsd.org: eqvnohly4tjrkpwatdhgptftabpesofirnhz5kq7jzn4zd6ernpvnpqd.onion</li>
9603 <li>ci-04.md.hardenedbsd.org: rfqabq2w65nhdkukeqwf27r7h5xfh53h3uns6n74feeyl7s5fbjxczqd.onion</li>
9604 <li>git-01.md.hardenedbsd.org: dacxzjk3kq5mmepbdd3ai2ifynlzxsnpl2cnkfhridqfywihrfftapid.onion</li>
9605 </ul>
9606
9607 <hr>
9608
9609 <h2>Beastie Bits</h2>
9610
9611 <ul>
9612 <li><a href="https://missing.csail.mit.edu/" rel="nofollow">The Missing Semester of Your CS Education (MIT Course)</a></li>
9613 <li><a href="https://i.redd.it/503390rf7md41.png" rel="nofollow">An old Unix Ad</a></li>
9614 <li><a href="https://marc.info/?l=openbsd-tech&m=157488907117170&w=2" rel="nofollow">OpenBSD syscall call-from verification</a></li>
9615 <li><a href="https://twitter.com/bluerise/status/1220963106563579909" rel="nofollow">OpenBSD/arm64 on Pinebook</a></li>
9616 <li><a href="http://studybsd.com/" rel="nofollow">Reminder: First Southern Ontario BSD user group meeting, February 11th (this coming Tuesday!) 18:30 at Boston Pizza on Upper James st, Hamilton.</a></li>
9617 <li><a href="https://www.nycbug.org/" rel="nofollow">NYCBUG: March meeting will feature Dr. Paul Vixie and his new talk “Operating Systems as Dumb Pipes”</a></li>
9618 <li><a href="https://www.meetup.com/de-DE/BSD-Users-Stockholm/events/267873938/" rel="nofollow">8th Meetup of the Stockholm BUG: March 3 at 18:00</a></li>
9619 <li><a href="https://bsd-pl.org/en" rel="nofollow">Polish BSD User Group meets on Feb 11, 2020 at 18:15</a></li>
9620 </ul>
9621
9622 <hr>
9623
9624 <h2>Feedback/Questions</h2>
9625
9626 <ul>
9627 <li>Sean - <a href="http://dpaste.com/3W5WBV0#wrap" rel="nofollow">ZFS and Creation Dates</a></li>
9628 <li>Christopher - <a href="http://dpaste.com/3SE43PW" rel="nofollow">Help on ZFS Disaster Recovery</a></li>
9629 <li>Mike - <a href="http://dpaste.com/00J5JZG#wrap" rel="nofollow">Encrypted ZFS Send</a></li>
9630 </ul>
9631
9632 <hr>
9633
9634 <ul>
9635 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
9636 </ul>
9637
9638 <hr>
9639
9640 <video controls preload="metadata" style=" width:426px; height:240px;">
9641 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0336.mp4" type="video/mp4">
9642 Your browser does not support the HTML5 video tag.
9643 </video>]]>
9644 </content:encoded>
9645 <itunes:summary>
9646 <![CDATA[<p>Linux couldn’t duplicate OpenBSD, FreeBSD Q4 status report, OPNsense 19.7.9 released, archives retain and pass on knowledge, HardenedBSD Tor Onion Service v3 Nodes, and more.</p>
9647
9648 <h2>Headlines</h2>
9649
9650 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/unix/OpenBSDMustBeABSD?showcomments" rel="nofollow">OpenBSD has to be a BSD Unix and you couldn't duplicate it with Linux</a></h3>
9651
9652 <blockquote>
9653 <p>OpenBSD has a well deserved reputation for putting security and a clean system (for code, documentation, and so on) first, and everything else second. OpenBSD is of course based on BSD (it's right there in the name) and descends from FreeBSD NetBSD (you can read the history here). But one of the questions you could ask about it is whether it had to be that way, and in particular if you could build something like OpenBSD on top of Linux. I believe that the answer is no.</p>
9654
9655 <p>Linux and the *BSDs have a significantly different model of what they are. BSDs have a 'base system' that provides an integrated and fully operational core Unix, covering the kernel, C library and compiler, and the normal Unix user level programs, all maintained and distributed by the particular BSD. Linux is not a single unit this way, and instead all of the component parts are maintained separately and assembled in various ways by various Linux distributions. Both approaches have their advantages, but one big one for the BSD approach is that it enables global changes.</p>
9656
9657 <p>Making global changes is an important part of what makes OpenBSD's approach to improving security, code maintenance, and so on work. Because it directly maintains everything as a unit, OpenBSD is in a position to introduce new C library or kernel APIs (or change them) and then immediately update all sorts of things in user level programs to use the new API. This takes a certain amount of work, of course, but it's possible to do it at all. And because OpenBSD can do this sort of ambitious global change, it does.</p>
9658
9659 <p>This goes further than just the ability to make global changes, because in theory you can patch in global changes on top of a bunch of separate upstream projects. Because OpenBSD is in control of its entire base system, it's not forced to try to reconcile different development priorities or integrate clashing changes. OpenBSD can decide (and has) that only certain sorts of changes will be accepted into its system at all, no matter what people want. If there are features or entire programs that don't fit into what OpenBSD will accept, they just lose out.</p>
9660 </blockquote>
9661
9662 <hr>
9663
9664 <h3><a href="https://lists.freebsd.org/pipermail/freebsd-announce/2020-January/001923.html" rel="nofollow">FreeBSD Quarterly Status Report 2019Q4</a></h3>
9665
9666 <blockquote>
9667 <p>Here is the last quarterly status report for 2019. As you might remember from last report, we changed our timeline: now we collect reports the last month of each quarter and we edit and publish the full document the next month. Thus, we cover here the period October 2019 - December 2019.</p>
9668
9669 <p>If you thought that the FreeBSD community was less active in the Christmas' quarter you will be glad to be proven wrong: a quick glance at the summary will be sufficient to see that much work has been done in the last months.</p>
9670
9671 <p>Have a nice read!</p>
9672 </blockquote>
9673
9674 <hr>
9675
9676 <h2>News Roundup</h2>
9677
9678 <h3><a href="https://opnsense.org/opnsense-19-7-9-released/" rel="nofollow">OPNsense 19.7.9 released</a></h3>
9679
9680 <blockquote>
9681 <p>As 20.1 nears we will be making adjustments to the scope of the release with an announcement following shortly.</p>
9682
9683 <p>For now, this update brings you a GeoIP database configuration page for aliases which is now required due to upstream database policy changes and a number of prominent third-party software updates we are happy to see included.</p>
9684 </blockquote>
9685
9686 <hr>
9687
9688 <h3><a href="https://dan.langille.org/2020/01/07/archives-are-important-to-retain-and-pass-on-knowledge/" rel="nofollow">Archives are important to retain and pass on knowledge</a></h3>
9689
9690 <blockquote>
9691 <p>Archives are important. When they are public and available for searching, it retains and passes on knowledge. It saves vast amounts of time.</p>
9692 </blockquote>
9693
9694 <hr>
9695
9696 <h3><a href="https://hardenedbsd.org/article/shawn-webb/2020-01-30/hardenedbsd-tor-onion-service-v3-nodes" rel="nofollow">HardenedBSD Tor Onion Service v3 Nodes</a></h3>
9697
9698 <blockquote>
9699 <p>I've been working today on deploying Tor Onion Service v3 nodes across our build infrastructure. I'm happy to announce that the public portion of this is now completed. Below you will find various onion service hostnames and their match to our infrastructure.</p>
9700 </blockquote>
9701
9702 <ul>
9703 <li>hardenedbsd.org: lkiw4tmbudbr43hbyhm636sarn73vuow77czzohdbqdpjuq3vdzvenyd.onion</li>
9704 <li>ci-01.nyi.hardenedbsd.org: qspcqclhifj3tcpojsbwoxgwanlo2wakti2ia4wozxjcldkxmw2yj3yd.onion</li>
9705 <li>ci-03.md.hardenedbsd.org: eqvnohly4tjrkpwatdhgptftabpesofirnhz5kq7jzn4zd6ernpvnpqd.onion</li>
9706 <li>ci-04.md.hardenedbsd.org: rfqabq2w65nhdkukeqwf27r7h5xfh53h3uns6n74feeyl7s5fbjxczqd.onion</li>
9707 <li>git-01.md.hardenedbsd.org: dacxzjk3kq5mmepbdd3ai2ifynlzxsnpl2cnkfhridqfywihrfftapid.onion</li>
9708 </ul>
9709
9710 <hr>
9711
9712 <h2>Beastie Bits</h2>
9713
9714 <ul>
9715 <li><a href="https://missing.csail.mit.edu/" rel="nofollow">The Missing Semester of Your CS Education (MIT Course)</a></li>
9716 <li><a href="https://i.redd.it/503390rf7md41.png" rel="nofollow">An old Unix Ad</a></li>
9717 <li><a href="https://marc.info/?l=openbsd-tech&m=157488907117170&w=2" rel="nofollow">OpenBSD syscall call-from verification</a></li>
9718 <li><a href="https://twitter.com/bluerise/status/1220963106563579909" rel="nofollow">OpenBSD/arm64 on Pinebook</a></li>
9719 <li><a href="http://studybsd.com/" rel="nofollow">Reminder: First Southern Ontario BSD user group meeting, February 11th (this coming Tuesday!) 18:30 at Boston Pizza on Upper James st, Hamilton.</a></li>
9720 <li><a href="https://www.nycbug.org/" rel="nofollow">NYCBUG: March meeting will feature Dr. Paul Vixie and his new talk “Operating Systems as Dumb Pipes”</a></li>
9721 <li><a href="https://www.meetup.com/de-DE/BSD-Users-Stockholm/events/267873938/" rel="nofollow">8th Meetup of the Stockholm BUG: March 3 at 18:00</a></li>
9722 <li><a href="https://bsd-pl.org/en" rel="nofollow">Polish BSD User Group meets on Feb 11, 2020 at 18:15</a></li>
9723 </ul>
9724
9725 <hr>
9726
9727 <h2>Feedback/Questions</h2>
9728
9729 <ul>
9730 <li>Sean - <a href="http://dpaste.com/3W5WBV0#wrap" rel="nofollow">ZFS and Creation Dates</a></li>
9731 <li>Christopher - <a href="http://dpaste.com/3SE43PW" rel="nofollow">Help on ZFS Disaster Recovery</a></li>
9732 <li>Mike - <a href="http://dpaste.com/00J5JZG#wrap" rel="nofollow">Encrypted ZFS Send</a></li>
9733 </ul>
9734
9735 <hr>
9736
9737 <ul>
9738 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
9739 </ul>
9740
9741 <hr>
9742
9743 <video controls preload="metadata" style=" width:426px; height:240px;">
9744 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0336.mp4" type="video/mp4">
9745 Your browser does not support the HTML5 video tag.
9746 </video>]]>
9747 </itunes:summary>
9748 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+qlzMcaj3</fireside:playerURL>
9749 <fireside:playerEmbedCode>
9750 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+qlzMcaj3" width="740" height="200" frameborder="0" scrolling="no">]]>
9751 </fireside:playerEmbedCode>
9752 </item>
9753 <item>
9754 <title>335: FreeBSD Down Under</title>
9755 <link>https://www.bsdnow.tv/335</link>
9756 <guid isPermaLink="false">12678787-276e-4471-a8a3-115404afed57</guid>
9757 <pubDate>Thu, 30 Jan 2020 05:00:00 -0800</pubDate>
9758 <author>Allan Jude</author>
9759 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/12678787-276e-4471-a8a3-115404afed57.mp3" length="38818086" type="audio/mp3"/>
9760 <itunes:episodeType>full</itunes:episodeType>
9761 <itunes:author>Allan Jude</itunes:author>
9762 <itunes:subtitle>Hyperbola Developer interview, why you should migrate from Linux to BSD, FreeBSD is an amazing OS, improving the ptrace(2) API in LLVM 10, First FreeBSD conference in Australia, and a guide to containers on FreeNAS.</itunes:subtitle>
9763 <itunes:duration>53:54</itunes:duration>
9764 <itunes:explicit>no</itunes:explicit>
9765 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
9766 <description>Hyperbola Developer interview, why you should migrate from Linux to BSD, FreeBSD is an amazing OS, improving the ptrace(2) API in LLVM 10, First FreeBSD conference in Australia, and a guide to containers on FreeNAS.
9767 Headlines
9768 FreeBSD is an amazing operating System (https://www.unixsheikh.com/articles/freebsd-is-an-amazing-operating-system.html)
9769 Update 2020-01-21: Since I wrote this article it got posted on Hacker News, Reddit and Lobster, and a few people have emailed me with comments. I have updated the article with comments where I have found it needed. As an important side note I would like to point out that I am not a FreeBSD developer, there may be things going on in the FreeBSD world that I know absolutely nothing about. I am also not glued to the FreeBSD developer mailing lists. I am not a FreeBSD "fanboy". I have been using GNU/Linux a ton more for the past two decades than FreeBSD, mainly due to hardware incompatibility (lacking or buggy drivers), and I love both Debian GNU/Linux and Arch Linux just as much as FreeBSD. However, I am concerned about the development of GNU/Linux as of late. Also this article is not about me trying to make anyone switch from something else to FreeBSD. It's about why I like FreeBSD and that I recommend you try it out if you're into messing with operating systems.
9770 I think the year was late 1999 or mid 2000 when I one day was browsing computer books at my favorite bookshop and I discovered the book The Complete FreeBSD third edition from 1999 by Greg Lehey. With the book came 4 CD Roms with FreeBSD 3.3.
9771 I had already familiarized myself with GNU/Linux in 1998, and I was in the process of migrating every server and desktop operating system away from Microsoft Windows, both at home and at my company, to GNU/Linux, initially Red Hat Linux and then later Debian GNU/Linux, which eventually became my favorite GNU/Linux distribution for many years.
9772 When I first saw The Complete FreeBSD book by Greg Lehey I remember noticing the text on the front page that said, "The Free Version of Berkeley UNIX" and "Rock Solid Stability", and I was immediately intrigued! What was that all about? A free UNIX operating system! And rock solid stability? That sounded amazing.
9773 Hyperbola Dev Interview (https://itsfoss.com/hyperbola-linux-bsd/)
9774 In late December 2019, Hyperbola announced that they would be making major changes to their project. They have decided to drop the Linux kernel in favor of forking the OpenBSD kernel. This announcement only came months after Project Trident announced that they were going in the opposite direction (from BSD to Linux).
9775 Hyperbola also plans to replace all software that is not GPL v3 compliant with new versions that are.
9776 To get more insight into the future of their new project, I interviewed Andre, co-founder of Hyperbola.
9777 News Roundup
9778 Improving the ptrace(2) API and preparing for LLVM-10.0 (https://blog.netbsd.org/tnf/entry/improving_the_ptrace_2_api)
9779 This month I have improved the NetBSD ptrace(2) API, removing one legacy interface with a few flaws and replacing it with two new calls with new features, and removing technical debt.
9780 As LLVM 10.0 is branching now soon (Jan 15th 2020), I worked on proper support of the LLVM features for NetBSD 9.0 (today RC1) and NetBSD HEAD (future 10.0).
9781 The first FreeBSD conference in Australia (https://rubenerd.com/the-first-freebsd-conference-in-australia/)
9782 FreeBSD has existed as an operating system, project, and foundation for more than twenty years, and its earlier incantations have exited for far longer. The old guard have been developing code, porting software, and writing documentation for longer than I’ve existed. I’ve been using it for more than a decade for personal projects, and professionally for half that time.
9783 While there are many prominent Australian FreeBSD contributors, sysadmins, and users, we’ve always had to venture overseas for conferences. We’re always told Australians are among the most ardent travellers, but I always wondered if we could do a domestic event as well.
9784 And on Tuesday, we did! Deb Goodkin and the FreeBSD Foundation graciously organised and chaired a dedicated FreeBSD miniconf at the long-running linux.conf.au event held each year in a different city in Australia and New Zealand.
9785 A practical guide to containers on FreeNAS for a depraved psychopath (https://medium.com/@andoriyu/a-practical-guide-to-containers-on-freenas-for-a-depraved-psychopath-c212203c0394)
9786 This is a simple write-up to setup Docker on FreeNAS 11 or FreeBSD 11.
9787 But muh jails?
9788 You know that jails are dope and you know that jails are dope, yet no one else knows it. So here we are stuck with docker. Two years ago I would be the last person to recommend using docker, but a whole lot of things has changes past years…
9789 So jails are dead then?
9790 No, jails are still dope, but jails lack tools to manage them. Yes, there are a few tools, but they meant for hard-core FreeBSD users who used to suffering. Docker allows you to run applications without deep knowledge of application you’re running. It will also allow you to run applications that are not ported to FreeBSD.
9791 Why you should migrate everything from Linux to BSD (https://www.unixsheikh.com/articles/why-you-should-migrate-everything-from-linux-to-bsd.html)
9792 As an operating system GNU/Linux has become a real mess because of the fragmented nature of the project, the bloatware in the kernel, and because of the jerking around by commercial interests.
9793 Response Should you migrate from Linux to BSD? It depends. (https://fediverse.blog/~/AllGoodThings/should-you-migrate-from-linux-to-bsd-it-depends)
9794 Beastie Bits
9795 Using the OpenBSD ports tree with dedicated users (https://dataswamp.org/~solene/2020-01-11-privsep.html)
9796 broot on FreeBSD (https://vermaden.wordpress.com/2020/01/10/run-broot-on-freebsd/)
9797 A Trip down Memory Lane (https://svnweb.freebsd.org/base/head/share/misc/bsd-family-tree?view=co)
9798 Running syslog-ng in BastilleBSD (https://www.syslog-ng.com/community/b/blog/posts/running-syslog-ng-in-bastillebsd)
9799 NASA : Using Software Packages in pkgsrc (https://www.nas.nasa.gov/hecc/support/kb/using-software-packages-in-pkgsrc_493.html)
9800 Feedback/Questions
9801 All of our questions this week were pretty technical in nature so I'm going to save those for the next episode so Allan can weigh in on them, since if we cover them now we're basically going to be deferring to Allan anyway.
9802 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
9803 <video controls preload="metadata" style=" width:426px; height:240px;">
9804 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0335.mp4" type="video/mp4">
9805 Your browser does not support the HTML5 video tag.
9806 </video>
9807 </description>
9808 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, hyperbola, migrate, migration, ptrace, llvm, conference, australia, containers, freenas</itunes:keywords>
9809 <content:encoded>
9810 <![CDATA[<p>Hyperbola Developer interview, why you should migrate from Linux to BSD, FreeBSD is an amazing OS, improving the ptrace(2) API in LLVM 10, First FreeBSD conference in Australia, and a guide to containers on FreeNAS.</p>
9811
9812 <h2>Headlines</h2>
9813
9814 <h3><a href="https://www.unixsheikh.com/articles/freebsd-is-an-amazing-operating-system.html" rel="nofollow">FreeBSD is an amazing operating System</a></h3>
9815
9816 <blockquote>
9817 <p>Update 2020-01-21: Since I wrote this article it got posted on Hacker News, Reddit and Lobster, and a few people have emailed me with comments. I have updated the article with comments where I have found it needed. As an important side note I would like to point out that I am not a FreeBSD developer, there may be things going on in the FreeBSD world that I know absolutely nothing about. I am also not glued to the FreeBSD developer mailing lists. I am not a FreeBSD "fanboy". I have been using GNU/Linux a ton more for the past two decades than FreeBSD, mainly due to hardware incompatibility (lacking or buggy drivers), and I love both Debian GNU/Linux and Arch Linux just as much as FreeBSD. However, I am concerned about the development of GNU/Linux as of late. Also this article is not about me trying to make anyone switch from something else to FreeBSD. It's about why I like FreeBSD and that I recommend you try it out if you're into messing with operating systems.</p>
9818
9819 <p>I think the year was late 1999 or mid 2000 when I one day was browsing computer books at my favorite bookshop and I discovered the book The Complete FreeBSD third edition from 1999 by Greg Lehey. With the book came 4 CD Roms with FreeBSD 3.3.</p>
9820
9821 <p>I had already familiarized myself with GNU/Linux in 1998, and I was in the process of migrating every server and desktop operating system away from Microsoft Windows, both at home and at my company, to GNU/Linux, initially Red Hat Linux and then later Debian GNU/Linux, which eventually became my favorite GNU/Linux distribution for many years.</p>
9822
9823 <p>When I first saw The Complete FreeBSD book by Greg Lehey I remember noticing the text on the front page that said, "The Free Version of Berkeley UNIX" and "Rock Solid Stability", and I was immediately intrigued! What was that all about? A free UNIX operating system! And rock solid stability? That sounded amazing.</p>
9824 </blockquote>
9825
9826 <hr>
9827
9828 <h3><a href="https://itsfoss.com/hyperbola-linux-bsd/" rel="nofollow">Hyperbola Dev Interview</a></h3>
9829
9830 <blockquote>
9831 <p>In late December 2019, Hyperbola announced that they would be making major changes to their project. They have decided to drop the Linux kernel in favor of forking the OpenBSD kernel. This announcement only came months after Project Trident announced that they were going in the opposite direction (from BSD to Linux).</p>
9832
9833 <p>Hyperbola also plans to replace all software that is not GPL v3 compliant with new versions that are.</p>
9834
9835 <p>To get more insight into the future of their new project, I interviewed Andre, co-founder of Hyperbola.</p>
9836 </blockquote>
9837
9838 <hr>
9839
9840 <h2>News Roundup</h2>
9841
9842 <h3><a href="https://blog.netbsd.org/tnf/entry/improving_the_ptrace_2_api" rel="nofollow">Improving the ptrace(2) API and preparing for LLVM-10.0</a></h3>
9843
9844 <blockquote>
9845 <p>This month I have improved the NetBSD ptrace(2) API, removing one legacy interface with a few flaws and replacing it with two new calls with new features, and removing technical debt.</p>
9846
9847 <p>As LLVM 10.0 is branching now soon (Jan 15th 2020), I worked on proper support of the LLVM features for NetBSD 9.0 (today RC1) and NetBSD HEAD (future 10.0).</p>
9848 </blockquote>
9849
9850 <hr>
9851
9852 <h3><a href="https://rubenerd.com/the-first-freebsd-conference-in-australia/" rel="nofollow">The first FreeBSD conference in Australia</a></h3>
9853
9854 <blockquote>
9855 <p>FreeBSD has existed as an operating system, project, and foundation for more than twenty years, and its earlier incantations have exited for far longer. The old guard have been developing code, porting software, and writing documentation for longer than I’ve existed. I’ve been using it for more than a decade for personal projects, and professionally for half that time.</p>
9856
9857 <p>While there are many prominent Australian FreeBSD contributors, sysadmins, and users, we’ve always had to venture overseas for conferences. We’re always told Australians are among the most ardent travellers, but I always wondered if we could do a domestic event as well.</p>
9858
9859 <p>And on Tuesday, we did! Deb Goodkin and the FreeBSD Foundation graciously organised and chaired a dedicated FreeBSD miniconf at the long-running linux.conf.au event held each year in a different city in Australia and New Zealand.</p>
9860 </blockquote>
9861
9862 <hr>
9863
9864 <h3><a href="https://medium.com/@andoriyu/a-practical-guide-to-containers-on-freenas-for-a-depraved-psychopath-c212203c0394" rel="nofollow">A practical guide to containers on FreeNAS for a depraved psychopath</a></h3>
9865
9866 <blockquote>
9867 <p>This is a simple write-up to setup Docker on FreeNAS 11 or FreeBSD 11.</p>
9868 </blockquote>
9869
9870 <p>But muh jails?</p>
9871
9872 <blockquote>
9873 <p>You know that jails are dope and you know that jails are dope, yet no one else knows it. So here we are stuck with docker. Two years ago I would be the last person to recommend using docker, but a whole lot of things has changes past years… </p>
9874 </blockquote>
9875
9876 <p>So jails are dead then?</p>
9877
9878 <blockquote>
9879 <p>No, jails are still dope, but jails lack tools to manage them. Yes, there are a few tools, but they meant for hard-core FreeBSD users who used to suffering. Docker allows you to run applications without deep knowledge of application you’re running. It will also allow you to run applications that are not ported to FreeBSD.</p>
9880 </blockquote>
9881
9882 <hr>
9883
9884 <h3><a href="https://www.unixsheikh.com/articles/why-you-should-migrate-everything-from-linux-to-bsd.html" rel="nofollow">Why you should migrate everything from Linux to BSD</a></h3>
9885
9886 <blockquote>
9887 <p>As an operating system GNU/Linux has become a real mess because of the fragmented nature of the project, the bloatware in the kernel, and because of the jerking around by commercial interests.</p>
9888 </blockquote>
9889
9890 <ul>
9891 <li>Response <a href="https://fediverse.blog/%7E/AllGoodThings/should-you-migrate-from-linux-to-bsd-it-depends" rel="nofollow">Should you migrate from Linux to BSD? It depends.</a></li>
9892 </ul>
9893
9894 <h2>Beastie Bits</h2>
9895
9896 <ul>
9897 <li><a href="https://dataswamp.org/%7Esolene/2020-01-11-privsep.html" rel="nofollow">Using the OpenBSD ports tree with dedicated users</a></li>
9898 <li><a href="https://vermaden.wordpress.com/2020/01/10/run-broot-on-freebsd/" rel="nofollow">broot on FreeBSD</a></li>
9899 <li><a href="https://svnweb.freebsd.org/base/head/share/misc/bsd-family-tree?view=co" rel="nofollow">A Trip down Memory Lane</a></li>
9900 <li><a href="https://www.syslog-ng.com/community/b/blog/posts/running-syslog-ng-in-bastillebsd" rel="nofollow">Running syslog-ng in BastilleBSD</a></li>
9901 <li><a href="https://www.nas.nasa.gov/hecc/support/kb/using-software-packages-in-pkgsrc_493.html" rel="nofollow">NASA : Using Software Packages in pkgsrc</a></li>
9902 </ul>
9903
9904 <hr>
9905
9906 <h2>Feedback/Questions</h2>
9907
9908 <ul>
9909 <li>All of our questions this week were pretty technical in nature so I'm going to save those for the next episode so Allan can weigh in on them, since if we cover them now we're basically going to be deferring to Allan anyway.</li>
9910 </ul>
9911
9912 <hr>
9913
9914 <ul>
9915 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
9916 </ul>
9917
9918 <hr>
9919
9920 <video controls preload="metadata" style=" width:426px; height:240px;">
9921 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0335.mp4" type="video/mp4">
9922 Your browser does not support the HTML5 video tag.
9923 </video>]]>
9924 </content:encoded>
9925 <itunes:summary>
9926 <![CDATA[<p>Hyperbola Developer interview, why you should migrate from Linux to BSD, FreeBSD is an amazing OS, improving the ptrace(2) API in LLVM 10, First FreeBSD conference in Australia, and a guide to containers on FreeNAS.</p>
9927
9928 <h2>Headlines</h2>
9929
9930 <h3><a href="https://www.unixsheikh.com/articles/freebsd-is-an-amazing-operating-system.html" rel="nofollow">FreeBSD is an amazing operating System</a></h3>
9931
9932 <blockquote>
9933 <p>Update 2020-01-21: Since I wrote this article it got posted on Hacker News, Reddit and Lobster, and a few people have emailed me with comments. I have updated the article with comments where I have found it needed. As an important side note I would like to point out that I am not a FreeBSD developer, there may be things going on in the FreeBSD world that I know absolutely nothing about. I am also not glued to the FreeBSD developer mailing lists. I am not a FreeBSD "fanboy". I have been using GNU/Linux a ton more for the past two decades than FreeBSD, mainly due to hardware incompatibility (lacking or buggy drivers), and I love both Debian GNU/Linux and Arch Linux just as much as FreeBSD. However, I am concerned about the development of GNU/Linux as of late. Also this article is not about me trying to make anyone switch from something else to FreeBSD. It's about why I like FreeBSD and that I recommend you try it out if you're into messing with operating systems.</p>
9934
9935 <p>I think the year was late 1999 or mid 2000 when I one day was browsing computer books at my favorite bookshop and I discovered the book The Complete FreeBSD third edition from 1999 by Greg Lehey. With the book came 4 CD Roms with FreeBSD 3.3.</p>
9936
9937 <p>I had already familiarized myself with GNU/Linux in 1998, and I was in the process of migrating every server and desktop operating system away from Microsoft Windows, both at home and at my company, to GNU/Linux, initially Red Hat Linux and then later Debian GNU/Linux, which eventually became my favorite GNU/Linux distribution for many years.</p>
9938
9939 <p>When I first saw The Complete FreeBSD book by Greg Lehey I remember noticing the text on the front page that said, "The Free Version of Berkeley UNIX" and "Rock Solid Stability", and I was immediately intrigued! What was that all about? A free UNIX operating system! And rock solid stability? That sounded amazing.</p>
9940 </blockquote>
9941
9942 <hr>
9943
9944 <h3><a href="https://itsfoss.com/hyperbola-linux-bsd/" rel="nofollow">Hyperbola Dev Interview</a></h3>
9945
9946 <blockquote>
9947 <p>In late December 2019, Hyperbola announced that they would be making major changes to their project. They have decided to drop the Linux kernel in favor of forking the OpenBSD kernel. This announcement only came months after Project Trident announced that they were going in the opposite direction (from BSD to Linux).</p>
9948
9949 <p>Hyperbola also plans to replace all software that is not GPL v3 compliant with new versions that are.</p>
9950
9951 <p>To get more insight into the future of their new project, I interviewed Andre, co-founder of Hyperbola.</p>
9952 </blockquote>
9953
9954 <hr>
9955
9956 <h2>News Roundup</h2>
9957
9958 <h3><a href="https://blog.netbsd.org/tnf/entry/improving_the_ptrace_2_api" rel="nofollow">Improving the ptrace(2) API and preparing for LLVM-10.0</a></h3>
9959
9960 <blockquote>
9961 <p>This month I have improved the NetBSD ptrace(2) API, removing one legacy interface with a few flaws and replacing it with two new calls with new features, and removing technical debt.</p>
9962
9963 <p>As LLVM 10.0 is branching now soon (Jan 15th 2020), I worked on proper support of the LLVM features for NetBSD 9.0 (today RC1) and NetBSD HEAD (future 10.0).</p>
9964 </blockquote>
9965
9966 <hr>
9967
9968 <h3><a href="https://rubenerd.com/the-first-freebsd-conference-in-australia/" rel="nofollow">The first FreeBSD conference in Australia</a></h3>
9969
9970 <blockquote>
9971 <p>FreeBSD has existed as an operating system, project, and foundation for more than twenty years, and its earlier incantations have exited for far longer. The old guard have been developing code, porting software, and writing documentation for longer than I’ve existed. I’ve been using it for more than a decade for personal projects, and professionally for half that time.</p>
9972
9973 <p>While there are many prominent Australian FreeBSD contributors, sysadmins, and users, we’ve always had to venture overseas for conferences. We’re always told Australians are among the most ardent travellers, but I always wondered if we could do a domestic event as well.</p>
9974
9975 <p>And on Tuesday, we did! Deb Goodkin and the FreeBSD Foundation graciously organised and chaired a dedicated FreeBSD miniconf at the long-running linux.conf.au event held each year in a different city in Australia and New Zealand.</p>
9976 </blockquote>
9977
9978 <hr>
9979
9980 <h3><a href="https://medium.com/@andoriyu/a-practical-guide-to-containers-on-freenas-for-a-depraved-psychopath-c212203c0394" rel="nofollow">A practical guide to containers on FreeNAS for a depraved psychopath</a></h3>
9981
9982 <blockquote>
9983 <p>This is a simple write-up to setup Docker on FreeNAS 11 or FreeBSD 11.</p>
9984 </blockquote>
9985
9986 <p>But muh jails?</p>
9987
9988 <blockquote>
9989 <p>You know that jails are dope and you know that jails are dope, yet no one else knows it. So here we are stuck with docker. Two years ago I would be the last person to recommend using docker, but a whole lot of things has changes past years… </p>
9990 </blockquote>
9991
9992 <p>So jails are dead then?</p>
9993
9994 <blockquote>
9995 <p>No, jails are still dope, but jails lack tools to manage them. Yes, there are a few tools, but they meant for hard-core FreeBSD users who used to suffering. Docker allows you to run applications without deep knowledge of application you’re running. It will also allow you to run applications that are not ported to FreeBSD.</p>
9996 </blockquote>
9997
9998 <hr>
9999
10000 <h3><a href="https://www.unixsheikh.com/articles/why-you-should-migrate-everything-from-linux-to-bsd.html" rel="nofollow">Why you should migrate everything from Linux to BSD</a></h3>
10001
10002 <blockquote>
10003 <p>As an operating system GNU/Linux has become a real mess because of the fragmented nature of the project, the bloatware in the kernel, and because of the jerking around by commercial interests.</p>
10004 </blockquote>
10005
10006 <ul>
10007 <li>Response <a href="https://fediverse.blog/%7E/AllGoodThings/should-you-migrate-from-linux-to-bsd-it-depends" rel="nofollow">Should you migrate from Linux to BSD? It depends.</a></li>
10008 </ul>
10009
10010 <h2>Beastie Bits</h2>
10011
10012 <ul>
10013 <li><a href="https://dataswamp.org/%7Esolene/2020-01-11-privsep.html" rel="nofollow">Using the OpenBSD ports tree with dedicated users</a></li>
10014 <li><a href="https://vermaden.wordpress.com/2020/01/10/run-broot-on-freebsd/" rel="nofollow">broot on FreeBSD</a></li>
10015 <li><a href="https://svnweb.freebsd.org/base/head/share/misc/bsd-family-tree?view=co" rel="nofollow">A Trip down Memory Lane</a></li>
10016 <li><a href="https://www.syslog-ng.com/community/b/blog/posts/running-syslog-ng-in-bastillebsd" rel="nofollow">Running syslog-ng in BastilleBSD</a></li>
10017 <li><a href="https://www.nas.nasa.gov/hecc/support/kb/using-software-packages-in-pkgsrc_493.html" rel="nofollow">NASA : Using Software Packages in pkgsrc</a></li>
10018 </ul>
10019
10020 <hr>
10021
10022 <h2>Feedback/Questions</h2>
10023
10024 <ul>
10025 <li>All of our questions this week were pretty technical in nature so I'm going to save those for the next episode so Allan can weigh in on them, since if we cover them now we're basically going to be deferring to Allan anyway.</li>
10026 </ul>
10027
10028 <hr>
10029
10030 <ul>
10031 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
10032 </ul>
10033
10034 <hr>
10035
10036 <video controls preload="metadata" style=" width:426px; height:240px;">
10037 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0335.mp4" type="video/mp4">
10038 Your browser does not support the HTML5 video tag.
10039 </video>]]>
10040 </itunes:summary>
10041 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+E62voEF7</fireside:playerURL>
10042 <fireside:playerEmbedCode>
10043 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+E62voEF7" width="740" height="200" frameborder="0" scrolling="no">]]>
10044 </fireside:playerEmbedCode>
10045 </item>
10046 <item>
10047 <title>334: Distrowatch Running FreeBSD</title>
10048 <link>https://www.bsdnow.tv/334</link>
10049 <guid isPermaLink="false">695d1b03-3bc3-485f-90ba-c6d905189b36</guid>
10050 <pubDate>Thu, 23 Jan 2020 05:00:00 -0800</pubDate>
10051 <author>Allan Jude</author>
10052 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/695d1b03-3bc3-485f-90ba-c6d905189b36.mp3" length="34652078" type="audio/mp3"/>
10053 <itunes:episodeType>full</itunes:episodeType>
10054 <itunes:author>Allan Jude</itunes:author>
10055 <itunes:subtitle>Upgrading FreeBSD from 11.3 to 12.1, Distrowatch switching to FreeBSD, Torvalds says don’t run ZFS, iked(8) removed automatic IPv6 blocking, working towards LLDB on i386, and memory-hard Argon2 hashing scheme in NetBSD.</itunes:subtitle>
10056 <itunes:duration>48:07</itunes:duration>
10057 <itunes:explicit>no</itunes:explicit>
10058 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
10059 <description>Upgrading FreeBSD from 11.3 to 12.1, Distrowatch switching to FreeBSD, Torvalds says don’t run ZFS, iked(8) removed automatic IPv6 blocking, working towards LLDB on i386, and memory-hard Argon2 hashing scheme in NetBSD.
10060 Headlines
10061 Upgrading FreeBSD from 11.3 to 12.1 (https://blog.bimajority.org/2020/01/13/upgrading-freebsd-from-11-3-to-12-1/)
10062 Now here’s something more like what I was originally expecting the content on this blog to look like. I’m in the process of moving all of our FreeBSD servers (about 30 in total) from 11.3 to 12.1. We have our own local build of the OS, and until “packaged base” gets to a state where it’s reliably usable, we’re stuck doing upgrades the old-fashioned way. I created a set of notes for myself while cranking through these upgrades and I wanted to share them since they are not really work-specific and this process isn’t very well documented for people who haven’t been doing this sort of upgrade process for 25 years.
10063 Our source and object trees are read-only exported from the build server over NFS, which causes things to be slow. /etc/make.conf and /etc/src.conf are symbolic links on all of our servers to the master copies in /usr/src so that make installworld can find the configuration parameters the system was built with.
10064 Switching Distrowatch over to BSD (https://www.reddit.com/r/freebsd/comments/eodhit/switching_distrowatch_over_to_freebsd_ama/)
10065 This may be a little off-topic for this board (forgive me if it is, please). However, I wanted to say that I'm one of the people who works on DistroWatch (distrowatch.com) and this past week we had to deal with a server facing hardware failure. We had a discussion about whether to continue running Debian or switch to something else.
10066 The primary "something else" option turned out to be FreeBSD and it is what we eventually went with. It took a while to convert everything over from working with Debian GNU/Linux to FreeBSD 12 (some script incompatibilities, different paths, some changes to web server configuration, networking IPv6 troubles). But in the end we ended up with a good, FreeBSD-based experience.
10067 Since the transition was successful, though certainly not seamless, I thought people might want to do a Q&A on the migration process. Especially for those thinking of making the same switch.
10068 News Roundup
10069 iked(8) automatic IPv6 blocking removed (https://www.openbsd.org/faq/current.html#r20200114)
10070 iked(8) no longer automatically blocks unencrypted outbound IPv6 packets. This feature was intended to avoid accidental leakage, but in practice was found to mostly be a cause of misconfiguration.
10071 If you previously used iked(8)'s -6 flag to disable this feature, it is no longer needed and should be removed from /etc/rc.conf.local if used.
10072 Linus says dont run ZFS (https://itsfoss.com/linus-torvalds-zfs/)
10073 “Don’t use ZFS. It’s that simple. It was always more of a buzzword than anything else, I feel, and the licensing issues just make it a non-starter for me.”
10074 This is what Linus Torvalds said in a mailing list to once again express his disliking for ZFS filesystem specially over its licensing.
10075 To avoid unnecessary confusion, this is more intended for Linux distributions, kernel developers and maintainers rather than individual Linux users.
10076 GSoC 2019 Final Report: Incorporating the memory-hard Argon2 hashing scheme into NetBSD (https://blog.netbsd.org/tnf/entry/gsoc_2019_final_report_incorporating)
10077 We successfully incorporated the Argon2 reference implementation into NetBSD/amd64 for our 2019 Google Summer of Coding project. We introduced our project here and provided some hints on how to select parameters here. For our final report, we will provide an overview of what changes were made to complete the project.
10078 The Argon2 reference implementation, available here, is available under both the Creative Commons CC0 1.0 and the Apache Public License 2.0. To import the reference implementation into src/external, we chose to use the Apache 2.0 license for this project.
10079 Working towards LLDB on i386 NetBSD (https://blog.netbsd.org/tnf/entry/working_towards_lldb_on_i386)
10080 Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.
10081 In February 2019, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD's ptrace interface to cover more register types and fix compat32 issues, fixing watchpoint and threading support.
10082 Throughout December I've continued working on our build bot maintenance, in particular enabling compiler-rt tests. I've revived and finished my old patch for extended register state (XState) in core dumps. I've started working on bringing proper i386 support to LLDB.
10083 Beastie Bits
10084 An open source Civilization V (https://github.com/yairm210/UnCiv)
10085 BSD Groups in Italy (https://bsdnotizie.blogspot.com/2020/01/gruppi-bsd-in-italia.html)
10086 Why is Wednesday, November 17, 1858 the base time for OpenVMS? (https://www.slac.stanford.edu/~rkj/crazytime.txt)
10087 Benchmarking shell pipelines and the Unix “tools” philosophy (https://blog.plover.com/Unix/tools.html)
10088 LPI and BSD working together (https://youtu.be/QItb5aoj7Oc)
10089 Feedback/Questions
10090 Pat - March Meeting (http://dpaste.com/2BMGZVV#wrap)
10091 Madhukar - Overheating Laptop (http://dpaste.com/17WNVM8#wrap)
10092 Warren - R vs S (http://dpaste.com/3AZYFB1#wrap)
10093 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
10094 <video controls preload="metadata" style=" width:426px; height:240px;">
10095 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0334.mp4" type="video/mp4">
10096 Your browser does not support the HTML5 video tag.
10097 </video>
10098 </description>
10099 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, upgrading, distrowatch, zfs, iked, blocking, lldb, i386, memory, memory-hard, argon2, hashing scheme</itunes:keywords>
10100 <content:encoded>
10101 <![CDATA[<p>Upgrading FreeBSD from 11.3 to 12.1, Distrowatch switching to FreeBSD, Torvalds says don’t run ZFS, iked(8) removed automatic IPv6 blocking, working towards LLDB on i386, and memory-hard Argon2 hashing scheme in NetBSD.</p>
10102
10103 <h2>Headlines</h2>
10104
10105 <h3><a href="https://blog.bimajority.org/2020/01/13/upgrading-freebsd-from-11-3-to-12-1/" rel="nofollow">Upgrading FreeBSD from 11.3 to 12.1</a></h3>
10106
10107 <blockquote>
10108 <p>Now here’s something more like what I was originally expecting the content on this blog to look like. I’m in the process of moving all of our FreeBSD servers (about 30 in total) from 11.3 to 12.1. We have our own local build of the OS, and until “packaged base” gets to a state where it’s reliably usable, we’re stuck doing upgrades the old-fashioned way. I created a set of notes for myself while cranking through these upgrades and I wanted to share them since they are not really work-specific and this process isn’t very well documented for people who haven’t been doing this sort of upgrade process for 25 years.</p>
10109
10110 <p>Our source and object trees are read-only exported from the build server over NFS, which causes things to be slow. /etc/make.conf and /etc/src.conf are symbolic links on all of our servers to the master copies in /usr/src so that make installworld can find the configuration parameters the system was built with.</p>
10111 </blockquote>
10112
10113 <hr>
10114
10115 <h3><a href="https://www.reddit.com/r/freebsd/comments/eodhit/switching_distrowatch_over_to_freebsd_ama/" rel="nofollow">Switching Distrowatch over to BSD</a></h3>
10116
10117 <blockquote>
10118 <p>This may be a little off-topic for this board (forgive me if it is, please). However, I wanted to say that I'm one of the people who works on DistroWatch (distrowatch.com) and this past week we had to deal with a server facing hardware failure. We had a discussion about whether to continue running Debian or switch to something else.</p>
10119
10120 <p>The primary "something else" option turned out to be FreeBSD and it is what we eventually went with. It took a while to convert everything over from working with Debian GNU/Linux to FreeBSD 12 (some script incompatibilities, different paths, some changes to web server configuration, networking IPv6 troubles). But in the end we ended up with a good, FreeBSD-based experience.</p>
10121
10122 <p>Since the transition was successful, though certainly not seamless, I thought people might want to do a Q&A on the migration process. Especially for those thinking of making the same switch.</p>
10123 </blockquote>
10124
10125 <hr>
10126
10127 <h2>News Roundup</h2>
10128
10129 <h3><a href="https://www.openbsd.org/faq/current.html#r20200114" rel="nofollow">iked(8) automatic IPv6 blocking removed</a></h3>
10130
10131 <blockquote>
10132 <p>iked(8) no longer automatically blocks unencrypted outbound IPv6 packets. This feature was intended to avoid accidental leakage, but in practice was found to mostly be a cause of misconfiguration.</p>
10133
10134 <p>If you previously used iked(8)'s -6 flag to disable this feature, it is no longer needed and should be removed from /etc/rc.conf.local if used.</p>
10135 </blockquote>
10136
10137 <hr>
10138
10139 <h3><a href="https://itsfoss.com/linus-torvalds-zfs/" rel="nofollow">Linus says dont run ZFS</a></h3>
10140
10141 <blockquote>
10142 <p>“Don’t use ZFS. It’s that simple. It was always more of a buzzword than anything else, I feel, and the licensing issues just make it a non-starter for me.”</p>
10143
10144 <p>This is what Linus Torvalds said in a mailing list to once again express his disliking for ZFS filesystem specially over its licensing.</p>
10145
10146 <p>To avoid unnecessary confusion, this is more intended for Linux distributions, kernel developers and maintainers rather than individual Linux users.</p>
10147 </blockquote>
10148
10149 <hr>
10150
10151 <h3><a href="https://blog.netbsd.org/tnf/entry/gsoc_2019_final_report_incorporating" rel="nofollow">GSoC 2019 Final Report: Incorporating the memory-hard Argon2 hashing scheme into NetBSD</a></h3>
10152
10153 <blockquote>
10154 <p>We successfully incorporated the Argon2 reference implementation into NetBSD/amd64 for our 2019 Google Summer of Coding project. We introduced our project here and provided some hints on how to select parameters here. For our final report, we will provide an overview of what changes were made to complete the project.</p>
10155
10156 <p>The Argon2 reference implementation, available here, is available under both the Creative Commons CC0 1.0 and the Apache Public License 2.0. To import the reference implementation into src/external, we chose to use the Apache 2.0 license for this project.</p>
10157 </blockquote>
10158
10159 <hr>
10160
10161 <h3><a href="https://blog.netbsd.org/tnf/entry/working_towards_lldb_on_i386" rel="nofollow">Working towards LLDB on i386 NetBSD</a></h3>
10162
10163 <blockquote>
10164 <p>Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.</p>
10165
10166 <p>In February 2019, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD's ptrace interface to cover more register types and fix compat32 issues, fixing watchpoint and threading support.</p>
10167
10168 <p>Throughout December I've continued working on our build bot maintenance, in particular enabling compiler-rt tests. I've revived and finished my old patch for extended register state (XState) in core dumps. I've started working on bringing proper i386 support to LLDB.</p>
10169 </blockquote>
10170
10171 <hr>
10172
10173 <h2>Beastie Bits</h2>
10174
10175 <ul>
10176 <li><a href="https://github.com/yairm210/UnCiv" rel="nofollow">An open source Civilization V</a></li>
10177 <li><a href="https://bsdnotizie.blogspot.com/2020/01/gruppi-bsd-in-italia.html" rel="nofollow">BSD Groups in Italy</a></li>
10178 <li><a href="https://www.slac.stanford.edu/%7Erkj/crazytime.txt" rel="nofollow">Why is Wednesday, November 17, 1858 the base time for OpenVMS?</a></li>
10179 <li><a href="https://blog.plover.com/Unix/tools.html" rel="nofollow">Benchmarking shell pipelines and the Unix “tools” philosophy</a></li>
10180 <li><a href="https://youtu.be/QItb5aoj7Oc" rel="nofollow">LPI and BSD working together</a></li>
10181 </ul>
10182
10183 <hr>
10184
10185 <h2>Feedback/Questions</h2>
10186
10187 <ul>
10188 <li>Pat - <a href="http://dpaste.com/2BMGZVV#wrap" rel="nofollow">March Meeting</a></li>
10189 <li>Madhukar - <a href="http://dpaste.com/17WNVM8#wrap" rel="nofollow">Overheating Laptop</a></li>
10190 <li>Warren - <a href="http://dpaste.com/3AZYFB1#wrap" rel="nofollow">R vs S</a></li>
10191 </ul>
10192
10193 <hr>
10194
10195 <ul>
10196 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
10197 </ul>
10198
10199 <hr>
10200
10201 <video controls preload="metadata" style=" width:426px; height:240px;">
10202 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0334.mp4" type="video/mp4">
10203 Your browser does not support the HTML5 video tag.
10204 </video>]]>
10205 </content:encoded>
10206 <itunes:summary>
10207 <![CDATA[<p>Upgrading FreeBSD from 11.3 to 12.1, Distrowatch switching to FreeBSD, Torvalds says don’t run ZFS, iked(8) removed automatic IPv6 blocking, working towards LLDB on i386, and memory-hard Argon2 hashing scheme in NetBSD.</p>
10208
10209 <h2>Headlines</h2>
10210
10211 <h3><a href="https://blog.bimajority.org/2020/01/13/upgrading-freebsd-from-11-3-to-12-1/" rel="nofollow">Upgrading FreeBSD from 11.3 to 12.1</a></h3>
10212
10213 <blockquote>
10214 <p>Now here’s something more like what I was originally expecting the content on this blog to look like. I’m in the process of moving all of our FreeBSD servers (about 30 in total) from 11.3 to 12.1. We have our own local build of the OS, and until “packaged base” gets to a state where it’s reliably usable, we’re stuck doing upgrades the old-fashioned way. I created a set of notes for myself while cranking through these upgrades and I wanted to share them since they are not really work-specific and this process isn’t very well documented for people who haven’t been doing this sort of upgrade process for 25 years.</p>
10215
10216 <p>Our source and object trees are read-only exported from the build server over NFS, which causes things to be slow. /etc/make.conf and /etc/src.conf are symbolic links on all of our servers to the master copies in /usr/src so that make installworld can find the configuration parameters the system was built with.</p>
10217 </blockquote>
10218
10219 <hr>
10220
10221 <h3><a href="https://www.reddit.com/r/freebsd/comments/eodhit/switching_distrowatch_over_to_freebsd_ama/" rel="nofollow">Switching Distrowatch over to BSD</a></h3>
10222
10223 <blockquote>
10224 <p>This may be a little off-topic for this board (forgive me if it is, please). However, I wanted to say that I'm one of the people who works on DistroWatch (distrowatch.com) and this past week we had to deal with a server facing hardware failure. We had a discussion about whether to continue running Debian or switch to something else.</p>
10225
10226 <p>The primary "something else" option turned out to be FreeBSD and it is what we eventually went with. It took a while to convert everything over from working with Debian GNU/Linux to FreeBSD 12 (some script incompatibilities, different paths, some changes to web server configuration, networking IPv6 troubles). But in the end we ended up with a good, FreeBSD-based experience.</p>
10227
10228 <p>Since the transition was successful, though certainly not seamless, I thought people might want to do a Q&A on the migration process. Especially for those thinking of making the same switch.</p>
10229 </blockquote>
10230
10231 <hr>
10232
10233 <h2>News Roundup</h2>
10234
10235 <h3><a href="https://www.openbsd.org/faq/current.html#r20200114" rel="nofollow">iked(8) automatic IPv6 blocking removed</a></h3>
10236
10237 <blockquote>
10238 <p>iked(8) no longer automatically blocks unencrypted outbound IPv6 packets. This feature was intended to avoid accidental leakage, but in practice was found to mostly be a cause of misconfiguration.</p>
10239
10240 <p>If you previously used iked(8)'s -6 flag to disable this feature, it is no longer needed and should be removed from /etc/rc.conf.local if used.</p>
10241 </blockquote>
10242
10243 <hr>
10244
10245 <h3><a href="https://itsfoss.com/linus-torvalds-zfs/" rel="nofollow">Linus says dont run ZFS</a></h3>
10246
10247 <blockquote>
10248 <p>“Don’t use ZFS. It’s that simple. It was always more of a buzzword than anything else, I feel, and the licensing issues just make it a non-starter for me.”</p>
10249
10250 <p>This is what Linus Torvalds said in a mailing list to once again express his disliking for ZFS filesystem specially over its licensing.</p>
10251
10252 <p>To avoid unnecessary confusion, this is more intended for Linux distributions, kernel developers and maintainers rather than individual Linux users.</p>
10253 </blockquote>
10254
10255 <hr>
10256
10257 <h3><a href="https://blog.netbsd.org/tnf/entry/gsoc_2019_final_report_incorporating" rel="nofollow">GSoC 2019 Final Report: Incorporating the memory-hard Argon2 hashing scheme into NetBSD</a></h3>
10258
10259 <blockquote>
10260 <p>We successfully incorporated the Argon2 reference implementation into NetBSD/amd64 for our 2019 Google Summer of Coding project. We introduced our project here and provided some hints on how to select parameters here. For our final report, we will provide an overview of what changes were made to complete the project.</p>
10261
10262 <p>The Argon2 reference implementation, available here, is available under both the Creative Commons CC0 1.0 and the Apache Public License 2.0. To import the reference implementation into src/external, we chose to use the Apache 2.0 license for this project.</p>
10263 </blockquote>
10264
10265 <hr>
10266
10267 <h3><a href="https://blog.netbsd.org/tnf/entry/working_towards_lldb_on_i386" rel="nofollow">Working towards LLDB on i386 NetBSD</a></h3>
10268
10269 <blockquote>
10270 <p>Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.</p>
10271
10272 <p>In February 2019, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD's ptrace interface to cover more register types and fix compat32 issues, fixing watchpoint and threading support.</p>
10273
10274 <p>Throughout December I've continued working on our build bot maintenance, in particular enabling compiler-rt tests. I've revived and finished my old patch for extended register state (XState) in core dumps. I've started working on bringing proper i386 support to LLDB.</p>
10275 </blockquote>
10276
10277 <hr>
10278
10279 <h2>Beastie Bits</h2>
10280
10281 <ul>
10282 <li><a href="https://github.com/yairm210/UnCiv" rel="nofollow">An open source Civilization V</a></li>
10283 <li><a href="https://bsdnotizie.blogspot.com/2020/01/gruppi-bsd-in-italia.html" rel="nofollow">BSD Groups in Italy</a></li>
10284 <li><a href="https://www.slac.stanford.edu/%7Erkj/crazytime.txt" rel="nofollow">Why is Wednesday, November 17, 1858 the base time for OpenVMS?</a></li>
10285 <li><a href="https://blog.plover.com/Unix/tools.html" rel="nofollow">Benchmarking shell pipelines and the Unix “tools” philosophy</a></li>
10286 <li><a href="https://youtu.be/QItb5aoj7Oc" rel="nofollow">LPI and BSD working together</a></li>
10287 </ul>
10288
10289 <hr>
10290
10291 <h2>Feedback/Questions</h2>
10292
10293 <ul>
10294 <li>Pat - <a href="http://dpaste.com/2BMGZVV#wrap" rel="nofollow">March Meeting</a></li>
10295 <li>Madhukar - <a href="http://dpaste.com/17WNVM8#wrap" rel="nofollow">Overheating Laptop</a></li>
10296 <li>Warren - <a href="http://dpaste.com/3AZYFB1#wrap" rel="nofollow">R vs S</a></li>
10297 </ul>
10298
10299 <hr>
10300
10301 <ul>
10302 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
10303 </ul>
10304
10305 <hr>
10306
10307 <video controls preload="metadata" style=" width:426px; height:240px;">
10308 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0334.mp4" type="video/mp4">
10309 Your browser does not support the HTML5 video tag.
10310 </video>]]>
10311 </itunes:summary>
10312 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+i7PDvAJZ</fireside:playerURL>
10313 <fireside:playerEmbedCode>
10314 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+i7PDvAJZ" width="740" height="200" frameborder="0" scrolling="no">]]>
10315 </fireside:playerEmbedCode>
10316 </item>
10317 <item>
10318 <title>333: Unix Keyboard Joy</title>
10319 <link>https://www.bsdnow.tv/333</link>
10320 <guid isPermaLink="false">9f3dffa3-f888-4af3-8a0a-3a236e130b4f</guid>
10321 <pubDate>Thu, 16 Jan 2020 05:00:00 -0800</pubDate>
10322 <author>Allan Jude</author>
10323 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/9f3dffa3-f888-4af3-8a0a-3a236e130b4f.mp3" length="29159154" type="audio/mp3"/>
10324 <itunes:episodeType>full</itunes:episodeType>
10325 <itunes:author>Allan Jude</itunes:author>
10326 <itunes:subtitle>Your Impact on FreeBSD in 2019, Wireguard on OpenBSD Router, Amazon now has FreeBSD/ARM 12, pkgsrc-2019Q4, The Joys of UNIX Keyboards, OpenBSD on Digital Ocean, and more.</itunes:subtitle>
10327 <itunes:duration>40:29</itunes:duration>
10328 <itunes:explicit>no</itunes:explicit>
10329 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
10330 <description>Your Impact on FreeBSD in 2019, Wireguard on OpenBSD Router, Amazon now has FreeBSD/ARM 12, pkgsrc-2019Q4, The Joys of UNIX Keyboards, OpenBSD on Digital Ocean, and more.
10331 Headlines
10332 Your Impact on FreeBSD in 2019 (https://www.freebsdfoundation.org/blog/your-impact-on-freebsd-in-2019/)
10333 It’s hard to believe that 2019 is nearly over. It has been an amazing year for supporting the FreeBSD Project and community! Why do I say that? Because as I reflect over the past 12 months, I realize how many events we’ve attended all over the world, and how many lives we’ve touched in so many ways. From advocating for FreeBSD to implementing FreeBSD features, my team has been there to help make FreeBSD the best open source project and operating system out there.
10334 In 2019, we focused on supporting a few key areas where the Project needed the most help. The first area was software development. Whether it was contracting FreeBSD developers to work on projects like wifi support, to providing internal staff to quickly implement hardware workarounds, we’ve stepped in to help keep FreeBSD innovative, secure, and reliable. Software development includes supporting the tools and infrastructure that make the development process go smoothly, and we’re on it with team members heading up the Continuous Integration efforts, and actively involved in the clusteradmin and security teams.
10335 Our advocacy efforts focused on recruiting new users and contributors to the Project. We attended and participated in 38 conferences and events in 21 countries. From giving FreeBSD presentations and workshops to staffing tables, we were able to have 1:1 conversations with thousands of attendees.
10336 Our travels also provided opportunities to talk directly with FreeBSD commercial and individual users, contributors, and future FreeBSD user/contributors. We’ve seen an increase in use and interest in FreeBSD from all of these organizations and individuals. These meetings give us a chance to learn more about what organizations need and what they and other individuals are working on. The information helps inform the work we should fund.
10337 Wireguard on OpenBSD Router (https://obscurity.xyz/bsd/open/wireguard.html)
10338 wireguard (wg) is a modern vpn protocol, using the latest class of encryption algorithms while at the same time promising speed and a small code base.
10339 modern crypto and lean code are also tenants of openbsd, thus it was a no brainer to migrate my router from openvpn over to wireguard.
10340 my setup : a collection of devices, both wired and wireless, that are nat’d through my router (openbsd 6.6) out via my vpn provider azire* and out to the internet using wg-quick to start wg.
10341 running : doubtless this could be improved on, but currently i start wg manually when my router boots. this, and the nat'ing on the vpn interface mean its impossible for clients to connect to the internet without the vpn being up. as my router is on a ups and only reboots when a kernel patch requires it, it’s a compromise i can live with. run wg-quick (please replace vpn with whatever you named your wg .conf file.) and reload pf rules.
10342 News Roundup
10343 Amazon now has FreeBSD/ARM 12 (https://aws.amazon.com/marketplace/pp/B081NF7BY7)
10344 AWS, the cloud division of Amazon, announced in December the next generation of its ARM processors, the Graviton2. This is a custom chip design with a 7nm architecture. It is based on 64-bit ARM Neoverse cores.
10345 Compared to first-generation Graviton processors (A1), today’s new chips should deliver up to 7x the performance of A1 instances in some cases. Floating point performance is now twice as fast. There are additional memory channels and cache speed memory access should be much faster.
10346 The company is working on three types of Graviton2 EC2 instances that should be available soon. Instances with a “g” suffix are powered by Graviton2 chips. If they have a “d” suffix, it also means that they have NVMe local storage.
10347 General-purpose instances (M6g and M6gd)
10348 Compute-optimized instances (C6g and C6gd)
10349 Memory-optimized instances (R6g and R6gd)
10350 You can choose instances with up to 64 vCPUs, 512 GiB of memory and 25 Gbps networking.
10351 And you can see that ARM-powered servers are not just a fad. AWS already promises a 40% better price/performance ratio with ARM-based instances when you compare them with x86-based instances.
10352 AWS has been working with operating system vendors and independent software vendors to help them release software that runs on ARM. ARM-based EC2 instances support Amazon Linux 2, Ubuntu, Red Hat, SUSE, Fedora, Debian and FreeBSD. It also works with multiple container services (Docker, Amazon ECS, and Amazon Elastic Kubernetes Service).
10353 Coverage of AWS Announcement (https://techcrunch.com/2019/12/03/aws-announces-new-arm-based-instances-with-graviton2-processors/)
10354 Announcing the pkgsrc-2019Q4 release (https://mail-index.netbsd.org/pkgsrc-users/2020/01/06/msg030130.html)
10355 The pkgsrc developers are proud to announce the 65th quarterly release of pkgsrc, the cross-platform packaging system. pkgsrc is available with more than 20,000 packages, running on 23 separate platforms; more information on pkgsrc itself is available at https://www.pkgsrc.org/
10356 In total, 190 packages were added, 96 packages were removed, and 1,868 package updates (to 1388 unique packages) were processed since the pkgsrc-2019Q3 release. As usual, a large number of updates and additions were processed for packages for go (14), guile (11), perl (170), php (10), python (426), and ruby (110). This continues pkgsrc's tradition of adding useful packages, updating many packages to more current versions, and pruning unmaintained packages that are believed to have essentially no users.
10357 The Joys of UNIX Keyboards (https://donatstudios.com/UNIX-Keyboards)
10358 I fell in love with a dead keyboard layout.
10359 A decade or so ago while helping a friends father clean out an old building, we came across an ancient Sun Microsystems server. We found it curious. Everything about it was different from what we were used to. The command line was black on white, the connectors strange and foreign, and the keyboard layout was bizarre.
10360 We never did much with it; turning it on made all the lights in his home dim, and our joint knowledge of UNIX was nonexistent. It sat in his bedroom for years supporting his television at the foot of his bed.
10361 I never forgot that keyboard though. The thought that there was this alternative layout out there seemed intriguing to me.
10362 OpenBSD on Digital Ocean (https://www.going-flying.com/blog/openbsd-on-digitalocean.html)
10363 Last night I had a need to put together a new OpenBSD machine. Since I already use DigitalOcean for one of my public DNS servers I wanted to use them for this need but sadly like all too many of the cloud providers they don't support OpenBSD. Now they do support FreeBSD and I found a couple writeups that show how to use FreeBSD as a shim to install OpenBSD.
10364 They are both sort of old at this point and with OpenBSD 6.6 out I ran into a bit of a snag. The default these days is to use a GPT partition table to enable EFI booting. This is generally pretty sane but it looks to me like the FreeBSD droplet doesn't support this. After the installer rebooted the VM failed to boot, being unable to find the bootloader.
10365 Thankfully DigitalOcean has a recovery ISO that you can boot by simply switching to it and powering off and then on your Droplet.
10366 Beastie Bits
10367 FreeBSD defaults to LLVM on PPC (https://svnweb.freebsd.org/base?view=revision&revision=356111)
10368 Theo De Raadt Interview between Ottawa 2019 Hackathon and BSDCAN 2019 (https://undeadly.org/cgi?action=article;sid=20191231214356)
10369 Bastille Poll about what people would like to see in 2020 (https://twitter.com/BastilleBSD/status/1211475103143251968)
10370 Notes on the classic book : The Design of the UNIX Operating System (https://github.com/suvratapte/Maurice-Bach-Notes)
10371 Multics History (https://www.multicians.org/)
10372 First meeting of the Hamilton BSD user group, February 11, 2020 18:30 - 21:00, Boston Pizza on Upper James St (http://studybsd.com/)
10373 Feedback/Questions
10374 Bill - 1.1 CDROM (http://dpaste.com/2H9CW6R)
10375 Greg - More 50 Year anniversary information (http://dpaste.com/2SGA3KY)
10376 Dave - Question time for Allan (http://dpaste.com/3ZAEKHD#wrap)
10377 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
10378 <video controls preload="metadata" style=" width:426px; height:240px;">
10379 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0333.mp4" type="video/mp4">
10380 Your browser does not support the HTML5 video tag.
10381 </video>
10382 </description>
10383 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, freebsd foundation, foundation, wireguard, amazon, ec2, arm, arm 12, pkgsrc, unix, keyboard, keyboards, digital ocean</itunes:keywords>
10384 <content:encoded>
10385 <![CDATA[<p>Your Impact on FreeBSD in 2019, Wireguard on OpenBSD Router, Amazon now has FreeBSD/ARM 12, pkgsrc-2019Q4, The Joys of UNIX Keyboards, OpenBSD on Digital Ocean, and more.</p>
10386
10387 <h2>Headlines</h2>
10388
10389 <h3><a href="https://www.freebsdfoundation.org/blog/your-impact-on-freebsd-in-2019/" rel="nofollow">Your Impact on FreeBSD in 2019</a></h3>
10390
10391 <blockquote>
10392 <p>It’s hard to believe that 2019 is nearly over. It has been an amazing year for supporting the FreeBSD Project and community! Why do I say that? Because as I reflect over the past 12 months, I realize how many events we’ve attended all over the world, and how many lives we’ve touched in so many ways. From advocating for FreeBSD to implementing FreeBSD features, my team has been there to help make FreeBSD the best open source project and operating system out there.</p>
10393
10394 <p>In 2019, we focused on supporting a few key areas where the Project needed the most help. The first area was software development. Whether it was contracting FreeBSD developers to work on projects like wifi support, to providing internal staff to quickly implement hardware workarounds, we’ve stepped in to help keep FreeBSD innovative, secure, and reliable. Software development includes supporting the tools and infrastructure that make the development process go smoothly, and we’re on it with team members heading up the Continuous Integration efforts, and actively involved in the clusteradmin and security teams.</p>
10395
10396 <p>Our advocacy efforts focused on recruiting new users and contributors to the Project. We attended and participated in 38 conferences and events in 21 countries. From giving FreeBSD presentations and workshops to staffing tables, we were able to have 1:1 conversations with thousands of attendees.</p>
10397
10398 <p>Our travels also provided opportunities to talk directly with FreeBSD commercial and individual users, contributors, and future FreeBSD user/contributors. We’ve seen an increase in use and interest in FreeBSD from all of these organizations and individuals. These meetings give us a chance to learn more about what organizations need and what they and other individuals are working on. The information helps inform the work we should fund.</p>
10399 </blockquote>
10400
10401 <hr>
10402
10403 <h3><a href="https://obscurity.xyz/bsd/open/wireguard.html" rel="nofollow">Wireguard on OpenBSD Router</a></h3>
10404
10405 <blockquote>
10406 <p>wireguard (wg) is a modern vpn protocol, using the latest class of encryption algorithms while at the same time promising speed and a small code base.</p>
10407
10408 <p>modern crypto and lean code are also tenants of openbsd, thus it was a no brainer to migrate my router from openvpn over to wireguard.</p>
10409
10410 <p>my setup : a collection of devices, both wired and wireless, that are nat’d through my router (openbsd 6.6) out via my vpn provider azire* and out to the internet using wg-quick to start wg.</p>
10411
10412 <p>running : doubtless this could be improved on, but currently i start wg manually when my router boots. this, and the nat'ing on the vpn interface mean its impossible for clients to connect to the internet without the vpn being up. as my router is on a ups and only reboots when a kernel patch requires it, it’s a compromise i can live with. run wg-quick (please replace vpn with whatever you named your wg .conf file.) and reload pf rules.</p>
10413 </blockquote>
10414
10415 <hr>
10416
10417 <h2>News Roundup</h2>
10418
10419 <h3><a href="https://aws.amazon.com/marketplace/pp/B081NF7BY7" rel="nofollow">Amazon now has FreeBSD/ARM 12</a></h3>
10420
10421 <blockquote>
10422 <p>AWS, the cloud division of Amazon, announced in December the next generation of its ARM processors, the Graviton2. This is a custom chip design with a 7nm architecture. It is based on 64-bit ARM Neoverse cores.</p>
10423
10424 <p>Compared to first-generation Graviton processors (A1), today’s new chips should deliver up to 7x the performance of A1 instances in some cases. Floating point performance is now twice as fast. There are additional memory channels and cache speed memory access should be much faster.</p>
10425
10426 <p>The company is working on three types of Graviton2 EC2 instances that should be available soon. Instances with a “g” suffix are powered by Graviton2 chips. If they have a “d” suffix, it also means that they have NVMe local storage.</p>
10427
10428 <ul>
10429 <li><p>General-purpose instances (M6g and M6gd)</p></li>
10430 <li><p>Compute-optimized instances (C6g and C6gd)</p></li>
10431 <li><p>Memory-optimized instances (R6g and R6gd)</p></li>
10432 </ul>
10433
10434 <p>You can choose instances with up to 64 vCPUs, 512 GiB of memory and 25 Gbps networking.</p>
10435
10436 <p>And you can see that ARM-powered servers are not just a fad. AWS already promises a 40% better price/performance ratio with ARM-based instances when you compare them with x86-based instances.</p>
10437
10438 <p>AWS has been working with operating system vendors and independent software vendors to help them release software that runs on ARM. ARM-based EC2 instances support Amazon Linux 2, Ubuntu, Red Hat, SUSE, Fedora, Debian and FreeBSD. It also works with multiple container services (Docker, Amazon ECS, and Amazon Elastic Kubernetes Service).</p>
10439 </blockquote>
10440
10441 <ul>
10442 <li><a href="https://techcrunch.com/2019/12/03/aws-announces-new-arm-based-instances-with-graviton2-processors/" rel="nofollow">Coverage of AWS Announcement </a></li>
10443 </ul>
10444
10445 <hr>
10446
10447 <h3><a href="https://mail-index.netbsd.org/pkgsrc-users/2020/01/06/msg030130.html" rel="nofollow">Announcing the pkgsrc-2019Q4 release</a></h3>
10448
10449 <blockquote>
10450 <p>The pkgsrc developers are proud to announce the 65th quarterly release of pkgsrc, the cross-platform packaging system. pkgsrc is available with more than 20,000 packages, running on 23 separate platforms; more information on pkgsrc itself is available at <a href="https://www.pkgsrc.org/" rel="nofollow">https://www.pkgsrc.org/</a></p>
10451
10452 <p>In total, 190 packages were added, 96 packages were removed, and 1,868 package updates (to 1388 unique packages) were processed since the pkgsrc-2019Q3 release. As usual, a large number of updates and additions were processed for packages for go (14), guile (11), perl (170), php (10), python (426), and ruby (110). This continues pkgsrc's tradition of adding useful packages, updating many packages to more current versions, and pruning unmaintained packages that are believed to have essentially no users.</p>
10453 </blockquote>
10454
10455 <hr>
10456
10457 <h3><a href="https://donatstudios.com/UNIX-Keyboards" rel="nofollow">The Joys of UNIX Keyboards</a></h3>
10458
10459 <blockquote>
10460 <p>I fell in love with a dead keyboard layout.</p>
10461
10462 <p>A decade or so ago while helping a friends father clean out an old building, we came across an ancient Sun Microsystems server. We found it curious. Everything about it was different from what we were used to. The command line was black on white, the connectors strange and foreign, and the keyboard layout was bizarre.</p>
10463
10464 <p>We never did much with it; turning it on made all the lights in his home dim, and our joint knowledge of UNIX was nonexistent. It sat in his bedroom for years supporting his television at the foot of his bed.</p>
10465
10466 <p>I never forgot that keyboard though. The thought that there was this alternative layout out there seemed intriguing to me.</p>
10467 </blockquote>
10468
10469 <hr>
10470
10471 <h3><a href="https://www.going-flying.com/blog/openbsd-on-digitalocean.html" rel="nofollow">OpenBSD on Digital Ocean</a></h3>
10472
10473 <blockquote>
10474 <p>Last night I had a need to put together a new OpenBSD machine. Since I already use DigitalOcean for one of my public DNS servers I wanted to use them for this need but sadly like all too many of the cloud providers they don't support OpenBSD. Now they do support FreeBSD and I found a couple writeups that show how to use FreeBSD as a shim to install OpenBSD.</p>
10475
10476 <p>They are both sort of old at this point and with OpenBSD 6.6 out I ran into a bit of a snag. The default these days is to use a GPT partition table to enable EFI booting. This is generally pretty sane but it looks to me like the FreeBSD droplet doesn't support this. After the installer rebooted the VM failed to boot, being unable to find the bootloader.</p>
10477
10478 <p>Thankfully DigitalOcean has a recovery ISO that you can boot by simply switching to it and powering off and then on your Droplet.</p>
10479 </blockquote>
10480
10481 <hr>
10482
10483 <h2>Beastie Bits</h2>
10484
10485 <ul>
10486 <li><a href="https://svnweb.freebsd.org/base?view=revision&revision=356111" rel="nofollow">FreeBSD defaults to LLVM on PPC</a></li>
10487 <li><a href="https://undeadly.org/cgi?action=article;sid=20191231214356" rel="nofollow">Theo De Raadt Interview between Ottawa 2019 Hackathon and BSDCAN 2019</a></li>
10488 <li><a href="https://twitter.com/BastilleBSD/status/1211475103143251968" rel="nofollow">Bastille Poll about what people would like to see in 2020</a></li>
10489 <li><a href="https://github.com/suvratapte/Maurice-Bach-Notes" rel="nofollow">Notes on the classic book : The Design of the UNIX Operating System</a></li>
10490 <li><a href="https://www.multicians.org/" rel="nofollow">Multics History</a></li>
10491 <li><a href="http://studybsd.com/" rel="nofollow">First meeting of the Hamilton BSD user group, February 11, 2020 18:30 - 21:00, Boston Pizza on Upper James St</a></li>
10492 </ul>
10493
10494 <hr>
10495
10496 <h2>Feedback/Questions</h2>
10497
10498 <ul>
10499 <li>Bill - <a href="http://dpaste.com/2H9CW6R" rel="nofollow">1.1 CDROM</a></li>
10500 <li>Greg - <a href="http://dpaste.com/2SGA3KY" rel="nofollow">More 50 Year anniversary information</a></li>
10501 <li>Dave - <a href="http://dpaste.com/3ZAEKHD#wrap" rel="nofollow">Question time for Allan</a></li>
10502 </ul>
10503
10504 <hr>
10505
10506 <ul>
10507 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
10508 </ul>
10509
10510 <hr>
10511
10512 <video controls preload="metadata" style=" width:426px; height:240px;">
10513 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0333.mp4" type="video/mp4">
10514 Your browser does not support the HTML5 video tag.
10515 </video>]]>
10516 </content:encoded>
10517 <itunes:summary>
10518 <![CDATA[<p>Your Impact on FreeBSD in 2019, Wireguard on OpenBSD Router, Amazon now has FreeBSD/ARM 12, pkgsrc-2019Q4, The Joys of UNIX Keyboards, OpenBSD on Digital Ocean, and more.</p>
10519
10520 <h2>Headlines</h2>
10521
10522 <h3><a href="https://www.freebsdfoundation.org/blog/your-impact-on-freebsd-in-2019/" rel="nofollow">Your Impact on FreeBSD in 2019</a></h3>
10523
10524 <blockquote>
10525 <p>It’s hard to believe that 2019 is nearly over. It has been an amazing year for supporting the FreeBSD Project and community! Why do I say that? Because as I reflect over the past 12 months, I realize how many events we’ve attended all over the world, and how many lives we’ve touched in so many ways. From advocating for FreeBSD to implementing FreeBSD features, my team has been there to help make FreeBSD the best open source project and operating system out there.</p>
10526
10527 <p>In 2019, we focused on supporting a few key areas where the Project needed the most help. The first area was software development. Whether it was contracting FreeBSD developers to work on projects like wifi support, to providing internal staff to quickly implement hardware workarounds, we’ve stepped in to help keep FreeBSD innovative, secure, and reliable. Software development includes supporting the tools and infrastructure that make the development process go smoothly, and we’re on it with team members heading up the Continuous Integration efforts, and actively involved in the clusteradmin and security teams.</p>
10528
10529 <p>Our advocacy efforts focused on recruiting new users and contributors to the Project. We attended and participated in 38 conferences and events in 21 countries. From giving FreeBSD presentations and workshops to staffing tables, we were able to have 1:1 conversations with thousands of attendees.</p>
10530
10531 <p>Our travels also provided opportunities to talk directly with FreeBSD commercial and individual users, contributors, and future FreeBSD user/contributors. We’ve seen an increase in use and interest in FreeBSD from all of these organizations and individuals. These meetings give us a chance to learn more about what organizations need and what they and other individuals are working on. The information helps inform the work we should fund.</p>
10532 </blockquote>
10533
10534 <hr>
10535
10536 <h3><a href="https://obscurity.xyz/bsd/open/wireguard.html" rel="nofollow">Wireguard on OpenBSD Router</a></h3>
10537
10538 <blockquote>
10539 <p>wireguard (wg) is a modern vpn protocol, using the latest class of encryption algorithms while at the same time promising speed and a small code base.</p>
10540
10541 <p>modern crypto and lean code are also tenants of openbsd, thus it was a no brainer to migrate my router from openvpn over to wireguard.</p>
10542
10543 <p>my setup : a collection of devices, both wired and wireless, that are nat’d through my router (openbsd 6.6) out via my vpn provider azire* and out to the internet using wg-quick to start wg.</p>
10544
10545 <p>running : doubtless this could be improved on, but currently i start wg manually when my router boots. this, and the nat'ing on the vpn interface mean its impossible for clients to connect to the internet without the vpn being up. as my router is on a ups and only reboots when a kernel patch requires it, it’s a compromise i can live with. run wg-quick (please replace vpn with whatever you named your wg .conf file.) and reload pf rules.</p>
10546 </blockquote>
10547
10548 <hr>
10549
10550 <h2>News Roundup</h2>
10551
10552 <h3><a href="https://aws.amazon.com/marketplace/pp/B081NF7BY7" rel="nofollow">Amazon now has FreeBSD/ARM 12</a></h3>
10553
10554 <blockquote>
10555 <p>AWS, the cloud division of Amazon, announced in December the next generation of its ARM processors, the Graviton2. This is a custom chip design with a 7nm architecture. It is based on 64-bit ARM Neoverse cores.</p>
10556
10557 <p>Compared to first-generation Graviton processors (A1), today’s new chips should deliver up to 7x the performance of A1 instances in some cases. Floating point performance is now twice as fast. There are additional memory channels and cache speed memory access should be much faster.</p>
10558
10559 <p>The company is working on three types of Graviton2 EC2 instances that should be available soon. Instances with a “g” suffix are powered by Graviton2 chips. If they have a “d” suffix, it also means that they have NVMe local storage.</p>
10560
10561 <ul>
10562 <li><p>General-purpose instances (M6g and M6gd)</p></li>
10563 <li><p>Compute-optimized instances (C6g and C6gd)</p></li>
10564 <li><p>Memory-optimized instances (R6g and R6gd)</p></li>
10565 </ul>
10566
10567 <p>You can choose instances with up to 64 vCPUs, 512 GiB of memory and 25 Gbps networking.</p>
10568
10569 <p>And you can see that ARM-powered servers are not just a fad. AWS already promises a 40% better price/performance ratio with ARM-based instances when you compare them with x86-based instances.</p>
10570
10571 <p>AWS has been working with operating system vendors and independent software vendors to help them release software that runs on ARM. ARM-based EC2 instances support Amazon Linux 2, Ubuntu, Red Hat, SUSE, Fedora, Debian and FreeBSD. It also works with multiple container services (Docker, Amazon ECS, and Amazon Elastic Kubernetes Service).</p>
10572 </blockquote>
10573
10574 <ul>
10575 <li><a href="https://techcrunch.com/2019/12/03/aws-announces-new-arm-based-instances-with-graviton2-processors/" rel="nofollow">Coverage of AWS Announcement </a></li>
10576 </ul>
10577
10578 <hr>
10579
10580 <h3><a href="https://mail-index.netbsd.org/pkgsrc-users/2020/01/06/msg030130.html" rel="nofollow">Announcing the pkgsrc-2019Q4 release</a></h3>
10581
10582 <blockquote>
10583 <p>The pkgsrc developers are proud to announce the 65th quarterly release of pkgsrc, the cross-platform packaging system. pkgsrc is available with more than 20,000 packages, running on 23 separate platforms; more information on pkgsrc itself is available at <a href="https://www.pkgsrc.org/" rel="nofollow">https://www.pkgsrc.org/</a></p>
10584
10585 <p>In total, 190 packages were added, 96 packages were removed, and 1,868 package updates (to 1388 unique packages) were processed since the pkgsrc-2019Q3 release. As usual, a large number of updates and additions were processed for packages for go (14), guile (11), perl (170), php (10), python (426), and ruby (110). This continues pkgsrc's tradition of adding useful packages, updating many packages to more current versions, and pruning unmaintained packages that are believed to have essentially no users.</p>
10586 </blockquote>
10587
10588 <hr>
10589
10590 <h3><a href="https://donatstudios.com/UNIX-Keyboards" rel="nofollow">The Joys of UNIX Keyboards</a></h3>
10591
10592 <blockquote>
10593 <p>I fell in love with a dead keyboard layout.</p>
10594
10595 <p>A decade or so ago while helping a friends father clean out an old building, we came across an ancient Sun Microsystems server. We found it curious. Everything about it was different from what we were used to. The command line was black on white, the connectors strange and foreign, and the keyboard layout was bizarre.</p>
10596
10597 <p>We never did much with it; turning it on made all the lights in his home dim, and our joint knowledge of UNIX was nonexistent. It sat in his bedroom for years supporting his television at the foot of his bed.</p>
10598
10599 <p>I never forgot that keyboard though. The thought that there was this alternative layout out there seemed intriguing to me.</p>
10600 </blockquote>
10601
10602 <hr>
10603
10604 <h3><a href="https://www.going-flying.com/blog/openbsd-on-digitalocean.html" rel="nofollow">OpenBSD on Digital Ocean</a></h3>
10605
10606 <blockquote>
10607 <p>Last night I had a need to put together a new OpenBSD machine. Since I already use DigitalOcean for one of my public DNS servers I wanted to use them for this need but sadly like all too many of the cloud providers they don't support OpenBSD. Now they do support FreeBSD and I found a couple writeups that show how to use FreeBSD as a shim to install OpenBSD.</p>
10608
10609 <p>They are both sort of old at this point and with OpenBSD 6.6 out I ran into a bit of a snag. The default these days is to use a GPT partition table to enable EFI booting. This is generally pretty sane but it looks to me like the FreeBSD droplet doesn't support this. After the installer rebooted the VM failed to boot, being unable to find the bootloader.</p>
10610
10611 <p>Thankfully DigitalOcean has a recovery ISO that you can boot by simply switching to it and powering off and then on your Droplet.</p>
10612 </blockquote>
10613
10614 <hr>
10615
10616 <h2>Beastie Bits</h2>
10617
10618 <ul>
10619 <li><a href="https://svnweb.freebsd.org/base?view=revision&revision=356111" rel="nofollow">FreeBSD defaults to LLVM on PPC</a></li>
10620 <li><a href="https://undeadly.org/cgi?action=article;sid=20191231214356" rel="nofollow">Theo De Raadt Interview between Ottawa 2019 Hackathon and BSDCAN 2019</a></li>
10621 <li><a href="https://twitter.com/BastilleBSD/status/1211475103143251968" rel="nofollow">Bastille Poll about what people would like to see in 2020</a></li>
10622 <li><a href="https://github.com/suvratapte/Maurice-Bach-Notes" rel="nofollow">Notes on the classic book : The Design of the UNIX Operating System</a></li>
10623 <li><a href="https://www.multicians.org/" rel="nofollow">Multics History</a></li>
10624 <li><a href="http://studybsd.com/" rel="nofollow">First meeting of the Hamilton BSD user group, February 11, 2020 18:30 - 21:00, Boston Pizza on Upper James St</a></li>
10625 </ul>
10626
10627 <hr>
10628
10629 <h2>Feedback/Questions</h2>
10630
10631 <ul>
10632 <li>Bill - <a href="http://dpaste.com/2H9CW6R" rel="nofollow">1.1 CDROM</a></li>
10633 <li>Greg - <a href="http://dpaste.com/2SGA3KY" rel="nofollow">More 50 Year anniversary information</a></li>
10634 <li>Dave - <a href="http://dpaste.com/3ZAEKHD#wrap" rel="nofollow">Question time for Allan</a></li>
10635 </ul>
10636
10637 <hr>
10638
10639 <ul>
10640 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
10641 </ul>
10642
10643 <hr>
10644
10645 <video controls preload="metadata" style=" width:426px; height:240px;">
10646 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0333.mp4" type="video/mp4">
10647 Your browser does not support the HTML5 video tag.
10648 </video>]]>
10649 </itunes:summary>
10650 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+fCrZJNCT</fireside:playerURL>
10651 <fireside:playerEmbedCode>
10652 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+fCrZJNCT" width="740" height="200" frameborder="0" scrolling="no">]]>
10653 </fireside:playerEmbedCode>
10654 </item>
10655 <item>
10656 <title>332: The BSD Hyperbole</title>
10657 <link>https://www.bsdnow.tv/332</link>
10658 <guid isPermaLink="false">34cc6ce3-e7ed-41bf-880e-e77f6a27fe3c</guid>
10659 <pubDate>Thu, 09 Jan 2020 05:00:00 -0800</pubDate>
10660 <author>Allan Jude</author>
10661 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/34cc6ce3-e7ed-41bf-880e-e77f6a27fe3c.mp3" length="32549325" type="audio/mp3"/>
10662 <itunes:episodeType>full</itunes:episodeType>
10663 <itunes:author>Allan Jude</itunes:author>
10664 <itunes:subtitle>Announcing HyperbolaBSD, IPFW In-Kernel NAT setup on FreeBSD, Wayland and WebRTC enabled for NetBSD 9/Linux, LLDB Threading support ready for mainline, OpenSSH U2F/FIDO support in base, Dragonfly drm/i915: Update, and more.</itunes:subtitle>
10665 <itunes:duration>45:12</itunes:duration>
10666 <itunes:explicit>no</itunes:explicit>
10667 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
10668 <description>Announcing HyperbolaBSD, IPFW In-Kernel NAT setup on FreeBSD, Wayland and WebRTC enabled for NetBSD 9/Linux, LLDB Threading support ready for mainline, OpenSSH U2F/FIDO support in base, Dragonfly drm/i915: Update, and more.
10669 Headlines
10670 HyperbolaBSD Announcement (https://www.hyperbola.info/news/announcing-hyperbolabsd-roadmap/)
10671 Due to the Linux kernel rapidly proceeding down an unstable path, we are planning on implementing a completely new OS derived from several BSD implementations.
10672 This was not an easy decision to make, but we wish to use our time and resources to create a viable alternative to the current operating system trends which are actively seeking to undermine user choice and freedom.
10673 This will not be a "distro", but a hard fork of the OpenBSD kernel and userspace including new code written under GPLv3 and LGPLv3 to replace GPL-incompatible parts and non-free ones.
10674 Reasons for this include:
10675 Linux kernel forcing adaption of DRM, including HDCP.
10676 Linux kernel proposed usage of Rust (which contains freedom flaws and a centralized code repository that is more prone to cyber attack and generally requires internet access to use.)
10677 Linux kernel being written without security and in mind. (KSPP is basically a dead project and Grsec is no longer free software)
10678 Many GNU userspace and core utils are all forcing adaption of features without build time options to disable them. E.g. (PulseAudio / SystemD / Rust / Java as forced dependencies)
10679 As such, we will continue to support the Milky Way branch until 2022 when our legacy Linux-libre kernel reaches End of Life.
10680 Future versions of Hyperbola will be using HyperbolaBSD which will have the new kernel, userspace and not be ABI compatible with previous versions.
10681 HyperbolaBSD is intended to be modular and minimalist so other projects will be able to re-use the code under free license.
10682 Forum Post (https://forums.hyperbola.info/viewtopic.php?id=315)
10683 A simple IPFW In-Kernel NAT setup on FreeBSD (https://www.neelc.org/posts/freebsd-ipfw-nat/)
10684 After graduating college, I am moving from Brooklyn, NY to Redmond, WA (guess where I got a job). I always wanted to re-do my OPNsense firewall (currently a HP T730) with stock FreeBSD and IPFW’s in-kernel NAT.
10685 Why IPFW? Benchmarks have shown IPFW to be faster which is especially good for my Tor relay, and because I can! However, one downside of IPFW is less documentation vs PF, even less without natd (which we’re not using), and this took me time to figure this out.
10686 But since my T730 is already packed, I am testing this on a old PC with two NICs, and my laptop [1] as a client with an USB-to-Ethernet adapter.
10687 News Roundup
10688 HEADS UP: Wayland and WebRTC enabled for NetBSD 9/Linux (https://mail-index.netbsd.org/pkgsrc-users/2020/01/05/msg030124.html)
10689 This is just a heads up that the Wayland option is now turned on by
10690 default for NetBSD 9 and Linux in cases where it peacefully coexists
10691 with X11.
10692 Right now, this effects the following packages:
10693 graphics/MesaLib
10694 devel/SDL2
10695 www/webkit-gtk
10696 x11/gtk3
10697 The WebRTC option has also been enabled by default on NetBSD 9 for two Firefox versions: www/firefox, www/firefox68
10698 Please keep me informed of any fallout. Hopefully, there will be none.
10699 If you want to try out Wayland-related things on NetBSD 9, wm/velox/MESSAGE may be interesting for you.
10700 LLDB Threading support now ready for mainline (https://blog.netbsd.org/tnf/entry/lldb_threading_support_now_ready)
10701 Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.
10702 In February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD's ptrace interface to cover more register types and fix compat32 issues and fixing watchpoint support. Then, I've started working on improving thread support which is taking longer than expected. You can read more about that in my September 2019 report.
10703 So far the number of issues uncovered while enabling proper threading support has stopped me from merging the work-in-progress patches. However, I've finally reached the point where I believe that the current work can be merged and the remaining problems can be resolved afterwards. More on that and other LLVM-related events happening during the last month in this report.
10704 OpenSSH U2F/FIDO support in base (https://www.undeadly.org/cgi?action=article;sid=20191115064850)
10705 Hardware backed keys can be generated using "ssh-keygen -t ecdsa-sk" (or "ed25519-sk" if your token supports it). Many tokens require to be touched/tapped to confirm this step.
10706 You'll get a public/private keypair back as usual, except in this case, the private key file does not contain a highly-sensitive private key but instead holds a "key handle" that is used by the security key to derive the real private key at signing time.
10707 So, stealing a copy of the private key file without also stealing your security key (or access to it) should not give the attacker anything.
10708 drm/i915: Update to Linux 4.8.17 (http://lists.dragonflybsd.org/pipermail/commits/2019-December/720257.html)
10709 drm/i915: Update to Linux 4.8.17
10710 Broxton, Valleyview and Cherryview support improvements
10711 Broadwell and Gen9/Skylake support improvements
10712 Broadwell brightness fixes from OpenBSD
10713 Atomic modesetting improvements
10714 Various bug fixes and performance enhancements
10715 Beastie Bits
10716 Visual Studio Code port for FreeBSD (https://github.com/tagattie/FreeBSD-VSCode)
10717 OpenBSD syscall call-from verification (https://marc.info/?l=openbsd-tech&m=157488907117170&w=2)
10718 Peertube on OpenBSD (https://www.22decembre.eu/en/2019/12/09/peertube-14-openbsd/)
10719 Fuzzing Filesystems on NetBSD via AFL+KCOV by Maciej Grochowski (https://www.youtube.com/watch?v=bbNCqFdQEyk&feature=youtu.be)
10720 Twitter Bot for Prop65 (https://twitter.com/prop65bot/status/1199003319307558912)
10721 Interactive vim tutorial (https://www.openvim.com/)
10722 First BSD user group meeting in Hamilton, February 11, 2020 18:30 - 21:00, Boston Pizza on Upper James St (http://studybsd.com/)
10723 ***
10724 Feedback/Questions
10725 Samir - cgit (http://dpaste.com/2B22M24#wrap)
10726 Russell - R (http://dpaste.com/0J5TYY0#wrap)
10727 Wolfgang - Question (http://dpaste.com/3MQAH27#wrap)
10728 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
10729 <video controls preload="metadata" style=" width:426px; height:240px;">
10730 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0332.mp4" type="video/mp4">
10731 Your browser does not support the HTML5 video tag.
10732 </video>
10733 </description>
10734 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, hyperbolabsd, ipfw, in-kernel nat, nat, wayland, webrtc, lldb, threading, u2f, fido, drm, i915</itunes:keywords>
10735 <content:encoded>
10736 <![CDATA[<p>Announcing HyperbolaBSD, IPFW In-Kernel NAT setup on FreeBSD, Wayland and WebRTC enabled for NetBSD 9/Linux, LLDB Threading support ready for mainline, OpenSSH U2F/FIDO support in base, Dragonfly drm/i915: Update, and more.</p>
10737
10738 <h2>Headlines</h2>
10739
10740 <h3><a href="https://www.hyperbola.info/news/announcing-hyperbolabsd-roadmap/" rel="nofollow">HyperbolaBSD Announcement</a></h3>
10741
10742 <blockquote>
10743 <p>Due to the Linux kernel rapidly proceeding down an unstable path, we are planning on implementing a completely new OS derived from several BSD implementations.</p>
10744
10745 <p>This was not an easy decision to make, but we wish to use our time and resources to create a viable alternative to the current operating system trends which are actively seeking to undermine user choice and freedom.</p>
10746
10747 <p>This will not be a "distro", but a hard fork of the OpenBSD kernel and userspace including new code written under GPLv3 and LGPLv3 to replace GPL-incompatible parts and non-free ones.</p>
10748 </blockquote>
10749
10750 <ul>
10751 <li>Reasons for this include:
10752
10753 <ul>
10754 <li>Linux kernel forcing adaption of DRM, including HDCP.</li>
10755 <li>Linux kernel proposed usage of Rust (which contains freedom flaws and a centralized code repository that is more prone to cyber attack and generally requires internet access to use.)</li>
10756 <li>Linux kernel being written without security and in mind. (KSPP is basically a dead project and Grsec is no longer free software)</li>
10757 <li>Many GNU userspace and core utils are all forcing adaption of features without build time options to disable them. E.g. (PulseAudio / SystemD / Rust / Java as forced dependencies)</li>
10758 <li>As such, we will continue to support the Milky Way branch until 2022 when our legacy Linux-libre kernel reaches End of Life.</li>
10759 </ul></li>
10760 </ul>
10761
10762 <blockquote>
10763 <p>Future versions of Hyperbola will be using HyperbolaBSD which will have the new kernel, userspace and not be ABI compatible with previous versions.</p>
10764
10765 <p>HyperbolaBSD is intended to be modular and minimalist so other projects will be able to re-use the code under free license.</p>
10766 </blockquote>
10767
10768 <ul>
10769 <li><a href="https://forums.hyperbola.info/viewtopic.php?id=315" rel="nofollow">Forum Post</a> </li>
10770 </ul>
10771
10772 <hr>
10773
10774 <h3><a href="https://www.neelc.org/posts/freebsd-ipfw-nat/" rel="nofollow">A simple IPFW In-Kernel NAT setup on FreeBSD</a></h3>
10775
10776 <blockquote>
10777 <p>After graduating college, I am moving from Brooklyn, NY to Redmond, WA (guess where I got a job). I always wanted to re-do my OPNsense firewall (currently a HP T730) with stock FreeBSD and IPFW’s in-kernel NAT.</p>
10778
10779 <p>Why IPFW? Benchmarks have shown IPFW to be faster which is especially good for my Tor relay, and because I can! However, one downside of IPFW is less documentation vs PF, even less without natd (which we’re not using), and this took me time to figure this out.</p>
10780
10781 <p>But since my T730 is already packed, I am testing this on a old PC with two NICs, and my laptop [1] as a client with an USB-to-Ethernet adapter.</p>
10782 </blockquote>
10783
10784 <hr>
10785
10786 <h2>News Roundup</h2>
10787
10788 <h3><a href="https://mail-index.netbsd.org/pkgsrc-users/2020/01/05/msg030124.html" rel="nofollow">HEADS UP: Wayland and WebRTC enabled for NetBSD 9/Linux</a></h3>
10789
10790 <blockquote>
10791 <p>This is just a heads up that the Wayland option is now turned on by</p>
10792 </blockquote>
10793
10794 <p>default for NetBSD 9 and Linux in cases where it peacefully coexists<br>
10795 with X11. </p>
10796
10797 <ul>
10798 <li>Right now, this effects the following packages:
10799
10800 <ul>
10801 <li>graphics/MesaLib</li>
10802 <li>devel/SDL2</li>
10803 <li>www/webkit-gtk</li>
10804 <li>x11/gtk3</li>
10805 </ul></li>
10806 </ul>
10807
10808 <blockquote>
10809 <p>The WebRTC option has also been enabled by default on NetBSD 9 for two Firefox versions: www/firefox, www/firefox68</p>
10810
10811 <p>Please keep me informed of any fallout. Hopefully, there will be none.</p>
10812
10813 <p>If you want to try out Wayland-related things on NetBSD 9, wm/velox/MESSAGE may be interesting for you.</p>
10814 </blockquote>
10815
10816 <hr>
10817
10818 <h3><a href="https://blog.netbsd.org/tnf/entry/lldb_threading_support_now_ready" rel="nofollow">LLDB Threading support now ready for mainline</a></h3>
10819
10820 <blockquote>
10821 <p>Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.</p>
10822
10823 <p>In February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD's ptrace interface to cover more register types and fix compat32 issues and fixing watchpoint support. Then, I've started working on improving thread support which is taking longer than expected. You can read more about that in my September 2019 report.</p>
10824
10825 <p>So far the number of issues uncovered while enabling proper threading support has stopped me from merging the work-in-progress patches. However, I've finally reached the point where I believe that the current work can be merged and the remaining problems can be resolved afterwards. More on that and other LLVM-related events happening during the last month in this report.</p>
10826 </blockquote>
10827
10828 <hr>
10829
10830 <h3><a href="https://www.undeadly.org/cgi?action=article;sid=20191115064850" rel="nofollow">OpenSSH U2F/FIDO support in base</a></h3>
10831
10832 <blockquote>
10833 <p>Hardware backed keys can be generated using "ssh-keygen -t ecdsa-sk" (or "ed25519-sk" if your token supports it). Many tokens require to be touched/tapped to confirm this step.</p>
10834
10835 <p>You'll get a public/private keypair back as usual, except in this case, the private key file does not contain a highly-sensitive private key but instead holds a "key handle" that is used by the security key to derive the real private key at signing time.</p>
10836
10837 <p>So, stealing a copy of the private key file without also stealing your security key (or access to it) should not give the attacker anything.</p>
10838 </blockquote>
10839
10840 <hr>
10841
10842 <h3><a href="http://lists.dragonflybsd.org/pipermail/commits/2019-December/720257.html" rel="nofollow">drm/i915: Update to Linux 4.8.17</a></h3>
10843
10844 <ul>
10845 <li> drm/i915: Update to Linux 4.8.17
10846
10847 <ul>
10848 <li>Broxton, Valleyview and Cherryview support improvements</li>
10849 <li>Broadwell and Gen9/Skylake support improvements</li>
10850 <li>Broadwell brightness fixes from OpenBSD</li>
10851 <li>Atomic modesetting improvements</li>
10852 <li>Various bug fixes and performance enhancements</li>
10853 </ul></li>
10854 </ul>
10855
10856 <hr>
10857
10858 <h2>Beastie Bits</h2>
10859
10860 <ul>
10861 <li><a href="https://github.com/tagattie/FreeBSD-VSCode" rel="nofollow">Visual Studio Code port for FreeBSD</a></li>
10862 <li><a href="https://marc.info/?l=openbsd-tech&m=157488907117170&w=2" rel="nofollow">OpenBSD syscall call-from verification</a></li>
10863 <li><a href="https://www.22decembre.eu/en/2019/12/09/peertube-14-openbsd/" rel="nofollow">Peertube on OpenBSD</a></li>
10864 <li><a href="https://www.youtube.com/watch?v=bbNCqFdQEyk&feature=youtu.be" rel="nofollow">Fuzzing Filesystems on NetBSD via AFL+KCOV by Maciej Grochowski</a></li>
10865 <li><a href="https://twitter.com/prop65bot/status/1199003319307558912" rel="nofollow">Twitter Bot for Prop65</a></li>
10866 <li><a href="https://www.openvim.com/" rel="nofollow">Interactive vim tutorial</a></li>
10867 <li><a href="http://studybsd.com/" rel="nofollow">First BSD user group meeting in Hamilton, February 11, 2020 18:30 - 21:00, Boston Pizza on Upper James St</a>
10868 ***</li>
10869 </ul>
10870
10871 <h2>Feedback/Questions</h2>
10872
10873 <ul>
10874 <li>Samir - <a href="http://dpaste.com/2B22M24#wrap" rel="nofollow">cgit</a></li>
10875 <li>Russell - <a href="http://dpaste.com/0J5TYY0#wrap" rel="nofollow">R</a></li>
10876 <li>Wolfgang - <a href="http://dpaste.com/3MQAH27#wrap" rel="nofollow">Question</a></li>
10877 </ul>
10878
10879 <hr>
10880
10881 <ul>
10882 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
10883 </ul>
10884
10885 <hr>
10886
10887 <video controls preload="metadata" style=" width:426px; height:240px;">
10888 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0332.mp4" type="video/mp4">
10889 Your browser does not support the HTML5 video tag.
10890 </video>]]>
10891 </content:encoded>
10892 <itunes:summary>
10893 <![CDATA[<p>Announcing HyperbolaBSD, IPFW In-Kernel NAT setup on FreeBSD, Wayland and WebRTC enabled for NetBSD 9/Linux, LLDB Threading support ready for mainline, OpenSSH U2F/FIDO support in base, Dragonfly drm/i915: Update, and more.</p>
10894
10895 <h2>Headlines</h2>
10896
10897 <h3><a href="https://www.hyperbola.info/news/announcing-hyperbolabsd-roadmap/" rel="nofollow">HyperbolaBSD Announcement</a></h3>
10898
10899 <blockquote>
10900 <p>Due to the Linux kernel rapidly proceeding down an unstable path, we are planning on implementing a completely new OS derived from several BSD implementations.</p>
10901
10902 <p>This was not an easy decision to make, but we wish to use our time and resources to create a viable alternative to the current operating system trends which are actively seeking to undermine user choice and freedom.</p>
10903
10904 <p>This will not be a "distro", but a hard fork of the OpenBSD kernel and userspace including new code written under GPLv3 and LGPLv3 to replace GPL-incompatible parts and non-free ones.</p>
10905 </blockquote>
10906
10907 <ul>
10908 <li>Reasons for this include:
10909
10910 <ul>
10911 <li>Linux kernel forcing adaption of DRM, including HDCP.</li>
10912 <li>Linux kernel proposed usage of Rust (which contains freedom flaws and a centralized code repository that is more prone to cyber attack and generally requires internet access to use.)</li>
10913 <li>Linux kernel being written without security and in mind. (KSPP is basically a dead project and Grsec is no longer free software)</li>
10914 <li>Many GNU userspace and core utils are all forcing adaption of features without build time options to disable them. E.g. (PulseAudio / SystemD / Rust / Java as forced dependencies)</li>
10915 <li>As such, we will continue to support the Milky Way branch until 2022 when our legacy Linux-libre kernel reaches End of Life.</li>
10916 </ul></li>
10917 </ul>
10918
10919 <blockquote>
10920 <p>Future versions of Hyperbola will be using HyperbolaBSD which will have the new kernel, userspace and not be ABI compatible with previous versions.</p>
10921
10922 <p>HyperbolaBSD is intended to be modular and minimalist so other projects will be able to re-use the code under free license.</p>
10923 </blockquote>
10924
10925 <ul>
10926 <li><a href="https://forums.hyperbola.info/viewtopic.php?id=315" rel="nofollow">Forum Post</a> </li>
10927 </ul>
10928
10929 <hr>
10930
10931 <h3><a href="https://www.neelc.org/posts/freebsd-ipfw-nat/" rel="nofollow">A simple IPFW In-Kernel NAT setup on FreeBSD</a></h3>
10932
10933 <blockquote>
10934 <p>After graduating college, I am moving from Brooklyn, NY to Redmond, WA (guess where I got a job). I always wanted to re-do my OPNsense firewall (currently a HP T730) with stock FreeBSD and IPFW’s in-kernel NAT.</p>
10935
10936 <p>Why IPFW? Benchmarks have shown IPFW to be faster which is especially good for my Tor relay, and because I can! However, one downside of IPFW is less documentation vs PF, even less without natd (which we’re not using), and this took me time to figure this out.</p>
10937
10938 <p>But since my T730 is already packed, I am testing this on a old PC with two NICs, and my laptop [1] as a client with an USB-to-Ethernet adapter.</p>
10939 </blockquote>
10940
10941 <hr>
10942
10943 <h2>News Roundup</h2>
10944
10945 <h3><a href="https://mail-index.netbsd.org/pkgsrc-users/2020/01/05/msg030124.html" rel="nofollow">HEADS UP: Wayland and WebRTC enabled for NetBSD 9/Linux</a></h3>
10946
10947 <blockquote>
10948 <p>This is just a heads up that the Wayland option is now turned on by</p>
10949 </blockquote>
10950
10951 <p>default for NetBSD 9 and Linux in cases where it peacefully coexists<br>
10952 with X11. </p>
10953
10954 <ul>
10955 <li>Right now, this effects the following packages:
10956
10957 <ul>
10958 <li>graphics/MesaLib</li>
10959 <li>devel/SDL2</li>
10960 <li>www/webkit-gtk</li>
10961 <li>x11/gtk3</li>
10962 </ul></li>
10963 </ul>
10964
10965 <blockquote>
10966 <p>The WebRTC option has also been enabled by default on NetBSD 9 for two Firefox versions: www/firefox, www/firefox68</p>
10967
10968 <p>Please keep me informed of any fallout. Hopefully, there will be none.</p>
10969
10970 <p>If you want to try out Wayland-related things on NetBSD 9, wm/velox/MESSAGE may be interesting for you.</p>
10971 </blockquote>
10972
10973 <hr>
10974
10975 <h3><a href="https://blog.netbsd.org/tnf/entry/lldb_threading_support_now_ready" rel="nofollow">LLDB Threading support now ready for mainline</a></h3>
10976
10977 <blockquote>
10978 <p>Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.</p>
10979
10980 <p>In February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD's ptrace interface to cover more register types and fix compat32 issues and fixing watchpoint support. Then, I've started working on improving thread support which is taking longer than expected. You can read more about that in my September 2019 report.</p>
10981
10982 <p>So far the number of issues uncovered while enabling proper threading support has stopped me from merging the work-in-progress patches. However, I've finally reached the point where I believe that the current work can be merged and the remaining problems can be resolved afterwards. More on that and other LLVM-related events happening during the last month in this report.</p>
10983 </blockquote>
10984
10985 <hr>
10986
10987 <h3><a href="https://www.undeadly.org/cgi?action=article;sid=20191115064850" rel="nofollow">OpenSSH U2F/FIDO support in base</a></h3>
10988
10989 <blockquote>
10990 <p>Hardware backed keys can be generated using "ssh-keygen -t ecdsa-sk" (or "ed25519-sk" if your token supports it). Many tokens require to be touched/tapped to confirm this step.</p>
10991
10992 <p>You'll get a public/private keypair back as usual, except in this case, the private key file does not contain a highly-sensitive private key but instead holds a "key handle" that is used by the security key to derive the real private key at signing time.</p>
10993
10994 <p>So, stealing a copy of the private key file without also stealing your security key (or access to it) should not give the attacker anything.</p>
10995 </blockquote>
10996
10997 <hr>
10998
10999 <h3><a href="http://lists.dragonflybsd.org/pipermail/commits/2019-December/720257.html" rel="nofollow">drm/i915: Update to Linux 4.8.17</a></h3>
11000
11001 <ul>
11002 <li> drm/i915: Update to Linux 4.8.17
11003
11004 <ul>
11005 <li>Broxton, Valleyview and Cherryview support improvements</li>
11006 <li>Broadwell and Gen9/Skylake support improvements</li>
11007 <li>Broadwell brightness fixes from OpenBSD</li>
11008 <li>Atomic modesetting improvements</li>
11009 <li>Various bug fixes and performance enhancements</li>
11010 </ul></li>
11011 </ul>
11012
11013 <hr>
11014
11015 <h2>Beastie Bits</h2>
11016
11017 <ul>
11018 <li><a href="https://github.com/tagattie/FreeBSD-VSCode" rel="nofollow">Visual Studio Code port for FreeBSD</a></li>
11019 <li><a href="https://marc.info/?l=openbsd-tech&m=157488907117170&w=2" rel="nofollow">OpenBSD syscall call-from verification</a></li>
11020 <li><a href="https://www.22decembre.eu/en/2019/12/09/peertube-14-openbsd/" rel="nofollow">Peertube on OpenBSD</a></li>
11021 <li><a href="https://www.youtube.com/watch?v=bbNCqFdQEyk&feature=youtu.be" rel="nofollow">Fuzzing Filesystems on NetBSD via AFL+KCOV by Maciej Grochowski</a></li>
11022 <li><a href="https://twitter.com/prop65bot/status/1199003319307558912" rel="nofollow">Twitter Bot for Prop65</a></li>
11023 <li><a href="https://www.openvim.com/" rel="nofollow">Interactive vim tutorial</a></li>
11024 <li><a href="http://studybsd.com/" rel="nofollow">First BSD user group meeting in Hamilton, February 11, 2020 18:30 - 21:00, Boston Pizza on Upper James St</a>
11025 ***</li>
11026 </ul>
11027
11028 <h2>Feedback/Questions</h2>
11029
11030 <ul>
11031 <li>Samir - <a href="http://dpaste.com/2B22M24#wrap" rel="nofollow">cgit</a></li>
11032 <li>Russell - <a href="http://dpaste.com/0J5TYY0#wrap" rel="nofollow">R</a></li>
11033 <li>Wolfgang - <a href="http://dpaste.com/3MQAH27#wrap" rel="nofollow">Question</a></li>
11034 </ul>
11035
11036 <hr>
11037
11038 <ul>
11039 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
11040 </ul>
11041
11042 <hr>
11043
11044 <video controls preload="metadata" style=" width:426px; height:240px;">
11045 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0332.mp4" type="video/mp4">
11046 Your browser does not support the HTML5 video tag.
11047 </video>]]>
11048 </itunes:summary>
11049 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+Y2hjUWel</fireside:playerURL>
11050 <fireside:playerEmbedCode>
11051 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+Y2hjUWel" width="740" height="200" frameborder="0" scrolling="no">]]>
11052 </fireside:playerEmbedCode>
11053 </item>
11054 <item>
11055 <title>331: Why Computers Suck</title>
11056 <link>https://www.bsdnow.tv/331</link>
11057 <guid isPermaLink="false">aa8d58dd-a2a5-4c8a-9244-755d523fe855</guid>
11058 <pubDate>Thu, 02 Jan 2020 05:00:00 -0800</pubDate>
11059 <author>Allan Jude</author>
11060 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/aa8d58dd-a2a5-4c8a-9244-755d523fe855.mp3" length="50254703" type="audio/mp3"/>
11061 <itunes:episodeType>full</itunes:episodeType>
11062 <itunes:author>Allan Jude</itunes:author>
11063 <itunes:subtitle>How learning OpenBSD makes computers suck a little less, How Unix works, FreeBSD 12.1 Runs Well on Ryzen Threadripper 3970X, BSDCan CFP, HardenedBSD Infrastructure Goals, and more.</itunes:subtitle>
11064 <itunes:duration>1:09:47</itunes:duration>
11065 <itunes:explicit>no</itunes:explicit>
11066 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
11067 <description>How learning OpenBSD makes computers suck a little less, How Unix works, FreeBSD 12.1 Runs Well on Ryzen Threadripper 3970X, BSDCan CFP, HardenedBSD Infrastructure Goals, and more.
11068 Headlines
11069 Why computers suck and how learning from OpenBSD can make them marginally less horrible (https://telegra.ph/Why-OpenBSD-is-marginally-less-horrible-12-05)
11070 How much better could things actually be if we abandoned the enterprise development model?
11071 Next I will compare this enterprise development approach with non-enterprise development - projects such as OpenBSD, which do not hesitate to introduce ABI breaking changes to improve the codebase.
11072 One of the most commonly referred to pillars of the project's philosophy has long been its emphasis on clean functional code. Any code which makes it into OpenBSD is subject to ongoing aggressive audits for deprecated, or otherwise unmaintained code in order to reduce cruft and attack surface. Additionally the project creator, Theo de Raadt, and his team of core developers engage in ongoing development for proactive mitigations for various attack classes many of which are directly adopted by various multi-platform userland applications as well as the operating systems themselves (Windows, Linux, and the other BSDs). Frequently it is the case that introducing new features (not just deprecating old ones) introduces new incompatibilities against previously functional binaries compiled for OpenBSD.
11073 To prevent the sort of kernel memory bloat that has plagued so many other operating systems for years, the project enforces a hard ceiling on the number of lines of code that can ever be in ring 0 at a given time. Current estimates guess the number of bugs per line of code in the Linux kernel are around 1 bug per every 10,000 lines of code. Think of this in the context of the scope creep seen in the Linux kernel (which if I recall correctly is currently at around 100,000,000 lines of code), as well as the Windows NT kernel (500,000,000 lines of code) and you quickly begin to understand how adding more and more functionality into the most privileged components of the operating system without first removing old components begins to add up in terms of the drastic difference seen between these systems in the number of zero day exploits caught in the wild respectively.
11074 How Unix Works: Become a Better Software Engineer (https://neilkakkar.com/unix.html)
11075 Unix is beautiful. Allow me to paint some happy little trees for you. I’m not going to explain a bunch of commands – that’s boring, and there’s a million tutorials on the web doing that already. I’m going to leave you with the ability to reason about the system.
11076 Every fancy thing you want done is one google search away.
11077 But understanding why the solution does what you want is not the same.
11078 That’s what gives you real power, the power to not be afraid.
11079 And since it rhymes, it must be true.
11080 News Roundup
11081 FreeBSD 12.1 Runs Refreshingly Well With AMD Ryzen Threadripper 3970X (https://www.phoronix.com/scan.php?page=article&item=freebsd-amd-3970x&num=1)
11082 For those of you interested in AMD's new Ryzen Threadripper 3960X/3970X processors with TRX40 motherboards for running FreeBSD, the experience in our initial testing has been surprisingly pleasant. In fact, it works out-of-the-box which one could argue is better than the current Linux support that needs the MCE workaround for booting. Here are some benchmarks of FreeBSD 12.1 on the Threadripper 3970X compared to Linux and Windows for this new HEDT platform.
11083 It was refreshing to see FreeBSD 12.1 booting and running just fine with the Ryzen Threadripper 3970X 32-core/64-thread processor from the ASUS ROG ZENITH II EXTREME motherboard and all core functionality working including the PCIe 4.0 NVMe SSD storage, onboard networking, etc. The system was running with 4 x 16GB DDR4-3600 memory, 1TB Corsair Force MP600 NVMe SSD, and Radeon RX 580 graphics. It was refreshing to see FreeBSD 12.1 running well with this high-end AMD Threadripper system considering Linux even needed a boot workaround.
11084 While the FreeBSD 12.1 experience was trouble-free with the ASUS TRX40 motherboard (ROG Zenith II Extreme) and AMD Ryzen Threadripper 3970X, DragonFlyBSD unfortunately was not. Both DragonFlyBSD 5.6.2 stable and the DragonFlyBSD daily development snapshot from last week were yielding a panic on boot. So with that, DragonFlyBSD wasn't tested for this Threadripper 3970X comparison but just FreeBSD 12.1.
11085 FreeBSD 12.1 on the Threadripper 3970X was benchmarked both with its default LLVM Clang 8.0.1 compiler and again with GCC 9.2 from ports for ruling out compiler differences. The FreeBSD 12.1 performance was compared to last week's Windows 10 vs. Linux benchmarks with the same system.
11086 BSDCan 2020 CFP (https://lists.bsdcan.org/pipermail/bsdcan-announce/2019-December/000180.html)
11087 BSDCan 2020 will be held 5-6 (Fri-Sat) June, 2020 in Ottawa, at the University of Ottawa. It will be preceded by two days of tutorials on 3-4 June (Wed-Thu).
11088 NOTE the change of month in 2020 back to June Also: do not miss out on the Goat BOF on Tuesday 2 June.
11089 We are now accepting proposals for talks. The talks should be designed with a very strong technical content bias. Proposals of a business development or marketing nature are not appropriate for this venue.
11090 See http://www.bsdcan.org/2020/
11091 If you are doing something interesting with a BSD operating system, please submit a proposal. Whether you are developing a very complex system using BSD as the foundation, or helping others and have a story to tell about how BSD played a role, we want to hear about your experience. People using BSD as a platform for research are also encouraged to submit a proposal. Possible topics include:
11092 How we manage a giant installation with respect to handling spam.
11093 and/or sysadmin.
11094 and/or networking.
11095 Cool new stuff in BSD
11096 Tell us about your project which runs on BSD
11097 other topics (see next paragraph)
11098 From the BSDCan website, the Archives section will allow you to review the wide variety of past BSDCan presentations as further examples.
11099 Both users and developers are encouraged to share their experiences.
11100 HardenedBSD Infrastructure Goals (https://github.com/lattera/articles/blob/master/hardenedbsd/2019-12-01_infrastructure/article.md)
11101 2019 has been an extremely productive year with regards to HardenedBSD's infrastructure. Several opportunities aligned themselves in such a way as to open a door for a near-complete rebuild with a vast expansion.
11102 The last few months especially have seen a major expansion of our infrastructure. We obtained a number of to-be-retired Dell R410 servers. The crash of our nightly build server provided the opportunity to deploy these R410 servers, doubling our build capacity.
11103 My available time to spend on HardenedBSD has decreased compared to this time last year. As part of rebuilding our infrastructure, I wanted to enable the community to be able to contribute. I'm structuring the work such that help is just a pull request away. Those in the HardenedBSD community who want to contribute to the infrastructure work can simply open a pull request. I'll review the code, and deploy it after a successful review. Users/contributors don't need access to our servers in order to improve them.
11104 My primary goal for the rest of 2019 and into 2020 is to become fully self-hosted, with the sole exception of email. I want to transition the source-of-truth git repos to our own infrastructure. We will still provide a read-only mirror on GitHub.
11105 As I develop this infrastructure, I'm doing so with human rights in mind. HardenedBSD is in a very unique position. In 2020, I plan to provide production Tor Onion Services for the various bits of our infrastructure. HardenedBSD will provide access to its various internal services to its developers and contributors. The entire development lifecycle, going from dev to prod, will be able to happen over Tor.
11106 Transparency will be key moving forward. Logs for the auto-sync script are now published directly to GitHub. Build logs will be, soon, too. Logs of all automated processes, and the code for those processes, will be tracked publicly via git. This will be especially crucial for development over Tor.
11107 Integrating Tor into our infrastructure so deeply increases risk and maintenance burden. However, I believe that through added transparency, we will be able to mitigate risk. Periodic audits will need to be performed and published.
11108 I hope to migrate HardenedBSD's site away from Drupal to a static site generator. We don't really need the dynamic capabilities Drupal gives us. The many security issues Drupal and PHP both bring also leave much to be desired.
11109 So, that's about it. I spent the last few months of 2019 laying the foundation for a successful 2020. I'm excited to see how the project grows.
11110 Beastie Bits
11111 FuryBSD - KDE plasma flavor now available (https://www.furybsd.org/kde-plasma-flavor-now-available/)
11112 DragonFly - git: virtio - Fix LUN scan issue w/ Google Cloud (http://lists.dragonflybsd.org/pipermail/commits/2019-November/719945.html)
11113 LPI is looking for BSD Specialist learning material writers (https://wiki.lpi.org/wiki/BSD_Specialist_Objectives_V1.0)
11114 ZFS sync/async + ZIL/SLOG, explained (https://jrs-s.net/2019/05/02/zfs-sync-async-zil-slog/)
11115 BSD-Licensed Combinatorics library/utility (https://lists.freebsd.org/pipermail/freebsd-announce/2019-December/001921.html)
11116 SSL client vs server certificates and bacula-fd (https://dan.langille.org/2019/11/29/ssl-client-vs-server-certificates-and-bacula-fd/)
11117 MaxxDesktop planning to come to FreeBSD (https://www.facebook.com/maxxdesktop/posts/2761326693888282) Project Page (https://www.facebook.com/maxxdesktop/)
11118 Feedback/Questions
11119 Tom - ZFS Mirror with different speeds (http://dpaste.com/3ZGYNS3#wrap)
11120 Jeff - Knowledge is power (http://dpaste.com/1H9QDCR#wrap)
11121 Johnny - Episode 324 response to Jacob (http://dpaste.com/1A7Q9EV)
11122 Pat - NYC*BUG meeting Jan Meeting Location (http://dpaste.com/0QPZ2GC)
11123 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
11124 <video controls preload="metadata" style=" width:426px; height:240px;">
11125 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0331.mp4" type="video/mp4">
11126 Your browser does not support the HTML5 video tag.
11127 </video>
11128 </description>
11129 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, learning, computers, unix, ryzen, Threadripper, 3970X, bsdcan, infrastructure</itunes:keywords>
11130 <content:encoded>
11131 <![CDATA[<p>How learning OpenBSD makes computers suck a little less, How Unix works, FreeBSD 12.1 Runs Well on Ryzen Threadripper 3970X, BSDCan CFP, HardenedBSD Infrastructure Goals, and more.</p>
11132
11133 <h2>Headlines</h2>
11134
11135 <h3><a href="https://telegra.ph/Why-OpenBSD-is-marginally-less-horrible-12-05" rel="nofollow">Why computers suck and how learning from OpenBSD can make them marginally less horrible</a></h3>
11136
11137 <blockquote>
11138 <p>How much better could things actually be if we abandoned the enterprise development model? </p>
11139
11140 <p>Next I will compare this enterprise development approach with non-enterprise development - projects such as OpenBSD, which do not hesitate to introduce ABI breaking changes to improve the codebase.</p>
11141
11142 <p>One of the most commonly referred to pillars of the project's philosophy has long been its emphasis on clean functional code. Any code which makes it into OpenBSD is subject to ongoing aggressive audits for deprecated, or otherwise unmaintained code in order to reduce cruft and attack surface. Additionally the project creator, Theo de Raadt, and his team of core developers engage in ongoing development for proactive mitigations for various attack classes many of which are directly adopted by various multi-platform userland applications as well as the operating systems themselves (Windows, Linux, and the other BSDs). Frequently it is the case that introducing new features (not just deprecating old ones) introduces new incompatibilities against previously functional binaries compiled for OpenBSD. </p>
11143
11144 <p>To prevent the sort of kernel memory bloat that has plagued so many other operating systems for years, the project enforces a hard ceiling on the number of lines of code that can ever be in ring 0 at a given time. Current estimates guess the number of bugs per line of code in the Linux kernel are around 1 bug per every 10,000 lines of code. Think of this in the context of the scope creep seen in the Linux kernel (which if I recall correctly is currently at around 100,000,000 lines of code), as well as the Windows NT kernel (500,000,000 lines of code) and you quickly begin to understand how adding more and more functionality into the most privileged components of the operating system without first removing old components begins to add up in terms of the drastic difference seen between these systems in the number of zero day exploits caught in the wild respectively.</p>
11145 </blockquote>
11146
11147 <hr>
11148
11149 <h3><a href="https://neilkakkar.com/unix.html" rel="nofollow">How Unix Works: Become a Better Software Engineer</a></h3>
11150
11151 <blockquote>
11152 <p>Unix is beautiful. Allow me to paint some happy little trees for you. I’m not going to explain a bunch of commands – that’s boring, and there’s a million tutorials on the web doing that already. I’m going to leave you with the ability to reason about the system.</p>
11153
11154 <p>Every fancy thing you want done is one google search away.</p>
11155
11156 <p>But understanding why the solution does what you want is not the same.</p>
11157
11158 <p>That’s what gives you real power, the power to not be afraid.</p>
11159
11160 <p>And since it rhymes, it must be true.</p>
11161 </blockquote>
11162
11163 <hr>
11164
11165 <h2>News Roundup</h2>
11166
11167 <h3><a href="https://www.phoronix.com/scan.php?page=article&item=freebsd-amd-3970x&num=1" rel="nofollow">FreeBSD 12.1 Runs Refreshingly Well With AMD Ryzen Threadripper 3970X</a></h3>
11168
11169 <blockquote>
11170 <p>For those of you interested in AMD's new Ryzen Threadripper 3960X/3970X processors with TRX40 motherboards for running FreeBSD, the experience in our initial testing has been surprisingly pleasant. In fact, it works out-of-the-box which one could argue is better than the current Linux support that needs the MCE workaround for booting. Here are some benchmarks of FreeBSD 12.1 on the Threadripper 3970X compared to Linux and Windows for this new HEDT platform.</p>
11171
11172 <p>It was refreshing to see FreeBSD 12.1 booting and running just fine with the Ryzen Threadripper 3970X 32-core/64-thread processor from the ASUS ROG ZENITH II EXTREME motherboard and all core functionality working including the PCIe 4.0 NVMe SSD storage, onboard networking, etc. The system was running with 4 x 16GB DDR4-3600 memory, 1TB Corsair Force MP600 NVMe SSD, and Radeon RX 580 graphics. It was refreshing to see FreeBSD 12.1 running well with this high-end AMD Threadripper system considering Linux even needed a boot workaround.</p>
11173
11174 <p>While the FreeBSD 12.1 experience was trouble-free with the ASUS TRX40 motherboard (ROG Zenith II Extreme) and AMD Ryzen Threadripper 3970X, DragonFlyBSD unfortunately was not. Both DragonFlyBSD 5.6.2 stable and the DragonFlyBSD daily development snapshot from last week were yielding a panic on boot. So with that, DragonFlyBSD wasn't tested for this Threadripper 3970X comparison but just FreeBSD 12.1.</p>
11175
11176 <p>FreeBSD 12.1 on the Threadripper 3970X was benchmarked both with its default LLVM Clang 8.0.1 compiler and again with GCC 9.2 from ports for ruling out compiler differences. The FreeBSD 12.1 performance was compared to last week's Windows 10 vs. Linux benchmarks with the same system.</p>
11177 </blockquote>
11178
11179 <hr>
11180
11181 <h3><a href="https://lists.bsdcan.org/pipermail/bsdcan-announce/2019-December/000180.html" rel="nofollow">BSDCan 2020 CFP</a></h3>
11182
11183 <blockquote>
11184 <p>BSDCan 2020 will be held 5-6 (Fri-Sat) June, 2020 in Ottawa, at the University of Ottawa. It will be preceded by two days of tutorials on 3-4 June (Wed-Thu).</p>
11185
11186 <p>NOTE the change of month in 2020 back to June Also: do not miss out on the Goat BOF on Tuesday 2 June.</p>
11187
11188 <p>We are now accepting proposals for talks. The talks should be designed with a very strong technical content bias. Proposals of a business development or marketing nature are not appropriate for this venue.</p>
11189 </blockquote>
11190
11191 <ul>
11192 <li>See <a href="http://www.bsdcan.org/2020/" rel="nofollow">http://www.bsdcan.org/2020/</a></li>
11193 </ul>
11194
11195 <blockquote>
11196 <p>If you are doing something interesting with a BSD operating system, please submit a proposal. Whether you are developing a very complex system using BSD as the foundation, or helping others and have a story to tell about how BSD played a role, we want to hear about your experience. People using BSD as a platform for research are also encouraged to submit a proposal. Possible topics include:</p>
11197 </blockquote>
11198
11199 <ul>
11200 <li>How we manage a giant installation with respect to handling spam.</li>
11201 <li>and/or sysadmin.</li>
11202 <li>and/or networking.</li>
11203 <li>Cool new stuff in BSD</li>
11204 <li>Tell us about your project which runs on BSD</li>
11205 <li>other topics (see next paragraph)</li>
11206 </ul>
11207
11208 <blockquote>
11209 <p>From the BSDCan website, the Archives section will allow you to review the wide variety of past BSDCan presentations as further examples.</p>
11210
11211 <p>Both users and developers are encouraged to share their experiences.</p>
11212 </blockquote>
11213
11214 <hr>
11215
11216 <h3><a href="https://github.com/lattera/articles/blob/master/hardenedbsd/2019-12-01_infrastructure/article.md" rel="nofollow">HardenedBSD Infrastructure Goals</a></h3>
11217
11218 <blockquote>
11219 <p>2019 has been an extremely productive year with regards to HardenedBSD's infrastructure. Several opportunities aligned themselves in such a way as to open a door for a near-complete rebuild with a vast expansion.</p>
11220
11221 <p>The last few months especially have seen a major expansion of our infrastructure. We obtained a number of to-be-retired Dell R410 servers. The crash of our nightly build server provided the opportunity to deploy these R410 servers, doubling our build capacity.</p>
11222
11223 <p>My available time to spend on HardenedBSD has decreased compared to this time last year. As part of rebuilding our infrastructure, I wanted to enable the community to be able to contribute. I'm structuring the work such that help is just a pull request away. Those in the HardenedBSD community who want to contribute to the infrastructure work can simply open a pull request. I'll review the code, and deploy it after a successful review. Users/contributors don't need access to our servers in order to improve them.</p>
11224
11225 <p>My primary goal for the rest of 2019 and into 2020 is to become fully self-hosted, with the sole exception of email. I want to transition the source-of-truth git repos to our own infrastructure. We will still provide a read-only mirror on GitHub.</p>
11226
11227 <p>As I develop this infrastructure, I'm doing so with human rights in mind. HardenedBSD is in a very unique position. In 2020, I plan to provide production Tor Onion Services for the various bits of our infrastructure. HardenedBSD will provide access to its various internal services to its developers and contributors. The entire development lifecycle, going from dev to prod, will be able to happen over Tor.</p>
11228
11229 <p>Transparency will be key moving forward. Logs for the auto-sync script are now published directly to GitHub. Build logs will be, soon, too. Logs of all automated processes, and the code for those processes, will be tracked publicly via git. This will be especially crucial for development over Tor.</p>
11230
11231 <p>Integrating Tor into our infrastructure so deeply increases risk and maintenance burden. However, I believe that through added transparency, we will be able to mitigate risk. Periodic audits will need to be performed and published.</p>
11232
11233 <p>I hope to migrate HardenedBSD's site away from Drupal to a static site generator. We don't really need the dynamic capabilities Drupal gives us. The many security issues Drupal and PHP both bring also leave much to be desired.</p>
11234
11235 <p>So, that's about it. I spent the last few months of 2019 laying the foundation for a successful 2020. I'm excited to see how the project grows.</p>
11236 </blockquote>
11237
11238 <hr>
11239
11240 <h2>Beastie Bits</h2>
11241
11242 <ul>
11243 <li><a href="https://www.furybsd.org/kde-plasma-flavor-now-available/" rel="nofollow">FuryBSD - KDE plasma flavor now available</a></li>
11244 <li><a href="http://lists.dragonflybsd.org/pipermail/commits/2019-November/719945.html" rel="nofollow">DragonFly - git: virtio - Fix LUN scan issue w/ Google Cloud</a></li>
11245 <li><a href="https://wiki.lpi.org/wiki/BSD_Specialist_Objectives_V1.0" rel="nofollow">LPI is looking for BSD Specialist learning material writers</a></li>
11246 <li><a href="https://jrs-s.net/2019/05/02/zfs-sync-async-zil-slog/" rel="nofollow">ZFS sync/async + ZIL/SLOG, explained</a></li>
11247 <li><a href="https://lists.freebsd.org/pipermail/freebsd-announce/2019-December/001921.html" rel="nofollow">BSD-Licensed Combinatorics library/utility</a></li>
11248 <li><a href="https://dan.langille.org/2019/11/29/ssl-client-vs-server-certificates-and-bacula-fd/" rel="nofollow">SSL client vs server certificates and bacula-fd</a></li>
11249 <li><a href="https://www.facebook.com/maxxdesktop/posts/2761326693888282" rel="nofollow">MaxxDesktop planning to come to FreeBSD</a> <a href="https://www.facebook.com/maxxdesktop/" rel="nofollow">Project Page</a></li>
11250 </ul>
11251
11252 <hr>
11253
11254 <h2>Feedback/Questions</h2>
11255
11256 <ul>
11257 <li>Tom - <a href="http://dpaste.com/3ZGYNS3#wrap" rel="nofollow">ZFS Mirror with different speeds</a></li>
11258 <li>Jeff - <a href="http://dpaste.com/1H9QDCR#wrap" rel="nofollow">Knowledge is power</a></li>
11259 <li>Johnny - <a href="http://dpaste.com/1A7Q9EV" rel="nofollow">Episode 324 response to Jacob</a></li>
11260 <li>Pat - <a href="http://dpaste.com/0QPZ2GC" rel="nofollow">NYC*BUG meeting Jan Meeting Location</a></li>
11261 </ul>
11262
11263 <hr>
11264
11265 <ul>
11266 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
11267 </ul>
11268
11269 <hr>
11270
11271 <video controls preload="metadata" style=" width:426px; height:240px;">
11272 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0331.mp4" type="video/mp4">
11273 Your browser does not support the HTML5 video tag.
11274 </video>]]>
11275 </content:encoded>
11276 <itunes:summary>
11277 <![CDATA[<p>How learning OpenBSD makes computers suck a little less, How Unix works, FreeBSD 12.1 Runs Well on Ryzen Threadripper 3970X, BSDCan CFP, HardenedBSD Infrastructure Goals, and more.</p>
11278
11279 <h2>Headlines</h2>
11280
11281 <h3><a href="https://telegra.ph/Why-OpenBSD-is-marginally-less-horrible-12-05" rel="nofollow">Why computers suck and how learning from OpenBSD can make them marginally less horrible</a></h3>
11282
11283 <blockquote>
11284 <p>How much better could things actually be if we abandoned the enterprise development model? </p>
11285
11286 <p>Next I will compare this enterprise development approach with non-enterprise development - projects such as OpenBSD, which do not hesitate to introduce ABI breaking changes to improve the codebase.</p>
11287
11288 <p>One of the most commonly referred to pillars of the project's philosophy has long been its emphasis on clean functional code. Any code which makes it into OpenBSD is subject to ongoing aggressive audits for deprecated, or otherwise unmaintained code in order to reduce cruft and attack surface. Additionally the project creator, Theo de Raadt, and his team of core developers engage in ongoing development for proactive mitigations for various attack classes many of which are directly adopted by various multi-platform userland applications as well as the operating systems themselves (Windows, Linux, and the other BSDs). Frequently it is the case that introducing new features (not just deprecating old ones) introduces new incompatibilities against previously functional binaries compiled for OpenBSD. </p>
11289
11290 <p>To prevent the sort of kernel memory bloat that has plagued so many other operating systems for years, the project enforces a hard ceiling on the number of lines of code that can ever be in ring 0 at a given time. Current estimates guess the number of bugs per line of code in the Linux kernel are around 1 bug per every 10,000 lines of code. Think of this in the context of the scope creep seen in the Linux kernel (which if I recall correctly is currently at around 100,000,000 lines of code), as well as the Windows NT kernel (500,000,000 lines of code) and you quickly begin to understand how adding more and more functionality into the most privileged components of the operating system without first removing old components begins to add up in terms of the drastic difference seen between these systems in the number of zero day exploits caught in the wild respectively.</p>
11291 </blockquote>
11292
11293 <hr>
11294
11295 <h3><a href="https://neilkakkar.com/unix.html" rel="nofollow">How Unix Works: Become a Better Software Engineer</a></h3>
11296
11297 <blockquote>
11298 <p>Unix is beautiful. Allow me to paint some happy little trees for you. I’m not going to explain a bunch of commands – that’s boring, and there’s a million tutorials on the web doing that already. I’m going to leave you with the ability to reason about the system.</p>
11299
11300 <p>Every fancy thing you want done is one google search away.</p>
11301
11302 <p>But understanding why the solution does what you want is not the same.</p>
11303
11304 <p>That’s what gives you real power, the power to not be afraid.</p>
11305
11306 <p>And since it rhymes, it must be true.</p>
11307 </blockquote>
11308
11309 <hr>
11310
11311 <h2>News Roundup</h2>
11312
11313 <h3><a href="https://www.phoronix.com/scan.php?page=article&item=freebsd-amd-3970x&num=1" rel="nofollow">FreeBSD 12.1 Runs Refreshingly Well With AMD Ryzen Threadripper 3970X</a></h3>
11314
11315 <blockquote>
11316 <p>For those of you interested in AMD's new Ryzen Threadripper 3960X/3970X processors with TRX40 motherboards for running FreeBSD, the experience in our initial testing has been surprisingly pleasant. In fact, it works out-of-the-box which one could argue is better than the current Linux support that needs the MCE workaround for booting. Here are some benchmarks of FreeBSD 12.1 on the Threadripper 3970X compared to Linux and Windows for this new HEDT platform.</p>
11317
11318 <p>It was refreshing to see FreeBSD 12.1 booting and running just fine with the Ryzen Threadripper 3970X 32-core/64-thread processor from the ASUS ROG ZENITH II EXTREME motherboard and all core functionality working including the PCIe 4.0 NVMe SSD storage, onboard networking, etc. The system was running with 4 x 16GB DDR4-3600 memory, 1TB Corsair Force MP600 NVMe SSD, and Radeon RX 580 graphics. It was refreshing to see FreeBSD 12.1 running well with this high-end AMD Threadripper system considering Linux even needed a boot workaround.</p>
11319
11320 <p>While the FreeBSD 12.1 experience was trouble-free with the ASUS TRX40 motherboard (ROG Zenith II Extreme) and AMD Ryzen Threadripper 3970X, DragonFlyBSD unfortunately was not. Both DragonFlyBSD 5.6.2 stable and the DragonFlyBSD daily development snapshot from last week were yielding a panic on boot. So with that, DragonFlyBSD wasn't tested for this Threadripper 3970X comparison but just FreeBSD 12.1.</p>
11321
11322 <p>FreeBSD 12.1 on the Threadripper 3970X was benchmarked both with its default LLVM Clang 8.0.1 compiler and again with GCC 9.2 from ports for ruling out compiler differences. The FreeBSD 12.1 performance was compared to last week's Windows 10 vs. Linux benchmarks with the same system.</p>
11323 </blockquote>
11324
11325 <hr>
11326
11327 <h3><a href="https://lists.bsdcan.org/pipermail/bsdcan-announce/2019-December/000180.html" rel="nofollow">BSDCan 2020 CFP</a></h3>
11328
11329 <blockquote>
11330 <p>BSDCan 2020 will be held 5-6 (Fri-Sat) June, 2020 in Ottawa, at the University of Ottawa. It will be preceded by two days of tutorials on 3-4 June (Wed-Thu).</p>
11331
11332 <p>NOTE the change of month in 2020 back to June Also: do not miss out on the Goat BOF on Tuesday 2 June.</p>
11333
11334 <p>We are now accepting proposals for talks. The talks should be designed with a very strong technical content bias. Proposals of a business development or marketing nature are not appropriate for this venue.</p>
11335 </blockquote>
11336
11337 <ul>
11338 <li>See <a href="http://www.bsdcan.org/2020/" rel="nofollow">http://www.bsdcan.org/2020/</a></li>
11339 </ul>
11340
11341 <blockquote>
11342 <p>If you are doing something interesting with a BSD operating system, please submit a proposal. Whether you are developing a very complex system using BSD as the foundation, or helping others and have a story to tell about how BSD played a role, we want to hear about your experience. People using BSD as a platform for research are also encouraged to submit a proposal. Possible topics include:</p>
11343 </blockquote>
11344
11345 <ul>
11346 <li>How we manage a giant installation with respect to handling spam.</li>
11347 <li>and/or sysadmin.</li>
11348 <li>and/or networking.</li>
11349 <li>Cool new stuff in BSD</li>
11350 <li>Tell us about your project which runs on BSD</li>
11351 <li>other topics (see next paragraph)</li>
11352 </ul>
11353
11354 <blockquote>
11355 <p>From the BSDCan website, the Archives section will allow you to review the wide variety of past BSDCan presentations as further examples.</p>
11356
11357 <p>Both users and developers are encouraged to share their experiences.</p>
11358 </blockquote>
11359
11360 <hr>
11361
11362 <h3><a href="https://github.com/lattera/articles/blob/master/hardenedbsd/2019-12-01_infrastructure/article.md" rel="nofollow">HardenedBSD Infrastructure Goals</a></h3>
11363
11364 <blockquote>
11365 <p>2019 has been an extremely productive year with regards to HardenedBSD's infrastructure. Several opportunities aligned themselves in such a way as to open a door for a near-complete rebuild with a vast expansion.</p>
11366
11367 <p>The last few months especially have seen a major expansion of our infrastructure. We obtained a number of to-be-retired Dell R410 servers. The crash of our nightly build server provided the opportunity to deploy these R410 servers, doubling our build capacity.</p>
11368
11369 <p>My available time to spend on HardenedBSD has decreased compared to this time last year. As part of rebuilding our infrastructure, I wanted to enable the community to be able to contribute. I'm structuring the work such that help is just a pull request away. Those in the HardenedBSD community who want to contribute to the infrastructure work can simply open a pull request. I'll review the code, and deploy it after a successful review. Users/contributors don't need access to our servers in order to improve them.</p>
11370
11371 <p>My primary goal for the rest of 2019 and into 2020 is to become fully self-hosted, with the sole exception of email. I want to transition the source-of-truth git repos to our own infrastructure. We will still provide a read-only mirror on GitHub.</p>
11372
11373 <p>As I develop this infrastructure, I'm doing so with human rights in mind. HardenedBSD is in a very unique position. In 2020, I plan to provide production Tor Onion Services for the various bits of our infrastructure. HardenedBSD will provide access to its various internal services to its developers and contributors. The entire development lifecycle, going from dev to prod, will be able to happen over Tor.</p>
11374
11375 <p>Transparency will be key moving forward. Logs for the auto-sync script are now published directly to GitHub. Build logs will be, soon, too. Logs of all automated processes, and the code for those processes, will be tracked publicly via git. This will be especially crucial for development over Tor.</p>
11376
11377 <p>Integrating Tor into our infrastructure so deeply increases risk and maintenance burden. However, I believe that through added transparency, we will be able to mitigate risk. Periodic audits will need to be performed and published.</p>
11378
11379 <p>I hope to migrate HardenedBSD's site away from Drupal to a static site generator. We don't really need the dynamic capabilities Drupal gives us. The many security issues Drupal and PHP both bring also leave much to be desired.</p>
11380
11381 <p>So, that's about it. I spent the last few months of 2019 laying the foundation for a successful 2020. I'm excited to see how the project grows.</p>
11382 </blockquote>
11383
11384 <hr>
11385
11386 <h2>Beastie Bits</h2>
11387
11388 <ul>
11389 <li><a href="https://www.furybsd.org/kde-plasma-flavor-now-available/" rel="nofollow">FuryBSD - KDE plasma flavor now available</a></li>
11390 <li><a href="http://lists.dragonflybsd.org/pipermail/commits/2019-November/719945.html" rel="nofollow">DragonFly - git: virtio - Fix LUN scan issue w/ Google Cloud</a></li>
11391 <li><a href="https://wiki.lpi.org/wiki/BSD_Specialist_Objectives_V1.0" rel="nofollow">LPI is looking for BSD Specialist learning material writers</a></li>
11392 <li><a href="https://jrs-s.net/2019/05/02/zfs-sync-async-zil-slog/" rel="nofollow">ZFS sync/async + ZIL/SLOG, explained</a></li>
11393 <li><a href="https://lists.freebsd.org/pipermail/freebsd-announce/2019-December/001921.html" rel="nofollow">BSD-Licensed Combinatorics library/utility</a></li>
11394 <li><a href="https://dan.langille.org/2019/11/29/ssl-client-vs-server-certificates-and-bacula-fd/" rel="nofollow">SSL client vs server certificates and bacula-fd</a></li>
11395 <li><a href="https://www.facebook.com/maxxdesktop/posts/2761326693888282" rel="nofollow">MaxxDesktop planning to come to FreeBSD</a> <a href="https://www.facebook.com/maxxdesktop/" rel="nofollow">Project Page</a></li>
11396 </ul>
11397
11398 <hr>
11399
11400 <h2>Feedback/Questions</h2>
11401
11402 <ul>
11403 <li>Tom - <a href="http://dpaste.com/3ZGYNS3#wrap" rel="nofollow">ZFS Mirror with different speeds</a></li>
11404 <li>Jeff - <a href="http://dpaste.com/1H9QDCR#wrap" rel="nofollow">Knowledge is power</a></li>
11405 <li>Johnny - <a href="http://dpaste.com/1A7Q9EV" rel="nofollow">Episode 324 response to Jacob</a></li>
11406 <li>Pat - <a href="http://dpaste.com/0QPZ2GC" rel="nofollow">NYC*BUG meeting Jan Meeting Location</a></li>
11407 </ul>
11408
11409 <hr>
11410
11411 <ul>
11412 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
11413 </ul>
11414
11415 <hr>
11416
11417 <video controls preload="metadata" style=" width:426px; height:240px;">
11418 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0331.mp4" type="video/mp4">
11419 Your browser does not support the HTML5 video tag.
11420 </video>]]>
11421 </itunes:summary>
11422 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+K5EpHWI3</fireside:playerURL>
11423 <fireside:playerEmbedCode>
11424 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+K5EpHWI3" width="740" height="200" frameborder="0" scrolling="no">]]>
11425 </fireside:playerEmbedCode>
11426 </item>
11427 <item>
11428 <title>330: Happy Holidays, All(an)</title>
11429 <link>https://www.bsdnow.tv/330</link>
11430 <guid isPermaLink="false">af84425c-c562-4d3b-b28c-cce7a148a3ad</guid>
11431 <pubDate>Thu, 26 Dec 2019 05:00:00 -0800</pubDate>
11432 <author>Allan Jude</author>
11433 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/af84425c-c562-4d3b-b28c-cce7a148a3ad.mp3" length="54074955" type="audio/mp3"/>
11434 <itunes:episodeType>full</itunes:episodeType>
11435 <itunes:author>Allan Jude</itunes:author>
11436 <itunes:subtitle>Authentication Vulnerabilities in OpenBSD, NetBSD 9.0 RC1 is available, Running FreeNAS on a DigitalOcean droplet, NomadBSD 1.3 is here, at e2k19 nobody can hear you scream, and more.</itunes:subtitle>
11437 <itunes:duration>1:15:06</itunes:duration>
11438 <itunes:explicit>no</itunes:explicit>
11439 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
11440 <description>Authentication Vulnerabilities in OpenBSD, NetBSD 9.0 RC1 is available, Running FreeNAS on a DigitalOcean droplet, NomadBSD 1.3 is here, at e2k19 nobody can hear you scream, and more.
11441 Headlines
11442 Authentication vulnerabilities in OpenBSD (https://www.openwall.com/lists/oss-security/2019/12/04/5)
11443 We discovered an authentication-bypass vulnerability in OpenBSD's authentication system: this vulnerability is remotely exploitable in smtpd, ldapd, and radiusd, but its real-world impact should be studied on a case-by-case basis. For example, sshd is not exploitable thanks to its defense-in-depth mechanisms.
11444 From the manual page of login.conf:
11445 OpenBSD uses BSD Authentication, which is made up of a variety of authentication styles. The authentication styles currently provided are:
11446 passwd Request a password and check it against the password in the master.passwd file. See loginpasswd(8).
11447 skey Send a challenge and request a response, checking it with S/Key (tm) authentication. See loginskey(8).
11448 yubikey Authenticate using a Yubico YubiKey token. See loginyubikey(8).
11449 For any given style, the program /usr/libexec/auth/loginstyle is used to
11450 perform the authentication. The synopsis of this program is:
11451 /usr/libexec/auth/login_style [-v name=value] [-s service] username class
11452 This is the first piece of the puzzle: if an attacker specifies a username of the form "-option", they can influence the behavior of the authentication program in unexpected ways.
11453 login_passwd [-s service] [-v wheel=yes|no] [-v lastchance=yes|no] user [class] The service argument specifies which protocol to use with the invoking program. The allowed protocols are login, challenge, and response. (The challenge protocol is silently ignored but will report success as passwd-style authentication is not challenge-response based).
11454 This is the second piece of the puzzle: if an attacker specifies the username "-schallenge" (or "-schallenge:passwd" to force a passwd-style authentication), then the authentication is automatically successful and therefore bypassed.
11455 Case study: smtpd
11456 Case study: ldapd
11457 Case study: radiusd
11458 Case study: sshd
11459 Acknowledgments: We thank Theo de Raadt and the OpenBSD developers for their incredibly quick response: they published patches for these vulnerabilities less than 40 hours after our initial contact. We also thank MITRE's CVE Assignment Team.
11460 First release candidate for NetBSD 9.0 available! (https://blog.netbsd.org/tnf/entry/first_release_candidate_for_netbsd)
11461 Since the start of the release process four months ago a lot of improvements went into the branch - more than 500 pullups were processed!
11462 This includes usbnet (a common framework for usb ethernet drivers), aarch64 stability enhancements and lots of new hardware support, installer/sysinst fixes and changes to the NVMM (hardware virtualization) interface.
11463 We hope this will lead to the best NetBSD release ever (only to be topped by NetBSD 10 next year).
11464 Here are a few highlights of the new release:
11465 Support for Arm AArch64 (64-bit Armv8-A) machines, including "Arm ServerReady"
11466 compliant machines (SBBR+SBSA)
11467 Enhanced hardware support for Armv7-A
11468 Updated GPU drivers (e.g. support for Intel Kabylake)
11469 Enhanced virtualization support
11470 Support for hardware-accelerated virtualization (NVMM)
11471 Support for Performance Monitoring Counters
11472 Support for Kernel ASLR
11473 Support several kernel sanitizers (KLEAK, KASAN, KUBSAN)
11474 Support for userland sanitizers
11475 Audit of the network stack
11476 Many improvements in NPF
11477 Updated ZFS
11478 Reworked error handling and NCQ support in the SATA subsystem
11479 Support a common framework for USB Ethernet drivers (usbnet)
11480 More information on the RC can be found on the NetBSD 9 release page (https://www.netbsd.org/releases/formal-9/NetBSD-9.0.html)
11481 News Roundup
11482 Running FreeNAS on a Digitalocean droplet (https://www.shlomimarco.com/post/running-freenas-on-a-digitalocean-droplet)
11483 ZFS is awesome. FreeBSD even more so. FreeNAS is the battle-tested, enterprise-ready-yet-home-user-friendly software defined storage solution which is cooler then deep space, based on FreeBSD and makes heavy use of ZFS. This is what I (and soooooo many others) use for just about any storage-related task. I can go on and on and on about what makes it great, but if you're here, reading this, you probably know all that already and we can skip ahead.
11484 I've needed an offsite FreeNAS setup to replicate things to, to run some things, to do some stuff, basically, my privately-owned, tightly-controlled NAS appliance in the cloud, one I control from top to bottom and with support for whatever crazy thing I'm trying to do. Since I'm using DigitalOcean as my main VPS provider, it seemed logical to run FreeNAS there, however, you can't. While DO supports many many distos and pre-setup applications (e.g OpenVPN), FreeNAS isn't a supported feature, at least not in the traditional way :)
11485 Before we begin, here's the gist of what we're going to do:
11486 Base of a FreeBSD droplet, we'll re-image our boot block device with FreeNAS iso. We'll then install FreeNAS on the second block device. Once done we're going to do the ol' switcheroo: we're going to re-image our original boot block device using the now FreeNAS-installed second block device.
11487 Part 1: re-image our boot block device to boot FreeNAS install media.
11488 Part 2: Install FreeNAS on the second block-device
11489 Part 3: Re-image the boot block device using the FreeNAS-installed block device
11490 NomadBSD 1.3 is now available (https://nomadbsd.org/)
11491 From the release notes:
11492 The base system has been changed to FreeBSD 12.1-RELEASE-p1
11493 Due to a deadlock problem, FreeBSD's unionfs has been replaced by unionfs-fuse
11494 The GPT layout has been changed to MBR. This prevents problems with Lenovo
11495 systems that refuse to boot from GPT if "lenovofix" is not set, and systems that
11496 hang on boot if "lenovofix" is set.
11497 Support for ZFS installations has been added to the NomadBSD installer.
11498 The rc-script for setting up the network interfaces has been fixed and improved.
11499 Support for setting the country code for the wlan device has been added.
11500 Auto configuration for running in VirtualBox has been added.
11501 A check for the default display has been added to the graphics configuration scripts. This fixes problems where users with Optimus have their NVIDIA card disabled, and use the integrated graphics chip instead.
11502 NVIDIA driver version 440 has been added.
11503 nomadbsd-dmconfig, a Qt tool for selecting the display manager theme, setting the
11504 default user and autologin has been added.
11505 nomadbsd-adduser, a Qt tool for added preconfigured user accounts to the system has been added.
11506 Martin Orszulik added Czech translations to the setup and installation wizard.
11507 The NomadBSD logo, designed by Ian Grindley, has been changed.
11508 Support for localized error messages has been added.
11509 Support for localizing the password prompts has been added.
11510 Some templates for starting other DEs have been added to ~/.xinitrc.
11511 The interfaces of nomadbsd-setup-gui and nomadbsd-install-gui have been improved.
11512 A script that helps users to configure a multihead systems has been added.
11513 The Xorg driver for newer Intel GPUs has been changed from "intel" to "modesetting".
11514 /proc has been added to /etc/fstab
11515 A D-Bus session issue has been fixed which prevented thunar from accessing samba shares.
11516 DSBBg which allows users to change and manage wallpapers has been added.
11517 The latest version of update_obmenu now supports auto-updating the Openbox menu. Manually updating the Openbox menu after packet (de)installation is therefore no longer needed.
11518 Support for multiple keyboard layouts has been added.
11519 www/palemoon has been removed.
11520 mail/thunderbird has been removed.
11521 audio/audacity has been added.
11522 deskutils/orage has been added.
11523 the password manager fpm2 has been replaced by KeePassXC
11524 mail/sylpheed has been replaced by mail/claws-mail
11525 multimedia/simplescreenrecorder has been added.
11526 DSBMC has been changed to DSBMC-Qt
11527 Many small improvements and bug fixes.
11528 At e2k19 nobody can hear you scream (https://undeadly.org/cgi?action=article;sid=20191204170908)
11529 After 2 years it was once again time to pack skis and snowshoes, put a satellite dish onto a sledge and hike through the snowy rockies to the Elk Lakes hut.
11530 I did not really have much of a plan what I wanted to work on but there were a few things I wanted to look into. One of them was rpki-client and the fact that it was so incredibly slow. Since Bob beck@ was around I started to ask him innocent X509 questions ... as if there are innocent X509 questions! Mainly about the abuse of the X509STORE in rpki-client. Pretty soon it was clear that rpki-client did it all wrong and most of the X509 verification had to be rewritten. Instead of only storing the root certificates in the store and passing the intermediate certs as a chain to the verification function rpki-client threw everything into it. The X509STORE is just not built for such an abuse and so it was no wonder that this was slow.
11531 Lucky me I pulled benno@ with me into this dark hole of libcrypto code. He managed to build up an initial diff to pass the chains as a STACKOF(X509) and together we managed to get it working. A big thanks goes to ingo@ who documented most of the functions we had to use. Have a look at STACKOF(3) and skpopfree(3) to understand why benno@ and I slowly turned crazy.
11532 Our next challenge was to only load the necessary certificate revocation list into the X509STORECTX. While doing those changes it became obvious that some of the data structures needed better lookup functions. Looking up certificates was done using a linear lookup and so we replaced the internal certificate and CRL tables with RB trees for fast lookups. deraadt@ also joined the rpki-client commit fest and changed the output code to use rename(2) so that files are replaced in an atomic operation. Thanks to this rpki-client can now be safely run from cron (there is an example in the default crontab).
11533 I did not plan to spend most of my week hacking on rpki-client but in the end I'm happy that I did and the result is fairly impressive. Working with libcrypto code and especially X509 was less than pleasant. Our screams of agony died away in the snowy rocky mountains and made Bob deep dive into UVM with a smile since he knew that benno@ and I had it worse.
11534 In case you wonder thanks to all changes at e2k19 rpki-client improved from over 20min run time to validate all VRPS to roughly 1min to do the same job. A factor 20 improvement!
11535 Thanks to Theo, Bob and Howie to make this possible. To all the cooks for the great food and to Xplornet for providing us with Internet at the hut.
11536 Beastie Bits
11537 FOSDEM 2020 BSD Devroom schedule (https://fosdem.org/2020/schedule/track/bsd/)
11538 Easy Minecraft Server on FreeBSD Howto (https://www.freebsdfoundation.org/freebsd/how-to-guides/easy-minecraft-server-on-freebsd/)
11539 stats(3) framework in the TCP stack (https://svnweb.freebsd.org/base?view=revision&revision=355304)
11540 4017 days of uptime (https://twitter.com/EdwinKremer/status/1203071684535889921)
11541 sysget - A front-end for every package manager (https://github.com/emilengler/sysget)
11542 PlayOnBSD’s Cross-BSD Shopping Guide (https://www.playonbsd.com/shopping_guide/)
11543 Feedback/Questions
11544 Pat asks about the proper disk drive type for ZFS (http://dpaste.com/2FDN26X#wrap)
11545 Brad asks about a ZFS rosetta stone (http://dpaste.com/2X8PBMC#wrap)
11546 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
11547 <video controls preload="metadata" style=" width:426px; height:240px;">
11548 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0330.mp4" type="video/mp4">
11549 Your browser does not support the HTML5 video tag.
11550 </video> Special Guest: Mariusz Zaborski.
11551 </description>
11552 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, Authentication, vulnerabilities, release candidate, digitalocean, droplet, freenas, nomadbsd, e2k19, hackathon</itunes:keywords>
11553 <content:encoded>
11554 <![CDATA[<p>Authentication Vulnerabilities in OpenBSD, NetBSD 9.0 RC1 is available, Running FreeNAS on a DigitalOcean droplet, NomadBSD 1.3 is here, at e2k19 nobody can hear you scream, and more.</p>
11555
11556 <h2>Headlines</h2>
11557
11558 <h3><a href="https://www.openwall.com/lists/oss-security/2019/12/04/5" rel="nofollow">Authentication vulnerabilities in OpenBSD</a></h3>
11559
11560 <ul>
11561 <li>We discovered an authentication-bypass vulnerability in OpenBSD's authentication system: this vulnerability is remotely exploitable in smtpd, ldapd, and radiusd, but its real-world impact should be studied on a case-by-case basis. For example, sshd is not exploitable thanks to its defense-in-depth mechanisms.</li>
11562 <li>From the manual page of login.conf:</li>
11563 </ul>
11564
11565 <blockquote>
11566 <p>OpenBSD uses BSD Authentication, which is made up of a variety of authentication styles. The authentication styles currently provided are:<br>
11567 passwd Request a password and check it against the password in the master.passwd file. See login_passwd(8).<br>
11568 skey Send a challenge and request a response, checking it with S/Key (tm) authentication. See login_skey(8).<br>
11569 yubikey Authenticate using a Yubico YubiKey token. See login_yubikey(8).<br>
11570 For any given style, the program /usr/libexec/auth/login_style is used to<br>
11571 perform the authentication. The synopsis of this program is:<br>
11572 /usr/libexec/auth/login_style [-v name=value] [-s service] username class</p>
11573 </blockquote>
11574
11575 <ul>
11576 <li>This is the first piece of the puzzle: if an attacker specifies a username of the form "-option", they can influence the behavior of the authentication program in unexpected ways.</li>
11577 </ul>
11578
11579 <blockquote>
11580 <pre><code> login_passwd [-s service] [-v wheel=yes|no] [-v lastchance=yes|no] user [class] The service argument specifies which protocol to use with the invoking program. The allowed protocols are login, challenge, and response. (The challenge protocol is silently ignored but will report success as passwd-style authentication is not challenge-response based).
11581 </code></pre>
11582 </blockquote>
11583
11584 <ul>
11585 <li>This is the second piece of the puzzle: if an attacker specifies the username "-schallenge" (or "-schallenge:passwd" to force a passwd-style authentication), then the authentication is automatically successful and therefore bypassed.</li>
11586 <li>Case study: smtpd</li>
11587 <li>Case study: ldapd</li>
11588 <li>Case study: radiusd</li>
11589 <li>Case study: sshd</li>
11590 <li>Acknowledgments: We thank Theo de Raadt and the OpenBSD developers for their incredibly quick response: they published patches for these vulnerabilities less than 40 hours after our initial contact. We also thank MITRE's CVE Assignment Team.</li>
11591 </ul>
11592
11593 <hr>
11594
11595 <h3><a href="https://blog.netbsd.org/tnf/entry/first_release_candidate_for_netbsd" rel="nofollow">First release candidate for NetBSD 9.0 available!</a></h3>
11596
11597 <ul>
11598 <li>Since the start of the release process four months ago a lot of improvements went into the branch - more than 500 pullups were processed!</li>
11599 <li>This includes usbnet (a common framework for usb ethernet drivers), aarch64 stability enhancements and lots of new hardware support, installer/sysinst fixes and changes to the NVMM (hardware virtualization) interface.</li>
11600 <li>We hope this will lead to the best NetBSD release ever (only to be topped by NetBSD 10 next year).</li>
11601 <li><p>Here are a few highlights of the new release:</p>
11602
11603 <blockquote>
11604 <p>Support for Arm AArch64 (64-bit Armv8-A) machines, including "Arm ServerReady"<br>
11605 compliant machines (SBBR+SBSA)<br>
11606 Enhanced hardware support for Armv7-A<br>
11607 Updated GPU drivers (e.g. support for Intel Kabylake)<br>
11608 Enhanced virtualization support<br>
11609 Support for hardware-accelerated virtualization (NVMM)<br>
11610 Support for Performance Monitoring Counters<br>
11611 Support for Kernel ASLR<br>
11612 Support several kernel sanitizers (KLEAK, KASAN, KUBSAN)<br>
11613 Support for userland sanitizers<br>
11614 Audit of the network stack<br>
11615 Many improvements in NPF<br>
11616 Updated ZFS<br>
11617 Reworked error handling and NCQ support in the SATA subsystem<br>
11618 Support a common framework for USB Ethernet drivers (usbnet)</p>
11619 </blockquote></li>
11620 <li><p>More information on the RC can be found on the <a href="https://www.netbsd.org/releases/formal-9/NetBSD-9.0.html" rel="nofollow">NetBSD 9 release page</a></p></li>
11621 </ul>
11622
11623 <hr>
11624
11625 <h2>News Roundup</h2>
11626
11627 <h3><a href="https://www.shlomimarco.com/post/running-freenas-on-a-digitalocean-droplet" rel="nofollow">Running FreeNAS on a Digitalocean droplet</a></h3>
11628
11629 <ul>
11630 <li>ZFS is awesome. FreeBSD even more so. FreeNAS is the battle-tested, enterprise-ready-yet-home-user-friendly software defined storage solution which is cooler then deep space, based on FreeBSD and makes heavy use of ZFS. This is what I (and soooooo many others) use for just about any storage-related task. I can go on and on and on about what makes it great, but if you're here, reading this, you probably know all that already and we can skip ahead.</li>
11631 <li>I've needed an offsite FreeNAS setup to replicate things to, to run some things, to do some stuff, basically, my privately-owned, tightly-controlled NAS appliance in the cloud, one I control from top to bottom and with support for whatever crazy thing I'm trying to do. Since I'm using DigitalOcean as my main VPS provider, it seemed logical to run FreeNAS there, however, you can't. While DO supports many many distos and pre-setup applications (e.g OpenVPN), FreeNAS isn't a supported feature, at least not in the traditional way :)</li>
11632 <li>Before we begin, here's the gist of what we're going to do:</li>
11633 </ul>
11634
11635 <blockquote>
11636 <p>Base of a FreeBSD droplet, we'll re-image our boot block device with FreeNAS iso. We'll then install FreeNAS on the second block device. Once done we're going to do the ol' switcheroo: we're going to re-image our original boot block device using the now FreeNAS-installed second block device. </p>
11637 </blockquote>
11638
11639 <ul>
11640 <li>Part 1: re-image our boot block device to boot FreeNAS install media.</li>
11641 <li>Part 2: Install FreeNAS on the second block-device</li>
11642 <li>Part 3: Re-image the boot block device using the FreeNAS-installed block device</li>
11643 </ul>
11644
11645 <hr>
11646
11647 <h3><a href="https://nomadbsd.org/" rel="nofollow">NomadBSD 1.3 is now available</a></h3>
11648
11649 <ul>
11650 <li>From the release notes:</li>
11651 </ul>
11652
11653 <blockquote>
11654 <p>The base system has been changed to FreeBSD 12.1-RELEASE-p1<br>
11655 Due to a deadlock problem, FreeBSD's unionfs has been replaced by unionfs-fuse<br>
11656 The GPT layout has been changed to MBR. This prevents problems with Lenovo<br>
11657 systems that refuse to boot from GPT if "lenovofix" is not set, and systems that<br>
11658 hang on boot if "lenovofix" is set.<br>
11659 Support for ZFS installations has been added to the NomadBSD installer.<br>
11660 The rc-script for setting up the network interfaces has been fixed and improved.<br>
11661 Support for setting the country code for the wlan device has been added.<br>
11662 Auto configuration for running in VirtualBox has been added.<br>
11663 A check for the default display has been added to the graphics configuration scripts. This fixes problems where users with Optimus have their NVIDIA card disabled, and use the integrated graphics chip instead.<br>
11664 NVIDIA driver version 440 has been added.<br>
11665 nomadbsd-dmconfig, a Qt tool for selecting the display manager theme, setting the<br>
11666 default user and autologin has been added.<br>
11667 nomadbsd-adduser, a Qt tool for added preconfigured user accounts to the system has been added.<br>
11668 Martin Orszulik added Czech translations to the setup and installation wizard.<br>
11669 The NomadBSD logo, designed by Ian Grindley, has been changed.<br>
11670 Support for localized error messages has been added.<br>
11671 Support for localizing the password prompts has been added.<br>
11672 Some templates for starting other DEs have been added to ~/.xinitrc.<br>
11673 The interfaces of nomadbsd-setup-gui and nomadbsd-install-gui have been improved.<br>
11674 A script that helps users to configure a multihead systems has been added.<br>
11675 The Xorg driver for newer Intel GPUs has been changed from "intel" to "modesetting".<br>
11676 /proc has been added to /etc/fstab<br>
11677 A D-Bus session issue has been fixed which prevented thunar from accessing samba shares.<br>
11678 DSBBg which allows users to change and manage wallpapers has been added.<br>
11679 The latest version of update_obmenu now supports auto-updating the Openbox menu. Manually updating the Openbox menu after packet (de)installation is therefore no longer needed.</p>
11680
11681 <p>Support for multiple keyboard layouts has been added.<br>
11682 www/palemoon has been removed.<br>
11683 mail/thunderbird has been removed.<br>
11684 audio/audacity has been added.<br>
11685 deskutils/orage has been added.<br>
11686 the password manager fpm2 has been replaced by KeePassXC<br>
11687 mail/sylpheed has been replaced by mail/claws-mail<br>
11688 multimedia/simplescreenrecorder has been added.<br>
11689 DSBMC has been changed to DSBMC-Qt<br>
11690 Many small improvements and bug fixes.</p>
11691 </blockquote>
11692
11693 <hr>
11694
11695 <h3><a href="https://undeadly.org/cgi?action=article;sid=20191204170908" rel="nofollow">At e2k19 nobody can hear you scream</a></h3>
11696
11697 <ul>
11698 <li>After 2 years it was once again time to pack skis and snowshoes, put a satellite dish onto a sledge and hike through the snowy rockies to the Elk Lakes hut.</li>
11699 <li>I did not really have much of a plan what I wanted to work on but there were a few things I wanted to look into. One of them was rpki-client and the fact that it was so incredibly slow. Since Bob beck@ was around I started to ask him innocent X509 questions ... as if there are innocent X509 questions! Mainly about the abuse of the X509_STORE in rpki-client. Pretty soon it was clear that rpki-client did it all wrong and most of the X509 verification had to be rewritten. Instead of only storing the root certificates in the store and passing the intermediate certs as a chain to the verification function rpki-client threw everything into it. The X509_STORE is just not built for such an abuse and so it was no wonder that this was slow.</li>
11700 <li>Lucky me I pulled benno@ with me into this dark hole of libcrypto code. He managed to build up an initial diff to pass the chains as a STACK_OF(X509) and together we managed to get it working. A big thanks goes to ingo@ who documented most of the functions we had to use. Have a look at STACK_OF(3) and sk_pop_free(3) to understand why benno@ and I slowly turned crazy.</li>
11701 <li>Our next challenge was to only load the necessary certificate revocation list into the X509_STORE_CTX. While doing those changes it became obvious that some of the data structures needed better lookup functions. Looking up certificates was done using a linear lookup and so we replaced the internal certificate and CRL tables with RB trees for fast lookups. deraadt@ also joined the rpki-client commit fest and changed the output code to use rename(2) so that files are replaced in an atomic operation. Thanks to this rpki-client can now be safely run from cron (there is an example in the default crontab).</li>
11702 <li>I did not plan to spend most of my week hacking on rpki-client but in the end I'm happy that I did and the result is fairly impressive. Working with libcrypto code and especially X509 was less than pleasant. Our screams of agony died away in the snowy rocky mountains and made Bob deep dive into UVM with a smile since he knew that benno@ and I had it worse.</li>
11703 <li>In case you wonder thanks to all changes at e2k19 rpki-client improved from over 20min run time to validate all VRPS to roughly 1min to do the same job. A factor 20 improvement!</li>
11704 <li>Thanks to Theo, Bob and Howie to make this possible. To all the cooks for the great food and to Xplornet for providing us with Internet at the hut.</li>
11705 </ul>
11706
11707 <hr>
11708
11709 <h2>Beastie Bits</h2>
11710
11711 <ul>
11712 <li><a href="https://fosdem.org/2020/schedule/track/bsd/" rel="nofollow">FOSDEM 2020 BSD Devroom schedule</a></li>
11713 <li><a href="https://www.freebsdfoundation.org/freebsd/how-to-guides/easy-minecraft-server-on-freebsd/" rel="nofollow">Easy Minecraft Server on FreeBSD Howto</a></li>
11714 <li><a href="https://svnweb.freebsd.org/base?view=revision&revision=355304" rel="nofollow">stats(3) framework in the TCP stack</a></li>
11715 <li><a href="https://twitter.com/EdwinKremer/status/1203071684535889921" rel="nofollow">4017 days of uptime</a></li>
11716 <li><a href="https://github.com/emilengler/sysget" rel="nofollow">sysget - A front-end for every package manager</a></li>
11717 <li><a href="https://www.playonbsd.com/shopping_guide/" rel="nofollow">PlayOnBSD’s Cross-BSD Shopping Guide</a></li>
11718 </ul>
11719
11720 <hr>
11721
11722 <h2>Feedback/Questions</h2>
11723
11724 <ul>
11725 <li><a href="http://dpaste.com/2FDN26X#wrap" rel="nofollow">Pat asks about the proper disk drive type for ZFS</a></li>
11726 <li><a href="http://dpaste.com/2X8PBMC#wrap" rel="nofollow">Brad asks about a ZFS rosetta stone</a></li>
11727 </ul>
11728
11729 <hr>
11730
11731 <ul>
11732 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
11733 </ul>
11734
11735 <hr>
11736
11737 <video controls preload="metadata" style=" width:426px; height:240px;">
11738 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0330.mp4" type="video/mp4">
11739 Your browser does not support the HTML5 video tag.
11740 </video><p>Special Guest: Mariusz Zaborski.</p>]]>
11741 </content:encoded>
11742 <itunes:summary>
11743 <![CDATA[<p>Authentication Vulnerabilities in OpenBSD, NetBSD 9.0 RC1 is available, Running FreeNAS on a DigitalOcean droplet, NomadBSD 1.3 is here, at e2k19 nobody can hear you scream, and more.</p>
11744
11745 <h2>Headlines</h2>
11746
11747 <h3><a href="https://www.openwall.com/lists/oss-security/2019/12/04/5" rel="nofollow">Authentication vulnerabilities in OpenBSD</a></h3>
11748
11749 <ul>
11750 <li>We discovered an authentication-bypass vulnerability in OpenBSD's authentication system: this vulnerability is remotely exploitable in smtpd, ldapd, and radiusd, but its real-world impact should be studied on a case-by-case basis. For example, sshd is not exploitable thanks to its defense-in-depth mechanisms.</li>
11751 <li>From the manual page of login.conf:</li>
11752 </ul>
11753
11754 <blockquote>
11755 <p>OpenBSD uses BSD Authentication, which is made up of a variety of authentication styles. The authentication styles currently provided are:<br>
11756 passwd Request a password and check it against the password in the master.passwd file. See login_passwd(8).<br>
11757 skey Send a challenge and request a response, checking it with S/Key (tm) authentication. See login_skey(8).<br>
11758 yubikey Authenticate using a Yubico YubiKey token. See login_yubikey(8).<br>
11759 For any given style, the program /usr/libexec/auth/login_style is used to<br>
11760 perform the authentication. The synopsis of this program is:<br>
11761 /usr/libexec/auth/login_style [-v name=value] [-s service] username class</p>
11762 </blockquote>
11763
11764 <ul>
11765 <li>This is the first piece of the puzzle: if an attacker specifies a username of the form "-option", they can influence the behavior of the authentication program in unexpected ways.</li>
11766 </ul>
11767
11768 <blockquote>
11769 <pre><code> login_passwd [-s service] [-v wheel=yes|no] [-v lastchance=yes|no] user [class] The service argument specifies which protocol to use with the invoking program. The allowed protocols are login, challenge, and response. (The challenge protocol is silently ignored but will report success as passwd-style authentication is not challenge-response based).
11770 </code></pre>
11771 </blockquote>
11772
11773 <ul>
11774 <li>This is the second piece of the puzzle: if an attacker specifies the username "-schallenge" (or "-schallenge:passwd" to force a passwd-style authentication), then the authentication is automatically successful and therefore bypassed.</li>
11775 <li>Case study: smtpd</li>
11776 <li>Case study: ldapd</li>
11777 <li>Case study: radiusd</li>
11778 <li>Case study: sshd</li>
11779 <li>Acknowledgments: We thank Theo de Raadt and the OpenBSD developers for their incredibly quick response: they published patches for these vulnerabilities less than 40 hours after our initial contact. We also thank MITRE's CVE Assignment Team.</li>
11780 </ul>
11781
11782 <hr>
11783
11784 <h3><a href="https://blog.netbsd.org/tnf/entry/first_release_candidate_for_netbsd" rel="nofollow">First release candidate for NetBSD 9.0 available!</a></h3>
11785
11786 <ul>
11787 <li>Since the start of the release process four months ago a lot of improvements went into the branch - more than 500 pullups were processed!</li>
11788 <li>This includes usbnet (a common framework for usb ethernet drivers), aarch64 stability enhancements and lots of new hardware support, installer/sysinst fixes and changes to the NVMM (hardware virtualization) interface.</li>
11789 <li>We hope this will lead to the best NetBSD release ever (only to be topped by NetBSD 10 next year).</li>
11790 <li><p>Here are a few highlights of the new release:</p>
11791
11792 <blockquote>
11793 <p>Support for Arm AArch64 (64-bit Armv8-A) machines, including "Arm ServerReady"<br>
11794 compliant machines (SBBR+SBSA)<br>
11795 Enhanced hardware support for Armv7-A<br>
11796 Updated GPU drivers (e.g. support for Intel Kabylake)<br>
11797 Enhanced virtualization support<br>
11798 Support for hardware-accelerated virtualization (NVMM)<br>
11799 Support for Performance Monitoring Counters<br>
11800 Support for Kernel ASLR<br>
11801 Support several kernel sanitizers (KLEAK, KASAN, KUBSAN)<br>
11802 Support for userland sanitizers<br>
11803 Audit of the network stack<br>
11804 Many improvements in NPF<br>
11805 Updated ZFS<br>
11806 Reworked error handling and NCQ support in the SATA subsystem<br>
11807 Support a common framework for USB Ethernet drivers (usbnet)</p>
11808 </blockquote></li>
11809 <li><p>More information on the RC can be found on the <a href="https://www.netbsd.org/releases/formal-9/NetBSD-9.0.html" rel="nofollow">NetBSD 9 release page</a></p></li>
11810 </ul>
11811
11812 <hr>
11813
11814 <h2>News Roundup</h2>
11815
11816 <h3><a href="https://www.shlomimarco.com/post/running-freenas-on-a-digitalocean-droplet" rel="nofollow">Running FreeNAS on a Digitalocean droplet</a></h3>
11817
11818 <ul>
11819 <li>ZFS is awesome. FreeBSD even more so. FreeNAS is the battle-tested, enterprise-ready-yet-home-user-friendly software defined storage solution which is cooler then deep space, based on FreeBSD and makes heavy use of ZFS. This is what I (and soooooo many others) use for just about any storage-related task. I can go on and on and on about what makes it great, but if you're here, reading this, you probably know all that already and we can skip ahead.</li>
11820 <li>I've needed an offsite FreeNAS setup to replicate things to, to run some things, to do some stuff, basically, my privately-owned, tightly-controlled NAS appliance in the cloud, one I control from top to bottom and with support for whatever crazy thing I'm trying to do. Since I'm using DigitalOcean as my main VPS provider, it seemed logical to run FreeNAS there, however, you can't. While DO supports many many distos and pre-setup applications (e.g OpenVPN), FreeNAS isn't a supported feature, at least not in the traditional way :)</li>
11821 <li>Before we begin, here's the gist of what we're going to do:</li>
11822 </ul>
11823
11824 <blockquote>
11825 <p>Base of a FreeBSD droplet, we'll re-image our boot block device with FreeNAS iso. We'll then install FreeNAS on the second block device. Once done we're going to do the ol' switcheroo: we're going to re-image our original boot block device using the now FreeNAS-installed second block device. </p>
11826 </blockquote>
11827
11828 <ul>
11829 <li>Part 1: re-image our boot block device to boot FreeNAS install media.</li>
11830 <li>Part 2: Install FreeNAS on the second block-device</li>
11831 <li>Part 3: Re-image the boot block device using the FreeNAS-installed block device</li>
11832 </ul>
11833
11834 <hr>
11835
11836 <h3><a href="https://nomadbsd.org/" rel="nofollow">NomadBSD 1.3 is now available</a></h3>
11837
11838 <ul>
11839 <li>From the release notes:</li>
11840 </ul>
11841
11842 <blockquote>
11843 <p>The base system has been changed to FreeBSD 12.1-RELEASE-p1<br>
11844 Due to a deadlock problem, FreeBSD's unionfs has been replaced by unionfs-fuse<br>
11845 The GPT layout has been changed to MBR. This prevents problems with Lenovo<br>
11846 systems that refuse to boot from GPT if "lenovofix" is not set, and systems that<br>
11847 hang on boot if "lenovofix" is set.<br>
11848 Support for ZFS installations has been added to the NomadBSD installer.<br>
11849 The rc-script for setting up the network interfaces has been fixed and improved.<br>
11850 Support for setting the country code for the wlan device has been added.<br>
11851 Auto configuration for running in VirtualBox has been added.<br>
11852 A check for the default display has been added to the graphics configuration scripts. This fixes problems where users with Optimus have their NVIDIA card disabled, and use the integrated graphics chip instead.<br>
11853 NVIDIA driver version 440 has been added.<br>
11854 nomadbsd-dmconfig, a Qt tool for selecting the display manager theme, setting the<br>
11855 default user and autologin has been added.<br>
11856 nomadbsd-adduser, a Qt tool for added preconfigured user accounts to the system has been added.<br>
11857 Martin Orszulik added Czech translations to the setup and installation wizard.<br>
11858 The NomadBSD logo, designed by Ian Grindley, has been changed.<br>
11859 Support for localized error messages has been added.<br>
11860 Support for localizing the password prompts has been added.<br>
11861 Some templates for starting other DEs have been added to ~/.xinitrc.<br>
11862 The interfaces of nomadbsd-setup-gui and nomadbsd-install-gui have been improved.<br>
11863 A script that helps users to configure a multihead systems has been added.<br>
11864 The Xorg driver for newer Intel GPUs has been changed from "intel" to "modesetting".<br>
11865 /proc has been added to /etc/fstab<br>
11866 A D-Bus session issue has been fixed which prevented thunar from accessing samba shares.<br>
11867 DSBBg which allows users to change and manage wallpapers has been added.<br>
11868 The latest version of update_obmenu now supports auto-updating the Openbox menu. Manually updating the Openbox menu after packet (de)installation is therefore no longer needed.</p>
11869
11870 <p>Support for multiple keyboard layouts has been added.<br>
11871 www/palemoon has been removed.<br>
11872 mail/thunderbird has been removed.<br>
11873 audio/audacity has been added.<br>
11874 deskutils/orage has been added.<br>
11875 the password manager fpm2 has been replaced by KeePassXC<br>
11876 mail/sylpheed has been replaced by mail/claws-mail<br>
11877 multimedia/simplescreenrecorder has been added.<br>
11878 DSBMC has been changed to DSBMC-Qt<br>
11879 Many small improvements and bug fixes.</p>
11880 </blockquote>
11881
11882 <hr>
11883
11884 <h3><a href="https://undeadly.org/cgi?action=article;sid=20191204170908" rel="nofollow">At e2k19 nobody can hear you scream</a></h3>
11885
11886 <ul>
11887 <li>After 2 years it was once again time to pack skis and snowshoes, put a satellite dish onto a sledge and hike through the snowy rockies to the Elk Lakes hut.</li>
11888 <li>I did not really have much of a plan what I wanted to work on but there were a few things I wanted to look into. One of them was rpki-client and the fact that it was so incredibly slow. Since Bob beck@ was around I started to ask him innocent X509 questions ... as if there are innocent X509 questions! Mainly about the abuse of the X509_STORE in rpki-client. Pretty soon it was clear that rpki-client did it all wrong and most of the X509 verification had to be rewritten. Instead of only storing the root certificates in the store and passing the intermediate certs as a chain to the verification function rpki-client threw everything into it. The X509_STORE is just not built for such an abuse and so it was no wonder that this was slow.</li>
11889 <li>Lucky me I pulled benno@ with me into this dark hole of libcrypto code. He managed to build up an initial diff to pass the chains as a STACK_OF(X509) and together we managed to get it working. A big thanks goes to ingo@ who documented most of the functions we had to use. Have a look at STACK_OF(3) and sk_pop_free(3) to understand why benno@ and I slowly turned crazy.</li>
11890 <li>Our next challenge was to only load the necessary certificate revocation list into the X509_STORE_CTX. While doing those changes it became obvious that some of the data structures needed better lookup functions. Looking up certificates was done using a linear lookup and so we replaced the internal certificate and CRL tables with RB trees for fast lookups. deraadt@ also joined the rpki-client commit fest and changed the output code to use rename(2) so that files are replaced in an atomic operation. Thanks to this rpki-client can now be safely run from cron (there is an example in the default crontab).</li>
11891 <li>I did not plan to spend most of my week hacking on rpki-client but in the end I'm happy that I did and the result is fairly impressive. Working with libcrypto code and especially X509 was less than pleasant. Our screams of agony died away in the snowy rocky mountains and made Bob deep dive into UVM with a smile since he knew that benno@ and I had it worse.</li>
11892 <li>In case you wonder thanks to all changes at e2k19 rpki-client improved from over 20min run time to validate all VRPS to roughly 1min to do the same job. A factor 20 improvement!</li>
11893 <li>Thanks to Theo, Bob and Howie to make this possible. To all the cooks for the great food and to Xplornet for providing us with Internet at the hut.</li>
11894 </ul>
11895
11896 <hr>
11897
11898 <h2>Beastie Bits</h2>
11899
11900 <ul>
11901 <li><a href="https://fosdem.org/2020/schedule/track/bsd/" rel="nofollow">FOSDEM 2020 BSD Devroom schedule</a></li>
11902 <li><a href="https://www.freebsdfoundation.org/freebsd/how-to-guides/easy-minecraft-server-on-freebsd/" rel="nofollow">Easy Minecraft Server on FreeBSD Howto</a></li>
11903 <li><a href="https://svnweb.freebsd.org/base?view=revision&revision=355304" rel="nofollow">stats(3) framework in the TCP stack</a></li>
11904 <li><a href="https://twitter.com/EdwinKremer/status/1203071684535889921" rel="nofollow">4017 days of uptime</a></li>
11905 <li><a href="https://github.com/emilengler/sysget" rel="nofollow">sysget - A front-end for every package manager</a></li>
11906 <li><a href="https://www.playonbsd.com/shopping_guide/" rel="nofollow">PlayOnBSD’s Cross-BSD Shopping Guide</a></li>
11907 </ul>
11908
11909 <hr>
11910
11911 <h2>Feedback/Questions</h2>
11912
11913 <ul>
11914 <li><a href="http://dpaste.com/2FDN26X#wrap" rel="nofollow">Pat asks about the proper disk drive type for ZFS</a></li>
11915 <li><a href="http://dpaste.com/2X8PBMC#wrap" rel="nofollow">Brad asks about a ZFS rosetta stone</a></li>
11916 </ul>
11917
11918 <hr>
11919
11920 <ul>
11921 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
11922 </ul>
11923
11924 <hr>
11925
11926 <video controls preload="metadata" style=" width:426px; height:240px;">
11927 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0330.mp4" type="video/mp4">
11928 Your browser does not support the HTML5 video tag.
11929 </video><p>Special Guest: Mariusz Zaborski.</p>]]>
11930 </itunes:summary>
11931 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+xj7V9OKR</fireside:playerURL>
11932 <fireside:playerEmbedCode>
11933 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+xj7V9OKR" width="740" height="200" frameborder="0" scrolling="no">]]>
11934 </fireside:playerEmbedCode>
11935 </item>
11936 <item>
11937 <title>329: Lucas’ Arts</title>
11938 <link>https://www.bsdnow.tv/329</link>
11939 <guid isPermaLink="false">ca9f1431-2af7-48ad-98d6-e68c253ec75b</guid>
11940 <pubDate>Thu, 19 Dec 2019 05:00:00 -0800</pubDate>
11941 <author>Allan Jude</author>
11942 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ca9f1431-2af7-48ad-98d6-e68c253ec75b.mp3" length="36780535" type="audio/mp3"/>
11943 <itunes:episodeType>full</itunes:episodeType>
11944 <itunes:author>Allan Jude</itunes:author>
11945 <itunes:subtitle>In this episode, we interview Michael W. Lucas about his latest book projects, including the upcoming SNMP Mastery book.</itunes:subtitle>
11946 <itunes:duration>51:05</itunes:duration>
11947 <itunes:explicit>no</itunes:explicit>
11948 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
11949 <description>In this episode, we interview Michael W. Lucas about his latest book projects, including the upcoming SNMP Mastery book.
11950 Interview - Michael Lucas
11951 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
11952 <video controls preload="metadata" style=" width:426px; height:240px;">
11953 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0329.mp4">
11954 Your browser does not support the HTML5 video tag.
11955 </video> Special Guest: Michael W Lucas.
11956 </description>
11957 <itunes:keywords> freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, Michael W. Lucas, Lucas, books, writing, self-publishing, publishing, Sudo, sudo mastery, snmp, snmp mastery, bsdcan, fiction, non-fiction</itunes:keywords>
11958 <content:encoded>
11959 <![CDATA[<p>In this episode, we interview Michael W. Lucas about his latest book projects, including the upcoming SNMP Mastery book.</p>
11960
11961 <h3>Interview - Michael Lucas</h3>
11962
11963 <hr>
11964
11965 <ul>
11966 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
11967 </ul>
11968
11969 <hr>
11970
11971 <video controls preload="metadata" style=" width:426px; height:240px;">
11972 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0329.mp4">
11973 Your browser does not support the HTML5 video tag.
11974 </video><p>Special Guest: Michael W Lucas.</p>]]>
11975 </content:encoded>
11976 <itunes:summary>
11977 <![CDATA[<p>In this episode, we interview Michael W. Lucas about his latest book projects, including the upcoming SNMP Mastery book.</p>
11978
11979 <h3>Interview - Michael Lucas</h3>
11980
11981 <hr>
11982
11983 <ul>
11984 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
11985 </ul>
11986
11987 <hr>
11988
11989 <video controls preload="metadata" style=" width:426px; height:240px;">
11990 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0329.mp4">
11991 Your browser does not support the HTML5 video tag.
11992 </video><p>Special Guest: Michael W Lucas.</p>]]>
11993 </itunes:summary>
11994 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+q0gDX0Ds</fireside:playerURL>
11995 <fireside:playerEmbedCode>
11996 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+q0gDX0Ds" width="740" height="200" frameborder="0" scrolling="no">]]>
11997 </fireside:playerEmbedCode>
11998 </item>
11999 <item>
12000 <title>328: EPYC Netflix Stack</title>
12001 <link>https://www.bsdnow.tv/328</link>
12002 <guid isPermaLink="false">be8ded86-58b0-46af-ba11-af5a748bc3d8</guid>
12003 <pubDate>Thu, 12 Dec 2019 04:00:00 -0800</pubDate>
12004 <author>Allan Jude</author>
12005 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/be8ded86-58b0-46af-ba11-af5a748bc3d8.mp3" length="41556868" type="audio/mp3"/>
12006 <itunes:episodeType>full</itunes:episodeType>
12007 <itunes:author>Allan Jude</itunes:author>
12008 <itunes:subtitle>LLDB Threading support now ready, Multiple IPSec VPN tunnels with FreeBSD, Netflix Optimized FreeBSD's Network Stack More Than Doubled AMD EPYC Performance, happy eyeballs with unwind(8), AWS got FreeBSD ARM 12, OpenSSH U2F/FIDO support, and more.</itunes:subtitle>
12009 <itunes:duration>57:43</itunes:duration>
12010 <itunes:explicit>no</itunes:explicit>
12011 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
12012 <description>LLDB Threading support now ready, Multiple IPSec VPN tunnels with FreeBSD, Netflix Optimized FreeBSD's Network Stack More Than Doubled AMD EPYC Performance, happy eyeballs with unwind(8), AWS got FreeBSD ARM 12, OpenSSH U2F/FIDO support, and more.
12013 Headlines
12014 LLDB Threading support now ready for mainline (https://blog.netbsd.org/tnf/entry/lldb_threading_support_now_ready)
12015 Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.
12016 In February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD's ptrace interface to cover more register types and fix compat32 issues and fixing watchpoint support. Then, I've started working on improving thread support which is taking longer than expected. You can read more about that in my September 2019 report.
12017 So far the number of issues uncovered while enabling proper threading support has stopped me from merging the work-in-progress patches. However, I've finally reached the point where I believe that the current work can be merged and the remaining problems can be resolved afterwards. More on that and other LLVM-related events happening during the last month in this report.
12018 Multiple IPSec VPN tunnels with FreeBSD (https://blog.socruel.nu/text-only/how-to-multiple-ipsec-vpn-tunnels-on-freebsd.txt)
12019 The FreeBSD handbook describes an IPSec VPN tunnel between 2 FreeBSD hosts (see https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html)
12020 But it is also possible to have multiple, 2 or more, IPSec VPN tunnels created and running on a FreeBSD host. How to implement and configure this is described below.
12021 The requirements is to have 3 locations (A, B and C) connected with IPSec VPN tunnels using FreeBSD (11.3-RELEASE).
12022 Each location has 1 IPSec VPN host running FreeBSD (VPN host A, B and C).
12023 VPN host A has 2 IPSec VPN tunnels: 1 to location B (VPN host B) and 1 to location C (VPN host C).
12024 News Roundup
12025 Netflix Optimized FreeBSD's Network Stack More Than Doubled AMD EPYC Performance (https://www.phoronix.com/scan.php?page=news_item&px=Netflix-NUMA-FreeBSD-Optimized)
12026 Drew Gallatin of Netflix presented at the recent EuroBSDcon 2019 conference in Norway on the company's network stack optimizations to FreeBSD. Netflix was working on being able to deliver 200Gb/s network performance for video streaming out of Intel Xeon and AMD EPYC servers, to which they are now at 190Gb/s+ and in the process that doubled the potential of EPYC Naples/Rome servers and also very hefty upgrades too for Intel.
12027 Netflix has long been known to be using FreeBSD in their data centers particularly where network performance is concerned. But in wanting to deliver 200Gb/s throughput from individual servers led them to making NUMA optimizations to the FreeBSD network stack. Allocating NUMA local memory for kernel TLS crypto buffers and for backing files sent via sentfile were among their optimizations. Changes to network connection handling and dealing with incoming connections to Nginx were also made.
12028 For those just wanting the end result, Netflix's NUMA optimizations to FreeBSD resulted in their Intel Xeon servers going from 105Gb/s to 191Gb/s while the NUMA fabric utilization dropped from 40% to 13%.
12029 unwind(8); "happy eyeballs" (https://marc.info/?l=openbsd-tech&m=157475113130337&w=2)
12030 In case you are wondering why happy eyeballs: It's a variation on this:
12031 https://en.wikipedia.org/wiki/Happy_Eyeballs
12032 unwind has a concept of a best nameserver type. It considers a configured DoT nameserver to be better than doing it's own recursive resolving. Recursive resolving is considered to be better than asking the dhcp provided nameservers.
12033 This diff sorts the nameserver types by quality, as above (validation, resolving, dead...), and as a tie breaker it adds the median of the round trip time of previous queries into the mix.
12034 One other interesting thing about this is that it gets us past captive portals without a check URL, that's why this diff is so huge, it rips out all the captive portal stuff (please apply with patch -E):
12035 17 files changed, 385 insertions(+), 1683 deletions(-)
12036 Please test this. I'm particularly interested in reports from people who move between networks and need to get past captive portals.
12037 Amazon now has FreeBSD ARM 12 (https://aws.amazon.com/marketplace/pp/B081NF7BY7)
12038 Product Overview
12039 FreeBSD is an operating system used to power servers, desktops, and embedded systems. Derived from BSD, the version of UNIX developed at the University of California, Berkeley, FreeBSD has been continually developed by a large community for more than 30 years.
12040 FreeBSD's networking, security, storage, and monitoring features, including the pf firewall, the Capsicum and CloudABI capability frameworks, the ZFS filesystem, and the DTrace dynamic tracing framework, make FreeBSD the platform of choice for many of the busiest web sites and most pervasive embedded networking and storage systems.
12041 OpenSSH U2F/FIDO support in base (https://www.undeadly.org/cgi?action=article;sid=20191115064850)
12042 I just committed all the dependencies for OpenSSH security key (U2F) support to base and tweaked OpenSSH to use them directly. This means there will be no additional configuration hoops to jump through to use U2F/FIDO2 security keys.
12043 Hardware backed keys can be generated using "ssh-keygen -t ecdsa-sk" (or "ed25519-sk" if your token supports it). Many tokens require to be touched/tapped to confirm this step.
12044 You'll get a public/private keypair back as usual, except in this case, the private key file does not contain a highly-sensitive private key but instead holds a "key handle" that is used by the security key to derive the real private key at signing time.
12045 So, stealing a copy of the private key file without also stealing your security key (or access to it) should not give the attacker anything.
12046 Once you have generated a key, you can use it normally - i.e. add it to an agent, copy it to your destination's authorized_keys files (assuming they are running -current too), etc. At authentication time, you will be prompted to tap your security key to confirm the signature operation - this makes theft-of-access attacks against security keys more difficult too.
12047 Please test this thoroughly - it's a big change that we want to have stable before the next release.
12048 Beastie Bits
12049 DragonFly - git: virtio - Fix LUN scan issue w/ Google Cloud (http://lists.dragonflybsd.org/pipermail/commits/2019-November/719945.html)
12050 Really fast Markov chains in ~20 lines of sh, grep, cut and awk (https://0x0f0f0f.github.io/posts/2019/11/really-fast-markov-chains-in-~20-lines-of-sh-grep-cut-and-awk/)
12051 FreeBSD Journal Sept/Oct 2019 (https://www.freebsdfoundation.org/past-issues/security-3/)
12052 Michael Dexter is raising money for Bhyve development (https://twitter.com/michaeldexter/status/1201231729228308480)
12053 syscall call-from verification (https://marc.info/?l=openbsd-tech&m=157488907117170)
12054 FreeBSD Forums Howto Section (https://forums.freebsd.org/forums/howtos-and-faqs-moderated.39/)
12055 Feedback/Questions
12056 Jeroen - Feedback (http://dpaste.com/0PK1EG2#wrap)
12057 Savo - pfsense ports (http://dpaste.com/0PZ03B7#wrap)
12058 Tin - I want to learn C (http://dpaste.com/2GVNCYB#wrap)
12059 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
12060 <video controls preload="metadata" style=" width:426px; height:240px;">
12061 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0328.mp4" type="video/mp4">
12062 Your browser does not support the HTML5 video tag.
12063 </video>
12064 </description>
12065 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, lldb, threading, ipsec, vpn, tunnel, netflix, optimized, network stack, amd, amd epyc, performance, unwind, eyeballs, aws, arm, arm 12, openssh, u2f, fido</itunes:keywords>
12066 <content:encoded>
12067 <![CDATA[<p>LLDB Threading support now ready, Multiple IPSec VPN tunnels with FreeBSD, Netflix Optimized FreeBSD's Network Stack More Than Doubled AMD EPYC Performance, happy eyeballs with unwind(8), AWS got FreeBSD ARM 12, OpenSSH U2F/FIDO support, and more.</p>
12068
12069 <h2>Headlines</h2>
12070
12071 <h3><a href="https://blog.netbsd.org/tnf/entry/lldb_threading_support_now_ready" rel="nofollow">LLDB Threading support now ready for mainline</a></h3>
12072
12073 <blockquote>
12074 <p>Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.</p>
12075
12076 <p>In February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD's ptrace interface to cover more register types and fix compat32 issues and fixing watchpoint support. Then, I've started working on improving thread support which is taking longer than expected. You can read more about that in my September 2019 report.</p>
12077
12078 <p>So far the number of issues uncovered while enabling proper threading support has stopped me from merging the work-in-progress patches. However, I've finally reached the point where I believe that the current work can be merged and the remaining problems can be resolved afterwards. More on that and other LLVM-related events happening during the last month in this report.</p>
12079 </blockquote>
12080
12081 <hr>
12082
12083 <h3><a href="https://blog.socruel.nu/text-only/how-to-multiple-ipsec-vpn-tunnels-on-freebsd.txt" rel="nofollow">Multiple IPSec VPN tunnels with FreeBSD</a></h3>
12084
12085 <blockquote>
12086 <p>The FreeBSD handbook describes an IPSec VPN tunnel between 2 FreeBSD hosts (see <a href="https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html" rel="nofollow">https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html</a>)</p>
12087 </blockquote>
12088
12089 <p>But it is also possible to have multiple, 2 or more, IPSec VPN tunnels created and running on a FreeBSD host. How to implement and configure this is described below.</p>
12090
12091 <blockquote>
12092 <p>The requirements is to have 3 locations (A, B and C) connected with IPSec VPN tunnels using FreeBSD (11.3-RELEASE).</p>
12093
12094 <p>Each location has 1 IPSec VPN host running FreeBSD (VPN host A, B and C).</p>
12095
12096 <p>VPN host A has 2 IPSec VPN tunnels: 1 to location B (VPN host B) and 1 to location C (VPN host C).</p>
12097 </blockquote>
12098
12099 <hr>
12100
12101 <h2>News Roundup</h2>
12102
12103 <h3><a href="https://www.phoronix.com/scan.php?page=news_item&px=Netflix-NUMA-FreeBSD-Optimized" rel="nofollow">Netflix Optimized FreeBSD's Network Stack More Than Doubled AMD EPYC Performance</a></h3>
12104
12105 <blockquote>
12106 <p>Drew Gallatin of Netflix presented at the recent EuroBSDcon 2019 conference in Norway on the company's network stack optimizations to FreeBSD. Netflix was working on being able to deliver 200Gb/s network performance for video streaming out of Intel Xeon and AMD EPYC servers, to which they are now at 190Gb/s+ and in the process that doubled the potential of EPYC Naples/Rome servers and also very hefty upgrades too for Intel.</p>
12107
12108 <p>Netflix has long been known to be using FreeBSD in their data centers particularly where network performance is concerned. But in wanting to deliver 200Gb/s throughput from individual servers led them to making NUMA optimizations to the FreeBSD network stack. Allocating NUMA local memory for kernel TLS crypto buffers and for backing files sent via sentfile were among their optimizations. Changes to network connection handling and dealing with incoming connections to Nginx were also made.</p>
12109
12110 <p>For those just wanting the end result, Netflix's NUMA optimizations to FreeBSD resulted in their Intel Xeon servers going from 105Gb/s to 191Gb/s while the NUMA fabric utilization dropped from 40% to 13%.</p>
12111 </blockquote>
12112
12113 <hr>
12114
12115 <h3><a href="https://marc.info/?l=openbsd-tech&m=157475113130337&w=2" rel="nofollow">unwind(8); "happy eyeballs"</a></h3>
12116
12117 <blockquote>
12118 <p>In case you are wondering why happy eyeballs: It's a variation on this:<br>
12119 <a href="https://en.wikipedia.org/wiki/Happy_Eyeballs" rel="nofollow">https://en.wikipedia.org/wiki/Happy_Eyeballs</a></p>
12120
12121 <p>unwind has a concept of a best nameserver type. It considers a configured DoT nameserver to be better than doing it's own recursive resolving. Recursive resolving is considered to be better than asking the dhcp provided nameservers.</p>
12122
12123 <p>This diff sorts the nameserver types by quality, as above (validation, resolving, dead...), and as a tie breaker it adds the median of the round trip time of previous queries into the mix. </p>
12124
12125 <p>One other interesting thing about this is that it gets us past captive portals without a check URL, that's why this diff is so huge, it rips out all the captive portal stuff (please apply with patch -E):<br>
12126 17 files changed, 385 insertions(+), 1683 deletions(-)</p>
12127
12128 <p>Please test this. I'm particularly interested in reports from people who move between networks and need to get past captive portals.</p>
12129 </blockquote>
12130
12131 <hr>
12132
12133 <h3><a href="https://aws.amazon.com/marketplace/pp/B081NF7BY7" rel="nofollow">Amazon now has FreeBSD ARM 12</a></h3>
12134
12135 <blockquote>
12136 <p>Product Overview</p>
12137
12138 <p>FreeBSD is an operating system used to power servers, desktops, and embedded systems. Derived from BSD, the version of UNIX developed at the University of California, Berkeley, FreeBSD has been continually developed by a large community for more than 30 years.</p>
12139
12140 <p>FreeBSD's networking, security, storage, and monitoring features, including the pf firewall, the Capsicum and CloudABI capability frameworks, the ZFS filesystem, and the DTrace dynamic tracing framework, make FreeBSD the platform of choice for many of the busiest web sites and most pervasive embedded networking and storage systems.</p>
12141 </blockquote>
12142
12143 <hr>
12144
12145 <h3><a href="https://www.undeadly.org/cgi?action=article;sid=20191115064850" rel="nofollow">OpenSSH U2F/FIDO support in base</a></h3>
12146
12147 <blockquote>
12148 <p>I just committed all the dependencies for OpenSSH security key (U2F) support to base and tweaked OpenSSH to use them directly. This means there will be no additional configuration hoops to jump through to use U2F/FIDO2 security keys.</p>
12149
12150 <p>Hardware backed keys can be generated using "ssh-keygen -t ecdsa-sk" (or "ed25519-sk" if your token supports it). Many tokens require to be touched/tapped to confirm this step.</p>
12151
12152 <p>You'll get a public/private keypair back as usual, except in this case, the private key file does not contain a highly-sensitive private key but instead holds a "key handle" that is used by the security key to derive the real private key at signing time.</p>
12153
12154 <p>So, stealing a copy of the private key file without also stealing your security key (or access to it) should not give the attacker anything. </p>
12155
12156 <p>Once you have generated a key, you can use it normally - i.e. add it to an agent, copy it to your destination's authorized_keys files (assuming they are running -current too), etc. At authentication time, you will be prompted to tap your security key to confirm the signature operation - this makes theft-of-access attacks against security keys more difficult too.</p>
12157
12158 <p>Please test this thoroughly - it's a big change that we want to have stable before the next release.</p>
12159 </blockquote>
12160
12161 <hr>
12162
12163 <h2>Beastie Bits</h2>
12164
12165 <ul>
12166 <li><a href="http://lists.dragonflybsd.org/pipermail/commits/2019-November/719945.html" rel="nofollow">DragonFly - git: virtio - Fix LUN scan issue w/ Google Cloud</a></li>
12167 <li><a href="https://0x0f0f0f.github.io/posts/2019/11/really-fast-markov-chains-in-%7E20-lines-of-sh-grep-cut-and-awk/" rel="nofollow">Really fast Markov chains in ~20 lines of sh, grep, cut and awk</a></li>
12168 <li><a href="https://www.freebsdfoundation.org/past-issues/security-3/" rel="nofollow">FreeBSD Journal Sept/Oct 2019</a></li>
12169 <li><a href="https://twitter.com/michaeldexter/status/1201231729228308480" rel="nofollow">Michael Dexter is raising money for Bhyve development</a></li>
12170 <li><a href="https://marc.info/?l=openbsd-tech&m=157488907117170" rel="nofollow">syscall call-from verification</a></li>
12171 <li><a href="https://forums.freebsd.org/forums/howtos-and-faqs-moderated.39/" rel="nofollow">FreeBSD Forums Howto Section</a></li>
12172 </ul>
12173
12174 <hr>
12175
12176 <h2>Feedback/Questions</h2>
12177
12178 <ul>
12179 <li>Jeroen - <a href="http://dpaste.com/0PK1EG2#wrap" rel="nofollow">Feedback</a></li>
12180 <li>Savo - <a href="http://dpaste.com/0PZ03B7#wrap" rel="nofollow">pfsense ports</a></li>
12181 <li>Tin - <a href="http://dpaste.com/2GVNCYB#wrap" rel="nofollow">I want to learn C</a></li>
12182 </ul>
12183
12184 <hr>
12185
12186 <ul>
12187 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
12188 </ul>
12189
12190 <hr>
12191
12192 <video controls preload="metadata" style=" width:426px; height:240px;">
12193 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0328.mp4" type="video/mp4">
12194 Your browser does not support the HTML5 video tag.
12195 </video>]]>
12196 </content:encoded>
12197 <itunes:summary>
12198 <![CDATA[<p>LLDB Threading support now ready, Multiple IPSec VPN tunnels with FreeBSD, Netflix Optimized FreeBSD's Network Stack More Than Doubled AMD EPYC Performance, happy eyeballs with unwind(8), AWS got FreeBSD ARM 12, OpenSSH U2F/FIDO support, and more.</p>
12199
12200 <h2>Headlines</h2>
12201
12202 <h3><a href="https://blog.netbsd.org/tnf/entry/lldb_threading_support_now_ready" rel="nofollow">LLDB Threading support now ready for mainline</a></h3>
12203
12204 <blockquote>
12205 <p>Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.</p>
12206
12207 <p>In February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD's ptrace interface to cover more register types and fix compat32 issues and fixing watchpoint support. Then, I've started working on improving thread support which is taking longer than expected. You can read more about that in my September 2019 report.</p>
12208
12209 <p>So far the number of issues uncovered while enabling proper threading support has stopped me from merging the work-in-progress patches. However, I've finally reached the point where I believe that the current work can be merged and the remaining problems can be resolved afterwards. More on that and other LLVM-related events happening during the last month in this report.</p>
12210 </blockquote>
12211
12212 <hr>
12213
12214 <h3><a href="https://blog.socruel.nu/text-only/how-to-multiple-ipsec-vpn-tunnels-on-freebsd.txt" rel="nofollow">Multiple IPSec VPN tunnels with FreeBSD</a></h3>
12215
12216 <blockquote>
12217 <p>The FreeBSD handbook describes an IPSec VPN tunnel between 2 FreeBSD hosts (see <a href="https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html" rel="nofollow">https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html</a>)</p>
12218 </blockquote>
12219
12220 <p>But it is also possible to have multiple, 2 or more, IPSec VPN tunnels created and running on a FreeBSD host. How to implement and configure this is described below.</p>
12221
12222 <blockquote>
12223 <p>The requirements is to have 3 locations (A, B and C) connected with IPSec VPN tunnels using FreeBSD (11.3-RELEASE).</p>
12224
12225 <p>Each location has 1 IPSec VPN host running FreeBSD (VPN host A, B and C).</p>
12226
12227 <p>VPN host A has 2 IPSec VPN tunnels: 1 to location B (VPN host B) and 1 to location C (VPN host C).</p>
12228 </blockquote>
12229
12230 <hr>
12231
12232 <h2>News Roundup</h2>
12233
12234 <h3><a href="https://www.phoronix.com/scan.php?page=news_item&px=Netflix-NUMA-FreeBSD-Optimized" rel="nofollow">Netflix Optimized FreeBSD's Network Stack More Than Doubled AMD EPYC Performance</a></h3>
12235
12236 <blockquote>
12237 <p>Drew Gallatin of Netflix presented at the recent EuroBSDcon 2019 conference in Norway on the company's network stack optimizations to FreeBSD. Netflix was working on being able to deliver 200Gb/s network performance for video streaming out of Intel Xeon and AMD EPYC servers, to which they are now at 190Gb/s+ and in the process that doubled the potential of EPYC Naples/Rome servers and also very hefty upgrades too for Intel.</p>
12238
12239 <p>Netflix has long been known to be using FreeBSD in their data centers particularly where network performance is concerned. But in wanting to deliver 200Gb/s throughput from individual servers led them to making NUMA optimizations to the FreeBSD network stack. Allocating NUMA local memory for kernel TLS crypto buffers and for backing files sent via sentfile were among their optimizations. Changes to network connection handling and dealing with incoming connections to Nginx were also made.</p>
12240
12241 <p>For those just wanting the end result, Netflix's NUMA optimizations to FreeBSD resulted in their Intel Xeon servers going from 105Gb/s to 191Gb/s while the NUMA fabric utilization dropped from 40% to 13%.</p>
12242 </blockquote>
12243
12244 <hr>
12245
12246 <h3><a href="https://marc.info/?l=openbsd-tech&m=157475113130337&w=2" rel="nofollow">unwind(8); "happy eyeballs"</a></h3>
12247
12248 <blockquote>
12249 <p>In case you are wondering why happy eyeballs: It's a variation on this:<br>
12250 <a href="https://en.wikipedia.org/wiki/Happy_Eyeballs" rel="nofollow">https://en.wikipedia.org/wiki/Happy_Eyeballs</a></p>
12251
12252 <p>unwind has a concept of a best nameserver type. It considers a configured DoT nameserver to be better than doing it's own recursive resolving. Recursive resolving is considered to be better than asking the dhcp provided nameservers.</p>
12253
12254 <p>This diff sorts the nameserver types by quality, as above (validation, resolving, dead...), and as a tie breaker it adds the median of the round trip time of previous queries into the mix. </p>
12255
12256 <p>One other interesting thing about this is that it gets us past captive portals without a check URL, that's why this diff is so huge, it rips out all the captive portal stuff (please apply with patch -E):<br>
12257 17 files changed, 385 insertions(+), 1683 deletions(-)</p>
12258
12259 <p>Please test this. I'm particularly interested in reports from people who move between networks and need to get past captive portals.</p>
12260 </blockquote>
12261
12262 <hr>
12263
12264 <h3><a href="https://aws.amazon.com/marketplace/pp/B081NF7BY7" rel="nofollow">Amazon now has FreeBSD ARM 12</a></h3>
12265
12266 <blockquote>
12267 <p>Product Overview</p>
12268
12269 <p>FreeBSD is an operating system used to power servers, desktops, and embedded systems. Derived from BSD, the version of UNIX developed at the University of California, Berkeley, FreeBSD has been continually developed by a large community for more than 30 years.</p>
12270
12271 <p>FreeBSD's networking, security, storage, and monitoring features, including the pf firewall, the Capsicum and CloudABI capability frameworks, the ZFS filesystem, and the DTrace dynamic tracing framework, make FreeBSD the platform of choice for many of the busiest web sites and most pervasive embedded networking and storage systems.</p>
12272 </blockquote>
12273
12274 <hr>
12275
12276 <h3><a href="https://www.undeadly.org/cgi?action=article;sid=20191115064850" rel="nofollow">OpenSSH U2F/FIDO support in base</a></h3>
12277
12278 <blockquote>
12279 <p>I just committed all the dependencies for OpenSSH security key (U2F) support to base and tweaked OpenSSH to use them directly. This means there will be no additional configuration hoops to jump through to use U2F/FIDO2 security keys.</p>
12280
12281 <p>Hardware backed keys can be generated using "ssh-keygen -t ecdsa-sk" (or "ed25519-sk" if your token supports it). Many tokens require to be touched/tapped to confirm this step.</p>
12282
12283 <p>You'll get a public/private keypair back as usual, except in this case, the private key file does not contain a highly-sensitive private key but instead holds a "key handle" that is used by the security key to derive the real private key at signing time.</p>
12284
12285 <p>So, stealing a copy of the private key file without also stealing your security key (or access to it) should not give the attacker anything. </p>
12286
12287 <p>Once you have generated a key, you can use it normally - i.e. add it to an agent, copy it to your destination's authorized_keys files (assuming they are running -current too), etc. At authentication time, you will be prompted to tap your security key to confirm the signature operation - this makes theft-of-access attacks against security keys more difficult too.</p>
12288
12289 <p>Please test this thoroughly - it's a big change that we want to have stable before the next release.</p>
12290 </blockquote>
12291
12292 <hr>
12293
12294 <h2>Beastie Bits</h2>
12295
12296 <ul>
12297 <li><a href="http://lists.dragonflybsd.org/pipermail/commits/2019-November/719945.html" rel="nofollow">DragonFly - git: virtio - Fix LUN scan issue w/ Google Cloud</a></li>
12298 <li><a href="https://0x0f0f0f.github.io/posts/2019/11/really-fast-markov-chains-in-%7E20-lines-of-sh-grep-cut-and-awk/" rel="nofollow">Really fast Markov chains in ~20 lines of sh, grep, cut and awk</a></li>
12299 <li><a href="https://www.freebsdfoundation.org/past-issues/security-3/" rel="nofollow">FreeBSD Journal Sept/Oct 2019</a></li>
12300 <li><a href="https://twitter.com/michaeldexter/status/1201231729228308480" rel="nofollow">Michael Dexter is raising money for Bhyve development</a></li>
12301 <li><a href="https://marc.info/?l=openbsd-tech&m=157488907117170" rel="nofollow">syscall call-from verification</a></li>
12302 <li><a href="https://forums.freebsd.org/forums/howtos-and-faqs-moderated.39/" rel="nofollow">FreeBSD Forums Howto Section</a></li>
12303 </ul>
12304
12305 <hr>
12306
12307 <h2>Feedback/Questions</h2>
12308
12309 <ul>
12310 <li>Jeroen - <a href="http://dpaste.com/0PK1EG2#wrap" rel="nofollow">Feedback</a></li>
12311 <li>Savo - <a href="http://dpaste.com/0PZ03B7#wrap" rel="nofollow">pfsense ports</a></li>
12312 <li>Tin - <a href="http://dpaste.com/2GVNCYB#wrap" rel="nofollow">I want to learn C</a></li>
12313 </ul>
12314
12315 <hr>
12316
12317 <ul>
12318 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
12319 </ul>
12320
12321 <hr>
12322
12323 <video controls preload="metadata" style=" width:426px; height:240px;">
12324 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0328.mp4" type="video/mp4">
12325 Your browser does not support the HTML5 video tag.
12326 </video>]]>
12327 </itunes:summary>
12328 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+zdscQha2</fireside:playerURL>
12329 <fireside:playerEmbedCode>
12330 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+zdscQha2" width="740" height="200" frameborder="0" scrolling="no">]]>
12331 </fireside:playerEmbedCode>
12332 </item>
12333 <item>
12334 <title>327: ZFS Rename Repo</title>
12335 <link>https://www.bsdnow.tv/327</link>
12336 <guid isPermaLink="false">18bee756-2b2e-45ed-bcf1-403549bf6a32</guid>
12337 <pubDate>Thu, 05 Dec 2019 04:00:00 -0800</pubDate>
12338 <author>Allan Jude</author>
12339 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/18bee756-2b2e-45ed-bcf1-403549bf6a32.mp3" length="60093881" type="audio/mp3"/>
12340 <itunes:episodeType>full</itunes:episodeType>
12341 <itunes:author>Allan Jude</itunes:author>
12342 <itunes:subtitle>We read FreeBSD’s third quarterly status report, OpenBSD on Sparc64, ZoL repo move to OpenZFS, GEOM NOP, keeping NetBSD up-to-date, and more.</itunes:subtitle>
12343 <itunes:duration>1:23:27</itunes:duration>
12344 <itunes:explicit>no</itunes:explicit>
12345 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
12346 <description>We read FreeBSD’s third quarterly status report, OpenBSD on Sparc64, ZoL repo move to OpenZFS, GEOM NOP, keeping NetBSD up-to-date, and more.
12347 Headlines
12348 FreeBSD third quarterly status report for 2019 (https://www.freebsd.org/news/status/report-2019-07-2019-09.html)
12349 This quarter the reports team has been more active than usual thanks to a better organization: calls for reports and reminders have been sent regularly, reports have been reviewed and merged quickly (I would like to thank debdrup@ in particular for his reviewing work).
12350 Efficiency could still be improved with the help of our community. In particular, the quarterly team has found that many reports have arrived in the last days before the deadline or even after. I would like to invite the community to follow the guidelines below that can help us sending out the reports sooner.
12351 Starting from next quarter, all quarterly status reports will be prepared the last month of the quarter itself, instead of the first month after the quarter's end. This means that deadlines for submitting reports will be the 1st of January, April, July and October.
12352 Next quarter will then be a short one, covering the months of November and December only and the report will probably be out in mid January.
12353 OpenBSD on Sparc64 (https://eerielinux.wordpress.com/2019/10/10/openbsd-on-sparc64-6-0-to-6-5/)
12354 OpenBSD, huh? Yes, I usually write about FreeBSD and that’s in fact what I tried installing on the machine first. But I ran into problems with it very early on (never even reached single user mode) and put it aside for later. Since I powered up the SunFire again last month, I needed an OS now and chose OpenBSD for the simple reason that I have it available.
12355 First I wanted to call this article simply “OpenBSD on SPARC” – but that would have been misleading since OpenBSD used to support 32-bit SPARC processors, too. The platform was just put to rest after the 5.9 release.
12356 Version 6.0 was the last release of OpenBSD that came on CD-ROM. When I bought it, I thought that I’d never use the SPARC CD. But here was the chance! While it is an obsolete release, it comes with the cryptographic signatures to verify the next release. So the plan is to start at 6.0 as I can trust the original CDs and then update to the latest release. This will also be an opportunity to recap on some of the things that changed over the various versions.
12357 News Roundup
12358 ZoL repo move to OpenZFS (https://zfsonlinux.topicbox.com/groups/zfs-discuss/T13eedc32607dab41/zol-repo-move-to-openzfs)
12359 Because it will contain the ZFS source code for both Linux and FreeBSD, we will rename the "ZFSonLinux" code repository to "OpenZFS". Specifically, the repo at http://github.com/ZFSonLinux/zfs will be moved to the OpenZFS organization, at http://github.com/OpenZFS/zfs.
12360 The next major release of ZFS for Linux and FreeBSD will be "OpenZFS 2.0", and is expected to ship in 2020.
12361 Mcclure111 Sun Thread (https://twitter.com/mcclure111/status/1196557401710837762)
12362 A long time ago— like 15 years ago— I worked at Sun Microsystems. The company was nearly dead at the time (it died a couple years later) because they didn't make anything that anyone wanted to buy anymore. So they had a lot of strange ideas about how they'd make their comeback.
12363 GEOM NOP (https://oshogbo.vexillium.org/blog/71/)
12364 Sometimes while testing file systems or applications you want to simulate some errors on the disk level. The first time I heard about this need was from Baptiste Daroussin during his presentation at AsiaBSDCon 2016. He mentioned how they had built a test lab with it. The same need was recently discussed during the PGCon 2019, to test a PostgreSQL instance. If you are FreeBSD user, I have great news for you: there is a GEOM provider which allows you to simulate a failing device.
12365 GNOP allows us to configure transparent providers from existing ones. The first interesting option of it is that we can slice the device into smaller pieces, thanks to the ‘offset option’ and ‘stripsesize’. This allows us to observe how the data on the disk is changing. Let’s assume that we want to observe the changes in the GPT table when the GPT flags are added or removed (for example the bootme flags which are described here). We can use dd every time and analyze it using absolute values from the disks.
12366 Keeping NetBSD up-to-date with pkg_comp 2.0 (https://jmmv.dev/2017/02/pkg_comp-2.0-tutorial-netbsd.html)
12367 This is a tutorial to guide you through the shiny new pkg_comp 2.0 on NetBSD.
12368 Goals: to use pkg_comp 2.0 to build a binary repository of all the packages you are interested in; to keep the repository fresh on a daily basis; and to use that repository with pkgin to maintain your NetBSD system up-to-date and secure.
12369 This tutorial is specifically targeted at NetBSD but should work on other platforms with some small changes. Expect, at the very least, a macOS-specific tutorial as soon as I create a pkg_comp standalone installer for that platform.
12370 Beastie Bits
12371 DragonFly - Radeon Improvements (http://lists.dragonflybsd.org/pipermail/commits/2019-November/720070.html)
12372 NomadBSD review (https://www.youtube.com/watch?v=7DglP7SbnlA&feature=share)
12373 Spongebob OpenBSD Security Comic (https://files.yukiisbo.red/openbsd_claim.png)
12374 Forth : The Early Years (https://colorforth.github.io/HOPL.html)
12375 LCM+L PDP-7 booting and running UNIX Version 0 (https://www.youtube.com/watch?v=pvaPaWyiuLA)
12376 Feedback/Questions
12377 Chris - Ctrl-T (http://dpaste.com/284E5BV)
12378 Improved Ctrl+t that shows kernel backtrace (https://asciinema.org/a/xfSpvPT61Cnd9iRgbfIjT6kYj)
12379 Brian - Migrating NexentaStore to FreeBSD/FreeNAS (http://dpaste.com/05GDK8H#wrap)
12380 Avery - How to get involved (http://dpaste.com/26KW801#wrap)
12381 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
12382 <video controls preload="metadata" style=" width:426px; height:240px;">
12383 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0327.mp4" type="video/mp4">
12384 Your browser does not support the HTML5 video tag.
12385 </video>
12386 </description>
12387 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, quarterly status, status report, report, sparc64, sun, geom, nop, gnop, uo-to-date, pkg_comp</itunes:keywords>
12388 <content:encoded>
12389 <![CDATA[<p>We read FreeBSD’s third quarterly status report, OpenBSD on Sparc64, ZoL repo move to OpenZFS, GEOM NOP, keeping NetBSD up-to-date, and more.</p>
12390
12391 <h2>Headlines</h2>
12392
12393 <h3><a href="https://www.freebsd.org/news/status/report-2019-07-2019-09.html" rel="nofollow">FreeBSD third quarterly status report for 2019</a></h3>
12394
12395 <blockquote>
12396 <p>This quarter the reports team has been more active than usual thanks to a better organization: calls for reports and reminders have been sent regularly, reports have been reviewed and merged quickly (I would like to thank debdrup@ in particular for his reviewing work).</p>
12397
12398 <p>Efficiency could still be improved with the help of our community. In particular, the quarterly team has found that many reports have arrived in the last days before the deadline or even after. I would like to invite the community to follow the guidelines below that can help us sending out the reports sooner.</p>
12399
12400 <p>Starting from next quarter, all quarterly status reports will be prepared the last month of the quarter itself, instead of the first month after the quarter's end. This means that deadlines for submitting reports will be the 1st of January, April, July and October.</p>
12401
12402 <p>Next quarter will then be a short one, covering the months of November and December only and the report will probably be out in mid January.</p>
12403 </blockquote>
12404
12405 <hr>
12406
12407 <h3><a href="https://eerielinux.wordpress.com/2019/10/10/openbsd-on-sparc64-6-0-to-6-5/" rel="nofollow">OpenBSD on Sparc64</a></h3>
12408
12409 <blockquote>
12410 <p>OpenBSD, huh? Yes, I usually write about FreeBSD and that’s in fact what I tried installing on the machine first. But I ran into problems with it very early on (never even reached single user mode) and put it aside for later. Since I powered up the SunFire again last month, I needed an OS now and chose OpenBSD for the simple reason that I have it available.</p>
12411
12412 <p>First I wanted to call this article simply “OpenBSD on SPARC” – but that would have been misleading since OpenBSD used to support 32-bit SPARC processors, too. The platform was just put to rest after the 5.9 release.</p>
12413
12414 <p>Version 6.0 was the last release of OpenBSD that came on CD-ROM. When I bought it, I thought that I’d never use the SPARC CD. But here was the chance! While it is an obsolete release, it comes with the cryptographic signatures to verify the next release. So the plan is to start at 6.0 as I can trust the original CDs and then update to the latest release. This will also be an opportunity to recap on some of the things that changed over the various versions.</p>
12415 </blockquote>
12416
12417 <hr>
12418
12419 <h2>News Roundup</h2>
12420
12421 <h3><a href="https://zfsonlinux.topicbox.com/groups/zfs-discuss/T13eedc32607dab41/zol-repo-move-to-openzfs" rel="nofollow">ZoL repo move to OpenZFS</a></h3>
12422
12423 <blockquote>
12424 <p>Because it will contain the ZFS source code for both Linux and FreeBSD, we will rename the "ZFSonLinux" code repository to "OpenZFS". Specifically, the repo at <a href="http://github.com/ZFSonLinux/zfs" rel="nofollow">http://github.com/ZFSonLinux/zfs</a> will be moved to the OpenZFS organization, at <a href="http://github.com/OpenZFS/zfs" rel="nofollow">http://github.com/OpenZFS/zfs</a>.</p>
12425
12426 <p>The next major release of ZFS for Linux and FreeBSD will be "OpenZFS 2.0", and is expected to ship in 2020.</p>
12427 </blockquote>
12428
12429 <hr>
12430
12431 <h3><a href="https://twitter.com/mcclure111/status/1196557401710837762" rel="nofollow">Mcclure111 Sun Thread</a></h3>
12432
12433 <blockquote>
12434 <p>A long time ago— like 15 years ago— I worked at Sun Microsystems. The company was nearly dead at the time (it died a couple years later) because they didn't make anything that anyone wanted to buy anymore. So they had a lot of strange ideas about how they'd make their comeback.</p>
12435 </blockquote>
12436
12437 <hr>
12438
12439 <h3><a href="https://oshogbo.vexillium.org/blog/71/" rel="nofollow">GEOM NOP</a></h3>
12440
12441 <blockquote>
12442 <p>Sometimes while testing file systems or applications you want to simulate some errors on the disk level. The first time I heard about this need was from Baptiste Daroussin during his presentation at AsiaBSDCon 2016. He mentioned how they had built a test lab with it. The same need was recently discussed during the PGCon 2019, to test a PostgreSQL instance. If you are FreeBSD user, I have great news for you: there is a GEOM provider which allows you to simulate a failing device.</p>
12443
12444 <p>GNOP allows us to configure transparent providers from existing ones. The first interesting option of it is that we can slice the device into smaller pieces, thanks to the ‘offset option’ and ‘stripsesize’. This allows us to observe how the data on the disk is changing. Let’s assume that we want to observe the changes in the GPT table when the GPT flags are added or removed (for example the bootme flags which are described here). We can use dd every time and analyze it using absolute values from the disks.</p>
12445 </blockquote>
12446
12447 <hr>
12448
12449 <h3><a href="https://jmmv.dev/2017/02/pkg_comp-2.0-tutorial-netbsd.html" rel="nofollow">Keeping NetBSD up-to-date with pkg_comp 2.0</a></h3>
12450
12451 <blockquote>
12452 <p>This is a tutorial to guide you through the shiny new pkg_comp 2.0 on NetBSD.</p>
12453
12454 <p>Goals: to use pkg_comp 2.0 to build a binary repository of all the packages you are interested in; to keep the repository fresh on a daily basis; and to use that repository with pkgin to maintain your NetBSD system up-to-date and secure.</p>
12455
12456 <p>This tutorial is specifically targeted at NetBSD but should work on other platforms with some small changes. Expect, at the very least, a macOS-specific tutorial as soon as I create a pkg_comp standalone installer for that platform.</p>
12457 </blockquote>
12458
12459 <hr>
12460
12461 <h2>Beastie Bits</h2>
12462
12463 <ul>
12464 <li><a href="http://lists.dragonflybsd.org/pipermail/commits/2019-November/720070.html" rel="nofollow">DragonFly - Radeon Improvements</a></li>
12465 <li><a href="https://www.youtube.com/watch?v=7DglP7SbnlA&feature=share" rel="nofollow">NomadBSD review</a></li>
12466 <li><a href="https://files.yukiisbo.red/openbsd_claim.png" rel="nofollow">Spongebob OpenBSD Security Comic</a></li>
12467 <li><a href="https://colorforth.github.io/HOPL.html" rel="nofollow">Forth : The Early Years</a></li>
12468 <li><a href="https://www.youtube.com/watch?v=pvaPaWyiuLA" rel="nofollow">LCM+L PDP-7 booting and running UNIX Version 0</a></li>
12469 </ul>
12470
12471 <hr>
12472
12473 <h2>Feedback/Questions</h2>
12474
12475 <ul>
12476 <li>Chris - <a href="http://dpaste.com/284E5BV" rel="nofollow">Ctrl-T</a>
12477
12478 <ul>
12479 <li><a href="https://asciinema.org/a/xfSpvPT61Cnd9iRgbfIjT6kYj" rel="nofollow">Improved Ctrl+t that shows kernel backtrace</a></li>
12480 </ul></li>
12481 <li>Brian - <a href="http://dpaste.com/05GDK8H#wrap" rel="nofollow">Migrating NexentaStore to FreeBSD/FreeNAS</a></li>
12482 <li>Avery - <a href="http://dpaste.com/26KW801#wrap" rel="nofollow">How to get involved</a></li>
12483 </ul>
12484
12485 <hr>
12486
12487 <ul>
12488 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
12489 </ul>
12490
12491 <hr>
12492
12493 <video controls preload="metadata" style=" width:426px; height:240px;">
12494 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0327.mp4" type="video/mp4">
12495 Your browser does not support the HTML5 video tag.
12496 </video>]]>
12497 </content:encoded>
12498 <itunes:summary>
12499 <![CDATA[<p>We read FreeBSD’s third quarterly status report, OpenBSD on Sparc64, ZoL repo move to OpenZFS, GEOM NOP, keeping NetBSD up-to-date, and more.</p>
12500
12501 <h2>Headlines</h2>
12502
12503 <h3><a href="https://www.freebsd.org/news/status/report-2019-07-2019-09.html" rel="nofollow">FreeBSD third quarterly status report for 2019</a></h3>
12504
12505 <blockquote>
12506 <p>This quarter the reports team has been more active than usual thanks to a better organization: calls for reports and reminders have been sent regularly, reports have been reviewed and merged quickly (I would like to thank debdrup@ in particular for his reviewing work).</p>
12507
12508 <p>Efficiency could still be improved with the help of our community. In particular, the quarterly team has found that many reports have arrived in the last days before the deadline or even after. I would like to invite the community to follow the guidelines below that can help us sending out the reports sooner.</p>
12509
12510 <p>Starting from next quarter, all quarterly status reports will be prepared the last month of the quarter itself, instead of the first month after the quarter's end. This means that deadlines for submitting reports will be the 1st of January, April, July and October.</p>
12511
12512 <p>Next quarter will then be a short one, covering the months of November and December only and the report will probably be out in mid January.</p>
12513 </blockquote>
12514
12515 <hr>
12516
12517 <h3><a href="https://eerielinux.wordpress.com/2019/10/10/openbsd-on-sparc64-6-0-to-6-5/" rel="nofollow">OpenBSD on Sparc64</a></h3>
12518
12519 <blockquote>
12520 <p>OpenBSD, huh? Yes, I usually write about FreeBSD and that’s in fact what I tried installing on the machine first. But I ran into problems with it very early on (never even reached single user mode) and put it aside for later. Since I powered up the SunFire again last month, I needed an OS now and chose OpenBSD for the simple reason that I have it available.</p>
12521
12522 <p>First I wanted to call this article simply “OpenBSD on SPARC” – but that would have been misleading since OpenBSD used to support 32-bit SPARC processors, too. The platform was just put to rest after the 5.9 release.</p>
12523
12524 <p>Version 6.0 was the last release of OpenBSD that came on CD-ROM. When I bought it, I thought that I’d never use the SPARC CD. But here was the chance! While it is an obsolete release, it comes with the cryptographic signatures to verify the next release. So the plan is to start at 6.0 as I can trust the original CDs and then update to the latest release. This will also be an opportunity to recap on some of the things that changed over the various versions.</p>
12525 </blockquote>
12526
12527 <hr>
12528
12529 <h2>News Roundup</h2>
12530
12531 <h3><a href="https://zfsonlinux.topicbox.com/groups/zfs-discuss/T13eedc32607dab41/zol-repo-move-to-openzfs" rel="nofollow">ZoL repo move to OpenZFS</a></h3>
12532
12533 <blockquote>
12534 <p>Because it will contain the ZFS source code for both Linux and FreeBSD, we will rename the "ZFSonLinux" code repository to "OpenZFS". Specifically, the repo at <a href="http://github.com/ZFSonLinux/zfs" rel="nofollow">http://github.com/ZFSonLinux/zfs</a> will be moved to the OpenZFS organization, at <a href="http://github.com/OpenZFS/zfs" rel="nofollow">http://github.com/OpenZFS/zfs</a>.</p>
12535
12536 <p>The next major release of ZFS for Linux and FreeBSD will be "OpenZFS 2.0", and is expected to ship in 2020.</p>
12537 </blockquote>
12538
12539 <hr>
12540
12541 <h3><a href="https://twitter.com/mcclure111/status/1196557401710837762" rel="nofollow">Mcclure111 Sun Thread</a></h3>
12542
12543 <blockquote>
12544 <p>A long time ago— like 15 years ago— I worked at Sun Microsystems. The company was nearly dead at the time (it died a couple years later) because they didn't make anything that anyone wanted to buy anymore. So they had a lot of strange ideas about how they'd make their comeback.</p>
12545 </blockquote>
12546
12547 <hr>
12548
12549 <h3><a href="https://oshogbo.vexillium.org/blog/71/" rel="nofollow">GEOM NOP</a></h3>
12550
12551 <blockquote>
12552 <p>Sometimes while testing file systems or applications you want to simulate some errors on the disk level. The first time I heard about this need was from Baptiste Daroussin during his presentation at AsiaBSDCon 2016. He mentioned how they had built a test lab with it. The same need was recently discussed during the PGCon 2019, to test a PostgreSQL instance. If you are FreeBSD user, I have great news for you: there is a GEOM provider which allows you to simulate a failing device.</p>
12553
12554 <p>GNOP allows us to configure transparent providers from existing ones. The first interesting option of it is that we can slice the device into smaller pieces, thanks to the ‘offset option’ and ‘stripsesize’. This allows us to observe how the data on the disk is changing. Let’s assume that we want to observe the changes in the GPT table when the GPT flags are added or removed (for example the bootme flags which are described here). We can use dd every time and analyze it using absolute values from the disks.</p>
12555 </blockquote>
12556
12557 <hr>
12558
12559 <h3><a href="https://jmmv.dev/2017/02/pkg_comp-2.0-tutorial-netbsd.html" rel="nofollow">Keeping NetBSD up-to-date with pkg_comp 2.0</a></h3>
12560
12561 <blockquote>
12562 <p>This is a tutorial to guide you through the shiny new pkg_comp 2.0 on NetBSD.</p>
12563
12564 <p>Goals: to use pkg_comp 2.0 to build a binary repository of all the packages you are interested in; to keep the repository fresh on a daily basis; and to use that repository with pkgin to maintain your NetBSD system up-to-date and secure.</p>
12565
12566 <p>This tutorial is specifically targeted at NetBSD but should work on other platforms with some small changes. Expect, at the very least, a macOS-specific tutorial as soon as I create a pkg_comp standalone installer for that platform.</p>
12567 </blockquote>
12568
12569 <hr>
12570
12571 <h2>Beastie Bits</h2>
12572
12573 <ul>
12574 <li><a href="http://lists.dragonflybsd.org/pipermail/commits/2019-November/720070.html" rel="nofollow">DragonFly - Radeon Improvements</a></li>
12575 <li><a href="https://www.youtube.com/watch?v=7DglP7SbnlA&feature=share" rel="nofollow">NomadBSD review</a></li>
12576 <li><a href="https://files.yukiisbo.red/openbsd_claim.png" rel="nofollow">Spongebob OpenBSD Security Comic</a></li>
12577 <li><a href="https://colorforth.github.io/HOPL.html" rel="nofollow">Forth : The Early Years</a></li>
12578 <li><a href="https://www.youtube.com/watch?v=pvaPaWyiuLA" rel="nofollow">LCM+L PDP-7 booting and running UNIX Version 0</a></li>
12579 </ul>
12580
12581 <hr>
12582
12583 <h2>Feedback/Questions</h2>
12584
12585 <ul>
12586 <li>Chris - <a href="http://dpaste.com/284E5BV" rel="nofollow">Ctrl-T</a>
12587
12588 <ul>
12589 <li><a href="https://asciinema.org/a/xfSpvPT61Cnd9iRgbfIjT6kYj" rel="nofollow">Improved Ctrl+t that shows kernel backtrace</a></li>
12590 </ul></li>
12591 <li>Brian - <a href="http://dpaste.com/05GDK8H#wrap" rel="nofollow">Migrating NexentaStore to FreeBSD/FreeNAS</a></li>
12592 <li>Avery - <a href="http://dpaste.com/26KW801#wrap" rel="nofollow">How to get involved</a></li>
12593 </ul>
12594
12595 <hr>
12596
12597 <ul>
12598 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
12599 </ul>
12600
12601 <hr>
12602
12603 <video controls preload="metadata" style=" width:426px; height:240px;">
12604 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0327.mp4" type="video/mp4">
12605 Your browser does not support the HTML5 video tag.
12606 </video>]]>
12607 </itunes:summary>
12608 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+nLDPUCha</fireside:playerURL>
12609 <fireside:playerEmbedCode>
12610 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+nLDPUCha" width="740" height="200" frameborder="0" scrolling="no">]]>
12611 </fireside:playerEmbedCode>
12612 </item>
12613 <item>
12614 <title>326: Certified BSD</title>
12615 <link>https://www.bsdnow.tv/326</link>
12616 <guid isPermaLink="false">4d6f5084-1255-44ce-a255-5f969e18e44d</guid>
12617 <pubDate>Thu, 28 Nov 2019 04:00:00 -0800</pubDate>
12618 <author>Allan Jude</author>
12619 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4d6f5084-1255-44ce-a255-5f969e18e44d.mp3" length="43280010" type="audio/mp3"/>
12620 <itunes:episodeType>full</itunes:episodeType>
12621 <itunes:author>Allan Jude</itunes:author>
12622 <itunes:subtitle>LPI releases BSD Certification, openzfs trip report, Using FreeBSD with ports, LLDB threading support ready, Linux versus Open Source Unix, and more.</itunes:subtitle>
12623 <itunes:duration>1:00:06</itunes:duration>
12624 <itunes:explicit>no</itunes:explicit>
12625 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
12626 <description>LPI releases BSD Certification, openzfs trip report, Using FreeBSD with ports, LLDB threading support ready, Linux versus Open Source Unix, and more.
12627 Headlines
12628 Linux Professional Institute Releases BSD Specialist Certification - re BSD Certification Group (https://www.lpi.org/articles/linux-professional-institute-releases-bsd-specialist-certification)
12629 Linux Professional Institute extends its Open Technology certification track with the BSD Specialist Certification. Starting October 30, 2019, BSD Specialist exams will be globally available. The certification was developed in collaboration with the BSD Certification Group which merged with Linux Professional Institute in 2018.
12630 G. Matthew Rice, the Executive Director of Linux Professional Institute says that "the release of the BSD Specialist certification marks a major milestone for Linux Professional Institute. With this new credential, we are reaffirming our belief in the value of, and support for, all open source technologies. As much as possible, future credentials and educational programs will include coverage of BSD.”
12631 OpenZFS Trip Report (https://www.ixsystems.com/blog/openzfs-dev-summit-2019/)
12632 The seventh annual OpenZFS Developer Summit took place on November 4th and 5th in San Francisco and brought together a healthy mix of familiar faces and new community participants. Several folks from iXsystems took part in the talks, hacking, and socializing at this amazing annual event. The messages of the event can be summed up as Unification, Refinement, and Ecosystem Tooling.
12633 News Roundup
12634 Using FreeBSD with Ports (2/2): Tool-assisted updating (https://eerielinux.wordpress.com/2019/09/12/using-freebsd-with-ports-2-2-tool-assisted-updating/)
12635 Part 1 here: https://eerielinux.wordpress.com/2019/08/18/using-freebsd-with-ports-1-2-classic-way-with-tools/
12636 In the previous post I explained why sometimes building your software from ports may make sense on FreeBSD. I also introduced the reader to the old-fashioned way of using tools to make working with ports a bit more convenient.
12637 In this follow-up post we’re going to take a closer look at portmaster and see how it especially makes updating from ports much, much easier. For people coming here without having read the previous article: What I describe here is not what every FreeBSD admin today should consider good practice (any more)! It can still be useful in special cases, but my main intention is to discuss this for building up the foundation for what you actually should do today.
12638 LLDB Threading support now ready for mainline (http://blog.netbsd.org/tnf/entry/lldb_threading_support_now_ready)
12639 Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.
12640 In February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD's ptrace interface to cover more register types and fix compat32 issues and fixing watchpoint support. Then, I've started working on improving thread support which is taking longer than expected. You can read more about that in my September 2019 report.
12641 So far the number of issues uncovered while enabling proper threading support has stopped me from merging the work-in-progress patches. However, I've finally reached the point where I believe that the current work can be merged and the remaining problems can be resolved afterwards. More on that and other LLVM-related events happening during the last month in this report.
12642 Linux VS open source UNIX (https://www.adminbyaccident.com/politics/linux-vs-open-source-unix/)
12643 Beastie Bits
12644 Support for Realtek RTL8125 2.5Gb Ethernet controller (https://marc.info/?l=openbsd-tech&m=157380442230074&w=2)
12645 Computer Files Are Going Extinct (https://onezero.medium.com/the-death-of-the-computer-file-doc-43cb028c0506)
12646 FreeBSD kernel hacking (https://www.youtube.com/watch?v=4FUub_UtF3c)
12647 Modern BSD Computing for Fun on a VAX! Trying to use a VAX in today's world by Jeff Armstrong (https://youtu.be/e7cJ7v2lYdE)
12648 MidnightBSD 1.2 Released (https://www.justjournal.com/users/mbsd/entry/33779)
12649 Feedback/Questions
12650 Paulo - Zfs snapshots (http://dpaste.com/0WQRP43#wrap)
12651 Phillip - GCP (http://dpaste.com/075ZQE1#wrap)
12652 A Listener - Old episodes? (http://dpaste.com/3YJ4119#wrap)
12653 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
12654 <video controls preload="metadata" style=" width:426px; height:240px;">
12655 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0326.mp4" type="video/mp4">
12656 Your browser does not support the HTML5 video tag.
12657 </video>
12658 </description>
12659 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, certification, openzfs, trip report, ports, llvm, lldb, threading, open source, open source unix,</itunes:keywords>
12660 <content:encoded>
12661 <![CDATA[<p>LPI releases BSD Certification, openzfs trip report, Using FreeBSD with ports, LLDB threading support ready, Linux versus Open Source Unix, and more.</p>
12662
12663 <h2>Headlines</h2>
12664
12665 <h3><a href="https://www.lpi.org/articles/linux-professional-institute-releases-bsd-specialist-certification" rel="nofollow">Linux Professional Institute Releases BSD Specialist Certification - re BSD Certification Group</a></h3>
12666
12667 <blockquote>
12668 <p>Linux Professional Institute extends its Open Technology certification track with the BSD Specialist Certification. Starting October 30, 2019, BSD Specialist exams will be globally available. The certification was developed in collaboration with the BSD Certification Group which merged with Linux Professional Institute in 2018.</p>
12669
12670 <p>G. Matthew Rice, the Executive Director of Linux Professional Institute says that "the release of the BSD Specialist certification marks a major milestone for Linux Professional Institute. With this new credential, we are reaffirming our belief in the value of, and support for, all open source technologies. As much as possible, future credentials and educational programs will include coverage of BSD.”</p>
12671 </blockquote>
12672
12673 <hr>
12674
12675 <h3><a href="https://www.ixsystems.com/blog/openzfs-dev-summit-2019/" rel="nofollow">OpenZFS Trip Report</a></h3>
12676
12677 <blockquote>
12678 <p>The seventh annual OpenZFS Developer Summit took place on November 4th and 5th in San Francisco and brought together a healthy mix of familiar faces and new community participants. Several folks from iXsystems took part in the talks, hacking, and socializing at this amazing annual event. The messages of the event can be summed up as Unification, Refinement, and Ecosystem Tooling.</p>
12679 </blockquote>
12680
12681 <hr>
12682
12683 <h2>News Roundup</h2>
12684
12685 <h3><a href="https://eerielinux.wordpress.com/2019/09/12/using-freebsd-with-ports-2-2-tool-assisted-updating/" rel="nofollow">Using FreeBSD with Ports (2/2): Tool-assisted updating</a></h3>
12686
12687 <ul>
12688 <li>Part 1 here: <a href="https://eerielinux.wordpress.com/2019/08/18/using-freebsd-with-ports-1-2-classic-way-with-tools/" rel="nofollow">https://eerielinux.wordpress.com/2019/08/18/using-freebsd-with-ports-1-2-classic-way-with-tools/</a></li>
12689 </ul>
12690
12691 <blockquote>
12692 <p>In the previous post I explained why sometimes building your software from ports may make sense on FreeBSD. I also introduced the reader to the old-fashioned way of using tools to make working with ports a bit more convenient.</p>
12693
12694 <p>In this follow-up post we’re going to take a closer look at portmaster and see how it especially makes updating from ports much, much easier. For people coming here without having read the previous article: What I describe here is not what every FreeBSD admin today should consider good practice (any more)! It can still be useful in special cases, but my main intention is to discuss this for building up the foundation for what you actually should do today.</p>
12695 </blockquote>
12696
12697 <hr>
12698
12699 <h3><a href="http://blog.netbsd.org/tnf/entry/lldb_threading_support_now_ready" rel="nofollow">LLDB Threading support now ready for mainline</a></h3>
12700
12701 <blockquote>
12702 <p>Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.</p>
12703
12704 <p>In February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD's ptrace interface to cover more register types and fix compat32 issues and fixing watchpoint support. Then, I've started working on improving thread support which is taking longer than expected. You can read more about that in my September 2019 report.</p>
12705
12706 <p>So far the number of issues uncovered while enabling proper threading support has stopped me from merging the work-in-progress patches. However, I've finally reached the point where I believe that the current work can be merged and the remaining problems can be resolved afterwards. More on that and other LLVM-related events happening during the last month in this report.</p>
12707 </blockquote>
12708
12709 <hr>
12710
12711 <h3><a href="https://www.adminbyaccident.com/politics/linux-vs-open-source-unix/" rel="nofollow">Linux VS open source UNIX</a></h3>
12712
12713 <hr>
12714
12715 <h2>Beastie Bits</h2>
12716
12717 <ul>
12718 <li><a href="https://marc.info/?l=openbsd-tech&m=157380442230074&w=2" rel="nofollow">Support for Realtek RTL8125 2.5Gb Ethernet controller</a></li>
12719 <li><a href="https://onezero.medium.com/the-death-of-the-computer-file-doc-43cb028c0506" rel="nofollow">Computer Files Are Going Extinct</a></li>
12720 <li><a href="https://www.youtube.com/watch?v=4FUub_UtF3c" rel="nofollow">FreeBSD kernel hacking</a></li>
12721 <li><a href="https://youtu.be/e7cJ7v2lYdE" rel="nofollow">Modern BSD Computing for Fun on a VAX! Trying to use a VAX in today's world by Jeff Armstrong</a></li>
12722 <li><a href="https://www.justjournal.com/users/mbsd/entry/33779" rel="nofollow">MidnightBSD 1.2 Released</a></li>
12723 </ul>
12724
12725 <hr>
12726
12727 <h2>Feedback/Questions</h2>
12728
12729 <ul>
12730 <li>Paulo - <a href="http://dpaste.com/0WQRP43#wrap" rel="nofollow">Zfs snapshots</a></li>
12731 <li>Phillip - <a href="http://dpaste.com/075ZQE1#wrap" rel="nofollow">GCP</a></li>
12732 <li>A Listener - <a href="http://dpaste.com/3YJ4119#wrap" rel="nofollow">Old episodes?</a></li>
12733 </ul>
12734
12735 <hr>
12736
12737 <ul>
12738 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
12739 </ul>
12740
12741 <hr>
12742
12743 <video controls preload="metadata" style=" width:426px; height:240px;">
12744 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0326.mp4" type="video/mp4">
12745 Your browser does not support the HTML5 video tag.
12746 </video>]]>
12747 </content:encoded>
12748 <itunes:summary>
12749 <![CDATA[<p>LPI releases BSD Certification, openzfs trip report, Using FreeBSD with ports, LLDB threading support ready, Linux versus Open Source Unix, and more.</p>
12750
12751 <h2>Headlines</h2>
12752
12753 <h3><a href="https://www.lpi.org/articles/linux-professional-institute-releases-bsd-specialist-certification" rel="nofollow">Linux Professional Institute Releases BSD Specialist Certification - re BSD Certification Group</a></h3>
12754
12755 <blockquote>
12756 <p>Linux Professional Institute extends its Open Technology certification track with the BSD Specialist Certification. Starting October 30, 2019, BSD Specialist exams will be globally available. The certification was developed in collaboration with the BSD Certification Group which merged with Linux Professional Institute in 2018.</p>
12757
12758 <p>G. Matthew Rice, the Executive Director of Linux Professional Institute says that "the release of the BSD Specialist certification marks a major milestone for Linux Professional Institute. With this new credential, we are reaffirming our belief in the value of, and support for, all open source technologies. As much as possible, future credentials and educational programs will include coverage of BSD.”</p>
12759 </blockquote>
12760
12761 <hr>
12762
12763 <h3><a href="https://www.ixsystems.com/blog/openzfs-dev-summit-2019/" rel="nofollow">OpenZFS Trip Report</a></h3>
12764
12765 <blockquote>
12766 <p>The seventh annual OpenZFS Developer Summit took place on November 4th and 5th in San Francisco and brought together a healthy mix of familiar faces and new community participants. Several folks from iXsystems took part in the talks, hacking, and socializing at this amazing annual event. The messages of the event can be summed up as Unification, Refinement, and Ecosystem Tooling.</p>
12767 </blockquote>
12768
12769 <hr>
12770
12771 <h2>News Roundup</h2>
12772
12773 <h3><a href="https://eerielinux.wordpress.com/2019/09/12/using-freebsd-with-ports-2-2-tool-assisted-updating/" rel="nofollow">Using FreeBSD with Ports (2/2): Tool-assisted updating</a></h3>
12774
12775 <ul>
12776 <li>Part 1 here: <a href="https://eerielinux.wordpress.com/2019/08/18/using-freebsd-with-ports-1-2-classic-way-with-tools/" rel="nofollow">https://eerielinux.wordpress.com/2019/08/18/using-freebsd-with-ports-1-2-classic-way-with-tools/</a></li>
12777 </ul>
12778
12779 <blockquote>
12780 <p>In the previous post I explained why sometimes building your software from ports may make sense on FreeBSD. I also introduced the reader to the old-fashioned way of using tools to make working with ports a bit more convenient.</p>
12781
12782 <p>In this follow-up post we’re going to take a closer look at portmaster and see how it especially makes updating from ports much, much easier. For people coming here without having read the previous article: What I describe here is not what every FreeBSD admin today should consider good practice (any more)! It can still be useful in special cases, but my main intention is to discuss this for building up the foundation for what you actually should do today.</p>
12783 </blockquote>
12784
12785 <hr>
12786
12787 <h3><a href="http://blog.netbsd.org/tnf/entry/lldb_threading_support_now_ready" rel="nofollow">LLDB Threading support now ready for mainline</a></h3>
12788
12789 <blockquote>
12790 <p>Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.</p>
12791
12792 <p>In February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD's ptrace interface to cover more register types and fix compat32 issues and fixing watchpoint support. Then, I've started working on improving thread support which is taking longer than expected. You can read more about that in my September 2019 report.</p>
12793
12794 <p>So far the number of issues uncovered while enabling proper threading support has stopped me from merging the work-in-progress patches. However, I've finally reached the point where I believe that the current work can be merged and the remaining problems can be resolved afterwards. More on that and other LLVM-related events happening during the last month in this report.</p>
12795 </blockquote>
12796
12797 <hr>
12798
12799 <h3><a href="https://www.adminbyaccident.com/politics/linux-vs-open-source-unix/" rel="nofollow">Linux VS open source UNIX</a></h3>
12800
12801 <hr>
12802
12803 <h2>Beastie Bits</h2>
12804
12805 <ul>
12806 <li><a href="https://marc.info/?l=openbsd-tech&m=157380442230074&w=2" rel="nofollow">Support for Realtek RTL8125 2.5Gb Ethernet controller</a></li>
12807 <li><a href="https://onezero.medium.com/the-death-of-the-computer-file-doc-43cb028c0506" rel="nofollow">Computer Files Are Going Extinct</a></li>
12808 <li><a href="https://www.youtube.com/watch?v=4FUub_UtF3c" rel="nofollow">FreeBSD kernel hacking</a></li>
12809 <li><a href="https://youtu.be/e7cJ7v2lYdE" rel="nofollow">Modern BSD Computing for Fun on a VAX! Trying to use a VAX in today's world by Jeff Armstrong</a></li>
12810 <li><a href="https://www.justjournal.com/users/mbsd/entry/33779" rel="nofollow">MidnightBSD 1.2 Released</a></li>
12811 </ul>
12812
12813 <hr>
12814
12815 <h2>Feedback/Questions</h2>
12816
12817 <ul>
12818 <li>Paulo - <a href="http://dpaste.com/0WQRP43#wrap" rel="nofollow">Zfs snapshots</a></li>
12819 <li>Phillip - <a href="http://dpaste.com/075ZQE1#wrap" rel="nofollow">GCP</a></li>
12820 <li>A Listener - <a href="http://dpaste.com/3YJ4119#wrap" rel="nofollow">Old episodes?</a></li>
12821 </ul>
12822
12823 <hr>
12824
12825 <ul>
12826 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
12827 </ul>
12828
12829 <hr>
12830
12831 <video controls preload="metadata" style=" width:426px; height:240px;">
12832 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0326.mp4" type="video/mp4">
12833 Your browser does not support the HTML5 video tag.
12834 </video>]]>
12835 </itunes:summary>
12836 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+yrVA-WLO</fireside:playerURL>
12837 <fireside:playerEmbedCode>
12838 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+yrVA-WLO" width="740" height="200" frameborder="0" scrolling="no">]]>
12839 </fireside:playerEmbedCode>
12840 </item>
12841 <item>
12842 <title>325: Cracking Rainbows</title>
12843 <link>https://www.bsdnow.tv/325</link>
12844 <guid isPermaLink="false">a971b40e-d33a-44ac-9cf8-dfaf7e4aaff7</guid>
12845 <pubDate>Thu, 21 Nov 2019 04:00:00 -0800</pubDate>
12846 <author>Allan Jude</author>
12847 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/a971b40e-d33a-44ac-9cf8-dfaf7e4aaff7.mp3" length="41526775" type="audio/mp3"/>
12848 <itunes:episodeType>full</itunes:episodeType>
12849 <itunes:author>Allan Jude</itunes:author>
12850 <itunes:subtitle>FreeBSD 12.1 is here, A history of Unix before Berkeley, FreeBSD development setup, HardenedBSD 2019 Status Report, DNSSEC, compiling RainbowCrack on OpenBSD, and more.</itunes:subtitle>
12851 <itunes:duration>57:40</itunes:duration>
12852 <itunes:explicit>no</itunes:explicit>
12853 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
12854 <description>FreeBSD 12.1 is here, A history of Unix before Berkeley, FreeBSD development setup, HardenedBSD 2019 Status Report, DNSSEC, compiling RainbowCrack on OpenBSD, and more.
12855 Headlines
12856 FreeBSD 12.1 (https://www.freebsd.org/releases/12.1R/announce.html)
12857 Some of the highlights:
12858 BearSSL has been imported to the base system.
12859 The clang, llvm, lld, lldb, compiler-rt utilities and libc++ have been updated to version 8.0.1.
12860 OpenSSL has been updated to version 1.1.1d.
12861 Several userland utility updates.
12862 For a complete list of new features and known problems, please see the online release notes and errata list, available at: https://www.FreeBSD.org/releases/12.1R/relnotes.html
12863 A History of UNIX before Berkeley: UNIX Evolution: 1975-1984. (http://www.darwinsys.com/history/hist.html)
12864 Nobody needs to be told that UNIX is popular today. In this article we will show you a little of where it was yesterday and over the past decade. And, without meaning in the least to minimise the incredible contributions of Ken Thompson and Dennis Ritchie, we will bring to light many of the others who worked on early versions, and try to show where some of the key ideas came from, and how they got into the UNIX of today.
12865 Our title says we are talking about UNIX evolution. Evolution means different things to different people. We use the term loosely, to describe the change over time among the many different UNIX variants in use both inside and outside Bell Labs. Ideas, code, and useful programs seem to have made their way back and forth - like mutant genes - among all the many UNIXes living in the phone company over the decade in question.
12866 Part One looks at some of the major components of the current UNIX system - the text formatting tools, the compilers and program development tools, and so on. Most of the work described in Part One took place at Research'', a part of Bell Laboratories (now AT&T Bell Laboratories, then as nowthe Labs''), and the ancestral home of UNIX. In planned (but not written) later parts, we would have looked at some of the myriad versions of UNIX - there are far more than one might suspect. This includes a look at Columbus and USG and at Berkeley Unix. You'll begin to get a glimpse inside the history of the major streams of development of the system during that time.
12867 News Roundup
12868 My FreeBSD Development Setup (https://adventurist.me/posts/00296)
12869 I do my FreeBSD development using git, tmux, vim and cscope.
12870 I keep a FreeBSD fork on my github, I have forked https://github.com/freebsd/freebsd to https://github.com/adventureloop/freebsd
12871 OPNsense 19.7.6 released (https://opnsense.org/opnsense-19-7-6-released/)
12872 As we are experiencing the Suricata community first hand in Amsterdam we thought to release this version a bit earlier than planned. Included is the latest Suricata 5.0.0 release in the development version. That means later this November we will releasing version 5 to the production version as we finish up tweaking the integration and maybe pick up 5.0.1 as it becomes available.
12873 LDAP TLS connectivity is now integrated into the system trust store, which ensures that all required root and intermediate certificates will be seen by the connection setup when they have been added to the authorities section. The same is true for trusting self-signed certificates. On top of this, IPsec now supports public key authentication as contributed by Pascal Mathis.
12874 HardenedBSD November 2019 Status Report. (https://hardenedbsd.org/article/shawn-webb/2019-11-09/hardenedbsd-status-report)
12875 We at HardenedBSD have a lot of news to share. On 05 Nov 2019, Oliver Pinter resigned amicably from the project. All of us at HardenedBSD owe Oliver our gratitude and appreciation. This humble project, named by Oliver, was born out of his thesis work and the collaboration with Shawn Webb. Oliver created the HardenedBSD repo on GitHub in April 2013. The HardenedBSD Foundation was formed five years later to carry on this great work.
12876 DNSSEC enabled in default unbound(8) configuration. (https://undeadly.org/cgi?action=article;sid=20191110123908)
12877 DNSSEC validation has been enabled in the default unbound.conf(5) in -current. The relevant commits were from Job Snijders (job@)
12878 How to Install Shopware with NGINX and Let's Encrypt on FreeBSD 12 (https://www.howtoforge.com/how-to-install-shopware-with-nginx-and-lets-encrypt-on-freebsd-12/)
12879 Shopware is the next generation of open source e-commerce software. Based on bleeding edge technologies like Symfony 3, Doctrine2 and Zend Framework Shopware comes as the perfect platform for your next e-commerce project. This tutorial will walk you through the Shopware Community Edition (CE) installation on FreeBSD 12 system by using NGINX as a web server.
12880 Requirements
12881 Make sure your system meets the following minimum requirements:
12882 + Linux-based operating system with NGINX or Apache 2.x (with mod_rewrite) web server installed.
12883 + PHP 5.6.4 or higher with ctype, gd, curl, dom, hash, iconv, zip, json, mbstring, openssl, session, simplexml, xml, zlib, fileinfo, and pdo/mysql extensions. PHP 7.1 or above is strongly recommended.
12884 + MySQL 5.5.0 or higher.
12885 + Possibility to set up cron jobs.
12886 + Minimum 4 GB available hard disk space.
12887 + IonCube Loader version 5.0.0 or higher (optional).
12888 How to Compile RainbowCrack on OpenBSD (https://cromwell-intl.com/open-source/compiling-rainbowcrack-on-openbsd.html)
12889 Project RainbowCrack was originally Zhu Shuanglei's implementation, it's not clear to me if the project is still just his or if it's even been maintained for a while. His page seems to have been last updated in August 2007.
12890 The Project RainbowCrack web page now has just binaries for Windows XP and Linux, both 32-bit and 64-bit versions.
12891 Earlier versions were available as source code. The version 1.2 source code does not compile on OpenBSD, and in my experience it doesn't compile on Linux, either. It seems to date from 2004 at the earliest, and I think it makes some version-2.4 assumptions about Linux kernel headers.
12892 You might also look at ophcrack, a more modern tool, although it seems to be focused on cracking Windows XP/Vista/7/8/10 password hashes
12893 Feedback/Questions
12894 Reese - Amature radio info (http://dpaste.com/2RDG9K4#wrap)
12895 Chris - VPN (http://dpaste.com/2K4T2FQ#wrap)
12896 Malcolm - NAT (http://dpaste.com/138NEMA)
12897 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
12898 <video controls preload="metadata" style=" width:426px; height:240px;">
12899 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0325.mp4" type="video/mp4">
12900 Your browser does not support the HTML5 video tag.
12901 </video>
12902 </description>
12903 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, 12.1, Unix, history, berkeley, OPNsense, development, setup, dev, devel, status report, dnssec, unbound, shopware, let’s encrypt, nginx, rainbowcrack, compiling</itunes:keywords>
12904 <content:encoded>
12905 <![CDATA[<p>FreeBSD 12.1 is here, A history of Unix before Berkeley, FreeBSD development setup, HardenedBSD 2019 Status Report, DNSSEC, compiling RainbowCrack on OpenBSD, and more.</p>
12906
12907 <h2>Headlines</h2>
12908
12909 <h3><a href="https://www.freebsd.org/releases/12.1R/announce.html" rel="nofollow">FreeBSD 12.1</a></h3>
12910
12911 <ul>
12912 <li><p>Some of the highlights:</p>
12913
12914 <ul>
12915 <li>BearSSL has been imported to the base system.</li>
12916 <li>The clang, llvm, lld, lldb, compiler-rt utilities and libc++ have been updated to version 8.0.1.</li>
12917 <li>OpenSSL has been updated to version 1.1.1d.</li>
12918 <li>Several userland utility updates.</li>
12919 </ul></li>
12920 <li><p>For a complete list of new features and known problems, please see the online release notes and errata list, available at: <a href="https://www.FreeBSD.org/releases/12.1R/relnotes.html" rel="nofollow">https://www.FreeBSD.org/releases/12.1R/relnotes.html</a></p></li>
12921 </ul>
12922
12923 <hr>
12924
12925 <h3><a href="http://www.darwinsys.com/history/hist.html" rel="nofollow">A History of UNIX before Berkeley: UNIX Evolution: 1975-1984.</a></h3>
12926
12927 <blockquote>
12928 <p>Nobody needs to be told that UNIX is popular today. In this article we will show you a little of where it was yesterday and over the past decade. And, without meaning in the least to minimise the incredible contributions of Ken Thompson and Dennis Ritchie, we will bring to light many of the others who worked on early versions, and try to show where some of the key ideas came from, and how they got into the UNIX of today.</p>
12929
12930 <p>Our title says we are talking about UNIX evolution. Evolution means different things to different people. We use the term loosely, to describe the change over time among the many different UNIX variants in use both inside and outside Bell Labs. Ideas, code, and useful programs seem to have made their way back and forth - like mutant genes - among all the many UNIXes living in the phone company over the decade in question.</p>
12931
12932 <p>Part One looks at some of the major components of the current UNIX system - the text formatting tools, the compilers and program development tools, and so on. Most of the work described in Part One took place at <code>Research'', a part of Bell Laboratories (now AT&T Bell Laboratories, then as now</code>the Labs''), and the ancestral home of UNIX. In planned (but not written) later parts, we would have looked at some of the myriad versions of UNIX - there are far more than one might suspect. This includes a look at Columbus and USG and at Berkeley Unix. You'll begin to get a glimpse inside the history of the major streams of development of the system during that time.</p>
12933 </blockquote>
12934
12935 <hr>
12936
12937 <h2>News Roundup</h2>
12938
12939 <h3><a href="https://adventurist.me/posts/00296" rel="nofollow">My FreeBSD Development Setup</a></h3>
12940
12941 <blockquote>
12942 <p>I do my FreeBSD development using git, tmux, vim and cscope.</p>
12943
12944 <p>I keep a FreeBSD fork on my github, I have forked <a href="https://github.com/freebsd/freebsd" rel="nofollow">https://github.com/freebsd/freebsd</a> to <a href="https://github.com/adventureloop/freebsd" rel="nofollow">https://github.com/adventureloop/freebsd</a></p>
12945 </blockquote>
12946
12947 <hr>
12948
12949 <h3><a href="https://opnsense.org/opnsense-19-7-6-released/" rel="nofollow">OPNsense 19.7.6 released</a></h3>
12950
12951 <blockquote>
12952 <p>As we are experiencing the Suricata community first hand in Amsterdam we thought to release this version a bit earlier than planned. Included is the latest Suricata 5.0.0 release in the development version. That means later this November we will releasing version 5 to the production version as we finish up tweaking the integration and maybe pick up 5.0.1 as it becomes available.</p>
12953
12954 <p>LDAP TLS connectivity is now integrated into the system trust store, which ensures that all required root and intermediate certificates will be seen by the connection setup when they have been added to the authorities section. The same is true for trusting self-signed certificates. On top of this, IPsec now supports public key authentication as contributed by Pascal Mathis.</p>
12955 </blockquote>
12956
12957 <hr>
12958
12959 <h3><a href="https://hardenedbsd.org/article/shawn-webb/2019-11-09/hardenedbsd-status-report" rel="nofollow">HardenedBSD November 2019 Status Report.</a></h3>
12960
12961 <blockquote>
12962 <p>We at HardenedBSD have a lot of news to share. On 05 Nov 2019, Oliver Pinter resigned amicably from the project. All of us at HardenedBSD owe Oliver our gratitude and appreciation. This humble project, named by Oliver, was born out of his thesis work and the collaboration with Shawn Webb. Oliver created the HardenedBSD repo on GitHub in April 2013. The HardenedBSD Foundation was formed five years later to carry on this great work. </p>
12963 </blockquote>
12964
12965 <hr>
12966
12967 <h3><a href="https://undeadly.org/cgi?action=article;sid=20191110123908" rel="nofollow">DNSSEC enabled in default unbound(8) configuration.</a></h3>
12968
12969 <blockquote>
12970 <p>DNSSEC validation has been enabled in the default unbound.conf(5) in -current. The relevant commits were from Job Snijders (job@)</p>
12971 </blockquote>
12972
12973 <hr>
12974
12975 <h3><a href="https://www.howtoforge.com/how-to-install-shopware-with-nginx-and-lets-encrypt-on-freebsd-12/" rel="nofollow">How to Install Shopware with NGINX and Let's Encrypt on FreeBSD 12</a></h3>
12976
12977 <blockquote>
12978 <p>Shopware is the next generation of open source e-commerce software. Based on bleeding edge technologies like Symfony 3, Doctrine2 and Zend Framework Shopware comes as the perfect platform for your next e-commerce project. This tutorial will walk you through the Shopware Community Edition (CE) installation on FreeBSD 12 system by using NGINX as a web server.</p>
12979 </blockquote>
12980
12981 <ul>
12982 <li>Requirements</li>
12983 </ul>
12984
12985 <blockquote>
12986 <p>Make sure your system meets the following minimum requirements:</p>
12987
12988 <ul>
12989 <li>Linux-based operating system with NGINX or Apache 2.x (with mod_rewrite) web server installed. </li>
12990 <li>PHP 5.6.4 or higher with ctype, gd, curl, dom, hash, iconv, zip, json, mbstring, openssl, session, simplexml, xml, zlib, fileinfo, and pdo/mysql extensions. PHP 7.1 or above is strongly recommended.</li>
12991 <li>MySQL 5.5.0 or higher.</li>
12992 <li>Possibility to set up cron jobs.</li>
12993 <li>Minimum 4 GB available hard disk space.</li>
12994 <li>IonCube Loader version 5.0.0 or higher (optional).</li>
12995 </ul>
12996 </blockquote>
12997
12998 <hr>
12999
13000 <h3><a href="https://cromwell-intl.com/open-source/compiling-rainbowcrack-on-openbsd.html" rel="nofollow">How to Compile RainbowCrack on OpenBSD</a></h3>
13001
13002 <blockquote>
13003 <p>Project RainbowCrack was originally Zhu Shuanglei's implementation, it's not clear to me if the project is still just his or if it's even been maintained for a while. His page seems to have been last updated in August 2007.</p>
13004
13005 <p>The Project RainbowCrack web page now has just binaries for Windows XP and Linux, both 32-bit and 64-bit versions.</p>
13006
13007 <p>Earlier versions were available as source code. The version 1.2 source code does not compile on OpenBSD, and in my experience it doesn't compile on Linux, either. It seems to date from 2004 at the earliest, and I think it makes some version-2.4 assumptions about Linux kernel headers.</p>
13008 </blockquote>
13009
13010 <ul>
13011 <li>You might also look at ophcrack, a more modern tool, although it seems to be focused on cracking Windows XP/Vista/7/8/10 password hashes</li>
13012 </ul>
13013
13014 <hr>
13015
13016 <h2>Feedback/Questions</h2>
13017
13018 <ul>
13019 <li>Reese - <a href="http://dpaste.com/2RDG9K4#wrap" rel="nofollow">Amature radio info</a></li>
13020 <li>Chris - <a href="http://dpaste.com/2K4T2FQ#wrap" rel="nofollow">VPN</a></li>
13021 <li>Malcolm - <a href="http://dpaste.com/138NEMA" rel="nofollow">NAT</a></li>
13022 </ul>
13023
13024 <hr>
13025
13026 <ul>
13027 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
13028 </ul>
13029
13030 <hr>
13031
13032 <video controls preload="metadata" style=" width:426px; height:240px;">
13033 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0325.mp4" type="video/mp4">
13034 Your browser does not support the HTML5 video tag.
13035 </video>]]>
13036 </content:encoded>
13037 <itunes:summary>
13038 <![CDATA[<p>FreeBSD 12.1 is here, A history of Unix before Berkeley, FreeBSD development setup, HardenedBSD 2019 Status Report, DNSSEC, compiling RainbowCrack on OpenBSD, and more.</p>
13039
13040 <h2>Headlines</h2>
13041
13042 <h3><a href="https://www.freebsd.org/releases/12.1R/announce.html" rel="nofollow">FreeBSD 12.1</a></h3>
13043
13044 <ul>
13045 <li><p>Some of the highlights:</p>
13046
13047 <ul>
13048 <li>BearSSL has been imported to the base system.</li>
13049 <li>The clang, llvm, lld, lldb, compiler-rt utilities and libc++ have been updated to version 8.0.1.</li>
13050 <li>OpenSSL has been updated to version 1.1.1d.</li>
13051 <li>Several userland utility updates.</li>
13052 </ul></li>
13053 <li><p>For a complete list of new features and known problems, please see the online release notes and errata list, available at: <a href="https://www.FreeBSD.org/releases/12.1R/relnotes.html" rel="nofollow">https://www.FreeBSD.org/releases/12.1R/relnotes.html</a></p></li>
13054 </ul>
13055
13056 <hr>
13057
13058 <h3><a href="http://www.darwinsys.com/history/hist.html" rel="nofollow">A History of UNIX before Berkeley: UNIX Evolution: 1975-1984.</a></h3>
13059
13060 <blockquote>
13061 <p>Nobody needs to be told that UNIX is popular today. In this article we will show you a little of where it was yesterday and over the past decade. And, without meaning in the least to minimise the incredible contributions of Ken Thompson and Dennis Ritchie, we will bring to light many of the others who worked on early versions, and try to show where some of the key ideas came from, and how they got into the UNIX of today.</p>
13062
13063 <p>Our title says we are talking about UNIX evolution. Evolution means different things to different people. We use the term loosely, to describe the change over time among the many different UNIX variants in use both inside and outside Bell Labs. Ideas, code, and useful programs seem to have made their way back and forth - like mutant genes - among all the many UNIXes living in the phone company over the decade in question.</p>
13064
13065 <p>Part One looks at some of the major components of the current UNIX system - the text formatting tools, the compilers and program development tools, and so on. Most of the work described in Part One took place at <code>Research'', a part of Bell Laboratories (now AT&T Bell Laboratories, then as now</code>the Labs''), and the ancestral home of UNIX. In planned (but not written) later parts, we would have looked at some of the myriad versions of UNIX - there are far more than one might suspect. This includes a look at Columbus and USG and at Berkeley Unix. You'll begin to get a glimpse inside the history of the major streams of development of the system during that time.</p>
13066 </blockquote>
13067
13068 <hr>
13069
13070 <h2>News Roundup</h2>
13071
13072 <h3><a href="https://adventurist.me/posts/00296" rel="nofollow">My FreeBSD Development Setup</a></h3>
13073
13074 <blockquote>
13075 <p>I do my FreeBSD development using git, tmux, vim and cscope.</p>
13076
13077 <p>I keep a FreeBSD fork on my github, I have forked <a href="https://github.com/freebsd/freebsd" rel="nofollow">https://github.com/freebsd/freebsd</a> to <a href="https://github.com/adventureloop/freebsd" rel="nofollow">https://github.com/adventureloop/freebsd</a></p>
13078 </blockquote>
13079
13080 <hr>
13081
13082 <h3><a href="https://opnsense.org/opnsense-19-7-6-released/" rel="nofollow">OPNsense 19.7.6 released</a></h3>
13083
13084 <blockquote>
13085 <p>As we are experiencing the Suricata community first hand in Amsterdam we thought to release this version a bit earlier than planned. Included is the latest Suricata 5.0.0 release in the development version. That means later this November we will releasing version 5 to the production version as we finish up tweaking the integration and maybe pick up 5.0.1 as it becomes available.</p>
13086
13087 <p>LDAP TLS connectivity is now integrated into the system trust store, which ensures that all required root and intermediate certificates will be seen by the connection setup when they have been added to the authorities section. The same is true for trusting self-signed certificates. On top of this, IPsec now supports public key authentication as contributed by Pascal Mathis.</p>
13088 </blockquote>
13089
13090 <hr>
13091
13092 <h3><a href="https://hardenedbsd.org/article/shawn-webb/2019-11-09/hardenedbsd-status-report" rel="nofollow">HardenedBSD November 2019 Status Report.</a></h3>
13093
13094 <blockquote>
13095 <p>We at HardenedBSD have a lot of news to share. On 05 Nov 2019, Oliver Pinter resigned amicably from the project. All of us at HardenedBSD owe Oliver our gratitude and appreciation. This humble project, named by Oliver, was born out of his thesis work and the collaboration with Shawn Webb. Oliver created the HardenedBSD repo on GitHub in April 2013. The HardenedBSD Foundation was formed five years later to carry on this great work. </p>
13096 </blockquote>
13097
13098 <hr>
13099
13100 <h3><a href="https://undeadly.org/cgi?action=article;sid=20191110123908" rel="nofollow">DNSSEC enabled in default unbound(8) configuration.</a></h3>
13101
13102 <blockquote>
13103 <p>DNSSEC validation has been enabled in the default unbound.conf(5) in -current. The relevant commits were from Job Snijders (job@)</p>
13104 </blockquote>
13105
13106 <hr>
13107
13108 <h3><a href="https://www.howtoforge.com/how-to-install-shopware-with-nginx-and-lets-encrypt-on-freebsd-12/" rel="nofollow">How to Install Shopware with NGINX and Let's Encrypt on FreeBSD 12</a></h3>
13109
13110 <blockquote>
13111 <p>Shopware is the next generation of open source e-commerce software. Based on bleeding edge technologies like Symfony 3, Doctrine2 and Zend Framework Shopware comes as the perfect platform for your next e-commerce project. This tutorial will walk you through the Shopware Community Edition (CE) installation on FreeBSD 12 system by using NGINX as a web server.</p>
13112 </blockquote>
13113
13114 <ul>
13115 <li>Requirements</li>
13116 </ul>
13117
13118 <blockquote>
13119 <p>Make sure your system meets the following minimum requirements:</p>
13120
13121 <ul>
13122 <li>Linux-based operating system with NGINX or Apache 2.x (with mod_rewrite) web server installed. </li>
13123 <li>PHP 5.6.4 or higher with ctype, gd, curl, dom, hash, iconv, zip, json, mbstring, openssl, session, simplexml, xml, zlib, fileinfo, and pdo/mysql extensions. PHP 7.1 or above is strongly recommended.</li>
13124 <li>MySQL 5.5.0 or higher.</li>
13125 <li>Possibility to set up cron jobs.</li>
13126 <li>Minimum 4 GB available hard disk space.</li>
13127 <li>IonCube Loader version 5.0.0 or higher (optional).</li>
13128 </ul>
13129 </blockquote>
13130
13131 <hr>
13132
13133 <h3><a href="https://cromwell-intl.com/open-source/compiling-rainbowcrack-on-openbsd.html" rel="nofollow">How to Compile RainbowCrack on OpenBSD</a></h3>
13134
13135 <blockquote>
13136 <p>Project RainbowCrack was originally Zhu Shuanglei's implementation, it's not clear to me if the project is still just his or if it's even been maintained for a while. His page seems to have been last updated in August 2007.</p>
13137
13138 <p>The Project RainbowCrack web page now has just binaries for Windows XP and Linux, both 32-bit and 64-bit versions.</p>
13139
13140 <p>Earlier versions were available as source code. The version 1.2 source code does not compile on OpenBSD, and in my experience it doesn't compile on Linux, either. It seems to date from 2004 at the earliest, and I think it makes some version-2.4 assumptions about Linux kernel headers.</p>
13141 </blockquote>
13142
13143 <ul>
13144 <li>You might also look at ophcrack, a more modern tool, although it seems to be focused on cracking Windows XP/Vista/7/8/10 password hashes</li>
13145 </ul>
13146
13147 <hr>
13148
13149 <h2>Feedback/Questions</h2>
13150
13151 <ul>
13152 <li>Reese - <a href="http://dpaste.com/2RDG9K4#wrap" rel="nofollow">Amature radio info</a></li>
13153 <li>Chris - <a href="http://dpaste.com/2K4T2FQ#wrap" rel="nofollow">VPN</a></li>
13154 <li>Malcolm - <a href="http://dpaste.com/138NEMA" rel="nofollow">NAT</a></li>
13155 </ul>
13156
13157 <hr>
13158
13159 <ul>
13160 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
13161 </ul>
13162
13163 <hr>
13164
13165 <video controls preload="metadata" style=" width:426px; height:240px;">
13166 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0325.mp4" type="video/mp4">
13167 Your browser does not support the HTML5 video tag.
13168 </video>]]>
13169 </itunes:summary>
13170 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+qatAfeyL</fireside:playerURL>
13171 <fireside:playerEmbedCode>
13172 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+qatAfeyL" width="740" height="200" frameborder="0" scrolling="no">]]>
13173 </fireside:playerEmbedCode>
13174 </item>
13175 <item>
13176 <title>324: Emergency Space Mode</title>
13177 <link>https://www.bsdnow.tv/324</link>
13178 <guid isPermaLink="false">e82a766b-37c4-4d16-896b-6fcfcfdef480</guid>
13179 <pubDate>Thu, 14 Nov 2019 04:00:00 -0800</pubDate>
13180 <author>Allan Jude</author>
13181 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/e82a766b-37c4-4d16-896b-6fcfcfdef480.mp3" length="33490674" type="audio/mp3"/>
13182 <itunes:episodeType>full</itunes:episodeType>
13183 <itunes:author>Allan Jude</itunes:author>
13184 <itunes:subtitle>Migrating drives and zpool between hosts, OpenBSD in 2019, Dragonfly’s new zlib and dhcpcd, Batch renaming images and resolution with awk, a rant on the X11 ICCCM selection system, hammer 2 emergency space mode, and more.</itunes:subtitle>
13185 <itunes:duration>46:30</itunes:duration>
13186 <itunes:explicit>no</itunes:explicit>
13187 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
13188 <description>Migrating drives and zpool between hosts, OpenBSD in 2019, Dragonfly’s new zlib and dhcpcd, Batch renaming images and resolution with awk, a rant on the X11 ICCCM selection system, hammer 2 emergency space mode, and more.
13189 Headlines
13190 Migrating drives and the zpool from one host to another. (https://dan.langille.org/2019/10/26/migrating-drives-and-the-zpool-from-one-host-to-another/)
13191 Today is the day.
13192 Today I move a zpool from an R710 into an R720. The goal: all services on that zpool start running on the new host.
13193 Fortunately, that zpool is dedicated to jails, more or less. I have done some planning about this, including moving a poudriere on the R710 into a jail.
13194 Now it is almost noon on Saturday, I am sitting in the basement (just outside the server room), and I’m typing this up.
13195 In this post:
13196 FreeBSD 12.0
13197 Dell R710 (r710-01)
13198 Dell R720 (r720-01)
13199 drive caddies from eBay and now I know the difference between SATA and SATAu
13200 PLEASE READ THIS first: Migrating ZFS Storage Pools (https://docs.oracle.com/cd/E19253-01/819-5461/gbchy/index.html)
13201 OpenBSD in 2019 (https://blog.habets.se/2019/10/OpenBSD-in-2019.html)
13202 I’ve used OpenBSD on and off since 2.1. More back then than in the last 10 years or so though, so I thought I’d try it again.
13203 What triggered this was me finding a silly bug in GNU cpio that has existed with a “FIXME” comment since at least 1994. I checked OpenBSD to see if it had a related bug, but as expected no it was just fine.
13204 I don’t quite remember why I stopped using OpenBSD for servers, but I do remember filesystem corruption on “unexpected power disconnections” (even with softdep turned on), which I’ve never really seen on Linux.
13205 That and that fewer things “just worked” than with Linux, which matters more when I installed more random things than I do now. I’ve become a lot more minimalist. Probably due to less spare time. Life is better when you don’t run things like PHP (not that OpenBSD doesn’t support PHP, just an example) or your own email server with various antispam tooling, and other things.
13206 This is all experience from running OpenBSD on a server. On my next laptop I intend to try running OpenBSD on the dektop, and will see if that more ad-hoc environment works well. E.g. will gnuradio work? Lack of other-OS VM support may be a problem.
13207 Verdict
13208 Ouch, that’s a long list of bad stuff. Still, I like it. I’ll continue to run it, and will make sure my stuff continues working on OpenBSD.
13209 And maybe in a year I’ll have a review of OpenBSD on a laptop.
13210 News Roundup
13211 New zlib, new dhcpcd (https://www.dragonflydigest.com/2019/10/29/23683.html)
13212 zlib and dhcpcd are both updated in DragonFly… but my quick perusal of the commits makes it sound like bugfix only; no usage changes needed.
13213 DHCPCD Commit: http://lists.dragonflybsd.org/pipermail/commits/2019-October/719768.html
13214 ZLIB Commit: http://lists.dragonflybsd.org/pipermail/commits/2019-October/719772.html
13215 Batch renaming images, including image resolution, with awk (https://victoria.dev/verbose/batch-renaming-images-including-image-resolution-with-awk/)
13216 The most recent item on my list of “Geeky things I did that made me feel pretty awesome” is an hour’s adventure that culminated in this code:
13217
13218 $ file IMG* | awk 'BEGIN{a=0} {print substr($1, 1, length($1)-5),a++"_"substr($8,1, length($8)-1)}' | while read fn fr; do echo $(rename -v "s/$fn/img_$fr/g" *); done
13219 IMG_20170808_172653_425.jpg renamed as img_0_4032x3024.jpg
13220 IMG_20170808_173020_267.jpg renamed as img_1_3024x3506.jpg
13221 IMG_20170808_173130_616.jpg renamed as img_2_3024x3779.jpg
13222 IMG_20170808_173221_425.jpg renamed as img_3_3024x3780.jpg
13223 IMG_20170808_173417_059.jpg renamed as img_4_2956x2980.jpg
13224 IMG_20170808_173450_971.jpg renamed as img_5_3024x3024.jpg
13225 IMG_20170808_173536_034.jpg renamed as img_6_4032x3024.jpg
13226 IMG_20170808_173602_732.jpg renamed as img_7_1617x1617.jpg
13227 IMG_20170808_173645_339.jpg renamed as img_8_3024x3780.jpg
13228 IMG_20170909_170146_585.jpg renamed as img_9_3036x3036.jpg
13229 IMG_20170911_211522_543.jpg renamed as img_10_3036x3036.jpg
13230 IMG_20170913_071608_288.jpg renamed as img_11_2760x2760.jpg
13231 IMG_20170913_073205_522.jpg renamed as img_12_2738x2738.jpg
13232 // ... etc etc
13233
13234 The last item on the aforementioned list is “TODO: come up with a shorter title for this list.”
13235 I hate the X11 ICCCM selection system, and you should too - A Rant (http://www.call-with-current-continuation.org/rants/icccm.txt)
13236 d00d, that document is devilspawn. I've recently spent my nights in pain
13237 implementing the selection mechanism. WHY OH WHY OH WHY? why me? why did I choose to do this? and what sick evil twisted mind wrote this damn spec? I don't know why I'm working with it, I just wanted to make a useful program.
13238 I didn't know what I was getting myself in to. Nobody knows until they try it. And once you start, you're unable to stop. You can't stop, if you stop then you haven't completed it to spec. You can't fail on this, it's just a few pages of text, how can that be so hard? So what if they use Atoms for everything. So what if there's no explicit correlation between the target type of a SelectionNotify event and the type of the property it indicates?
13239 So what if the distinction is ambiguous? So what if the document is littered with such atrocities? It's not the spec's fault, the spec is authoritative. It's obviously YOUR (the implementor's) fault for misunderstanding it. If you didn't misunderstand it, you wouldn't be here complaining about it would you?
13240 HAMMER2 emergency space mode (https://www.dragonflydigest.com/2019/10/22/23652.html)
13241 As anyone who has been running HAMMER1 or HAMMER2 has noticed, snapshots and copy on write and infinite history can eat a lot of disk space, even if the actual file volume isn’t changing much. There’s now an ‘emergency mode‘ for HAMMER2, where disk operations can happen even if there isn’t space for the normal history activity. It’s dangerous, in that the normal protections against data loss if power is cut go away, and snapshots created while in this mode will be mangled. So definitely don’t leave it on!
13242 Beastie Bits
13243 The BastilleBSD community has started work on over 100 automation templates (https://twitter.com/BastilleBSD/status/1186659762458501120)
13244 PAM perturbed (https://www.dragonflydigest.com/2019/10/23/23654.html)
13245 OpenBSD T-Shirts now available (https://teespring.com/stores/openbsd)
13246 FastoCloud (Opensource Media Service) now available on FreeBSD (https://old.reddit.com/r/freebsd/comments/dlyqtq/fastocloud_opensource_media_service_now_available/)
13247 Unix: A History and a Memoir by Brian Kernighan now available (https://www.cs.princeton.edu/~bwk/)
13248 OpenBSD Moonlight game streaming client from a Windows + Nvidia PC (https://www.reddit.com/r/openbsd_gaming/comments/d6xboo/openbsd_moonlight_game_streaming_client_from_a/)
13249 ***
13250 Feedback/Questions
13251 Tim - Release Notes for Lumina 1.5 (http://dpaste.com/38DNSXT#wrap)
13252 Answer Here (http://dpaste.com/3QJX8G3#wrap)
13253 Brad - vBSDcon Trip Report (http://dpaste.com/316MGVX#wrap)
13254 Jacob - Using terminfo on FreeBSD (http://dpaste.com/131N05J#wrap)
13255 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
13256 <video controls preload="metadata" style=" width:426px; height:240px;">
13257 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0324.mp4" type="video/mp4">
13258 Your browser does not support the HTML5 video tag.
13259 </video>
13260 </description>
13261 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, migrating drive, migrating zpool, zpool, migration, zlib, dhcpcd, awk, batch, renaming, x11, ICCCM, hammer 2, emergency space mode</itunes:keywords>
13262 <content:encoded>
13263 <![CDATA[<p>Migrating drives and zpool between hosts, OpenBSD in 2019, Dragonfly’s new zlib and dhcpcd, Batch renaming images and resolution with awk, a rant on the X11 ICCCM selection system, hammer 2 emergency space mode, and more.</p>
13264
13265 <hr>
13266
13267 <h2>Headlines</h2>
13268
13269 <h3><a href="https://dan.langille.org/2019/10/26/migrating-drives-and-the-zpool-from-one-host-to-another/" rel="nofollow">Migrating drives and the zpool from one host to another.</a></h3>
13270
13271 <blockquote>
13272 <p>Today is the day.</p>
13273
13274 <p>Today I move a zpool from an R710 into an R720. The goal: all services on that zpool start running on the new host.</p>
13275
13276 <p>Fortunately, that zpool is dedicated to jails, more or less. I have done some planning about this, including moving a poudriere on the R710 into a jail.</p>
13277
13278 <p>Now it is almost noon on Saturday, I am sitting in the basement (just outside the server room), and I’m typing this up.</p>
13279 </blockquote>
13280
13281 <ul>
13282 <li><p>In this post:</p>
13283
13284 <ul>
13285 <li>FreeBSD 12.0</li>
13286 <li>Dell R710 (r710-01)</li>
13287 <li>Dell R720 (r720-01)</li>
13288 <li>drive caddies from eBay and now I know the difference between SATA and SATAu</li>
13289 </ul></li>
13290 <li><p><a href="https://docs.oracle.com/cd/E19253-01/819-5461/gbchy/index.html" rel="nofollow">PLEASE READ THIS first: Migrating ZFS Storage Pools</a></p></li>
13291 </ul>
13292
13293 <hr>
13294
13295 <h3><a href="https://blog.habets.se/2019/10/OpenBSD-in-2019.html" rel="nofollow">OpenBSD in 2019</a></h3>
13296
13297 <blockquote>
13298 <p>I’ve used OpenBSD on and off since 2.1. More back then than in the last 10 years or so though, so I thought I’d try it again.</p>
13299
13300 <p>What triggered this was me finding a silly bug in GNU cpio that has existed with a “FIXME” comment since at least 1994. I checked OpenBSD to see if it had a related bug, but as expected no it was just fine.</p>
13301
13302 <p>I don’t quite remember why I stopped using OpenBSD for servers, but I do remember filesystem corruption on “unexpected power disconnections” (even with softdep turned on), which I’ve never really seen on Linux.</p>
13303
13304 <p>That and that fewer things “just worked” than with Linux, which matters more when I installed more random things than I do now. I’ve become a lot more minimalist. Probably due to less spare time. Life is better when you don’t run things like PHP (not that OpenBSD doesn’t support PHP, just an example) or your own email server with various antispam tooling, and other things.</p>
13305
13306 <p>This is all experience from running OpenBSD on a server. On my next laptop I intend to try running OpenBSD on the dektop, and will see if that more ad-hoc environment works well. E.g. will gnuradio work? Lack of other-OS VM support may be a problem.</p>
13307 </blockquote>
13308
13309 <ul>
13310 <li>Verdict</li>
13311 </ul>
13312
13313 <blockquote>
13314 <p>Ouch, that’s a long list of bad stuff. Still, I like it. I’ll continue to run it, and will make sure my stuff continues working on OpenBSD.</p>
13315
13316 <p>And maybe in a year I’ll have a review of OpenBSD on a laptop.</p>
13317 </blockquote>
13318
13319 <hr>
13320
13321 <h2>News Roundup</h2>
13322
13323 <h3><a href="https://www.dragonflydigest.com/2019/10/29/23683.html" rel="nofollow">New zlib, new dhcpcd</a></h3>
13324
13325 <blockquote>
13326 <p>zlib and dhcpcd are both updated in DragonFly… but my quick perusal of the commits makes it sound like bugfix only; no usage changes needed.</p>
13327 </blockquote>
13328
13329 <ul>
13330 <li>DHCPCD Commit: <a href="http://lists.dragonflybsd.org/pipermail/commits/2019-October/719768.html" rel="nofollow">http://lists.dragonflybsd.org/pipermail/commits/2019-October/719768.html</a></li>
13331 <li>ZLIB Commit: <a href="http://lists.dragonflybsd.org/pipermail/commits/2019-October/719772.html" rel="nofollow">http://lists.dragonflybsd.org/pipermail/commits/2019-October/719772.html</a></li>
13332 </ul>
13333
13334 <hr>
13335
13336 <h3><a href="https://victoria.dev/verbose/batch-renaming-images-including-image-resolution-with-awk/" rel="nofollow">Batch renaming images, including image resolution, with awk</a></h3>
13337
13338 <blockquote>
13339 <p>The most recent item on my list of “Geeky things I did that made me feel pretty awesome” is an hour’s adventure that culminated in this code:</p>
13340 </blockquote>
13341
13342 <pre><code>$ file IMG* | awk 'BEGIN{a=0} {print substr($1, 1, length($1)-5),a++"_"substr($8,1, length($8)-1)}' | while read fn fr; do echo $(rename -v "s/$fn/img_$fr/g" *); done
13343 IMG_20170808_172653_425.jpg renamed as img_0_4032x3024.jpg
13344 IMG_20170808_173020_267.jpg renamed as img_1_3024x3506.jpg
13345 IMG_20170808_173130_616.jpg renamed as img_2_3024x3779.jpg
13346 IMG_20170808_173221_425.jpg renamed as img_3_3024x3780.jpg
13347 IMG_20170808_173417_059.jpg renamed as img_4_2956x2980.jpg
13348 IMG_20170808_173450_971.jpg renamed as img_5_3024x3024.jpg
13349 IMG_20170808_173536_034.jpg renamed as img_6_4032x3024.jpg
13350 IMG_20170808_173602_732.jpg renamed as img_7_1617x1617.jpg
13351 IMG_20170808_173645_339.jpg renamed as img_8_3024x3780.jpg
13352 IMG_20170909_170146_585.jpg renamed as img_9_3036x3036.jpg
13353 IMG_20170911_211522_543.jpg renamed as img_10_3036x3036.jpg
13354 IMG_20170913_071608_288.jpg renamed as img_11_2760x2760.jpg
13355 IMG_20170913_073205_522.jpg renamed as img_12_2738x2738.jpg
13356 // ... etc etc
13357 </code></pre>
13358
13359 <blockquote>
13360 <p>The last item on the aforementioned list is “TODO: come up with a shorter title for this list.”</p>
13361 </blockquote>
13362
13363 <hr>
13364
13365 <h3><a href="http://www.call-with-current-continuation.org/rants/icccm.txt" rel="nofollow">I hate the X11 ICCCM selection system, and you should too - A Rant</a></h3>
13366
13367 <blockquote>
13368 <p>d00d, that document is devilspawn. I've recently spent my nights in pain<br>
13369 implementing the selection mechanism. WHY OH WHY OH WHY? why me? why did I choose to do this? and what sick evil twisted mind wrote this damn spec? I don't know why I'm working with it, I just wanted to make a useful program.</p>
13370
13371 <p>I didn't know what I was getting myself in to. Nobody knows until they try it. And once you start, you're unable to stop. You can't stop, if you stop then you haven't completed it to spec. You can't fail on this, it's just a few pages of text, how can that be so hard? So what if they use Atoms for everything. So what if there's no explicit correlation between the target type of a SelectionNotify event and the type of the property it indicates?</p>
13372
13373 <p>So what if the distinction is ambiguous? So what if the document is littered with such atrocities? It's not the spec's fault, the spec is authoritative. It's obviously YOUR (the implementor's) fault for misunderstanding it. If you didn't misunderstand it, you wouldn't be here complaining about it would you?</p>
13374 </blockquote>
13375
13376 <hr>
13377
13378 <h3><a href="https://www.dragonflydigest.com/2019/10/22/23652.html" rel="nofollow">HAMMER2 emergency space mode</a></h3>
13379
13380 <blockquote>
13381 <p>As anyone who has been running HAMMER1 or HAMMER2 has noticed, snapshots and copy on write and infinite history can eat a lot of disk space, even if the actual file volume isn’t changing much. There’s now an ‘emergency mode‘ for HAMMER2, where disk operations can happen even if there isn’t space for the normal history activity. It’s dangerous, in that the normal protections against data loss if power is cut go away, and snapshots created while in this mode will be mangled. So definitely don’t leave it on!</p>
13382 </blockquote>
13383
13384 <hr>
13385
13386 <h2>Beastie Bits</h2>
13387
13388 <ul>
13389 <li><a href="https://twitter.com/BastilleBSD/status/1186659762458501120" rel="nofollow">The BastilleBSD community has started work on over 100 automation templates</a></li>
13390 <li><a href="https://www.dragonflydigest.com/2019/10/23/23654.html" rel="nofollow">PAM perturbed</a></li>
13391 <li><a href="https://teespring.com/stores/openbsd" rel="nofollow">OpenBSD T-Shirts now available</a></li>
13392 <li><a href="https://old.reddit.com/r/freebsd/comments/dlyqtq/fastocloud_opensource_media_service_now_available/" rel="nofollow">FastoCloud (Opensource Media Service) now available on FreeBSD</a></li>
13393 <li><a href="https://www.cs.princeton.edu/%7Ebwk/" rel="nofollow">Unix: A History and a Memoir by Brian Kernighan now available</a></li>
13394 <li><a href="https://www.reddit.com/r/openbsd_gaming/comments/d6xboo/openbsd_moonlight_game_streaming_client_from_a/" rel="nofollow">OpenBSD Moonlight game streaming client from a Windows + Nvidia PC</a>
13395 ***</li>
13396 </ul>
13397
13398 <h2>Feedback/Questions</h2>
13399
13400 <ul>
13401 <li>Tim - <a href="http://dpaste.com/38DNSXT#wrap" rel="nofollow">Release Notes for Lumina 1.5</a>
13402
13403 <ul>
13404 <li><a href="http://dpaste.com/3QJX8G3#wrap" rel="nofollow">Answer Here</a></li>
13405 </ul></li>
13406 <li>Brad - <a href="http://dpaste.com/316MGVX#wrap" rel="nofollow">vBSDcon Trip Report</a></li>
13407 <li>Jacob - <a href="http://dpaste.com/131N05J#wrap" rel="nofollow">Using terminfo on FreeBSD</a></li>
13408 </ul>
13409
13410 <hr>
13411
13412 <ul>
13413 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
13414 </ul>
13415
13416 <hr>
13417
13418 <video controls preload="metadata" style=" width:426px; height:240px;">
13419 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0324.mp4" type="video/mp4">
13420 Your browser does not support the HTML5 video tag.
13421 </video>]]>
13422 </content:encoded>
13423 <itunes:summary>
13424 <![CDATA[<p>Migrating drives and zpool between hosts, OpenBSD in 2019, Dragonfly’s new zlib and dhcpcd, Batch renaming images and resolution with awk, a rant on the X11 ICCCM selection system, hammer 2 emergency space mode, and more.</p>
13425
13426 <hr>
13427
13428 <h2>Headlines</h2>
13429
13430 <h3><a href="https://dan.langille.org/2019/10/26/migrating-drives-and-the-zpool-from-one-host-to-another/" rel="nofollow">Migrating drives and the zpool from one host to another.</a></h3>
13431
13432 <blockquote>
13433 <p>Today is the day.</p>
13434
13435 <p>Today I move a zpool from an R710 into an R720. The goal: all services on that zpool start running on the new host.</p>
13436
13437 <p>Fortunately, that zpool is dedicated to jails, more or less. I have done some planning about this, including moving a poudriere on the R710 into a jail.</p>
13438
13439 <p>Now it is almost noon on Saturday, I am sitting in the basement (just outside the server room), and I’m typing this up.</p>
13440 </blockquote>
13441
13442 <ul>
13443 <li><p>In this post:</p>
13444
13445 <ul>
13446 <li>FreeBSD 12.0</li>
13447 <li>Dell R710 (r710-01)</li>
13448 <li>Dell R720 (r720-01)</li>
13449 <li>drive caddies from eBay and now I know the difference between SATA and SATAu</li>
13450 </ul></li>
13451 <li><p><a href="https://docs.oracle.com/cd/E19253-01/819-5461/gbchy/index.html" rel="nofollow">PLEASE READ THIS first: Migrating ZFS Storage Pools</a></p></li>
13452 </ul>
13453
13454 <hr>
13455
13456 <h3><a href="https://blog.habets.se/2019/10/OpenBSD-in-2019.html" rel="nofollow">OpenBSD in 2019</a></h3>
13457
13458 <blockquote>
13459 <p>I’ve used OpenBSD on and off since 2.1. More back then than in the last 10 years or so though, so I thought I’d try it again.</p>
13460
13461 <p>What triggered this was me finding a silly bug in GNU cpio that has existed with a “FIXME” comment since at least 1994. I checked OpenBSD to see if it had a related bug, but as expected no it was just fine.</p>
13462
13463 <p>I don’t quite remember why I stopped using OpenBSD for servers, but I do remember filesystem corruption on “unexpected power disconnections” (even with softdep turned on), which I’ve never really seen on Linux.</p>
13464
13465 <p>That and that fewer things “just worked” than with Linux, which matters more when I installed more random things than I do now. I’ve become a lot more minimalist. Probably due to less spare time. Life is better when you don’t run things like PHP (not that OpenBSD doesn’t support PHP, just an example) or your own email server with various antispam tooling, and other things.</p>
13466
13467 <p>This is all experience from running OpenBSD on a server. On my next laptop I intend to try running OpenBSD on the dektop, and will see if that more ad-hoc environment works well. E.g. will gnuradio work? Lack of other-OS VM support may be a problem.</p>
13468 </blockquote>
13469
13470 <ul>
13471 <li>Verdict</li>
13472 </ul>
13473
13474 <blockquote>
13475 <p>Ouch, that’s a long list of bad stuff. Still, I like it. I’ll continue to run it, and will make sure my stuff continues working on OpenBSD.</p>
13476
13477 <p>And maybe in a year I’ll have a review of OpenBSD on a laptop.</p>
13478 </blockquote>
13479
13480 <hr>
13481
13482 <h2>News Roundup</h2>
13483
13484 <h3><a href="https://www.dragonflydigest.com/2019/10/29/23683.html" rel="nofollow">New zlib, new dhcpcd</a></h3>
13485
13486 <blockquote>
13487 <p>zlib and dhcpcd are both updated in DragonFly… but my quick perusal of the commits makes it sound like bugfix only; no usage changes needed.</p>
13488 </blockquote>
13489
13490 <ul>
13491 <li>DHCPCD Commit: <a href="http://lists.dragonflybsd.org/pipermail/commits/2019-October/719768.html" rel="nofollow">http://lists.dragonflybsd.org/pipermail/commits/2019-October/719768.html</a></li>
13492 <li>ZLIB Commit: <a href="http://lists.dragonflybsd.org/pipermail/commits/2019-October/719772.html" rel="nofollow">http://lists.dragonflybsd.org/pipermail/commits/2019-October/719772.html</a></li>
13493 </ul>
13494
13495 <hr>
13496
13497 <h3><a href="https://victoria.dev/verbose/batch-renaming-images-including-image-resolution-with-awk/" rel="nofollow">Batch renaming images, including image resolution, with awk</a></h3>
13498
13499 <blockquote>
13500 <p>The most recent item on my list of “Geeky things I did that made me feel pretty awesome” is an hour’s adventure that culminated in this code:</p>
13501 </blockquote>
13502
13503 <pre><code>$ file IMG* | awk 'BEGIN{a=0} {print substr($1, 1, length($1)-5),a++"_"substr($8,1, length($8)-1)}' | while read fn fr; do echo $(rename -v "s/$fn/img_$fr/g" *); done
13504 IMG_20170808_172653_425.jpg renamed as img_0_4032x3024.jpg
13505 IMG_20170808_173020_267.jpg renamed as img_1_3024x3506.jpg
13506 IMG_20170808_173130_616.jpg renamed as img_2_3024x3779.jpg
13507 IMG_20170808_173221_425.jpg renamed as img_3_3024x3780.jpg
13508 IMG_20170808_173417_059.jpg renamed as img_4_2956x2980.jpg
13509 IMG_20170808_173450_971.jpg renamed as img_5_3024x3024.jpg
13510 IMG_20170808_173536_034.jpg renamed as img_6_4032x3024.jpg
13511 IMG_20170808_173602_732.jpg renamed as img_7_1617x1617.jpg
13512 IMG_20170808_173645_339.jpg renamed as img_8_3024x3780.jpg
13513 IMG_20170909_170146_585.jpg renamed as img_9_3036x3036.jpg
13514 IMG_20170911_211522_543.jpg renamed as img_10_3036x3036.jpg
13515 IMG_20170913_071608_288.jpg renamed as img_11_2760x2760.jpg
13516 IMG_20170913_073205_522.jpg renamed as img_12_2738x2738.jpg
13517 // ... etc etc
13518 </code></pre>
13519
13520 <blockquote>
13521 <p>The last item on the aforementioned list is “TODO: come up with a shorter title for this list.”</p>
13522 </blockquote>
13523
13524 <hr>
13525
13526 <h3><a href="http://www.call-with-current-continuation.org/rants/icccm.txt" rel="nofollow">I hate the X11 ICCCM selection system, and you should too - A Rant</a></h3>
13527
13528 <blockquote>
13529 <p>d00d, that document is devilspawn. I've recently spent my nights in pain<br>
13530 implementing the selection mechanism. WHY OH WHY OH WHY? why me? why did I choose to do this? and what sick evil twisted mind wrote this damn spec? I don't know why I'm working with it, I just wanted to make a useful program.</p>
13531
13532 <p>I didn't know what I was getting myself in to. Nobody knows until they try it. And once you start, you're unable to stop. You can't stop, if you stop then you haven't completed it to spec. You can't fail on this, it's just a few pages of text, how can that be so hard? So what if they use Atoms for everything. So what if there's no explicit correlation between the target type of a SelectionNotify event and the type of the property it indicates?</p>
13533
13534 <p>So what if the distinction is ambiguous? So what if the document is littered with such atrocities? It's not the spec's fault, the spec is authoritative. It's obviously YOUR (the implementor's) fault for misunderstanding it. If you didn't misunderstand it, you wouldn't be here complaining about it would you?</p>
13535 </blockquote>
13536
13537 <hr>
13538
13539 <h3><a href="https://www.dragonflydigest.com/2019/10/22/23652.html" rel="nofollow">HAMMER2 emergency space mode</a></h3>
13540
13541 <blockquote>
13542 <p>As anyone who has been running HAMMER1 or HAMMER2 has noticed, snapshots and copy on write and infinite history can eat a lot of disk space, even if the actual file volume isn’t changing much. There’s now an ‘emergency mode‘ for HAMMER2, where disk operations can happen even if there isn’t space for the normal history activity. It’s dangerous, in that the normal protections against data loss if power is cut go away, and snapshots created while in this mode will be mangled. So definitely don’t leave it on!</p>
13543 </blockquote>
13544
13545 <hr>
13546
13547 <h2>Beastie Bits</h2>
13548
13549 <ul>
13550 <li><a href="https://twitter.com/BastilleBSD/status/1186659762458501120" rel="nofollow">The BastilleBSD community has started work on over 100 automation templates</a></li>
13551 <li><a href="https://www.dragonflydigest.com/2019/10/23/23654.html" rel="nofollow">PAM perturbed</a></li>
13552 <li><a href="https://teespring.com/stores/openbsd" rel="nofollow">OpenBSD T-Shirts now available</a></li>
13553 <li><a href="https://old.reddit.com/r/freebsd/comments/dlyqtq/fastocloud_opensource_media_service_now_available/" rel="nofollow">FastoCloud (Opensource Media Service) now available on FreeBSD</a></li>
13554 <li><a href="https://www.cs.princeton.edu/%7Ebwk/" rel="nofollow">Unix: A History and a Memoir by Brian Kernighan now available</a></li>
13555 <li><a href="https://www.reddit.com/r/openbsd_gaming/comments/d6xboo/openbsd_moonlight_game_streaming_client_from_a/" rel="nofollow">OpenBSD Moonlight game streaming client from a Windows + Nvidia PC</a>
13556 ***</li>
13557 </ul>
13558
13559 <h2>Feedback/Questions</h2>
13560
13561 <ul>
13562 <li>Tim - <a href="http://dpaste.com/38DNSXT#wrap" rel="nofollow">Release Notes for Lumina 1.5</a>
13563
13564 <ul>
13565 <li><a href="http://dpaste.com/3QJX8G3#wrap" rel="nofollow">Answer Here</a></li>
13566 </ul></li>
13567 <li>Brad - <a href="http://dpaste.com/316MGVX#wrap" rel="nofollow">vBSDcon Trip Report</a></li>
13568 <li>Jacob - <a href="http://dpaste.com/131N05J#wrap" rel="nofollow">Using terminfo on FreeBSD</a></li>
13569 </ul>
13570
13571 <hr>
13572
13573 <ul>
13574 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
13575 </ul>
13576
13577 <hr>
13578
13579 <video controls preload="metadata" style=" width:426px; height:240px;">
13580 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0324.mp4" type="video/mp4">
13581 Your browser does not support the HTML5 video tag.
13582 </video>]]>
13583 </itunes:summary>
13584 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+JgDU4X5g</fireside:playerURL>
13585 <fireside:playerEmbedCode>
13586 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+JgDU4X5g" width="740" height="200" frameborder="0" scrolling="no">]]>
13587 </fireside:playerEmbedCode>
13588 </item>
13589 <item>
13590 <title>323: OSI Burrito Guy</title>
13591 <link>https://www.bsdnow.tv/323</link>
13592 <guid isPermaLink="false">cf54c1fe-70ba-49a3-9b13-1ceb64ab896a</guid>
13593 <pubDate>Thu, 07 Nov 2019 04:00:00 -0800</pubDate>
13594 <author>Allan Jude</author>
13595 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/cf54c1fe-70ba-49a3-9b13-1ceb64ab896a.mp3" length="35547347" type="audio/mp3"/>
13596 <itunes:episodeType>full</itunes:episodeType>
13597 <itunes:author>Allan Jude</itunes:author>
13598 <itunes:subtitle>The earliest Unix code, how to replace fail2ban with blacklistd, OpenBSD crossed 400k commits, how to install Bolt CMS on FreeBSD, optimized hammer2, appeasing the OSI 7-layer burrito guys, and more.</itunes:subtitle>
13599 <itunes:duration>49:22</itunes:duration>
13600 <itunes:explicit>no</itunes:explicit>
13601 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
13602 <description>The earliest Unix code, how to replace fail2ban with blacklistd, OpenBSD crossed 400k commits, how to install Bolt CMS on FreeBSD, optimized hammer2, appeasing the OSI 7-layer burrito guys, and more.
13603 Headlines
13604 The Earliest Unix Code: An Anniversary Source Code Release (https://computerhistory.org/blog/the-earliest-unix-code-an-anniversary-source-code-release/)
13605 What is it that runs the servers that hold our online world, be it the web or the cloud? What enables the mobile apps that are at the center of increasingly on-demand lives in the developed world and of mobile banking and messaging in the developing world? The answer is the operating system Unix and its many descendants: Linux, Android, BSD Unix, MacOS, iOS—the list goes on and on. Want to glimpse the Unix in your Mac? Open a Terminal window and enter “man roff” to view the Unix manual entry for an early text formatting program that lives within your operating system.
13606 2019 marks the 50th anniversary of the start of Unix. In the summer of 1969, that same summer that saw humankind’s first steps on the surface of the Moon, computer scientists at the Bell Telephone Laboratories—most centrally Ken Thompson and Dennis Ritchie—began the construction of a new operating system, using a then-aging DEC PDP-7 computer at the labs.
13607 This man sent the first online message 50 years ago (https://www.cbc.ca/radio/thecurrent/the-current-for-oct-29-2019-1.5339212/this-man-sent-the-first-online-message-50-years-ago-he-s-since-seen-the-web-s-dark-side-emerge-1.5339244)
13608 As many of you have heard in the past, the first online message ever sent between two computers was "lo", just over 50 years ago, on Oct. 29, 1969.
13609 It was supposed to say "log," but the computer sending the message — based at UCLA — crashed before the letter "g" was typed. A computer at Stanford 560 kilometres away was supposed to fill in the remaining characters "in," as in "log in."
13610 The CBC Radio show, “The Current” has a half-hour interview with the man who sent that message, Leonard Kleinrock, distinguished professor of computer science at UCLA
13611 "The idea of the network was you could sit at one computer, log on through the network to a remote computer and use its services there,"
13612 50 years later, the internet has become so ubiquitous that it has almost been rendered invisible. There's hardly an aspect in our daily lives that hasn't been touched and transformed by it.
13613 Q: Take us back to that day 50 years ago. Did you have the sense that this was going to be something you'd be talking about a half a century later?
13614 A: Well, yes and no. Four months before that message was sent, there was a press release that came out of UCLA in which it quotes me as describing what my vision for this network would become. Basically what it said is that this network would be always on, always available. Anybody with any device could get on at anytime from any location, and it would be invisible.
13615 Well, what I missed ... was that this is going to become a social network. People talking to people. Not computers talking to computers, but [the] human element.
13616 Q: Can you briefly explain what you were working on in that lab? Why were you trying to get computers to actually talk to one another?
13617 A: As an MIT graduate student, years before, I recognized I was surrounded by computers and I realized there was no effective [or efficient] way for them to communicate. I did my dissertation, my research, on establishing a mathematical theory of how these networks would work. But there was no such network existing. AT&T said it won't work and, even if it does, we want nothing to do with it.
13618 So I had to wait around for years until the Advanced Research Projects Agency within the Department of Defence decided they needed a network to connect together the computer scientists they were supervising and supporting.
13619 Q: For all the promise of the internet, it has also developed some dark sides that I'm guessing pioneers like yourselves never anticipated.
13620 A: We did not. I knew everybody on the internet at that time, and they were all well-behaved and they all believed in an open, shared free network. So we did not put in any security controls.
13621 When the first spam email occurred, we began to see the dark side emerge as this network reached nefarious people sitting in basements with a high-speed connection, reaching out to millions of people instantaneously, at no cost in time or money, anonymously until all sorts of unpleasant events occurred, which we called the dark side.
13622 But in those early days, I considered the network to be going through its teenage years. Hacking to spam, annoying kinds of effects. I thought that one day this network would mature and grow up. Well, in fact, it took a turn for the worse when nation states, organized crime and extremists came in and began to abuse the network in severe ways.
13623 Q: Is there any part of you that regrets giving birth to this?
13624 A: Absolutely not. The greater good is much more important.
13625 News Roundup
13626 How to use blacklistd(8) with NPF as a fail2ban replacement (https://www.unitedbsd.com/d/63-how-to-use-blacklistd8-with-npf-as-a-fail2ban-replacement)
13627 blacklistd(8) provides an API that can be used by network daemons to communicate with a packet filter via a daemon to enforce opening and closing ports dynamically based on policy.
13628 The interface to the packet filter is in /libexec/blacklistd-helper (this is currently designed for npf) and the configuration file (inspired from inetd.conf) is in etc/blacklistd.conf
13629 Now, blacklistd(8) will require bpfjit(4) (Just-In-Time compiler for Berkeley Packet Filter) in order to properly work, in addition to, naturally, npf(7) as frontend and syslogd(8), as a backend to print diagnostic messages. Also remember npf shall rely on the npflog* virtual network interface to provide logging for tcpdump() to use.
13630 Unfortunately (dont' ask me why ??) in 8.1 all the required kernel components are still not compiled by default in the GENERIC kernel (though they are in HEAD), and are rather provided as modules. Enabling NPF and blacklistd services would normally result in them being automatically loaded as root, but predictably on securelevel=1 this is not going to happen.
13631 FreeBSD’s handbook chapter on blacklistd (https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-blacklistd.html)
13632 OpenBSD crossed 400,000 commits (https://marc.info/?l=openbsd-tech&m=157059352620659&w=2)
13633 Sometime in the last week OpenBSD crossed 400,000 commits (*) upon all our repositories since starting at 1995/10/18 08:37:01 Canada/Mountain. That's a lot of commits by a lot of amazing people.
13634 (*) by one measure. Since the repository is so large and old, there are a variety of quirks including ChangeLog missing entries and branches not convertible to other repo forms, so measuring is hard. If you think you've got a great way of measuring, don't be so sure of yourself -- you may have overcounted or undercounted.
13635 Subject to the notes Theo made about under and over counting, FreeBSD should hit 1 million commits (base + ports + docs) some time in 2020
13636 NetBSD + pkgsrc are approaching 600,000, but of course pkgsrc covers other operating systems too
13637 How to Install Bolt CMS with Nginx and Let's Encrypt on FreeBSD 12 (https://www.howtoforge.com/how-to-install-bolt-cms-nginx-ssl-on-freebsd-12/)
13638 Bolt is a sophisticated, lightweight and simple CMS built with PHP. It is released under the open-source MIT-license and source code is hosted as a public repository on Github. A bolt is a tool for Content Management, which strives to be as simple and straightforward as possible. It is quick to set up, easy to configure, uses elegant templates. Bolt is created using modern open-source libraries and is best suited to build sites in HTML5 with modern markup. In this tutorial, we will go through the Bolt CMS installation on FreeBSD 12 system by using Nginx as a web server, MySQL as a database server, and optionally you can secure the transport layer by using acme.sh client and Let's Encrypt certificate authority to add SSL support.
13639 Requirements
13640 The system requirements for Bolt are modest, and it should run on any fairly modern web server:
13641 PHP version 5.5.9 or higher with the following common PHP extensions: pdo, mysqlnd, pgsql, openssl, curl, gd, intl, json, mbstring, opcache, posix, xml, fileinfo, exif, zip.
13642 Access to SQLite (which comes bundled with PHP), or MySQL or PostgreSQL.
13643 Apache with mod_rewrite enabled (.htaccess files) or Nginx (virtual host configuration covered below).
13644 A minimum of 32MB of memory allocated to PHP.
13645 hammer2 - Optimize hammer2 support threads and dispatch (http://lists.dragonflybsd.org/pipermail/commits/2019-September/719632.html)
13646 Refactor the XOP groups in order to be able to queue strategy calls, whenever possible, to the same CPU as the issuer. This optimizes several cases and reduces unnecessary IPI traffic between cores. The next best thing to do would be to not queue certain XOPs to an H2 support thread at all, but I would like to keep the threads intact for later clustering work.
13647 The best scaling case for this is when one has a large number of user threads doing I/O. One instance of a single-threaded program on an otherwise idle machine might see a slightly reduction in performance but at the same time we completely avoid unnecessarily spamming all cores in the system on the behalf of a single program, so overhead is also significantly lower.
13648 This will tend to increase the number of H2 support threads since we need a certain degree of multiplication for domain separation.
13649 This should significantly increase I/O performance for multi-threaded workloads.
13650 You know, we might as well just run every network service over HTTPS/2 and build another six layers on top of that to appease the OSI 7-layer burrito guys (http://boston.conman.org/2019/10/17.1)
13651 I've seen the writing on the wall, and while for now you can configure Firefox not to use DoH, I'm not confident enough to think it will remain that way. To that end, I've finally set up my own DoH server for use at Chez Boca. It only involved setting up my own CA to generate the appropriate certificates, install my CA certificate into Firefox, configure Apache to run over HTTP/2 (THANK YOU SO VERY XXXXXXX MUCH GOOGLE FOR SHOVING THIS HTTP/2 XXXXXXXX DOWN OUR THROATS!—no, I'm not bitter) and write a 150 line script that just queries my own local DNS, because, you know, it's more XXXXXXX secure or some XXXXXXXX reason like that.
13652 Sigh.
13653 Beastie Bits
13654 An Oral History of Unix (https://www.princeton.edu/~hos/Mahoney/unixhistory)
13655 NUMA Siloing in the FreeBSD Network Stack [pdf] (https://people.freebsd.org/~gallatin/talks/euro2019.pdf)
13656 EuroBSDCon 2019 videos available (https://www.youtube.com/playlist?list=PLskKNopggjc6NssLc8GEGSiFYJLYdlTQx)
13657 Barbie knows best (https://twitter.com/eksffa/status/1188638425567682560)
13658 For the #OpenBSD #e2k19 attendees. I did a pre visit today. (https://twitter.com/bob_beck/status/1188226661684301824)
13659 Drawer Find (https://twitter.com/pasha_sh/status/1187877745499561985)
13660 Slides - Removing ROP Gadgets from OpenBSD - AsiaBSDCon 2019 (https://www.openbsd.org/papers/asiabsdcon2019-rop-slides.pdf)
13661 Feedback/Questions
13662 Bostjan - Open source doesn't mean secure (http://dpaste.com/1M5MVCX#wrap)
13663 Malcolm - Allan is Correct. (http://dpaste.com/2RFNR94)
13664 Michael - FreeNAS inside a Jail (http://dpaste.com/28YW3BB#wrap)
13665 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
13666 <video controls preload="metadata" style=" width:426px; height:240px;">
13667 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0323.mp4" type="video/mp4">
13668 Your browser does not support the HTML5 video tag.
13669 </video>
13670 </description>
13671 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, Unix, code, blacklistd, fail2ban, npf, bolt, cms, nginx, lets encrypt, hammer2, OSI, 7 layer, https2 </itunes:keywords>
13672 <content:encoded>
13673 <![CDATA[<p>The earliest Unix code, how to replace fail2ban with blacklistd, OpenBSD crossed 400k commits, how to install Bolt CMS on FreeBSD, optimized hammer2, appeasing the OSI 7-layer burrito guys, and more.</p>
13674
13675 <h2>Headlines</h2>
13676
13677 <h3><a href="https://computerhistory.org/blog/the-earliest-unix-code-an-anniversary-source-code-release/" rel="nofollow">The Earliest Unix Code: An Anniversary Source Code Release</a></h3>
13678
13679 <blockquote>
13680 <p>What is it that runs the servers that hold our online world, be it the web or the cloud? What enables the mobile apps that are at the center of increasingly on-demand lives in the developed world and of mobile banking and messaging in the developing world? The answer is the operating system Unix and its many descendants: Linux, Android, BSD Unix, MacOS, iOS—the list goes on and on. Want to glimpse the Unix in your Mac? Open a Terminal window and enter “man roff” to view the Unix manual entry for an early text formatting program that lives within your operating system.</p>
13681
13682 <p>2019 marks the 50th anniversary of the start of Unix. In the summer of 1969, that same summer that saw humankind’s first steps on the surface of the Moon, computer scientists at the Bell Telephone Laboratories—most centrally Ken Thompson and Dennis Ritchie—began the construction of a new operating system, using a then-aging DEC PDP-7 computer at the labs.</p>
13683 </blockquote>
13684
13685 <hr>
13686
13687 <h3><a href="https://www.cbc.ca/radio/thecurrent/the-current-for-oct-29-2019-1.5339212/this-man-sent-the-first-online-message-50-years-ago-he-s-since-seen-the-web-s-dark-side-emerge-1.5339244" rel="nofollow">This man sent the first online message 50 years ago</a></h3>
13688
13689 <ul>
13690 <li>As many of you have heard in the past, the first online message ever sent between two computers was "lo", just over 50 years ago, on Oct. 29, 1969. </li>
13691 </ul>
13692
13693 <blockquote>
13694 <p>It was supposed to say "log," but the computer sending the message — based at UCLA — crashed before the letter "g" was typed. A computer at Stanford 560 kilometres away was supposed to fill in the remaining characters "in," as in "log in."</p>
13695 </blockquote>
13696
13697 <ul>
13698 <li>The CBC Radio show, “The Current” has a half-hour interview with the man who sent that message, Leonard Kleinrock, distinguished professor of computer science at UCLA</li>
13699 </ul>
13700
13701 <blockquote>
13702 <p>"The idea of the network was you could sit at one computer, log on through the network to a remote computer and use its services there,"</p>
13703
13704 <p>50 years later, the internet has become so ubiquitous that it has almost been rendered invisible. There's hardly an aspect in our daily lives that hasn't been touched and transformed by it.</p>
13705
13706 <p>Q: Take us back to that day 50 years ago. Did you have the sense that this was going to be something you'd be talking about a half a century later?</p>
13707
13708 <p>A: Well, yes and no. Four months before that message was sent, there was a press release that came out of UCLA in which it quotes me as describing what my vision for this network would become. Basically what it said is that this network would be always on, always available. Anybody with any device could get on at anytime from any location, and it would be invisible.</p>
13709
13710 <p>Well, what I missed ... was that this is going to become a social network. People talking to people. Not computers talking to computers, but [the] human element.</p>
13711
13712 <p>Q: Can you briefly explain what you were working on in that lab? Why were you trying to get computers to actually talk to one another?</p>
13713
13714 <p>A: As an MIT graduate student, years before, I recognized I was surrounded by computers and I realized there was no effective [or efficient] way for them to communicate. I did my dissertation, my research, on establishing a mathematical theory of how these networks would work. But there was no such network existing. AT&T said it won't work and, even if it does, we want nothing to do with it.</p>
13715
13716 <p>So I had to wait around for years until the Advanced Research Projects Agency within the Department of Defence decided they needed a network to connect together the computer scientists they were supervising and supporting.</p>
13717
13718 <p>Q: For all the promise of the internet, it has also developed some dark sides that I'm guessing pioneers like yourselves never anticipated.</p>
13719
13720 <p>A: We did not. I knew everybody on the internet at that time, and they were all well-behaved and they all believed in an open, shared free network. So we did not put in any security controls.</p>
13721
13722 <p>When the first spam email occurred, we began to see the dark side emerge as this network reached nefarious people sitting in basements with a high-speed connection, reaching out to millions of people instantaneously, at no cost in time or money, anonymously until all sorts of unpleasant events occurred, which we called the dark side.</p>
13723
13724 <p>But in those early days, I considered the network to be going through its teenage years. Hacking to spam, annoying kinds of effects. I thought that one day this network would mature and grow up. Well, in fact, it took a turn for the worse when nation states, organized crime and extremists came in and began to abuse the network in severe ways.</p>
13725
13726 <p>Q: Is there any part of you that regrets giving birth to this?</p>
13727
13728 <p>A: Absolutely not. The greater good is much more important.</p>
13729 </blockquote>
13730
13731 <hr>
13732
13733 <h2>News Roundup</h2>
13734
13735 <h3><a href="https://www.unitedbsd.com/d/63-how-to-use-blacklistd8-with-npf-as-a-fail2ban-replacement" rel="nofollow">How to use blacklistd(8) with NPF as a fail2ban replacement</a></h3>
13736
13737 <blockquote>
13738 <p>blacklistd(8) provides an API that can be used by network daemons to communicate with a packet filter via a daemon to enforce opening and closing ports dynamically based on policy.</p>
13739
13740 <p>The interface to the packet filter is in /libexec/blacklistd-helper (this is currently designed for npf) and the configuration file (inspired from inetd.conf) is in etc/blacklistd.conf</p>
13741
13742 <p>Now, blacklistd(8) will require bpfjit(4) (Just-In-Time compiler for Berkeley Packet Filter) in order to properly work, in addition to, naturally, npf(7) as frontend and syslogd(8), as a backend to print diagnostic messages. Also remember npf shall rely on the npflog* virtual network interface to provide logging for tcpdump() to use.</p>
13743
13744 <p>Unfortunately (dont' ask me why ??) in 8.1 all the required kernel components are still not compiled by default in the GENERIC kernel (though they are in HEAD), and are rather provided as modules. Enabling NPF and blacklistd services would normally result in them being automatically loaded as root, but predictably on securelevel=1 this is not going to happen.</p>
13745 </blockquote>
13746
13747 <ul>
13748 <li><a href="https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-blacklistd.html" rel="nofollow">FreeBSD’s handbook chapter on blacklistd</a></li>
13749 </ul>
13750
13751 <hr>
13752
13753 <h3><a href="https://marc.info/?l=openbsd-tech&m=157059352620659&w=2" rel="nofollow">OpenBSD crossed 400,000 commits</a></h3>
13754
13755 <blockquote>
13756 <p>Sometime in the last week OpenBSD crossed 400,000 commits (*) upon all our repositories since starting at 1995/10/18 08:37:01 Canada/Mountain. That's a lot of commits by a lot of amazing people.</p>
13757
13758 <p>(*) by one measure. Since the repository is so large and old, there are a variety of quirks including ChangeLog missing entries and branches not convertible to other repo forms, so measuring is hard. If you think you've got a great way of measuring, don't be so sure of yourself -- you may have overcounted or undercounted.</p>
13759 </blockquote>
13760
13761 <ul>
13762 <li>Subject to the notes Theo made about under and over counting, FreeBSD should hit 1 million commits (base + ports + docs) some time in 2020</li>
13763 <li>NetBSD + pkgsrc are approaching 600,000, but of course pkgsrc covers other operating systems too</li>
13764 </ul>
13765
13766 <hr>
13767
13768 <h3><a href="https://www.howtoforge.com/how-to-install-bolt-cms-nginx-ssl-on-freebsd-12/" rel="nofollow">How to Install Bolt CMS with Nginx and Let's Encrypt on FreeBSD 12</a></h3>
13769
13770 <blockquote>
13771 <p>Bolt is a sophisticated, lightweight and simple CMS built with PHP. It is released under the open-source MIT-license and source code is hosted as a public repository on Github. A bolt is a tool for Content Management, which strives to be as simple and straightforward as possible. It is quick to set up, easy to configure, uses elegant templates. Bolt is created using modern open-source libraries and is best suited to build sites in HTML5 with modern markup. In this tutorial, we will go through the Bolt CMS installation on FreeBSD 12 system by using Nginx as a web server, MySQL as a database server, and optionally you can secure the transport layer by using acme.sh client and Let's Encrypt certificate authority to add SSL support.</p>
13772 </blockquote>
13773
13774 <ul>
13775 <li>Requirements</li>
13776 <li>The system requirements for Bolt are modest, and it should run on any fairly modern web server:
13777
13778 <ul>
13779 <li>PHP version 5.5.9 or higher with the following common PHP extensions: pdo, mysqlnd, pgsql, openssl, curl, gd, intl, json, mbstring, opcache, posix, xml, fileinfo, exif, zip.</li>
13780 <li>Access to SQLite (which comes bundled with PHP), or MySQL or PostgreSQL.</li>
13781 <li>Apache with mod_rewrite enabled (.htaccess files) or Nginx (virtual host configuration covered below).</li>
13782 <li>A minimum of 32MB of memory allocated to PHP.</li>
13783 </ul></li>
13784 </ul>
13785
13786 <hr>
13787
13788 <h3><a href="http://lists.dragonflybsd.org/pipermail/commits/2019-September/719632.html" rel="nofollow">hammer2 - Optimize hammer2 support threads and dispatch</a></h3>
13789
13790 <blockquote>
13791 <p>Refactor the XOP groups in order to be able to queue strategy calls, whenever possible, to the same CPU as the issuer. This optimizes several cases and reduces unnecessary IPI traffic between cores. The next best thing to do would be to not queue certain XOPs to an H2 support thread at all, but I would like to keep the threads intact for later clustering work.<br><br>
13792 The best scaling case for this is when one has a large number of user threads doing I/O. One instance of a single-threaded program on an otherwise idle machine might see a slightly reduction in performance but at the same time we completely avoid unnecessarily spamming all cores in the system on the behalf of a single program, so overhead is also significantly lower.</p>
13793
13794 <p>This will tend to increase the number of H2 support threads since we need a certain degree of multiplication for domain separation.</p>
13795
13796 <p>This should significantly increase I/O performance for multi-threaded workloads.</p>
13797 </blockquote>
13798
13799 <hr>
13800
13801 <h3><a href="http://boston.conman.org/2019/10/17.1" rel="nofollow">You know, we might as well just run every network service over HTTPS/2 and build another six layers on top of that to appease the OSI 7-layer burrito guys</a></h3>
13802
13803 <blockquote>
13804 <p>I've seen the writing on the wall, and while for now you can configure Firefox not to use DoH, I'm not confident enough to think it will remain that way. To that end, I've finally set up my own DoH server for use at Chez Boca. It only involved setting up my own CA to generate the appropriate certificates, install my CA certificate into Firefox, configure Apache to run over HTTP/2 (THANK YOU SO VERY XXXXXXX MUCH GOOGLE FOR SHOVING THIS HTTP/2 XXXXXXXX DOWN OUR THROATS!—no, I'm not bitter) and write a 150 line script that just queries my own local DNS, because, you know, it's more XXXXXXX secure or some XXXXXXXX reason like that.</p>
13805
13806 <p>Sigh.</p>
13807 </blockquote>
13808
13809 <hr>
13810
13811 <h2>Beastie Bits</h2>
13812
13813 <ul>
13814 <li><a href="https://www.princeton.edu/%7Ehos/Mahoney/unixhistory" rel="nofollow">An Oral History of Unix</a></li>
13815 <li><a href="https://people.freebsd.org/%7Egallatin/talks/euro2019.pdf" rel="nofollow">NUMA Siloing in the FreeBSD Network Stack [pdf]</a></li>
13816 <li><a href="https://www.youtube.com/playlist?list=PLskKNopggjc6NssLc8GEGSiFYJLYdlTQx" rel="nofollow">EuroBSDCon 2019 videos available</a></li>
13817 <li><a href="https://twitter.com/eksffa/status/1188638425567682560" rel="nofollow">Barbie knows best</a></li>
13818 <li><a href="https://twitter.com/bob_beck/status/1188226661684301824" rel="nofollow">For the #OpenBSD #e2k19 attendees. I did a pre visit today.</a></li>
13819 <li><a href="https://twitter.com/pasha_sh/status/1187877745499561985" rel="nofollow">Drawer Find</a></li>
13820 <li><a href="https://www.openbsd.org/papers/asiabsdcon2019-rop-slides.pdf" rel="nofollow">Slides - Removing ROP Gadgets from OpenBSD - AsiaBSDCon 2019</a></li>
13821 </ul>
13822
13823 <hr>
13824
13825 <h2>Feedback/Questions</h2>
13826
13827 <ul>
13828 <li>Bostjan - <a href="http://dpaste.com/1M5MVCX#wrap" rel="nofollow">Open source doesn't mean secure</a></li>
13829 <li>Malcolm - <a href="http://dpaste.com/2RFNR94" rel="nofollow">Allan is Correct.</a></li>
13830 <li><p>Michael - <a href="http://dpaste.com/28YW3BB#wrap" rel="nofollow">FreeNAS inside a Jail</a></p>
13831
13832 <hr></li>
13833 <li><p>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></p></li>
13834 </ul>
13835
13836 <hr>
13837
13838 <video controls preload="metadata" style=" width:426px; height:240px;">
13839 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0323.mp4" type="video/mp4">
13840 Your browser does not support the HTML5 video tag.
13841 </video>]]>
13842 </content:encoded>
13843 <itunes:summary>
13844 <![CDATA[<p>The earliest Unix code, how to replace fail2ban with blacklistd, OpenBSD crossed 400k commits, how to install Bolt CMS on FreeBSD, optimized hammer2, appeasing the OSI 7-layer burrito guys, and more.</p>
13845
13846 <h2>Headlines</h2>
13847
13848 <h3><a href="https://computerhistory.org/blog/the-earliest-unix-code-an-anniversary-source-code-release/" rel="nofollow">The Earliest Unix Code: An Anniversary Source Code Release</a></h3>
13849
13850 <blockquote>
13851 <p>What is it that runs the servers that hold our online world, be it the web or the cloud? What enables the mobile apps that are at the center of increasingly on-demand lives in the developed world and of mobile banking and messaging in the developing world? The answer is the operating system Unix and its many descendants: Linux, Android, BSD Unix, MacOS, iOS—the list goes on and on. Want to glimpse the Unix in your Mac? Open a Terminal window and enter “man roff” to view the Unix manual entry for an early text formatting program that lives within your operating system.</p>
13852
13853 <p>2019 marks the 50th anniversary of the start of Unix. In the summer of 1969, that same summer that saw humankind’s first steps on the surface of the Moon, computer scientists at the Bell Telephone Laboratories—most centrally Ken Thompson and Dennis Ritchie—began the construction of a new operating system, using a then-aging DEC PDP-7 computer at the labs.</p>
13854 </blockquote>
13855
13856 <hr>
13857
13858 <h3><a href="https://www.cbc.ca/radio/thecurrent/the-current-for-oct-29-2019-1.5339212/this-man-sent-the-first-online-message-50-years-ago-he-s-since-seen-the-web-s-dark-side-emerge-1.5339244" rel="nofollow">This man sent the first online message 50 years ago</a></h3>
13859
13860 <ul>
13861 <li>As many of you have heard in the past, the first online message ever sent between two computers was "lo", just over 50 years ago, on Oct. 29, 1969. </li>
13862 </ul>
13863
13864 <blockquote>
13865 <p>It was supposed to say "log," but the computer sending the message — based at UCLA — crashed before the letter "g" was typed. A computer at Stanford 560 kilometres away was supposed to fill in the remaining characters "in," as in "log in."</p>
13866 </blockquote>
13867
13868 <ul>
13869 <li>The CBC Radio show, “The Current” has a half-hour interview with the man who sent that message, Leonard Kleinrock, distinguished professor of computer science at UCLA</li>
13870 </ul>
13871
13872 <blockquote>
13873 <p>"The idea of the network was you could sit at one computer, log on through the network to a remote computer and use its services there,"</p>
13874
13875 <p>50 years later, the internet has become so ubiquitous that it has almost been rendered invisible. There's hardly an aspect in our daily lives that hasn't been touched and transformed by it.</p>
13876
13877 <p>Q: Take us back to that day 50 years ago. Did you have the sense that this was going to be something you'd be talking about a half a century later?</p>
13878
13879 <p>A: Well, yes and no. Four months before that message was sent, there was a press release that came out of UCLA in which it quotes me as describing what my vision for this network would become. Basically what it said is that this network would be always on, always available. Anybody with any device could get on at anytime from any location, and it would be invisible.</p>
13880
13881 <p>Well, what I missed ... was that this is going to become a social network. People talking to people. Not computers talking to computers, but [the] human element.</p>
13882
13883 <p>Q: Can you briefly explain what you were working on in that lab? Why were you trying to get computers to actually talk to one another?</p>
13884
13885 <p>A: As an MIT graduate student, years before, I recognized I was surrounded by computers and I realized there was no effective [or efficient] way for them to communicate. I did my dissertation, my research, on establishing a mathematical theory of how these networks would work. But there was no such network existing. AT&T said it won't work and, even if it does, we want nothing to do with it.</p>
13886
13887 <p>So I had to wait around for years until the Advanced Research Projects Agency within the Department of Defence decided they needed a network to connect together the computer scientists they were supervising and supporting.</p>
13888
13889 <p>Q: For all the promise of the internet, it has also developed some dark sides that I'm guessing pioneers like yourselves never anticipated.</p>
13890
13891 <p>A: We did not. I knew everybody on the internet at that time, and they were all well-behaved and they all believed in an open, shared free network. So we did not put in any security controls.</p>
13892
13893 <p>When the first spam email occurred, we began to see the dark side emerge as this network reached nefarious people sitting in basements with a high-speed connection, reaching out to millions of people instantaneously, at no cost in time or money, anonymously until all sorts of unpleasant events occurred, which we called the dark side.</p>
13894
13895 <p>But in those early days, I considered the network to be going through its teenage years. Hacking to spam, annoying kinds of effects. I thought that one day this network would mature and grow up. Well, in fact, it took a turn for the worse when nation states, organized crime and extremists came in and began to abuse the network in severe ways.</p>
13896
13897 <p>Q: Is there any part of you that regrets giving birth to this?</p>
13898
13899 <p>A: Absolutely not. The greater good is much more important.</p>
13900 </blockquote>
13901
13902 <hr>
13903
13904 <h2>News Roundup</h2>
13905
13906 <h3><a href="https://www.unitedbsd.com/d/63-how-to-use-blacklistd8-with-npf-as-a-fail2ban-replacement" rel="nofollow">How to use blacklistd(8) with NPF as a fail2ban replacement</a></h3>
13907
13908 <blockquote>
13909 <p>blacklistd(8) provides an API that can be used by network daemons to communicate with a packet filter via a daemon to enforce opening and closing ports dynamically based on policy.</p>
13910
13911 <p>The interface to the packet filter is in /libexec/blacklistd-helper (this is currently designed for npf) and the configuration file (inspired from inetd.conf) is in etc/blacklistd.conf</p>
13912
13913 <p>Now, blacklistd(8) will require bpfjit(4) (Just-In-Time compiler for Berkeley Packet Filter) in order to properly work, in addition to, naturally, npf(7) as frontend and syslogd(8), as a backend to print diagnostic messages. Also remember npf shall rely on the npflog* virtual network interface to provide logging for tcpdump() to use.</p>
13914
13915 <p>Unfortunately (dont' ask me why ??) in 8.1 all the required kernel components are still not compiled by default in the GENERIC kernel (though they are in HEAD), and are rather provided as modules. Enabling NPF and blacklistd services would normally result in them being automatically loaded as root, but predictably on securelevel=1 this is not going to happen.</p>
13916 </blockquote>
13917
13918 <ul>
13919 <li><a href="https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-blacklistd.html" rel="nofollow">FreeBSD’s handbook chapter on blacklistd</a></li>
13920 </ul>
13921
13922 <hr>
13923
13924 <h3><a href="https://marc.info/?l=openbsd-tech&m=157059352620659&w=2" rel="nofollow">OpenBSD crossed 400,000 commits</a></h3>
13925
13926 <blockquote>
13927 <p>Sometime in the last week OpenBSD crossed 400,000 commits (*) upon all our repositories since starting at 1995/10/18 08:37:01 Canada/Mountain. That's a lot of commits by a lot of amazing people.</p>
13928
13929 <p>(*) by one measure. Since the repository is so large and old, there are a variety of quirks including ChangeLog missing entries and branches not convertible to other repo forms, so measuring is hard. If you think you've got a great way of measuring, don't be so sure of yourself -- you may have overcounted or undercounted.</p>
13930 </blockquote>
13931
13932 <ul>
13933 <li>Subject to the notes Theo made about under and over counting, FreeBSD should hit 1 million commits (base + ports + docs) some time in 2020</li>
13934 <li>NetBSD + pkgsrc are approaching 600,000, but of course pkgsrc covers other operating systems too</li>
13935 </ul>
13936
13937 <hr>
13938
13939 <h3><a href="https://www.howtoforge.com/how-to-install-bolt-cms-nginx-ssl-on-freebsd-12/" rel="nofollow">How to Install Bolt CMS with Nginx and Let's Encrypt on FreeBSD 12</a></h3>
13940
13941 <blockquote>
13942 <p>Bolt is a sophisticated, lightweight and simple CMS built with PHP. It is released under the open-source MIT-license and source code is hosted as a public repository on Github. A bolt is a tool for Content Management, which strives to be as simple and straightforward as possible. It is quick to set up, easy to configure, uses elegant templates. Bolt is created using modern open-source libraries and is best suited to build sites in HTML5 with modern markup. In this tutorial, we will go through the Bolt CMS installation on FreeBSD 12 system by using Nginx as a web server, MySQL as a database server, and optionally you can secure the transport layer by using acme.sh client and Let's Encrypt certificate authority to add SSL support.</p>
13943 </blockquote>
13944
13945 <ul>
13946 <li>Requirements</li>
13947 <li>The system requirements for Bolt are modest, and it should run on any fairly modern web server:
13948
13949 <ul>
13950 <li>PHP version 5.5.9 or higher with the following common PHP extensions: pdo, mysqlnd, pgsql, openssl, curl, gd, intl, json, mbstring, opcache, posix, xml, fileinfo, exif, zip.</li>
13951 <li>Access to SQLite (which comes bundled with PHP), or MySQL or PostgreSQL.</li>
13952 <li>Apache with mod_rewrite enabled (.htaccess files) or Nginx (virtual host configuration covered below).</li>
13953 <li>A minimum of 32MB of memory allocated to PHP.</li>
13954 </ul></li>
13955 </ul>
13956
13957 <hr>
13958
13959 <h3><a href="http://lists.dragonflybsd.org/pipermail/commits/2019-September/719632.html" rel="nofollow">hammer2 - Optimize hammer2 support threads and dispatch</a></h3>
13960
13961 <blockquote>
13962 <p>Refactor the XOP groups in order to be able to queue strategy calls, whenever possible, to the same CPU as the issuer. This optimizes several cases and reduces unnecessary IPI traffic between cores. The next best thing to do would be to not queue certain XOPs to an H2 support thread at all, but I would like to keep the threads intact for later clustering work.<br><br>
13963 The best scaling case for this is when one has a large number of user threads doing I/O. One instance of a single-threaded program on an otherwise idle machine might see a slightly reduction in performance but at the same time we completely avoid unnecessarily spamming all cores in the system on the behalf of a single program, so overhead is also significantly lower.</p>
13964
13965 <p>This will tend to increase the number of H2 support threads since we need a certain degree of multiplication for domain separation.</p>
13966
13967 <p>This should significantly increase I/O performance for multi-threaded workloads.</p>
13968 </blockquote>
13969
13970 <hr>
13971
13972 <h3><a href="http://boston.conman.org/2019/10/17.1" rel="nofollow">You know, we might as well just run every network service over HTTPS/2 and build another six layers on top of that to appease the OSI 7-layer burrito guys</a></h3>
13973
13974 <blockquote>
13975 <p>I've seen the writing on the wall, and while for now you can configure Firefox not to use DoH, I'm not confident enough to think it will remain that way. To that end, I've finally set up my own DoH server for use at Chez Boca. It only involved setting up my own CA to generate the appropriate certificates, install my CA certificate into Firefox, configure Apache to run over HTTP/2 (THANK YOU SO VERY XXXXXXX MUCH GOOGLE FOR SHOVING THIS HTTP/2 XXXXXXXX DOWN OUR THROATS!—no, I'm not bitter) and write a 150 line script that just queries my own local DNS, because, you know, it's more XXXXXXX secure or some XXXXXXXX reason like that.</p>
13976
13977 <p>Sigh.</p>
13978 </blockquote>
13979
13980 <hr>
13981
13982 <h2>Beastie Bits</h2>
13983
13984 <ul>
13985 <li><a href="https://www.princeton.edu/%7Ehos/Mahoney/unixhistory" rel="nofollow">An Oral History of Unix</a></li>
13986 <li><a href="https://people.freebsd.org/%7Egallatin/talks/euro2019.pdf" rel="nofollow">NUMA Siloing in the FreeBSD Network Stack [pdf]</a></li>
13987 <li><a href="https://www.youtube.com/playlist?list=PLskKNopggjc6NssLc8GEGSiFYJLYdlTQx" rel="nofollow">EuroBSDCon 2019 videos available</a></li>
13988 <li><a href="https://twitter.com/eksffa/status/1188638425567682560" rel="nofollow">Barbie knows best</a></li>
13989 <li><a href="https://twitter.com/bob_beck/status/1188226661684301824" rel="nofollow">For the #OpenBSD #e2k19 attendees. I did a pre visit today.</a></li>
13990 <li><a href="https://twitter.com/pasha_sh/status/1187877745499561985" rel="nofollow">Drawer Find</a></li>
13991 <li><a href="https://www.openbsd.org/papers/asiabsdcon2019-rop-slides.pdf" rel="nofollow">Slides - Removing ROP Gadgets from OpenBSD - AsiaBSDCon 2019</a></li>
13992 </ul>
13993
13994 <hr>
13995
13996 <h2>Feedback/Questions</h2>
13997
13998 <ul>
13999 <li>Bostjan - <a href="http://dpaste.com/1M5MVCX#wrap" rel="nofollow">Open source doesn't mean secure</a></li>
14000 <li>Malcolm - <a href="http://dpaste.com/2RFNR94" rel="nofollow">Allan is Correct.</a></li>
14001 <li><p>Michael - <a href="http://dpaste.com/28YW3BB#wrap" rel="nofollow">FreeNAS inside a Jail</a></p>
14002
14003 <hr></li>
14004 <li><p>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></p></li>
14005 </ul>
14006
14007 <hr>
14008
14009 <video controls preload="metadata" style=" width:426px; height:240px;">
14010 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0323.mp4" type="video/mp4">
14011 Your browser does not support the HTML5 video tag.
14012 </video>]]>
14013 </itunes:summary>
14014 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+UtiLBigh</fireside:playerURL>
14015 <fireside:playerEmbedCode>
14016 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+UtiLBigh" width="740" height="200" frameborder="0" scrolling="no">]]>
14017 </fireside:playerEmbedCode>
14018 </item>
14019 <item>
14020 <title>322: Happy Birthday, Unix</title>
14021 <link>https://www.bsdnow.tv/322</link>
14022 <guid isPermaLink="false">9f37f100-02f4-4b71-9eeb-3e9fa09f147c</guid>
14023 <pubDate>Thu, 31 Oct 2019 04:00:00 -0700</pubDate>
14024 <author>Allan Jude</author>
14025 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/9f37f100-02f4-4b71-9eeb-3e9fa09f147c.mp3" length="49383869" type="audio/mp3"/>
14026 <itunes:episodeType>full</itunes:episodeType>
14027 <itunes:author>Allan Jude</itunes:author>
14028 <itunes:subtitle>Unix is 50, Hunting down Ken's PDP-7, OpenBSD and OPNSense have new releases, Clarification on what GhostBSD is, sshuttle - VPN over SSH, and more.</itunes:subtitle>
14029 <itunes:duration>1:07:30</itunes:duration>
14030 <itunes:explicit>no</itunes:explicit>
14031 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
14032 <description>Unix is 50, Hunting down Ken's PDP-7, OpenBSD and OPNSense have new releases, Clarification on what GhostBSD is, sshuttle - VPN over SSH, and more.
14033 Headlines
14034 Unix is 50 (https://www.bell-labs.com/unix50/)
14035 In the summer of 1969 computer scientists Ken Thompson and Dennis Ritchie created the first implementation of Unix with the goal of designing an elegant and economical operating system for a little-used PDP-7 minicomputer at Bell Labs. That modest project, however, would have a far-reaching legacy. Unix made large-scale networking of diverse computing systems — and the Internet — practical. The Unix team went on to develop the C language, which brought an unprecedented combination of efficiency and expressiveness to programming. Both made computing more "portable". Today, Linux, the most popular descendent of Unix, powers the vast majority of servers, and elements of Unix and Linux are found in most mobile devices. Meanwhile C++ remains one of the most widely used programming languages today. Unix may be a half-century old but its influence is only growing.
14036 Hunting down Ken's PDP-7: video footage found (https://bsdimp.blogspot.com/2019/10/video-footage-of-first-pdp-7-to-run-unix.html)
14037 In my prior blog post, I traced Ken's scrounged PDP-7 to SN 34. In this post I'll show that we have actual video footage of that PDP-7 due to an old film from Bell Labs. this gives us almost a minute of footage of the PDP-7 Ken later used to create Unix.
14038 News Roundup
14039 OpenBSD 6.6 Released (https://openbsd.org/66.html)
14040 Announce: https://marc.info/?l=openbsd-tech&m=157132024225971&w=2
14041 Upgrade Guide: https://openbsd.org/faq/upgrade66.html
14042 Changelog: https://openbsd.org/plus66.html
14043 OPNsense 19.7.5 released (https://opnsense.org/opnsense-19-7-5-released/)
14044 Hello friends and followers, Lots of plugin and ports updates this time with a few minor improvements in all core areas. Behind the scenes we are starting to migrate the base system to version
14045 12.1 which is supposed to hit the next 20.1 release. Stay tuned for more infos in the next month or so.
14046 Here are the full patch notes:
14047 + system: show all swap partitions in system information widget
14048 + system: flatten services_get() in preparation for removal
14049 + system: pin Syslog-ng version to specific package name
14050 + system: fix LDAP/StartTLS with user import page
14051 + system: fix a PHP warning on authentication server page
14052 + system: replace most subprocess.call use
14053 + interfaces: fix devd handling of carp devices (contributed by stumbaumr)
14054 + firewall: improve firewall rules inline toggles
14055 + firewall: only allow TCP flags on TCP protocol
14056 + firewall: simplify help text for direction setting
14057 + firewall: make protocol log summary case insensitive
14058 + reporting: ignore malformed flow records
14059 + captive portal: fix type mismatch for timeout read
14060 + dhcp: add note for static lease limitation with lease registration (contributed by Northguy)
14061 + ipsec: add margintime and rekeyfuzz options
14062 + ipsec: clear $dpdline correctly if not set
14063 + ui: fix tokenizer reorder on multiple saves
14064 + plugins: os-acme-client 1.26[1]
14065 + plugins: os-bind will reload bind on record change (contributed by blablup)
14066 + plugins: os-etpro-telemetry minor subprocess.call replacement
14067 + plugins: os-freeradius 1.9.4[2]
14068 + plugins: os-frr 1.12[3]
14069 + plugins: os-haproxy 2.19[4]
14070 + plugins: os-mailtrail 1.2[5]
14071 + plugins: os-postfix 1.11[6]
14072 + plugins: os-rspamd 1.8[7]
14073 + plugins: os-sunnyvalley LibreSSL support (contributed by Sunny Valley Networks)
14074 + plugins: os-telegraf 1.7.6[8]
14075 + plugins: os-theme-cicada 1.21 (contributed by Team Rebellion)
14076 + plugins: os-theme-tukan 1.21 (contributed by Team Rebellion)
14077 + plugins: os-tinc minor subprocess.call replacement
14078 + plugins: os-tor 1.8 adds dormant mode disable option (contributed by Fabian Franz)
14079 + plugins: os-virtualbox 1.0 (contributed by andrewhotlab)
14080 Dealing with the misunderstandings of what is GhostBSD (http://ghostbsd.org/node/194)
14081 Since the release of 19.09, I have seen a lot of misunderstandings on what is GhostBSD and the future of GhostBSD. GhostBSD is based on TrueOS with FreeBSD 12 STABLE with our twist to it. We are still continuing to use TrueOS for OpenRC, and the new package's system for the base system that is built from ports. GhostBSD is becoming a slow-moving rolling release base on the latest TrueOS with FreeBSD 12 STABLE. When FreeBSD 13 STABLE gets released, GhostBSD will be upgraded to TrueOS with FreeBSD 13 STABLE.
14082 Our official desktop is MATE, which means that the leading developer of GhostBSD does not officially support XFCE. Community releases are maintained by the community and for the community. GhostBSD project will provide help to build and to host the community release. If anyone wants to have a particular desktop supported, it is up to the community. Sure I will help where I can, answer questions and guide new community members that contribute to community release.
14083 There is some effort going on for Plasma5 desktop. If anyone is interested in helping with XFCE and Plasma5 or in creating another community release, you are well come to contribute. Also, Contribution to the GhostBSD base system, to ports and new ports, and in house software are welcome. We are mostly active on Telegram https://t.me/ghostbsd, but you can also reach us on the forum.
14084 SHUTTLE – VPN over SSH | VPN Alternative (https://www.terminalbytes.com/sshuttle-vpn-over-ssh-vpn-alternative/)
14085 Looking for a lightweight VPN client, but are not ready to spend a monthly recurring amount on a VPN? VPNs can be expensive depending upon the quality of service and amount of privacy you want. A good VPN plan can easily set you back by 10$ a month and even that doesn’t guarantee your privacy. There is no way to be sure whether the VPN is storing your confidential information and traffic logs or not. sshuttle is the answer to your problem it provides VPN over ssh and in this article we’re going to explore this cheap yet powerful alternative to the expensive VPNs. By using open source tools you can control your own privacy.
14086 VPN over SSH – sshuttle
14087 sshuttle is an awesome program that allows you to create a VPN connection from your local machine to any remote server that you have ssh access on. The tunnel established over the ssh connection can then be used to route all your traffic from client machine through the remote machine including all the dns traffic. In the bare bones sshuttle is just a proxy server which runs on the client machine and forwards all the traffic to a ssh tunnel. Since its open source it holds quite a lot of major advantages over traditional VPN.
14088 OpenSSH 8.1 Released (http://www.openssh.com/txt/release-8.1)
14089 Security
14090 ssh(1), sshd(8), ssh-add(1), ssh-keygen(1): an exploitable integer overflow bug was found in the private key parsing code for the XMSS key type. This key type is still experimental and support for it is not compiled by default. No user-facing autoconf option exists in portable OpenSSH to enable it. This bug was found by Adam Zabrocki and reported via SecuriTeam's SSD program.
14091 ssh(1), sshd(8), ssh-agent(1): add protection for private keys at rest in RAM against speculation and memory side-channel attacks like Spectre, Meltdown and Rambleed. This release encrypts private keys when they are not in use with a symmetric key that is derived from a relatively large "prekey" consisting of random data (currently 16KB).
14092 This release includes a number of changes that may affect existing configurations:
14093 ssh-keygen(1): when acting as a CA and signing certificates with an RSA key, default to using the rsa-sha2-512 signature algorithm. Certificates signed by RSA keys will therefore be incompatible with OpenSSH versions prior to 7.2 unless the default is overridden (using "ssh-keygen -t ssh-rsa -s ...").
14094 New Features
14095 ssh(1): Allow %n to be expanded in ProxyCommand strings
14096 ssh(1), sshd(8): Allow prepending a list of algorithms to the default set by starting the list with the '^' character, E.g. "HostKeyAlgorithms ^ssh-ed25519"
14097 ssh-keygen(1): add an experimental lightweight signature and verification ability. Signatures may be made using regular ssh keys held on disk or stored in a ssh-agent and verified against an authorized_keys-like list of allowed keys. Signatures embed a namespace that prevents confusion and attacks between different usage domains (e.g. files vs email).
14098 ssh-keygen(1): print key comment when extracting public key from a private key.
14099 ssh-keygen(1): accept the verbose flag when searching for host keys in known hosts (i.e. "ssh-keygen -vF host") to print the matching host's random-art signature too.
14100 All: support PKCS8 as an optional format for storage of private keys to disk. The OpenSSH native key format remains the default, but PKCS8 is a superior format to PEM if interoperability with non-OpenSSH software is required, as it may use a less insecure key derivation function than PEM's.
14101 Beastie Bits
14102 Say goodbye to the 32 CPU limit in NetBSD/aarch64 (https://twitter.com/jmcwhatever/status/1185584719183962112)
14103 vBSDcon 2019 videos (https://www.youtube.com/channel/UCvcdrOSlYOSzOzLjv_n1_GQ/videos)
14104 Browse the web in the terminal - W3M (https://www.youtube.com/watch?v=3Hfda0Tjqsg&feature=youtu.be)
14105 NetBSD 9 and GSoC (http://netbsd.org/~kamil/GSoC2019.html#slide1)
14106 BSDCan 2019 Videos (https://www.youtube.com/playlist?list=PLeF8ZihVdpFegPoAKppaDSoYmsBvpnSZv)
14107 NYC*BUG Install Fest: Nov 6th 18:45 @ Suspenders (https://www.nycbug.org/index?action=view&id=10673)
14108 FreeBSD Miniconf at linux.conf.au 2020 Call for Sessions Now Open (https://www.freebsdfoundation.org/blog/freebsd-miniconf-at-linux-conf-au-2020-call-for-sessions-now-open/)
14109 FOSDEM 2020 - BSD Devroom Call for Participation (https://people.freebsd.org/~rodrigo/fosdem20/)
14110 University of Cambridge looking for Research Assistants/Associates (https://twitter.com/ed_maste/status/1184865668317007874)
14111 Feedback/Questions
14112 Trenton - Beeping Thinkpad (http://dpaste.com/0ZEXNM6#wrap)
14113 Alex - Per user ZFS Datasets (http://dpaste.com/1K31A65#wrap)
14114 Allan’s old patch from 2015 (https://reviews.freebsd.org/D2272)
14115 Javier - FBSD 12.0 + ZFS + encryption (http://dpaste.com/1XX4NNA#wrap)
14116 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
14117 <video controls preload="metadata" style=" width:426px; height:240px;">
14118 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0322.mp4" type="video/mp4">
14119 Your browser does not support the HTML5 video tag.
14120 </video>
14121 </description>
14122 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, unix, 50 years unix, pdp 7, pdp, release, opnsense, ghostbsd, sshuttle, vpn, ssh, vpn over ssh, openssh</itunes:keywords>
14123 <content:encoded>
14124 <![CDATA[<p>Unix is 50, Hunting down Ken's PDP-7, OpenBSD and OPNSense have new releases, Clarification on what GhostBSD is, sshuttle - VPN over SSH, and more.</p>
14125
14126 <h2>Headlines</h2>
14127
14128 <h3><a href="https://www.bell-labs.com/unix50/" rel="nofollow">Unix is 50</a></h3>
14129
14130 <blockquote>
14131 <p>In the summer of 1969 computer scientists Ken Thompson and Dennis Ritchie created the first implementation of Unix with the goal of designing an elegant and economical operating system for a little-used PDP-7 minicomputer at Bell Labs. That modest project, however, would have a far-reaching legacy. Unix made large-scale networking of diverse computing systems — and the Internet — practical. The Unix team went on to develop the C language, which brought an unprecedented combination of efficiency and expressiveness to programming. Both made computing more "portable". Today, Linux, the most popular descendent of Unix, powers the vast majority of servers, and elements of Unix and Linux are found in most mobile devices. Meanwhile C++ remains one of the most widely used programming languages today. Unix may be a half-century old but its influence is only growing.</p>
14132 </blockquote>
14133
14134 <hr>
14135
14136 <h3><a href="https://bsdimp.blogspot.com/2019/10/video-footage-of-first-pdp-7-to-run-unix.html" rel="nofollow">Hunting down Ken's PDP-7: video footage found</a></h3>
14137
14138 <blockquote>
14139 <p>In my prior blog post, I traced Ken's scrounged PDP-7 to SN 34. In this post I'll show that we have actual video footage of that PDP-7 due to an old film from Bell Labs. this gives us almost a minute of footage of the PDP-7 Ken later used to create Unix.</p>
14140 </blockquote>
14141
14142 <hr>
14143
14144 <h2>News Roundup</h2>
14145
14146 <h3><a href="https://openbsd.org/66.html" rel="nofollow">OpenBSD 6.6 Released</a></h3>
14147
14148 <ul>
14149 <li>Announce: <a href="https://marc.info/?l=openbsd-tech&m=157132024225971&w=2" rel="nofollow">https://marc.info/?l=openbsd-tech&m=157132024225971&w=2</a></li>
14150 <li>Upgrade Guide: <a href="https://openbsd.org/faq/upgrade66.html" rel="nofollow">https://openbsd.org/faq/upgrade66.html</a></li>
14151 <li>Changelog: <a href="https://openbsd.org/plus66.html" rel="nofollow">https://openbsd.org/plus66.html</a></li>
14152 </ul>
14153
14154 <hr>
14155
14156 <h3><a href="https://opnsense.org/opnsense-19-7-5-released/" rel="nofollow">OPNsense 19.7.5 released</a></h3>
14157
14158 <blockquote>
14159 <p>Hello friends and followers, Lots of plugin and ports updates this time with a few minor improvements in all core areas. Behind the scenes we are starting to migrate the base system to version</p>
14160 </blockquote>
14161
14162 <p>12.1 which is supposed to hit the next 20.1 release. Stay tuned for more infos in the next month or so.</p>
14163
14164 <p>Here are the full patch notes:</p>
14165
14166 <ul>
14167 <li>system: show all swap partitions in system information widget</li>
14168 <li>system: flatten services_get() in preparation for removal</li>
14169 <li>system: pin Syslog-ng version to specific package name</li>
14170 <li>system: fix LDAP/StartTLS with user import page</li>
14171 <li>system: fix a PHP warning on authentication server page</li>
14172 <li>system: replace most subprocess.call use</li>
14173 <li>interfaces: fix devd handling of carp devices (contributed by stumbaumr)</li>
14174 <li>firewall: improve firewall rules inline toggles</li>
14175 <li>firewall: only allow TCP flags on TCP protocol</li>
14176 <li>firewall: simplify help text for direction setting</li>
14177 <li>firewall: make protocol log summary case insensitive</li>
14178 <li>reporting: ignore malformed flow records</li>
14179 <li>captive portal: fix type mismatch for timeout read</li>
14180 <li>dhcp: add note for static lease limitation with lease registration (contributed by Northguy)</li>
14181 <li>ipsec: add margintime and rekeyfuzz options</li>
14182 <li>ipsec: clear $dpdline correctly if not set</li>
14183 <li>ui: fix tokenizer reorder on multiple saves</li>
14184 <li>plugins: os-acme-client 1.26[1]</li>
14185 <li>plugins: os-bind will reload bind on record change (contributed by blablup)</li>
14186 <li>plugins: os-etpro-telemetry minor subprocess.call replacement</li>
14187 <li>plugins: os-freeradius 1.9.4[2]</li>
14188 <li>plugins: os-frr 1.12[3]</li>
14189 <li>plugins: os-haproxy 2.19[4]</li>
14190 <li>plugins: os-mailtrail 1.2[5]</li>
14191 <li>plugins: os-postfix 1.11[6]</li>
14192 <li>plugins: os-rspamd 1.8[7]</li>
14193 <li>plugins: os-sunnyvalley LibreSSL support (contributed by Sunny Valley Networks)</li>
14194 <li>plugins: os-telegraf 1.7.6[8]</li>
14195 <li>plugins: os-theme-cicada 1.21 (contributed by Team Rebellion)</li>
14196 <li>plugins: os-theme-tukan 1.21 (contributed by Team Rebellion)</li>
14197 <li>plugins: os-tinc minor subprocess.call replacement</li>
14198 <li>plugins: os-tor 1.8 adds dormant mode disable option (contributed by Fabian Franz)</li>
14199 <li>plugins: os-virtualbox 1.0 (contributed by andrewhotlab)</li>
14200 </ul>
14201
14202 <hr>
14203
14204 <h3><a href="http://ghostbsd.org/node/194" rel="nofollow">Dealing with the misunderstandings of what is GhostBSD</a></h3>
14205
14206 <blockquote>
14207 <p>Since the release of 19.09, I have seen a lot of misunderstandings on what is GhostBSD and the future of GhostBSD. GhostBSD is based on TrueOS with FreeBSD 12 STABLE with our twist to it. We are still continuing to use TrueOS for OpenRC, and the new package's system for the base system that is built from ports. GhostBSD is becoming a slow-moving rolling release base on the latest TrueOS with FreeBSD 12 STABLE. When FreeBSD 13 STABLE gets released, GhostBSD will be upgraded to TrueOS with FreeBSD 13 STABLE.</p>
14208
14209 <p>Our official desktop is MATE, which means that the leading developer of GhostBSD does not officially support XFCE. Community releases are maintained by the community and for the community. GhostBSD project will provide help to build and to host the community release. If anyone wants to have a particular desktop supported, it is up to the community. Sure I will help where I can, answer questions and guide new community members that contribute to community release.</p>
14210
14211 <p>There is some effort going on for Plasma5 desktop. If anyone is interested in helping with XFCE and Plasma5 or in creating another community release, you are well come to contribute. Also, Contribution to the GhostBSD base system, to ports and new ports, and in house software are welcome. We are mostly active on Telegram <a href="https://t.me/ghostbsd" rel="nofollow">https://t.me/ghostbsd</a>, but you can also reach us on the forum.</p>
14212 </blockquote>
14213
14214 <hr>
14215
14216 <h3><a href="https://www.terminalbytes.com/sshuttle-vpn-over-ssh-vpn-alternative/" rel="nofollow">SHUTTLE – VPN over SSH | VPN Alternative</a></h3>
14217
14218 <blockquote>
14219 <p>Looking for a lightweight VPN client, but are not ready to spend a monthly recurring amount on a VPN? VPNs can be expensive depending upon the quality of service and amount of privacy you want. A good VPN plan can easily set you back by 10$ a month and even that doesn’t guarantee your privacy. There is no way to be sure whether the VPN is storing your confidential information and traffic logs or not. sshuttle is the answer to your problem it provides VPN over ssh and in this article we’re going to explore this cheap yet powerful alternative to the expensive VPNs. By using open source tools you can control your own privacy.</p>
14220 </blockquote>
14221
14222 <ul>
14223 <li>VPN over SSH – sshuttle</li>
14224 </ul>
14225
14226 <blockquote>
14227 <p>sshuttle is an awesome program that allows you to create a VPN connection from your local machine to any remote server that you have ssh access on. The tunnel established over the ssh connection can then be used to route all your traffic from client machine through the remote machine including all the dns traffic. In the bare bones sshuttle is just a proxy server which runs on the client machine and forwards all the traffic to a ssh tunnel. Since its open source it holds quite a lot of major advantages over traditional VPN.</p>
14228 </blockquote>
14229
14230 <hr>
14231
14232 <h3><a href="http://www.openssh.com/txt/release-8.1" rel="nofollow">OpenSSH 8.1 Released</a></h3>
14233
14234 <ul>
14235 <li><p>Security</p>
14236
14237 <ul>
14238 <li>ssh(1), sshd(8), ssh-add(1), ssh-keygen(1): an exploitable integer overflow bug was found in the private key parsing code for the XMSS key type. This key type is still experimental and support for it is not compiled by default. No user-facing autoconf option exists in portable OpenSSH to enable it. This bug was found by Adam Zabrocki and reported via SecuriTeam's SSD program.</li>
14239 <li>ssh(1), sshd(8), ssh-agent(1): add protection for private keys at rest in RAM against speculation and memory side-channel attacks like Spectre, Meltdown and Rambleed. This release encrypts private keys when they are not in use with a symmetric key that is derived from a relatively large "prekey" consisting of random data (currently 16KB).</li>
14240 </ul></li>
14241 <li><p>This release includes a number of changes that may affect existing configurations:</p>
14242
14243 <ul>
14244 <li>ssh-keygen(1): when acting as a CA and signing certificates with an RSA key, default to using the rsa-sha2-512 signature algorithm. Certificates signed by RSA keys will therefore be incompatible with OpenSSH versions prior to 7.2 unless the default is overridden (using "ssh-keygen -t ssh-rsa -s ...").</li>
14245 </ul></li>
14246 <li><p>New Features</p>
14247
14248 <ul>
14249 <li>ssh(1): Allow %n to be expanded in ProxyCommand strings</li>
14250 <li>ssh(1), sshd(8): Allow prepending a list of algorithms to the default set by starting the list with the '<sup>'</sup> character, E.g. "HostKeyAlgorithms <sup>ssh-ed25519"</sup></li>
14251 <li>ssh-keygen(1): add an experimental lightweight signature and verification ability. Signatures may be made using regular ssh keys held on disk or stored in a ssh-agent and verified against an authorized_keys-like list of allowed keys. Signatures embed a namespace that prevents confusion and attacks between different usage domains (e.g. files vs email).</li>
14252 <li>ssh-keygen(1): print key comment when extracting public key from a private key.</li>
14253 <li>ssh-keygen(1): accept the verbose flag when searching for host keys in known hosts (i.e. "ssh-keygen -vF host") to print the matching host's random-art signature too.</li>
14254 <li>All: support PKCS8 as an optional format for storage of private keys to disk. The OpenSSH native key format remains the default, but PKCS8 is a superior format to PEM if interoperability with non-OpenSSH software is required, as it may use a less insecure key derivation function than PEM's.</li>
14255 </ul></li>
14256 </ul>
14257
14258 <hr>
14259
14260 <h2>Beastie Bits</h2>
14261
14262 <ul>
14263 <li><a href="https://twitter.com/jmcwhatever/status/1185584719183962112" rel="nofollow">Say goodbye to the 32 CPU limit in NetBSD/aarch64</a></li>
14264 <li><a href="https://www.youtube.com/channel/UCvcdrOSlYOSzOzLjv_n1_GQ/videos" rel="nofollow">vBSDcon 2019 videos</a></li>
14265 <li><a href="https://www.youtube.com/watch?v=3Hfda0Tjqsg&feature=youtu.be" rel="nofollow">Browse the web in the terminal - W3M</a></li>
14266 <li><a href="http://netbsd.org/%7Ekamil/GSoC2019.html#slide1" rel="nofollow">NetBSD 9 and GSoC</a></li>
14267 <li><a href="https://www.youtube.com/playlist?list=PLeF8ZihVdpFegPoAKppaDSoYmsBvpnSZv" rel="nofollow">BSDCan 2019 Videos</a></li>
14268 <li><a href="https://www.nycbug.org/index?action=view&id=10673" rel="nofollow">NYC*BUG Install Fest: Nov 6th 18:45 @ Suspenders</a></li>
14269 <li><a href="https://www.freebsdfoundation.org/blog/freebsd-miniconf-at-linux-conf-au-2020-call-for-sessions-now-open/" rel="nofollow">FreeBSD Miniconf at linux.conf.au 2020 Call for Sessions Now Open</a></li>
14270 <li><a href="https://people.freebsd.org/%7Erodrigo/fosdem20/" rel="nofollow">FOSDEM 2020 - BSD Devroom Call for Participation</a></li>
14271 <li><a href="https://twitter.com/ed_maste/status/1184865668317007874" rel="nofollow">University of Cambridge looking for Research Assistants/Associates</a></li>
14272 </ul>
14273
14274 <hr>
14275
14276 <h2>Feedback/Questions</h2>
14277
14278 <ul>
14279 <li>Trenton - <a href="http://dpaste.com/0ZEXNM6#wrap" rel="nofollow">Beeping Thinkpad</a></li>
14280 <li>Alex - <a href="http://dpaste.com/1K31A65#wrap" rel="nofollow">Per user ZFS Datasets</a>
14281
14282 <ul>
14283 <li><a href="https://reviews.freebsd.org/D2272" rel="nofollow">Allan’s old patch from 2015</a></li>
14284 </ul></li>
14285 <li>Javier - <a href="http://dpaste.com/1XX4NNA#wrap" rel="nofollow">FBSD 12.0 + ZFS + encryption</a></li>
14286 </ul>
14287
14288 <hr>
14289
14290 <ul>
14291 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
14292 </ul>
14293
14294 <hr>
14295
14296 <video controls preload="metadata" style=" width:426px; height:240px;">
14297 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0322.mp4" type="video/mp4">
14298 Your browser does not support the HTML5 video tag.
14299 </video>]]>
14300 </content:encoded>
14301 <itunes:summary>
14302 <![CDATA[<p>Unix is 50, Hunting down Ken's PDP-7, OpenBSD and OPNSense have new releases, Clarification on what GhostBSD is, sshuttle - VPN over SSH, and more.</p>
14303
14304 <h2>Headlines</h2>
14305
14306 <h3><a href="https://www.bell-labs.com/unix50/" rel="nofollow">Unix is 50</a></h3>
14307
14308 <blockquote>
14309 <p>In the summer of 1969 computer scientists Ken Thompson and Dennis Ritchie created the first implementation of Unix with the goal of designing an elegant and economical operating system for a little-used PDP-7 minicomputer at Bell Labs. That modest project, however, would have a far-reaching legacy. Unix made large-scale networking of diverse computing systems — and the Internet — practical. The Unix team went on to develop the C language, which brought an unprecedented combination of efficiency and expressiveness to programming. Both made computing more "portable". Today, Linux, the most popular descendent of Unix, powers the vast majority of servers, and elements of Unix and Linux are found in most mobile devices. Meanwhile C++ remains one of the most widely used programming languages today. Unix may be a half-century old but its influence is only growing.</p>
14310 </blockquote>
14311
14312 <hr>
14313
14314 <h3><a href="https://bsdimp.blogspot.com/2019/10/video-footage-of-first-pdp-7-to-run-unix.html" rel="nofollow">Hunting down Ken's PDP-7: video footage found</a></h3>
14315
14316 <blockquote>
14317 <p>In my prior blog post, I traced Ken's scrounged PDP-7 to SN 34. In this post I'll show that we have actual video footage of that PDP-7 due to an old film from Bell Labs. this gives us almost a minute of footage of the PDP-7 Ken later used to create Unix.</p>
14318 </blockquote>
14319
14320 <hr>
14321
14322 <h2>News Roundup</h2>
14323
14324 <h3><a href="https://openbsd.org/66.html" rel="nofollow">OpenBSD 6.6 Released</a></h3>
14325
14326 <ul>
14327 <li>Announce: <a href="https://marc.info/?l=openbsd-tech&m=157132024225971&w=2" rel="nofollow">https://marc.info/?l=openbsd-tech&m=157132024225971&w=2</a></li>
14328 <li>Upgrade Guide: <a href="https://openbsd.org/faq/upgrade66.html" rel="nofollow">https://openbsd.org/faq/upgrade66.html</a></li>
14329 <li>Changelog: <a href="https://openbsd.org/plus66.html" rel="nofollow">https://openbsd.org/plus66.html</a></li>
14330 </ul>
14331
14332 <hr>
14333
14334 <h3><a href="https://opnsense.org/opnsense-19-7-5-released/" rel="nofollow">OPNsense 19.7.5 released</a></h3>
14335
14336 <blockquote>
14337 <p>Hello friends and followers, Lots of plugin and ports updates this time with a few minor improvements in all core areas. Behind the scenes we are starting to migrate the base system to version</p>
14338 </blockquote>
14339
14340 <p>12.1 which is supposed to hit the next 20.1 release. Stay tuned for more infos in the next month or so.</p>
14341
14342 <p>Here are the full patch notes:</p>
14343
14344 <ul>
14345 <li>system: show all swap partitions in system information widget</li>
14346 <li>system: flatten services_get() in preparation for removal</li>
14347 <li>system: pin Syslog-ng version to specific package name</li>
14348 <li>system: fix LDAP/StartTLS with user import page</li>
14349 <li>system: fix a PHP warning on authentication server page</li>
14350 <li>system: replace most subprocess.call use</li>
14351 <li>interfaces: fix devd handling of carp devices (contributed by stumbaumr)</li>
14352 <li>firewall: improve firewall rules inline toggles</li>
14353 <li>firewall: only allow TCP flags on TCP protocol</li>
14354 <li>firewall: simplify help text for direction setting</li>
14355 <li>firewall: make protocol log summary case insensitive</li>
14356 <li>reporting: ignore malformed flow records</li>
14357 <li>captive portal: fix type mismatch for timeout read</li>
14358 <li>dhcp: add note for static lease limitation with lease registration (contributed by Northguy)</li>
14359 <li>ipsec: add margintime and rekeyfuzz options</li>
14360 <li>ipsec: clear $dpdline correctly if not set</li>
14361 <li>ui: fix tokenizer reorder on multiple saves</li>
14362 <li>plugins: os-acme-client 1.26[1]</li>
14363 <li>plugins: os-bind will reload bind on record change (contributed by blablup)</li>
14364 <li>plugins: os-etpro-telemetry minor subprocess.call replacement</li>
14365 <li>plugins: os-freeradius 1.9.4[2]</li>
14366 <li>plugins: os-frr 1.12[3]</li>
14367 <li>plugins: os-haproxy 2.19[4]</li>
14368 <li>plugins: os-mailtrail 1.2[5]</li>
14369 <li>plugins: os-postfix 1.11[6]</li>
14370 <li>plugins: os-rspamd 1.8[7]</li>
14371 <li>plugins: os-sunnyvalley LibreSSL support (contributed by Sunny Valley Networks)</li>
14372 <li>plugins: os-telegraf 1.7.6[8]</li>
14373 <li>plugins: os-theme-cicada 1.21 (contributed by Team Rebellion)</li>
14374 <li>plugins: os-theme-tukan 1.21 (contributed by Team Rebellion)</li>
14375 <li>plugins: os-tinc minor subprocess.call replacement</li>
14376 <li>plugins: os-tor 1.8 adds dormant mode disable option (contributed by Fabian Franz)</li>
14377 <li>plugins: os-virtualbox 1.0 (contributed by andrewhotlab)</li>
14378 </ul>
14379
14380 <hr>
14381
14382 <h3><a href="http://ghostbsd.org/node/194" rel="nofollow">Dealing with the misunderstandings of what is GhostBSD</a></h3>
14383
14384 <blockquote>
14385 <p>Since the release of 19.09, I have seen a lot of misunderstandings on what is GhostBSD and the future of GhostBSD. GhostBSD is based on TrueOS with FreeBSD 12 STABLE with our twist to it. We are still continuing to use TrueOS for OpenRC, and the new package's system for the base system that is built from ports. GhostBSD is becoming a slow-moving rolling release base on the latest TrueOS with FreeBSD 12 STABLE. When FreeBSD 13 STABLE gets released, GhostBSD will be upgraded to TrueOS with FreeBSD 13 STABLE.</p>
14386
14387 <p>Our official desktop is MATE, which means that the leading developer of GhostBSD does not officially support XFCE. Community releases are maintained by the community and for the community. GhostBSD project will provide help to build and to host the community release. If anyone wants to have a particular desktop supported, it is up to the community. Sure I will help where I can, answer questions and guide new community members that contribute to community release.</p>
14388
14389 <p>There is some effort going on for Plasma5 desktop. If anyone is interested in helping with XFCE and Plasma5 or in creating another community release, you are well come to contribute. Also, Contribution to the GhostBSD base system, to ports and new ports, and in house software are welcome. We are mostly active on Telegram <a href="https://t.me/ghostbsd" rel="nofollow">https://t.me/ghostbsd</a>, but you can also reach us on the forum.</p>
14390 </blockquote>
14391
14392 <hr>
14393
14394 <h3><a href="https://www.terminalbytes.com/sshuttle-vpn-over-ssh-vpn-alternative/" rel="nofollow">SHUTTLE – VPN over SSH | VPN Alternative</a></h3>
14395
14396 <blockquote>
14397 <p>Looking for a lightweight VPN client, but are not ready to spend a monthly recurring amount on a VPN? VPNs can be expensive depending upon the quality of service and amount of privacy you want. A good VPN plan can easily set you back by 10$ a month and even that doesn’t guarantee your privacy. There is no way to be sure whether the VPN is storing your confidential information and traffic logs or not. sshuttle is the answer to your problem it provides VPN over ssh and in this article we’re going to explore this cheap yet powerful alternative to the expensive VPNs. By using open source tools you can control your own privacy.</p>
14398 </blockquote>
14399
14400 <ul>
14401 <li>VPN over SSH – sshuttle</li>
14402 </ul>
14403
14404 <blockquote>
14405 <p>sshuttle is an awesome program that allows you to create a VPN connection from your local machine to any remote server that you have ssh access on. The tunnel established over the ssh connection can then be used to route all your traffic from client machine through the remote machine including all the dns traffic. In the bare bones sshuttle is just a proxy server which runs on the client machine and forwards all the traffic to a ssh tunnel. Since its open source it holds quite a lot of major advantages over traditional VPN.</p>
14406 </blockquote>
14407
14408 <hr>
14409
14410 <h3><a href="http://www.openssh.com/txt/release-8.1" rel="nofollow">OpenSSH 8.1 Released</a></h3>
14411
14412 <ul>
14413 <li><p>Security</p>
14414
14415 <ul>
14416 <li>ssh(1), sshd(8), ssh-add(1), ssh-keygen(1): an exploitable integer overflow bug was found in the private key parsing code for the XMSS key type. This key type is still experimental and support for it is not compiled by default. No user-facing autoconf option exists in portable OpenSSH to enable it. This bug was found by Adam Zabrocki and reported via SecuriTeam's SSD program.</li>
14417 <li>ssh(1), sshd(8), ssh-agent(1): add protection for private keys at rest in RAM against speculation and memory side-channel attacks like Spectre, Meltdown and Rambleed. This release encrypts private keys when they are not in use with a symmetric key that is derived from a relatively large "prekey" consisting of random data (currently 16KB).</li>
14418 </ul></li>
14419 <li><p>This release includes a number of changes that may affect existing configurations:</p>
14420
14421 <ul>
14422 <li>ssh-keygen(1): when acting as a CA and signing certificates with an RSA key, default to using the rsa-sha2-512 signature algorithm. Certificates signed by RSA keys will therefore be incompatible with OpenSSH versions prior to 7.2 unless the default is overridden (using "ssh-keygen -t ssh-rsa -s ...").</li>
14423 </ul></li>
14424 <li><p>New Features</p>
14425
14426 <ul>
14427 <li>ssh(1): Allow %n to be expanded in ProxyCommand strings</li>
14428 <li>ssh(1), sshd(8): Allow prepending a list of algorithms to the default set by starting the list with the '<sup>'</sup> character, E.g. "HostKeyAlgorithms <sup>ssh-ed25519"</sup></li>
14429 <li>ssh-keygen(1): add an experimental lightweight signature and verification ability. Signatures may be made using regular ssh keys held on disk or stored in a ssh-agent and verified against an authorized_keys-like list of allowed keys. Signatures embed a namespace that prevents confusion and attacks between different usage domains (e.g. files vs email).</li>
14430 <li>ssh-keygen(1): print key comment when extracting public key from a private key.</li>
14431 <li>ssh-keygen(1): accept the verbose flag when searching for host keys in known hosts (i.e. "ssh-keygen -vF host") to print the matching host's random-art signature too.</li>
14432 <li>All: support PKCS8 as an optional format for storage of private keys to disk. The OpenSSH native key format remains the default, but PKCS8 is a superior format to PEM if interoperability with non-OpenSSH software is required, as it may use a less insecure key derivation function than PEM's.</li>
14433 </ul></li>
14434 </ul>
14435
14436 <hr>
14437
14438 <h2>Beastie Bits</h2>
14439
14440 <ul>
14441 <li><a href="https://twitter.com/jmcwhatever/status/1185584719183962112" rel="nofollow">Say goodbye to the 32 CPU limit in NetBSD/aarch64</a></li>
14442 <li><a href="https://www.youtube.com/channel/UCvcdrOSlYOSzOzLjv_n1_GQ/videos" rel="nofollow">vBSDcon 2019 videos</a></li>
14443 <li><a href="https://www.youtube.com/watch?v=3Hfda0Tjqsg&feature=youtu.be" rel="nofollow">Browse the web in the terminal - W3M</a></li>
14444 <li><a href="http://netbsd.org/%7Ekamil/GSoC2019.html#slide1" rel="nofollow">NetBSD 9 and GSoC</a></li>
14445 <li><a href="https://www.youtube.com/playlist?list=PLeF8ZihVdpFegPoAKppaDSoYmsBvpnSZv" rel="nofollow">BSDCan 2019 Videos</a></li>
14446 <li><a href="https://www.nycbug.org/index?action=view&id=10673" rel="nofollow">NYC*BUG Install Fest: Nov 6th 18:45 @ Suspenders</a></li>
14447 <li><a href="https://www.freebsdfoundation.org/blog/freebsd-miniconf-at-linux-conf-au-2020-call-for-sessions-now-open/" rel="nofollow">FreeBSD Miniconf at linux.conf.au 2020 Call for Sessions Now Open</a></li>
14448 <li><a href="https://people.freebsd.org/%7Erodrigo/fosdem20/" rel="nofollow">FOSDEM 2020 - BSD Devroom Call for Participation</a></li>
14449 <li><a href="https://twitter.com/ed_maste/status/1184865668317007874" rel="nofollow">University of Cambridge looking for Research Assistants/Associates</a></li>
14450 </ul>
14451
14452 <hr>
14453
14454 <h2>Feedback/Questions</h2>
14455
14456 <ul>
14457 <li>Trenton - <a href="http://dpaste.com/0ZEXNM6#wrap" rel="nofollow">Beeping Thinkpad</a></li>
14458 <li>Alex - <a href="http://dpaste.com/1K31A65#wrap" rel="nofollow">Per user ZFS Datasets</a>
14459
14460 <ul>
14461 <li><a href="https://reviews.freebsd.org/D2272" rel="nofollow">Allan’s old patch from 2015</a></li>
14462 </ul></li>
14463 <li>Javier - <a href="http://dpaste.com/1XX4NNA#wrap" rel="nofollow">FBSD 12.0 + ZFS + encryption</a></li>
14464 </ul>
14465
14466 <hr>
14467
14468 <ul>
14469 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
14470 </ul>
14471
14472 <hr>
14473
14474 <video controls preload="metadata" style=" width:426px; height:240px;">
14475 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0322.mp4" type="video/mp4">
14476 Your browser does not support the HTML5 video tag.
14477 </video>]]>
14478 </itunes:summary>
14479 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+3OsGiuHv</fireside:playerURL>
14480 <fireside:playerEmbedCode>
14481 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+3OsGiuHv" width="740" height="200" frameborder="0" scrolling="no">]]>
14482 </fireside:playerEmbedCode>
14483 </item>
14484 <item>
14485 <title>321: The Robot OS</title>
14486 <link>https://www.bsdnow.tv/321</link>
14487 <guid isPermaLink="false">fca983bf-93c9-460f-8c32-3b32663d463d</guid>
14488 <pubDate>Wed, 23 Oct 2019 20:00:00 -0700</pubDate>
14489 <author>Allan Jude</author>
14490 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/fca983bf-93c9-460f-8c32-3b32663d463d.mp3" length="39796738" type="audio/mp3"/>
14491 <itunes:episodeType>full</itunes:episodeType>
14492 <itunes:author>Allan Jude</itunes:author>
14493 <itunes:subtitle>An interview with Trenton Schulz about his early days with FreeBSD, Robot OS, Qt, and more.</itunes:subtitle>
14494 <itunes:duration>55:16</itunes:duration>
14495 <itunes:explicit>no</itunes:explicit>
14496 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
14497 <description>An interview with Trenton Schulz about his early days with FreeBSD, Robot OS, Qt, and more.
14498 Interview - Trenton Schulz - freenas@norwegianrockcat.com (mailto:freenas@norwegianrockcat.com)
14499 Robot OS on FreeBSD
14500 BR: Welcome to the show. Can you tell us a little bit about yourself and how you got started with BSD?
14501 AJ: You were working for Trolltech (creators of Qt). Was FreeBSD used there and how?
14502 BR: Can you tell us more about the work you are doing with Robot OS on FreeBSD?
14503 AJ: Was EuroBSDcon your first BSD conference? How did you like it?
14504 BR: Do you have some tips or advice on how to get started with the BSDs?
14505 AJ: Is there anything else you’d like to tell us before we let you go?
14506 Beastie Bits
14507 FreeBSD Miniconf at linux.conf.au 2020 Call for Sessions Now Open (https://www.freebsdfoundation.org/blog/freebsd-miniconf-at-linux-conf-au-2020-call-for-sessions-now-open/)
14508 Portland BSD Pizza Night: Oct 24th, 19:00 @ Rudy’s Gourmet Pizza (http://calagator.org/events/1250476319)
14509 NYC*BUG Install Fest: Nov 6th 18:45 @ Suspenders (https://www.nycbug.org/index?action=view&id=10673)
14510 FOSDEM 2020 - BSD Devroom Call for Participation (https://people.freebsd.org/~rodrigo/fosdem20/)
14511 University of Cambridge looking for Research Assistants/Associates (https://twitter.com/ed_maste/status/1184865668317007874)
14512 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
14513 <video controls preload="metadata" style=" width:426px; height:240px;">
14514 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0321.mp4" type="video/mp4">
14515 Your browser does not support the HTML5 video tag.
14516 </video> Special Guest: Trenton Shulz.
14517 </description>
14518 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, unix at 50, unix code, source code, release, Ken Thompson, pdp-7, pdp 7</itunes:keywords>
14519 <content:encoded>
14520 <![CDATA[<p>An interview with Trenton Schulz about his early days with FreeBSD, Robot OS, Qt, and more.</p>
14521
14522 <h2>Interview - Trenton Schulz - <a href="mailto:freenas@norwegianrockcat.com" rel="nofollow">freenas@norwegianrockcat.com</a></h2>
14523
14524 <p>Robot OS on FreeBSD</p>
14525
14526 <ul>
14527 <li><strong>BR:</strong> Welcome to the show. Can you tell us a little bit about yourself and how you got started with BSD?</li>
14528 <li><strong>AJ:</strong> You were working for Trolltech (creators of Qt). Was FreeBSD used there and how?</li>
14529 <li><strong>BR:</strong> Can you tell us more about the work you are doing with Robot OS on FreeBSD?</li>
14530 <li><strong>AJ:</strong> Was EuroBSDcon your first BSD conference? How did you like it?</li>
14531 <li><strong>BR:</strong> Do you have some tips or advice on how to get started with the BSDs?</li>
14532 <li><strong>AJ:</strong> Is there anything else you’d like to tell us before we let you go?</li>
14533 </ul>
14534
14535 <hr>
14536
14537 <h2>Beastie Bits</h2>
14538
14539 <ul>
14540 <li><a href="https://www.freebsdfoundation.org/blog/freebsd-miniconf-at-linux-conf-au-2020-call-for-sessions-now-open/" rel="nofollow">FreeBSD Miniconf at linux.conf.au 2020 Call for Sessions Now Open</a></li>
14541 <li><a href="http://calagator.org/events/1250476319" rel="nofollow">Portland BSD Pizza Night: Oct 24th, 19:00 @ Rudy’s Gourmet Pizza</a></li>
14542 <li><a href="https://www.nycbug.org/index?action=view&id=10673" rel="nofollow">NYC*BUG Install Fest: Nov 6th 18:45 @ Suspenders </a></li>
14543 <li><a href="https://people.freebsd.org/%7Erodrigo/fosdem20/" rel="nofollow">FOSDEM 2020 - BSD Devroom Call for Participation</a></li>
14544 <li><a href="https://twitter.com/ed_maste/status/1184865668317007874" rel="nofollow">University of Cambridge looking for Research Assistants/Associates</a></li>
14545 </ul>
14546
14547 <hr>
14548
14549 <ul>
14550 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
14551 </ul>
14552
14553 <hr>
14554
14555 <video controls preload="metadata" style=" width:426px; height:240px;">
14556 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0321.mp4" type="video/mp4">
14557 Your browser does not support the HTML5 video tag.
14558 </video><p>Special Guest: Trenton Shulz.</p>]]>
14559 </content:encoded>
14560 <itunes:summary>
14561 <![CDATA[<p>An interview with Trenton Schulz about his early days with FreeBSD, Robot OS, Qt, and more.</p>
14562
14563 <h2>Interview - Trenton Schulz - <a href="mailto:freenas@norwegianrockcat.com" rel="nofollow">freenas@norwegianrockcat.com</a></h2>
14564
14565 <p>Robot OS on FreeBSD</p>
14566
14567 <ul>
14568 <li><strong>BR:</strong> Welcome to the show. Can you tell us a little bit about yourself and how you got started with BSD?</li>
14569 <li><strong>AJ:</strong> You were working for Trolltech (creators of Qt). Was FreeBSD used there and how?</li>
14570 <li><strong>BR:</strong> Can you tell us more about the work you are doing with Robot OS on FreeBSD?</li>
14571 <li><strong>AJ:</strong> Was EuroBSDcon your first BSD conference? How did you like it?</li>
14572 <li><strong>BR:</strong> Do you have some tips or advice on how to get started with the BSDs?</li>
14573 <li><strong>AJ:</strong> Is there anything else you’d like to tell us before we let you go?</li>
14574 </ul>
14575
14576 <hr>
14577
14578 <h2>Beastie Bits</h2>
14579
14580 <ul>
14581 <li><a href="https://www.freebsdfoundation.org/blog/freebsd-miniconf-at-linux-conf-au-2020-call-for-sessions-now-open/" rel="nofollow">FreeBSD Miniconf at linux.conf.au 2020 Call for Sessions Now Open</a></li>
14582 <li><a href="http://calagator.org/events/1250476319" rel="nofollow">Portland BSD Pizza Night: Oct 24th, 19:00 @ Rudy’s Gourmet Pizza</a></li>
14583 <li><a href="https://www.nycbug.org/index?action=view&id=10673" rel="nofollow">NYC*BUG Install Fest: Nov 6th 18:45 @ Suspenders </a></li>
14584 <li><a href="https://people.freebsd.org/%7Erodrigo/fosdem20/" rel="nofollow">FOSDEM 2020 - BSD Devroom Call for Participation</a></li>
14585 <li><a href="https://twitter.com/ed_maste/status/1184865668317007874" rel="nofollow">University of Cambridge looking for Research Assistants/Associates</a></li>
14586 </ul>
14587
14588 <hr>
14589
14590 <ul>
14591 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
14592 </ul>
14593
14594 <hr>
14595
14596 <video controls preload="metadata" style=" width:426px; height:240px;">
14597 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0321.mp4" type="video/mp4">
14598 Your browser does not support the HTML5 video tag.
14599 </video><p>Special Guest: Trenton Shulz.</p>]]>
14600 </itunes:summary>
14601 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+o55LBtyZ</fireside:playerURL>
14602 <fireside:playerEmbedCode>
14603 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+o55LBtyZ" width="740" height="200" frameborder="0" scrolling="no">]]>
14604 </fireside:playerEmbedCode>
14605 </item>
14606 <item>
14607 <title>320: Codebase: Neck Deep</title>
14608 <link>https://www.bsdnow.tv/320</link>
14609 <guid isPermaLink="false">11b9f24e-1789-4328-8396-4b9654aa2dfc</guid>
14610 <pubDate>Wed, 16 Oct 2019 20:00:00 -0700</pubDate>
14611 <author>Allan Jude</author>
14612 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/11b9f24e-1789-4328-8396-4b9654aa2dfc.mp3" length="40815513" type="audio/mp3"/>
14613 <itunes:episodeType>full</itunes:episodeType>
14614 <itunes:author>Allan Jude</itunes:author>
14615 <itunes:subtitle>FreeBSD on the Google Pixelbook, Porting NetBSD to the AMD x86-64, ZFS performance really does degrade as you approach quota limits, Fixing up KA9Q-unix, HAMMER2 and fsck for review, the return of startx(1) for non-root users, and more.</itunes:subtitle>
14616 <itunes:duration>56:41</itunes:duration>
14617 <itunes:explicit>no</itunes:explicit>
14618 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
14619 <description>Headlines
14620 FreeBSD and custom firmware on the Google Pixelbook (https://unrelenting.technology/articles/FreeBSD-and-custom-firmware-on-the-Google-Pixelbook)
14621 FreeBSD and custom firmware on the Google Pixelbook
14622 Back in 2015, I jumped on the ThinkPad bandwagon by getting an X240 to run FreeBSD on. Unlike most people in the ThinkPad crowd, I actually liked the clickpad and didn\u2019t use the trackpoint much. But this summer I\u2019ve decided that it was time for something newer. I wanted something..
14623 lighter and thinner (ha, turns out this is actually important, I got tired of carrying a T H I C C laptop - Apple was right all along);
14624 with a 3:2 display (why is Lenovo making these Serious Work\u2122 laptops 16:9 in the first place?? 16:9 is awful in below-13-inch sizes especially);
14625 with a HiDPI display (and ideally with a good size for exact 2x scaling instead of fractional);
14626 with USB-C ports;
14627 without a dGPU, especially without an NVIDIA GPU;
14628 assembled with screws and not glue (I don\u2019t necessarily need expansion and stuff in a laptop all that much, but being able to replace the battery without dealing with a glued chassis is good);
14629 supported by FreeBSD of course (\u201csome development required\u201d is okay but I\u2019m not going to write big drivers);
14630 how about something with open source firmware, that would be fun.
14631 I was considering a ThinkPad X1 Carbon from an old generation - the one from the same year as the X230 is corebootable, so that\u2019s fun. But going back in processor generations just doesn\u2019t feel great. I want something more efficient, not less!
14632 And then I discovered the Pixelbook. Other than the big huge large bezels around the screen, I liked everything about it. Thin aluminum design, a 3:2 HiDPI screen, rubber palm rests (why isn\u2019t every laptop ever doing that?!), the \u201cconvertibleness\u201d (flip the screen around to turn it into.. something rather big for a tablet, but it is useful actually), a Wacom touchscreen that supports a pen, mostly reasonable hardware (Intel Wi-Fi), and that famous coreboot support (Chromebooks\u2019 stock firmware is coreboot + depthcharge).
14633 So here it is, my new laptop, a Google Pixelbook.
14634 Conclusion
14635 Pixelbook, FreeBSD, coreboot, EDK2 good.
14636 Seriously, I have no big words to say, other than just recommending this laptop to FOSS enthusiasts :)
14637 Porting NetBSD to the AMD x86-64: a case study in OS portability (https://www.usenix.org/legacy/publications/library/proceedings/bsdcon02/full_papers/linden/linden_html/index.html)
14638 Abstract
14639 NetBSD is known as a very portable operating system, currently running on 44 different architectures (12 different types of CPU). This paper takes a look at what has been done to make it portable, and how this has decreased the amount of effort needed to port NetBSD to a new architecture. The new AMD x86-64 architecture, of which the specifications were published at the end of 2000, with hardware to follow in 2002, is used as an example.
14640 Portability
14641 Supporting multiple platforms was a primary goal of the NetBSD project from the start. As NetBSD was ported to more and more platforms, the NetBSD kernel code was adapted to become more portable along the way.
14642 General
14643 Generally, code is shared between ports as much as possible. In NetBSD, it should always be considered if the code can be assumed to be useful on other architectures, present or future. If so, it is machine-independent and put it in an appropriate place in the source tree. When writing code that is intended to be machine-independent, and it contains conditional preprocessor statements depending on the architecture, then the code is likely wrong, or an extra abstraction layer is needed to get rid of these statements.
14644 Types
14645 Assumptions about the size of any type are not made. Assumptions made about type sizes on 32-bit platforms were a large problem when 64-bit platforms came around. Most of the problems of this kind had to be dealt with when NetBSD was ported to the DEC Alpha in 1994. A variation on this problem had to be dealt with with the UltraSPARC (sparc64) port in 1998, which is 64-bit, but big endian (vs. the little-endianness of the Alpha). When interacting with datastructures of a fixed size, such as on-disk metadata for filesystems, or datastructures directly interpreted by device hardware, explicitly sized types are used, such as uint32t, int8t, etc.
14646 Conclusions and future work
14647 The port of NetBSD to AMD's x86-64 architecture was done in six weeks, which confirms NetBSD's reputation as being a very portable operating system. One week was spent setting up the cross-toolchain and reading the x86-64 specifications, three weeks were spent writing the kernel code, one week was spent writing the userspace code, and one week testing and debugging it all. No problems were observed in any of the machine-independent parts of the kernel during test runs; all (simulated) device drivers, file systems, etc, worked without modification.
14648 News Roundup
14649 ZFS performance really does degrade as you approach quota limits (https://utcc.utoronto.ca/~cks/space/blog/solaris/ZFSFullQuotaPerformanceIssue)
14650 Every so often (currently monthly), there is an "OpenZFS leadership meeting". What this really means is 'lead developers from the various ZFS implementations get together to talk about things'. Announcements and meeting notes from these meetings get sent out to various mailing lists, including the ZFS on Linux ones.
14651 In the September meeting notes, I read a very interesting (to me) agenda item:
14652 Relax quota semantics for improved performance (Allan Jude)
14653 Problem: As you approach quotas, ZFS performance degrades.
14654 Proposal: Can we have a property like quota-policy=strict or loose, where we can optionally allow ZFS to run over the quota as long as performance is not decreased.
14655 This is very interesting to me because of two reasons. First, in the past we have definitely seen significant problems on our OmniOS machines, both when an entire pool hits a quota limit and when a single filesystem hits a refquota limit. It's nice to know that this wasn't just our imagination and that there is a real issue here. Even better, it might someday be improved (and perhaps in a way that we can use at least some of the time).
14656 Second, any number of people here run very close to and sometimes at the quota limits of both filesystems and pools, fundamentally because people aren't willing to buy more space. We have in the past assumed that this was relatively harmless and would only make people run out of space. If this is a known issue that causes serious performance degradation, well, I don't know if there's anything we can do, but at least we're going to have to think about it and maybe push harder at people. The first step will have to be learning the details of what's going on at the ZFS level to cause the slowdown. (It's apparently similar to what happens when the pool is almost full, but I don't know the specifics of that either.)
14657 With that said, we don't seem to have seen clear adverse effects on our Linux fileservers, and they've definitely run into quota limits (repeatedly). One possible reason for this is that having lots of RAM and SSDs makes the effects mostly go away. Another possible reason is that we haven't been looking closely enough to see that we're experiencing global slowdowns that correlate to filesystems hitting quota limits. We've had issues before with somewhat subtle slowdowns that we didn't understand (cf), so I can't discount that we're having it happen again.
14658 Fixing up KA9Q-unix, or "neck deep in 30 year old codebases.." (http://adrianchadd.blogspot.com/2019/09/fixing-up-ka9q-unix-or-neck-deep-in-30.html)
14659 I'll preface this by saying - yes, I'm still neck deep in FreeBSD's wifi stack and 802.11ac support, but it turns out it's slow work to fix 15 year old locking related issues that worked fine on 11abg cards, kinda worked ok on 11n cards, and are terrible for these 11ac cards. I'll .. get there.
14660 Anyhoo, I've finally been mucking around with AX.25 packet radio. I've been wanting to do this since I was a teenager and found out about its existence, but back in high school and .. well, until a few years ago really .. I didn't have my amateur radio licence. But, now I do, and I've done a bunch of other stuff with a bunch of other radios. The main stumbling block? All my devices are either Apple products or run FreeBSD - and none of them have useful AX.25 stacks. The main stacks of choice these days run on Linux, Windows or are a full hardware TNC.
14661 So yes, I was avoiding hacking on AX.25 stuff because there wasn't a BSD compatible AX.25 stack. I'm 40 now, leave me be.
14662 But! A few weeks ago I found that someone was still running a packet BBS out of San Francisco. And amazingly, his local node ran on FreeBSD! It turns out Jeremy (KK6JJJ) ported both an old copy of KA9Q and N0ARY-BBS to run on FreeBSD! Cool!
14663 I grabbed my 2m radio (which is already cabled up for digital modes), compiled up his KA9Q port, figured out how to get it to speak to Direwolf, and .. ok. Well, it worked. Kinda.
14664 HAMMER2 and fsck for review (https://www.dragonflydigest.com/2019/09/24/23540.html)
14665 HAMMER2 is Copy on Write, meaning changes are made to copies of existing data. This means operations are generally atomic and can survive a power outage, etc. (You should read up on it!) However, there\u2019s now a fsck command, useful if you want a report of data validity rather than any manual repair process.
14666 [The return of startx(1) for non-root users with some caveats (https://undeadly.org/cgi?action=article;sid=20190917091236)
14667 Mark Kettenis (kettenis@) has recently committed changes which restore a certain amount of startx(1)/xinit(1) functionality for non-root users. The commit messages explain the situation:
14668 ```
14669 CVSROOT: /cvs
14670 Module name: src
14671 Changes by: kettenis@cvs.openbsd.org 2019/09/15 06:25:41
14672 Modified files:
14673 etc/etc.amd64 : fbtab
14674 etc/etc.arm64 : fbtab
14675 etc/etc.hppa : fbtab
14676 etc/etc.i386 : fbtab
14677 etc/etc.loongson: fbtab
14678 etc/etc.luna88k: fbtab
14679 etc/etc.macppc : fbtab
14680 etc/etc.octeon : fbtab
14681 etc/etc.sgi : fbtab
14682 etc/etc.sparc64: fbtab
14683 Log message:
14684 Add ttyC4 to lost of devices to change when logging in on ttyC0 (and in some cases also the serial console) such that X can use it as its VT when running without root privileges.
14685 ok jsg@, matthieu@
14686 CVSROOT: /cvs
14687 Module name: xenocara
14688 Changes by: kettenis@cvs.openbsd.org 2019/09/15 06:31:08
14689 Modified files:
14690 xserver/hw/xfree86/common: xf86AutoConfig.c
14691 Log message:
14692 Add modesetting driver as a fall-back when appropriate such that we can use it when running without root privileges which prevents us from scanning the PCI bus.
14693 This makes startx(1)/xinit(1) work again on modern systems with inteldrm(4), radeondrm(4) and amdgpu(4). In some cases this will result in using a different driver than with xenodm(4) which may expose issues (e.g. when we prefer the intel Xorg driver) or loss of acceleration (e.g. older cards supported by radeondrm(4)).
14694 ok jsg@, matthieu@
14695 ```
14696 Beastie Bits
14697 ASCII table and history. Or, why does Ctrl+i insert a Tab in my terminal? (https://bestasciitable.com/)
14698 Sourcehut makes BSD software better (https://sourcehut.org/blog/2019-09-12-sourcehut-makes-bsd-software-better/)
14699 Chaosnet for Unx (https://github.com/LM-3/chaos)
14700 The Vim-Inspired Editor with a Linguistic Twist (https://cosine.blue/2019-09-06-kakoune.html)
14701 bhyvearm64: CPU and Memory Virtualization on Armv8.0-A (https://papers.freebsd.org/2019/bsdcan/elisei-bhyvearm64_cpu_and_memory_virtualization_on_armv8.0_a/)
14702 DefCon25 - Are all BSD created Equally - A Survey of BSD Kernel vulnerabilities (https://www.youtube.com/watch?v=a2m56Yq-EIs)
14703 Feedback/Questions
14704 Tim - GSoC project ideas for pf rule syntax translation (http://dpaste.com/1RCSFK7#wrap)
14705 Brad - Steam on FreeBSD (http://dpaste.com/2SKA9YB#wrap)
14706 Ruslan - FreeBSD Quarterly Status Report - Q2 2019 (http://dpaste.com/0DQM3Q1)
14707 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
14708 <video controls preload="metadata" style=" width:426px; height:240px;">
14709 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0320.mp4" type="video/mp4">
14710 Your browser does not support the HTML5 video tag.
14711 </video>
14712 </description>
14713 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, google pixelbook, pixelbook, case study, portability, porting, zfs, zfs performance, performance, quota, quota limits, zfs quota, ka9q, unix, hammer2, fsck, startx</itunes:keywords>
14714 <content:encoded>
14715 <![CDATA[<h2>Headlines</h2>
14716
14717 <h3><a href="https://unrelenting.technology/articles/FreeBSD-and-custom-firmware-on-the-Google-Pixelbook" rel="nofollow">FreeBSD and custom firmware on the Google Pixelbook</a></h3>
14718
14719 <ul>
14720 <li>FreeBSD and custom firmware on the Google Pixelbook</li>
14721 </ul>
14722
14723 <blockquote>
14724 <p>Back in 2015, I jumped on the ThinkPad bandwagon by getting an X240 to run FreeBSD on. Unlike most people in the ThinkPad crowd, I actually liked the clickpad and didn\u2019t use the trackpoint much. But this summer I\u2019ve decided that it was time for something newer. I wanted something..</p>
14725 </blockquote>
14726
14727 <ul>
14728 <li>lighter and thinner (ha, turns out this is actually important, I got tired of carrying a T H I C C laptop - Apple was right all along);</li>
14729 <li>with a 3:2 display (why is Lenovo making these Serious Work\u2122 laptops 16:9 in the first place?? 16:9 is awful in below-13-inch sizes especially);</li>
14730 <li>with a HiDPI display (and ideally with a good size for exact 2x scaling instead of fractional);</li>
14731 <li>with USB-C ports;</li>
14732 <li>without a dGPU, especially without an NVIDIA GPU;</li>
14733 <li>assembled with screws and not glue (I don\u2019t necessarily need expansion and stuff in a laptop all that much, but being able to replace the battery without dealing with a glued chassis is good);</li>
14734 <li>supported by FreeBSD of course (\u201csome development required\u201d is okay but I\u2019m not going to write big drivers);</li>
14735 <li>how about something with open source firmware, that would be fun.</li>
14736 </ul>
14737
14738 <blockquote>
14739 <p>I was considering a ThinkPad X1 Carbon from an old generation - the one from the same year as the X230 is corebootable, so that\u2019s fun. But going back in processor generations just doesn\u2019t feel great. I want something more efficient, not less!</p>
14740
14741 <p>And then I discovered the Pixelbook. Other than the big huge large bezels around the screen, I liked everything about it. Thin aluminum design, a 3:2 HiDPI screen, rubber palm rests (why isn\u2019t every laptop ever doing that?!), the \u201cconvertibleness\u201d (flip the screen around to turn it into.. something rather big for a tablet, but it is useful actually), a Wacom touchscreen that supports a pen, mostly reasonable hardware (Intel Wi-Fi), and that famous coreboot support (Chromebooks\u2019 stock firmware is coreboot + depthcharge).</p>
14742
14743 <p>So here it is, my new laptop, a Google Pixelbook.</p>
14744 </blockquote>
14745
14746 <ul>
14747 <li>Conclusion</li>
14748 </ul>
14749
14750 <blockquote>
14751 <p>Pixelbook, FreeBSD, coreboot, EDK2 good.</p>
14752
14753 <p>Seriously, I have no big words to say, other than just recommending this laptop to FOSS enthusiasts :)</p>
14754 </blockquote>
14755
14756 <hr>
14757
14758 <h3><a href="https://www.usenix.org/legacy/publications/library/proceedings/bsdcon02/full_papers/linden/linden_html/index.html" rel="nofollow">Porting NetBSD to the AMD x86-64: a case study in OS portability</a></h3>
14759
14760 <ul>
14761 <li>Abstract</li>
14762 </ul>
14763
14764 <blockquote>
14765 <p>NetBSD is known as a very portable operating system, currently running on 44 different architectures (12 different types of CPU). This paper takes a look at what has been done to make it portable, and how this has decreased the amount of effort needed to port NetBSD to a new architecture. The new AMD x86-64 architecture, of which the specifications were published at the end of 2000, with hardware to follow in 2002, is used as an example.</p>
14766 </blockquote>
14767
14768 <ul>
14769 <li>Portability</li>
14770 </ul>
14771
14772 <blockquote>
14773 <p>Supporting multiple platforms was a primary goal of the NetBSD project from the start. As NetBSD was ported to more and more platforms, the NetBSD kernel code was adapted to become more portable along the way.</p>
14774 </blockquote>
14775
14776 <ul>
14777 <li>General</li>
14778 </ul>
14779
14780 <blockquote>
14781 <p>Generally, code is shared between ports as much as possible. In NetBSD, it should always be considered if the code can be assumed to be useful on other architectures, present or future. If so, it is machine-independent and put it in an appropriate place in the source tree. When writing code that is intended to be machine-independent, and it contains conditional preprocessor statements depending on the architecture, then the code is likely wrong, or an extra abstraction layer is needed to get rid of these statements.</p>
14782 </blockquote>
14783
14784 <ul>
14785 <li>Types</li>
14786 </ul>
14787
14788 <blockquote>
14789 <p>Assumptions about the size of any type are not made. Assumptions made about type sizes on 32-bit platforms were a large problem when 64-bit platforms came around. Most of the problems of this kind had to be dealt with when NetBSD was ported to the DEC Alpha in 1994. A variation on this problem had to be dealt with with the UltraSPARC (sparc64) port in 1998, which is 64-bit, but big endian (vs. the little-endianness of the Alpha). When interacting with datastructures of a fixed size, such as on-disk metadata for filesystems, or datastructures directly interpreted by device hardware, explicitly sized types are used, such as uint32_t, int8_t, etc.</p>
14790 </blockquote>
14791
14792 <ul>
14793 <li>Conclusions and future work</li>
14794 </ul>
14795
14796 <blockquote>
14797 <p>The port of NetBSD to AMD's x86-64 architecture was done in six weeks, which confirms NetBSD's reputation as being a very portable operating system. One week was spent setting up the cross-toolchain and reading the x86-64 specifications, three weeks were spent writing the kernel code, one week was spent writing the userspace code, and one week testing and debugging it all. No problems were observed in any of the machine-independent parts of the kernel during test runs; all (simulated) device drivers, file systems, etc, worked without modification.</p>
14798 </blockquote>
14799
14800 <hr>
14801
14802 <h2>News Roundup</h2>
14803
14804 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/solaris/ZFSFullQuotaPerformanceIssue" rel="nofollow">ZFS performance really does degrade as you approach quota limits</a></h3>
14805
14806 <blockquote>
14807 <p>Every so often (currently monthly), there is an "OpenZFS leadership meeting". What this really means is 'lead developers from the various ZFS implementations get together to talk about things'. Announcements and meeting notes from these meetings get sent out to various mailing lists, including the ZFS on Linux ones. </p>
14808 </blockquote>
14809
14810 <ul>
14811 <li>In the September meeting notes, I read a very interesting (to me) agenda item:
14812
14813 <ul>
14814 <li>Relax quota semantics for improved performance (Allan Jude)</li>
14815 <li>Problem: As you approach quotas, ZFS performance degrades.</li>
14816 <li>Proposal: Can we have a property like quota-policy=strict or loose, where we can optionally allow ZFS to run over the quota as long as performance is not decreased.</li>
14817 </ul></li>
14818 </ul>
14819
14820 <blockquote>
14821 <p>This is very interesting to me because of two reasons. First, in the past we have definitely seen significant problems on our OmniOS machines, both when an entire pool hits a quota limit and when a single filesystem hits a refquota limit. It's nice to know that this wasn't just our imagination and that there is a real issue here. Even better, it might someday be improved (and perhaps in a way that we can use at least some of the time).</p>
14822
14823 <p>Second, any number of people here run very close to and sometimes at the quota limits of both filesystems and pools, fundamentally because people aren't willing to buy more space. We have in the past assumed that this was relatively harmless and would only make people run out of space. If this is a known issue that causes serious performance degradation, well, I don't know if there's anything we can do, but at least we're going to have to think about it and maybe push harder at people. The first step will have to be learning the details of what's going on at the ZFS level to cause the slowdown. (It's apparently similar to what happens when the pool is almost full, but I don't know the specifics of that either.)</p>
14824
14825 <p>With that said, we don't seem to have seen clear adverse effects on our Linux fileservers, and they've definitely run into quota limits (repeatedly). One possible reason for this is that having lots of RAM and SSDs makes the effects mostly go away. Another possible reason is that we haven't been looking closely enough to see that we're experiencing global slowdowns that correlate to filesystems hitting quota limits. We've had issues before with somewhat subtle slowdowns that we didn't understand (cf), so I can't discount that we're having it happen again.</p>
14826 </blockquote>
14827
14828 <hr>
14829
14830 <h3><a href="http://adrianchadd.blogspot.com/2019/09/fixing-up-ka9q-unix-or-neck-deep-in-30.html" rel="nofollow">Fixing up KA9Q-unix, or "neck deep in 30 year old codebases.."</a></h3>
14831
14832 <blockquote>
14833 <p>I'll preface this by saying - yes, I'm still neck deep in FreeBSD's wifi stack and 802.11ac support, but it turns out it's slow work to fix 15 year old locking related issues that worked fine on 11abg cards, kinda worked ok on 11n cards, and are terrible for these 11ac cards. I'll .. get there.</p>
14834
14835 <p>Anyhoo, I've finally been mucking around with AX.25 packet radio. I've been wanting to do this since I was a teenager and found out about its existence, but back in high school and .. well, until a few years ago really .. I didn't have my amateur radio licence. But, now I do, and I've done a bunch of other stuff with a bunch of other radios. The main stumbling block? All my devices are either Apple products or run FreeBSD - and none of them have useful AX.25 stacks. The main stacks of choice these days run on Linux, Windows or are a full hardware TNC.</p>
14836
14837 <p>So yes, I was avoiding hacking on AX.25 stuff because there wasn't a BSD compatible AX.25 stack. I'm 40 now, leave me be.</p>
14838
14839 <p>But! A few weeks ago I found that someone was still running a packet BBS out of San Francisco. And amazingly, his local node ran on FreeBSD! It turns out Jeremy (KK6JJJ) ported both an old copy of KA9Q and N0ARY-BBS to run on FreeBSD! Cool!</p>
14840
14841 <p>I grabbed my 2m radio (which is already cabled up for digital modes), compiled up his KA9Q port, figured out how to get it to speak to Direwolf, and .. ok. Well, it worked. Kinda.</p>
14842 </blockquote>
14843
14844 <hr>
14845
14846 <h3><a href="https://www.dragonflydigest.com/2019/09/24/23540.html" rel="nofollow">HAMMER2 and fsck for review</a></h3>
14847
14848 <blockquote>
14849 <p>HAMMER2 is Copy on Write, meaning changes are made to copies of existing data. This means operations are generally atomic and can survive a power outage, etc. (You should read up on it!) However, there\u2019s now a fsck command, useful if you want a report of data validity rather than any manual repair process.</p>
14850 </blockquote>
14851
14852 <hr>
14853
14854 <h3>[The return of startx(1) for non-root users <a href="https://undeadly.org/cgi?action=article;sid=20190917091236" rel="nofollow">with some caveats</a></h3>
14855
14856 <p>Mark Kettenis (kettenis@) has recently committed changes which restore a certain amount of startx(1)/xinit(1) functionality for non-root users. The commit messages explain the situation:</p>
14857
14858 <pre><code>CVSROOT: /cvs
14859 Module name: src
14860 Changes by: kettenis@cvs.openbsd.org 2019/09/15 06:25:41
14861
14862 Modified files:
14863 etc/etc.amd64 : fbtab
14864 etc/etc.arm64 : fbtab
14865 etc/etc.hppa : fbtab
14866 etc/etc.i386 : fbtab
14867 etc/etc.loongson: fbtab
14868 etc/etc.luna88k: fbtab
14869 etc/etc.macppc : fbtab
14870 etc/etc.octeon : fbtab
14871 etc/etc.sgi : fbtab
14872 etc/etc.sparc64: fbtab
14873
14874 Log message:
14875 Add ttyC4 to lost of devices to change when logging in on ttyC0 (and in some cases also the serial console) such that X can use it as its VT when running without root privileges.
14876
14877 ok jsg@, matthieu@
14878 CVSROOT: /cvs
14879 Module name: xenocara
14880 Changes by: kettenis@cvs.openbsd.org 2019/09/15 06:31:08
14881
14882 Modified files:
14883 xserver/hw/xfree86/common: xf86AutoConfig.c
14884
14885 Log message:
14886 Add modesetting driver as a fall-back when appropriate such that we can use it when running without root privileges which prevents us from scanning the PCI bus.
14887
14888 This makes startx(1)/xinit(1) work again on modern systems with inteldrm(4), radeondrm(4) and amdgpu(4). In some cases this will result in using a different driver than with xenodm(4) which may expose issues (e.g. when we prefer the intel Xorg driver) or loss of acceleration (e.g. older cards supported by radeondrm(4)).
14889
14890 ok jsg@, matthieu@
14891 </code></pre>
14892
14893 <hr>
14894
14895 <h2>Beastie Bits</h2>
14896
14897 <ul>
14898 <li><a href="https://bestasciitable.com/" rel="nofollow">ASCII table and history. Or, why does Ctrl+i insert a Tab in my terminal?</a></li>
14899 <li><a href="https://sourcehut.org/blog/2019-09-12-sourcehut-makes-bsd-software-better/" rel="nofollow">Sourcehut makes BSD software better</a></li>
14900 <li><a href="https://github.com/LM-3/chaos" rel="nofollow">Chaosnet for Unx</a></li>
14901 <li><a href="https://cosine.blue/2019-09-06-kakoune.html" rel="nofollow">The Vim-Inspired Editor with a Linguistic Twist</a></li>
14902 <li><a href="https://papers.freebsd.org/2019/bsdcan/elisei-bhyvearm64_cpu_and_memory_virtualization_on_armv8.0_a/" rel="nofollow">bhyvearm64: CPU and Memory Virtualization on Armv8.0-A</a></li>
14903 <li><a href="https://www.youtube.com/watch?v=a2m56Yq-EIs" rel="nofollow">DefCon25 - Are all BSD created Equally - A Survey of BSD Kernel vulnerabilities</a></li>
14904 </ul>
14905
14906 <hr>
14907
14908 <h2>Feedback/Questions</h2>
14909
14910 <ul>
14911 <li>Tim - <a href="http://dpaste.com/1RCSFK7#wrap" rel="nofollow">GSoC project ideas for pf rule syntax translation</a></li>
14912 <li>Brad - <a href="http://dpaste.com/2SKA9YB#wrap" rel="nofollow">Steam on FreeBSD</a></li>
14913 <li>Ruslan - <a href="http://dpaste.com/0DQM3Q1" rel="nofollow">FreeBSD Quarterly Status Report - Q2 2019</a></li>
14914 </ul>
14915
14916 <hr>
14917
14918 <ul>
14919 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
14920 </ul>
14921
14922 <hr>
14923
14924 <video controls preload="metadata" style=" width:426px; height:240px;">
14925 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0320.mp4" type="video/mp4">
14926 Your browser does not support the HTML5 video tag.
14927 </video>]]>
14928 </content:encoded>
14929 <itunes:summary>
14930 <![CDATA[<h2>Headlines</h2>
14931
14932 <h3><a href="https://unrelenting.technology/articles/FreeBSD-and-custom-firmware-on-the-Google-Pixelbook" rel="nofollow">FreeBSD and custom firmware on the Google Pixelbook</a></h3>
14933
14934 <ul>
14935 <li>FreeBSD and custom firmware on the Google Pixelbook</li>
14936 </ul>
14937
14938 <blockquote>
14939 <p>Back in 2015, I jumped on the ThinkPad bandwagon by getting an X240 to run FreeBSD on. Unlike most people in the ThinkPad crowd, I actually liked the clickpad and didn\u2019t use the trackpoint much. But this summer I\u2019ve decided that it was time for something newer. I wanted something..</p>
14940 </blockquote>
14941
14942 <ul>
14943 <li>lighter and thinner (ha, turns out this is actually important, I got tired of carrying a T H I C C laptop - Apple was right all along);</li>
14944 <li>with a 3:2 display (why is Lenovo making these Serious Work\u2122 laptops 16:9 in the first place?? 16:9 is awful in below-13-inch sizes especially);</li>
14945 <li>with a HiDPI display (and ideally with a good size for exact 2x scaling instead of fractional);</li>
14946 <li>with USB-C ports;</li>
14947 <li>without a dGPU, especially without an NVIDIA GPU;</li>
14948 <li>assembled with screws and not glue (I don\u2019t necessarily need expansion and stuff in a laptop all that much, but being able to replace the battery without dealing with a glued chassis is good);</li>
14949 <li>supported by FreeBSD of course (\u201csome development required\u201d is okay but I\u2019m not going to write big drivers);</li>
14950 <li>how about something with open source firmware, that would be fun.</li>
14951 </ul>
14952
14953 <blockquote>
14954 <p>I was considering a ThinkPad X1 Carbon from an old generation - the one from the same year as the X230 is corebootable, so that\u2019s fun. But going back in processor generations just doesn\u2019t feel great. I want something more efficient, not less!</p>
14955
14956 <p>And then I discovered the Pixelbook. Other than the big huge large bezels around the screen, I liked everything about it. Thin aluminum design, a 3:2 HiDPI screen, rubber palm rests (why isn\u2019t every laptop ever doing that?!), the \u201cconvertibleness\u201d (flip the screen around to turn it into.. something rather big for a tablet, but it is useful actually), a Wacom touchscreen that supports a pen, mostly reasonable hardware (Intel Wi-Fi), and that famous coreboot support (Chromebooks\u2019 stock firmware is coreboot + depthcharge).</p>
14957
14958 <p>So here it is, my new laptop, a Google Pixelbook.</p>
14959 </blockquote>
14960
14961 <ul>
14962 <li>Conclusion</li>
14963 </ul>
14964
14965 <blockquote>
14966 <p>Pixelbook, FreeBSD, coreboot, EDK2 good.</p>
14967
14968 <p>Seriously, I have no big words to say, other than just recommending this laptop to FOSS enthusiasts :)</p>
14969 </blockquote>
14970
14971 <hr>
14972
14973 <h3><a href="https://www.usenix.org/legacy/publications/library/proceedings/bsdcon02/full_papers/linden/linden_html/index.html" rel="nofollow">Porting NetBSD to the AMD x86-64: a case study in OS portability</a></h3>
14974
14975 <ul>
14976 <li>Abstract</li>
14977 </ul>
14978
14979 <blockquote>
14980 <p>NetBSD is known as a very portable operating system, currently running on 44 different architectures (12 different types of CPU). This paper takes a look at what has been done to make it portable, and how this has decreased the amount of effort needed to port NetBSD to a new architecture. The new AMD x86-64 architecture, of which the specifications were published at the end of 2000, with hardware to follow in 2002, is used as an example.</p>
14981 </blockquote>
14982
14983 <ul>
14984 <li>Portability</li>
14985 </ul>
14986
14987 <blockquote>
14988 <p>Supporting multiple platforms was a primary goal of the NetBSD project from the start. As NetBSD was ported to more and more platforms, the NetBSD kernel code was adapted to become more portable along the way.</p>
14989 </blockquote>
14990
14991 <ul>
14992 <li>General</li>
14993 </ul>
14994
14995 <blockquote>
14996 <p>Generally, code is shared between ports as much as possible. In NetBSD, it should always be considered if the code can be assumed to be useful on other architectures, present or future. If so, it is machine-independent and put it in an appropriate place in the source tree. When writing code that is intended to be machine-independent, and it contains conditional preprocessor statements depending on the architecture, then the code is likely wrong, or an extra abstraction layer is needed to get rid of these statements.</p>
14997 </blockquote>
14998
14999 <ul>
15000 <li>Types</li>
15001 </ul>
15002
15003 <blockquote>
15004 <p>Assumptions about the size of any type are not made. Assumptions made about type sizes on 32-bit platforms were a large problem when 64-bit platforms came around. Most of the problems of this kind had to be dealt with when NetBSD was ported to the DEC Alpha in 1994. A variation on this problem had to be dealt with with the UltraSPARC (sparc64) port in 1998, which is 64-bit, but big endian (vs. the little-endianness of the Alpha). When interacting with datastructures of a fixed size, such as on-disk metadata for filesystems, or datastructures directly interpreted by device hardware, explicitly sized types are used, such as uint32_t, int8_t, etc.</p>
15005 </blockquote>
15006
15007 <ul>
15008 <li>Conclusions and future work</li>
15009 </ul>
15010
15011 <blockquote>
15012 <p>The port of NetBSD to AMD's x86-64 architecture was done in six weeks, which confirms NetBSD's reputation as being a very portable operating system. One week was spent setting up the cross-toolchain and reading the x86-64 specifications, three weeks were spent writing the kernel code, one week was spent writing the userspace code, and one week testing and debugging it all. No problems were observed in any of the machine-independent parts of the kernel during test runs; all (simulated) device drivers, file systems, etc, worked without modification.</p>
15013 </blockquote>
15014
15015 <hr>
15016
15017 <h2>News Roundup</h2>
15018
15019 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/solaris/ZFSFullQuotaPerformanceIssue" rel="nofollow">ZFS performance really does degrade as you approach quota limits</a></h3>
15020
15021 <blockquote>
15022 <p>Every so often (currently monthly), there is an "OpenZFS leadership meeting". What this really means is 'lead developers from the various ZFS implementations get together to talk about things'. Announcements and meeting notes from these meetings get sent out to various mailing lists, including the ZFS on Linux ones. </p>
15023 </blockquote>
15024
15025 <ul>
15026 <li>In the September meeting notes, I read a very interesting (to me) agenda item:
15027
15028 <ul>
15029 <li>Relax quota semantics for improved performance (Allan Jude)</li>
15030 <li>Problem: As you approach quotas, ZFS performance degrades.</li>
15031 <li>Proposal: Can we have a property like quota-policy=strict or loose, where we can optionally allow ZFS to run over the quota as long as performance is not decreased.</li>
15032 </ul></li>
15033 </ul>
15034
15035 <blockquote>
15036 <p>This is very interesting to me because of two reasons. First, in the past we have definitely seen significant problems on our OmniOS machines, both when an entire pool hits a quota limit and when a single filesystem hits a refquota limit. It's nice to know that this wasn't just our imagination and that there is a real issue here. Even better, it might someday be improved (and perhaps in a way that we can use at least some of the time).</p>
15037
15038 <p>Second, any number of people here run very close to and sometimes at the quota limits of both filesystems and pools, fundamentally because people aren't willing to buy more space. We have in the past assumed that this was relatively harmless and would only make people run out of space. If this is a known issue that causes serious performance degradation, well, I don't know if there's anything we can do, but at least we're going to have to think about it and maybe push harder at people. The first step will have to be learning the details of what's going on at the ZFS level to cause the slowdown. (It's apparently similar to what happens when the pool is almost full, but I don't know the specifics of that either.)</p>
15039
15040 <p>With that said, we don't seem to have seen clear adverse effects on our Linux fileservers, and they've definitely run into quota limits (repeatedly). One possible reason for this is that having lots of RAM and SSDs makes the effects mostly go away. Another possible reason is that we haven't been looking closely enough to see that we're experiencing global slowdowns that correlate to filesystems hitting quota limits. We've had issues before with somewhat subtle slowdowns that we didn't understand (cf), so I can't discount that we're having it happen again.</p>
15041 </blockquote>
15042
15043 <hr>
15044
15045 <h3><a href="http://adrianchadd.blogspot.com/2019/09/fixing-up-ka9q-unix-or-neck-deep-in-30.html" rel="nofollow">Fixing up KA9Q-unix, or "neck deep in 30 year old codebases.."</a></h3>
15046
15047 <blockquote>
15048 <p>I'll preface this by saying - yes, I'm still neck deep in FreeBSD's wifi stack and 802.11ac support, but it turns out it's slow work to fix 15 year old locking related issues that worked fine on 11abg cards, kinda worked ok on 11n cards, and are terrible for these 11ac cards. I'll .. get there.</p>
15049
15050 <p>Anyhoo, I've finally been mucking around with AX.25 packet radio. I've been wanting to do this since I was a teenager and found out about its existence, but back in high school and .. well, until a few years ago really .. I didn't have my amateur radio licence. But, now I do, and I've done a bunch of other stuff with a bunch of other radios. The main stumbling block? All my devices are either Apple products or run FreeBSD - and none of them have useful AX.25 stacks. The main stacks of choice these days run on Linux, Windows or are a full hardware TNC.</p>
15051
15052 <p>So yes, I was avoiding hacking on AX.25 stuff because there wasn't a BSD compatible AX.25 stack. I'm 40 now, leave me be.</p>
15053
15054 <p>But! A few weeks ago I found that someone was still running a packet BBS out of San Francisco. And amazingly, his local node ran on FreeBSD! It turns out Jeremy (KK6JJJ) ported both an old copy of KA9Q and N0ARY-BBS to run on FreeBSD! Cool!</p>
15055
15056 <p>I grabbed my 2m radio (which is already cabled up for digital modes), compiled up his KA9Q port, figured out how to get it to speak to Direwolf, and .. ok. Well, it worked. Kinda.</p>
15057 </blockquote>
15058
15059 <hr>
15060
15061 <h3><a href="https://www.dragonflydigest.com/2019/09/24/23540.html" rel="nofollow">HAMMER2 and fsck for review</a></h3>
15062
15063 <blockquote>
15064 <p>HAMMER2 is Copy on Write, meaning changes are made to copies of existing data. This means operations are generally atomic and can survive a power outage, etc. (You should read up on it!) However, there\u2019s now a fsck command, useful if you want a report of data validity rather than any manual repair process.</p>
15065 </blockquote>
15066
15067 <hr>
15068
15069 <h3>[The return of startx(1) for non-root users <a href="https://undeadly.org/cgi?action=article;sid=20190917091236" rel="nofollow">with some caveats</a></h3>
15070
15071 <p>Mark Kettenis (kettenis@) has recently committed changes which restore a certain amount of startx(1)/xinit(1) functionality for non-root users. The commit messages explain the situation:</p>
15072
15073 <pre><code>CVSROOT: /cvs
15074 Module name: src
15075 Changes by: kettenis@cvs.openbsd.org 2019/09/15 06:25:41
15076
15077 Modified files:
15078 etc/etc.amd64 : fbtab
15079 etc/etc.arm64 : fbtab
15080 etc/etc.hppa : fbtab
15081 etc/etc.i386 : fbtab
15082 etc/etc.loongson: fbtab
15083 etc/etc.luna88k: fbtab
15084 etc/etc.macppc : fbtab
15085 etc/etc.octeon : fbtab
15086 etc/etc.sgi : fbtab
15087 etc/etc.sparc64: fbtab
15088
15089 Log message:
15090 Add ttyC4 to lost of devices to change when logging in on ttyC0 (and in some cases also the serial console) such that X can use it as its VT when running without root privileges.
15091
15092 ok jsg@, matthieu@
15093 CVSROOT: /cvs
15094 Module name: xenocara
15095 Changes by: kettenis@cvs.openbsd.org 2019/09/15 06:31:08
15096
15097 Modified files:
15098 xserver/hw/xfree86/common: xf86AutoConfig.c
15099
15100 Log message:
15101 Add modesetting driver as a fall-back when appropriate such that we can use it when running without root privileges which prevents us from scanning the PCI bus.
15102
15103 This makes startx(1)/xinit(1) work again on modern systems with inteldrm(4), radeondrm(4) and amdgpu(4). In some cases this will result in using a different driver than with xenodm(4) which may expose issues (e.g. when we prefer the intel Xorg driver) or loss of acceleration (e.g. older cards supported by radeondrm(4)).
15104
15105 ok jsg@, matthieu@
15106 </code></pre>
15107
15108 <hr>
15109
15110 <h2>Beastie Bits</h2>
15111
15112 <ul>
15113 <li><a href="https://bestasciitable.com/" rel="nofollow">ASCII table and history. Or, why does Ctrl+i insert a Tab in my terminal?</a></li>
15114 <li><a href="https://sourcehut.org/blog/2019-09-12-sourcehut-makes-bsd-software-better/" rel="nofollow">Sourcehut makes BSD software better</a></li>
15115 <li><a href="https://github.com/LM-3/chaos" rel="nofollow">Chaosnet for Unx</a></li>
15116 <li><a href="https://cosine.blue/2019-09-06-kakoune.html" rel="nofollow">The Vim-Inspired Editor with a Linguistic Twist</a></li>
15117 <li><a href="https://papers.freebsd.org/2019/bsdcan/elisei-bhyvearm64_cpu_and_memory_virtualization_on_armv8.0_a/" rel="nofollow">bhyvearm64: CPU and Memory Virtualization on Armv8.0-A</a></li>
15118 <li><a href="https://www.youtube.com/watch?v=a2m56Yq-EIs" rel="nofollow">DefCon25 - Are all BSD created Equally - A Survey of BSD Kernel vulnerabilities</a></li>
15119 </ul>
15120
15121 <hr>
15122
15123 <h2>Feedback/Questions</h2>
15124
15125 <ul>
15126 <li>Tim - <a href="http://dpaste.com/1RCSFK7#wrap" rel="nofollow">GSoC project ideas for pf rule syntax translation</a></li>
15127 <li>Brad - <a href="http://dpaste.com/2SKA9YB#wrap" rel="nofollow">Steam on FreeBSD</a></li>
15128 <li>Ruslan - <a href="http://dpaste.com/0DQM3Q1" rel="nofollow">FreeBSD Quarterly Status Report - Q2 2019</a></li>
15129 </ul>
15130
15131 <hr>
15132
15133 <ul>
15134 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
15135 </ul>
15136
15137 <hr>
15138
15139 <video controls preload="metadata" style=" width:426px; height:240px;">
15140 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0320.mp4" type="video/mp4">
15141 Your browser does not support the HTML5 video tag.
15142 </video>]]>
15143 </itunes:summary>
15144 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+49BGA1BK</fireside:playerURL>
15145 <fireside:playerEmbedCode>
15146 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+49BGA1BK" width="740" height="200" frameborder="0" scrolling="no">]]>
15147 </fireside:playerEmbedCode>
15148 </item>
15149 <item>
15150 <title>319: Lack Rack, Jack</title>
15151 <link>https://www.bsdnow.tv/319</link>
15152 <guid isPermaLink="false">19c9942c-0790-4157-af73-31faf1e2b8e4</guid>
15153 <pubDate>Wed, 09 Oct 2019 20:00:00 -0700</pubDate>
15154 <author>Allan Jude</author>
15155 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/19c9942c-0790-4157-af73-31faf1e2b8e4.mp3" length="48841583" type="audio/mp3"/>
15156 <itunes:episodeType>full</itunes:episodeType>
15157 <itunes:author>Allan Jude</itunes:author>
15158 <itunes:subtitle>Causing ZFS corruption for fun, NetBSD Assembly Programming Tutorial, The IKEA Lack Rack for Servers, a new OmniOS Community Edition LTS has been published, List Block Devices on FreeBSD lsblk(8) Style, Project Trident 19.10 available, and more.</itunes:subtitle>
15159 <itunes:duration>1:07:50</itunes:duration>
15160 <itunes:explicit>no</itunes:explicit>
15161 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
15162 <description>Causing ZFS corruption for fun, NetBSD Assembly Programming Tutorial, The IKEA Lack Rack for Servers, a new OmniOS Community Edition LTS has been published, List Block Devices on FreeBSD lsblk(8) Style, Project Trident 19.10 available, and more.
15163 Headlines
15164 Causing ZFS corruption for fun and profit (https://datto.engineering/post/causing-zfs-corruption)
15165 Datto backs up data, a lot of it. At the time of writing Datto has over 500 PB of data stored on ZFS. This count includes both backup appliances that are sent to customer sites, as well as cloud storage servers that are used for secondary and tertiary backup of those appliances. At this scale drive swaps are a daily occurrence, and data corruption is inevitable. How we handle this corruption when it happens determines whether we truly lose data, or successfully restore from secondary backup. In this post we'll be showing you how at Datto we intentionally cause corruption in our testing environments, to ensure we're building software that can properly handle these scenarios.
15166 Causing Corruption
15167 Since this is a mirror setup, a naive solution to cause corruption would be to randomly dd the same sectors of both /dev/sdb and /dev/sdc. This works, but is equally likely to just overwrite random unused space, or take down the zpool entirely. What we really want is to corrupt a specific snapshot, or even a specific file in that snapshot, to simulate a more realistic minor corruption event. Luckily we have a tool called zdb that lets us view some low level information about datasets.
15168 Conclusion
15169 At the 500 PB scale, it's not a matter of if data corruption will happen but when. Intentionally causing corruption is one of the strategies we use to ensure we're building software that can handle these rare (but inevitable) events.
15170 To others out there using ZFS: I'm curious to hear how you've solved this problem. We did quite a bit of experimentation with zinject before going with this more brute force method. So I'd be especially interested if you've had luck simply simulating corruption with zinject.
15171 NetBSD Assembly Programming Tutorial (https://polprog.net/blog/netbsdasmprog/)
15172 A sparc64 version is also being prepared and will be added when done
15173 This post describes how to write a simple hello world program in pure assembly on NetBSD/amd64. We will not use (nor link against) libc, nor use gcc to compile it. I will be using GNU as (gas), and therefore the AT&T syntax instead of Intel.
15174 Why assembly?
15175 Why not? Because it's fun to program in assembly directly. Contrary to a popular belief assembly programs aren't always faster than what optimizing compilers produce. Nevertheless it's good to be able to read assembly, especially when debugging C programs
15176 Due to the nature of the guide, visit the site for the complete breakdown
15177 News Roundup
15178 The IKEA Lack Rack for Servers (https://wiki.eth0.nl/index.php/LackRack)
15179 The LackRack
15180 First occurrence on eth0:2010 Winterlan, the LackRack is the ultimate, low-cost, high shininess solution for your modular datacenter-in-the-living-room. Featuring the LACK (side table) from Ikea, the LackRack is an easy-to-implement, exact-fit datacenter building block. It's a little known fact that we have seen Google engineers tinker with Lack tables since way back in 2009.
15181 The LackRack will certainly make its appearance again this summer at eth0:2010 Summer.
15182 Summary
15183 When temporarily not in use, multiple LackRacks can be stacked in a space-efficient way without disassembly, unlike competing 19" server racks.
15184 The LackRack was first seen on eth0:2010 Winterlan in the no-shoe Lounge area. Its low-cost and perfect fit are great for mounting up to 8 U of 19" hardware, such as switches (see below), or perhaps other 19" gear. It's very easy to assemble, and thanks to the design, they are stable enough to hold (for example) 19" switches and you can put your bottle of Club-Mate on top! Multi-shiny LackRack can also be painted to your specific preferences and the airflow is unprecedented!
15185 Howto
15186 You can find a howto on buying a LackRack on this page. This includes the proof that a 19" switch can indeed be placed in the LackRack in its natural habitat!
15187 OmniOS Community Edition r151030 LTS - Published at May 6, 2019 (https://omniosce.org/article/release-030)
15188 The OmniOS Community Edition Association is proud to announce the general availability of OmniOS - r151030.
15189 OmniOS is published according to a 6-month release cycle, r151030 LTS takes over from r151028, published in November 2018; and since it is a LTS release it also takes over from r151022. The r151030 LTS release will be supported for 3 Years. It is the first LTS release published by the OmniOS CE Association since taking over the reins from OmniTI in 2017. The next LTS release is scheduled for May 2021. The old stable r151026 release is now end-of-life. See the release schedule for further details.
15190 This is only a small selection of the new features, and bug fixes in the new release; review the release notes for full details.
15191 If you upgrade from r22 and want to see all new features added since then, make sure to also read the release notes for r24, r26 and r28.
15192 For full relase notes including upgrade instructions;
15193 release notes (https://omniosce.org/releasenotes.html)
15194 upgrade instructions (https://omniosce.org/upgrade.html)
15195 List Block Devices on FreeBSD lsblk(8) Style (https://vermaden.wordpress.com/2019/09/27/list-block-devices-on-freebsd-lsblk8-style/)
15196 When I have to work on Linux systems I usually miss many nice FreeBSD tools such as these for example to name the few: sockstat, gstat, top -b -o res, top -m io -o total, usbconfig, rcorder, beadm/bectl, idprio/rtprio,… but sometimes – which rarely happens – Linux has some very useful tool that is not available on FreeBSD. An example of such tool is lsblk(8) that does one thing and does it quite well – lists block devices and their contents. It has some problems like listing a disk that is entirely used under ZFS pool on which lsblk(8) displays two partitions instead of information about ZFS just being there – but we all know how much in some circles the CDDL licensed ZFS is unloved in that GPL world.
15197 Example lsblk(8) output from Linux system:
15198
15199 $ lsblk
15200 NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
15201 sr0 11:0 1 1024M 0 rom
15202 sda 8:0 0 931.5G 0 disk
15203 |-sda1 8:1 0 500M 0 part /boot
15204 `-sda2 8:2 0 931G 0 part
15205 |-vg_local-lv_root (dm-0) 253:0 0 50G 0 lvm /
15206 |-vg_local-lv_swap (dm-1) 253:1 0 17.7G 0 lvm [SWAP]
15207 `-vg_local-lv_home (dm-2) 253:2 0 1.8T 0 lvm /home
15208 sdc 8:32 0 232.9G 0 disk
15209 `-sdc1 8:33 0 232.9G 0 part
15210 `-md1 9:1 0 232.9G 0 raid10 /data
15211 sdd 8:48 0 232.9G 0 disk
15212 `-sdd1 8:49 0 232.9G 0 part
15213 `-md1 9:1 0 232.9G 0 raid10 /data
15214
15215 What FreeBSD offers in this department? The camcontrol(8) and geom(8) commands are available. You can also use gpart(8) command to list partitions. Below you will find output of these commands from my single disk laptop. Please note that because of WordPress limitations I need to change all > < characters to ] [ ones in the commands outputs.
15216 See the article for the rest of the guide
15217 Project Trident 19.10 Now Available (https://project-trident.org/post/2019-10-05_19.10_available/)
15218 This is a general package update to the CURRENT release repository based upon TrueOS 19.10
15219 PACKAGE CHANGES FROM 19.08
15220 New Packages: 601
15221 Deleted Packages: 165
15222 Updated Packages: 3341
15223 Beastie Bits
15224 NetBSD building tools (https://imgur.com/gallery/0sG4b1K)
15225 Sponsorships open for SNMP Mastery (https://mwl.io/archives/4569)
15226 pkgsrc-2019Q3 release announcement (2019-10-03) (http://mail-index.netbsd.org/pkgsrc-users/2019/10/03/msg029485.html)
15227 pfetch - A simple system information tool written in POSIX sh (https://github.com/dylanaraps/pfetch)
15228 Taking NetBSD kernel bug roast to the next level: Kernel Fuzzers (quick A.D. 2019 overview) (https://netbsd.org/~kamil/eurobsdcon2019_fuzzing/presentation.html#slide1)
15229 Cracking Ken Thomson’s password (https://leahneukirchen.org/blog/archive/2019/10/ken-thompson-s-unix-password.html)
15230 Feedback/Questions
15231 Evilham - Couple Questions (http://dpaste.com/2JC85WV)
15232 Rob - APU2 alternatives and GPT partition types (http://dpaste.com/0SDX9ZX)
15233 Tom - FreeBSD journal article by A. Fengler (http://dpaste.com/2B43MY1#wrap)
15234 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
15235 <video controls preload="metadata" style=" width:426px; height:240px;">
15236 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0319.mp4" type="video/mp4">
15237 Your browser does not support the HTML5 video tag.
15238 </video>
15239 </description>
15240 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, Untitled 1interview, zfs, assembly, assembly programming, programming, programming tutorial, ikea, rack, server rack, omnios, omnios lts, lsblk, project trident</itunes:keywords>
15241 <content:encoded>
15242 <![CDATA[<p>Causing ZFS corruption for fun, NetBSD Assembly Programming Tutorial, The IKEA Lack Rack for Servers, a new OmniOS Community Edition LTS has been published, List Block Devices on FreeBSD lsblk(8) Style, Project Trident 19.10 available, and more.</p>
15243
15244 <h2>Headlines</h2>
15245
15246 <h3><a href="https://datto.engineering/post/causing-zfs-corruption" rel="nofollow">Causing ZFS corruption for fun and profit</a></h3>
15247
15248 <blockquote>
15249 <p>Datto backs up data, a lot of it. At the time of writing Datto has over 500 PB of data stored on ZFS. This count includes both backup appliances that are sent to customer sites, as well as cloud storage servers that are used for secondary and tertiary backup of those appliances. At this scale drive swaps are a daily occurrence, and data corruption is inevitable. How we handle this corruption when it happens determines whether we truly lose data, or successfully restore from secondary backup. In this post we'll be showing you how at Datto we intentionally cause corruption in our testing environments, to ensure we're building software that can properly handle these scenarios.</p>
15250 </blockquote>
15251
15252 <ul>
15253 <li>Causing Corruption</li>
15254 </ul>
15255
15256 <blockquote>
15257 <p>Since this is a mirror setup, a naive solution to cause corruption would be to randomly dd the same sectors of both /dev/sdb and /dev/sdc. This works, but is equally likely to just overwrite random unused space, or take down the zpool entirely. What we really want is to corrupt a specific snapshot, or even a specific file in that snapshot, to simulate a more realistic minor corruption event. Luckily we have a tool called zdb that lets us view some low level information about datasets.</p>
15258 </blockquote>
15259
15260 <ul>
15261 <li>Conclusion</li>
15262 </ul>
15263
15264 <blockquote>
15265 <p>At the 500 PB scale, it's not a matter of if data corruption will happen but when. Intentionally causing corruption is one of the strategies we use to ensure we're building software that can handle these rare (but inevitable) events.</p>
15266
15267 <p>To others out there using ZFS: I'm curious to hear how you've solved this problem. We did quite a bit of experimentation with zinject before going with this more brute force method. So I'd be especially interested if you've had luck simply simulating corruption with zinject.</p>
15268 </blockquote>
15269
15270 <hr>
15271
15272 <h3><a href="https://polprog.net/blog/netbsdasmprog/" rel="nofollow">NetBSD Assembly Programming Tutorial</a></h3>
15273
15274 <blockquote>
15275 <p>A sparc64 version is also being prepared and will be added when done</p>
15276
15277 <p>This post describes how to write a simple hello world program in pure assembly on NetBSD/amd64. We will not use (nor link against) libc, nor use gcc to compile it. I will be using GNU as (gas), and therefore the AT&T syntax instead of Intel.</p>
15278 </blockquote>
15279
15280 <ul>
15281 <li>Why assembly?</li>
15282 </ul>
15283
15284 <blockquote>
15285 <p>Why not? Because it's fun to program in assembly directly. Contrary to a popular belief assembly programs aren't always faster than what optimizing compilers produce. Nevertheless it's good to be able to read assembly, especially when debugging C programs</p>
15286 </blockquote>
15287
15288 <ul>
15289 <li>Due to the nature of the guide, visit the site for the complete breakdown</li>
15290 </ul>
15291
15292 <hr>
15293
15294 <h2>News Roundup</h2>
15295
15296 <h3><a href="https://wiki.eth0.nl/index.php/LackRack" rel="nofollow">The IKEA Lack Rack for Servers</a></h3>
15297
15298 <ul>
15299 <li>The LackRack</li>
15300 </ul>
15301
15302 <blockquote>
15303 <p>First occurrence on eth0:2010 Winterlan, the LackRack is the ultimate, low-cost, high shininess solution for your modular datacenter-in-the-living-room. Featuring the LACK (side table) from Ikea, the LackRack is an easy-to-implement, exact-fit datacenter building block. It's a little known fact that we have seen Google engineers tinker with Lack tables since way back in 2009.</p>
15304
15305 <p>The LackRack will certainly make its appearance again this summer at eth0:2010 Summer.</p>
15306 </blockquote>
15307
15308 <ul>
15309 <li>Summary</li>
15310 </ul>
15311
15312 <blockquote>
15313 <p>When temporarily not in use, multiple LackRacks can be stacked in a space-efficient way without disassembly, unlike competing 19" server racks.</p>
15314
15315 <p>The LackRack was first seen on eth0:2010 Winterlan in the no-shoe Lounge area. Its low-cost and perfect fit are great for mounting up to 8 U of 19" hardware, such as switches (see below), or perhaps other 19" gear. It's very easy to assemble, and thanks to the design, they are stable enough to hold (for example) 19" switches and you can put your bottle of Club-Mate on top! Multi-shiny LackRack can also be painted to your specific preferences and the airflow is unprecedented!</p>
15316 </blockquote>
15317
15318 <ul>
15319 <li>Howto</li>
15320 </ul>
15321
15322 <blockquote>
15323 <p>You can find a howto on buying a LackRack on this page. This includes the proof that a 19" switch can indeed be placed in the LackRack in its natural habitat!</p>
15324 </blockquote>
15325
15326 <hr>
15327
15328 <h3><a href="https://omniosce.org/article/release-030" rel="nofollow">OmniOS Community Edition r151030 LTS - Published at May 6, 2019</a></h3>
15329
15330 <blockquote>
15331 <p>The OmniOS Community Edition Association is proud to announce the general availability of OmniOS - r151030.</p>
15332
15333 <p>OmniOS is published according to a 6-month release cycle, r151030 LTS takes over from r151028, published in November 2018; and since it is a LTS release it also takes over from r151022. The r151030 LTS release will be supported for 3 Years. It is the first LTS release published by the OmniOS CE Association since taking over the reins from OmniTI in 2017. The next LTS release is scheduled for May 2021. The old stable r151026 release is now end-of-life. See the release schedule for further details.</p>
15334
15335 <p>This is only a small selection of the new features, and bug fixes in the new release; review the release notes for full details.</p>
15336
15337 <p>If you upgrade from r22 and want to see all new features added since then, make sure to also read the release notes for r24, r26 and r28.</p>
15338 </blockquote>
15339
15340 <ul>
15341 <li>For full relase notes including upgrade instructions;</li>
15342 <li><a href="https://omniosce.org/releasenotes.html" rel="nofollow">release notes</a></li>
15343 <li><a href="https://omniosce.org/upgrade.html" rel="nofollow">upgrade instructions</a></li>
15344 </ul>
15345
15346 <hr>
15347
15348 <h3><a href="https://vermaden.wordpress.com/2019/09/27/list-block-devices-on-freebsd-lsblk8-style/" rel="nofollow">List Block Devices on FreeBSD lsblk(8) Style</a></h3>
15349
15350 <blockquote>
15351 <p>When I have to work on Linux systems I usually miss many nice FreeBSD tools such as these for example to name the few: sockstat, gstat, top -b -o res, top -m io -o total, usbconfig, rcorder, beadm/bectl, idprio/rtprio,… but sometimes – which rarely happens – Linux has some very useful tool that is not available on FreeBSD. An example of such tool is lsblk(8) that does one thing and does it quite well – lists block devices and their contents. It has some problems like listing a disk that is entirely used under ZFS pool on which lsblk(8) displays two partitions instead of information about ZFS just being there – but we all know how much in some circles the CDDL licensed ZFS is unloved in that GPL world.</p>
15352 </blockquote>
15353
15354 <p>Example lsblk(8) output from Linux system:</p>
15355
15356 <pre><code>$ lsblk
15357 NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
15358 sr0 11:0 1 1024M 0 rom
15359 sda 8:0 0 931.5G 0 disk
15360 |-sda1 8:1 0 500M 0 part /boot
15361 `-sda2 8:2 0 931G 0 part
15362 |-vg_local-lv_root (dm-0) 253:0 0 50G 0 lvm /
15363 |-vg_local-lv_swap (dm-1) 253:1 0 17.7G 0 lvm [SWAP]
15364 `-vg_local-lv_home (dm-2) 253:2 0 1.8T 0 lvm /home
15365 sdc 8:32 0 232.9G 0 disk
15366 `-sdc1 8:33 0 232.9G 0 part
15367 `-md1 9:1 0 232.9G 0 raid10 /data
15368 sdd 8:48 0 232.9G 0 disk
15369 `-sdd1 8:49 0 232.9G 0 part
15370 `-md1 9:1 0 232.9G 0 raid10 /data
15371 </code></pre>
15372
15373 <blockquote>
15374 <p>What FreeBSD offers in this department? The camcontrol(8) and geom(8) commands are available. You can also use gpart(8) command to list partitions. Below you will find output of these commands from my single disk laptop. Please note that because of WordPress limitations I need to change all > < characters to ] [ ones in the commands outputs.</p>
15375 </blockquote>
15376
15377 <ul>
15378 <li>See the article for the rest of the guide</li>
15379 </ul>
15380
15381 <hr>
15382
15383 <h3><a href="https://project-trident.org/post/2019-10-05_19.10_available/" rel="nofollow">Project Trident 19.10 Now Available</a></h3>
15384
15385 <blockquote>
15386 <p>This is a general package update to the CURRENT release repository based upon TrueOS 19.10</p>
15387 </blockquote>
15388
15389 <ul>
15390 <li>PACKAGE CHANGES FROM 19.08
15391
15392 <ul>
15393 <li>New Packages: 601</li>
15394 <li>Deleted Packages: 165</li>
15395 <li>Updated Packages: 3341</li>
15396 </ul></li>
15397 </ul>
15398
15399 <hr>
15400
15401 <h2>Beastie Bits</h2>
15402
15403 <ul>
15404 <li><a href="https://imgur.com/gallery/0sG4b1K" rel="nofollow">NetBSD building tools</a></li>
15405 <li><a href="https://mwl.io/archives/4569" rel="nofollow">Sponsorships open for SNMP Mastery</a></li>
15406 <li><a href="http://mail-index.netbsd.org/pkgsrc-users/2019/10/03/msg029485.html" rel="nofollow">pkgsrc-2019Q3 release announcement (2019-10-03)</a></li>
15407 <li><a href="https://github.com/dylanaraps/pfetch" rel="nofollow">pfetch - A simple system information tool written in POSIX sh</a></li>
15408 <li><a href="https://netbsd.org/%7Ekamil/eurobsdcon2019_fuzzing/presentation.html#slide1" rel="nofollow">Taking NetBSD kernel bug roast to the next level: Kernel Fuzzers (quick A.D. 2019 overview)</a></li>
15409 <li><a href="https://leahneukirchen.org/blog/archive/2019/10/ken-thompson-s-unix-password.html" rel="nofollow">Cracking Ken Thomson’s password</a></li>
15410 </ul>
15411
15412 <hr>
15413
15414 <h2>Feedback/Questions</h2>
15415
15416 <ul>
15417 <li>Evilham - <a href="http://dpaste.com/2JC85WV" rel="nofollow">Couple Questions</a></li>
15418 <li>Rob - <a href="http://dpaste.com/0SDX9ZX" rel="nofollow">APU2 alternatives and GPT partition types</a></li>
15419 <li>Tom - <a href="http://dpaste.com/2B43MY1#wrap" rel="nofollow">FreeBSD journal article by A. Fengler</a></li>
15420 </ul>
15421
15422 <hr>
15423
15424 <ul>
15425 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
15426 </ul>
15427
15428 <hr>
15429
15430 <video controls preload="metadata" style=" width:426px; height:240px;">
15431 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0319.mp4" type="video/mp4">
15432 Your browser does not support the HTML5 video tag.
15433 </video>]]>
15434 </content:encoded>
15435 <itunes:summary>
15436 <![CDATA[<p>Causing ZFS corruption for fun, NetBSD Assembly Programming Tutorial, The IKEA Lack Rack for Servers, a new OmniOS Community Edition LTS has been published, List Block Devices on FreeBSD lsblk(8) Style, Project Trident 19.10 available, and more.</p>
15437
15438 <h2>Headlines</h2>
15439
15440 <h3><a href="https://datto.engineering/post/causing-zfs-corruption" rel="nofollow">Causing ZFS corruption for fun and profit</a></h3>
15441
15442 <blockquote>
15443 <p>Datto backs up data, a lot of it. At the time of writing Datto has over 500 PB of data stored on ZFS. This count includes both backup appliances that are sent to customer sites, as well as cloud storage servers that are used for secondary and tertiary backup of those appliances. At this scale drive swaps are a daily occurrence, and data corruption is inevitable. How we handle this corruption when it happens determines whether we truly lose data, or successfully restore from secondary backup. In this post we'll be showing you how at Datto we intentionally cause corruption in our testing environments, to ensure we're building software that can properly handle these scenarios.</p>
15444 </blockquote>
15445
15446 <ul>
15447 <li>Causing Corruption</li>
15448 </ul>
15449
15450 <blockquote>
15451 <p>Since this is a mirror setup, a naive solution to cause corruption would be to randomly dd the same sectors of both /dev/sdb and /dev/sdc. This works, but is equally likely to just overwrite random unused space, or take down the zpool entirely. What we really want is to corrupt a specific snapshot, or even a specific file in that snapshot, to simulate a more realistic minor corruption event. Luckily we have a tool called zdb that lets us view some low level information about datasets.</p>
15452 </blockquote>
15453
15454 <ul>
15455 <li>Conclusion</li>
15456 </ul>
15457
15458 <blockquote>
15459 <p>At the 500 PB scale, it's not a matter of if data corruption will happen but when. Intentionally causing corruption is one of the strategies we use to ensure we're building software that can handle these rare (but inevitable) events.</p>
15460
15461 <p>To others out there using ZFS: I'm curious to hear how you've solved this problem. We did quite a bit of experimentation with zinject before going with this more brute force method. So I'd be especially interested if you've had luck simply simulating corruption with zinject.</p>
15462 </blockquote>
15463
15464 <hr>
15465
15466 <h3><a href="https://polprog.net/blog/netbsdasmprog/" rel="nofollow">NetBSD Assembly Programming Tutorial</a></h3>
15467
15468 <blockquote>
15469 <p>A sparc64 version is also being prepared and will be added when done</p>
15470
15471 <p>This post describes how to write a simple hello world program in pure assembly on NetBSD/amd64. We will not use (nor link against) libc, nor use gcc to compile it. I will be using GNU as (gas), and therefore the AT&T syntax instead of Intel.</p>
15472 </blockquote>
15473
15474 <ul>
15475 <li>Why assembly?</li>
15476 </ul>
15477
15478 <blockquote>
15479 <p>Why not? Because it's fun to program in assembly directly. Contrary to a popular belief assembly programs aren't always faster than what optimizing compilers produce. Nevertheless it's good to be able to read assembly, especially when debugging C programs</p>
15480 </blockquote>
15481
15482 <ul>
15483 <li>Due to the nature of the guide, visit the site for the complete breakdown</li>
15484 </ul>
15485
15486 <hr>
15487
15488 <h2>News Roundup</h2>
15489
15490 <h3><a href="https://wiki.eth0.nl/index.php/LackRack" rel="nofollow">The IKEA Lack Rack for Servers</a></h3>
15491
15492 <ul>
15493 <li>The LackRack</li>
15494 </ul>
15495
15496 <blockquote>
15497 <p>First occurrence on eth0:2010 Winterlan, the LackRack is the ultimate, low-cost, high shininess solution for your modular datacenter-in-the-living-room. Featuring the LACK (side table) from Ikea, the LackRack is an easy-to-implement, exact-fit datacenter building block. It's a little known fact that we have seen Google engineers tinker with Lack tables since way back in 2009.</p>
15498
15499 <p>The LackRack will certainly make its appearance again this summer at eth0:2010 Summer.</p>
15500 </blockquote>
15501
15502 <ul>
15503 <li>Summary</li>
15504 </ul>
15505
15506 <blockquote>
15507 <p>When temporarily not in use, multiple LackRacks can be stacked in a space-efficient way without disassembly, unlike competing 19" server racks.</p>
15508
15509 <p>The LackRack was first seen on eth0:2010 Winterlan in the no-shoe Lounge area. Its low-cost and perfect fit are great for mounting up to 8 U of 19" hardware, such as switches (see below), or perhaps other 19" gear. It's very easy to assemble, and thanks to the design, they are stable enough to hold (for example) 19" switches and you can put your bottle of Club-Mate on top! Multi-shiny LackRack can also be painted to your specific preferences and the airflow is unprecedented!</p>
15510 </blockquote>
15511
15512 <ul>
15513 <li>Howto</li>
15514 </ul>
15515
15516 <blockquote>
15517 <p>You can find a howto on buying a LackRack on this page. This includes the proof that a 19" switch can indeed be placed in the LackRack in its natural habitat!</p>
15518 </blockquote>
15519
15520 <hr>
15521
15522 <h3><a href="https://omniosce.org/article/release-030" rel="nofollow">OmniOS Community Edition r151030 LTS - Published at May 6, 2019</a></h3>
15523
15524 <blockquote>
15525 <p>The OmniOS Community Edition Association is proud to announce the general availability of OmniOS - r151030.</p>
15526
15527 <p>OmniOS is published according to a 6-month release cycle, r151030 LTS takes over from r151028, published in November 2018; and since it is a LTS release it also takes over from r151022. The r151030 LTS release will be supported for 3 Years. It is the first LTS release published by the OmniOS CE Association since taking over the reins from OmniTI in 2017. The next LTS release is scheduled for May 2021. The old stable r151026 release is now end-of-life. See the release schedule for further details.</p>
15528
15529 <p>This is only a small selection of the new features, and bug fixes in the new release; review the release notes for full details.</p>
15530
15531 <p>If you upgrade from r22 and want to see all new features added since then, make sure to also read the release notes for r24, r26 and r28.</p>
15532 </blockquote>
15533
15534 <ul>
15535 <li>For full relase notes including upgrade instructions;</li>
15536 <li><a href="https://omniosce.org/releasenotes.html" rel="nofollow">release notes</a></li>
15537 <li><a href="https://omniosce.org/upgrade.html" rel="nofollow">upgrade instructions</a></li>
15538 </ul>
15539
15540 <hr>
15541
15542 <h3><a href="https://vermaden.wordpress.com/2019/09/27/list-block-devices-on-freebsd-lsblk8-style/" rel="nofollow">List Block Devices on FreeBSD lsblk(8) Style</a></h3>
15543
15544 <blockquote>
15545 <p>When I have to work on Linux systems I usually miss many nice FreeBSD tools such as these for example to name the few: sockstat, gstat, top -b -o res, top -m io -o total, usbconfig, rcorder, beadm/bectl, idprio/rtprio,… but sometimes – which rarely happens – Linux has some very useful tool that is not available on FreeBSD. An example of such tool is lsblk(8) that does one thing and does it quite well – lists block devices and their contents. It has some problems like listing a disk that is entirely used under ZFS pool on which lsblk(8) displays two partitions instead of information about ZFS just being there – but we all know how much in some circles the CDDL licensed ZFS is unloved in that GPL world.</p>
15546 </blockquote>
15547
15548 <p>Example lsblk(8) output from Linux system:</p>
15549
15550 <pre><code>$ lsblk
15551 NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
15552 sr0 11:0 1 1024M 0 rom
15553 sda 8:0 0 931.5G 0 disk
15554 |-sda1 8:1 0 500M 0 part /boot
15555 `-sda2 8:2 0 931G 0 part
15556 |-vg_local-lv_root (dm-0) 253:0 0 50G 0 lvm /
15557 |-vg_local-lv_swap (dm-1) 253:1 0 17.7G 0 lvm [SWAP]
15558 `-vg_local-lv_home (dm-2) 253:2 0 1.8T 0 lvm /home
15559 sdc 8:32 0 232.9G 0 disk
15560 `-sdc1 8:33 0 232.9G 0 part
15561 `-md1 9:1 0 232.9G 0 raid10 /data
15562 sdd 8:48 0 232.9G 0 disk
15563 `-sdd1 8:49 0 232.9G 0 part
15564 `-md1 9:1 0 232.9G 0 raid10 /data
15565 </code></pre>
15566
15567 <blockquote>
15568 <p>What FreeBSD offers in this department? The camcontrol(8) and geom(8) commands are available. You can also use gpart(8) command to list partitions. Below you will find output of these commands from my single disk laptop. Please note that because of WordPress limitations I need to change all > < characters to ] [ ones in the commands outputs.</p>
15569 </blockquote>
15570
15571 <ul>
15572 <li>See the article for the rest of the guide</li>
15573 </ul>
15574
15575 <hr>
15576
15577 <h3><a href="https://project-trident.org/post/2019-10-05_19.10_available/" rel="nofollow">Project Trident 19.10 Now Available</a></h3>
15578
15579 <blockquote>
15580 <p>This is a general package update to the CURRENT release repository based upon TrueOS 19.10</p>
15581 </blockquote>
15582
15583 <ul>
15584 <li>PACKAGE CHANGES FROM 19.08
15585
15586 <ul>
15587 <li>New Packages: 601</li>
15588 <li>Deleted Packages: 165</li>
15589 <li>Updated Packages: 3341</li>
15590 </ul></li>
15591 </ul>
15592
15593 <hr>
15594
15595 <h2>Beastie Bits</h2>
15596
15597 <ul>
15598 <li><a href="https://imgur.com/gallery/0sG4b1K" rel="nofollow">NetBSD building tools</a></li>
15599 <li><a href="https://mwl.io/archives/4569" rel="nofollow">Sponsorships open for SNMP Mastery</a></li>
15600 <li><a href="http://mail-index.netbsd.org/pkgsrc-users/2019/10/03/msg029485.html" rel="nofollow">pkgsrc-2019Q3 release announcement (2019-10-03)</a></li>
15601 <li><a href="https://github.com/dylanaraps/pfetch" rel="nofollow">pfetch - A simple system information tool written in POSIX sh</a></li>
15602 <li><a href="https://netbsd.org/%7Ekamil/eurobsdcon2019_fuzzing/presentation.html#slide1" rel="nofollow">Taking NetBSD kernel bug roast to the next level: Kernel Fuzzers (quick A.D. 2019 overview)</a></li>
15603 <li><a href="https://leahneukirchen.org/blog/archive/2019/10/ken-thompson-s-unix-password.html" rel="nofollow">Cracking Ken Thomson’s password</a></li>
15604 </ul>
15605
15606 <hr>
15607
15608 <h2>Feedback/Questions</h2>
15609
15610 <ul>
15611 <li>Evilham - <a href="http://dpaste.com/2JC85WV" rel="nofollow">Couple Questions</a></li>
15612 <li>Rob - <a href="http://dpaste.com/0SDX9ZX" rel="nofollow">APU2 alternatives and GPT partition types</a></li>
15613 <li>Tom - <a href="http://dpaste.com/2B43MY1#wrap" rel="nofollow">FreeBSD journal article by A. Fengler</a></li>
15614 </ul>
15615
15616 <hr>
15617
15618 <ul>
15619 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
15620 </ul>
15621
15622 <hr>
15623
15624 <video controls preload="metadata" style=" width:426px; height:240px;">
15625 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0319.mp4" type="video/mp4">
15626 Your browser does not support the HTML5 video tag.
15627 </video>]]>
15628 </itunes:summary>
15629 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+yTRLAWIA</fireside:playerURL>
15630 <fireside:playerEmbedCode>
15631 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+yTRLAWIA" width="740" height="200" frameborder="0" scrolling="no">]]>
15632 </fireside:playerEmbedCode>
15633 </item>
15634 <item>
15635 <title>318: The TrueNAS Library</title>
15636 <link>https://www.bsdnow.tv/318</link>
15637 <guid isPermaLink="false">a53fad97-5df2-4cd3-91a8-e75d5a2f38d7</guid>
15638 <pubDate>Wed, 02 Oct 2019 20:00:00 -0700</pubDate>
15639 <author>Allan Jude</author>
15640 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/a53fad97-5df2-4cd3-91a8-e75d5a2f38d7.mp3" length="33605404" type="audio/mp3"/>
15641 <itunes:episodeType>full</itunes:episodeType>
15642 <itunes:author>Allan Jude</itunes:author>
15643 <itunes:subtitle>DragonFlyBSD vs. FreeBSD vs. Linux benchmark on Ryzen 7, JFK Presidential Library chooses TrueNAS for digital archives, FreeBSD 12.1-beta is available, cool but obscure X11 tools, vBSDcon trip report, Project Trident 12-U7 is available, a couple new Unix artifacts, and more.</itunes:subtitle>
15644 <itunes:duration>46:40</itunes:duration>
15645 <itunes:explicit>no</itunes:explicit>
15646 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
15647 <description>DragonFlyBSD vs. FreeBSD vs. Linux benchmark on Ryzen 7, JFK Presidential Library chooses TrueNAS for digital archives, FreeBSD 12.1-beta is available, cool but obscure X11 tools, vBSDcon trip report, Project Trident 12-U7 is available, a couple new Unix artifacts, and more.
15648 Headlines
15649 DragonFlyBSD 5.6 vs. FreeBSD 12 vs. Linux - Ryzen 7 3700X (https://www.phoronix.com/scan.php?page=article&item=bsd-linux-3700x)
15650 For those wondering how well FreeBSD and DragonFlyBSD are handling AMD's new Ryzen 3000 series desktop processors, here are some benchmarks on a Ryzen 7 3700X with MSI MEG X570 GODLIKE where both of these popular BSD operating systems were working out-of-the-box. For some fun mid-week benchmarking, here are those results of FreeBSD 12.0 and DragonFlyBSD 5.6.2 up against openSUSE Tumbleweed and Ubuntu 19.04.
15651 Back in July I looked at FreeBSD 12 on the Ryzen 9 3900X but at that time at least DragonFlyBSD had troubles booting on that system. When trying out the Ryzen 7 3700X + MSI GODLIKE X570 motherboard on the latest BIOS, everything "just worked" without any compatibility issues for either of these BSDs.
15652 We've been eager to see how well DragonFlyBSD is performing on these new AMD Zen 2 CPUs with DragonFlyBSD lead developer Matthew Dillon having publicly expressed being impressed by the new AMD Ryzen 3000 series CPUs.
15653 For comparison to those BSDs, Ubuntu 19.04 and openSUSE Tumbleweed were tested on the same hardware in their out-of-the-box configurations. While Clear Linux is normally the fastest, on this system Clear's power management defaults had caused issues in being unable to detect the Samsung 970 EVO Plus NVMe SSD used for testing and so we left it out this round.
15654 All of the hardware was the same throughout testing as were the BIOS settings and running the Ryzen 7 3700X at stock speeds. (Any differences in the reported hardware for the system table just come down to differences in what is exposed by each OS for reporting.) All of the BSD/Linux benchmarks on this eight core / sixteen thread processor were run via the Phoronix Test Suite. In the case of FreeBSD 12.0, we benchmarked both with its default LLVM Clang 6.0 compiler as well as with GCC 9.1 so that it would match the GCC compiler being the default on the other operating systems under test.
15655 JFK Presidential Library Chooses iXsystems TrueNAS to Preserve Precious Digital Archives (https://www.ixsystems.com/blog/jfk-presidential-library-pr/)
15656 iXsystems is honored to have the TrueNAS® M-Series unified storage selected to store, serve, and protect the entire digital archive for the John F. Kennedy Library Foundation. This is in support of the collection at the John F. Kennedy Presidential Library and Museum (JFK Library). Over the next several years, the Foundation hopes to grow the digital collection from hundreds of terabytes today to cover much more of the Archives at the Kennedy Library. Overall there is a total of 25 million documents, audio recordings, photos, and videos once the project is complete.
15657 Having first deployed the TrueNAS M50-HA earlier in 2019, the JFK Library has now completed the migration of its existing digital collection and is now in the process of digitizing much of the rest of its vast collection.
15658 Not only is the catalog of material vast, it is also diverse, with files being copied to the storage system from a variety of sources in numerous file types. To achieve this ambitious goal, the library required a high-end NAS system capable of sharing with a variety of systems throughout the digitization process. The digital archive will be served from the TrueNAS M50 and made available to both in-person and online visitors.
15659 With precious material and information comes robust demands. The highly-available TrueNAS M-Series has multiple layers of protection to help keep data safe, including data scrubs, checksums, unlimited snapshots, replication, and more. TrueNAS is also inherently scalable with data shares only limited by the number of drives connected to the pool. Perfect for archival storage, the deployed TrueNAS M50 will grow with the library’s content, easily expanding its storage capacity over time as needed. Supporting a variety of protocols, multi-petabyte scalability in a single share, and anytime, uninterrupted capacity expansion, the TrueNAS M-Series ticked all the right boxes.
15660 Youtube Video (https://www.youtube.com/watch?v=8rFjH5-0Fiw)
15661 News Roundup
15662 FreeBSD 12.1-beta available (https://www.phoronix.com/scan.php?page=news_item&px=FreeBSD-12.1-Beta-Released)
15663 FreeBSD 12.0 is already approaching one year old while FreeBSD 12.1 is now on the way as the next installment with various bug/security fixes and other alterations to this BSD operating system.
15664 FreeBSD 12.1 has many security/bug fixes throughout, no longer enables "-Werror" by default as a compiler flag (Update: This change is just for the GCC 4.2 compiler), has imported BearSSL into the FreeBSD base system as a lightweight TLS/SSL implementation, bzip2recover has been added, and a variety of mostly lower-level changes. More details can be found via the in-progress release notes.
15665 For those with time to test this weekend, FreeBSD 12.1 Beta 1 is available for all prominent architectures.
15666 The FreeBSD release team is planning for at least another beta or two and around three release candidates. If all goes well, FreeBSD 12.1 will be out in early November.
15667 Announcement Link (https://lists.freebsd.org/pipermail/freebsd-stable/2019-September/091533.html)
15668 Cool, but obscure X11 tools. More suggestions in the source link (https://cyber.dabamos.de/unix/x11/)
15669 ASClock
15670 Free42
15671 FSV2
15672 GLXGears
15673 GMixer
15674 GVIM
15675 Micropolis
15676 Sunclock
15677 Ted
15678 TiEmu
15679 X026
15680 X48
15681 XAbacus
15682 XAntfarm
15683 XArchiver
15684 XASCII
15685 XBiff
15686 XBill
15687 XBoard
15688 XCalc
15689 XCalendar
15690 XCHM
15691 XChomp
15692 XClipboard
15693 XClock
15694 XClock/Cat Clock
15695 XColorSel
15696 XConsole
15697 XDiary
15698 XEarth
15699 XEdit
15700 Xev
15701 XEyes
15702 XFontSel
15703 XGalaga
15704 XInvaders 3D
15705 XKill
15706 XLennart
15707 XLoad
15708 XLock
15709 XLogo
15710 XMahjongg
15711 XMan
15712 XMessage
15713 XmGrace
15714 XMixer
15715 XmMix
15716 XMore
15717 XMosaic
15718 XMOTD
15719 XMountains
15720 XNeko
15721 XOdometer
15722 XOSView
15723 Xplore
15724 XPostIt
15725 XRoach
15726 XScreenSaver
15727 XSnow
15728 XSpread
15729 XTerm
15730 XTide
15731 Xv
15732 Xvkbd
15733 XWPE
15734 XZoom
15735 vBSDCon 2019 trip report from iXSystems (https://www.ixsystems.com/blog/vbsdcon-2019/)
15736 The fourth biennial vBSDCon was held in Reston, VA on September 5th through 7th and attracted attendees and presenters from not only the Washington, DC area, but also Canada, Germany, Kenya, and beyond. While MeetBSD caters to Silicon Valley BSD enthusiasts on even years, vBSDcon caters to East Coast and DC area enthusiasts on odd years. Verisign was again the key sponsor of vBSDcon 2019 but this year made a conscious effort to entrust the organization of the event to a team of community members led by Dan Langille, who you probably know as the lead BSDCan organizer. The result of this shift was a low key but professional event that fostered great conversation and brainstorming at every turn.
15737 Project Trident 12-U7 now available (https://project-trident.org/post/2019-09-21_stable12-u7_available/)
15738 Package Summary
15739 New Packages: 130
15740 Deleted Packages: 72
15741 Updated Packages: 865
15742 Stable ISO - https://pkg.project-trident.org/iso/stable/Trident-x64-TOS-12-U7-20190920.iso
15743 A Couple new Unix Artifacts (https://minnie.tuhs.org//pipermail/tuhs/2019-September/018685.html)
15744 I fear we're drifting a bit here and the S/N ratio is dropping a bit w.r.t the actual history of Unix. Please no more on the relative merits of version control systems or alternative text processing systems.
15745 So I'll try to distract you by saying this. I'm sitting on two artifacts that have recently been given to me:
15746 by two large organisations
15747 of great significance to Unix history
15748 who want me to keep "mum" about them
15749 as they are going to make announcements about them soon*
15750 and I am going slowly crazy as I wait for them to be offically released. Now you have a new topic to talk about :-)
15751 Cheers, Warren
15752 * for some definition of "soon"
15753 Beastie Bits
15754 NetBSD machines at Open Source Conference 2019 Hiroshima (https://mail-index.netbsd.org/netbsd-advocacy/2019/09/16/msg000813.html)
15755 Hyperbola a GNU/Linux OS is using OpenBSD's Xenocara (https://www.hyperbola.info/news/end-of-xorg-support/)
15756 Talos is looking for a FreeBSD Engineer (https://www.talosintelligence.com/careers/freebsd_engineer)
15757 GitHub - dylanaraps/pure-sh-bible: A collection of pure POSIX sh alternatives to external processes. (https://github.com/dylanaraps/pure-sh-bible)
15758 dsynth: you’re building it (https://www.dragonflydigest.com/2019/09/23/23523.html)
15759 Percy Ludgate, the missing link between Babbage’s machine and everything else (http://lists.sigcis.org/pipermail/members-sigcis.org/2019-September/001606.html)
15760 Feedback/Questions
15761 Bruce - Down the expect rabbithole (http://dpaste.com/147HGP3#wrap)
15762 Bruce - Expect (update) (http://dpaste.com/37MNVSW#wrap)
15763 David - Netgraph answer (http://dpaste.com/2SE1YSE)
15764 Mason - Beeps? (http://dpaste.com/00KKXJM)
15765 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
15766 <video controls preload="metadata" style=" width:426px; height:240px;">
15767 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0318.mp4" type="video/mp4">
15768 Your browser does not support the HTML5 video tag.
15769 </video>
15770 </description>
15771 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, ryzen, ryzen 7, ryzen 7 3700X, amd, benchmark, presidential library, digital archives, digital library, presidential archive, truenas, obscure tools, x11, vbsdcon, trip report, project trident, Unix, Unix artifacts</itunes:keywords>
15772 <content:encoded>
15773 <![CDATA[<p>DragonFlyBSD vs. FreeBSD vs. Linux benchmark on Ryzen 7, JFK Presidential Library chooses TrueNAS for digital archives, FreeBSD 12.1-beta is available, cool but obscure X11 tools, vBSDcon trip report, Project Trident 12-U7 is available, a couple new Unix artifacts, and more.</p>
15774
15775 <h2>Headlines</h2>
15776
15777 <h3><a href="https://www.phoronix.com/scan.php?page=article&item=bsd-linux-3700x" rel="nofollow">DragonFlyBSD 5.6 vs. FreeBSD 12 vs. Linux - Ryzen 7 3700X</a></h3>
15778
15779 <blockquote>
15780 <p>For those wondering how well FreeBSD and DragonFlyBSD are handling AMD's new Ryzen 3000 series desktop processors, here are some benchmarks on a Ryzen 7 3700X with MSI MEG X570 GODLIKE where both of these popular BSD operating systems were working out-of-the-box. For some fun mid-week benchmarking, here are those results of FreeBSD 12.0 and DragonFlyBSD 5.6.2 up against openSUSE Tumbleweed and Ubuntu 19.04.</p>
15781
15782 <p>Back in July I looked at FreeBSD 12 on the Ryzen 9 3900X but at that time at least DragonFlyBSD had troubles booting on that system. When trying out the Ryzen 7 3700X + MSI GODLIKE X570 motherboard on the latest BIOS, everything "just worked" without any compatibility issues for either of these BSDs.</p>
15783
15784 <p>We've been eager to see how well DragonFlyBSD is performing on these new AMD Zen 2 CPUs with DragonFlyBSD lead developer Matthew Dillon having publicly expressed being impressed by the new AMD Ryzen 3000 series CPUs.</p>
15785
15786 <p>For comparison to those BSDs, Ubuntu 19.04 and openSUSE Tumbleweed were tested on the same hardware in their out-of-the-box configurations. While Clear Linux is normally the fastest, on this system Clear's power management defaults had caused issues in being unable to detect the Samsung 970 EVO Plus NVMe SSD used for testing and so we left it out this round.</p>
15787
15788 <p>All of the hardware was the same throughout testing as were the BIOS settings and running the Ryzen 7 3700X at stock speeds. (Any differences in the reported hardware for the system table just come down to differences in what is exposed by each OS for reporting.) All of the BSD/Linux benchmarks on this eight core / sixteen thread processor were run via the Phoronix Test Suite. In the case of FreeBSD 12.0, we benchmarked both with its default LLVM Clang 6.0 compiler as well as with GCC 9.1 so that it would match the GCC compiler being the default on the other operating systems under test.</p>
15789 </blockquote>
15790
15791 <hr>
15792
15793 <h3><a href="https://www.ixsystems.com/blog/jfk-presidential-library-pr/" rel="nofollow">JFK Presidential Library Chooses iXsystems TrueNAS to Preserve Precious Digital Archives</a></h3>
15794
15795 <blockquote>
15796 <p>iXsystems is honored to have the TrueNAS® M-Series unified storage selected to store, serve, and protect the entire digital archive for the John F. Kennedy Library Foundation. This is in support of the collection at the John F. Kennedy Presidential Library and Museum (JFK Library). Over the next several years, the Foundation hopes to grow the digital collection from hundreds of terabytes today to cover much more of the Archives at the Kennedy Library. Overall there is a total of 25 million documents, audio recordings, photos, and videos once the project is complete.</p>
15797
15798 <p>Having first deployed the TrueNAS M50-HA earlier in 2019, the JFK Library has now completed the migration of its existing digital collection and is now in the process of digitizing much of the rest of its vast collection. </p>
15799
15800 <p>Not only is the catalog of material vast, it is also diverse, with files being copied to the storage system from a variety of sources in numerous file types. To achieve this ambitious goal, the library required a high-end NAS system capable of sharing with a variety of systems throughout the digitization process. The digital archive will be served from the TrueNAS M50 and made available to both in-person and online visitors.</p>
15801
15802 <p>With precious material and information comes robust demands. The highly-available TrueNAS M-Series has multiple layers of protection to help keep data safe, including data scrubs, checksums, unlimited snapshots, replication, and more. TrueNAS is also inherently scalable with data shares only limited by the number of drives connected to the pool. Perfect for archival storage, the deployed TrueNAS M50 will grow with the library’s content, easily expanding its storage capacity over time as needed. Supporting a variety of protocols, multi-petabyte scalability in a single share, and anytime, uninterrupted capacity expansion, the TrueNAS M-Series ticked all the right boxes. </p>
15803 </blockquote>
15804
15805 <ul>
15806 <li><a href="https://www.youtube.com/watch?v=8rFjH5-0Fiw" rel="nofollow">Youtube Video</a></li>
15807 </ul>
15808
15809 <hr>
15810
15811 <h2>News Roundup</h2>
15812
15813 <h3><a href="https://www.phoronix.com/scan.php?page=news_item&px=FreeBSD-12.1-Beta-Released" rel="nofollow">FreeBSD 12.1-beta available</a></h3>
15814
15815 <blockquote>
15816 <p>FreeBSD 12.0 is already approaching one year old while FreeBSD 12.1 is now on the way as the next installment with various bug/security fixes and other alterations to this BSD operating system.</p>
15817
15818 <p>FreeBSD 12.1 has many security/bug fixes throughout, no longer enables "-Werror" by default as a compiler flag (Update: This change is just for the GCC 4.2 compiler), has imported BearSSL into the FreeBSD base system as a lightweight TLS/SSL implementation, bzip2recover has been added, and a variety of mostly lower-level changes. More details can be found via the in-progress release notes.</p>
15819
15820 <p>For those with time to test this weekend, FreeBSD 12.1 Beta 1 is available for all prominent architectures.</p>
15821
15822 <p>The FreeBSD release team is planning for at least another beta or two and around three release candidates. If all goes well, FreeBSD 12.1 will be out in early November.</p>
15823 </blockquote>
15824
15825 <ul>
15826 <li><a href="https://lists.freebsd.org/pipermail/freebsd-stable/2019-September/091533.html" rel="nofollow">Announcement Link</a></li>
15827 </ul>
15828
15829 <hr>
15830
15831 <h3><a href="https://cyber.dabamos.de/unix/x11/" rel="nofollow">Cool, but obscure X11 tools. More suggestions in the source link</a></h3>
15832
15833 <ul>
15834 <li>ASClock</li>
15835 <li>Free42</li>
15836 <li>FSV2</li>
15837 <li>GLXGears</li>
15838 <li>GMixer</li>
15839 <li>GVIM</li>
15840 <li>Micropolis</li>
15841 <li>Sunclock</li>
15842 <li>Ted</li>
15843 <li>TiEmu</li>
15844 <li>X026</li>
15845 <li>X48</li>
15846 <li>XAbacus</li>
15847 <li>XAntfarm</li>
15848 <li>XArchiver</li>
15849 <li>XASCII</li>
15850 <li>XBiff</li>
15851 <li>XBill</li>
15852 <li>XBoard</li>
15853 <li>XCalc</li>
15854 <li>XCalendar</li>
15855 <li>XCHM</li>
15856 <li>XChomp</li>
15857 <li>XClipboard</li>
15858 <li>XClock</li>
15859 <li>XClock/Cat Clock</li>
15860 <li>XColorSel</li>
15861 <li>XConsole</li>
15862 <li>XDiary</li>
15863 <li>XEarth</li>
15864 <li>XEdit</li>
15865 <li>Xev</li>
15866 <li>XEyes</li>
15867 <li>XFontSel</li>
15868 <li>XGalaga</li>
15869 <li>XInvaders 3D</li>
15870 <li>XKill</li>
15871 <li>XLennart</li>
15872 <li>XLoad</li>
15873 <li>XLock</li>
15874 <li>XLogo</li>
15875 <li>XMahjongg</li>
15876 <li>XMan</li>
15877 <li>XMessage</li>
15878 <li>XmGrace</li>
15879 <li>XMixer</li>
15880 <li>XmMix</li>
15881 <li>XMore</li>
15882 <li>XMosaic</li>
15883 <li>XMOTD</li>
15884 <li>XMountains</li>
15885 <li>XNeko</li>
15886 <li>XOdometer</li>
15887 <li>XOSView</li>
15888 <li>Xplore</li>
15889 <li>XPostIt</li>
15890 <li>XRoach</li>
15891 <li>XScreenSaver</li>
15892 <li>XSnow</li>
15893 <li>XSpread</li>
15894 <li>XTerm</li>
15895 <li>XTide</li>
15896 <li>Xv</li>
15897 <li>Xvkbd</li>
15898 <li>XWPE</li>
15899 <li>XZoom</li>
15900 </ul>
15901
15902 <hr>
15903
15904 <h3><a href="https://www.ixsystems.com/blog/vbsdcon-2019/" rel="nofollow">vBSDCon 2019 trip report from iXSystems</a></h3>
15905
15906 <blockquote>
15907 <p>The fourth biennial vBSDCon was held in Reston, VA on September 5th through 7th and attracted attendees and presenters from not only the Washington, DC area, but also Canada, Germany, Kenya, and beyond. While MeetBSD caters to Silicon Valley BSD enthusiasts on even years, vBSDcon caters to East Coast and DC area enthusiasts on odd years. Verisign was again the key sponsor of vBSDcon 2019 but this year made a conscious effort to entrust the organization of the event to a team of community members led by Dan Langille, who you probably know as the lead BSDCan organizer. The result of this shift was a low key but professional event that fostered great conversation and brainstorming at every turn.</p>
15908 </blockquote>
15909
15910 <hr>
15911
15912 <h3><a href="https://project-trident.org/post/2019-09-21_stable12-u7_available/" rel="nofollow">Project Trident 12-U7 now available</a></h3>
15913
15914 <ul>
15915 <li>Package Summary
15916
15917 <ul>
15918 <li>New Packages: 130</li>
15919 <li>Deleted Packages: 72</li>
15920 <li>Updated Packages: 865</li>
15921 </ul></li>
15922 <li>Stable ISO - <a href="https://pkg.project-trident.org/iso/stable/Trident-x64-TOS-12-U7-20190920.iso" rel="nofollow">https://pkg.project-trident.org/iso/stable/Trident-x64-TOS-12-U7-20190920.iso</a></li>
15923 </ul>
15924
15925 <hr>
15926
15927 <h3><a href="https://minnie.tuhs.org//pipermail/tuhs/2019-September/018685.html" rel="nofollow">A Couple new Unix Artifacts</a></h3>
15928
15929 <blockquote>
15930 <p>I fear we're drifting a bit here and the S/N ratio is dropping a bit w.r.t the actual history of Unix. Please no more on the relative merits of version control systems or alternative text processing systems.</p>
15931
15932 <p>So I'll try to distract you by saying this. I'm sitting on two artifacts that have recently been given to me:</p>
15933 </blockquote>
15934
15935 <ul>
15936 <li>by two large organisations</li>
15937 <li>of great significance to Unix history</li>
15938 <li>who want me to keep "mum" about them</li>
15939 <li>as they are going to make announcements about them soon*</li>
15940 </ul>
15941
15942 <blockquote>
15943 <p>and I am going slowly crazy as I wait for them to be offically released. Now you have a new topic to talk about :-)</p>
15944
15945 <p>Cheers, Warren</p>
15946 </blockquote>
15947
15948 <p>* <em>for some definition of "soon"</em></p>
15949
15950 <hr>
15951
15952 <h2>Beastie Bits</h2>
15953
15954 <ul>
15955 <li><a href="https://mail-index.netbsd.org/netbsd-advocacy/2019/09/16/msg000813.html" rel="nofollow">NetBSD machines at Open Source Conference 2019 Hiroshima</a></li>
15956 <li><a href="https://www.hyperbola.info/news/end-of-xorg-support/" rel="nofollow">Hyperbola a GNU/Linux OS is using OpenBSD's Xenocara</a></li>
15957 <li><a href="https://www.talosintelligence.com/careers/freebsd_engineer" rel="nofollow">Talos is looking for a FreeBSD Engineer</a></li>
15958 <li><a href="https://github.com/dylanaraps/pure-sh-bible" rel="nofollow">GitHub - dylanaraps/pure-sh-bible: A collection of pure POSIX sh alternatives to external processes.</a></li>
15959 <li><a href="https://www.dragonflydigest.com/2019/09/23/23523.html" rel="nofollow">dsynth: you’re building it</a></li>
15960 <li><a href="http://lists.sigcis.org/pipermail/members-sigcis.org/2019-September/001606.html" rel="nofollow">Percy Ludgate, the missing link between Babbage’s machine and everything else</a></li>
15961 </ul>
15962
15963 <hr>
15964
15965 <h2>Feedback/Questions</h2>
15966
15967 <ul>
15968 <li>Bruce - <a href="http://dpaste.com/147HGP3#wrap" rel="nofollow">Down the expect rabbithole</a></li>
15969 <li>Bruce - <a href="http://dpaste.com/37MNVSW#wrap" rel="nofollow">Expect (update)</a></li>
15970 <li>David - <a href="http://dpaste.com/2SE1YSE" rel="nofollow">Netgraph answer</a></li>
15971 <li>Mason - <a href="http://dpaste.com/00KKXJM" rel="nofollow">Beeps?</a></li>
15972 </ul>
15973
15974 <hr>
15975
15976 <ul>
15977 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
15978 </ul>
15979
15980 <hr>
15981
15982 <video controls preload="metadata" style=" width:426px; height:240px;">
15983 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0318.mp4" type="video/mp4">
15984 Your browser does not support the HTML5 video tag.
15985 </video>]]>
15986 </content:encoded>
15987 <itunes:summary>
15988 <![CDATA[<p>DragonFlyBSD vs. FreeBSD vs. Linux benchmark on Ryzen 7, JFK Presidential Library chooses TrueNAS for digital archives, FreeBSD 12.1-beta is available, cool but obscure X11 tools, vBSDcon trip report, Project Trident 12-U7 is available, a couple new Unix artifacts, and more.</p>
15989
15990 <h2>Headlines</h2>
15991
15992 <h3><a href="https://www.phoronix.com/scan.php?page=article&item=bsd-linux-3700x" rel="nofollow">DragonFlyBSD 5.6 vs. FreeBSD 12 vs. Linux - Ryzen 7 3700X</a></h3>
15993
15994 <blockquote>
15995 <p>For those wondering how well FreeBSD and DragonFlyBSD are handling AMD's new Ryzen 3000 series desktop processors, here are some benchmarks on a Ryzen 7 3700X with MSI MEG X570 GODLIKE where both of these popular BSD operating systems were working out-of-the-box. For some fun mid-week benchmarking, here are those results of FreeBSD 12.0 and DragonFlyBSD 5.6.2 up against openSUSE Tumbleweed and Ubuntu 19.04.</p>
15996
15997 <p>Back in July I looked at FreeBSD 12 on the Ryzen 9 3900X but at that time at least DragonFlyBSD had troubles booting on that system. When trying out the Ryzen 7 3700X + MSI GODLIKE X570 motherboard on the latest BIOS, everything "just worked" without any compatibility issues for either of these BSDs.</p>
15998
15999 <p>We've been eager to see how well DragonFlyBSD is performing on these new AMD Zen 2 CPUs with DragonFlyBSD lead developer Matthew Dillon having publicly expressed being impressed by the new AMD Ryzen 3000 series CPUs.</p>
16000
16001 <p>For comparison to those BSDs, Ubuntu 19.04 and openSUSE Tumbleweed were tested on the same hardware in their out-of-the-box configurations. While Clear Linux is normally the fastest, on this system Clear's power management defaults had caused issues in being unable to detect the Samsung 970 EVO Plus NVMe SSD used for testing and so we left it out this round.</p>
16002
16003 <p>All of the hardware was the same throughout testing as were the BIOS settings and running the Ryzen 7 3700X at stock speeds. (Any differences in the reported hardware for the system table just come down to differences in what is exposed by each OS for reporting.) All of the BSD/Linux benchmarks on this eight core / sixteen thread processor were run via the Phoronix Test Suite. In the case of FreeBSD 12.0, we benchmarked both with its default LLVM Clang 6.0 compiler as well as with GCC 9.1 so that it would match the GCC compiler being the default on the other operating systems under test.</p>
16004 </blockquote>
16005
16006 <hr>
16007
16008 <h3><a href="https://www.ixsystems.com/blog/jfk-presidential-library-pr/" rel="nofollow">JFK Presidential Library Chooses iXsystems TrueNAS to Preserve Precious Digital Archives</a></h3>
16009
16010 <blockquote>
16011 <p>iXsystems is honored to have the TrueNAS® M-Series unified storage selected to store, serve, and protect the entire digital archive for the John F. Kennedy Library Foundation. This is in support of the collection at the John F. Kennedy Presidential Library and Museum (JFK Library). Over the next several years, the Foundation hopes to grow the digital collection from hundreds of terabytes today to cover much more of the Archives at the Kennedy Library. Overall there is a total of 25 million documents, audio recordings, photos, and videos once the project is complete.</p>
16012
16013 <p>Having first deployed the TrueNAS M50-HA earlier in 2019, the JFK Library has now completed the migration of its existing digital collection and is now in the process of digitizing much of the rest of its vast collection. </p>
16014
16015 <p>Not only is the catalog of material vast, it is also diverse, with files being copied to the storage system from a variety of sources in numerous file types. To achieve this ambitious goal, the library required a high-end NAS system capable of sharing with a variety of systems throughout the digitization process. The digital archive will be served from the TrueNAS M50 and made available to both in-person and online visitors.</p>
16016
16017 <p>With precious material and information comes robust demands. The highly-available TrueNAS M-Series has multiple layers of protection to help keep data safe, including data scrubs, checksums, unlimited snapshots, replication, and more. TrueNAS is also inherently scalable with data shares only limited by the number of drives connected to the pool. Perfect for archival storage, the deployed TrueNAS M50 will grow with the library’s content, easily expanding its storage capacity over time as needed. Supporting a variety of protocols, multi-petabyte scalability in a single share, and anytime, uninterrupted capacity expansion, the TrueNAS M-Series ticked all the right boxes. </p>
16018 </blockquote>
16019
16020 <ul>
16021 <li><a href="https://www.youtube.com/watch?v=8rFjH5-0Fiw" rel="nofollow">Youtube Video</a></li>
16022 </ul>
16023
16024 <hr>
16025
16026 <h2>News Roundup</h2>
16027
16028 <h3><a href="https://www.phoronix.com/scan.php?page=news_item&px=FreeBSD-12.1-Beta-Released" rel="nofollow">FreeBSD 12.1-beta available</a></h3>
16029
16030 <blockquote>
16031 <p>FreeBSD 12.0 is already approaching one year old while FreeBSD 12.1 is now on the way as the next installment with various bug/security fixes and other alterations to this BSD operating system.</p>
16032
16033 <p>FreeBSD 12.1 has many security/bug fixes throughout, no longer enables "-Werror" by default as a compiler flag (Update: This change is just for the GCC 4.2 compiler), has imported BearSSL into the FreeBSD base system as a lightweight TLS/SSL implementation, bzip2recover has been added, and a variety of mostly lower-level changes. More details can be found via the in-progress release notes.</p>
16034
16035 <p>For those with time to test this weekend, FreeBSD 12.1 Beta 1 is available for all prominent architectures.</p>
16036
16037 <p>The FreeBSD release team is planning for at least another beta or two and around three release candidates. If all goes well, FreeBSD 12.1 will be out in early November.</p>
16038 </blockquote>
16039
16040 <ul>
16041 <li><a href="https://lists.freebsd.org/pipermail/freebsd-stable/2019-September/091533.html" rel="nofollow">Announcement Link</a></li>
16042 </ul>
16043
16044 <hr>
16045
16046 <h3><a href="https://cyber.dabamos.de/unix/x11/" rel="nofollow">Cool, but obscure X11 tools. More suggestions in the source link</a></h3>
16047
16048 <ul>
16049 <li>ASClock</li>
16050 <li>Free42</li>
16051 <li>FSV2</li>
16052 <li>GLXGears</li>
16053 <li>GMixer</li>
16054 <li>GVIM</li>
16055 <li>Micropolis</li>
16056 <li>Sunclock</li>
16057 <li>Ted</li>
16058 <li>TiEmu</li>
16059 <li>X026</li>
16060 <li>X48</li>
16061 <li>XAbacus</li>
16062 <li>XAntfarm</li>
16063 <li>XArchiver</li>
16064 <li>XASCII</li>
16065 <li>XBiff</li>
16066 <li>XBill</li>
16067 <li>XBoard</li>
16068 <li>XCalc</li>
16069 <li>XCalendar</li>
16070 <li>XCHM</li>
16071 <li>XChomp</li>
16072 <li>XClipboard</li>
16073 <li>XClock</li>
16074 <li>XClock/Cat Clock</li>
16075 <li>XColorSel</li>
16076 <li>XConsole</li>
16077 <li>XDiary</li>
16078 <li>XEarth</li>
16079 <li>XEdit</li>
16080 <li>Xev</li>
16081 <li>XEyes</li>
16082 <li>XFontSel</li>
16083 <li>XGalaga</li>
16084 <li>XInvaders 3D</li>
16085 <li>XKill</li>
16086 <li>XLennart</li>
16087 <li>XLoad</li>
16088 <li>XLock</li>
16089 <li>XLogo</li>
16090 <li>XMahjongg</li>
16091 <li>XMan</li>
16092 <li>XMessage</li>
16093 <li>XmGrace</li>
16094 <li>XMixer</li>
16095 <li>XmMix</li>
16096 <li>XMore</li>
16097 <li>XMosaic</li>
16098 <li>XMOTD</li>
16099 <li>XMountains</li>
16100 <li>XNeko</li>
16101 <li>XOdometer</li>
16102 <li>XOSView</li>
16103 <li>Xplore</li>
16104 <li>XPostIt</li>
16105 <li>XRoach</li>
16106 <li>XScreenSaver</li>
16107 <li>XSnow</li>
16108 <li>XSpread</li>
16109 <li>XTerm</li>
16110 <li>XTide</li>
16111 <li>Xv</li>
16112 <li>Xvkbd</li>
16113 <li>XWPE</li>
16114 <li>XZoom</li>
16115 </ul>
16116
16117 <hr>
16118
16119 <h3><a href="https://www.ixsystems.com/blog/vbsdcon-2019/" rel="nofollow">vBSDCon 2019 trip report from iXSystems</a></h3>
16120
16121 <blockquote>
16122 <p>The fourth biennial vBSDCon was held in Reston, VA on September 5th through 7th and attracted attendees and presenters from not only the Washington, DC area, but also Canada, Germany, Kenya, and beyond. While MeetBSD caters to Silicon Valley BSD enthusiasts on even years, vBSDcon caters to East Coast and DC area enthusiasts on odd years. Verisign was again the key sponsor of vBSDcon 2019 but this year made a conscious effort to entrust the organization of the event to a team of community members led by Dan Langille, who you probably know as the lead BSDCan organizer. The result of this shift was a low key but professional event that fostered great conversation and brainstorming at every turn.</p>
16123 </blockquote>
16124
16125 <hr>
16126
16127 <h3><a href="https://project-trident.org/post/2019-09-21_stable12-u7_available/" rel="nofollow">Project Trident 12-U7 now available</a></h3>
16128
16129 <ul>
16130 <li>Package Summary
16131
16132 <ul>
16133 <li>New Packages: 130</li>
16134 <li>Deleted Packages: 72</li>
16135 <li>Updated Packages: 865</li>
16136 </ul></li>
16137 <li>Stable ISO - <a href="https://pkg.project-trident.org/iso/stable/Trident-x64-TOS-12-U7-20190920.iso" rel="nofollow">https://pkg.project-trident.org/iso/stable/Trident-x64-TOS-12-U7-20190920.iso</a></li>
16138 </ul>
16139
16140 <hr>
16141
16142 <h3><a href="https://minnie.tuhs.org//pipermail/tuhs/2019-September/018685.html" rel="nofollow">A Couple new Unix Artifacts</a></h3>
16143
16144 <blockquote>
16145 <p>I fear we're drifting a bit here and the S/N ratio is dropping a bit w.r.t the actual history of Unix. Please no more on the relative merits of version control systems or alternative text processing systems.</p>
16146
16147 <p>So I'll try to distract you by saying this. I'm sitting on two artifacts that have recently been given to me:</p>
16148 </blockquote>
16149
16150 <ul>
16151 <li>by two large organisations</li>
16152 <li>of great significance to Unix history</li>
16153 <li>who want me to keep "mum" about them</li>
16154 <li>as they are going to make announcements about them soon*</li>
16155 </ul>
16156
16157 <blockquote>
16158 <p>and I am going slowly crazy as I wait for them to be offically released. Now you have a new topic to talk about :-)</p>
16159
16160 <p>Cheers, Warren</p>
16161 </blockquote>
16162
16163 <p>* <em>for some definition of "soon"</em></p>
16164
16165 <hr>
16166
16167 <h2>Beastie Bits</h2>
16168
16169 <ul>
16170 <li><a href="https://mail-index.netbsd.org/netbsd-advocacy/2019/09/16/msg000813.html" rel="nofollow">NetBSD machines at Open Source Conference 2019 Hiroshima</a></li>
16171 <li><a href="https://www.hyperbola.info/news/end-of-xorg-support/" rel="nofollow">Hyperbola a GNU/Linux OS is using OpenBSD's Xenocara</a></li>
16172 <li><a href="https://www.talosintelligence.com/careers/freebsd_engineer" rel="nofollow">Talos is looking for a FreeBSD Engineer</a></li>
16173 <li><a href="https://github.com/dylanaraps/pure-sh-bible" rel="nofollow">GitHub - dylanaraps/pure-sh-bible: A collection of pure POSIX sh alternatives to external processes.</a></li>
16174 <li><a href="https://www.dragonflydigest.com/2019/09/23/23523.html" rel="nofollow">dsynth: you’re building it</a></li>
16175 <li><a href="http://lists.sigcis.org/pipermail/members-sigcis.org/2019-September/001606.html" rel="nofollow">Percy Ludgate, the missing link between Babbage’s machine and everything else</a></li>
16176 </ul>
16177
16178 <hr>
16179
16180 <h2>Feedback/Questions</h2>
16181
16182 <ul>
16183 <li>Bruce - <a href="http://dpaste.com/147HGP3#wrap" rel="nofollow">Down the expect rabbithole</a></li>
16184 <li>Bruce - <a href="http://dpaste.com/37MNVSW#wrap" rel="nofollow">Expect (update)</a></li>
16185 <li>David - <a href="http://dpaste.com/2SE1YSE" rel="nofollow">Netgraph answer</a></li>
16186 <li>Mason - <a href="http://dpaste.com/00KKXJM" rel="nofollow">Beeps?</a></li>
16187 </ul>
16188
16189 <hr>
16190
16191 <ul>
16192 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
16193 </ul>
16194
16195 <hr>
16196
16197 <video controls preload="metadata" style=" width:426px; height:240px;">
16198 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0318.mp4" type="video/mp4">
16199 Your browser does not support the HTML5 video tag.
16200 </video>]]>
16201 </itunes:summary>
16202 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+d9BG-_xA</fireside:playerURL>
16203 <fireside:playerEmbedCode>
16204 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+d9BG-_xA" width="740" height="200" frameborder="0" scrolling="no">]]>
16205 </fireside:playerEmbedCode>
16206 </item>
16207 <item>
16208 <title>317: Bots Building Jails</title>
16209 <link>https://www.bsdnow.tv/317</link>
16210 <guid isPermaLink="false">e26d9711-a9ef-433e-bf8e-90d57030f3e7</guid>
16211 <pubDate>Wed, 25 Sep 2019 23:00:00 -0700</pubDate>
16212 <author>Allan Jude</author>
16213 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/e26d9711-a9ef-433e-bf8e-90d57030f3e7.mp3" length="37879559" type="audio/mp3"/>
16214 <itunes:episodeType>full</itunes:episodeType>
16215 <itunes:author>Allan Jude</itunes:author>
16216 <itunes:subtitle>Setting up buildbot in FreeBSD jails, Set up a mail server with OpenSMTPD, Dovecot and Rspamd, OpenBSD amateur packet radio with HamBSD, DragonFlyBSD's HAMMER2 gets fsck, return of startx for users.</itunes:subtitle>
16217 <itunes:duration>52:36</itunes:duration>
16218 <itunes:explicit>no</itunes:explicit>
16219 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
16220 <description>Setting up buildbot in FreeBSD jails, Set up a mail server with OpenSMTPD, Dovecot and Rspamd, OpenBSD amateur packet radio with HamBSD, DragonFlyBSD's HAMMER2 gets fsck, return of startx for users.
16221 Headlines
16222 EuroBSDcon 2019 Recap (https://2019.eurobsdcon.org/)
16223 We’re back from EuroBSDcon in Lillehammer, Norway. It was a great conference with 212 people attending. 2 days of tutorials (https://2019.eurobsdcon.org/tutorial-speakers/), parallel to the FreeBSD Devsummit (https://wiki.freebsd.org/DevSummit/201909), followed by two days of talks (https://2019.eurobsdcon.org/program/). Some speakers uploaded their slides to papers.freebsd.org (https://papers.freebsd.org/2019/eurobsdcon/) already with more to come.
16224 The social event was also interesting. We visited an open air museum with building preserved from different time periods. In the older section they had a collection of farm buildings, a church originally built in the 1200s and relocated to the museum, and a school house. In the more modern area, they had houses from 1915, and each decade from 1930 to 1990, plus a “house of the future” as imagined in 2001. Many had open doors to allow you to tour the inside, and some were even “inhabited”. The latter fact gave a much more interactive experience and we could learn additional things about the history of that particular house. The town at the end included a general store, a post office, and more. Then, we all had a nice dinner together in the museum’s restaurant.
16225 The opening keynote by Patricia Aas was very good. Her talk on embedded ethics, from her perspective as someone trying to defend the sanctity of Norwegian elections, and a former developer for the Opera web browser, provided a great deal of insight into the issues. Her points about how the tech community has unleashed a very complex digital work upon people with barely any technical literacy were well taken. Her stories of trying to explain the problems with involving computers in the election process to journalists and politicians struck a chord with many of us, who have had to deal with legislation written by those who do not truly understand the issues with technology.
16226 Setting up buildbot in FreeBSD jails (https://andidog.de/blog/2018-04-22-buildbot-setup-freebsd-jails)
16227 In this article, I would like to present a tutorial to set up buildbot, a continuous integration (CI) software (like Jenkins, drone, etc.), making use of FreeBSD’s containerization mechanism "jails". We will cover terminology, rationale for using both buildbot and jails together, and installation steps. At the end, you will have a working buildbot instance using its sample build configuration, ready to play around with your own CI plans (or even CD, it’s very flexible!). Some hints for production-grade installations are given, but the tutorial steps are meant for a test environment (namely a virtual machine). Buildbot’s configuration and detailed concepts are not in scope here.
16228 Setting up a mail server with OpenSMTPD, Dovecot and Rspamd (https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/)
16229 Self-hosting and encouraging smaller providers is for the greater good
16230 First of all, I was not clear enough about the political consequences of centralizing mail services at Big Mailer Corps.
16231 It doesn’t make sense for Random Joe, sharing kitten pictures with his family and friends, to build a personal mail infrastructure when multiple Big Mailer Corps offer “for free” an amazing quality of service. They provide him with an e-mail address that is immediately available and which will generally work reliably. It really doesn’t make sense for Random Joe not to go there, and particularly if even techies go there without hesitation, proving it is a sound choice.
16232 There is nothing wrong with Random Joes using a service that works.
16233 What is terribly wrong though is the centralization of a communication protocol in the hands of a few commercial companies, EVERY SINGLE ONE OF THEM coming from the same country (currently led by a lunatic who abuses power and probably suffers from NPD), EVERY SINGLE ONE OF THEM having been in the news and/or in a court for random/assorted “unpleasant” behaviors (privacy abuses, eavesdropping, monopoly abuse, sexual or professional harassment, you just name it…), and EVERY SINGLE ONE OF THEM growing user bases that far exceeds the total population of multiple countries combined.
16234 News Roundup
16235 The HamBSD project aims to bring amateur packet radio to OpenBSD (https://hambsd.org/)
16236 The HamBSD project aims to bring amateur packet radio to OpenBSD, including support for TCP/IP over AX.25 and APRS tracking/digipeating in the base system.
16237 HamBSD will not provide a full AX.25 stack but instead only implement support for UI frames. There will be a focus on simplicity, security and readable code.
16238 The amateur radio community needs a reliable platform for packet radio for use in both leisure and emergency scenarios. It should be expected that the system is stable and resilient (but as yet it is neither).
16239 DragonFlyBSD's HAMMER2 Gets Basic FSCK Support (https://www.dragonflydigest.com/2019/09/24/23540.html)
16240 HAMMER2 is Copy on Write, meaning changes are made to copies of existing data. This means operations are generally atomic and can survive a power outage, etc. (You should read up on it!) However, there’s now a fsck command, useful if you want a report of data validity rather than any manual repair process.
16241 commit (https://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/5554cc8b81fbfcfd347f50be3f3b1b9a54b871b)
16242 Add initial fsck support for HAMMER2, although CoW fs doesn't require fsck as a concept. Currently no repairing (no write), just verifying.
16243 Keep this as a separate command for now.
16244 https://i.redd.it/vkdss0mtdpo31.jpg
16245 The return of startx for users (http://undeadly.org/cgi?action=article;sid=20190917091236)
16246 Add modesetting driver as a fall-back when appropriate such that we can use it when running without root privileges which prevents us from scanning the PCI bus.
16247 This makes startx(1)/xinit(1) work again on modern systems with inteldrm(4), radeondrm(4) and amdgpu(4). In some cases this will result in using a different driver than with xenodm(4) which may expose issues (e.g. when we prefer the intel Xorg driver) or loss of acceleration (e.g. older cards supported by radeondrm(4)).
16248 Beastie Bits
16249 Ori Bernstein will be giving the October talk at NYCBUG (http://lists.nycbug.org:8080/pipermail/talk/2019-September/018046.html)
16250 BSD Pizza Night: 2019/09/26, 7–9PM, Portland, Oregon, USA (http://calagator.org/events/1250476200)
16251 Nick Wolff : Home Lab Show & Tell (http://knoxbug.org/2019-09-30)
16252 Installing the Lumina Desktop in DragonflyBSD (https://www.youtube.com/watch?v=eWkCjj4_xsk)
16253 dhcpcd 8.0.6 added (https://www.dragonflydigest.com/2019/09/20/23519.html)
16254 Feedback/Questions
16255 Bruce - FOSDEM videos (http://dpaste.com/15ABRRB#wrap)
16256 Lars - Super Cluster of BSD on Rock64Pr (http://dpaste.com/1X9FEJJ)
16257 Madhukar - Question (http://dpaste.com/0TWF1NB#wrap)
16258 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
16259 <video controls preload="metadata" style=" width:426px; height:240px;">
16260 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0317.mp4" type="video/mp4">
16261 Your browser does not support the HTML5 video tag.
16262 </video>
16263 </description>
16264 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, buildbot, jails, opensmtp, dovecot, rspamd, mail, mailserver, amateur radio, amateur packet radio, packet radio, hammer2, filesystem, fsck, file system check, startx</itunes:keywords>
16265 <content:encoded>
16266 <![CDATA[<p>Setting up buildbot in FreeBSD jails, Set up a mail server with OpenSMTPD, Dovecot and Rspamd, OpenBSD amateur packet radio with HamBSD, DragonFlyBSD's HAMMER2 gets fsck, return of startx for users.</p>
16267
16268 <h2>Headlines</h2>
16269
16270 <h3><a href="https://2019.eurobsdcon.org/" rel="nofollow">EuroBSDcon 2019 Recap</a></h3>
16271
16272 <blockquote>
16273 <p>We’re back from EuroBSDcon in Lillehammer, Norway. It was a great conference with 212 people attending. 2 days of <a href="https://2019.eurobsdcon.org/tutorial-speakers/" rel="nofollow">tutorials</a>, parallel to the <a href="https://wiki.freebsd.org/DevSummit/201909" rel="nofollow">FreeBSD Devsummit</a>, followed by two days of <a href="https://2019.eurobsdcon.org/program/" rel="nofollow">talks</a>. Some speakers uploaded their slides to <a href="https://papers.freebsd.org/2019/eurobsdcon/" rel="nofollow">papers.freebsd.org</a> already with more to come.</p>
16274
16275 <p>The social event was also interesting. We visited an open air museum with building preserved from different time periods. In the older section they had a collection of farm buildings, a church originally built in the 1200s and relocated to the museum, and a school house. In the more modern area, they had houses from 1915, and each decade from 1930 to 1990, plus a “house of the future” as imagined in 2001. Many had open doors to allow you to tour the inside, and some were even “inhabited”. The latter fact gave a much more interactive experience and we could learn additional things about the history of that particular house. The town at the end included a general store, a post office, and more. Then, we all had a nice dinner together in the museum’s restaurant.</p>
16276 </blockquote>
16277
16278 <ul>
16279 <li>The opening keynote by Patricia Aas was very good. Her talk on embedded ethics, from her perspective as someone trying to defend the sanctity of Norwegian elections, and a former developer for the Opera web browser, provided a great deal of insight into the issues. Her points about how the tech community has unleashed a very complex digital work upon people with barely any technical literacy were well taken. Her stories of trying to explain the problems with involving computers in the election process to journalists and politicians struck a chord with many of us, who have had to deal with legislation written by those who do not truly understand the issues with technology.</li>
16280 </ul>
16281
16282 <hr>
16283
16284 <h3><a href="https://andidog.de/blog/2018-04-22-buildbot-setup-freebsd-jails" rel="nofollow">Setting up buildbot in FreeBSD jails</a></h3>
16285
16286 <blockquote>
16287 <p>In this article, I would like to present a tutorial to set up buildbot, a continuous integration (CI) software (like Jenkins, drone, etc.), making use of FreeBSD’s containerization mechanism "jails". We will cover terminology, rationale for using both buildbot and jails together, and installation steps. At the end, you will have a working buildbot instance using its sample build configuration, ready to play around with your own CI plans (or even CD, it’s very flexible!). Some hints for production-grade installations are given, but the tutorial steps are meant for a test environment (namely a virtual machine). Buildbot’s configuration and detailed concepts are not in scope here.</p>
16288 </blockquote>
16289
16290 <hr>
16291
16292 <h3><a href="https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/" rel="nofollow">Setting up a mail server with OpenSMTPD, Dovecot and Rspamd</a></h3>
16293
16294 <ul>
16295 <li>Self-hosting and encouraging smaller providers is for the greater good</li>
16296 </ul>
16297
16298 <blockquote>
16299 <p>First of all, I was not clear enough about the political consequences of centralizing mail services at Big Mailer Corps.</p>
16300
16301 <p>It doesn’t make sense for Random Joe, sharing kitten pictures with his family and friends, to build a personal mail infrastructure when multiple Big Mailer Corps offer “for free” an amazing quality of service. They provide him with an e-mail address that is immediately available and which will generally work reliably. It really doesn’t make sense for Random Joe not to go there, and particularly if even techies go there without hesitation, proving it is a sound choice.</p>
16302
16303 <p>There is nothing wrong with Random Joes using a service that works.</p>
16304
16305 <p>What is terribly wrong though is the centralization of a communication protocol in the hands of a few commercial companies, EVERY SINGLE ONE OF THEM coming from the same country (currently led by a lunatic who abuses power and probably suffers from NPD), EVERY SINGLE ONE OF THEM having been in the news and/or in a court for random/assorted “unpleasant” behaviors (privacy abuses, eavesdropping, monopoly abuse, sexual or professional harassment, you just name it…), and EVERY SINGLE ONE OF THEM growing user bases that far exceeds the total population of multiple countries combined.</p>
16306 </blockquote>
16307
16308 <hr>
16309
16310 <h2>News Roundup</h2>
16311
16312 <h3><a href="https://hambsd.org/" rel="nofollow">The HamBSD project aims to bring amateur packet radio to OpenBSD</a></h3>
16313
16314 <blockquote>
16315 <p>The HamBSD project aims to bring amateur packet radio to OpenBSD, including support for TCP/IP over AX.25 and APRS tracking/digipeating in the base system.</p>
16316
16317 <p>HamBSD will not provide a full AX.25 stack but instead only implement support for UI frames. There will be a focus on simplicity, security and readable code.</p>
16318
16319 <p>The amateur radio community needs a reliable platform for packet radio for use in both leisure and emergency scenarios. It should be expected that the system is stable and resilient (but as yet it is neither).</p>
16320 </blockquote>
16321
16322 <hr>
16323
16324 <h3><a href="https://www.dragonflydigest.com/2019/09/24/23540.html" rel="nofollow">DragonFlyBSD's HAMMER2 Gets Basic FSCK Support</a></h3>
16325
16326 <blockquote>
16327 <p>HAMMER2 is Copy on Write, meaning changes are made to copies of existing data. This means operations are generally atomic and can survive a power outage, etc. (You should read up on it!) However, there’s now a fsck command, useful if you want a report of data validity rather than any manual repair process.</p>
16328 </blockquote>
16329
16330 <ul>
16331 <li><a href="https://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/5554cc8b81fbfcfd347f50be3f3b1b9a54b871b" rel="nofollow">commit</a></li>
16332 </ul>
16333
16334 <blockquote>
16335 <p>Add initial fsck support for HAMMER2, although CoW fs doesn't require fsck as a concept. Currently no repairing (no write), just verifying. </p>
16336
16337 <p>Keep this as a separate command for now.<br>
16338 <a href="https://i.redd.it/vkdss0mtdpo31.jpg" rel="nofollow">https://i.redd.it/vkdss0mtdpo31.jpg</a></p>
16339
16340 <hr>
16341 </blockquote>
16342
16343 <h3><a href="http://undeadly.org/cgi?action=article;sid=20190917091236" rel="nofollow">The return of startx for users</a></h3>
16344
16345 <blockquote>
16346 <p>Add modesetting driver as a fall-back when appropriate such that we can use it when running without root privileges which prevents us from scanning the PCI bus.</p>
16347
16348 <p>This makes startx(1)/xinit(1) work again on modern systems with inteldrm(4), radeondrm(4) and amdgpu(4). In some cases this will result in using a different driver than with xenodm(4) which may expose issues (e.g. when we prefer the intel Xorg driver) or loss of acceleration (e.g. older cards supported by radeondrm(4)).</p>
16349 </blockquote>
16350
16351 <hr>
16352
16353 <h2>Beastie Bits</h2>
16354
16355 <ul>
16356 <li><a href="http://lists.nycbug.org:8080/pipermail/talk/2019-September/018046.html" rel="nofollow">Ori Bernstein will be giving the October talk at NYCBUG</a></li>
16357 <li><a href="http://calagator.org/events/1250476200" rel="nofollow">BSD Pizza Night: 2019/09/26, 7–9PM, Portland, Oregon, USA</a></li>
16358 <li><a href="http://knoxbug.org/2019-09-30" rel="nofollow">Nick Wolff : Home Lab Show & Tell</a></li>
16359 <li><a href="https://www.youtube.com/watch?v=eWkCjj4_xsk" rel="nofollow">Installing the Lumina Desktop in DragonflyBSD</a></li>
16360 <li><a href="https://www.dragonflydigest.com/2019/09/20/23519.html" rel="nofollow">dhcpcd 8.0.6 added</a></li>
16361 </ul>
16362
16363 <hr>
16364
16365 <h2>Feedback/Questions</h2>
16366
16367 <ul>
16368 <li>Bruce - <a href="http://dpaste.com/15ABRRB#wrap" rel="nofollow">FOSDEM videos</a></li>
16369 <li>Lars - <a href="http://dpaste.com/1X9FEJJ" rel="nofollow">Super Cluster of BSD on Rock64Pr</a></li>
16370 <li>Madhukar - <a href="http://dpaste.com/0TWF1NB#wrap" rel="nofollow">Question</a></li>
16371 </ul>
16372
16373 <hr>
16374
16375 <ul>
16376 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
16377 </ul>
16378
16379 <hr>
16380
16381 <video controls preload="metadata" style=" width:426px; height:240px;">
16382 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0317.mp4" type="video/mp4">
16383 Your browser does not support the HTML5 video tag.
16384 </video>]]>
16385 </content:encoded>
16386 <itunes:summary>
16387 <![CDATA[<p>Setting up buildbot in FreeBSD jails, Set up a mail server with OpenSMTPD, Dovecot and Rspamd, OpenBSD amateur packet radio with HamBSD, DragonFlyBSD's HAMMER2 gets fsck, return of startx for users.</p>
16388
16389 <h2>Headlines</h2>
16390
16391 <h3><a href="https://2019.eurobsdcon.org/" rel="nofollow">EuroBSDcon 2019 Recap</a></h3>
16392
16393 <blockquote>
16394 <p>We’re back from EuroBSDcon in Lillehammer, Norway. It was a great conference with 212 people attending. 2 days of <a href="https://2019.eurobsdcon.org/tutorial-speakers/" rel="nofollow">tutorials</a>, parallel to the <a href="https://wiki.freebsd.org/DevSummit/201909" rel="nofollow">FreeBSD Devsummit</a>, followed by two days of <a href="https://2019.eurobsdcon.org/program/" rel="nofollow">talks</a>. Some speakers uploaded their slides to <a href="https://papers.freebsd.org/2019/eurobsdcon/" rel="nofollow">papers.freebsd.org</a> already with more to come.</p>
16395
16396 <p>The social event was also interesting. We visited an open air museum with building preserved from different time periods. In the older section they had a collection of farm buildings, a church originally built in the 1200s and relocated to the museum, and a school house. In the more modern area, they had houses from 1915, and each decade from 1930 to 1990, plus a “house of the future” as imagined in 2001. Many had open doors to allow you to tour the inside, and some were even “inhabited”. The latter fact gave a much more interactive experience and we could learn additional things about the history of that particular house. The town at the end included a general store, a post office, and more. Then, we all had a nice dinner together in the museum’s restaurant.</p>
16397 </blockquote>
16398
16399 <ul>
16400 <li>The opening keynote by Patricia Aas was very good. Her talk on embedded ethics, from her perspective as someone trying to defend the sanctity of Norwegian elections, and a former developer for the Opera web browser, provided a great deal of insight into the issues. Her points about how the tech community has unleashed a very complex digital work upon people with barely any technical literacy were well taken. Her stories of trying to explain the problems with involving computers in the election process to journalists and politicians struck a chord with many of us, who have had to deal with legislation written by those who do not truly understand the issues with technology.</li>
16401 </ul>
16402
16403 <hr>
16404
16405 <h3><a href="https://andidog.de/blog/2018-04-22-buildbot-setup-freebsd-jails" rel="nofollow">Setting up buildbot in FreeBSD jails</a></h3>
16406
16407 <blockquote>
16408 <p>In this article, I would like to present a tutorial to set up buildbot, a continuous integration (CI) software (like Jenkins, drone, etc.), making use of FreeBSD’s containerization mechanism "jails". We will cover terminology, rationale for using both buildbot and jails together, and installation steps. At the end, you will have a working buildbot instance using its sample build configuration, ready to play around with your own CI plans (or even CD, it’s very flexible!). Some hints for production-grade installations are given, but the tutorial steps are meant for a test environment (namely a virtual machine). Buildbot’s configuration and detailed concepts are not in scope here.</p>
16409 </blockquote>
16410
16411 <hr>
16412
16413 <h3><a href="https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/" rel="nofollow">Setting up a mail server with OpenSMTPD, Dovecot and Rspamd</a></h3>
16414
16415 <ul>
16416 <li>Self-hosting and encouraging smaller providers is for the greater good</li>
16417 </ul>
16418
16419 <blockquote>
16420 <p>First of all, I was not clear enough about the political consequences of centralizing mail services at Big Mailer Corps.</p>
16421
16422 <p>It doesn’t make sense for Random Joe, sharing kitten pictures with his family and friends, to build a personal mail infrastructure when multiple Big Mailer Corps offer “for free” an amazing quality of service. They provide him with an e-mail address that is immediately available and which will generally work reliably. It really doesn’t make sense for Random Joe not to go there, and particularly if even techies go there without hesitation, proving it is a sound choice.</p>
16423
16424 <p>There is nothing wrong with Random Joes using a service that works.</p>
16425
16426 <p>What is terribly wrong though is the centralization of a communication protocol in the hands of a few commercial companies, EVERY SINGLE ONE OF THEM coming from the same country (currently led by a lunatic who abuses power and probably suffers from NPD), EVERY SINGLE ONE OF THEM having been in the news and/or in a court for random/assorted “unpleasant” behaviors (privacy abuses, eavesdropping, monopoly abuse, sexual or professional harassment, you just name it…), and EVERY SINGLE ONE OF THEM growing user bases that far exceeds the total population of multiple countries combined.</p>
16427 </blockquote>
16428
16429 <hr>
16430
16431 <h2>News Roundup</h2>
16432
16433 <h3><a href="https://hambsd.org/" rel="nofollow">The HamBSD project aims to bring amateur packet radio to OpenBSD</a></h3>
16434
16435 <blockquote>
16436 <p>The HamBSD project aims to bring amateur packet radio to OpenBSD, including support for TCP/IP over AX.25 and APRS tracking/digipeating in the base system.</p>
16437
16438 <p>HamBSD will not provide a full AX.25 stack but instead only implement support for UI frames. There will be a focus on simplicity, security and readable code.</p>
16439
16440 <p>The amateur radio community needs a reliable platform for packet radio for use in both leisure and emergency scenarios. It should be expected that the system is stable and resilient (but as yet it is neither).</p>
16441 </blockquote>
16442
16443 <hr>
16444
16445 <h3><a href="https://www.dragonflydigest.com/2019/09/24/23540.html" rel="nofollow">DragonFlyBSD's HAMMER2 Gets Basic FSCK Support</a></h3>
16446
16447 <blockquote>
16448 <p>HAMMER2 is Copy on Write, meaning changes are made to copies of existing data. This means operations are generally atomic and can survive a power outage, etc. (You should read up on it!) However, there’s now a fsck command, useful if you want a report of data validity rather than any manual repair process.</p>
16449 </blockquote>
16450
16451 <ul>
16452 <li><a href="https://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/5554cc8b81fbfcfd347f50be3f3b1b9a54b871b" rel="nofollow">commit</a></li>
16453 </ul>
16454
16455 <blockquote>
16456 <p>Add initial fsck support for HAMMER2, although CoW fs doesn't require fsck as a concept. Currently no repairing (no write), just verifying. </p>
16457
16458 <p>Keep this as a separate command for now.<br>
16459 <a href="https://i.redd.it/vkdss0mtdpo31.jpg" rel="nofollow">https://i.redd.it/vkdss0mtdpo31.jpg</a></p>
16460
16461 <hr>
16462 </blockquote>
16463
16464 <h3><a href="http://undeadly.org/cgi?action=article;sid=20190917091236" rel="nofollow">The return of startx for users</a></h3>
16465
16466 <blockquote>
16467 <p>Add modesetting driver as a fall-back when appropriate such that we can use it when running without root privileges which prevents us from scanning the PCI bus.</p>
16468
16469 <p>This makes startx(1)/xinit(1) work again on modern systems with inteldrm(4), radeondrm(4) and amdgpu(4). In some cases this will result in using a different driver than with xenodm(4) which may expose issues (e.g. when we prefer the intel Xorg driver) or loss of acceleration (e.g. older cards supported by radeondrm(4)).</p>
16470 </blockquote>
16471
16472 <hr>
16473
16474 <h2>Beastie Bits</h2>
16475
16476 <ul>
16477 <li><a href="http://lists.nycbug.org:8080/pipermail/talk/2019-September/018046.html" rel="nofollow">Ori Bernstein will be giving the October talk at NYCBUG</a></li>
16478 <li><a href="http://calagator.org/events/1250476200" rel="nofollow">BSD Pizza Night: 2019/09/26, 7–9PM, Portland, Oregon, USA</a></li>
16479 <li><a href="http://knoxbug.org/2019-09-30" rel="nofollow">Nick Wolff : Home Lab Show & Tell</a></li>
16480 <li><a href="https://www.youtube.com/watch?v=eWkCjj4_xsk" rel="nofollow">Installing the Lumina Desktop in DragonflyBSD</a></li>
16481 <li><a href="https://www.dragonflydigest.com/2019/09/20/23519.html" rel="nofollow">dhcpcd 8.0.6 added</a></li>
16482 </ul>
16483
16484 <hr>
16485
16486 <h2>Feedback/Questions</h2>
16487
16488 <ul>
16489 <li>Bruce - <a href="http://dpaste.com/15ABRRB#wrap" rel="nofollow">FOSDEM videos</a></li>
16490 <li>Lars - <a href="http://dpaste.com/1X9FEJJ" rel="nofollow">Super Cluster of BSD on Rock64Pr</a></li>
16491 <li>Madhukar - <a href="http://dpaste.com/0TWF1NB#wrap" rel="nofollow">Question</a></li>
16492 </ul>
16493
16494 <hr>
16495
16496 <ul>
16497 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
16498 </ul>
16499
16500 <hr>
16501
16502 <video controls preload="metadata" style=" width:426px; height:240px;">
16503 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0317.mp4" type="video/mp4">
16504 Your browser does not support the HTML5 video tag.
16505 </video>]]>
16506 </itunes:summary>
16507 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+N9u9kb6C</fireside:playerURL>
16508 <fireside:playerEmbedCode>
16509 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+N9u9kb6C" width="740" height="200" frameborder="0" scrolling="no">]]>
16510 </fireside:playerEmbedCode>
16511 </item>
16512 <item>
16513 <title>316: git commit FreeBSD</title>
16514 <link>https://www.bsdnow.tv/316</link>
16515 <guid isPermaLink="false">c6ea44fd-cbae-453a-bd88-a35b2b662859</guid>
16516 <pubDate>Wed, 18 Sep 2019 20:00:00 -0700</pubDate>
16517 <author>Allan Jude</author>
16518 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/c6ea44fd-cbae-453a-bd88-a35b2b662859.mp3" length="46851680" type="audio/mp3"/>
16519 <itunes:episodeType>full</itunes:episodeType>
16520 <itunes:author>Allan Jude</itunes:author>
16521 <itunes:subtitle>NetBSD LLVM sanitizers and GDB regression test suite, Ada—The Language of Cost Savings, Homura - a Windows Games Launcher for FreeBSD, FreeBSD core team appoints a WG to explore transition to Git, OpenBSD 6.6 Beta tagged, Project Trident 12-U5 update now available, and more.</itunes:subtitle>
16522 <itunes:duration>1:05:04</itunes:duration>
16523 <itunes:explicit>no</itunes:explicit>
16524 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
16525 <description>NetBSD LLVM sanitizers and GDB regression test suite, Ada—The Language of Cost Savings, Homura - a Windows Games Launcher for FreeBSD, FreeBSD core team appoints a WG to explore transition to Git, OpenBSD 6.6 Beta tagged, Project Trident 12-U5 update now available, and more.
16526 Headlines
16527 LLVM santizers and GDB regression test suite. (http://blog.netbsd.org/tnf/entry/llvm_santizers_and_gdb_regression)
16528 As NetBSD-9 is branched, I have been asked to finish the LLVM sanitizer integration. This work is now accomplished and with MKLLVM=yes build option (by default off), the distribution will be populated with LLVM files for ASan, TSan, MSan, UBSan, libFuzzer, SafeStack and XRay.
16529 I have also transplanted basesystem GDB patched to my GDB repository and managed to run the GDB regression test-suite.
16530 NetBSD distribution changes
16531 I have enhanced and imported my local MKSANITIZER code that makes whole distribution sanitization possible. Few real bugs were fixed and a number of patches were newly written to reflect the current NetBSD sources state. I have also merged another chunk of the fruits of the GSoC-2018 project with fuzzing the userland (by plusun@).
16532 The following changes were committed to the sources:
16533 ab7de18d0283 Cherry-pick upstream compiler-rt patches for LLVM sanitizers
16534 966c62a34e30 Add LLVM sanitizers in the MKLLVM=yes build
16535 8367b667adb9 telnetd: Stop defining the same variables concurrently in bss and data
16536 fe72740f64bf fsck: Stop defining the same variable concurrently in bss and data
16537 40e89e890d66 Fix build of tubsan/tubsanxx under MKSANITIZER
16538 b71326fd7b67 Avoid symbol clashes in tests/usr.bin/id under MKSANITIZER
16539 c581f2e39fa5 Avoid symbol clashes in fs/nfs/nfsservice under MKSANITIZER
16540 030a4686a3c6 Avoid symbol clashes in bin/df under MKSANITIZER
16541 fd9679f6e8b1 Avoid symbol clashes in usr.sbin/ypserv/ypserv under MKSANITIZER
16542 5df2d7939ce3 Stop defining _rpcsvcdirty in bss and data
16543 5fafbe8b8f64 Add missing extern declaration of ibmachemips in installboot
16544 d134584be69a Add SANITIZERRENAMECLASSES in bsd.prog.mk
16545 2d00d9b08eae Adapt tests/kernel/tsubrprf for MKSANITIZER
16546 ce54363fe452 Ship with sanitizer/lsan_interface.h for GCC 7
16547 7bd5ee95e9a0 Ship with sanitizer/lsan_interface.h for LLVM 7
16548 d8671fba7a78 Set NODEBUG for LLVM sanitizers
16549 242cd44890a2 Add PAXCTL_FLAG rules for MKSANITIZER
16550 5e80ab99d9ce Avoid symbol clashes in test/rump/modautoload/t_modautoload with sanitizers
16551 e7ce7ecd9c2a sysctl: Add indirection of symbols to remove clash with sanitizers
16552 231aea846aba traceroute: Add indirection of symbol to remove clash with sanitizers
16553 8d85053f487c sockstat: Add indirection of symbols to remove clash with sanitizers
16554 81b333ab151a netstat: Add indirection of symbols to remove clash with sanitizers
16555 a472baefefe8 Correct the memset(3)'s third argument in i386 biosdisk.c
16556 7e4e92115bc3 Add ATF c and c++ tests for TSan, MSan, libFuzzer
16557 921ddc9bc97c Set NOSANITIZER in i386 ramdisk image
16558 64361771c78d Enhance MKSANITIZER support
16559 3b5608f80a2b Define targetnotsupported_body() in TSan, MSan and libFuzzer tests
16560 c27f4619d513 Avoids signedness bit shift in dbgetvalue()
16561 680c5b3cc24f Fix LLVM sanitizer build by GCC (HAVE_LLVM=no)
16562 4ecfbbba2f2a Rework the LLVM compiler_rt build rules
16563 748813da5547 Correct the build rules of LLVM sanitizers
16564 20e223156dee Enhance the support of LLVM sanitizers
16565 0bb38eb2f20d Register syms.extra in LLVM sanitizer .syms files
16566 Almost all of the mentioned commits were backported to NetBSD-9 and will land 9.0.
16567 Homura - a Windows Games Launcher for FreeBSD (https://github.com/Alexander88207/Homura)
16568 Inspired by lutris (a Linux gaming platform), we would like to provide a game launcher to play windows games on FreeBSD.
16569 Makes it easier to run games on FreeBSD, by providing the tweaks and dependencies for you
16570 Dependencies
16571 curl
16572 bash
16573 p7zip
16574 zenity
16575 webfonts
16576 alsa-utils (Optional)
16577 winetricks
16578 vulkan-tools
16579 mesa-demos
16580 i386-wine-devel on amd64 or wine-devel on i386
16581 News Roundup
16582 Ada—The Language of Cost Savings? (https://www.electronicdesign.com/embedded-revolution/ada-language-cost-savings)
16583 Many myths surround the Ada programming language, but it continues to be used and evolve at the same time. And while the increased adoption of Ada and SPARK, its provable subset, is slow, it’s noticeable. Ada already addresses more of the features found in found in heavily used embedded languages like C+ and C#. It also tackles problems addressed by upcoming languages like Rust.
16584 Chris concludes, “Development technologies have a profound impact on one of the largest and most variable costs associated with embedded-system engineering—labor. At a time when on-time system deployment can not only impact customer satisfaction, but access to services revenue streams, engineering team efficiency is at a premium. Our research showed that programming language choices can have significant influence in this area, leading to shorter projects, better schedules and, ultimately, lower development costs. While a variety of factors can influence and dictate language choice, our research showed that Ada’s evolution has made it an increasingly compelling option for engineering organizations, providing both technically and financially sound solution.”
16585 In general, Ada already makes embedded “programming in the large” much easier by handling issues that aren’t even addressed in other languages. Though these features are often provided by third-party software, it results in inconsistent practices among developers. Ada also supports the gamut of embedded platforms from systems like Arm’s Cortex-M through supercomputers. Learning Ada isn’t as hard as one might think and the benefits can be significant.
16586 FreeBSD core team appoints a WG to explore transitioning from Subversion to Git. (https://www.freebsd.org/news/status/report-2019-04-2019-06.html#FreeBSD-Core-Team)
16587 The FreeBSD Core Team is the governing body of FreeBSD.
16588 Core approved source commit bits for Doug Moore (dougm), Chuck Silvers (chs), Brandon Bergren (bdragon), and a vendor commit bit for Scott Phillips (scottph).
16589 The annual developer survey closed on 2019-04-02. Of the 397 developers, 243 took the survey with an average completion time of 12 minutes. The public survey closed on 2019-05-13. It was taken by 3637 users and had a 79% completion rate. A presentation of the survey results took place at BSDCan 2019.
16590 The core team voted to appoint a working group to explore transitioning our source code 'source of truth' from Subversion to Git. Core asked Ed Maste to chair the group as Ed has been researching this topic for some time. For example, Ed gave a MeetBSD 2018 talk on the topic.
16591 There is a variety of viewpoints within core regarding where and how to host a Git repository, however core feels that Git is the prudent path forward.
16592 OpenBSD 6.6 Beta tagged (https://undeadly.org/cgi?action=article;sid=20190810123243)
16593 ```
16594 CVSROOT: /cvs
16595 Module name: src
16596 Changes by: deraadt@cvs.openbsd.org 2019/08/09 21:56:02
16597 Modified files:
16598 etc/root : root.mail
16599 share/mk : sys.mk
16600 sys/arch/macppc/stand/tbxidata: bsd.tbxi
16601 sys/conf : newvers.sh
16602 sys/sys : param.h
16603 usr.bin/signify: signify.1
16604 Log message:
16605 move to 6.6-beta
16606 ```
16607 Preliminary release notes (https://www.openbsd.org/66.html)
16608 Improved hardware support, including:
16609 clang(1) is now provided on powerpc.
16610 IEEE 802.11 wireless stack improvements:
16611 Generic network stack improvements:
16612 Installer improvements:
16613 Security improvements:
16614 + Routing daemons and other userland network improvements
16615 + The ntpd(8) daemon now gets and sets the clock in a secure way when booting even when a battery-backed clock is absent.
16616 + bgdp(8) improvements
16617 + Assorted improvements:
16618 + The filesystem buffer cache now more aggressively uses memory outside the DMA region, to improve cache performance on amd64 machines.
16619 The BER API previously internal to ldap(1), ldapd(8), ypldap(8), and snmpd(8) has been moved into libutil. See berreadelements(3).
16620 Support for specifying boot device in vm.conf(5).
16621 OpenSMTPD 6.6.0
16622 LibreSSL 3.0.X
16623 API and Documentation Enhancements
16624 Completed the port of RSA_METHOD accessors from the OpenSSL 1.1 API.
16625 Documented undescribed options and removed unfunctional options description in openssl(1) manual.
16626 OpenSSH 8.0
16627 Project Trident 12-U5 update now available (https://project-trident.org/post/2019-09-04_stable12-u5_available/)
16628 This is the fifth general package update to the STABLE release repository based upon TrueOS 12-Stable.
16629 Package changes from Stable 12-U4
16630 Package Summary
16631 New Packages: 20
16632 Deleted Packages: 24
16633 Updated Packages: 279
16634 New Packages (20)
16635 artemis (biology/artemis) : 17.0.1.11
16636 catesc (games/catesc) : 0.6
16637 dmlc-core (devel/dmlc-core) : 0.3.105
16638 go-wtf (sysutils/go-wtf) : 0.20.0_1
16639 instead (games/instead) : 3.3.0_1
16640 lidarr (net-p2p/lidarr) : 0.6.2.883
16641 minerbold (games/minerbold) : 1.4
16642 onnx (math/onnx) : 1.5.0
16643 openzwave-devel (comms/openzwave-devel) : 1.6.897
16644 polkit-qt-1 (sysutils/polkit-qt) : 0.113.0_8
16645 py36-traitsui (graphics/py-traitsui) : 6.1.2
16646 rubygem-aws-sigv2 (devel/rubygem-aws-sigv2) : 1.0.1
16647 rubygem-defaultvaluefor32 (devel/rubygem-defaultvaluefor32) : 3.2.0
16648 rubygem-ffi110 (devel/rubygem-ffi110) : 1.10.0
16649 rubygem-zeitwerk (devel/rubygem-zeitwerk) : 2.1.9
16650 sems (net/sems) : 1.7.0.g20190822
16651 skypat (devel/skypat) : 3.1.1
16652 tvm (math/tvm) : 0.4.1440
16653 vavoom (games/vavoom) : 1.33_15
16654 vavoom-extras (games/vavoom-extras) : 1.30_4
16655 Deleted Packages (24)
16656 geeqie (graphics/geeqie) : Unknown reason
16657 iriverter (multimedia/iriverter) : Unknown reason
16658 kde5 (x11/kde5) : Unknown reason
16659 kicad-doc (cad/kicad-doc) : Unknown reason
16660 os-nozfs-buildworld (os/buildworld) : Unknown reason
16661 os-nozfs-userland (os/userland) : Unknown reason
16662 os-nozfs-userland-base (os/userland-base) : Unknown reason
16663 os-nozfs-userland-base-bootstrap (os/userland-base-bootstrap) : Unknown reason
16664 os-nozfs-userland-bin (os/userland-bin) : Unknown reason
16665 os-nozfs-userland-boot (os/userland-boot) : Unknown reason
16666 os-nozfs-userland-conf (os/userland-conf) : Unknown reason
16667 os-nozfs-userland-debug (os/userland-debug) : Unknown reason
16668 os-nozfs-userland-devtools (os/userland-devtools) : Unknown reason
16669 os-nozfs-userland-docs (os/userland-docs) : Unknown reason
16670 os-nozfs-userland-lib (os/userland-lib) : Unknown reason
16671 os-nozfs-userland-lib32 (os/userland-lib32) : Unknown reason
16672 os-nozfs-userland-lib32-development (os/userland-lib32-development) : Unknown reason
16673 os-nozfs-userland-rescue (os/userland-rescue) : Unknown reason
16674 os-nozfs-userland-sbin (os/userland-sbin) : Unknown reason
16675 os-nozfs-userland-tests (os/userland-tests) : Unknown reason
16676 photoprint (print/photoprint) : Unknown reason
16677 plasma5-plasma (x11/plasma5-plasma) : Unknown reason
16678 polkit-qt5 (sysutils/polkit-qt) : Unknown reason
16679 secpanel (security/secpanel) : Unknown reason
16680 Beastie Bits
16681 DragonFlyBSD - msdosfs updates (https://www.dragonflydigest.com/2019/09/10/23472.html)
16682 Stand out as a speaker (https://science.sciencemag.org/content/365/6455/834.full)
16683 Not a review of the 7th Gen X1 Carbon (http://akpoff.com/archive/2019/not_a_review_of_the_lenovo_x1c7.html)
16684 FreeBSD Meets Linux At The Open Source Summit (https://www.tfir.io/2019/08/24/freebsd-meets-linux-at-the-open-source-summit/)
16685 QEMU VM Escape (https://blog.bi0s.in/2019/08/24/Pwn/VM-Escape/2019-07-29-qemu-vm-escape-cve-2019-14378/)
16686 Porting wine to amd64 on NetBSD, third evaluation report. (http://blog.netbsd.org/tnf/entry/porting_wine_to_amd64_on1)
16687 OpenBSD disabled DoH by default in Firefox (https://undeadly.org/cgi?action=article;sid=20190911113856)
16688 Feedback/Questions
16689 Reinis - GELI with UEFI (http://dpaste.com/0SG8630#wrap)
16690 Mason - Beeping (http://dpaste.com/1FQN173)
16691 [CHVT feedback]
16692 DJ - Feedback (http://dpaste.com/08M3XNH#wrap)
16693 Ben - chvt (http://dpaste.com/274RVCE#wrap)
16694 Harri - Marc's chvt question (http://dpaste.com/23R1YMK#wrap)
16695 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
16696 <video controls preload="metadata" style=" width:426px; height:240px;">
16697 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0316.mp4" type="video/mp4">
16698 Your browser does not support the HTML5 video tag.
16699 </video>
16700 </description>
16701 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, gdb, regression test, llvm, llvm sanitizers, sanitizers, ada, cost savings, homura, windows game, game launcher, core team, git, git transition</itunes:keywords>
16702 <content:encoded>
16703 <![CDATA[<p>NetBSD LLVM sanitizers and GDB regression test suite, Ada—The Language of Cost Savings, Homura - a Windows Games Launcher for FreeBSD, FreeBSD core team appoints a WG to explore transition to Git, OpenBSD 6.6 Beta tagged, Project Trident 12-U5 update now available, and more.</p>
16704
16705 <h2>Headlines</h2>
16706
16707 <h3><a href="http://blog.netbsd.org/tnf/entry/llvm_santizers_and_gdb_regression" rel="nofollow">LLVM santizers and GDB regression test suite.</a></h3>
16708
16709 <blockquote>
16710 <p>As NetBSD-9 is branched, I have been asked to finish the LLVM sanitizer integration. This work is now accomplished and with MKLLVM=yes build option (by default off), the distribution will be populated with LLVM files for ASan, TSan, MSan, UBSan, libFuzzer, SafeStack and XRay.</p>
16711
16712 <p>I have also transplanted basesystem GDB patched to my GDB repository and managed to run the GDB regression test-suite.</p>
16713 </blockquote>
16714
16715 <ul>
16716 <li>NetBSD distribution changes</li>
16717 </ul>
16718
16719 <blockquote>
16720 <p>I have enhanced and imported my local MKSANITIZER code that makes whole distribution sanitization possible. Few real bugs were fixed and a number of patches were newly written to reflect the current NetBSD sources state. I have also merged another chunk of the fruits of the GSoC-2018 project with fuzzing the userland (by plusun@).</p>
16721 </blockquote>
16722
16723 <ul>
16724 <li>The following changes were committed to the sources:
16725
16726 <ul>
16727 <li>ab7de18d0283 Cherry-pick upstream compiler-rt patches for LLVM sanitizers</li>
16728 <li>966c62a34e30 Add LLVM sanitizers in the MKLLVM=yes build</li>
16729 <li>8367b667adb9 telnetd: Stop defining the same variables concurrently in bss and data</li>
16730 <li>fe72740f64bf fsck: Stop defining the same variable concurrently in bss and data</li>
16731 <li>40e89e890d66 Fix build of t_ubsan/t_ubsanxx under MKSANITIZER</li>
16732 <li>b71326fd7b67 Avoid symbol clashes in tests/usr.bin/id under MKSANITIZER</li>
16733 <li>c581f2e39fa5 Avoid symbol clashes in fs/nfs/nfsservice under MKSANITIZER</li>
16734 <li>030a4686a3c6 Avoid symbol clashes in bin/df under MKSANITIZER</li>
16735 <li>fd9679f6e8b1 Avoid symbol clashes in usr.sbin/ypserv/ypserv under MKSANITIZER</li>
16736 <li>5df2d7939ce3 Stop defining _rpcsvcdirty in bss and data</li>
16737 <li>5fafbe8b8f64 Add missing extern declaration of ib_mach_emips in installboot</li>
16738 <li>d134584be69a Add SANITIZER_RENAME_CLASSES in bsd.prog.mk</li>
16739 <li>2d00d9b08eae Adapt tests/kernel/t_subr_prf for MKSANITIZER</li>
16740 <li>ce54363fe452 Ship with sanitizer/lsan_interface.h for GCC 7</li>
16741 <li>7bd5ee95e9a0 Ship with sanitizer/lsan_interface.h for LLVM 7</li>
16742 <li>d8671fba7a78 Set NODEBUG for LLVM sanitizers</li>
16743 <li>242cd44890a2 Add PAXCTL_FLAG rules for MKSANITIZER</li>
16744 <li>5e80ab99d9ce Avoid symbol clashes in test/rump/modautoload/t_modautoload with sanitizers</li>
16745 <li>e7ce7ecd9c2a sysctl: Add indirection of symbols to remove clash with sanitizers</li>
16746 <li>231aea846aba traceroute: Add indirection of symbol to remove clash with sanitizers</li>
16747 <li>8d85053f487c sockstat: Add indirection of symbols to remove clash with sanitizers</li>
16748 <li>81b333ab151a netstat: Add indirection of symbols to remove clash with sanitizers</li>
16749 <li>a472baefefe8 Correct the memset(3)'s third argument in i386 biosdisk.c</li>
16750 <li>7e4e92115bc3 Add ATF c and c++ tests for TSan, MSan, libFuzzer</li>
16751 <li>921ddc9bc97c Set NOSANITIZER in i386 ramdisk image</li>
16752 <li>64361771c78d Enhance MKSANITIZER support</li>
16753 <li>3b5608f80a2b Define target_not_supported_body() in TSan, MSan and libFuzzer tests</li>
16754 <li>c27f4619d513 Avoids signedness bit shift in db_get_value()</li>
16755 <li>680c5b3cc24f Fix LLVM sanitizer build by GCC (HAVE_LLVM=no)</li>
16756 <li>4ecfbbba2f2a Rework the LLVM compiler_rt build rules</li>
16757 <li>748813da5547 Correct the build rules of LLVM sanitizers</li>
16758 <li>20e223156dee Enhance the support of LLVM sanitizers</li>
16759 <li>0bb38eb2f20d Register syms.extra in LLVM sanitizer .syms files</li>
16760 <li>Almost all of the mentioned commits were backported to NetBSD-9 and will land 9.0.</li>
16761 </ul></li>
16762 </ul>
16763
16764 <hr>
16765
16766 <h3><a href="https://github.com/Alexander88207/Homura" rel="nofollow">Homura - a Windows Games Launcher for FreeBSD</a></h3>
16767
16768 <blockquote>
16769 <p>Inspired by lutris (a Linux gaming platform), we would like to provide a game launcher to play windows games on FreeBSD.</p>
16770 </blockquote>
16771
16772 <ul>
16773 <li>Makes it easier to run games on FreeBSD, by providing the tweaks and dependencies for you</li>
16774 <li>Dependencies
16775
16776 <ul>
16777 <li>curl</li>
16778 <li>bash</li>
16779 <li>p7zip</li>
16780 <li>zenity</li>
16781 <li>webfonts</li>
16782 <li>alsa-utils (Optional)</li>
16783 <li>winetricks</li>
16784 <li>vulkan-tools</li>
16785 <li>mesa-demos</li>
16786 <li>i386-wine-devel on amd64 or wine-devel on i386</li>
16787 </ul></li>
16788 </ul>
16789
16790 <hr>
16791
16792 <h2>News Roundup</h2>
16793
16794 <h3><a href="https://www.electronicdesign.com/embedded-revolution/ada-language-cost-savings" rel="nofollow">Ada—The Language of Cost Savings?</a></h3>
16795
16796 <blockquote>
16797 <p>Many myths surround the Ada programming language, but it continues to be used and evolve at the same time. And while the increased adoption of Ada and SPARK, its provable subset, is slow, it’s noticeable. Ada already addresses more of the features found in found in heavily used embedded languages like C+ and C#. It also tackles problems addressed by upcoming languages like Rust.</p>
16798
16799 <p>Chris concludes, “Development technologies have a profound impact on one of the largest and most variable costs associated with embedded-system engineering—labor. At a time when on-time system deployment can not only impact customer satisfaction, but access to services revenue streams, engineering team efficiency is at a premium. Our research showed that programming language choices can have significant influence in this area, leading to shorter projects, better schedules and, ultimately, lower development costs. While a variety of factors can influence and dictate language choice, our research showed that Ada’s evolution has made it an increasingly compelling option for engineering organizations, providing both technically and financially sound solution.”</p>
16800
16801 <p>In general, Ada already makes embedded “programming in the large” much easier by handling issues that aren’t even addressed in other languages. Though these features are often provided by third-party software, it results in inconsistent practices among developers. Ada also supports the gamut of embedded platforms from systems like Arm’s Cortex-M through supercomputers. Learning Ada isn’t as hard as one might think and the benefits can be significant.</p>
16802 </blockquote>
16803
16804 <hr>
16805
16806 <h3><a href="https://www.freebsd.org/news/status/report-2019-04-2019-06.html#FreeBSD-Core-Team" rel="nofollow">FreeBSD core team appoints a WG to explore transitioning from Subversion to Git.</a></h3>
16807
16808 <ul>
16809 <li>The FreeBSD Core Team is the governing body of FreeBSD.</li>
16810 </ul>
16811
16812 <blockquote>
16813 <p>Core approved source commit bits for Doug Moore (dougm), Chuck Silvers (chs), Brandon Bergren (bdragon), and a vendor commit bit for Scott Phillips (scottph).</p>
16814
16815 <p>The annual developer survey closed on 2019-04-02. Of the 397 developers, 243 took the survey with an average completion time of 12 minutes. The public survey closed on 2019-05-13. It was taken by 3637 users and had a 79% completion rate. A presentation of the survey results took place at BSDCan 2019.</p>
16816
16817 <p>The core team voted to appoint a working group to explore transitioning our source code 'source of truth' from Subversion to Git. Core asked Ed Maste to chair the group as Ed has been researching this topic for some time. For example, Ed gave a MeetBSD 2018 talk on the topic.</p>
16818
16819 <p>There is a variety of viewpoints within core regarding where and how to host a Git repository, however core feels that Git is the prudent path forward.</p>
16820 </blockquote>
16821
16822 <hr>
16823
16824 <h3><a href="https://undeadly.org/cgi?action=article;sid=20190810123243" rel="nofollow">OpenBSD 6.6 Beta tagged</a></h3>
16825
16826 <pre><code>CVSROOT: /cvs
16827 Module name: src
16828 Changes by: deraadt@cvs.openbsd.org 2019/08/09 21:56:02
16829
16830 Modified files:
16831 etc/root : root.mail
16832 share/mk : sys.mk
16833 sys/arch/macppc/stand/tbxidata: bsd.tbxi
16834 sys/conf : newvers.sh
16835 sys/sys : param.h
16836 usr.bin/signify: signify.1
16837
16838 Log message:
16839 move to 6.6-beta
16840 </code></pre>
16841
16842 <p><a href="https://www.openbsd.org/66.html" rel="nofollow">Preliminary release notes</a></p>
16843
16844 <p>Improved hardware support, including:</p>
16845
16846 <ul>
16847 <li>clang(1) is now provided on powerpc.</li>
16848 <li>IEEE 802.11 wireless stack improvements:</li>
16849 <li>Generic network stack improvements:</li>
16850 <li>Installer improvements:</li>
16851 <li>Security improvements:</li>
16852 <li> + Routing daemons and other userland network improvements</li>
16853 <li> + The ntpd(8) daemon now gets and sets the clock in a secure way when booting even when a battery-backed clock is absent.</li>
16854 <li> + bgdp(8) improvements</li>
16855 <li> + Assorted improvements:</li>
16856 <li> + The filesystem buffer cache now more aggressively uses memory outside the DMA region, to improve cache performance on amd64 machines.</li>
16857 <li>The BER API previously internal to ldap(1), ldapd(8), ypldap(8), and snmpd(8) has been moved into libutil. See ber_read_elements(3).</li>
16858 <li>Support for specifying boot device in vm.conf(5).</li>
16859 <li>OpenSMTPD 6.6.0</li>
16860 <li>LibreSSL 3.0.X</li>
16861 <li>API and Documentation Enhancements</li>
16862 <li>Completed the port of RSA_METHOD accessors from the OpenSSL 1.1 API.</li>
16863 <li>Documented undescribed options and removed unfunctional options description in openssl(1) manual.</li>
16864 <li>OpenSSH 8.0</li>
16865 </ul>
16866
16867 <hr>
16868
16869 <h3><a href="https://project-trident.org/post/2019-09-04_stable12-u5_available/" rel="nofollow">Project Trident 12-U5 update now available</a></h3>
16870
16871 <blockquote>
16872 <p>This is the fifth general package update to the STABLE release repository based upon TrueOS 12-Stable.</p>
16873 </blockquote>
16874
16875 <ul>
16876 <li>Package changes from Stable 12-U4</li>
16877 <li><p>Package Summary</p>
16878
16879 <ul>
16880 <li>New Packages: 20</li>
16881 <li>Deleted Packages: 24</li>
16882 <li>Updated Packages: 279</li>
16883 </ul></li>
16884 <li><p>New Packages (20)</p>
16885
16886 <ul>
16887 <li>artemis (biology/artemis) : 17.0.1.11</li>
16888 <li>catesc (games/catesc) : 0.6</li>
16889 <li>dmlc-core (devel/dmlc-core) : 0.3.105</li>
16890 <li>go-wtf (sysutils/go-wtf) : 0.20.0_1</li>
16891 <li>instead (games/instead) : 3.3.0_1</li>
16892 <li>lidarr (net-p2p/lidarr) : 0.6.2.883</li>
16893 <li>minerbold (games/minerbold) : 1.4</li>
16894 <li>onnx (math/onnx) : 1.5.0</li>
16895 <li>openzwave-devel (comms/openzwave-devel) : 1.6.897</li>
16896 <li>polkit-qt-1 (sysutils/polkit-qt) : 0.113.0_8</li>
16897 <li>py36-traitsui (graphics/py-traitsui) : 6.1.2</li>
16898 <li>rubygem-aws-sigv2 (devel/rubygem-aws-sigv2) : 1.0.1</li>
16899 <li>rubygem-default_value_for32 (devel/rubygem-default_value_for32) : 3.2.0</li>
16900 <li>rubygem-ffi110 (devel/rubygem-ffi110) : 1.10.0</li>
16901 <li>rubygem-zeitwerk (devel/rubygem-zeitwerk) : 2.1.9</li>
16902 <li>sems (net/sems) : 1.7.0.g20190822</li>
16903 <li>skypat (devel/skypat) : 3.1.1</li>
16904 <li>tvm (math/tvm) : 0.4.1440</li>
16905 <li>vavoom (games/vavoom) : 1.33_15</li>
16906 <li>vavoom-extras (games/vavoom-extras) : 1.30_4</li>
16907 </ul></li>
16908 <li><p>Deleted Packages (24)</p>
16909
16910 <ul>
16911 <li>geeqie (graphics/geeqie) : Unknown reason</li>
16912 <li>iriverter (multimedia/iriverter) : Unknown reason</li>
16913 <li>kde5 (x11/kde5) : Unknown reason</li>
16914 <li>kicad-doc (cad/kicad-doc) : Unknown reason</li>
16915 <li>os-nozfs-buildworld (os/buildworld) : Unknown reason</li>
16916 <li>os-nozfs-userland (os/userland) : Unknown reason</li>
16917 <li>os-nozfs-userland-base (os/userland-base) : Unknown reason</li>
16918 <li>os-nozfs-userland-base-bootstrap (os/userland-base-bootstrap) : Unknown reason</li>
16919 <li>os-nozfs-userland-bin (os/userland-bin) : Unknown reason</li>
16920 <li>os-nozfs-userland-boot (os/userland-boot) : Unknown reason</li>
16921 <li>os-nozfs-userland-conf (os/userland-conf) : Unknown reason</li>
16922 <li>os-nozfs-userland-debug (os/userland-debug) : Unknown reason</li>
16923 <li>os-nozfs-userland-devtools (os/userland-devtools) : Unknown reason</li>
16924 <li>os-nozfs-userland-docs (os/userland-docs) : Unknown reason</li>
16925 <li>os-nozfs-userland-lib (os/userland-lib) : Unknown reason</li>
16926 <li>os-nozfs-userland-lib32 (os/userland-lib32) : Unknown reason</li>
16927 <li>os-nozfs-userland-lib32-development (os/userland-lib32-development) : Unknown reason</li>
16928 <li>os-nozfs-userland-rescue (os/userland-rescue) : Unknown reason</li>
16929 <li>os-nozfs-userland-sbin (os/userland-sbin) : Unknown reason</li>
16930 <li>os-nozfs-userland-tests (os/userland-tests) : Unknown reason</li>
16931 <li>photoprint (print/photoprint) : Unknown reason</li>
16932 <li>plasma5-plasma (x11/plasma5-plasma) : Unknown reason</li>
16933 <li>polkit-qt5 (sysutils/polkit-qt) : Unknown reason</li>
16934 <li>secpanel (security/secpanel) : Unknown reason</li>
16935 </ul></li>
16936 </ul>
16937
16938 <hr>
16939
16940 <h2>Beastie Bits</h2>
16941
16942 <ul>
16943 <li><a href="https://www.dragonflydigest.com/2019/09/10/23472.html" rel="nofollow">DragonFlyBSD - msdosfs updates</a></li>
16944 <li><a href="https://science.sciencemag.org/content/365/6455/834.full" rel="nofollow">Stand out as a speaker</a></li>
16945 <li><a href="http://akpoff.com/archive/2019/not_a_review_of_the_lenovo_x1c7.html" rel="nofollow">Not a review of the 7th Gen X1 Carbon</a></li>
16946 <li><a href="https://www.tfir.io/2019/08/24/freebsd-meets-linux-at-the-open-source-summit/" rel="nofollow">FreeBSD Meets Linux At The Open Source Summit</a></li>
16947 <li><a href="https://blog.bi0s.in/2019/08/24/Pwn/VM-Escape/2019-07-29-qemu-vm-escape-cve-2019-14378/" rel="nofollow">QEMU VM Escape</a></li>
16948 <li><a href="http://blog.netbsd.org/tnf/entry/porting_wine_to_amd64_on1" rel="nofollow">Porting wine to amd64 on NetBSD, third evaluation report.</a></li>
16949 <li><a href="https://undeadly.org/cgi?action=article;sid=20190911113856" rel="nofollow">OpenBSD disabled DoH by default in Firefox</a></li>
16950 </ul>
16951
16952 <hr>
16953
16954 <h2>Feedback/Questions</h2>
16955
16956 <ul>
16957 <li>Reinis - <a href="http://dpaste.com/0SG8630#wrap" rel="nofollow">GELI with UEFI</a></li>
16958 <li>Mason - <a href="http://dpaste.com/1FQN173" rel="nofollow">Beeping</a></li>
16959 </ul>
16960
16961 <p>[CHVT feedback]<br>
16962 DJ - <a href="http://dpaste.com/08M3XNH#wrap" rel="nofollow">Feedback</a><br>
16963 Ben - <a href="http://dpaste.com/274RVCE#wrap" rel="nofollow">chvt</a><br>
16964 Harri - <a href="http://dpaste.com/23R1YMK#wrap" rel="nofollow">Marc's chvt question</a></p>
16965
16966 <hr>
16967
16968 <ul>
16969 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
16970 </ul>
16971
16972 <hr>
16973
16974 <video controls preload="metadata" style=" width:426px; height:240px;">
16975 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0316.mp4" type="video/mp4">
16976 Your browser does not support the HTML5 video tag.
16977 </video>]]>
16978 </content:encoded>
16979 <itunes:summary>
16980 <![CDATA[<p>NetBSD LLVM sanitizers and GDB regression test suite, Ada—The Language of Cost Savings, Homura - a Windows Games Launcher for FreeBSD, FreeBSD core team appoints a WG to explore transition to Git, OpenBSD 6.6 Beta tagged, Project Trident 12-U5 update now available, and more.</p>
16981
16982 <h2>Headlines</h2>
16983
16984 <h3><a href="http://blog.netbsd.org/tnf/entry/llvm_santizers_and_gdb_regression" rel="nofollow">LLVM santizers and GDB regression test suite.</a></h3>
16985
16986 <blockquote>
16987 <p>As NetBSD-9 is branched, I have been asked to finish the LLVM sanitizer integration. This work is now accomplished and with MKLLVM=yes build option (by default off), the distribution will be populated with LLVM files for ASan, TSan, MSan, UBSan, libFuzzer, SafeStack and XRay.</p>
16988
16989 <p>I have also transplanted basesystem GDB patched to my GDB repository and managed to run the GDB regression test-suite.</p>
16990 </blockquote>
16991
16992 <ul>
16993 <li>NetBSD distribution changes</li>
16994 </ul>
16995
16996 <blockquote>
16997 <p>I have enhanced and imported my local MKSANITIZER code that makes whole distribution sanitization possible. Few real bugs were fixed and a number of patches were newly written to reflect the current NetBSD sources state. I have also merged another chunk of the fruits of the GSoC-2018 project with fuzzing the userland (by plusun@).</p>
16998 </blockquote>
16999
17000 <ul>
17001 <li>The following changes were committed to the sources:
17002
17003 <ul>
17004 <li>ab7de18d0283 Cherry-pick upstream compiler-rt patches for LLVM sanitizers</li>
17005 <li>966c62a34e30 Add LLVM sanitizers in the MKLLVM=yes build</li>
17006 <li>8367b667adb9 telnetd: Stop defining the same variables concurrently in bss and data</li>
17007 <li>fe72740f64bf fsck: Stop defining the same variable concurrently in bss and data</li>
17008 <li>40e89e890d66 Fix build of t_ubsan/t_ubsanxx under MKSANITIZER</li>
17009 <li>b71326fd7b67 Avoid symbol clashes in tests/usr.bin/id under MKSANITIZER</li>
17010 <li>c581f2e39fa5 Avoid symbol clashes in fs/nfs/nfsservice under MKSANITIZER</li>
17011 <li>030a4686a3c6 Avoid symbol clashes in bin/df under MKSANITIZER</li>
17012 <li>fd9679f6e8b1 Avoid symbol clashes in usr.sbin/ypserv/ypserv under MKSANITIZER</li>
17013 <li>5df2d7939ce3 Stop defining _rpcsvcdirty in bss and data</li>
17014 <li>5fafbe8b8f64 Add missing extern declaration of ib_mach_emips in installboot</li>
17015 <li>d134584be69a Add SANITIZER_RENAME_CLASSES in bsd.prog.mk</li>
17016 <li>2d00d9b08eae Adapt tests/kernel/t_subr_prf for MKSANITIZER</li>
17017 <li>ce54363fe452 Ship with sanitizer/lsan_interface.h for GCC 7</li>
17018 <li>7bd5ee95e9a0 Ship with sanitizer/lsan_interface.h for LLVM 7</li>
17019 <li>d8671fba7a78 Set NODEBUG for LLVM sanitizers</li>
17020 <li>242cd44890a2 Add PAXCTL_FLAG rules for MKSANITIZER</li>
17021 <li>5e80ab99d9ce Avoid symbol clashes in test/rump/modautoload/t_modautoload with sanitizers</li>
17022 <li>e7ce7ecd9c2a sysctl: Add indirection of symbols to remove clash with sanitizers</li>
17023 <li>231aea846aba traceroute: Add indirection of symbol to remove clash with sanitizers</li>
17024 <li>8d85053f487c sockstat: Add indirection of symbols to remove clash with sanitizers</li>
17025 <li>81b333ab151a netstat: Add indirection of symbols to remove clash with sanitizers</li>
17026 <li>a472baefefe8 Correct the memset(3)'s third argument in i386 biosdisk.c</li>
17027 <li>7e4e92115bc3 Add ATF c and c++ tests for TSan, MSan, libFuzzer</li>
17028 <li>921ddc9bc97c Set NOSANITIZER in i386 ramdisk image</li>
17029 <li>64361771c78d Enhance MKSANITIZER support</li>
17030 <li>3b5608f80a2b Define target_not_supported_body() in TSan, MSan and libFuzzer tests</li>
17031 <li>c27f4619d513 Avoids signedness bit shift in db_get_value()</li>
17032 <li>680c5b3cc24f Fix LLVM sanitizer build by GCC (HAVE_LLVM=no)</li>
17033 <li>4ecfbbba2f2a Rework the LLVM compiler_rt build rules</li>
17034 <li>748813da5547 Correct the build rules of LLVM sanitizers</li>
17035 <li>20e223156dee Enhance the support of LLVM sanitizers</li>
17036 <li>0bb38eb2f20d Register syms.extra in LLVM sanitizer .syms files</li>
17037 <li>Almost all of the mentioned commits were backported to NetBSD-9 and will land 9.0.</li>
17038 </ul></li>
17039 </ul>
17040
17041 <hr>
17042
17043 <h3><a href="https://github.com/Alexander88207/Homura" rel="nofollow">Homura - a Windows Games Launcher for FreeBSD</a></h3>
17044
17045 <blockquote>
17046 <p>Inspired by lutris (a Linux gaming platform), we would like to provide a game launcher to play windows games on FreeBSD.</p>
17047 </blockquote>
17048
17049 <ul>
17050 <li>Makes it easier to run games on FreeBSD, by providing the tweaks and dependencies for you</li>
17051 <li>Dependencies
17052
17053 <ul>
17054 <li>curl</li>
17055 <li>bash</li>
17056 <li>p7zip</li>
17057 <li>zenity</li>
17058 <li>webfonts</li>
17059 <li>alsa-utils (Optional)</li>
17060 <li>winetricks</li>
17061 <li>vulkan-tools</li>
17062 <li>mesa-demos</li>
17063 <li>i386-wine-devel on amd64 or wine-devel on i386</li>
17064 </ul></li>
17065 </ul>
17066
17067 <hr>
17068
17069 <h2>News Roundup</h2>
17070
17071 <h3><a href="https://www.electronicdesign.com/embedded-revolution/ada-language-cost-savings" rel="nofollow">Ada—The Language of Cost Savings?</a></h3>
17072
17073 <blockquote>
17074 <p>Many myths surround the Ada programming language, but it continues to be used and evolve at the same time. And while the increased adoption of Ada and SPARK, its provable subset, is slow, it’s noticeable. Ada already addresses more of the features found in found in heavily used embedded languages like C+ and C#. It also tackles problems addressed by upcoming languages like Rust.</p>
17075
17076 <p>Chris concludes, “Development technologies have a profound impact on one of the largest and most variable costs associated with embedded-system engineering—labor. At a time when on-time system deployment can not only impact customer satisfaction, but access to services revenue streams, engineering team efficiency is at a premium. Our research showed that programming language choices can have significant influence in this area, leading to shorter projects, better schedules and, ultimately, lower development costs. While a variety of factors can influence and dictate language choice, our research showed that Ada’s evolution has made it an increasingly compelling option for engineering organizations, providing both technically and financially sound solution.”</p>
17077
17078 <p>In general, Ada already makes embedded “programming in the large” much easier by handling issues that aren’t even addressed in other languages. Though these features are often provided by third-party software, it results in inconsistent practices among developers. Ada also supports the gamut of embedded platforms from systems like Arm’s Cortex-M through supercomputers. Learning Ada isn’t as hard as one might think and the benefits can be significant.</p>
17079 </blockquote>
17080
17081 <hr>
17082
17083 <h3><a href="https://www.freebsd.org/news/status/report-2019-04-2019-06.html#FreeBSD-Core-Team" rel="nofollow">FreeBSD core team appoints a WG to explore transitioning from Subversion to Git.</a></h3>
17084
17085 <ul>
17086 <li>The FreeBSD Core Team is the governing body of FreeBSD.</li>
17087 </ul>
17088
17089 <blockquote>
17090 <p>Core approved source commit bits for Doug Moore (dougm), Chuck Silvers (chs), Brandon Bergren (bdragon), and a vendor commit bit for Scott Phillips (scottph).</p>
17091
17092 <p>The annual developer survey closed on 2019-04-02. Of the 397 developers, 243 took the survey with an average completion time of 12 minutes. The public survey closed on 2019-05-13. It was taken by 3637 users and had a 79% completion rate. A presentation of the survey results took place at BSDCan 2019.</p>
17093
17094 <p>The core team voted to appoint a working group to explore transitioning our source code 'source of truth' from Subversion to Git. Core asked Ed Maste to chair the group as Ed has been researching this topic for some time. For example, Ed gave a MeetBSD 2018 talk on the topic.</p>
17095
17096 <p>There is a variety of viewpoints within core regarding where and how to host a Git repository, however core feels that Git is the prudent path forward.</p>
17097 </blockquote>
17098
17099 <hr>
17100
17101 <h3><a href="https://undeadly.org/cgi?action=article;sid=20190810123243" rel="nofollow">OpenBSD 6.6 Beta tagged</a></h3>
17102
17103 <pre><code>CVSROOT: /cvs
17104 Module name: src
17105 Changes by: deraadt@cvs.openbsd.org 2019/08/09 21:56:02
17106
17107 Modified files:
17108 etc/root : root.mail
17109 share/mk : sys.mk
17110 sys/arch/macppc/stand/tbxidata: bsd.tbxi
17111 sys/conf : newvers.sh
17112 sys/sys : param.h
17113 usr.bin/signify: signify.1
17114
17115 Log message:
17116 move to 6.6-beta
17117 </code></pre>
17118
17119 <p><a href="https://www.openbsd.org/66.html" rel="nofollow">Preliminary release notes</a></p>
17120
17121 <p>Improved hardware support, including:</p>
17122
17123 <ul>
17124 <li>clang(1) is now provided on powerpc.</li>
17125 <li>IEEE 802.11 wireless stack improvements:</li>
17126 <li>Generic network stack improvements:</li>
17127 <li>Installer improvements:</li>
17128 <li>Security improvements:</li>
17129 <li> + Routing daemons and other userland network improvements</li>
17130 <li> + The ntpd(8) daemon now gets and sets the clock in a secure way when booting even when a battery-backed clock is absent.</li>
17131 <li> + bgdp(8) improvements</li>
17132 <li> + Assorted improvements:</li>
17133 <li> + The filesystem buffer cache now more aggressively uses memory outside the DMA region, to improve cache performance on amd64 machines.</li>
17134 <li>The BER API previously internal to ldap(1), ldapd(8), ypldap(8), and snmpd(8) has been moved into libutil. See ber_read_elements(3).</li>
17135 <li>Support for specifying boot device in vm.conf(5).</li>
17136 <li>OpenSMTPD 6.6.0</li>
17137 <li>LibreSSL 3.0.X</li>
17138 <li>API and Documentation Enhancements</li>
17139 <li>Completed the port of RSA_METHOD accessors from the OpenSSL 1.1 API.</li>
17140 <li>Documented undescribed options and removed unfunctional options description in openssl(1) manual.</li>
17141 <li>OpenSSH 8.0</li>
17142 </ul>
17143
17144 <hr>
17145
17146 <h3><a href="https://project-trident.org/post/2019-09-04_stable12-u5_available/" rel="nofollow">Project Trident 12-U5 update now available</a></h3>
17147
17148 <blockquote>
17149 <p>This is the fifth general package update to the STABLE release repository based upon TrueOS 12-Stable.</p>
17150 </blockquote>
17151
17152 <ul>
17153 <li>Package changes from Stable 12-U4</li>
17154 <li><p>Package Summary</p>
17155
17156 <ul>
17157 <li>New Packages: 20</li>
17158 <li>Deleted Packages: 24</li>
17159 <li>Updated Packages: 279</li>
17160 </ul></li>
17161 <li><p>New Packages (20)</p>
17162
17163 <ul>
17164 <li>artemis (biology/artemis) : 17.0.1.11</li>
17165 <li>catesc (games/catesc) : 0.6</li>
17166 <li>dmlc-core (devel/dmlc-core) : 0.3.105</li>
17167 <li>go-wtf (sysutils/go-wtf) : 0.20.0_1</li>
17168 <li>instead (games/instead) : 3.3.0_1</li>
17169 <li>lidarr (net-p2p/lidarr) : 0.6.2.883</li>
17170 <li>minerbold (games/minerbold) : 1.4</li>
17171 <li>onnx (math/onnx) : 1.5.0</li>
17172 <li>openzwave-devel (comms/openzwave-devel) : 1.6.897</li>
17173 <li>polkit-qt-1 (sysutils/polkit-qt) : 0.113.0_8</li>
17174 <li>py36-traitsui (graphics/py-traitsui) : 6.1.2</li>
17175 <li>rubygem-aws-sigv2 (devel/rubygem-aws-sigv2) : 1.0.1</li>
17176 <li>rubygem-default_value_for32 (devel/rubygem-default_value_for32) : 3.2.0</li>
17177 <li>rubygem-ffi110 (devel/rubygem-ffi110) : 1.10.0</li>
17178 <li>rubygem-zeitwerk (devel/rubygem-zeitwerk) : 2.1.9</li>
17179 <li>sems (net/sems) : 1.7.0.g20190822</li>
17180 <li>skypat (devel/skypat) : 3.1.1</li>
17181 <li>tvm (math/tvm) : 0.4.1440</li>
17182 <li>vavoom (games/vavoom) : 1.33_15</li>
17183 <li>vavoom-extras (games/vavoom-extras) : 1.30_4</li>
17184 </ul></li>
17185 <li><p>Deleted Packages (24)</p>
17186
17187 <ul>
17188 <li>geeqie (graphics/geeqie) : Unknown reason</li>
17189 <li>iriverter (multimedia/iriverter) : Unknown reason</li>
17190 <li>kde5 (x11/kde5) : Unknown reason</li>
17191 <li>kicad-doc (cad/kicad-doc) : Unknown reason</li>
17192 <li>os-nozfs-buildworld (os/buildworld) : Unknown reason</li>
17193 <li>os-nozfs-userland (os/userland) : Unknown reason</li>
17194 <li>os-nozfs-userland-base (os/userland-base) : Unknown reason</li>
17195 <li>os-nozfs-userland-base-bootstrap (os/userland-base-bootstrap) : Unknown reason</li>
17196 <li>os-nozfs-userland-bin (os/userland-bin) : Unknown reason</li>
17197 <li>os-nozfs-userland-boot (os/userland-boot) : Unknown reason</li>
17198 <li>os-nozfs-userland-conf (os/userland-conf) : Unknown reason</li>
17199 <li>os-nozfs-userland-debug (os/userland-debug) : Unknown reason</li>
17200 <li>os-nozfs-userland-devtools (os/userland-devtools) : Unknown reason</li>
17201 <li>os-nozfs-userland-docs (os/userland-docs) : Unknown reason</li>
17202 <li>os-nozfs-userland-lib (os/userland-lib) : Unknown reason</li>
17203 <li>os-nozfs-userland-lib32 (os/userland-lib32) : Unknown reason</li>
17204 <li>os-nozfs-userland-lib32-development (os/userland-lib32-development) : Unknown reason</li>
17205 <li>os-nozfs-userland-rescue (os/userland-rescue) : Unknown reason</li>
17206 <li>os-nozfs-userland-sbin (os/userland-sbin) : Unknown reason</li>
17207 <li>os-nozfs-userland-tests (os/userland-tests) : Unknown reason</li>
17208 <li>photoprint (print/photoprint) : Unknown reason</li>
17209 <li>plasma5-plasma (x11/plasma5-plasma) : Unknown reason</li>
17210 <li>polkit-qt5 (sysutils/polkit-qt) : Unknown reason</li>
17211 <li>secpanel (security/secpanel) : Unknown reason</li>
17212 </ul></li>
17213 </ul>
17214
17215 <hr>
17216
17217 <h2>Beastie Bits</h2>
17218
17219 <ul>
17220 <li><a href="https://www.dragonflydigest.com/2019/09/10/23472.html" rel="nofollow">DragonFlyBSD - msdosfs updates</a></li>
17221 <li><a href="https://science.sciencemag.org/content/365/6455/834.full" rel="nofollow">Stand out as a speaker</a></li>
17222 <li><a href="http://akpoff.com/archive/2019/not_a_review_of_the_lenovo_x1c7.html" rel="nofollow">Not a review of the 7th Gen X1 Carbon</a></li>
17223 <li><a href="https://www.tfir.io/2019/08/24/freebsd-meets-linux-at-the-open-source-summit/" rel="nofollow">FreeBSD Meets Linux At The Open Source Summit</a></li>
17224 <li><a href="https://blog.bi0s.in/2019/08/24/Pwn/VM-Escape/2019-07-29-qemu-vm-escape-cve-2019-14378/" rel="nofollow">QEMU VM Escape</a></li>
17225 <li><a href="http://blog.netbsd.org/tnf/entry/porting_wine_to_amd64_on1" rel="nofollow">Porting wine to amd64 on NetBSD, third evaluation report.</a></li>
17226 <li><a href="https://undeadly.org/cgi?action=article;sid=20190911113856" rel="nofollow">OpenBSD disabled DoH by default in Firefox</a></li>
17227 </ul>
17228
17229 <hr>
17230
17231 <h2>Feedback/Questions</h2>
17232
17233 <ul>
17234 <li>Reinis - <a href="http://dpaste.com/0SG8630#wrap" rel="nofollow">GELI with UEFI</a></li>
17235 <li>Mason - <a href="http://dpaste.com/1FQN173" rel="nofollow">Beeping</a></li>
17236 </ul>
17237
17238 <p>[CHVT feedback]<br>
17239 DJ - <a href="http://dpaste.com/08M3XNH#wrap" rel="nofollow">Feedback</a><br>
17240 Ben - <a href="http://dpaste.com/274RVCE#wrap" rel="nofollow">chvt</a><br>
17241 Harri - <a href="http://dpaste.com/23R1YMK#wrap" rel="nofollow">Marc's chvt question</a></p>
17242
17243 <hr>
17244
17245 <ul>
17246 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
17247 </ul>
17248
17249 <hr>
17250
17251 <video controls preload="metadata" style=" width:426px; height:240px;">
17252 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0316.mp4" type="video/mp4">
17253 Your browser does not support the HTML5 video tag.
17254 </video>]]>
17255 </itunes:summary>
17256 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+AdKpSAYm</fireside:playerURL>
17257 <fireside:playerEmbedCode>
17258 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+AdKpSAYm" width="740" height="200" frameborder="0" scrolling="no">]]>
17259 </fireside:playerEmbedCode>
17260 </item>
17261 <item>
17262 <title>315: Recapping vBSDcon 2019</title>
17263 <link>https://www.bsdnow.tv/315</link>
17264 <guid isPermaLink="false">7b9117e9-57d1-48ae-8ceb-d92cabe2a2bd</guid>
17265 <pubDate>Wed, 11 Sep 2019 22:45:00 -0700</pubDate>
17266 <author>Allan Jude</author>
17267 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/7b9117e9-57d1-48ae-8ceb-d92cabe2a2bd.mp3" length="55391213" type="audio/mp3"/>
17268 <itunes:episodeType>full</itunes:episodeType>
17269 <itunes:author>Allan Jude</itunes:author>
17270 <itunes:subtitle>vBSDcon 2019 recap, Unix at 50, OpenBSD on fan-less Tuxedo InfinityBook, humungus - an hg server, how to configure a network dump in FreeBSD, and more.</itunes:subtitle>
17271 <itunes:duration>1:16:55</itunes:duration>
17272 <itunes:explicit>no</itunes:explicit>
17273 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
17274 <description>vBSDcon 2019 recap, Unix at 50, OpenBSD on fan-less Tuxedo InfinityBook, humungus - an hg server, how to configure a network dump in FreeBSD, and more.
17275 Headlines
17276 vBSDcon Recap
17277 Allan and Benedict attended vBSDcon 2019, which ended last week.
17278 It was held again at the Hyatt Regency Reston and the main conference was organized by Dan Langille of BSDCan fame.The two day conference was preceded by a one day FreeBSD hackathon, where FreeBSD developers had the chance to work on patches and PRs. In the evening, a reception was held to welcome attendees and give them a chance to chat and get to know each other over food and drinks.
17279 The first day of the conference was opened with a Keynote by Paul Vixie about DNS over HTTPS (DoH). He explained how we got to the current state and what challenges (technical and social) this entails.
17280 If you missed this talk and are dying to see it, it will also be presented at EuroBSDCon next week
17281 John Baldwin followed up by giving an overview of the work on “In-Kernel TLS Framing and Encryption for FreeBSD” abstract (https://www.vbsdcon.com/schedule/2019-09-06.html#talk:132615) and the recent commit we covered in episode 313.
17282 Meanwhile, Brian Callahan was giving a separate session in another room about “Learning to (Open)BSD through its porting system: an attendee-driven educational session” where people had the chance to learn about how to create ports for the BSDs.
17283 David Fullard’s talk about “Transitioning from FreeNAS to FreeBSD” was his first talk at a BSD conference and described how he built his own home NAS setup trying to replicate FreeNAS’ functionality on FreeBSD, and why he transitioned from using an appliance to using vanilla FreeBSD.
17284 Shawn Webb followed with his overview talk about the “State of the Hardened Union”.
17285 Benedict’s talk about “Replacing an Oracle Server with FreeBSD, OpenZFS, and PostgreSQL” was well received as people are interested in how we liberated ourselves from the clutches of Oracle without compromising functionality.
17286 Entertaining and educational at the same time, Michael W. Lucas talk about “Twenty Years in Jail: FreeBSD Jails, Then and Now” closed the first day. Lucas also had a table in the hallway with his various tech and non-tech books for sale.
17287 People formed small groups and went into town for dinner. Some returned later that night to some work in the hacker lounge or talk amongst fellow BSD enthusiasts.
17288 Colin Percival was the keynote speaker for the second day and had an in-depth look at “23 years of software side channel attacks”.
17289 Allan reprised his “ELI5: ZFS Caching” talk explaining how the ZFS adaptive replacement cache (ARC) work and how it can be tuned for various workloads.
17290 “By the numbers: ZFS Performance Results from Six Operating Systems and Their Derivatives” by Michael Dexter followed with his approach to benchmarking OpenZFS on various platforms.
17291 Conor Beh was also a new speaker to vBSDcon. His talk was about “FreeBSD at Work: Building Network and Storage Infrastructure with pfSense and FreeNAS”.
17292 Two OpenBSD talks closed the talk session: Kurt Mosiejczuk with “Care and Feeding of OpenBSD Porters” and Aaron Poffenberger with “Road Warrior Disaster Recovery: Secure, Synchronized, and Backed-up”.
17293 A dinner and reception was enjoyed by the attendees and gave more time to discuss the talks given and other things until late at night.
17294 We want to thank the vBSDcon organizers and especially Dan Langille for running such a great conference. We are grateful to Verisign as the main sponsor and The FreeBSD Foundation for sponsoring the tote bags. Thanks to all the speakers and attendees!
17295 humungus - an hg server (https://humungus.tedunangst.com/r/humungus)
17296 Features
17297 View changes, files, changesets, etc. Some syntax highlighting.
17298 Read only.
17299 Serves multiple repositories.
17300 Allows cloning via the obvious URL. Supports go get.
17301 Serves files for downloads.
17302 Online documentation via mandoc.
17303 Terminal based admin interface.
17304 News Roundup
17305 OpenBSD on fan-less Tuxedo InfinityBook 14″ v2. (https://hazardous.org/archive/blog/openbsd/2019/09/02/OpenBSD-on-Infinitybook14)
17306 The InfinityBook 14” v2 is a fanless 14” notebook. It is an excellent choice for running OpenBSD - but order it with the supported wireless card (see below.).
17307 I’ve set it up in a dual-boot configuration so that I can switch between Linux and OpenBSD - mainly to spot differences in the drivers. TUXEDO allows a variety of configurations through their webshop.
17308 The dual boot setup with grub2 and EFI boot will be covered in a separate blogpost. My tests were done with OpenBSD-current - which is as of writing flagged as 6.6-beta.
17309 See Article for breakdown of CPU, Wireless, Video, Webcam, Audio, ACPI, Battery, Touchpad, and MicroSD Card Reader
17310 Unix at 50: How the OS that powered smartphones started from failure (https://arstechnica.com/gadgets/2019/08/unix-at-50-it-starts-with-a-mainframe-a-gator-and-three-dedicated-researchers/)
17311 Maybe its pervasiveness has long obscured its origins. But Unix, the operating system that in one derivative or another powers nearly all smartphones sold worldwide, was born 50 years ago from the failure of an ambitious project that involved titans like Bell Labs, GE, and MIT. Largely the brainchild of a few programmers at Bell Labs, the unlikely story of Unix begins with a meeting on the top floor of an otherwise unremarkable annex at the sprawling Bell Labs complex in Murray Hill, New Jersey.
17312 It was a bright, cold Monday, the last day of March 1969, and the computer sciences department was hosting distinguished guests: Bill Baker, a Bell Labs vice president, and Ed David, the director of research. Baker was about to pull the plug on Multics (a condensed form of MULTiplexed Information and Computing Service), a software project that the computer sciences department had been working on for four years. Multics was two years overdue, way over budget, and functional only in the loosest possible understanding of the term.
17313 Trying to put the best spin possible on what was clearly an abject failure, Baker gave a speech in which he claimed that Bell Labs had accomplished everything it was trying to accomplish in Multics and that they no longer needed to work on the project. As Berk Tague, a staffer present at the meeting, later told Princeton University, “Like Vietnam, he declared victory and got out of Multics.”
17314 Within the department, this announcement was hardly unexpected. The programmers were acutely aware of the various issues with both the scope of the project and the computer they had been asked to build it for.
17315 Still, it was something to work on, and as long as Bell Labs was working on Multics, they would also have a $7 million mainframe computer to play around with in their spare time. Dennis Ritchie, one of the programmers working on Multics, later said they all felt some stake in the success of the project, even though they knew the odds of that success were exceedingly remote.
17316 Cancellation of Multics meant the end of the only project that the programmers in the Computer science department had to work on—and it also meant the loss of the only computer in the Computer science department. After the GE 645 mainframe was taken apart and hauled off, the computer science department’s resources were reduced to little more than office supplies and a few terminals.
17317 Some of Allan’s favourite excerpts:
17318 In the early '60s, Bill Ninke, a researcher in acoustics, had demonstrated a rudimentary graphical user interface with a DEC PDP-7 minicomputer. Acoustics still had that computer, but they weren’t using it and had stuck it somewhere out of the way up on the sixth floor.
17319 And so Thompson, an indefatigable explorer of the labs’ nooks and crannies, finally found that PDP-7 shortly after Davis and Baker cancelled Multics.
17320 With the rest of the team’s help, Thompson bundled up the various pieces of the PDP-7—a machine about the size of a refrigerator, not counting the terminal—moved it into a closet assigned to the acoustics department, and got it up and running. One way or another, they convinced acoustics to provide space for the computer and also to pay for the not infrequent repairs to it out of that department’s budget.
17321 McIlroy’s programmers suddenly had a computer, kind of. So during the summer of 1969, Thompson, Ritchie, and Canaday hashed out the basics of a file manager that would run on the PDP-7. This was no simple task. Batch computing—running programs one after the other—rarely required that a computer be able to permanently store information, and many mainframes did not have any permanent storage device (whether a tape or a hard disk) attached to them. But the time-sharing environment that these programmers had fallen in love with required attached storage. And with multiple users connected to the same computer at the same time, the file manager had to be written well enough to keep one user’s files from being written over another user’s. When a file was read, the output from that file had to be sent to the user that was opening it.
17322 It was a challenge that McIlroy’s team was willing to accept. They had seen the future of computing and wanted to explore it. They knew that Multics was a dead-end, but they had discovered the possibilities opened up by shared development, shared access, and real-time computing. Twenty years later, Ritchie characterized it for Princeton as such: “What we wanted to preserve was not just a good environment in which to do programming, but a system around which a fellowship could form.”
17323 Eventually when they had the file management system more or less fleshed out conceptually, it came time to actually write the code. The trio—all of whom had terrible handwriting—decided to use the Labs’ dictating service. One of them called up a lab extension and dictated the entire code base into a tape recorder. And thus, some unidentified clerical worker or workers soon had the unenviable task of trying to convert that into a typewritten document.
17324 Of course, it was done imperfectly. Among various errors, “inode” came back as “eye node,” but the output was still viewed as a decided improvement over their assorted scribbles.
17325 In August 1969, Thompson’s wife and son went on a three-week vacation to see her family out in Berkeley, and Thompson decided to spend that time writing an assembler, a file editor, and a kernel to manage the PDP-7 processor. This would turn the group’s file manager into a full-fledged operating system. He generously allocated himself one week for each task.
17326 Thompson finished his tasks more or less on schedule. And by September, the computer science department at Bell Labs had an operating system running on a PDP-7—and it wasn’t Multics.
17327 By the summer of 1970, the team had attached a tape drive to the PDP-7, and their blossoming OS also had a growing selection of tools for programmers (several of which persist down to this day). But despite the successes, Thompson, Canaday, and Ritchie were still being rebuffed by labs management in their efforts to get a brand-new computer.
17328 It wasn’t until late 1971 that the computer science department got a truly modern computer. The Unix team had developed several tools designed to automatically format text files for printing over the past year or so. They had done so to simplify the production of documentation for their pet project, but their tools had escaped and were being used by several researchers elsewhere on the top floor. At the same time, the legal department was prepared to spend a fortune on a mainframe program called “AstroText.” Catching wind of this, the Unix crew realized that they could, with only a little effort, upgrade the tools they had written for their own use into something that the legal department could use to prepare patent applications.
17329 The computer science department pitched lab management on the purchase of a DEC PDP-11 for document production purposes, and Max Mathews offered to pay for the machine out of the acoustics department budget. Finally, management gave in and purchased a computer for the Unix team to play with. Eventually, word leaked out about this operating system, and businesses and institutions with PDP-11s began contacting Bell Labs about their new operating system. The Labs made it available for free—requesting only the cost of postage and media from anyone who wanted a copy.
17330 The rest has quite literally made tech history.
17331 See the link for the rest of the article
17332 How to configure a network dump in FreeBSD? (https://www.oshogbo.vexillium.org/blog/68/)
17333 A network dump might be very useful for collecting kernel crash dumps from embedded machines and machines with a larger amount of RAM then available swap partition size. Besides net dumps we can also try to compress the core dump. However, often this may still not be enough swap to keep whole core dump. In such situation using network dump is a convenient and reliable way for collecting kernel dump.
17334 So, first, let’s talk a little bit about history. The first implementation of the network dumps was implemented around 2000 for the FreeBSD 4.x as a kernel module. The code was implemented in 2010 with the intention of being part of FreeBSD 9.0. However, the code never landed in FreeBSD. Finally, in 2018 with the commit r333283 by Mark Johnston the netdump client code landed in the FreeBSD. Subsequently, many other commitments were then implemented to add support for the different drivers (for example r333289). The first official release of FreeBSD, which support netdump is FreeBSD 12.0.
17335 Now, let’s get back to the main topic. How to configure the network dump? Two machines are needed. One machine is to collect core dump, let’s call it server. We will use the second one to send us the core dump - the client.
17336 See the link for the rest of the article
17337 Beastie Bits
17338 Sudo Mastery 2nd edition is not out (https://mwl.io/archives/4530)
17339 Empirical Notes on the Interaction Between Continuous Kernel Fuzzing and Development (http://users.utu.fi/kakrind/publications/19/vulnfuzz_camera.pdf)
17340 soso (https://github.com/ozkl/soso)
17341 GregKH - OpenBSD was right (https://youtu.be/gUqcMs0svNU?t=254)
17342 Game of Trees (https://gameoftrees.org/faq.html)
17343 Feedback/Questions
17344 BostJan - Another Question (http://dpaste.com/1ZPCCQY#wrap)
17345 Tom - PF (http://dpaste.com/3ZSCB8N#wrap)
17346 JohnnyK - Changing VT without keys (http://dpaste.com/3QZQ7Q5#wrap)
17347 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
17348 <video controls preload="metadata" style=" width:426px; height:240px;">
17349 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0315.mp4" type="video/mp4">
17350 Your browser does not support the HTML5 video tag.
17351 </video>
17352 </description>
17353 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, vBSDcon 2019, fan-less, fanless, tuxedo, infinitybook, tuxedo infinitybook, humungus, hg, hg server, network dump, configure, configuration</itunes:keywords>
17354 <content:encoded>
17355 <![CDATA[<p>vBSDcon 2019 recap, Unix at 50, OpenBSD on fan-less Tuxedo InfinityBook, humungus - an hg server, how to configure a network dump in FreeBSD, and more.</p>
17356
17357 <h2>Headlines</h2>
17358
17359 <h3>vBSDcon Recap</h3>
17360
17361 <p>Allan and Benedict attended vBSDcon 2019, which ended last week.</p>
17362
17363 <p>It was held again at the Hyatt Regency Reston and the main conference was organized by Dan Langille of BSDCan fame.The two day conference was preceded by a one day FreeBSD hackathon, where FreeBSD developers had the chance to work on patches and PRs. In the evening, a reception was held to welcome attendees and give them a chance to chat and get to know each other over food and drinks.</p>
17364
17365 <p>The first day of the conference was opened with a Keynote by Paul Vixie about DNS over HTTPS (DoH). He explained how we got to the current state and what challenges (technical and social) this entails.</p>
17366
17367 <ul>
17368 <li>If you missed this talk and are dying to see it, it will also be presented at EuroBSDCon next week</li>
17369 </ul>
17370
17371 <p>John Baldwin followed up by giving an overview of the work on “In-Kernel TLS Framing and Encryption for FreeBSD” <a href="https://www.vbsdcon.com/schedule/2019-09-06.html#talk:132615" rel="nofollow">abstract</a> and the recent commit we covered in episode 313.</p>
17372
17373 <p>Meanwhile, Brian Callahan was giving a separate session in another room about “Learning to (Open)BSD through its porting system: an attendee-driven educational session” where people had the chance to learn about how to create ports for the BSDs.</p>
17374
17375 <p>David Fullard’s talk about “Transitioning from FreeNAS to FreeBSD” was his first talk at a BSD conference and described how he built his own home NAS setup trying to replicate FreeNAS’ functionality on FreeBSD, and why he transitioned from using an appliance to using vanilla FreeBSD.</p>
17376
17377 <p>Shawn Webb followed with his overview talk about the “State of the Hardened Union”. </p>
17378
17379 <p>Benedict’s talk about “Replacing an Oracle Server with FreeBSD, OpenZFS, and PostgreSQL” was well received as people are interested in how we liberated ourselves from the clutches of Oracle without compromising functionality.</p>
17380
17381 <p>Entertaining and educational at the same time, Michael W. Lucas talk about “Twenty Years in Jail: FreeBSD Jails, Then and Now” closed the first day. Lucas also had a table in the hallway with his various tech and non-tech books for sale.</p>
17382
17383 <p>People formed small groups and went into town for dinner. Some returned later that night to some work in the hacker lounge or talk amongst fellow BSD enthusiasts. </p>
17384
17385 <p>Colin Percival was the keynote speaker for the second day and had an in-depth look at “23 years of software side channel attacks”.</p>
17386
17387 <p>Allan reprised his “ELI5: ZFS Caching” talk explaining how the ZFS adaptive replacement cache (ARC) work and how it can be tuned for various workloads.</p>
17388
17389 <p>“By the numbers: ZFS Performance Results from Six Operating Systems and Their Derivatives” by Michael Dexter followed with his approach to benchmarking OpenZFS on various platforms.</p>
17390
17391 <p>Conor Beh was also a new speaker to vBSDcon. His talk was about “FreeBSD at Work: Building Network and Storage Infrastructure with pfSense and FreeNAS”.</p>
17392
17393 <p>Two OpenBSD talks closed the talk session: Kurt Mosiejczuk with “Care and Feeding of OpenBSD Porters” and Aaron Poffenberger with “Road Warrior Disaster Recovery: Secure, Synchronized, and Backed-up”.</p>
17394
17395 <p>A dinner and reception was enjoyed by the attendees and gave more time to discuss the talks given and other things until late at night.</p>
17396
17397 <p>We want to thank the vBSDcon organizers and especially Dan Langille for running such a great conference. We are grateful to Verisign as the main sponsor and The FreeBSD Foundation for sponsoring the tote bags. Thanks to all the speakers and attendees!</p>
17398
17399 <h3><a href="https://humungus.tedunangst.com/r/humungus" rel="nofollow">humungus - an hg server</a></h3>
17400
17401 <ul>
17402 <li>Features
17403
17404 <ul>
17405 <li>View changes, files, changesets, etc. Some syntax highlighting.</li>
17406 <li>Read only.</li>
17407 <li>Serves multiple repositories.</li>
17408 <li>Allows cloning via the obvious URL. Supports go get.</li>
17409 <li>Serves files for downloads.</li>
17410 <li>Online documentation via mandoc.</li>
17411 <li>Terminal based admin interface.</li>
17412 </ul></li>
17413 </ul>
17414
17415 <hr>
17416
17417 <h2>News Roundup</h2>
17418
17419 <h3><a href="https://hazardous.org/archive/blog/openbsd/2019/09/02/OpenBSD-on-Infinitybook14" rel="nofollow">OpenBSD on fan-less Tuxedo InfinityBook 14″ v2.</a></h3>
17420
17421 <blockquote>
17422 <p>The InfinityBook 14” v2 is a fanless 14” notebook. It is an excellent choice for running OpenBSD - but order it with the supported wireless card (see below.).</p>
17423
17424 <p>I’ve set it up in a dual-boot configuration so that I can switch between Linux and OpenBSD - mainly to spot differences in the drivers. TUXEDO allows a variety of configurations through their webshop.</p>
17425
17426 <p>The dual boot setup with grub2 and EFI boot will be covered in a separate blogpost. My tests were done with OpenBSD-current - which is as of writing flagged as 6.6-beta.</p>
17427 </blockquote>
17428
17429 <ul>
17430 <li>See Article for breakdown of CPU, Wireless, Video, Webcam, Audio, ACPI, Battery, Touchpad, and MicroSD Card Reader</li>
17431 </ul>
17432
17433 <hr>
17434
17435 <h3><a href="https://arstechnica.com/gadgets/2019/08/unix-at-50-it-starts-with-a-mainframe-a-gator-and-three-dedicated-researchers/" rel="nofollow">Unix at 50: How the OS that powered smartphones started from failure</a></h3>
17436
17437 <blockquote>
17438 <p>Maybe its pervasiveness has long obscured its origins. But Unix, the operating system that in one derivative or another powers nearly all smartphones sold worldwide, was born 50 years ago from the failure of an ambitious project that involved titans like Bell Labs, GE, and MIT. Largely the brainchild of a few programmers at Bell Labs, the unlikely story of Unix begins with a meeting on the top floor of an otherwise unremarkable annex at the sprawling Bell Labs complex in Murray Hill, New Jersey.</p>
17439
17440 <p>It was a bright, cold Monday, the last day of March 1969, and the computer sciences department was hosting distinguished guests: Bill Baker, a Bell Labs vice president, and Ed David, the director of research. Baker was about to pull the plug on Multics (a condensed form of MULTiplexed Information and Computing Service), a software project that the computer sciences department had been working on for four years. Multics was two years overdue, way over budget, and functional only in the loosest possible understanding of the term.</p>
17441
17442 <p>Trying to put the best spin possible on what was clearly an abject failure, Baker gave a speech in which he claimed that Bell Labs had accomplished everything it was trying to accomplish in Multics and that they no longer needed to work on the project. As Berk Tague, a staffer present at the meeting, later told Princeton University, “Like Vietnam, he declared victory and got out of Multics.”</p>
17443
17444 <p>Within the department, this announcement was hardly unexpected. The programmers were acutely aware of the various issues with both the scope of the project and the computer they had been asked to build it for.</p>
17445
17446 <p>Still, it was something to work on, and as long as Bell Labs was working on Multics, they would also have a $7 million mainframe computer to play around with in their spare time. Dennis Ritchie, one of the programmers working on Multics, later said they all felt some stake in the success of the project, even though they knew the odds of that success were exceedingly remote.</p>
17447
17448 <p>Cancellation of Multics meant the end of the only project that the programmers in the Computer science department had to work on—and it also meant the loss of the only computer in the Computer science department. After the GE 645 mainframe was taken apart and hauled off, the computer science department’s resources were reduced to little more than office supplies and a few terminals.</p>
17449 </blockquote>
17450
17451 <ul>
17452 <li>Some of Allan’s favourite excerpts:</li>
17453 </ul>
17454
17455 <blockquote>
17456 <p>In the early '60s, Bill Ninke, a researcher in acoustics, had demonstrated a rudimentary graphical user interface with a DEC PDP-7 minicomputer. Acoustics still had that computer, but they weren’t using it and had stuck it somewhere out of the way up on the sixth floor.</p>
17457
17458 <p>And so Thompson, an indefatigable explorer of the labs’ nooks and crannies, finally found that PDP-7 shortly after Davis and Baker cancelled Multics.</p>
17459
17460 <p>With the rest of the team’s help, Thompson bundled up the various pieces of the PDP-7—a machine about the size of a refrigerator, not counting the terminal—moved it into a closet assigned to the acoustics department, and got it up and running. One way or another, they convinced acoustics to provide space for the computer and also to pay for the not infrequent repairs to it out of that department’s budget.</p>
17461
17462 <p>McIlroy’s programmers suddenly had a computer, kind of. So during the summer of 1969, Thompson, Ritchie, and Canaday hashed out the basics of a file manager that would run on the PDP-7. This was no simple task. Batch computing—running programs one after the other—rarely required that a computer be able to permanently store information, and many mainframes did not have any permanent storage device (whether a tape or a hard disk) attached to them. But the time-sharing environment that these programmers had fallen in love with required attached storage. And with multiple users connected to the same computer at the same time, the file manager had to be written well enough to keep one user’s files from being written over another user’s. When a file was read, the output from that file had to be sent to the user that was opening it.</p>
17463
17464 <p>It was a challenge that McIlroy’s team was willing to accept. They had seen the future of computing and wanted to explore it. They knew that Multics was a dead-end, but they had discovered the possibilities opened up by shared development, shared access, and real-time computing. Twenty years later, Ritchie characterized it for Princeton as such: “What we wanted to preserve was not just a good environment in which to do programming, but a system around which a fellowship could form.”</p>
17465
17466 <p>Eventually when they had the file management system more or less fleshed out conceptually, it came time to actually write the code. The trio—all of whom had terrible handwriting—decided to use the Labs’ dictating service. One of them called up a lab extension and dictated the entire code base into a tape recorder. And thus, some unidentified clerical worker or workers soon had the unenviable task of trying to convert that into a typewritten document.</p>
17467
17468 <p>Of course, it was done imperfectly. Among various errors, “inode” came back as “eye node,” but the output was still viewed as a decided improvement over their assorted scribbles.</p>
17469
17470 <p>In August 1969, Thompson’s wife and son went on a three-week vacation to see her family out in Berkeley, and Thompson decided to spend that time writing an assembler, a file editor, and a kernel to manage the PDP-7 processor. This would turn the group’s file manager into a full-fledged operating system. He generously allocated himself one week for each task.</p>
17471
17472 <p>Thompson finished his tasks more or less on schedule. And by September, the computer science department at Bell Labs had an operating system running on a PDP-7—and it wasn’t Multics.</p>
17473
17474 <p>By the summer of 1970, the team had attached a tape drive to the PDP-7, and their blossoming OS also had a growing selection of tools for programmers (several of which persist down to this day). But despite the successes, Thompson, Canaday, and Ritchie were still being rebuffed by labs management in their efforts to get a brand-new computer.</p>
17475
17476 <p>It wasn’t until late 1971 that the computer science department got a truly modern computer. The Unix team had developed several tools designed to automatically format text files for printing over the past year or so. They had done so to simplify the production of documentation for their pet project, but their tools had escaped and were being used by several researchers elsewhere on the top floor. At the same time, the legal department was prepared to spend a fortune on a mainframe program called “AstroText.” Catching wind of this, the Unix crew realized that they could, with only a little effort, upgrade the tools they had written for their own use into something that the legal department could use to prepare patent applications.</p>
17477
17478 <p>The computer science department pitched lab management on the purchase of a DEC PDP-11 for document production purposes, and Max Mathews offered to pay for the machine out of the acoustics department budget. Finally, management gave in and purchased a computer for the Unix team to play with. Eventually, word leaked out about this operating system, and businesses and institutions with PDP-11s began contacting Bell Labs about their new operating system. The Labs made it available for free—requesting only the cost of postage and media from anyone who wanted a copy.</p>
17479
17480 <p>The rest has quite literally made tech history.</p>
17481 </blockquote>
17482
17483 <ul>
17484 <li>See the link for the rest of the article</li>
17485 </ul>
17486
17487 <hr>
17488
17489 <h3><a href="https://www.oshogbo.vexillium.org/blog/68/" rel="nofollow">How to configure a network dump in FreeBSD?</a></h3>
17490
17491 <blockquote>
17492 <p>A network dump might be very useful for collecting kernel crash dumps from embedded machines and machines with a larger amount of RAM then available swap partition size. Besides net dumps we can also try to compress the core dump. However, often this may still not be enough swap to keep whole core dump. In such situation using network dump is a convenient and reliable way for collecting kernel dump.</p>
17493
17494 <p>So, first, let’s talk a little bit about history. The first implementation of the network dumps was implemented around 2000 for the FreeBSD 4.x as a kernel module. The code was implemented in 2010 with the intention of being part of FreeBSD 9.0. However, the code never landed in FreeBSD. Finally, in 2018 with the commit r333283 by Mark Johnston the netdump client code landed in the FreeBSD. Subsequently, many other commitments were then implemented to add support for the different drivers (for example r333289). The first official release of FreeBSD, which support netdump is FreeBSD 12.0.</p>
17495
17496 <p>Now, let’s get back to the main topic. How to configure the network dump? Two machines are needed. One machine is to collect core dump, let’s call it server. We will use the second one to send us the core dump - the client. </p>
17497 </blockquote>
17498
17499 <ul>
17500 <li>See the link for the rest of the article</li>
17501 </ul>
17502
17503 <hr>
17504
17505 <h2>Beastie Bits</h2>
17506
17507 <ul>
17508 <li><a href="https://mwl.io/archives/4530" rel="nofollow">Sudo Mastery 2nd edition is not out</a></li>
17509 <li><a href="http://users.utu.fi/kakrind/publications/19/vulnfuzz_camera.pdf" rel="nofollow">Empirical Notes on the Interaction Between Continuous Kernel Fuzzing and Development</a></li>
17510 <li><a href="https://github.com/ozkl/soso" rel="nofollow">soso</a></li>
17511 <li><a href="https://youtu.be/gUqcMs0svNU?t=254" rel="nofollow">GregKH - OpenBSD was right</a></li>
17512 <li><a href="https://gameoftrees.org/faq.html" rel="nofollow">Game of Trees</a></li>
17513 </ul>
17514
17515 <hr>
17516
17517 <h2>Feedback/Questions</h2>
17518
17519 <ul>
17520 <li>BostJan - <a href="http://dpaste.com/1ZPCCQY#wrap" rel="nofollow">Another Question</a></li>
17521 <li>Tom - <a href="http://dpaste.com/3ZSCB8N#wrap" rel="nofollow">PF</a></li>
17522 <li>JohnnyK - <a href="http://dpaste.com/3QZQ7Q5#wrap" rel="nofollow">Changing VT without keys</a></li>
17523 </ul>
17524
17525 <hr>
17526
17527 <ul>
17528 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
17529 </ul>
17530
17531 <hr>
17532
17533 <video controls preload="metadata" style=" width:426px; height:240px;">
17534 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0315.mp4" type="video/mp4">
17535 Your browser does not support the HTML5 video tag.
17536 </video>]]>
17537 </content:encoded>
17538 <itunes:summary>
17539 <![CDATA[<p>vBSDcon 2019 recap, Unix at 50, OpenBSD on fan-less Tuxedo InfinityBook, humungus - an hg server, how to configure a network dump in FreeBSD, and more.</p>
17540
17541 <h2>Headlines</h2>
17542
17543 <h3>vBSDcon Recap</h3>
17544
17545 <p>Allan and Benedict attended vBSDcon 2019, which ended last week.</p>
17546
17547 <p>It was held again at the Hyatt Regency Reston and the main conference was organized by Dan Langille of BSDCan fame.The two day conference was preceded by a one day FreeBSD hackathon, where FreeBSD developers had the chance to work on patches and PRs. In the evening, a reception was held to welcome attendees and give them a chance to chat and get to know each other over food and drinks.</p>
17548
17549 <p>The first day of the conference was opened with a Keynote by Paul Vixie about DNS over HTTPS (DoH). He explained how we got to the current state and what challenges (technical and social) this entails.</p>
17550
17551 <ul>
17552 <li>If you missed this talk and are dying to see it, it will also be presented at EuroBSDCon next week</li>
17553 </ul>
17554
17555 <p>John Baldwin followed up by giving an overview of the work on “In-Kernel TLS Framing and Encryption for FreeBSD” <a href="https://www.vbsdcon.com/schedule/2019-09-06.html#talk:132615" rel="nofollow">abstract</a> and the recent commit we covered in episode 313.</p>
17556
17557 <p>Meanwhile, Brian Callahan was giving a separate session in another room about “Learning to (Open)BSD through its porting system: an attendee-driven educational session” where people had the chance to learn about how to create ports for the BSDs.</p>
17558
17559 <p>David Fullard’s talk about “Transitioning from FreeNAS to FreeBSD” was his first talk at a BSD conference and described how he built his own home NAS setup trying to replicate FreeNAS’ functionality on FreeBSD, and why he transitioned from using an appliance to using vanilla FreeBSD.</p>
17560
17561 <p>Shawn Webb followed with his overview talk about the “State of the Hardened Union”. </p>
17562
17563 <p>Benedict’s talk about “Replacing an Oracle Server with FreeBSD, OpenZFS, and PostgreSQL” was well received as people are interested in how we liberated ourselves from the clutches of Oracle without compromising functionality.</p>
17564
17565 <p>Entertaining and educational at the same time, Michael W. Lucas talk about “Twenty Years in Jail: FreeBSD Jails, Then and Now” closed the first day. Lucas also had a table in the hallway with his various tech and non-tech books for sale.</p>
17566
17567 <p>People formed small groups and went into town for dinner. Some returned later that night to some work in the hacker lounge or talk amongst fellow BSD enthusiasts. </p>
17568
17569 <p>Colin Percival was the keynote speaker for the second day and had an in-depth look at “23 years of software side channel attacks”.</p>
17570
17571 <p>Allan reprised his “ELI5: ZFS Caching” talk explaining how the ZFS adaptive replacement cache (ARC) work and how it can be tuned for various workloads.</p>
17572
17573 <p>“By the numbers: ZFS Performance Results from Six Operating Systems and Their Derivatives” by Michael Dexter followed with his approach to benchmarking OpenZFS on various platforms.</p>
17574
17575 <p>Conor Beh was also a new speaker to vBSDcon. His talk was about “FreeBSD at Work: Building Network and Storage Infrastructure with pfSense and FreeNAS”.</p>
17576
17577 <p>Two OpenBSD talks closed the talk session: Kurt Mosiejczuk with “Care and Feeding of OpenBSD Porters” and Aaron Poffenberger with “Road Warrior Disaster Recovery: Secure, Synchronized, and Backed-up”.</p>
17578
17579 <p>A dinner and reception was enjoyed by the attendees and gave more time to discuss the talks given and other things until late at night.</p>
17580
17581 <p>We want to thank the vBSDcon organizers and especially Dan Langille for running such a great conference. We are grateful to Verisign as the main sponsor and The FreeBSD Foundation for sponsoring the tote bags. Thanks to all the speakers and attendees!</p>
17582
17583 <h3><a href="https://humungus.tedunangst.com/r/humungus" rel="nofollow">humungus - an hg server</a></h3>
17584
17585 <ul>
17586 <li>Features
17587
17588 <ul>
17589 <li>View changes, files, changesets, etc. Some syntax highlighting.</li>
17590 <li>Read only.</li>
17591 <li>Serves multiple repositories.</li>
17592 <li>Allows cloning via the obvious URL. Supports go get.</li>
17593 <li>Serves files for downloads.</li>
17594 <li>Online documentation via mandoc.</li>
17595 <li>Terminal based admin interface.</li>
17596 </ul></li>
17597 </ul>
17598
17599 <hr>
17600
17601 <h2>News Roundup</h2>
17602
17603 <h3><a href="https://hazardous.org/archive/blog/openbsd/2019/09/02/OpenBSD-on-Infinitybook14" rel="nofollow">OpenBSD on fan-less Tuxedo InfinityBook 14″ v2.</a></h3>
17604
17605 <blockquote>
17606 <p>The InfinityBook 14” v2 is a fanless 14” notebook. It is an excellent choice for running OpenBSD - but order it with the supported wireless card (see below.).</p>
17607
17608 <p>I’ve set it up in a dual-boot configuration so that I can switch between Linux and OpenBSD - mainly to spot differences in the drivers. TUXEDO allows a variety of configurations through their webshop.</p>
17609
17610 <p>The dual boot setup with grub2 and EFI boot will be covered in a separate blogpost. My tests were done with OpenBSD-current - which is as of writing flagged as 6.6-beta.</p>
17611 </blockquote>
17612
17613 <ul>
17614 <li>See Article for breakdown of CPU, Wireless, Video, Webcam, Audio, ACPI, Battery, Touchpad, and MicroSD Card Reader</li>
17615 </ul>
17616
17617 <hr>
17618
17619 <h3><a href="https://arstechnica.com/gadgets/2019/08/unix-at-50-it-starts-with-a-mainframe-a-gator-and-three-dedicated-researchers/" rel="nofollow">Unix at 50: How the OS that powered smartphones started from failure</a></h3>
17620
17621 <blockquote>
17622 <p>Maybe its pervasiveness has long obscured its origins. But Unix, the operating system that in one derivative or another powers nearly all smartphones sold worldwide, was born 50 years ago from the failure of an ambitious project that involved titans like Bell Labs, GE, and MIT. Largely the brainchild of a few programmers at Bell Labs, the unlikely story of Unix begins with a meeting on the top floor of an otherwise unremarkable annex at the sprawling Bell Labs complex in Murray Hill, New Jersey.</p>
17623
17624 <p>It was a bright, cold Monday, the last day of March 1969, and the computer sciences department was hosting distinguished guests: Bill Baker, a Bell Labs vice president, and Ed David, the director of research. Baker was about to pull the plug on Multics (a condensed form of MULTiplexed Information and Computing Service), a software project that the computer sciences department had been working on for four years. Multics was two years overdue, way over budget, and functional only in the loosest possible understanding of the term.</p>
17625
17626 <p>Trying to put the best spin possible on what was clearly an abject failure, Baker gave a speech in which he claimed that Bell Labs had accomplished everything it was trying to accomplish in Multics and that they no longer needed to work on the project. As Berk Tague, a staffer present at the meeting, later told Princeton University, “Like Vietnam, he declared victory and got out of Multics.”</p>
17627
17628 <p>Within the department, this announcement was hardly unexpected. The programmers were acutely aware of the various issues with both the scope of the project and the computer they had been asked to build it for.</p>
17629
17630 <p>Still, it was something to work on, and as long as Bell Labs was working on Multics, they would also have a $7 million mainframe computer to play around with in their spare time. Dennis Ritchie, one of the programmers working on Multics, later said they all felt some stake in the success of the project, even though they knew the odds of that success were exceedingly remote.</p>
17631
17632 <p>Cancellation of Multics meant the end of the only project that the programmers in the Computer science department had to work on—and it also meant the loss of the only computer in the Computer science department. After the GE 645 mainframe was taken apart and hauled off, the computer science department’s resources were reduced to little more than office supplies and a few terminals.</p>
17633 </blockquote>
17634
17635 <ul>
17636 <li>Some of Allan’s favourite excerpts:</li>
17637 </ul>
17638
17639 <blockquote>
17640 <p>In the early '60s, Bill Ninke, a researcher in acoustics, had demonstrated a rudimentary graphical user interface with a DEC PDP-7 minicomputer. Acoustics still had that computer, but they weren’t using it and had stuck it somewhere out of the way up on the sixth floor.</p>
17641
17642 <p>And so Thompson, an indefatigable explorer of the labs’ nooks and crannies, finally found that PDP-7 shortly after Davis and Baker cancelled Multics.</p>
17643
17644 <p>With the rest of the team’s help, Thompson bundled up the various pieces of the PDP-7—a machine about the size of a refrigerator, not counting the terminal—moved it into a closet assigned to the acoustics department, and got it up and running. One way or another, they convinced acoustics to provide space for the computer and also to pay for the not infrequent repairs to it out of that department’s budget.</p>
17645
17646 <p>McIlroy’s programmers suddenly had a computer, kind of. So during the summer of 1969, Thompson, Ritchie, and Canaday hashed out the basics of a file manager that would run on the PDP-7. This was no simple task. Batch computing—running programs one after the other—rarely required that a computer be able to permanently store information, and many mainframes did not have any permanent storage device (whether a tape or a hard disk) attached to them. But the time-sharing environment that these programmers had fallen in love with required attached storage. And with multiple users connected to the same computer at the same time, the file manager had to be written well enough to keep one user’s files from being written over another user’s. When a file was read, the output from that file had to be sent to the user that was opening it.</p>
17647
17648 <p>It was a challenge that McIlroy’s team was willing to accept. They had seen the future of computing and wanted to explore it. They knew that Multics was a dead-end, but they had discovered the possibilities opened up by shared development, shared access, and real-time computing. Twenty years later, Ritchie characterized it for Princeton as such: “What we wanted to preserve was not just a good environment in which to do programming, but a system around which a fellowship could form.”</p>
17649
17650 <p>Eventually when they had the file management system more or less fleshed out conceptually, it came time to actually write the code. The trio—all of whom had terrible handwriting—decided to use the Labs’ dictating service. One of them called up a lab extension and dictated the entire code base into a tape recorder. And thus, some unidentified clerical worker or workers soon had the unenviable task of trying to convert that into a typewritten document.</p>
17651
17652 <p>Of course, it was done imperfectly. Among various errors, “inode” came back as “eye node,” but the output was still viewed as a decided improvement over their assorted scribbles.</p>
17653
17654 <p>In August 1969, Thompson’s wife and son went on a three-week vacation to see her family out in Berkeley, and Thompson decided to spend that time writing an assembler, a file editor, and a kernel to manage the PDP-7 processor. This would turn the group’s file manager into a full-fledged operating system. He generously allocated himself one week for each task.</p>
17655
17656 <p>Thompson finished his tasks more or less on schedule. And by September, the computer science department at Bell Labs had an operating system running on a PDP-7—and it wasn’t Multics.</p>
17657
17658 <p>By the summer of 1970, the team had attached a tape drive to the PDP-7, and their blossoming OS also had a growing selection of tools for programmers (several of which persist down to this day). But despite the successes, Thompson, Canaday, and Ritchie were still being rebuffed by labs management in their efforts to get a brand-new computer.</p>
17659
17660 <p>It wasn’t until late 1971 that the computer science department got a truly modern computer. The Unix team had developed several tools designed to automatically format text files for printing over the past year or so. They had done so to simplify the production of documentation for their pet project, but their tools had escaped and were being used by several researchers elsewhere on the top floor. At the same time, the legal department was prepared to spend a fortune on a mainframe program called “AstroText.” Catching wind of this, the Unix crew realized that they could, with only a little effort, upgrade the tools they had written for their own use into something that the legal department could use to prepare patent applications.</p>
17661
17662 <p>The computer science department pitched lab management on the purchase of a DEC PDP-11 for document production purposes, and Max Mathews offered to pay for the machine out of the acoustics department budget. Finally, management gave in and purchased a computer for the Unix team to play with. Eventually, word leaked out about this operating system, and businesses and institutions with PDP-11s began contacting Bell Labs about their new operating system. The Labs made it available for free—requesting only the cost of postage and media from anyone who wanted a copy.</p>
17663
17664 <p>The rest has quite literally made tech history.</p>
17665 </blockquote>
17666
17667 <ul>
17668 <li>See the link for the rest of the article</li>
17669 </ul>
17670
17671 <hr>
17672
17673 <h3><a href="https://www.oshogbo.vexillium.org/blog/68/" rel="nofollow">How to configure a network dump in FreeBSD?</a></h3>
17674
17675 <blockquote>
17676 <p>A network dump might be very useful for collecting kernel crash dumps from embedded machines and machines with a larger amount of RAM then available swap partition size. Besides net dumps we can also try to compress the core dump. However, often this may still not be enough swap to keep whole core dump. In such situation using network dump is a convenient and reliable way for collecting kernel dump.</p>
17677
17678 <p>So, first, let’s talk a little bit about history. The first implementation of the network dumps was implemented around 2000 for the FreeBSD 4.x as a kernel module. The code was implemented in 2010 with the intention of being part of FreeBSD 9.0. However, the code never landed in FreeBSD. Finally, in 2018 with the commit r333283 by Mark Johnston the netdump client code landed in the FreeBSD. Subsequently, many other commitments were then implemented to add support for the different drivers (for example r333289). The first official release of FreeBSD, which support netdump is FreeBSD 12.0.</p>
17679
17680 <p>Now, let’s get back to the main topic. How to configure the network dump? Two machines are needed. One machine is to collect core dump, let’s call it server. We will use the second one to send us the core dump - the client. </p>
17681 </blockquote>
17682
17683 <ul>
17684 <li>See the link for the rest of the article</li>
17685 </ul>
17686
17687 <hr>
17688
17689 <h2>Beastie Bits</h2>
17690
17691 <ul>
17692 <li><a href="https://mwl.io/archives/4530" rel="nofollow">Sudo Mastery 2nd edition is not out</a></li>
17693 <li><a href="http://users.utu.fi/kakrind/publications/19/vulnfuzz_camera.pdf" rel="nofollow">Empirical Notes on the Interaction Between Continuous Kernel Fuzzing and Development</a></li>
17694 <li><a href="https://github.com/ozkl/soso" rel="nofollow">soso</a></li>
17695 <li><a href="https://youtu.be/gUqcMs0svNU?t=254" rel="nofollow">GregKH - OpenBSD was right</a></li>
17696 <li><a href="https://gameoftrees.org/faq.html" rel="nofollow">Game of Trees</a></li>
17697 </ul>
17698
17699 <hr>
17700
17701 <h2>Feedback/Questions</h2>
17702
17703 <ul>
17704 <li>BostJan - <a href="http://dpaste.com/1ZPCCQY#wrap" rel="nofollow">Another Question</a></li>
17705 <li>Tom - <a href="http://dpaste.com/3ZSCB8N#wrap" rel="nofollow">PF</a></li>
17706 <li>JohnnyK - <a href="http://dpaste.com/3QZQ7Q5#wrap" rel="nofollow">Changing VT without keys</a></li>
17707 </ul>
17708
17709 <hr>
17710
17711 <ul>
17712 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
17713 </ul>
17714
17715 <hr>
17716
17717 <video controls preload="metadata" style=" width:426px; height:240px;">
17718 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0315.mp4" type="video/mp4">
17719 Your browser does not support the HTML5 video tag.
17720 </video>]]>
17721 </itunes:summary>
17722 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+Ws5hqiZQ</fireside:playerURL>
17723 <fireside:playerEmbedCode>
17724 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+Ws5hqiZQ" width="740" height="200" frameborder="0" scrolling="no">]]>
17725 </fireside:playerEmbedCode>
17726 </item>
17727 <item>
17728 <title>314: Swap that Space</title>
17729 <link>https://www.bsdnow.tv/314</link>
17730 <guid isPermaLink="false">a98d492a-7c4f-4f70-b6cf-388387042427</guid>
17731 <pubDate>Wed, 04 Sep 2019 17:00:00 -0700</pubDate>
17732 <author>Allan Jude</author>
17733 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/a98d492a-7c4f-4f70-b6cf-388387042427.mp3" length="34897838" type="audio/mp3"/>
17734 <itunes:episodeType>full</itunes:episodeType>
17735 <itunes:author>Allan Jude</itunes:author>
17736 <itunes:subtitle>Unix virtual memory when you have no swap space, Dsynth details on Dragonfly, Instant Workstation on FreeBSD, new servers new tech, Experimenting with streaming setups on NetBSD, NetBSD’s progress towards Steam support thanks to GSoC, and more.</itunes:subtitle>
17737 <itunes:duration>48:28</itunes:duration>
17738 <itunes:explicit>no</itunes:explicit>
17739 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
17740 <description>Unix virtual memory when you have no swap space, Dsynth details on Dragonfly, Instant Workstation on FreeBSD, new servers new tech, Experimenting with streaming setups on NetBSD, NetBSD’s progress towards Steam support thanks to GSoC, and more.
17741 Headlines
17742 What has to happen with Unix virtual memory when you have no swap space (https://utcc.utoronto.ca/~cks/space/blog/unix/NoSwapConsequence)
17743 Recently, Artem S. Tashkinov wrote on the Linux kernel mailing list about a Linux problem under memory pressure (via, and threaded here). The specific reproduction instructions involved having low RAM, turning off swap space, and then putting the system under load, and when that happened (emphasis mine):
17744 Once you hit a situation when opening a new tab requires more RAM than is currently available, the system will stall hard. You will barely be able to move the mouse pointer. Your disk LED will be flashing incessantly (I'm not entirely sure why). [...]
17745 I'm afraid I have bad news for the people snickering at Linux here; if you're running without swap space, you can probably get any Unix to behave this way under memory pressure. If you can't on your particular Unix, I'd actually say that your Unix is probably not letting you get full use out of your RAM.
17746 To simplify a bit, we can divide pages of user memory up into anonymous pages and file-backed pages. File-backed pages are what they sound like; they come from some specific file on the filesystem that they can be written out to (if they're dirty) or read back in from. Anonymous pages are not backed by a file, so the only place they can be written out to and read back in from is swap space. Anonymous pages mostly come from dynamic memory allocations and from modifying the program's global variables and data; file backed pages come mostly from mapping files into memory with mmap() and also, crucially, from the code and read-only data of the program.
17747 See link for the rest of the article
17748 Dsynth details on Dragonfly (https://www.dragonflydigest.com/2019/08/27/23398.html)
17749 First, history: DragonFly has had binaries of dports available for download for quite some time. These were originally built using poudriere, and then using the synth tool put together by John Marino. Synth worked both to build all software in dports, and as a way to test DragonFly’s SMP capability under extreme load.
17750 Matthew Dillon is working on a new version, called dsynth. It is available now but not yet part of the build. He’s been working quickly on it and there’s plenty more commits than what I have linked here. It’s already led to finding more high-load fixes.
17751 dsynth
17752 DSynth is basically synth written in C, from scratch. It is designed to give us a bulk builder in base and be friendly to porting and jails down the line (for now its uses chroot's).
17753 The original synth was written by John R. Marino and its basic flow was used in writing this program, but as it was written in ada no code was directly copied.
17754 The intent is to make dsynth compatible with synth's configuration files and directory structure.
17755 This is a work in progress and not yet ready for prime-time. Pushing so we can get some more eyeballs. Most of the directives do not yet work (everything, and build works, and 'cleanup' can be used to clean up any dangling mounts).
17756 dsynth code (https://gitweb.dragonflybsd.org/dragonfly.git/blob/HEAD:/usr.bin/dsynth/dsynth.1)
17757 News Roundup
17758 Instant Workstation (https://euroquis.nl/freebsd/2019/08/12/instant-workstation.html)
17759 Some considerable time ago I wrote up instructions on how to set up a FreeBSD machine with the latest KDE Plasma Desktop. Those instructions, while fairly short (set up X, install the KDE meta-port, .. and that’s it) are a bit fiddly.
17760 So – prompted slightly by a Twitter exchange recently – I’ve started a mini-sub-project to script the installation of a desktop environment and the bits needed to support it. To give it at least a modicum of UI, dialog(1) is used to ask for an environment to install and a display manager.
17761 The tricky bits – pointed out to me after I started – are hardware support, although a best-effort is better than having nothing, I think.
17762 In any case, in a VBox host it’s now down to running a single script and picking Plasma and SDDM to get a usable system for me. Other combinations have not been tested, nor has system-hardware-setup. I’ll probably maintain it for a while and if I have time and energy it’ll be tried with nVidia (those work quite well on FreeBSD) and AMD (not so much, in my experience) graphics cards when I shuffle some machines around.
17763 Here is the script in my GitHub repository with notes-for-myself. (https://raw.githubusercontent.com/adriaandegroot/FreeBSDTools/master/bin/instant-workstation)
17764 New Servers, new Tech (https://www.dragonflydigest.com/2019/08/26/23396.html)
17765 Following up on an earlier post, the new servers for DragonFly are in place. The old 40-core machine used for bulk build, monster, is being retired. The power efficiency of the new machines is startling. Incidentally, this is where donations go – infrastructure.
17766 New servers in the colo, monster is being retired (http://lists.dragonflybsd.org/pipermail/users/2019-August/358271.html)
17767 We have three new servers in the colo now that will be taking most/all bulk package building duties from monster and the two blades (muscles and pkgbox64) that previously did the work. Monster will be retired. The new servers are a dual-socket Xeon (sting) and two 3900X based systems (thor and loki) which all together burn only around half the wattage that monster burned (500W vs 1000W) and 3 times the performance. That's at least a 6:1 improvement in performance efficiency.
17768 With SSD prices down significantly the new machines have all-SSDs. These new machines allow us to build dports binary packages for release, master, and staged at the same time and reduces the full-on bulk build times for getting all three done down from 2 weeks to 2 days. It will allow us to more promptly synchronize updates to ports with dports and get binary packages up sooner.
17769 Monster, our venerable 48-core quad-socket opteron is being retired. This was a wonderful dev machine for working on DragonFly's SMP algorithms over the last 6+ years precisely because its inter-core and inter-socket latencies were quite high. If a SMP algorithm wasn't spot-on, you could feel it. Over the years DragonFly's performance on monster in doing things like bulk builds increased radically as the SMP algorithms got better and the cores became more and more localized. This kept monster relevant far longer than I thought it would be.
17770 But we are at a point now where improvements in efficiency are just too good to ignore. Monster's quad-socket opteron (4 x 12 core 6168's) pulls 1000W under full load while a single Ryzen 3900X (12 core / 24 thread) in a server configuration pulls only 150W, and is slightly faster on the same workload to boot.
17771 I would like to thank everyone's generous donations over the last few years! We burned a few thousand on the new machines (as well as the major SSD upgrades we did to the blades) and made very good use of the money, particularly this year as prices for all major components (RAM, SSDs, CPUs, Mobos, etc) have dropped significantly.
17772 Experimenting with streaming setups on NetBSD (https://dressupgeekout.blogspot.com/2019/08/experimenting-with-streaming-setups-on.html?m=1)
17773 Ever since OBS was successfully ported to NetBSD, I’ve been trying it out, seeing what works and what doesn’t. I’ve only just gotten started, and there’ll definitely be a lot of tweaking going forward.
17774 Capturing a specific application’s windows seems to work okay. Capturing an entire display works, too. I actually haven’t tried streaming to Twitch or YouTube yet, but in a previous experiment a few weeks ago, I was able to run a FFmpeg command line and that could stream to Twitch mostly OK.
17775 My laptop combined with my external monitor allows me to have a dual-monitor setup wherein the smaller laptop screen can be my “broadcasting station” while the bigger screen is where all the action takes place. I can make OBS visible on all Xfce workspaces, but keep it tucked away on that display only. Altogether, the setup should let me use the big screen for the fun stuff but I can still monitor everything in the small screen.
17776 NetBSD Made Progress Thanks To GSoC In Its March Towards Steam Support (https://www.phoronix.com/scan.php?page=news_item&px=NetBSD-Linux-DRM-Ioctl-GSoC2019)
17777 Ultimately the goal is to get Valve's Steam client running on NetBSD using their Linux compatibility layer while the focus the past few months with Google Summer of Code 2019 were supporting the necessary DRM ioctls for allowing Linux software running on NetBSD to be able to tap accelerated graphics support.
17778 Student developer Surya P spent the summer working on compat_netbsd32 DRM interfaces to allow Direct Rendering Manager using applications running under their Linux compatibility layer.
17779 These interfaces have been tested and working as well as updating the "suse131" packages in NetBSD to make use of those interfaces. So the necessary interfaces are now in place for Linux software running on NetBSD to be able to use accelerated graphics though Steam itself isn't yet running on NetBSD with this layer.
17780 Those curious about this DRM ioctl GSoC project can learn more from the NetBSD blog (https://blog.netbsd.org/tnf/entry/gsoc_2019_report_implementation_of). NetBSD has also been seeing work this summer on Wayland support and better Wine support to ultimately make this BSD a better desktop operating system and potentially a comparable gaming platform to Linux.
17781 Beastie Bits
17782 FreeBSD in Wellington? (https://twitter.com/MengTangmu/status/1163265206660694016)
17783 FreeBSD on GFE (https://twitter.com/onewilshire/status/1163792878642114560)
17784 Clarification (https://twitter.com/onewilshire/status/1166323112620826624)
17785 Distrotest.net now with BSDs (https://distrotest.net/)
17786 Lecture: Anykernels meet fuzzing NetBSD (https://fahrplan.events.ccc.de/camp/2019/Fahrplan/events/10334.html)
17787 Sun Microsystems business plan from 1982 [pdf] (https://www.khoslaventures.com/wp-content/uploads/SunMicrosystem_bus_plan.pdf)
17788 Feedback/Questions
17789 Alan - Questions (http://dpaste.com/1Z8EGTW)
17790 Rodriguez - Feedback and a question (http://dpaste.com/2PZFP4X#wrap)
17791 Jeff - OpenZFS follow-up, FreeBSD Adventures (http://dpaste.com/02ZM6YE#wrap)
17792 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
17793 <video controls preload="metadata" style=" width:426px; height:240px;">
17794 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0314.mp4" type="video/mp4">
17795 Your browser does not support the HTML5 video tag.
17796 </video>
17797 </description>
17798 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, virtual memory, swap, swap space, VM, dsynth, workstation, servers, streaming, steam, gsoc</itunes:keywords>
17799 <content:encoded>
17800 <![CDATA[<p>Unix virtual memory when you have no swap space, Dsynth details on Dragonfly, Instant Workstation on FreeBSD, new servers new tech, Experimenting with streaming setups on NetBSD, NetBSD’s progress towards Steam support thanks to GSoC, and more.</p>
17801
17802 <h2>Headlines</h2>
17803
17804 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/unix/NoSwapConsequence" rel="nofollow">What has to happen with Unix virtual memory when you have no swap space</a></h3>
17805
17806 <blockquote>
17807 <p>Recently, Artem S. Tashkinov wrote on the Linux kernel mailing list about a Linux problem under memory pressure (via, and threaded here). The specific reproduction instructions involved having low RAM, turning off swap space, and then putting the system under load, and when that happened (emphasis mine):</p>
17808
17809 <p>Once you hit a situation when opening a new tab requires more RAM than is currently available, the system will stall hard. You will barely be able to move the mouse pointer. Your disk LED will be flashing incessantly (I'm not entirely sure why). [...]</p>
17810
17811 <p>I'm afraid I have bad news for the people snickering at Linux here; if you're running without swap space, you can probably get any Unix to behave this way under memory pressure. If you can't on your particular Unix, I'd actually say that your Unix is probably not letting you get full use out of your RAM.</p>
17812
17813 <p>To simplify a bit, we can divide pages of user memory up into anonymous pages and file-backed pages. File-backed pages are what they sound like; they come from some specific file on the filesystem that they can be written out to (if they're dirty) or read back in from. Anonymous pages are not backed by a file, so the only place they can be written out to and read back in from is swap space. Anonymous pages mostly come from dynamic memory allocations and from modifying the program's global variables and data; file backed pages come mostly from mapping files into memory with mmap() and also, crucially, from the code and read-only data of the program.</p>
17814 </blockquote>
17815
17816 <ul>
17817 <li>See link for the rest of the article</li>
17818 </ul>
17819
17820 <hr>
17821
17822 <h3><a href="https://www.dragonflydigest.com/2019/08/27/23398.html" rel="nofollow">Dsynth details on Dragonfly</a></h3>
17823
17824 <blockquote>
17825 <p>First, history: DragonFly has had binaries of dports available for download for quite some time. These were originally built using poudriere, and then using the synth tool put together by John Marino. Synth worked both to build all software in dports, and as a way to test DragonFly’s SMP capability under extreme load.</p>
17826
17827 <p>Matthew Dillon is working on a new version, called dsynth. It is available now but not yet part of the build. He’s been working quickly on it and there’s plenty more commits than what I have linked here. It’s already led to finding more high-load fixes.</p>
17828 </blockquote>
17829
17830 <ul>
17831 <li>dsynth</li>
17832 </ul>
17833
17834 <blockquote>
17835 <p>DSynth is basically synth written in C, from scratch. It is designed to give us a bulk builder in base and be friendly to porting and jails down the line (for now its uses chroot's).</p>
17836
17837 <p>The original synth was written by John R. Marino and its basic flow was used in writing this program, but as it was written in ada no code was directly copied.</p>
17838
17839 <ul>
17840 <li><p>The intent is to make dsynth compatible with synth's configuration files and directory structure.</p></li>
17841 <li><p>This is a work in progress and not yet ready for prime-time. Pushing so we can get some more eyeballs. Most of the directives do not yet work (everything, and build works, and 'cleanup' can be used to clean up any dangling mounts).</p></li>
17842 </ul>
17843 </blockquote>
17844
17845 <ul>
17846 <li><a href="https://gitweb.dragonflybsd.org/dragonfly.git/blob/HEAD:/usr.bin/dsynth/dsynth.1" rel="nofollow">dsynth code</a></li>
17847 </ul>
17848
17849 <hr>
17850
17851 <h2>News Roundup</h2>
17852
17853 <h3><a href="https://euroquis.nl/freebsd/2019/08/12/instant-workstation.html" rel="nofollow">Instant Workstation</a></h3>
17854
17855 <blockquote>
17856 <p>Some considerable time ago I wrote up instructions on how to set up a FreeBSD machine with the latest KDE Plasma Desktop. Those instructions, while fairly short (set up X, install the KDE meta-port, .. and that’s it) are a bit fiddly.</p>
17857
17858 <p>So – prompted slightly by a Twitter exchange recently – I’ve started a mini-sub-project to script the installation of a desktop environment and the bits needed to support it. To give it at least a modicum of UI, dialog(1) is used to ask for an environment to install and a display manager.</p>
17859
17860 <p>The tricky bits – pointed out to me after I started – are hardware support, although a best-effort is better than having nothing, I think.</p>
17861
17862 <p>In any case, in a VBox host it’s now down to running a single script and picking Plasma and SDDM to get a usable system for me. Other combinations have not been tested, nor has system-hardware-setup. I’ll probably maintain it for a while and if I have time and energy it’ll be tried with nVidia (those work quite well on FreeBSD) and AMD (not so much, in my experience) graphics cards when I shuffle some machines around.</p>
17863 </blockquote>
17864
17865 <ul>
17866 <li><a href="https://raw.githubusercontent.com/adriaandegroot/FreeBSDTools/master/bin/instant-workstation" rel="nofollow">Here is the script in my GitHub repository with notes-for-myself.</a></li>
17867 </ul>
17868
17869 <hr>
17870
17871 <h3><a href="https://www.dragonflydigest.com/2019/08/26/23396.html" rel="nofollow">New Servers, new Tech</a></h3>
17872
17873 <blockquote>
17874 <p>Following up on an earlier post, the new servers for DragonFly are in place. The old 40-core machine used for bulk build, monster, is being retired. The power efficiency of the new machines is startling. Incidentally, this is where donations go – infrastructure.</p>
17875 </blockquote>
17876
17877 <ul>
17878 <li><a href="http://lists.dragonflybsd.org/pipermail/users/2019-August/358271.html" rel="nofollow">New servers in the colo, monster is being retired</a></li>
17879 </ul>
17880
17881 <blockquote>
17882 <p>We have three new servers in the colo now that will be taking most/all bulk package building duties from monster and the two blades (muscles and pkgbox64) that previously did the work. Monster will be retired. The new servers are a dual-socket Xeon (sting) and two 3900X based systems (thor and loki) which all together burn only around half the wattage that monster burned (500W vs 1000W) and 3 times the performance. That's at least a 6:1 improvement in performance efficiency.</p>
17883
17884 <p>With SSD prices down significantly the new machines have all-SSDs. These new machines allow us to build dports binary packages for release, master, and staged at the same time and reduces the full-on bulk build times for getting all three done down from 2 weeks to 2 days. It will allow us to more promptly synchronize updates to ports with dports and get binary packages up sooner.</p>
17885
17886 <p>Monster, our venerable 48-core quad-socket opteron is being retired. This was a wonderful dev machine for working on DragonFly's SMP algorithms over the last 6+ years precisely because its inter-core and inter-socket latencies were quite high. If a SMP algorithm wasn't spot-on, you could feel it. Over the years DragonFly's performance on monster in doing things like bulk builds increased radically as the SMP algorithms got better and the cores became more and more localized. This kept monster relevant far longer than I thought it would be.</p>
17887
17888 <p>But we are at a point now where improvements in efficiency are just too good to ignore. Monster's quad-socket opteron (4 x 12 core 6168's) pulls 1000W under full load while a single Ryzen 3900X (12 core / 24 thread) in a server configuration pulls only 150W, and is slightly faster on the same workload to boot.</p>
17889
17890 <p>I would like to thank everyone's generous donations over the last few years! We burned a few thousand on the new machines (as well as the major SSD upgrades we did to the blades) and made very good use of the money, particularly this year as prices for all major components (RAM, SSDs, CPUs, Mobos, etc) have dropped significantly.</p>
17891 </blockquote>
17892
17893 <hr>
17894
17895 <h3><a href="https://dressupgeekout.blogspot.com/2019/08/experimenting-with-streaming-setups-on.html?m=1" rel="nofollow">Experimenting with streaming setups on NetBSD</a></h3>
17896
17897 <blockquote>
17898 <p>Ever since OBS was successfully ported to NetBSD, I’ve been trying it out, seeing what works and what doesn’t. I’ve only just gotten started, and there’ll definitely be a lot of tweaking going forward.</p>
17899
17900 <p>Capturing a specific application’s windows seems to work okay. Capturing an entire display works, too. I actually haven’t tried streaming to Twitch or YouTube yet, but in a previous experiment a few weeks ago, I was able to run a FFmpeg command line and that could stream to Twitch mostly OK.</p>
17901
17902 <p>My laptop combined with my external monitor allows me to have a dual-monitor setup wherein the smaller laptop screen can be my “broadcasting station” while the bigger screen is where all the action takes place. I can make OBS visible on all Xfce workspaces, but keep it tucked away on that display only. Altogether, the setup should let me use the big screen for the fun stuff but I can still monitor everything in the small screen.</p>
17903 </blockquote>
17904
17905 <hr>
17906
17907 <h3><a href="https://www.phoronix.com/scan.php?page=news_item&px=NetBSD-Linux-DRM-Ioctl-GSoC2019" rel="nofollow">NetBSD Made Progress Thanks To GSoC In Its March Towards Steam Support</a></h3>
17908
17909 <blockquote>
17910 <p>Ultimately the goal is to get Valve's Steam client running on NetBSD using their Linux compatibility layer while the focus the past few months with Google Summer of Code 2019 were supporting the necessary DRM ioctls for allowing Linux software running on NetBSD to be able to tap accelerated graphics support.</p>
17911
17912 <p>Student developer Surya P spent the summer working on compat_netbsd32 DRM interfaces to allow Direct Rendering Manager using applications running under their Linux compatibility layer.</p>
17913
17914 <p>These interfaces have been tested and working as well as updating the "suse131" packages in NetBSD to make use of those interfaces. So the necessary interfaces are now in place for Linux software running on NetBSD to be able to use accelerated graphics though Steam itself isn't yet running on NetBSD with this layer.</p>
17915
17916 <p>Those curious about this DRM ioctl GSoC project can learn more from <a href="https://blog.netbsd.org/tnf/entry/gsoc_2019_report_implementation_of" rel="nofollow">the NetBSD blog</a>. NetBSD has also been seeing work this summer on Wayland support and better Wine support to ultimately make this BSD a better desktop operating system and potentially a comparable gaming platform to Linux.</p>
17917 </blockquote>
17918
17919 <hr>
17920
17921 <h2>Beastie Bits</h2>
17922
17923 <ul>
17924 <li><a href="https://twitter.com/MengTangmu/status/1163265206660694016" rel="nofollow">FreeBSD in Wellington?</a></li>
17925 <li><a href="https://twitter.com/onewilshire/status/1163792878642114560" rel="nofollow">FreeBSD on GFE</a></li>
17926 <li><a href="https://twitter.com/onewilshire/status/1166323112620826624" rel="nofollow">Clarification</a> </li>
17927 <li><a href="https://distrotest.net/" rel="nofollow">Distrotest.net now with BSDs</a></li>
17928 <li><a href="https://fahrplan.events.ccc.de/camp/2019/Fahrplan/events/10334.html" rel="nofollow">Lecture: Anykernels meet fuzzing NetBSD</a></li>
17929 <li><a href="https://www.khoslaventures.com/wp-content/uploads/SunMicrosystem_bus_plan.pdf" rel="nofollow">Sun Microsystems business plan from 1982 [pdf]</a></li>
17930 </ul>
17931
17932 <hr>
17933
17934 <h2>Feedback/Questions</h2>
17935
17936 <ul>
17937 <li>Alan - <a href="http://dpaste.com/1Z8EGTW" rel="nofollow">Questions</a></li>
17938 <li>Rodriguez - <a href="http://dpaste.com/2PZFP4X#wrap" rel="nofollow">Feedback and a question</a></li>
17939 <li>Jeff - <a href="http://dpaste.com/02ZM6YE#wrap" rel="nofollow">OpenZFS follow-up, FreeBSD Adventures</a></li>
17940 </ul>
17941
17942 <hr>
17943
17944 <ul>
17945 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
17946 </ul>
17947
17948 <hr>
17949
17950 <video controls preload="metadata" style=" width:426px; height:240px;">
17951 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0314.mp4" type="video/mp4">
17952 Your browser does not support the HTML5 video tag.
17953 </video>]]>
17954 </content:encoded>
17955 <itunes:summary>
17956 <![CDATA[<p>Unix virtual memory when you have no swap space, Dsynth details on Dragonfly, Instant Workstation on FreeBSD, new servers new tech, Experimenting with streaming setups on NetBSD, NetBSD’s progress towards Steam support thanks to GSoC, and more.</p>
17957
17958 <h2>Headlines</h2>
17959
17960 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/unix/NoSwapConsequence" rel="nofollow">What has to happen with Unix virtual memory when you have no swap space</a></h3>
17961
17962 <blockquote>
17963 <p>Recently, Artem S. Tashkinov wrote on the Linux kernel mailing list about a Linux problem under memory pressure (via, and threaded here). The specific reproduction instructions involved having low RAM, turning off swap space, and then putting the system under load, and when that happened (emphasis mine):</p>
17964
17965 <p>Once you hit a situation when opening a new tab requires more RAM than is currently available, the system will stall hard. You will barely be able to move the mouse pointer. Your disk LED will be flashing incessantly (I'm not entirely sure why). [...]</p>
17966
17967 <p>I'm afraid I have bad news for the people snickering at Linux here; if you're running without swap space, you can probably get any Unix to behave this way under memory pressure. If you can't on your particular Unix, I'd actually say that your Unix is probably not letting you get full use out of your RAM.</p>
17968
17969 <p>To simplify a bit, we can divide pages of user memory up into anonymous pages and file-backed pages. File-backed pages are what they sound like; they come from some specific file on the filesystem that they can be written out to (if they're dirty) or read back in from. Anonymous pages are not backed by a file, so the only place they can be written out to and read back in from is swap space. Anonymous pages mostly come from dynamic memory allocations and from modifying the program's global variables and data; file backed pages come mostly from mapping files into memory with mmap() and also, crucially, from the code and read-only data of the program.</p>
17970 </blockquote>
17971
17972 <ul>
17973 <li>See link for the rest of the article</li>
17974 </ul>
17975
17976 <hr>
17977
17978 <h3><a href="https://www.dragonflydigest.com/2019/08/27/23398.html" rel="nofollow">Dsynth details on Dragonfly</a></h3>
17979
17980 <blockquote>
17981 <p>First, history: DragonFly has had binaries of dports available for download for quite some time. These were originally built using poudriere, and then using the synth tool put together by John Marino. Synth worked both to build all software in dports, and as a way to test DragonFly’s SMP capability under extreme load.</p>
17982
17983 <p>Matthew Dillon is working on a new version, called dsynth. It is available now but not yet part of the build. He’s been working quickly on it and there’s plenty more commits than what I have linked here. It’s already led to finding more high-load fixes.</p>
17984 </blockquote>
17985
17986 <ul>
17987 <li>dsynth</li>
17988 </ul>
17989
17990 <blockquote>
17991 <p>DSynth is basically synth written in C, from scratch. It is designed to give us a bulk builder in base and be friendly to porting and jails down the line (for now its uses chroot's).</p>
17992
17993 <p>The original synth was written by John R. Marino and its basic flow was used in writing this program, but as it was written in ada no code was directly copied.</p>
17994
17995 <ul>
17996 <li><p>The intent is to make dsynth compatible with synth's configuration files and directory structure.</p></li>
17997 <li><p>This is a work in progress and not yet ready for prime-time. Pushing so we can get some more eyeballs. Most of the directives do not yet work (everything, and build works, and 'cleanup' can be used to clean up any dangling mounts).</p></li>
17998 </ul>
17999 </blockquote>
18000
18001 <ul>
18002 <li><a href="https://gitweb.dragonflybsd.org/dragonfly.git/blob/HEAD:/usr.bin/dsynth/dsynth.1" rel="nofollow">dsynth code</a></li>
18003 </ul>
18004
18005 <hr>
18006
18007 <h2>News Roundup</h2>
18008
18009 <h3><a href="https://euroquis.nl/freebsd/2019/08/12/instant-workstation.html" rel="nofollow">Instant Workstation</a></h3>
18010
18011 <blockquote>
18012 <p>Some considerable time ago I wrote up instructions on how to set up a FreeBSD machine with the latest KDE Plasma Desktop. Those instructions, while fairly short (set up X, install the KDE meta-port, .. and that’s it) are a bit fiddly.</p>
18013
18014 <p>So – prompted slightly by a Twitter exchange recently – I’ve started a mini-sub-project to script the installation of a desktop environment and the bits needed to support it. To give it at least a modicum of UI, dialog(1) is used to ask for an environment to install and a display manager.</p>
18015
18016 <p>The tricky bits – pointed out to me after I started – are hardware support, although a best-effort is better than having nothing, I think.</p>
18017
18018 <p>In any case, in a VBox host it’s now down to running a single script and picking Plasma and SDDM to get a usable system for me. Other combinations have not been tested, nor has system-hardware-setup. I’ll probably maintain it for a while and if I have time and energy it’ll be tried with nVidia (those work quite well on FreeBSD) and AMD (not so much, in my experience) graphics cards when I shuffle some machines around.</p>
18019 </blockquote>
18020
18021 <ul>
18022 <li><a href="https://raw.githubusercontent.com/adriaandegroot/FreeBSDTools/master/bin/instant-workstation" rel="nofollow">Here is the script in my GitHub repository with notes-for-myself.</a></li>
18023 </ul>
18024
18025 <hr>
18026
18027 <h3><a href="https://www.dragonflydigest.com/2019/08/26/23396.html" rel="nofollow">New Servers, new Tech</a></h3>
18028
18029 <blockquote>
18030 <p>Following up on an earlier post, the new servers for DragonFly are in place. The old 40-core machine used for bulk build, monster, is being retired. The power efficiency of the new machines is startling. Incidentally, this is where donations go – infrastructure.</p>
18031 </blockquote>
18032
18033 <ul>
18034 <li><a href="http://lists.dragonflybsd.org/pipermail/users/2019-August/358271.html" rel="nofollow">New servers in the colo, monster is being retired</a></li>
18035 </ul>
18036
18037 <blockquote>
18038 <p>We have three new servers in the colo now that will be taking most/all bulk package building duties from monster and the two blades (muscles and pkgbox64) that previously did the work. Monster will be retired. The new servers are a dual-socket Xeon (sting) and two 3900X based systems (thor and loki) which all together burn only around half the wattage that monster burned (500W vs 1000W) and 3 times the performance. That's at least a 6:1 improvement in performance efficiency.</p>
18039
18040 <p>With SSD prices down significantly the new machines have all-SSDs. These new machines allow us to build dports binary packages for release, master, and staged at the same time and reduces the full-on bulk build times for getting all three done down from 2 weeks to 2 days. It will allow us to more promptly synchronize updates to ports with dports and get binary packages up sooner.</p>
18041
18042 <p>Monster, our venerable 48-core quad-socket opteron is being retired. This was a wonderful dev machine for working on DragonFly's SMP algorithms over the last 6+ years precisely because its inter-core and inter-socket latencies were quite high. If a SMP algorithm wasn't spot-on, you could feel it. Over the years DragonFly's performance on monster in doing things like bulk builds increased radically as the SMP algorithms got better and the cores became more and more localized. This kept monster relevant far longer than I thought it would be.</p>
18043
18044 <p>But we are at a point now where improvements in efficiency are just too good to ignore. Monster's quad-socket opteron (4 x 12 core 6168's) pulls 1000W under full load while a single Ryzen 3900X (12 core / 24 thread) in a server configuration pulls only 150W, and is slightly faster on the same workload to boot.</p>
18045
18046 <p>I would like to thank everyone's generous donations over the last few years! We burned a few thousand on the new machines (as well as the major SSD upgrades we did to the blades) and made very good use of the money, particularly this year as prices for all major components (RAM, SSDs, CPUs, Mobos, etc) have dropped significantly.</p>
18047 </blockquote>
18048
18049 <hr>
18050
18051 <h3><a href="https://dressupgeekout.blogspot.com/2019/08/experimenting-with-streaming-setups-on.html?m=1" rel="nofollow">Experimenting with streaming setups on NetBSD</a></h3>
18052
18053 <blockquote>
18054 <p>Ever since OBS was successfully ported to NetBSD, I’ve been trying it out, seeing what works and what doesn’t. I’ve only just gotten started, and there’ll definitely be a lot of tweaking going forward.</p>
18055
18056 <p>Capturing a specific application’s windows seems to work okay. Capturing an entire display works, too. I actually haven’t tried streaming to Twitch or YouTube yet, but in a previous experiment a few weeks ago, I was able to run a FFmpeg command line and that could stream to Twitch mostly OK.</p>
18057
18058 <p>My laptop combined with my external monitor allows me to have a dual-monitor setup wherein the smaller laptop screen can be my “broadcasting station” while the bigger screen is where all the action takes place. I can make OBS visible on all Xfce workspaces, but keep it tucked away on that display only. Altogether, the setup should let me use the big screen for the fun stuff but I can still monitor everything in the small screen.</p>
18059 </blockquote>
18060
18061 <hr>
18062
18063 <h3><a href="https://www.phoronix.com/scan.php?page=news_item&px=NetBSD-Linux-DRM-Ioctl-GSoC2019" rel="nofollow">NetBSD Made Progress Thanks To GSoC In Its March Towards Steam Support</a></h3>
18064
18065 <blockquote>
18066 <p>Ultimately the goal is to get Valve's Steam client running on NetBSD using their Linux compatibility layer while the focus the past few months with Google Summer of Code 2019 were supporting the necessary DRM ioctls for allowing Linux software running on NetBSD to be able to tap accelerated graphics support.</p>
18067
18068 <p>Student developer Surya P spent the summer working on compat_netbsd32 DRM interfaces to allow Direct Rendering Manager using applications running under their Linux compatibility layer.</p>
18069
18070 <p>These interfaces have been tested and working as well as updating the "suse131" packages in NetBSD to make use of those interfaces. So the necessary interfaces are now in place for Linux software running on NetBSD to be able to use accelerated graphics though Steam itself isn't yet running on NetBSD with this layer.</p>
18071
18072 <p>Those curious about this DRM ioctl GSoC project can learn more from <a href="https://blog.netbsd.org/tnf/entry/gsoc_2019_report_implementation_of" rel="nofollow">the NetBSD blog</a>. NetBSD has also been seeing work this summer on Wayland support and better Wine support to ultimately make this BSD a better desktop operating system and potentially a comparable gaming platform to Linux.</p>
18073 </blockquote>
18074
18075 <hr>
18076
18077 <h2>Beastie Bits</h2>
18078
18079 <ul>
18080 <li><a href="https://twitter.com/MengTangmu/status/1163265206660694016" rel="nofollow">FreeBSD in Wellington?</a></li>
18081 <li><a href="https://twitter.com/onewilshire/status/1163792878642114560" rel="nofollow">FreeBSD on GFE</a></li>
18082 <li><a href="https://twitter.com/onewilshire/status/1166323112620826624" rel="nofollow">Clarification</a> </li>
18083 <li><a href="https://distrotest.net/" rel="nofollow">Distrotest.net now with BSDs</a></li>
18084 <li><a href="https://fahrplan.events.ccc.de/camp/2019/Fahrplan/events/10334.html" rel="nofollow">Lecture: Anykernels meet fuzzing NetBSD</a></li>
18085 <li><a href="https://www.khoslaventures.com/wp-content/uploads/SunMicrosystem_bus_plan.pdf" rel="nofollow">Sun Microsystems business plan from 1982 [pdf]</a></li>
18086 </ul>
18087
18088 <hr>
18089
18090 <h2>Feedback/Questions</h2>
18091
18092 <ul>
18093 <li>Alan - <a href="http://dpaste.com/1Z8EGTW" rel="nofollow">Questions</a></li>
18094 <li>Rodriguez - <a href="http://dpaste.com/2PZFP4X#wrap" rel="nofollow">Feedback and a question</a></li>
18095 <li>Jeff - <a href="http://dpaste.com/02ZM6YE#wrap" rel="nofollow">OpenZFS follow-up, FreeBSD Adventures</a></li>
18096 </ul>
18097
18098 <hr>
18099
18100 <ul>
18101 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
18102 </ul>
18103
18104 <hr>
18105
18106 <video controls preload="metadata" style=" width:426px; height:240px;">
18107 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0314.mp4" type="video/mp4">
18108 Your browser does not support the HTML5 video tag.
18109 </video>]]>
18110 </itunes:summary>
18111 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+0q7RTYhx</fireside:playerURL>
18112 <fireside:playerEmbedCode>
18113 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+0q7RTYhx" width="740" height="200" frameborder="0" scrolling="no">]]>
18114 </fireside:playerEmbedCode>
18115 </item>
18116 <item>
18117 <title>313: In-Kernel TLS</title>
18118 <link>https://www.bsdnow.tv/313</link>
18119 <guid isPermaLink="false">15bbd7ef-a3c7-4996-9751-d37aa7b5a255</guid>
18120 <pubDate>Wed, 28 Aug 2019 21:30:00 -0700</pubDate>
18121 <author>Allan Jude</author>
18122 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/15bbd7ef-a3c7-4996-9751-d37aa7b5a255.mp3" length="39745015" type="audio/mp3"/>
18123 <itunes:episodeType>full</itunes:episodeType>
18124 <itunes:author>Allan Jude</itunes:author>
18125 <itunes:subtitle>OpenBSD on 7th gen Thinkpad X1 Carbon, how to install FreeBSD on a MacBook, Kernel portion of in-kernel TLS (KTLS), Boot Environments on DragonflyBSD, Project Trident Updates, vBSDcon schedule, and more.</itunes:subtitle>
18126 <itunes:duration>55:12</itunes:duration>
18127 <itunes:explicit>no</itunes:explicit>
18128 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
18129 <description>OpenBSD on 7th gen Thinkpad X1 Carbon, how to install FreeBSD on a MacBook, Kernel portion of in-kernel TLS (KTLS), Boot Environments on DragonflyBSD, Project Trident Updates, vBSDcon schedule, and more.
18130 Headlines
18131 OpenBSD on the Thinkpad X1 Carbon 7th Gen (https://jcs.org/2019/08/14/x1c7)
18132 Another year, another ThinkPad X1 Carbon, this time with a Dolby Atmos sound system and a smaller battery.
18133 The seventh generation X1 Carbon isn't much different than the fifth and sixth generations. I opted for the non-vPro Core i5-8265U, 16Gb of RAM, a 512Gb NVMe SSD, and a matte non-touch WQHD display at ~300 nits. A brighter 500-nit 4k display is available, though early reports indicated it severely impacts battery life.
18134 Gone are the microSD card slot on the back and 1mm of overall thickness (from 15.95mm to 14.95mm), but also 6Whr of battery (down to 51Whr) and a little bit of travel in the keyboard and TrackPoint buttons. I still very much like the feel of both of them, so kudos to Lenovo for not going too far down the Apple route of sacrificing performance and usability just for a thinner profile.
18135 On my fifth generation X1 Carbon, I used a vinyl plotter to cut out stickers to cover the webcam, "X1 Carbon" branding from the bottom of the display, the power button LED, and the "ThinkPad" branding from the lower part of the keyboard deck.
18136 See link for the rest of the article
18137 How To Install FreeBSD On A MacBook 1,1 or 2,1 (http://lexploit.com/freebsdmacbook1-1-2-1/)
18138 FreeBSD Setup For MacBook 1,1 and 2,1
18139 FreeBSD with some additional setup can be installed on a MacBook 1,1 or 2,1. This article covers how to do so with FreeBSD 10-12.
18140 Installing
18141 FreeBSD can be installed as the only OS on your MacBook if desired. What you should have is:
18142 A Mac OS X 10.4.6-10.7.5 installer. Unofficial versions modified for these MacBooks such as 10.8 also work.
18143 A blank CD or DVD to burn the FreeBSD image to. Discs simply work best with these older MacBooks.
18144 An ISO file of FreeBSD for x86. The AMD64 ISO does not boot due to the 32 bit EFI of these MacBooks.
18145 Burn the ISO file to the blank CD or DVD. Once done, make sure it's in your MacBook and then power off the MacBook. Turn it on, and hold down the c key until the FreeBSD disc boots.
18146 See link for the rest of the guide
18147 News Roundup
18148 Patch for review: Kernel portion of in-kernel TLS (KTLS) (https://svnweb.freebsd.org/base?view=revision&revision=351522)
18149 One of the projects I have been working on for the past several months in conjunction with several other folks is upstreaming work from Netflix to handle some aspects of Transport Layer Security (TLS) in the kernel. In particular, this lets a web server use sendfile() to send static content on HTTPS connections. There is a lot more detail in the review itself, so I will spare pasting a big wall of text here. However, I have posted the patch to add the kernel-side of KTLS for review at the URL below. KTLS also requires other patches to OpenSSL and nginx, but this review is only for the kernel bits. Patches and reviews for the other bits will follow later.
18150 https://reviews.freebsd.org/D21277
18151 DragonFly Boot Enviroments (https://github.com/newnix/dfbeadm)
18152 This is a tool inspired by the beadm utility for FreeBSD/Illumos systems that creates and manages ZFS boot environments. This utility in contrast is written from the ground up in C, this should provide better performance, integration, and extensibility than the POSIX sh and awk script it was inspired by. During the time this project has been worked on, beadm has been superseded by bectl on FreeBSD. After hammering out some of the outstanding internal logic issues, I might look at providing a similar interface to the command as bectl.
18153 See link for the rest of the details
18154 Project Trident Updates
18155 19.08 Available (https://project-trident.org/post/2019-08-15_19.08_available/)
18156 This is a general package update to the CURRENT release repository based upon TrueOS 19.08.
18157 Legacy boot ISO functional again
18158 This update includes the FreeBSD fixes for the “vesa” graphics driver for legacy-boot systems. The system can once again be installed on legacy-boot systems.
18159 PACKAGE CHANGES FROM 19.07-U1
18160 New Packages: 154
18161 Deleted Packages: 394
18162 Updated Packages: 4926
18163 12-U3 Available (https://project-trident.org/post/2019-08-22_stable12-u3_available/)
18164 This is the third general package update to the STABLE release repository based upon TrueOS 12-Stable.
18165 PACKAGE CHANGES FROM STABLE 12-U2
18166 New Packages: 105
18167 Deleted Packages: 386
18168 Updated Packages: 1046
18169 vBSDcon (https://www.vbsdcon.com/schedule/)
18170 vBSDcon 2019 will return to the Hyatt Regency in Reston, VA on September 5-7 2019.
18171 ***
18172 Beastie Bits
18173 The next NYCBUG meeting will be Sept 4 @ 18:45 (https://www.nycbug.org/index?action=view&id=10671)
18174 Feedback/Questions
18175 Tom - Questions (http://dpaste.com/1AXXK7G#wrap)
18176 Michael - dfbeadm (http://dpaste.com/0PNEDYT#wrap)
18177 Bostjan - Questions (http://dpaste.com/1N7T7BR#wrap)
18178 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
18179 <video controls preload="metadata" style=" width:426px; height:240px;">
18180 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0313.mp4" type="video/mp4">
18181 Your browser does not support the HTML5 video tag.
18182 </video>
18183 </description>
18184 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, thinkpad, x1 carbon, macbook, install, installation, tls, kernel tls, ktls, boot environment, project trident, vbsdcon</itunes:keywords>
18185 <content:encoded>
18186 <![CDATA[<p>OpenBSD on 7th gen Thinkpad X1 Carbon, how to install FreeBSD on a MacBook, Kernel portion of in-kernel TLS (KTLS), Boot Environments on DragonflyBSD, Project Trident Updates, vBSDcon schedule, and more.</p>
18187
18188 <h2>Headlines</h2>
18189
18190 <h3><a href="https://jcs.org/2019/08/14/x1c7" rel="nofollow">OpenBSD on the Thinkpad X1 Carbon 7th Gen</a></h3>
18191
18192 <blockquote>
18193 <p>Another year, another ThinkPad X1 Carbon, this time with a Dolby Atmos sound system and a smaller battery.<br>
18194 The seventh generation X1 Carbon isn't much different than the fifth and sixth generations. I opted for the non-vPro Core i5-8265U, 16Gb of RAM, a 512Gb NVMe SSD, and a matte non-touch WQHD display at ~300 nits. A brighter 500-nit 4k display is available, though early reports indicated it severely impacts battery life.<br>
18195 Gone are the microSD card slot on the back and 1mm of overall thickness (from 15.95mm to 14.95mm), but also 6Whr of battery (down to 51Whr) and a little bit of travel in the keyboard and TrackPoint buttons. I still very much like the feel of both of them, so kudos to Lenovo for not going too far down the Apple route of sacrificing performance and usability just for a thinner profile.<br>
18196 On my fifth generation X1 Carbon, I used a vinyl plotter to cut out stickers to cover the webcam, "X1 Carbon" branding from the bottom of the display, the power button LED, and the "ThinkPad" branding from the lower part of the keyboard deck.</p>
18197 </blockquote>
18198
18199 <ul>
18200 <li>See link for the rest of the article</li>
18201 </ul>
18202
18203 <hr>
18204
18205 <h3><a href="http://lexploit.com/freebsdmacbook1-1-2-1/" rel="nofollow">How To Install FreeBSD On A MacBook 1,1 or 2,1</a></h3>
18206
18207 <ul>
18208 <li> FreeBSD Setup For MacBook 1,1 and 2,1</li>
18209 </ul>
18210
18211 <blockquote>
18212 <p>FreeBSD with some additional setup can be installed on a MacBook 1,1 or 2,1. This article covers how to do so with FreeBSD 10-12.</p>
18213 </blockquote>
18214
18215 <ul>
18216 <li>Installing</li>
18217 </ul>
18218
18219 <blockquote>
18220 <p>FreeBSD can be installed as the only OS on your MacBook if desired. What you should have is:</p>
18221 </blockquote>
18222
18223 <ul>
18224 <li>A Mac OS X 10.4.6-10.7.5 installer. Unofficial versions modified for these MacBooks such as 10.8 also work.</li>
18225 <li>A blank CD or DVD to burn the FreeBSD image to. Discs simply work best with these older MacBooks.</li>
18226 <li>An ISO file of FreeBSD for x86. The AMD64 ISO does not boot due to the 32 bit EFI of these MacBooks.</li>
18227 <li><p>Burn the ISO file to the blank CD or DVD. Once done, make sure it's in your MacBook and then power off the MacBook. Turn it on, and hold down the c key until the FreeBSD disc boots.</p>
18228
18229 <ul>
18230 <li>See link for the rest of the guide</li>
18231 </ul></li>
18232 </ul>
18233
18234 <hr>
18235
18236 <h2>News Roundup</h2>
18237
18238 <h3><a href="https://svnweb.freebsd.org/base?view=revision&revision=351522" rel="nofollow">Patch for review: Kernel portion of in-kernel TLS (KTLS)</a></h3>
18239
18240 <blockquote>
18241 <p>One of the projects I have been working on for the past several months in conjunction with several other folks is upstreaming work from Netflix to handle some aspects of Transport Layer Security (TLS) in the kernel. In particular, this lets a web server use sendfile() to send static content on HTTPS connections. There is a lot more detail in the review itself, so I will spare pasting a big wall of text here. However, I have posted the patch to add the kernel-side of KTLS for review at the URL below. KTLS also requires other patches to OpenSSL and nginx, but this review is only for the kernel bits. Patches and reviews for the other bits will follow later.</p>
18242 </blockquote>
18243
18244 <ul>
18245 <li><a href="https://reviews.freebsd.org/D21277" rel="nofollow">https://reviews.freebsd.org/D21277</a></li>
18246 </ul>
18247
18248 <hr>
18249
18250 <h3><a href="https://github.com/newnix/dfbeadm" rel="nofollow">DragonFly Boot Enviroments</a></h3>
18251
18252 <blockquote>
18253 <p>This is a tool inspired by the beadm utility for FreeBSD/Illumos systems that creates and manages ZFS boot environments. This utility in contrast is written from the ground up in C, this should provide better performance, integration, and extensibility than the POSIX sh and awk script it was inspired by. During the time this project has been worked on, beadm has been superseded by bectl on FreeBSD. After hammering out some of the outstanding internal logic issues, I might look at providing a similar interface to the command as bectl.</p>
18254 </blockquote>
18255
18256 <ul>
18257 <li>See link for the rest of the details</li>
18258 </ul>
18259
18260 <hr>
18261
18262 <h3>Project Trident Updates</h3>
18263
18264 <ul>
18265 <li><a href="https://project-trident.org/post/2019-08-15_19.08_available/" rel="nofollow">19.08 Available</a></li>
18266 </ul>
18267
18268 <blockquote>
18269 <p>This is a general package update to the CURRENT release repository based upon TrueOS 19.08.<br>
18270 Legacy boot ISO functional again<br>
18271 This update includes the FreeBSD fixes for the “vesa” graphics driver for legacy-boot systems. The system can once again be installed on legacy-boot systems.</p>
18272 </blockquote>
18273
18274 <ul>
18275 <li><p>PACKAGE CHANGES FROM 19.07-U1</p>
18276
18277 <ul>
18278 <li>New Packages: 154</li>
18279 <li>Deleted Packages: 394</li>
18280 <li>Updated Packages: 4926</li>
18281 </ul></li>
18282 <li><p><a href="https://project-trident.org/post/2019-08-22_stable12-u3_available/" rel="nofollow">12-U3 Available</a></p></li>
18283 </ul>
18284
18285 <blockquote>
18286 <p>This is the third general package update to the STABLE release repository based upon TrueOS 12-Stable.</p>
18287 </blockquote>
18288
18289 <ul>
18290 <li>PACKAGE CHANGES FROM STABLE 12-U2
18291
18292 <ul>
18293 <li>New Packages: 105</li>
18294 <li>Deleted Packages: 386</li>
18295 <li>Updated Packages: 1046</li>
18296 </ul></li>
18297 </ul>
18298
18299 <hr>
18300
18301 <h3><a href="https://www.vbsdcon.com/schedule/" rel="nofollow">vBSDcon</a></h3>
18302
18303 <ul>
18304 <li>vBSDcon 2019 will return to the Hyatt Regency in Reston, VA on September 5-7 2019.
18305 ***</li>
18306 </ul>
18307
18308 <h2>Beastie Bits</h2>
18309
18310 <ul>
18311 <li><a href="https://www.nycbug.org/index?action=view&id=10671" rel="nofollow">The next NYCBUG meeting will be Sept 4 @ 18:45</a></li>
18312 </ul>
18313
18314 <hr>
18315
18316 <h2>Feedback/Questions</h2>
18317
18318 <ul>
18319 <li>Tom - <a href="http://dpaste.com/1AXXK7G#wrap" rel="nofollow">Questions</a></li>
18320 <li>Michael - <a href="http://dpaste.com/0PNEDYT#wrap" rel="nofollow">dfbeadm</a></li>
18321 <li>Bostjan - <a href="http://dpaste.com/1N7T7BR#wrap" rel="nofollow">Questions</a></li>
18322 </ul>
18323
18324 <hr>
18325
18326 <ul>
18327 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
18328 </ul>
18329
18330 <hr>
18331
18332 <video controls preload="metadata" style=" width:426px; height:240px;">
18333 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0313.mp4" type="video/mp4">
18334 Your browser does not support the HTML5 video tag.
18335 </video>]]>
18336 </content:encoded>
18337 <itunes:summary>
18338 <![CDATA[<p>OpenBSD on 7th gen Thinkpad X1 Carbon, how to install FreeBSD on a MacBook, Kernel portion of in-kernel TLS (KTLS), Boot Environments on DragonflyBSD, Project Trident Updates, vBSDcon schedule, and more.</p>
18339
18340 <h2>Headlines</h2>
18341
18342 <h3><a href="https://jcs.org/2019/08/14/x1c7" rel="nofollow">OpenBSD on the Thinkpad X1 Carbon 7th Gen</a></h3>
18343
18344 <blockquote>
18345 <p>Another year, another ThinkPad X1 Carbon, this time with a Dolby Atmos sound system and a smaller battery.<br>
18346 The seventh generation X1 Carbon isn't much different than the fifth and sixth generations. I opted for the non-vPro Core i5-8265U, 16Gb of RAM, a 512Gb NVMe SSD, and a matte non-touch WQHD display at ~300 nits. A brighter 500-nit 4k display is available, though early reports indicated it severely impacts battery life.<br>
18347 Gone are the microSD card slot on the back and 1mm of overall thickness (from 15.95mm to 14.95mm), but also 6Whr of battery (down to 51Whr) and a little bit of travel in the keyboard and TrackPoint buttons. I still very much like the feel of both of them, so kudos to Lenovo for not going too far down the Apple route of sacrificing performance and usability just for a thinner profile.<br>
18348 On my fifth generation X1 Carbon, I used a vinyl plotter to cut out stickers to cover the webcam, "X1 Carbon" branding from the bottom of the display, the power button LED, and the "ThinkPad" branding from the lower part of the keyboard deck.</p>
18349 </blockquote>
18350
18351 <ul>
18352 <li>See link for the rest of the article</li>
18353 </ul>
18354
18355 <hr>
18356
18357 <h3><a href="http://lexploit.com/freebsdmacbook1-1-2-1/" rel="nofollow">How To Install FreeBSD On A MacBook 1,1 or 2,1</a></h3>
18358
18359 <ul>
18360 <li> FreeBSD Setup For MacBook 1,1 and 2,1</li>
18361 </ul>
18362
18363 <blockquote>
18364 <p>FreeBSD with some additional setup can be installed on a MacBook 1,1 or 2,1. This article covers how to do so with FreeBSD 10-12.</p>
18365 </blockquote>
18366
18367 <ul>
18368 <li>Installing</li>
18369 </ul>
18370
18371 <blockquote>
18372 <p>FreeBSD can be installed as the only OS on your MacBook if desired. What you should have is:</p>
18373 </blockquote>
18374
18375 <ul>
18376 <li>A Mac OS X 10.4.6-10.7.5 installer. Unofficial versions modified for these MacBooks such as 10.8 also work.</li>
18377 <li>A blank CD or DVD to burn the FreeBSD image to. Discs simply work best with these older MacBooks.</li>
18378 <li>An ISO file of FreeBSD for x86. The AMD64 ISO does not boot due to the 32 bit EFI of these MacBooks.</li>
18379 <li><p>Burn the ISO file to the blank CD or DVD. Once done, make sure it's in your MacBook and then power off the MacBook. Turn it on, and hold down the c key until the FreeBSD disc boots.</p>
18380
18381 <ul>
18382 <li>See link for the rest of the guide</li>
18383 </ul></li>
18384 </ul>
18385
18386 <hr>
18387
18388 <h2>News Roundup</h2>
18389
18390 <h3><a href="https://svnweb.freebsd.org/base?view=revision&revision=351522" rel="nofollow">Patch for review: Kernel portion of in-kernel TLS (KTLS)</a></h3>
18391
18392 <blockquote>
18393 <p>One of the projects I have been working on for the past several months in conjunction with several other folks is upstreaming work from Netflix to handle some aspects of Transport Layer Security (TLS) in the kernel. In particular, this lets a web server use sendfile() to send static content on HTTPS connections. There is a lot more detail in the review itself, so I will spare pasting a big wall of text here. However, I have posted the patch to add the kernel-side of KTLS for review at the URL below. KTLS also requires other patches to OpenSSL and nginx, but this review is only for the kernel bits. Patches and reviews for the other bits will follow later.</p>
18394 </blockquote>
18395
18396 <ul>
18397 <li><a href="https://reviews.freebsd.org/D21277" rel="nofollow">https://reviews.freebsd.org/D21277</a></li>
18398 </ul>
18399
18400 <hr>
18401
18402 <h3><a href="https://github.com/newnix/dfbeadm" rel="nofollow">DragonFly Boot Enviroments</a></h3>
18403
18404 <blockquote>
18405 <p>This is a tool inspired by the beadm utility for FreeBSD/Illumos systems that creates and manages ZFS boot environments. This utility in contrast is written from the ground up in C, this should provide better performance, integration, and extensibility than the POSIX sh and awk script it was inspired by. During the time this project has been worked on, beadm has been superseded by bectl on FreeBSD. After hammering out some of the outstanding internal logic issues, I might look at providing a similar interface to the command as bectl.</p>
18406 </blockquote>
18407
18408 <ul>
18409 <li>See link for the rest of the details</li>
18410 </ul>
18411
18412 <hr>
18413
18414 <h3>Project Trident Updates</h3>
18415
18416 <ul>
18417 <li><a href="https://project-trident.org/post/2019-08-15_19.08_available/" rel="nofollow">19.08 Available</a></li>
18418 </ul>
18419
18420 <blockquote>
18421 <p>This is a general package update to the CURRENT release repository based upon TrueOS 19.08.<br>
18422 Legacy boot ISO functional again<br>
18423 This update includes the FreeBSD fixes for the “vesa” graphics driver for legacy-boot systems. The system can once again be installed on legacy-boot systems.</p>
18424 </blockquote>
18425
18426 <ul>
18427 <li><p>PACKAGE CHANGES FROM 19.07-U1</p>
18428
18429 <ul>
18430 <li>New Packages: 154</li>
18431 <li>Deleted Packages: 394</li>
18432 <li>Updated Packages: 4926</li>
18433 </ul></li>
18434 <li><p><a href="https://project-trident.org/post/2019-08-22_stable12-u3_available/" rel="nofollow">12-U3 Available</a></p></li>
18435 </ul>
18436
18437 <blockquote>
18438 <p>This is the third general package update to the STABLE release repository based upon TrueOS 12-Stable.</p>
18439 </blockquote>
18440
18441 <ul>
18442 <li>PACKAGE CHANGES FROM STABLE 12-U2
18443
18444 <ul>
18445 <li>New Packages: 105</li>
18446 <li>Deleted Packages: 386</li>
18447 <li>Updated Packages: 1046</li>
18448 </ul></li>
18449 </ul>
18450
18451 <hr>
18452
18453 <h3><a href="https://www.vbsdcon.com/schedule/" rel="nofollow">vBSDcon</a></h3>
18454
18455 <ul>
18456 <li>vBSDcon 2019 will return to the Hyatt Regency in Reston, VA on September 5-7 2019.
18457 ***</li>
18458 </ul>
18459
18460 <h2>Beastie Bits</h2>
18461
18462 <ul>
18463 <li><a href="https://www.nycbug.org/index?action=view&id=10671" rel="nofollow">The next NYCBUG meeting will be Sept 4 @ 18:45</a></li>
18464 </ul>
18465
18466 <hr>
18467
18468 <h2>Feedback/Questions</h2>
18469
18470 <ul>
18471 <li>Tom - <a href="http://dpaste.com/1AXXK7G#wrap" rel="nofollow">Questions</a></li>
18472 <li>Michael - <a href="http://dpaste.com/0PNEDYT#wrap" rel="nofollow">dfbeadm</a></li>
18473 <li>Bostjan - <a href="http://dpaste.com/1N7T7BR#wrap" rel="nofollow">Questions</a></li>
18474 </ul>
18475
18476 <hr>
18477
18478 <ul>
18479 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
18480 </ul>
18481
18482 <hr>
18483
18484 <video controls preload="metadata" style=" width:426px; height:240px;">
18485 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0313.mp4" type="video/mp4">
18486 Your browser does not support the HTML5 video tag.
18487 </video>]]>
18488 </itunes:summary>
18489 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+VILFdysu</fireside:playerURL>
18490 <fireside:playerEmbedCode>
18491 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+VILFdysu" width="740" height="200" frameborder="0" scrolling="no">]]>
18492 </fireside:playerEmbedCode>
18493 </item>
18494 <item>
18495 <title>312: Why Package Managers</title>
18496 <link>https://www.bsdnow.tv/312</link>
18497 <guid isPermaLink="false">6dfbd978-c8a2-45c6-a49a-3a4937d83c69</guid>
18498 <pubDate>Wed, 21 Aug 2019 20:00:00 -0700</pubDate>
18499 <author>Allan Jude</author>
18500 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/6dfbd978-c8a2-45c6-a49a-3a4937d83c69.mp3" length="51882863" type="audio/mp3"/>
18501 <itunes:episodeType>full</itunes:episodeType>
18502 <itunes:author>Allan Jude</itunes:author>
18503 <itunes:subtitle>The UNIX Philosophy in 2019, why use package managers, touchpad interrupted, Porting wine to amd64 on NetBSD second evaluation report, Enhancing Syzkaller Support for NetBSD, all about the Pinebook Pro, killing a process and all of its descendants, fast software the best software, and more.</itunes:subtitle>
18504 <itunes:duration>1:12:03</itunes:duration>
18505 <itunes:explicit>no</itunes:explicit>
18506 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
18507 <description>The UNIX Philosophy in 2019, why use package managers, touchpad interrupted, Porting wine to amd64 on NetBSD second evaluation report, Enhancing Syzkaller Support for NetBSD, all about the Pinebook Pro, killing a process and all of its descendants, fast software the best software, and more.
18508 Headlines
18509 The UNIX Philosophy in 2019 (https://triosdevelopers.com/jason.eckert/blog/Entries/2019/6/1_Entry_1.html)
18510 Today, Linux and open source rules the world, and the UNIX philosophy is widely considered compulsory. Organizations are striving to build small, focused applications that work collaboratively in a cloud and microservices environment. We rely on the network, as well as HTTP (text) APIs for storing and referencing data. Moreover, nearly all configuration is stored and communicated using text (e.g. YAML, JSON or XML). And while the UNIX philosophy has changed dramatically over the past 5 decades, it hasn’t strayed too far from Ken Thompson’s original definition in 1973:
18511 We write programs that do one thing and do it well
18512 We write programs to work together
18513 And we write programs that handle text streams, because that is a universal interface
18514 Why Use Package Managers? (https://uwm.edu/hpc/software-management/)
18515 Valuable research is often hindered or outright prevented by the inability to install software. This need not be the case.
18516 Since I began supporting research computing in 1999, I’ve frequently seen researchers struggle for days or weeks trying to install a single open source application. In most cases, they ultimately failed.
18517 In many cases, they could have easily installed the software in seconds with one simple command, using a package manager such as Debian packages, FreeBSD ports, MacPorts, or Pkgsrc, just to name a few.
18518 Developer websites often contain poorly written instructions for doing “caveman installs”; manually downloading, unpacking, patching, and building the software. The same laborious process must often be followed for other software packages on which it depends, which can sometimes number in the dozens. Many researchers are simply unaware that there are easier ways to install the software they need. Caveman installs are a colossal waste of man-hours. If 1000 people around the globe spend an average of 20 hours each trying to install the same program that could have been installed with a package manager (this is not uncommon), then 20,000 man-hours have been lost that could have gone toward science. How many important discoveries are delayed by this?
18519 The elite research institutions have ample funding and dozens of IT staff dedicated to research computing. They can churn out publications even if their operation is inefficient. Most institutions, however, have few or no IT staff dedicated to research, and cannot afford to squander precious man-hours on temporary, one-off software installs. The wise approach for those of us in that situation is to collaborate on making software deployment easier for everyone. If we do so, then even the smallest research groups can leverage that work to be more productive and make more frequent contributions to science.
18520 Fortunately, the vast majority of open source software installs can be made trivial for anyone to do for themselves. Modern package managers perform all the same steps as a caveman install, but automatically. Package managers also install dependencies for us automatically.
18521 News Roundup
18522 Touchpad, Interrupted (https://jcs.org/2019/07/28/ihidev)
18523 For two years I've been driving myself crazy trying to figure out the source of a driver problem on OpenBSD: interrupts never arrived for certain touchpad devices. A couple weeks ago, I put out a public plea asking for help in case any non-OpenBSD developers recognized the problem, but while debugging an unrelated issue over the weekend, I finally solved it.
18524 It's been a long journey and it's a technical tale, but here it is.
18525 Porting wine to amd64 on NetBSD, second evaluation report (https://blog.netbsd.org/tnf/entry/porting_wine_to_amd64_on2)
18526 Summary
18527 Presently, Wine on amd64 is in test phase. It seems to work fine with caveats like LDLIBRARYPATH which has to be set as 32-bit Xorg libs don't have ${PREFIX}/emul/netbsd32/lib in its rpath section. The latter is due to us extracting 32-bit libs from tarballs in lieu of building 32-bit Xorg on amd64. As previously stated, pkgsrc doesn't search for pkgconfig files in ${PREFIX}/emul/netbsd32/lib which might have inadvertent effects that I am unaware of as of now. I shall be working on these issues during the final coding period. I would like to thank @leot, @maya and @christos for saving me from shooting myself in the foot many a time. I, admittedly, have had times when multiple approaches, which all seemed right at that time, perplexed me. I believe those are times when having a mentor counts, and I have been lucky enough to have really good ones. Once again, thanks to Google for this wonderful opportunity.
18528 Enhancing Syzkaller Support for NetBSD, Part 2 (https://blog.netbsd.org/tnf/entry/enchancing_syzkaller_support_for_netbsd)
18529 As a part of Google Summer of Code’19, I am working on improving the support for Syzkaller kernel fuzzer. Syzkaller is an unsupervised coverage-guided kernel fuzzer, that supports a variety of operating systems including NetBSD. This report details the work done during the second coding period.
18530 You can also take a look at the first report to learn more about the initial support that we added. : https://blog.netbsd.org/tnf/entry/enhancingsyzkallersupportfornetbsd
18531 July Update: All about the Pinebook Pro (https://www.pine64.org/2019/07/05/july-update-all-about-the-pinebook-pro/)
18532 "So I said I won’t be talking about the BSDs, but I feel like I should at the very least give you a general overview of the RK3399 *BSD functionality. I’ll make it quick. I’ve spoken to *BSD devs whom worked on the RockPro64 and from what I’ve gathered (despite the different *BSDs having varying degree of support for the RK3399 SOC) many of the core features are already supported, which bodes well for *BSD on the Pro. That said, some of the things you’d require on a functional laptop – such as the LCD (using eDP) for instance – will not work on the Pinebook Pro using *BSD as of today. So clearly a degree of work is yet needed for a BSD to run on the device. However, keep in mind that *BSD developers will be receiving their units soon and by the time you receive yours some basic functionality may be available."
18533 Killing a process and all of its descendants (http://morningcoffee.io/killing-a-process-and-all-of-its-descendants.html)
18534 Killing processes in a Unix-like system can be trickier than expected. Last week I was debugging an odd issue related to job stopping on Semaphore. More specifically, an issue related to the killing of a running process in a job. Here are the highlights of what I learned:
18535 Unix-like operating systems have sophisticated process relationships. Parent-child, process groups, sessions, and session leaders. However, the details are not uniform across operating systems like Linux and macOS. POSIX compliant operating systems support sending signals to process groups with a negative PID number.
18536 Sending signals to all processes in a session is not trivial with syscalls.
18537 Child processes started with exec inherit their parent signal configuration. If the parent process is ignoring the SIGHUP signal, for example, this configuration is propagated to the children.
18538 The answer to the “What happens with orphaned process groups” question is not trivial.
18539 Fast Software, the Best Software (https://craigmod.com/essays/fast_software/)
18540 I love fast software. That is, software speedy both in function and interface. Software with minimal to no lag between wanting to activate or manipulate something and the thing happening. Lightness.
18541 Software that’s speedy usually means it’s focused. Like a good tool, it often means that it’s simple, but that’s not necessarily true. Speed in software is probably the most valuable, least valued asset. To me, speedy software is the difference between an application smoothly integrating into your life, and one called upon with great reluctance. Fastness in software is like great margins in a book — makes you smile without necessarily knowing why.
18542 But why is slow bad? Fast software is not always good software, but slow software is rarely able to rise to greatness. Fast software gives the user a chance to “meld” with its toolset. That is, not break flow. When the nerds upon Nerd Hill fight to the death over Vi and Emacs, it’s partly because they have such a strong affinity for the flow of the application and its meldiness. They have invested. The Tool Is Good, so they feel. Not breaking flow is an axiom of great tools.
18543 A typewriter is an excellent tool because, even though it’s slow in a relative sense, every aspect of the machine itself operates as quickly as the user can move. It is focused. There are no delays when making a new line or slamming a key into the paper. Yes, you have to put a new sheet of paper into the machine at the end of a page, but that action becomes part of the flow of using the machine, and the accumulation of paper a visual indication of work completed. It is not wasted work. There are no fundamental mechanical delays in using the machine. The best software inches ever closer to the physical directness of something like a typewriter. (The machine may break down, of course, ribbons need to be changed — but this is maintenance and separate from the use of the tool. I’d be delighted to “maintain” Photoshop if it would lighten it up.)
18544 Beastie Bits
18545 Register for vBSDCon 2019, Sept 5-7 in Reston VA (https://vbsdcon.com/registration)
18546 Register for EuroBSDCon 2019, Sept 19-22 in Lillehammer, Norway (https://2019.eurobsdcon.org/registration/)
18547 Feedback/Questions
18548 Paulo - FreeNAS Question (http://dpaste.com/2GDG7WR#wrap)
18549 Marc - Changing VT without function keys? (http://dpaste.com/1AKC7A1#wrap)
18550 Caleb - Patch, update, and upgrade management (http://dpaste.com/2D6J482#wrap)
18551 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
18552 <video controls preload="metadata" style=" width:426px; height:240px;">
18553 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0312.mp4" type="video/mp4">
18554 Your browser does not support the HTML5 video tag.
18555 </video>
18556 </description>
18557 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, philosophy, package manager, touchpad, porting, wine, evaluation, syzkaller, pinebook pro, process</itunes:keywords>
18558 <content:encoded>
18559 <![CDATA[<p>The UNIX Philosophy in 2019, why use package managers, touchpad interrupted, Porting wine to amd64 on NetBSD second evaluation report, Enhancing Syzkaller Support for NetBSD, all about the Pinebook Pro, killing a process and all of its descendants, fast software the best software, and more.</p>
18560
18561 <h2>Headlines</h2>
18562
18563 <h3><a href="https://triosdevelopers.com/jason.eckert/blog/Entries/2019/6/1_Entry_1.html" rel="nofollow">The UNIX Philosophy in 2019</a></h3>
18564
18565 <blockquote>
18566 <p>Today, Linux and open source rules the world, and the UNIX philosophy is widely considered compulsory. Organizations are striving to build small, focused applications that work collaboratively in a cloud and microservices environment. We rely on the network, as well as HTTP (text) APIs for storing and referencing data. Moreover, nearly all configuration is stored and communicated using text (e.g. YAML, JSON or XML). And while the UNIX philosophy has changed dramatically over the past 5 decades, it hasn’t strayed too far from Ken Thompson’s original definition in 1973:</p>
18567 </blockquote>
18568
18569 <ul>
18570 <li>We write programs that do one thing and do it well</li>
18571 <li>We write programs to work together</li>
18572 <li>And we write programs that handle text streams, because that is a universal interface</li>
18573 </ul>
18574
18575 <hr>
18576
18577 <h3><a href="https://uwm.edu/hpc/software-management/" rel="nofollow">Why Use Package Managers?</a></h3>
18578
18579 <blockquote>
18580 <p>Valuable research is often hindered or outright prevented by the inability to install software. This need not be the case.</p>
18581
18582 <p>Since I began supporting research computing in 1999, I’ve frequently seen researchers struggle for days or weeks trying to install a single open source application. In most cases, they ultimately failed.</p>
18583
18584 <p>In many cases, they could have easily installed the software in seconds with one simple command, using a package manager such as Debian packages, FreeBSD ports, MacPorts, or Pkgsrc, just to name a few.</p>
18585
18586 <p>Developer websites often contain poorly written instructions for doing “caveman installs”; manually downloading, unpacking, patching, and building the software. The same laborious process must often be followed for other software packages on which it depends, which can sometimes number in the dozens. Many researchers are simply unaware that there are easier ways to install the software they need. Caveman installs are a colossal waste of man-hours. If 1000 people around the globe spend an average of 20 hours each trying to install the same program that could have been installed with a package manager (this is not uncommon), then 20,000 man-hours have been lost that could have gone toward science. How many important discoveries are delayed by this?</p>
18587
18588 <p>The elite research institutions have ample funding and dozens of IT staff dedicated to research computing. They can churn out publications even if their operation is inefficient. Most institutions, however, have few or no IT staff dedicated to research, and cannot afford to squander precious man-hours on temporary, one-off software installs. The wise approach for those of us in that situation is to collaborate on making software deployment easier for everyone. If we do so, then even the smallest research groups can leverage that work to be more productive and make more frequent contributions to science.</p>
18589
18590 <p>Fortunately, the vast majority of open source software installs can be made trivial for anyone to do for themselves. Modern package managers perform all the same steps as a caveman install, but automatically. Package managers also install dependencies for us automatically.</p>
18591 </blockquote>
18592
18593 <hr>
18594
18595 <h2>News Roundup</h2>
18596
18597 <h3><a href="https://jcs.org/2019/07/28/ihidev" rel="nofollow">Touchpad, Interrupted</a></h3>
18598
18599 <blockquote>
18600 <p>For two years I've been driving myself crazy trying to figure out the source of a driver problem on OpenBSD: interrupts never arrived for certain touchpad devices. A couple weeks ago, I put out a public plea asking for help in case any non-OpenBSD developers recognized the problem, but while debugging an unrelated issue over the weekend, I finally solved it.</p>
18601
18602 <p>It's been a long journey and it's a technical tale, but here it is.</p>
18603 </blockquote>
18604
18605 <hr>
18606
18607 <h3><a href="https://blog.netbsd.org/tnf/entry/porting_wine_to_amd64_on2" rel="nofollow">Porting wine to amd64 on NetBSD, second evaluation report</a></h3>
18608
18609 <ul>
18610 <li>Summary</li>
18611 </ul>
18612
18613 <blockquote>
18614 <p>Presently, Wine on amd64 is in test phase. It seems to work fine with caveats like LD_LIBRARY_PATH which has to be set as 32-bit Xorg libs don't have ${PREFIX}/emul/netbsd32/lib in its rpath section. The latter is due to us extracting 32-bit libs from tarballs in lieu of building 32-bit Xorg on amd64. As previously stated, pkgsrc doesn't search for pkgconfig files in ${PREFIX}/emul/netbsd32/lib which might have inadvertent effects that I am unaware of as of now. I shall be working on these issues during the final coding period. I would like to thank @leot, @maya and @christos for saving me from shooting myself in the foot many a time. I, admittedly, have had times when multiple approaches, which all seemed right at that time, perplexed me. I believe those are times when having a mentor counts, and I have been lucky enough to have really good ones. Once again, thanks to Google for this wonderful opportunity.</p>
18615 </blockquote>
18616
18617 <hr>
18618
18619 <h3><a href="https://blog.netbsd.org/tnf/entry/enchancing_syzkaller_support_for_netbsd" rel="nofollow">Enhancing Syzkaller Support for NetBSD, Part 2</a></h3>
18620
18621 <blockquote>
18622 <p>As a part of Google Summer of Code’19, I am working on improving the support for Syzkaller kernel fuzzer. Syzkaller is an unsupervised coverage-guided kernel fuzzer, that supports a variety of operating systems including NetBSD. This report details the work done during the second coding period.</p>
18623
18624 <p>You can also take a look at the first report to learn more about the initial support that we added. : <a href="https://blog.netbsd.org/tnf/entry/enhancing_syzkaller_support_for_netbsd" rel="nofollow">https://blog.netbsd.org/tnf/entry/enhancing_syzkaller_support_for_netbsd</a></p>
18625 </blockquote>
18626
18627 <hr>
18628
18629 <h3><a href="https://www.pine64.org/2019/07/05/july-update-all-about-the-pinebook-pro/" rel="nofollow">July Update: All about the Pinebook Pro</a></h3>
18630
18631 <blockquote>
18632 <p>"So I said I won’t be talking about the BSDs, but I feel like I should at the very least give you a general overview of the RK3399 *BSD functionality. I’ll make it quick. I’ve spoken to *BSD devs whom worked on the RockPro64 and from what I’ve gathered (despite the different *BSDs having varying degree of support for the RK3399 SOC) many of the core features are already supported, which bodes well for *BSD on the Pro. That said, some of the things you’d require on a functional laptop – such as the LCD (using eDP) for instance – will not work on the Pinebook Pro using *BSD as of today. So clearly a degree of work is yet needed for a BSD to run on the device. However, keep in mind that *BSD developers will be receiving their units soon and by the time you receive yours some basic functionality may be available."</p>
18633 </blockquote>
18634
18635 <hr>
18636
18637 <h3><a href="http://morningcoffee.io/killing-a-process-and-all-of-its-descendants.html" rel="nofollow">Killing a process and all of its descendants</a></h3>
18638
18639 <blockquote>
18640 <p>Killing processes in a Unix-like system can be trickier than expected. Last week I was debugging an odd issue related to job stopping on Semaphore. More specifically, an issue related to the killing of a running process in a job. Here are the highlights of what I learned:</p>
18641
18642 <p>Unix-like operating systems have sophisticated process relationships. Parent-child, process groups, sessions, and session leaders. However, the details are not uniform across operating systems like Linux and macOS. POSIX compliant operating systems support sending signals to process groups with a negative PID number.</p>
18643
18644 <p>Sending signals to all processes in a session is not trivial with syscalls.</p>
18645
18646 <p>Child processes started with exec inherit their parent signal configuration. If the parent process is ignoring the SIGHUP signal, for example, this configuration is propagated to the children.</p>
18647
18648 <p>The answer to the “What happens with orphaned process groups” question is not trivial.</p>
18649 </blockquote>
18650
18651 <hr>
18652
18653 <h3><a href="https://craigmod.com/essays/fast_software/" rel="nofollow">Fast Software, the Best Software</a></h3>
18654
18655 <blockquote>
18656 <p>I love fast software. That is, software speedy both in function and interface. Software with minimal to no lag between wanting to activate or manipulate something and the thing happening. Lightness.</p>
18657
18658 <p>Software that’s speedy usually means it’s focused. Like a good tool, it often means that it’s simple, but that’s not necessarily true. Speed in software is probably the most valuable, least valued asset. To me, speedy software is the difference between an application smoothly integrating into your life, and one called upon with great reluctance. Fastness in software is like great margins in a book — makes you smile without necessarily knowing why.</p>
18659
18660 <p>But why is slow bad? Fast software is not always good software, but slow software is rarely able to rise to greatness. Fast software gives the user a chance to “meld” with its toolset. That is, not break flow. When the nerds upon Nerd Hill fight to the death over Vi and Emacs, it’s partly because they have such a strong affinity for the flow of the application and its meldiness. They have invested. The Tool Is Good, so they feel. Not breaking flow is an axiom of great tools.</p>
18661
18662 <p>A typewriter is an excellent tool because, even though it’s slow in a relative sense, every aspect of the machine itself operates as quickly as the user can move. It is focused. There are no delays when making a new line or slamming a key into the paper. Yes, you have to put a new sheet of paper into the machine at the end of a page, but that action becomes part of the flow of using the machine, and the accumulation of paper a visual indication of work completed. It is not wasted work. There are no fundamental mechanical delays in using the machine. The best software inches ever closer to the physical directness of something like a typewriter. (The machine may break down, of course, ribbons need to be changed — but this is maintenance and separate from the use of the tool. I’d be delighted to “maintain” Photoshop if it would lighten it up.)</p>
18663 </blockquote>
18664
18665 <hr>
18666
18667 <h2>Beastie Bits</h2>
18668
18669 <ul>
18670 <li><a href="https://vbsdcon.com/registration" rel="nofollow">Register for vBSDCon 2019, Sept 5-7 in Reston VA</a></li>
18671 <li><a href="https://2019.eurobsdcon.org/registration/" rel="nofollow">Register for EuroBSDCon 2019, Sept 19-22 in Lillehammer, Norway</a></li>
18672 </ul>
18673
18674 <hr>
18675
18676 <h2>Feedback/Questions</h2>
18677
18678 <ul>
18679 <li>Paulo - <a href="http://dpaste.com/2GDG7WR#wrap" rel="nofollow">FreeNAS Question</a></li>
18680 <li>Marc - <a href="http://dpaste.com/1AKC7A1#wrap" rel="nofollow">Changing VT without function keys?</a></li>
18681 <li>Caleb - <a href="http://dpaste.com/2D6J482#wrap" rel="nofollow">Patch, update, and upgrade management</a></li>
18682 </ul>
18683
18684 <hr>
18685
18686 <ul>
18687 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
18688 </ul>
18689
18690 <hr>
18691
18692 <video controls preload="metadata" style=" width:426px; height:240px;">
18693 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0312.mp4" type="video/mp4">
18694 Your browser does not support the HTML5 video tag.
18695 </video>]]>
18696 </content:encoded>
18697 <itunes:summary>
18698 <![CDATA[<p>The UNIX Philosophy in 2019, why use package managers, touchpad interrupted, Porting wine to amd64 on NetBSD second evaluation report, Enhancing Syzkaller Support for NetBSD, all about the Pinebook Pro, killing a process and all of its descendants, fast software the best software, and more.</p>
18699
18700 <h2>Headlines</h2>
18701
18702 <h3><a href="https://triosdevelopers.com/jason.eckert/blog/Entries/2019/6/1_Entry_1.html" rel="nofollow">The UNIX Philosophy in 2019</a></h3>
18703
18704 <blockquote>
18705 <p>Today, Linux and open source rules the world, and the UNIX philosophy is widely considered compulsory. Organizations are striving to build small, focused applications that work collaboratively in a cloud and microservices environment. We rely on the network, as well as HTTP (text) APIs for storing and referencing data. Moreover, nearly all configuration is stored and communicated using text (e.g. YAML, JSON or XML). And while the UNIX philosophy has changed dramatically over the past 5 decades, it hasn’t strayed too far from Ken Thompson’s original definition in 1973:</p>
18706 </blockquote>
18707
18708 <ul>
18709 <li>We write programs that do one thing and do it well</li>
18710 <li>We write programs to work together</li>
18711 <li>And we write programs that handle text streams, because that is a universal interface</li>
18712 </ul>
18713
18714 <hr>
18715
18716 <h3><a href="https://uwm.edu/hpc/software-management/" rel="nofollow">Why Use Package Managers?</a></h3>
18717
18718 <blockquote>
18719 <p>Valuable research is often hindered or outright prevented by the inability to install software. This need not be the case.</p>
18720
18721 <p>Since I began supporting research computing in 1999, I’ve frequently seen researchers struggle for days or weeks trying to install a single open source application. In most cases, they ultimately failed.</p>
18722
18723 <p>In many cases, they could have easily installed the software in seconds with one simple command, using a package manager such as Debian packages, FreeBSD ports, MacPorts, or Pkgsrc, just to name a few.</p>
18724
18725 <p>Developer websites often contain poorly written instructions for doing “caveman installs”; manually downloading, unpacking, patching, and building the software. The same laborious process must often be followed for other software packages on which it depends, which can sometimes number in the dozens. Many researchers are simply unaware that there are easier ways to install the software they need. Caveman installs are a colossal waste of man-hours. If 1000 people around the globe spend an average of 20 hours each trying to install the same program that could have been installed with a package manager (this is not uncommon), then 20,000 man-hours have been lost that could have gone toward science. How many important discoveries are delayed by this?</p>
18726
18727 <p>The elite research institutions have ample funding and dozens of IT staff dedicated to research computing. They can churn out publications even if their operation is inefficient. Most institutions, however, have few or no IT staff dedicated to research, and cannot afford to squander precious man-hours on temporary, one-off software installs. The wise approach for those of us in that situation is to collaborate on making software deployment easier for everyone. If we do so, then even the smallest research groups can leverage that work to be more productive and make more frequent contributions to science.</p>
18728
18729 <p>Fortunately, the vast majority of open source software installs can be made trivial for anyone to do for themselves. Modern package managers perform all the same steps as a caveman install, but automatically. Package managers also install dependencies for us automatically.</p>
18730 </blockquote>
18731
18732 <hr>
18733
18734 <h2>News Roundup</h2>
18735
18736 <h3><a href="https://jcs.org/2019/07/28/ihidev" rel="nofollow">Touchpad, Interrupted</a></h3>
18737
18738 <blockquote>
18739 <p>For two years I've been driving myself crazy trying to figure out the source of a driver problem on OpenBSD: interrupts never arrived for certain touchpad devices. A couple weeks ago, I put out a public plea asking for help in case any non-OpenBSD developers recognized the problem, but while debugging an unrelated issue over the weekend, I finally solved it.</p>
18740
18741 <p>It's been a long journey and it's a technical tale, but here it is.</p>
18742 </blockquote>
18743
18744 <hr>
18745
18746 <h3><a href="https://blog.netbsd.org/tnf/entry/porting_wine_to_amd64_on2" rel="nofollow">Porting wine to amd64 on NetBSD, second evaluation report</a></h3>
18747
18748 <ul>
18749 <li>Summary</li>
18750 </ul>
18751
18752 <blockquote>
18753 <p>Presently, Wine on amd64 is in test phase. It seems to work fine with caveats like LD_LIBRARY_PATH which has to be set as 32-bit Xorg libs don't have ${PREFIX}/emul/netbsd32/lib in its rpath section. The latter is due to us extracting 32-bit libs from tarballs in lieu of building 32-bit Xorg on amd64. As previously stated, pkgsrc doesn't search for pkgconfig files in ${PREFIX}/emul/netbsd32/lib which might have inadvertent effects that I am unaware of as of now. I shall be working on these issues during the final coding period. I would like to thank @leot, @maya and @christos for saving me from shooting myself in the foot many a time. I, admittedly, have had times when multiple approaches, which all seemed right at that time, perplexed me. I believe those are times when having a mentor counts, and I have been lucky enough to have really good ones. Once again, thanks to Google for this wonderful opportunity.</p>
18754 </blockquote>
18755
18756 <hr>
18757
18758 <h3><a href="https://blog.netbsd.org/tnf/entry/enchancing_syzkaller_support_for_netbsd" rel="nofollow">Enhancing Syzkaller Support for NetBSD, Part 2</a></h3>
18759
18760 <blockquote>
18761 <p>As a part of Google Summer of Code’19, I am working on improving the support for Syzkaller kernel fuzzer. Syzkaller is an unsupervised coverage-guided kernel fuzzer, that supports a variety of operating systems including NetBSD. This report details the work done during the second coding period.</p>
18762
18763 <p>You can also take a look at the first report to learn more about the initial support that we added. : <a href="https://blog.netbsd.org/tnf/entry/enhancing_syzkaller_support_for_netbsd" rel="nofollow">https://blog.netbsd.org/tnf/entry/enhancing_syzkaller_support_for_netbsd</a></p>
18764 </blockquote>
18765
18766 <hr>
18767
18768 <h3><a href="https://www.pine64.org/2019/07/05/july-update-all-about-the-pinebook-pro/" rel="nofollow">July Update: All about the Pinebook Pro</a></h3>
18769
18770 <blockquote>
18771 <p>"So I said I won’t be talking about the BSDs, but I feel like I should at the very least give you a general overview of the RK3399 *BSD functionality. I’ll make it quick. I’ve spoken to *BSD devs whom worked on the RockPro64 and from what I’ve gathered (despite the different *BSDs having varying degree of support for the RK3399 SOC) many of the core features are already supported, which bodes well for *BSD on the Pro. That said, some of the things you’d require on a functional laptop – such as the LCD (using eDP) for instance – will not work on the Pinebook Pro using *BSD as of today. So clearly a degree of work is yet needed for a BSD to run on the device. However, keep in mind that *BSD developers will be receiving their units soon and by the time you receive yours some basic functionality may be available."</p>
18772 </blockquote>
18773
18774 <hr>
18775
18776 <h3><a href="http://morningcoffee.io/killing-a-process-and-all-of-its-descendants.html" rel="nofollow">Killing a process and all of its descendants</a></h3>
18777
18778 <blockquote>
18779 <p>Killing processes in a Unix-like system can be trickier than expected. Last week I was debugging an odd issue related to job stopping on Semaphore. More specifically, an issue related to the killing of a running process in a job. Here are the highlights of what I learned:</p>
18780
18781 <p>Unix-like operating systems have sophisticated process relationships. Parent-child, process groups, sessions, and session leaders. However, the details are not uniform across operating systems like Linux and macOS. POSIX compliant operating systems support sending signals to process groups with a negative PID number.</p>
18782
18783 <p>Sending signals to all processes in a session is not trivial with syscalls.</p>
18784
18785 <p>Child processes started with exec inherit their parent signal configuration. If the parent process is ignoring the SIGHUP signal, for example, this configuration is propagated to the children.</p>
18786
18787 <p>The answer to the “What happens with orphaned process groups” question is not trivial.</p>
18788 </blockquote>
18789
18790 <hr>
18791
18792 <h3><a href="https://craigmod.com/essays/fast_software/" rel="nofollow">Fast Software, the Best Software</a></h3>
18793
18794 <blockquote>
18795 <p>I love fast software. That is, software speedy both in function and interface. Software with minimal to no lag between wanting to activate or manipulate something and the thing happening. Lightness.</p>
18796
18797 <p>Software that’s speedy usually means it’s focused. Like a good tool, it often means that it’s simple, but that’s not necessarily true. Speed in software is probably the most valuable, least valued asset. To me, speedy software is the difference between an application smoothly integrating into your life, and one called upon with great reluctance. Fastness in software is like great margins in a book — makes you smile without necessarily knowing why.</p>
18798
18799 <p>But why is slow bad? Fast software is not always good software, but slow software is rarely able to rise to greatness. Fast software gives the user a chance to “meld” with its toolset. That is, not break flow. When the nerds upon Nerd Hill fight to the death over Vi and Emacs, it’s partly because they have such a strong affinity for the flow of the application and its meldiness. They have invested. The Tool Is Good, so they feel. Not breaking flow is an axiom of great tools.</p>
18800
18801 <p>A typewriter is an excellent tool because, even though it’s slow in a relative sense, every aspect of the machine itself operates as quickly as the user can move. It is focused. There are no delays when making a new line or slamming a key into the paper. Yes, you have to put a new sheet of paper into the machine at the end of a page, but that action becomes part of the flow of using the machine, and the accumulation of paper a visual indication of work completed. It is not wasted work. There are no fundamental mechanical delays in using the machine. The best software inches ever closer to the physical directness of something like a typewriter. (The machine may break down, of course, ribbons need to be changed — but this is maintenance and separate from the use of the tool. I’d be delighted to “maintain” Photoshop if it would lighten it up.)</p>
18802 </blockquote>
18803
18804 <hr>
18805
18806 <h2>Beastie Bits</h2>
18807
18808 <ul>
18809 <li><a href="https://vbsdcon.com/registration" rel="nofollow">Register for vBSDCon 2019, Sept 5-7 in Reston VA</a></li>
18810 <li><a href="https://2019.eurobsdcon.org/registration/" rel="nofollow">Register for EuroBSDCon 2019, Sept 19-22 in Lillehammer, Norway</a></li>
18811 </ul>
18812
18813 <hr>
18814
18815 <h2>Feedback/Questions</h2>
18816
18817 <ul>
18818 <li>Paulo - <a href="http://dpaste.com/2GDG7WR#wrap" rel="nofollow">FreeNAS Question</a></li>
18819 <li>Marc - <a href="http://dpaste.com/1AKC7A1#wrap" rel="nofollow">Changing VT without function keys?</a></li>
18820 <li>Caleb - <a href="http://dpaste.com/2D6J482#wrap" rel="nofollow">Patch, update, and upgrade management</a></li>
18821 </ul>
18822
18823 <hr>
18824
18825 <ul>
18826 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
18827 </ul>
18828
18829 <hr>
18830
18831 <video controls preload="metadata" style=" width:426px; height:240px;">
18832 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0312.mp4" type="video/mp4">
18833 Your browser does not support the HTML5 video tag.
18834 </video>]]>
18835 </itunes:summary>
18836 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+_QnomGy0</fireside:playerURL>
18837 <fireside:playerEmbedCode>
18838 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+_QnomGy0" width="740" height="200" frameborder="0" scrolling="no">]]>
18839 </fireside:playerEmbedCode>
18840 </item>
18841 <item>
18842 <title>311: Conference Gear Breakdown</title>
18843 <link>https://www.bsdnow.tv/311</link>
18844 <guid isPermaLink="false">1d57e61a-57d9-4d3b-ac9a-c3a4c061da07</guid>
18845 <pubDate>Thu, 15 Aug 2019 06:00:00 -0700</pubDate>
18846 <author>Allan Jude</author>
18847 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/1d57e61a-57d9-4d3b-ac9a-c3a4c061da07.mp3" length="52868098" type="audio/mp3"/>
18848 <itunes:episodeType>full</itunes:episodeType>
18849 <itunes:author>Allan Jude</itunes:author>
18850 <itunes:subtitle>
18851 NetBSD 9.0 release process has started, xargs, a tale of two spellcheckers, Adapting TriforceAFL for NetBSD, Exploiting a no-name freebsd kernel vulnerability, and more.</itunes:subtitle>
18852 <itunes:duration>1:13:25</itunes:duration>
18853 <itunes:explicit>no</itunes:explicit>
18854 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
18855 <description>NetBSD 9.0 release process has started, xargs, a tale of two spellcheckers, Adapting TriforceAFL for NetBSD, Exploiting a no-name freebsd kernel vulnerability, and more.
18856 Headlines
18857 NetBSD 9.0 release process has started (https://mail-index.netbsd.org/netbsd-announce/2019/07/31/msg000301.html)
18858 If you have been following source-changes, you may have noticed the creation of the netbsd-9 branch! It has some really exciting items that we worked on:
18859 + New AArch64 architecture support:
18860 + Symmetric and asymmetrical multiprocessing support (aka big.LITTLE)
18861 + Support for running 32-bit binaries
18862 + UEFI and ACPI support
18863 + Support for SBSA/SBBR (server-class) hardware.
18864 + The FDT-ization of many ARM boards:
18865 + the 32-bit GENERIC kernel lists 129 different DTS configurations
18866 + the 64-bit GENERIC64 kernel lists 74 different DTS configurations
18867 + All supported by a single kernel, without requiring per-board configuration.
18868 + Graphics driver update, matching Linux 4.4, adding support for up to Kaby Lake based Intel graphics devices.
18869 + ZFS has been updated to a modern version and seen many bugfixes.
18870 + New hardware-accelerated virtualization via NVMM.
18871 + NPF performance improvements and bug fixes. A new lookup algorithm, thmap, is now the default.
18872 + NVMe performance improvements
18873 + Optional kernel ASLR support, and partial kernel ASLR for the default configuration.
18874 + Kernel sanitizers:
18875 + KLEAK, detecting memory leaks
18876 + KASAN, detecting memory overruns
18877 + KUBSAN, detecting undefined behaviour
18878 + These have been used together with continuous fuzzing via the syzkaller project to find many bugs that were fixed.
18879 + The removal of outdated networking components such as ISDN and all of its drivers
18880 + The installer is now capable of performing GPT UEFI installations.
18881 + Dramatically improved support for userland sanitizers, as well as the option to build all of NetBSD's userland using them for bug-finding.
18882 + Update to graphics userland: Mesa was updated to 18.3.4, and llvmpipe is now available for several architectures, providing 3D graphics even in the absence of a supported GPU.
18883 We try to test NetBSD as best as we can, but your testing can help NetBSD 9.0 a great release. Please test it and let us know of any bugs you find.
18884 + Binaries are available at https://nycdn.netbsd.org/pub/NetBSD-daily/netbsd-9/latest/
18885 xargs wtf (https://medium.com/@aarontharris/xargs-wtf-34d2618286b7)
18886 xargs is probably one of the more difficult to understand of the unix command arsenal and of course that just means it’s one of the most useful too.
18887 I discovered a handy trick that I thought was worth a share. Please note there are probably other (better) ways to do this but I did my stackoverflow research and found nothing better.
18888 xargs — at least how I’ve most utilized it — is handy for taking some number of lines as input and doing some work per line. It’s hard to be more specific than that as it does so much else.
18889 It literally took me an hour of piecing together random man pages + tips from 11 year olds on stack overflow, but eventually I produced this gem:
18890 This is an example of how to find files matching a certain pattern and rename each of them. It sounds so trivial (and it is) but it demonstrates some cool tricks in an easy concept.
18891 News Roundup
18892 PkgSrc: A Tale of Two Spellcheckers (https://bentsukun.ch/posts/pkgsrccon-2019/)
18893 This is a transcript of the talk I gave at pkgsrcCon 2019 in Cambridge, UK. It is about spellcheckers, but there are much more general software engineering lessons that we can learn from this case study.
18894 The reason I got into this subject at all was my paternal leave last year, when I finally had some more time to spend working on pkgsrc. It was a tiny item in the enormous TODO file at the top of the source tree (“update enchant to version 2.2”) that made me go into this rabbit hole.
18895 Adapting TriforceAFL for NetBSD, Part 2 (https://blog.netbsd.org/tnf/entry/adapting_triforceafl_for_netbsd_part1)
18896 I have been working on adapting TriforceAFL for NetBSD kernel syscall fuzzing. This blog post summarizes the work done until the second evaluation.
18897 For work done during the first coding period, check out this post.
18898 Summary
18899 > So far, the TriforceNetBSDSyscallFuzzer has been made available in the form of a pkgsrc package with the ability to fuzz most of NetBSD syscalls. In the final coding period of GSoC. I plan to analyse the crashes that were found until now. Integrate sanitizers, try and find more bugs and finally wrap up neatly with detailed documentation.
18900 > Last but not least, I would like to thank my mentor, Kamil Rytarowski for helping me through the process and guiding me. It has been a wonderful learning experience so far!
18901 Exploiting a no-name freebsd kernel vulnerability (https://www.synacktiv.com/posts/exploit/exploiting-a-no-name-freebsd-kernel-vulnerability.html)
18902 A new patch has been recently shipped in FreeBSD kernels to fix a vulnerability (cve-2019-5602) present in the cdrom device. In this post, we will introduce the bug and discuss its exploitation on pre/post-SMEP FreeBSD revisions.
18903 > A closer look at the commit 6bcf6e3 shows that when invoking the CDIOCREADSUBCHANNEL_SYSSPACE ioctl, data are copied with bcopy instead of the copyout primitive. This endows a local attacker belonging to the operator group with an arbitrary write primitive in the kernel memory.
18904 [Allan and Benedicts Conference Gear Breakdown]
18905
18906 Benedict’s Gear:
18907 GlocalMe G3 Mobile Travel HotSpot and Powerbank (https://www.glocalme.com/CA/en-US/cloudsim/g3)
18908 Mogics Power Bagel (http://www.mogics.com/3824-2)
18909 Charby Sense Power Cable (https://charbycharge.com/charby-sense-worlds-smartest-auto-cutoff-cable/)
18910 Allan’s Gear:
18911 Huawei E5770s-320 4G LTE 150 Mbps Mobile WiFi Pro (https://smile.amazon.com/gp/product/B013CEGGKI/)
18912 AOW Global Data SIM Card for On-Demand 4G LTE Mobile Data in Over 90 Countries (https://smile.amazon.com/dp/B071HJFX27/)
18913 All my devices charge from USB-C, so that is great
18914 More USB thumb drives than strictly necessary
18915 My Lenovo X270 laptop running FreeBSD 13-current
18916 My 2016 Macbook Pro (a prize from the raffle at vBSDCon 2017) that I use for email and video conferencing to preserve battery on my FreeBSD machine for work
18917 Beastie Bits
18918 Replacing the Unix tradition (Warning may be rage inducing) (https://www.youtube.com/watch?v=L9v4Mg8wi4U&feature=youtu.be)
18919 Installing OpenBSD over remote serial on the AtomicPI (https://www.thanassis.space/remoteserial.html#remoteserial)
18920 Zen 2 and DragonFly (https://www.dragonflydigest.com/2019/08/05/23294.html)
18921 Improve Docking on FreeBSD (https://blog.yukiisbo.red/posts/2019/05/improve-docking-on-freebsd/)
18922 Register for vBSDCon 2019, Sept 5-7 in Reston VA. Early bird ends August 15th. (https://vbsdcon.com/registration)
18923 Register for EuroBSDCon 2019, Sept 19-22 in Lillehammer, Norway (https://2019.eurobsdcon.org/registration/)
18924 Feedback/Questions
18925 JT - Congrats (http://dpaste.com/0D7Y31E#wrap)
18926 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
18927 <video controls preload="metadata" style=" width:426px; height:240px;">
18928 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0311.mp4" type="video/mp4">
18929 Your browser does not support the HTML5 video tag.
18930 </video>
18931 </description>
18932 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, xargs, spellchecker, tale, triforceafl, kernel, vulnerability, conference, gear, tools, gadgets, utilities</itunes:keywords>
18933 <content:encoded>
18934 <![CDATA[<p>NetBSD 9.0 release process has started, xargs, a tale of two spellcheckers, Adapting TriforceAFL for NetBSD, Exploiting a no-name freebsd kernel vulnerability, and more.</p>
18935
18936 <h2>Headlines</h2>
18937
18938 <h3><a href="https://mail-index.netbsd.org/netbsd-announce/2019/07/31/msg000301.html" rel="nofollow">NetBSD 9.0 release process has started</a></h3>
18939
18940 <blockquote>
18941 <p>If you have been following source-changes, you may have noticed the creation of the netbsd-9 branch! It has some really exciting items that we worked on:</p>
18942
18943 <ul>
18944 <li>New AArch64 architecture support:
18945
18946 <ul>
18947 <li>Symmetric and asymmetrical multiprocessing support (aka big.LITTLE)</li>
18948 <li>Support for running 32-bit binaries</li>
18949 <li>UEFI and ACPI support</li>
18950 <li>Support for SBSA/SBBR (server-class) hardware.</li>
18951 </ul></li>
18952 <li>The FDT-ization of many ARM boards:
18953
18954 <ul>
18955 <li>the 32-bit GENERIC kernel lists 129 different DTS configurations</li>
18956 <li>the 64-bit GENERIC64 kernel lists 74 different DTS configurations</li>
18957 <li>All supported by a single kernel, without requiring per-board configuration.</li>
18958 </ul></li>
18959 <li>Graphics driver update, matching Linux 4.4, adding support for up to Kaby Lake based Intel graphics devices.</li>
18960 <li>ZFS has been updated to a modern version and seen many bugfixes.</li>
18961 <li>New hardware-accelerated virtualization via NVMM.</li>
18962 <li>NPF performance improvements and bug fixes. A new lookup algorithm, thmap, is now the default.</li>
18963 <li>NVMe performance improvements</li>
18964 <li>Optional kernel ASLR support, and partial kernel ASLR for the default configuration.</li>
18965 <li>Kernel sanitizers:
18966
18967 <ul>
18968 <li>KLEAK, detecting memory leaks</li>
18969 <li>KASAN, detecting memory overruns</li>
18970 <li>KUBSAN, detecting undefined behaviour</li>
18971 <li>These have been used together with continuous fuzzing via the syzkaller project to find many bugs that were fixed.</li>
18972 </ul></li>
18973 <li>The removal of outdated networking components such as ISDN and all of its drivers</li>
18974 <li>The installer is now capable of performing GPT UEFI installations.</li>
18975 <li>Dramatically improved support for userland sanitizers, as well as the option to build all of NetBSD's userland using them for bug-finding.</li>
18976 <li>Update to graphics userland: Mesa was updated to 18.3.4, and llvmpipe is now available for several architectures, providing 3D graphics even in the absence of a supported GPU.</li>
18977 </ul>
18978
18979 <p>We try to test NetBSD as best as we can, but your testing can help NetBSD 9.0 a great release. Please test it and let us know of any bugs you find.</p>
18980
18981 <ul>
18982 <li>Binaries are available at <a href="https://nycdn.netbsd.org/pub/NetBSD-daily/netbsd-9/latest/" rel="nofollow">https://nycdn.netbsd.org/pub/NetBSD-daily/netbsd-9/latest/</a></li>
18983 </ul>
18984 </blockquote>
18985
18986 <hr>
18987
18988 <h3><a href="https://medium.com/@aarontharris/xargs-wtf-34d2618286b7" rel="nofollow">xargs wtf</a></h3>
18989
18990 <blockquote>
18991 <p>xargs is probably one of the more difficult to understand of the unix command arsenal and of course that just means it’s one of the most useful too.<br>
18992 I discovered a handy trick that I thought was worth a share. Please note there are probably other (better) ways to do this but I did my stackoverflow research and found nothing better.<br>
18993 xargs — at least how I’ve most utilized it — is handy for taking some number of lines as input and doing some work per line. It’s hard to be more specific than that as it does so much else.<br>
18994 It literally took me an hour of piecing together random man pages + tips from 11 year olds on stack overflow, but eventually I produced this gem:<br>
18995 This is an example of how to find files matching a certain pattern and rename each of them. It sounds so trivial (and it is) but it demonstrates some cool tricks in an easy concept.</p>
18996 </blockquote>
18997
18998 <hr>
18999
19000 <h2>News Roundup</h2>
19001
19002 <h3><a href="https://bentsukun.ch/posts/pkgsrccon-2019/" rel="nofollow">PkgSrc: A Tale of Two Spellcheckers</a></h3>
19003
19004 <blockquote>
19005 <p>This is a transcript of the talk I gave at pkgsrcCon 2019 in Cambridge, UK. It is about spellcheckers, but there are much more general software engineering lessons that we can learn from this case study.<br>
19006 The reason I got into this subject at all was my paternal leave last year, when I finally had some more time to spend working on pkgsrc. It was a tiny item in the enormous TODO file at the top of the source tree (“update enchant to version 2.2”) that made me go into this rabbit hole.</p>
19007 </blockquote>
19008
19009 <hr>
19010
19011 <h3><a href="https://blog.netbsd.org/tnf/entry/adapting_triforceafl_for_netbsd_part1" rel="nofollow">Adapting TriforceAFL for NetBSD, Part 2</a></h3>
19012
19013 <blockquote>
19014 <p>I have been working on adapting TriforceAFL for NetBSD kernel syscall fuzzing. This blog post summarizes the work done until the second evaluation.<br>
19015 For work done during the first coding period, check out this post.</p>
19016 </blockquote>
19017
19018 <ul>
19019 <li>Summary
19020 > So far, the TriforceNetBSDSyscallFuzzer has been made available in the form of a pkgsrc package with the ability to fuzz most of NetBSD syscalls. In the final coding period of GSoC. I plan to analyse the crashes that were found until now. Integrate sanitizers, try and find more bugs and finally wrap up neatly with detailed documentation.
19021 > Last but not least, I would like to thank my mentor, Kamil Rytarowski for helping me through the process and guiding me. It has been a wonderful learning experience so far!</li>
19022 </ul>
19023
19024 <hr>
19025
19026 <h3><a href="https://www.synacktiv.com/posts/exploit/exploiting-a-no-name-freebsd-kernel-vulnerability.html" rel="nofollow">Exploiting a no-name freebsd kernel vulnerability</a></h3>
19027
19028 <ul>
19029 <li>A new patch has been recently shipped in FreeBSD kernels to fix a vulnerability (cve-2019-5602) present in the cdrom device. In this post, we will introduce the bug and discuss its exploitation on pre/post-SMEP FreeBSD revisions.
19030 > A closer look at the commit 6bcf6e3 shows that when invoking the CDIOCREADSUBCHANNEL_SYSSPACE ioctl, data are copied with bcopy instead of the copyout primitive. This endows a local attacker belonging to the operator group with an arbitrary write primitive in the kernel memory.</li>
19031 </ul>
19032
19033 <hr>
19034
19035 <h3>[Allan and Benedicts Conference Gear Breakdown]</h3>
19036
19037 <ul>
19038 <li></li>
19039 <li><p>Benedict’s Gear:</p>
19040
19041 <blockquote>
19042 <p><a href="https://www.glocalme.com/CA/en-US/cloudsim/g3" rel="nofollow">GlocalMe G3 Mobile Travel HotSpot and Powerbank</a><br>
19043 <a href="http://www.mogics.com/3824-2" rel="nofollow">Mogics Power Bagel</a><br>
19044 <a href="https://charbycharge.com/charby-sense-worlds-smartest-auto-cutoff-cable/" rel="nofollow">Charby Sense Power Cable</a></p>
19045 </blockquote></li>
19046 <li><p>Allan’s Gear:</p>
19047
19048 <blockquote>
19049 <p><a href="https://smile.amazon.com/gp/product/B013CEGGKI/" rel="nofollow">Huawei E5770s-320 4G LTE 150 Mbps Mobile WiFi Pro</a><br>
19050 <a href="https://smile.amazon.com/dp/B071HJFX27/" rel="nofollow">AOW Global Data SIM Card for On-Demand 4G LTE Mobile Data in Over 90 Countries</a><br>
19051 All my devices charge from USB-C, so that is great<br>
19052 More USB thumb drives than strictly necessary<br>
19053 My Lenovo X270 laptop running FreeBSD 13-current<br>
19054 My 2016 Macbook Pro (a prize from the raffle at vBSDCon 2017) that I use for email and video conferencing to preserve battery on my FreeBSD machine for work</p>
19055 </blockquote></li>
19056 </ul>
19057
19058 <hr>
19059
19060 <h2>Beastie Bits</h2>
19061
19062 <ul>
19063 <li><a href="https://www.youtube.com/watch?v=L9v4Mg8wi4U&feature=youtu.be" rel="nofollow">Replacing the Unix tradition (Warning may be rage inducing)</a></li>
19064 <li><a href="https://www.thanassis.space/remoteserial.html#remoteserial" rel="nofollow">Installing OpenBSD over remote serial on the AtomicPI</a></li>
19065 <li><a href="https://www.dragonflydigest.com/2019/08/05/23294.html" rel="nofollow">Zen 2 and DragonFly</a></li>
19066 <li><a href="https://blog.yukiisbo.red/posts/2019/05/improve-docking-on-freebsd/" rel="nofollow">Improve Docking on FreeBSD</a></li>
19067 <li><a href="https://vbsdcon.com/registration" rel="nofollow">Register for vBSDCon 2019, Sept 5-7 in Reston VA. Early bird ends August 15th.</a></li>
19068 <li><a href="https://2019.eurobsdcon.org/registration/" rel="nofollow">Register for EuroBSDCon 2019, Sept 19-22 in Lillehammer, Norway</a></li>
19069 </ul>
19070
19071 <hr>
19072
19073 <h2>Feedback/Questions</h2>
19074
19075 <ul>
19076 <li>JT - <a href="http://dpaste.com/0D7Y31E#wrap" rel="nofollow">Congrats</a></li>
19077 </ul>
19078
19079 <hr>
19080
19081 <ul>
19082 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
19083 </ul>
19084
19085 <hr>
19086
19087 <video controls preload="metadata" style=" width:426px; height:240px;">
19088 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0311.mp4" type="video/mp4">
19089 Your browser does not support the HTML5 video tag.
19090 </video>]]>
19091 </content:encoded>
19092 <itunes:summary>
19093 <![CDATA[<p>NetBSD 9.0 release process has started, xargs, a tale of two spellcheckers, Adapting TriforceAFL for NetBSD, Exploiting a no-name freebsd kernel vulnerability, and more.</p>
19094
19095 <h2>Headlines</h2>
19096
19097 <h3><a href="https://mail-index.netbsd.org/netbsd-announce/2019/07/31/msg000301.html" rel="nofollow">NetBSD 9.0 release process has started</a></h3>
19098
19099 <blockquote>
19100 <p>If you have been following source-changes, you may have noticed the creation of the netbsd-9 branch! It has some really exciting items that we worked on:</p>
19101
19102 <ul>
19103 <li>New AArch64 architecture support:
19104
19105 <ul>
19106 <li>Symmetric and asymmetrical multiprocessing support (aka big.LITTLE)</li>
19107 <li>Support for running 32-bit binaries</li>
19108 <li>UEFI and ACPI support</li>
19109 <li>Support for SBSA/SBBR (server-class) hardware.</li>
19110 </ul></li>
19111 <li>The FDT-ization of many ARM boards:
19112
19113 <ul>
19114 <li>the 32-bit GENERIC kernel lists 129 different DTS configurations</li>
19115 <li>the 64-bit GENERIC64 kernel lists 74 different DTS configurations</li>
19116 <li>All supported by a single kernel, without requiring per-board configuration.</li>
19117 </ul></li>
19118 <li>Graphics driver update, matching Linux 4.4, adding support for up to Kaby Lake based Intel graphics devices.</li>
19119 <li>ZFS has been updated to a modern version and seen many bugfixes.</li>
19120 <li>New hardware-accelerated virtualization via NVMM.</li>
19121 <li>NPF performance improvements and bug fixes. A new lookup algorithm, thmap, is now the default.</li>
19122 <li>NVMe performance improvements</li>
19123 <li>Optional kernel ASLR support, and partial kernel ASLR for the default configuration.</li>
19124 <li>Kernel sanitizers:
19125
19126 <ul>
19127 <li>KLEAK, detecting memory leaks</li>
19128 <li>KASAN, detecting memory overruns</li>
19129 <li>KUBSAN, detecting undefined behaviour</li>
19130 <li>These have been used together with continuous fuzzing via the syzkaller project to find many bugs that were fixed.</li>
19131 </ul></li>
19132 <li>The removal of outdated networking components such as ISDN and all of its drivers</li>
19133 <li>The installer is now capable of performing GPT UEFI installations.</li>
19134 <li>Dramatically improved support for userland sanitizers, as well as the option to build all of NetBSD's userland using them for bug-finding.</li>
19135 <li>Update to graphics userland: Mesa was updated to 18.3.4, and llvmpipe is now available for several architectures, providing 3D graphics even in the absence of a supported GPU.</li>
19136 </ul>
19137
19138 <p>We try to test NetBSD as best as we can, but your testing can help NetBSD 9.0 a great release. Please test it and let us know of any bugs you find.</p>
19139
19140 <ul>
19141 <li>Binaries are available at <a href="https://nycdn.netbsd.org/pub/NetBSD-daily/netbsd-9/latest/" rel="nofollow">https://nycdn.netbsd.org/pub/NetBSD-daily/netbsd-9/latest/</a></li>
19142 </ul>
19143 </blockquote>
19144
19145 <hr>
19146
19147 <h3><a href="https://medium.com/@aarontharris/xargs-wtf-34d2618286b7" rel="nofollow">xargs wtf</a></h3>
19148
19149 <blockquote>
19150 <p>xargs is probably one of the more difficult to understand of the unix command arsenal and of course that just means it’s one of the most useful too.<br>
19151 I discovered a handy trick that I thought was worth a share. Please note there are probably other (better) ways to do this but I did my stackoverflow research and found nothing better.<br>
19152 xargs — at least how I’ve most utilized it — is handy for taking some number of lines as input and doing some work per line. It’s hard to be more specific than that as it does so much else.<br>
19153 It literally took me an hour of piecing together random man pages + tips from 11 year olds on stack overflow, but eventually I produced this gem:<br>
19154 This is an example of how to find files matching a certain pattern and rename each of them. It sounds so trivial (and it is) but it demonstrates some cool tricks in an easy concept.</p>
19155 </blockquote>
19156
19157 <hr>
19158
19159 <h2>News Roundup</h2>
19160
19161 <h3><a href="https://bentsukun.ch/posts/pkgsrccon-2019/" rel="nofollow">PkgSrc: A Tale of Two Spellcheckers</a></h3>
19162
19163 <blockquote>
19164 <p>This is a transcript of the talk I gave at pkgsrcCon 2019 in Cambridge, UK. It is about spellcheckers, but there are much more general software engineering lessons that we can learn from this case study.<br>
19165 The reason I got into this subject at all was my paternal leave last year, when I finally had some more time to spend working on pkgsrc. It was a tiny item in the enormous TODO file at the top of the source tree (“update enchant to version 2.2”) that made me go into this rabbit hole.</p>
19166 </blockquote>
19167
19168 <hr>
19169
19170 <h3><a href="https://blog.netbsd.org/tnf/entry/adapting_triforceafl_for_netbsd_part1" rel="nofollow">Adapting TriforceAFL for NetBSD, Part 2</a></h3>
19171
19172 <blockquote>
19173 <p>I have been working on adapting TriforceAFL for NetBSD kernel syscall fuzzing. This blog post summarizes the work done until the second evaluation.<br>
19174 For work done during the first coding period, check out this post.</p>
19175 </blockquote>
19176
19177 <ul>
19178 <li>Summary
19179 > So far, the TriforceNetBSDSyscallFuzzer has been made available in the form of a pkgsrc package with the ability to fuzz most of NetBSD syscalls. In the final coding period of GSoC. I plan to analyse the crashes that were found until now. Integrate sanitizers, try and find more bugs and finally wrap up neatly with detailed documentation.
19180 > Last but not least, I would like to thank my mentor, Kamil Rytarowski for helping me through the process and guiding me. It has been a wonderful learning experience so far!</li>
19181 </ul>
19182
19183 <hr>
19184
19185 <h3><a href="https://www.synacktiv.com/posts/exploit/exploiting-a-no-name-freebsd-kernel-vulnerability.html" rel="nofollow">Exploiting a no-name freebsd kernel vulnerability</a></h3>
19186
19187 <ul>
19188 <li>A new patch has been recently shipped in FreeBSD kernels to fix a vulnerability (cve-2019-5602) present in the cdrom device. In this post, we will introduce the bug and discuss its exploitation on pre/post-SMEP FreeBSD revisions.
19189 > A closer look at the commit 6bcf6e3 shows that when invoking the CDIOCREADSUBCHANNEL_SYSSPACE ioctl, data are copied with bcopy instead of the copyout primitive. This endows a local attacker belonging to the operator group with an arbitrary write primitive in the kernel memory.</li>
19190 </ul>
19191
19192 <hr>
19193
19194 <h3>[Allan and Benedicts Conference Gear Breakdown]</h3>
19195
19196 <ul>
19197 <li></li>
19198 <li><p>Benedict’s Gear:</p>
19199
19200 <blockquote>
19201 <p><a href="https://www.glocalme.com/CA/en-US/cloudsim/g3" rel="nofollow">GlocalMe G3 Mobile Travel HotSpot and Powerbank</a><br>
19202 <a href="http://www.mogics.com/3824-2" rel="nofollow">Mogics Power Bagel</a><br>
19203 <a href="https://charbycharge.com/charby-sense-worlds-smartest-auto-cutoff-cable/" rel="nofollow">Charby Sense Power Cable</a></p>
19204 </blockquote></li>
19205 <li><p>Allan’s Gear:</p>
19206
19207 <blockquote>
19208 <p><a href="https://smile.amazon.com/gp/product/B013CEGGKI/" rel="nofollow">Huawei E5770s-320 4G LTE 150 Mbps Mobile WiFi Pro</a><br>
19209 <a href="https://smile.amazon.com/dp/B071HJFX27/" rel="nofollow">AOW Global Data SIM Card for On-Demand 4G LTE Mobile Data in Over 90 Countries</a><br>
19210 All my devices charge from USB-C, so that is great<br>
19211 More USB thumb drives than strictly necessary<br>
19212 My Lenovo X270 laptop running FreeBSD 13-current<br>
19213 My 2016 Macbook Pro (a prize from the raffle at vBSDCon 2017) that I use for email and video conferencing to preserve battery on my FreeBSD machine for work</p>
19214 </blockquote></li>
19215 </ul>
19216
19217 <hr>
19218
19219 <h2>Beastie Bits</h2>
19220
19221 <ul>
19222 <li><a href="https://www.youtube.com/watch?v=L9v4Mg8wi4U&feature=youtu.be" rel="nofollow">Replacing the Unix tradition (Warning may be rage inducing)</a></li>
19223 <li><a href="https://www.thanassis.space/remoteserial.html#remoteserial" rel="nofollow">Installing OpenBSD over remote serial on the AtomicPI</a></li>
19224 <li><a href="https://www.dragonflydigest.com/2019/08/05/23294.html" rel="nofollow">Zen 2 and DragonFly</a></li>
19225 <li><a href="https://blog.yukiisbo.red/posts/2019/05/improve-docking-on-freebsd/" rel="nofollow">Improve Docking on FreeBSD</a></li>
19226 <li><a href="https://vbsdcon.com/registration" rel="nofollow">Register for vBSDCon 2019, Sept 5-7 in Reston VA. Early bird ends August 15th.</a></li>
19227 <li><a href="https://2019.eurobsdcon.org/registration/" rel="nofollow">Register for EuroBSDCon 2019, Sept 19-22 in Lillehammer, Norway</a></li>
19228 </ul>
19229
19230 <hr>
19231
19232 <h2>Feedback/Questions</h2>
19233
19234 <ul>
19235 <li>JT - <a href="http://dpaste.com/0D7Y31E#wrap" rel="nofollow">Congrats</a></li>
19236 </ul>
19237
19238 <hr>
19239
19240 <ul>
19241 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
19242 </ul>
19243
19244 <hr>
19245
19246 <video controls preload="metadata" style=" width:426px; height:240px;">
19247 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0311.mp4" type="video/mp4">
19248 Your browser does not support the HTML5 video tag.
19249 </video>]]>
19250 </itunes:summary>
19251 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+JegpbEM1</fireside:playerURL>
19252 <fireside:playerEmbedCode>
19253 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+JegpbEM1" width="740" height="200" frameborder="0" scrolling="no">]]>
19254 </fireside:playerEmbedCode>
19255 </item>
19256 <item>
19257 <title>310: My New Free NAS</title>
19258 <link>https://www.bsdnow.tv/310</link>
19259 <guid isPermaLink="false">11bc3886-8630-42e4-8ce6-a97cfce82f4d</guid>
19260 <pubDate>Wed, 07 Aug 2019 20:00:00 -0700</pubDate>
19261 <author>Allan Jude</author>
19262 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/11bc3886-8630-42e4-8ce6-a97cfce82f4d.mp3" length="34679977" type="audio/mp3"/>
19263 <itunes:episodeType>full</itunes:episodeType>
19264 <itunes:author>Allan Jude</itunes:author>
19265 <itunes:subtitle>
19266 OPNsense 19.7.1 is out, ZFS on Linux still has annoying issues with ARC size, Hammer2 is now default, NetBSD audio – an application perspective, new FreeNAS Mini, and more. </itunes:subtitle>
19267 <itunes:duration>48:09</itunes:duration>
19268 <itunes:explicit>no</itunes:explicit>
19269 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
19270 <description>OPNsense 19.7.1 is out, ZFS on Linux still has annoying issues with ARC size, Hammer2 is now default, NetBSD audio – an application perspective, new FreeNAS Mini, and more.
19271 Headlines
19272 OPNsense 19.7.1 (https://opnsense.org/opnsense-19-7-1-released/)
19273 We do not wish to keep you from enjoying your summer time, but this
19274 is a recommended security update enriched with reliability fixes for the
19275 new 19.7 series. Of special note are performance improvements as well
19276 as a fix for a longstanding NAT before IPsec limitation.
19277 Full patch notes:
19278 system: do not create automatic copies of existing gateways
19279 system: do not translate empty tunables descriptions
19280 system: remove unwanted form action tags
19281 system: do not include Syslog-ng in rc.freebsd handler
19282 system: fix manual system log stop/start/restart
19283 system: scoped IPv6 "%" could confuse mwexecf(), use plain mwexec() instead
19284 system: allow curl-based downloads to use both trusted and local authorities
19285 system: fix group privilege print and correctly redirect after edit
19286 system: use cached address list in referrer check
19287 system: fix Syslog-ng search stats
19288 firewall: HTML-escape dynamic entries to display aliases
19289 firewall: display correct IP version in automatic rules
19290 firewall: fix a warning while reading empty outbound rules configuration
19291 firewall: skip illegal log lines in live log
19292 interfaces: performance improvements for configurations with hundreds of interfaces
19293 reporting: performance improvements for Python 3 NetFlow aggregator rewrite
19294 dhcp: move advanced router advertisement options to correct config section
19295 ipsec: replace global array access with function to ensure side-effect free boot
19296 ipsec: change DPD action on start to "dpdaction = restart"
19297 ipsec: remove already default "dpdaction = none" if not set
19298 ipsec: use interface IP address in local ID when doing NAT before IPsec
19299 web proxy: fix database reset for Squid 4 by replacing use of sslcrtd with securityfile_certgen
19300 plugins: os-acme-client 1.24[1]
19301 plugins: os-bind 1.6[2]
19302 plugins: os-dnscrypt-proxy 1.5[3]
19303 plugins: os-frr now restricts characters BGP prefix-list and route-maps[4]
19304 plugins: os-google-cloud-sdk 1.0[5]
19305 ports: curl 7.65.3[6]
19306 ports: monit 5.26.0[7]
19307 ports: openssh 8.0p1[8]
19308 ports: php 7.2.20[9]
19309 ports: python 3.7.4[10]
19310 ports: sqlite 3.29.0[11]
19311 ports: squid 4.8[12]
19312 Stay safe and hydrated, Your OPNsense team
19313 ZFS on Linux still has annoying issues with ARC size (https://utcc.utoronto.ca/~cks/space/blog/linux/ZFSOnLinuxARCShrinkage)
19314 One of the frustrating things about operating ZFS on Linux is that the ARC size is critical but ZFS's auto-tuning of it is opaque and apparently prone to malfunctions, where your ARC will mysteriously shrink drastically and then stick there.
19315 Linux's regular filesystem disk cache is very predictable; if you do disk IO, the cache will relentlessly grow to use all of your free memory. This sometimes disconcerts people when free reports that there's very little memory actually free, but at least you're getting value from your RAM. This is so reliable and regular that we generally don't think about 'is my system going to use all of my RAM as a disk cache', because the answer is always 'yes'. (The general filesystem cache is also called the page cache.)
19316 This is unfortunately not the case with the ZFS ARC in ZFS on Linux (and it wasn't necessarily the case even on Solaris). ZFS has both a current size and a 'target size' for the ARC (called 'c' in ZFS statistics). When your system boots this target size starts out as the maximum allowed size for the ARC, but various events afterward can cause it to be reduced (which obviously limits the size of your ARC, since that's its purpose). In practice, this reduction in the target size is both pretty sticky and rather mysterious (as ZFS on Linux doesn't currently expose enough statistics to tell why your ARC target size shrunk in any particular case).
19317 The net effect is that the ZFS ARC is not infrequently quite shy and hesitant about using memory, in stark contrast to Linux's normal filesystem cache. The default maximum ARC size starts out as only half of your RAM (unlike the regular filesystem cache, which will use all of it), and then it shrinks from there, sometimes very significantly, and once shrunk it only recovers slowly (if at all).
19318 News Roundup
19319 Hammer2 is now default (http://lists.dragonflybsd.org/pipermail/commits/2019-June/718989.html)
19320 ```
19321 commit a49112761c919d42d405ec10252eb0553662c824
19322 Author: Matthew Dillon <dillon at apollo.backplane.com>
19323 Date: Mon Jun 10 17:53:46 2019 -0700
19324 installer - Default to HAMMER2
19325
19326 * Change the installer default from HAMMER1 to HAMMER2.
19327
19328 * Adjust the nrelease build to print the location of the image files
19329 when it finishes.
19330 Summary of changes:
19331 nrelease/Makefile | 2 +-
19332 usr.sbin/installer/dfuibe_installer/flow.c | 20 ++++++++++----------
19333 2 files changed, 11 insertions(+), 11 deletions(-)
19334 http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/a49112761c919d42d405ec10252eb0553662c824
19335 ```
19336 NetBSD audio – an application perspective (https://netbsd.org/gallery/presentations/nia/netbsd-audio/)
19337 NetBSD audio – an application perspective ... or, "doing it natively, because we can"
19338 audio options for NetBSD in pkgsrc
19339 Use NetBSD native audio (sun audio/audioio.h)
19340 Or OSS emulation layer: Basically a wrapper around sun audio in the kernel. Incomplete and old version, but works for simple stuff
19341 Many many abstraction layers available:
19342 OpenAL-Soft
19343 alsa-lib (config file required)
19344 libao, GStreamer (plugins!)
19345 PortAudio, SDL
19346 PulseAudio, JACK
19347 ... lots more!? some obsolete stuff (esd, nas?)
19348 Advantages of using NetBSD audio directly
19349 Low latency, low CPU usage: Abstraction layers differ in latency (SDL2 vs ALSA/OpenAL)
19350 Query device information: Is /dev/audio1 a USB microphone or another sound card?
19351 Avoid bugs from excessive layering
19352 Nice API, well documented: [nia note: I had no idea how to write audio code. I read a man page and now I do.]
19353 Your code might work on illumos too
19354 [nia note: SDL2 seems very sensitive to the blk_ms sysctl being high or low, with other implementations there seems to be a less noticable difference. I don't know why.]
19355 New FreeNAS Mini (https://www.ixsystems.com/blog/new-freenas-mini-models-release-pr/)
19356 Two new FreeNAS Mini systems join the very popular FreeNAS Mini and Mini XL:
19357 FreeNAS Mini XL+: This powerful 10 Bay platform (8x 3.5” and 1x 2.5” hot-swap, 1x 2.5” internal) includes the latest, compact server technology and provides dual 10GbE ports, 8 CPU cores and 32 GB RAM for high performance workgroups. The Mini XL+ scales beyond 100TB and is ideal for very demanding applications, including hosting virtual machines and multimedia editing. Starting at $1499, the Mini XL+ configured with cache SSD and 80 TB capacity is $4299, and consumes about 100 Watts.
19358 FreeNAS Mini E: This cost-effective 4 Bay platform provides the resources required for SOHO use with quad GbE ports and 8 GB of RAM. The Mini E is ideal for file sharing, streaming and transcoding video at 1080p. Starting at $749, the Mini E configured with 8 TB capacity is $999, and consumes about 36 Watts.
19359 Beastie Bits
19360 Welcome to NetBSD 9.99.1! (https://mail-index.netbsd.org/source-changes/2019/07/30/msg107671.html)
19361 Berkeley smorgasbord — part II (http://blog.snailtext.com/posts/berkeley-smorgasbord-part-2.html)
19362 dtracing postgres (https://www.youtube.com/watch?v=Brt41xnMZqo&list=PLuJmmKtsV1dOTmlImlD9U5j1P1rLxS2V8&index=20&t=0s)
19363 Project Trident 19.07-U1 now available (https://project-trident.org/post/2019-07-30_19.07-u1_available/)
19364 Need a Secure Operating System? Take a Look at OpenBSD (https://www.devprojournal.com/technology-trends/operating-systems/need-a-secure-operating-system-take-a-look-at-openbsd/)
19365 Feedback/Questions
19366 Jeff - OpenZFS Port Testing Feedback (http://dpaste.com/2AT7JGP#wrap)
19367 Malcolm - Best Practices for Custom Ports (http://dpaste.com/1R170D7)
19368 Michael - Little Correction (http://dpaste.com/0CERP6R)
19369 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
19370 <video controls preload="metadata" style=" width:426px; height:240px;">
19371 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0310.mp4" type="video/mp4">
19372 Your browser does not support the HTML5 video tag.
19373 </video>
19374 </description>
19375 <itunes:keywords> freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, opnsense, zfs, arc, hammer2, audio, freenas, mini</itunes:keywords>
19376 <content:encoded>
19377 <![CDATA[<p>OPNsense 19.7.1 is out, ZFS on Linux still has annoying issues with ARC size, Hammer2 is now default, NetBSD audio – an application perspective, new FreeNAS Mini, and more. </p>
19378
19379 <h2>Headlines</h2>
19380
19381 <h3><a href="https://opnsense.org/opnsense-19-7-1-released/" rel="nofollow">OPNsense 19.7.1</a></h3>
19382
19383 <blockquote>
19384 <p>We do not wish to keep you from enjoying your summer time, but this<br>
19385 is a recommended security update enriched with reliability fixes for the<br>
19386 new 19.7 series. Of special note are performance improvements as well<br>
19387 as a fix for a longstanding NAT before IPsec limitation.</p>
19388
19389 <p>Full patch notes:</p>
19390 </blockquote>
19391
19392 <ul>
19393 <li>system: do not create automatic copies of existing gateways</li>
19394 <li>system: do not translate empty tunables descriptions</li>
19395 <li>system: remove unwanted form action tags</li>
19396 <li>system: do not include Syslog-ng in rc.freebsd handler</li>
19397 <li>system: fix manual system log stop/start/restart</li>
19398 <li>system: scoped IPv6 "%" could confuse mwexecf(), use plain mwexec() instead</li>
19399 <li>system: allow curl-based downloads to use both trusted and local authorities</li>
19400 <li>system: fix group privilege print and correctly redirect after edit</li>
19401 <li>system: use cached address list in referrer check</li>
19402 <li>system: fix Syslog-ng search stats</li>
19403 <li>firewall: HTML-escape dynamic entries to display aliases</li>
19404 <li>firewall: display correct IP version in automatic rules</li>
19405 <li>firewall: fix a warning while reading empty outbound rules configuration</li>
19406 <li>firewall: skip illegal log lines in live log</li>
19407 <li>interfaces: performance improvements for configurations with hundreds of interfaces</li>
19408 <li>reporting: performance improvements for Python 3 NetFlow aggregator rewrite</li>
19409 <li>dhcp: move advanced router advertisement options to correct config section</li>
19410 <li>ipsec: replace global array access with function to ensure side-effect free boot</li>
19411 <li>ipsec: change DPD action on start to "dpdaction = restart"</li>
19412 <li>ipsec: remove already default "dpdaction = none" if not set</li>
19413 <li>ipsec: use interface IP address in local ID when doing NAT before IPsec</li>
19414 <li>web proxy: fix database reset for Squid 4 by replacing use of ssl_crtd with security_file_certgen</li>
19415 <li>plugins: os-acme-client 1.24[1]</li>
19416 <li>plugins: os-bind 1.6[2]</li>
19417 <li>plugins: os-dnscrypt-proxy 1.5[3]</li>
19418 <li>plugins: os-frr now restricts characters BGP prefix-list and route-maps[4]</li>
19419 <li>plugins: os-google-cloud-sdk 1.0[5]</li>
19420 <li>ports: curl 7.65.3[6]</li>
19421 <li>ports: monit 5.26.0[7]</li>
19422 <li>ports: openssh 8.0p1[8]</li>
19423 <li>ports: php 7.2.20[9]</li>
19424 <li>ports: python 3.7.4[10]</li>
19425 <li>ports: sqlite 3.29.0[11]</li>
19426 <li>ports: squid 4.8[12]</li>
19427 </ul>
19428
19429 <blockquote>
19430 <p>Stay safe and hydrated, Your OPNsense team</p>
19431 </blockquote>
19432
19433 <hr>
19434
19435 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/linux/ZFSOnLinuxARCShrinkage" rel="nofollow">ZFS on Linux still has annoying issues with ARC size</a></h3>
19436
19437 <p><code>One of the frustrating things about operating ZFS on Linux is that the ARC size is critical but ZFS's auto-tuning of it is opaque and apparently prone to malfunctions, where your ARC will mysteriously shrink drastically and then stick there.</code></p>
19438
19439 <blockquote>
19440 <p>Linux's regular filesystem disk cache is very predictable; if you do disk IO, the cache will relentlessly grow to use all of your free memory. This sometimes disconcerts people when free reports that there's very little memory actually free, but at least you're getting value from your RAM. This is so reliable and regular that we generally don't think about 'is my system going to use all of my RAM as a disk cache', because the answer is always 'yes'. (The general filesystem cache is also called the page cache.)</p>
19441
19442 <p>This is unfortunately not the case with the ZFS ARC in ZFS on Linux (and it wasn't necessarily the case even on Solaris). ZFS has both a current size and a 'target size' for the ARC (called 'c' in ZFS statistics). When your system boots this target size starts out as the maximum allowed size for the ARC, but various events afterward can cause it to be reduced (which obviously limits the size of your ARC, since that's its purpose). In practice, this reduction in the target size is both pretty sticky and rather mysterious (as ZFS on Linux doesn't currently expose enough statistics to tell why your ARC target size shrunk in any particular case).</p>
19443
19444 <p>The net effect is that the ZFS ARC is not infrequently quite shy and hesitant about using memory, in stark contrast to Linux's normal filesystem cache. The default maximum ARC size starts out as only half of your RAM (unlike the regular filesystem cache, which will use all of it), and then it shrinks from there, sometimes very significantly, and once shrunk it only recovers slowly (if at all).</p>
19445 </blockquote>
19446
19447 <hr>
19448
19449 <h2>News Roundup</h2>
19450
19451 <h3><a href="http://lists.dragonflybsd.org/pipermail/commits/2019-June/718989.html" rel="nofollow">Hammer2 is now default</a></h3>
19452
19453 <pre><code>commit a49112761c919d42d405ec10252eb0553662c824
19454 Author: Matthew Dillon <dillon at apollo.backplane.com>
19455 Date: Mon Jun 10 17:53:46 2019 -0700
19456
19457 installer - Default to HAMMER2
19458
19459 * Change the installer default from HAMMER1 to HAMMER2.
19460
19461 * Adjust the nrelease build to print the location of the image files
19462 when it finishes.
19463
19464 Summary of changes:
19465 nrelease/Makefile | 2 +-
19466 usr.sbin/installer/dfuibe_installer/flow.c | 20 ++++++++++----------
19467 2 files changed, 11 insertions(+), 11 deletions(-)
19468
19469 http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/a49112761c919d42d405ec10252eb0553662c824
19470 </code></pre>
19471
19472 <hr>
19473
19474 <h3><a href="https://netbsd.org/gallery/presentations/nia/netbsd-audio/" rel="nofollow">NetBSD audio – an application perspective</a></h3>
19475
19476 <blockquote>
19477 <p>NetBSD audio – an application perspective ... or, "doing it natively, because we can"</p>
19478 </blockquote>
19479
19480 <ul>
19481 <li><p>audio options for NetBSD in pkgsrc</p>
19482
19483 <ul>
19484 <li>Use NetBSD native audio (sun audio/audioio.h)</li>
19485 <li>Or OSS emulation layer: Basically a wrapper around sun audio in the kernel. Incomplete and old version, but works for simple stuff</li>
19486 </ul></li>
19487 <li><p>Many many abstraction layers available:</p>
19488
19489 <ul>
19490 <li>OpenAL-Soft</li>
19491 <li>alsa-lib (config file required)</li>
19492 <li>libao, GStreamer (plugins!)</li>
19493 <li>PortAudio, SDL</li>
19494 <li>PulseAudio, JACK</li>
19495 <li>... lots more!? some obsolete stuff (esd, nas?)</li>
19496 </ul></li>
19497 <li><p>Advantages of using NetBSD audio directly</p>
19498
19499 <ul>
19500 <li>Low latency, low CPU usage: Abstraction layers differ in latency (SDL2 vs ALSA/OpenAL)</li>
19501 <li>Query device information: Is /dev/audio1 a USB microphone or another sound card?</li>
19502 <li>Avoid bugs from excessive layering</li>
19503 <li>Nice API, well documented: [nia note: I had no idea how to write audio code. I read a man page and now I do.]</li>
19504 <li>Your code might work on illumos too</li>
19505 </ul></li>
19506 <li><p>[nia note: SDL2 seems very sensitive to the blk_ms sysctl being high or low, with other implementations there seems to be a less noticable difference. I don't know why.]</p></li>
19507 </ul>
19508
19509 <hr>
19510
19511 <h3><a href="https://www.ixsystems.com/blog/new-freenas-mini-models-release-pr/" rel="nofollow">New FreeNAS Mini</a></h3>
19512
19513 <blockquote>
19514 <p>Two new FreeNAS Mini systems join the very popular FreeNAS Mini and Mini XL:</p>
19515
19516 <p>FreeNAS Mini XL+: This powerful 10 Bay platform (8x 3.5” and 1x 2.5” hot-swap, 1x 2.5” internal) includes the latest, compact server technology and provides dual 10GbE ports, 8 CPU cores and 32 GB RAM for high performance workgroups. The Mini XL+ scales beyond 100TB and is ideal for very demanding applications, including hosting virtual machines and multimedia editing. Starting at $1499, the Mini XL+ configured with cache SSD and 80 TB capacity is $4299, and consumes about 100 Watts.</p>
19517
19518 <p>FreeNAS Mini E: This cost-effective 4 Bay platform provides the resources required for SOHO use with quad GbE ports and 8 GB of RAM. The Mini E is ideal for file sharing, streaming and transcoding video at 1080p. Starting at $749, the Mini E configured with 8 TB capacity is $999, and consumes about 36 Watts.</p>
19519 </blockquote>
19520
19521 <hr>
19522
19523 <h2>Beastie Bits</h2>
19524
19525 <ul>
19526 <li><a href="https://mail-index.netbsd.org/source-changes/2019/07/30/msg107671.html" rel="nofollow">Welcome to NetBSD 9.99.1!</a></li>
19527 <li><a href="http://blog.snailtext.com/posts/berkeley-smorgasbord-part-2.html" rel="nofollow">Berkeley smorgasbord — part II</a></li>
19528 <li><a href="https://www.youtube.com/watch?v=Brt41xnMZqo&list=PLuJmmKtsV1dOTmlImlD9U5j1P1rLxS2V8&index=20&t=0s" rel="nofollow">dtracing postgres</a></li>
19529 <li><a href="https://project-trident.org/post/2019-07-30_19.07-u1_available/" rel="nofollow">Project Trident 19.07-U1 now available</a></li>
19530 <li><a href="https://www.devprojournal.com/technology-trends/operating-systems/need-a-secure-operating-system-take-a-look-at-openbsd/" rel="nofollow">Need a Secure Operating System? Take a Look at OpenBSD</a></li>
19531 </ul>
19532
19533 <hr>
19534
19535 <h2>Feedback/Questions</h2>
19536
19537 <ul>
19538 <li>Jeff - <a href="http://dpaste.com/2AT7JGP#wrap" rel="nofollow">OpenZFS Port Testing Feedback</a></li>
19539 <li>Malcolm - <a href="http://dpaste.com/1R170D7" rel="nofollow">Best Practices for Custom Ports</a></li>
19540 <li>Michael - <a href="http://dpaste.com/0CERP6R" rel="nofollow">Little Correction</a></li>
19541 </ul>
19542
19543 <hr>
19544
19545 <ul>
19546 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
19547 </ul>
19548
19549 <hr>
19550
19551 <video controls preload="metadata" style=" width:426px; height:240px;">
19552 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0310.mp4" type="video/mp4">
19553 Your browser does not support the HTML5 video tag.
19554 </video>]]>
19555 </content:encoded>
19556 <itunes:summary>
19557 <![CDATA[<p>OPNsense 19.7.1 is out, ZFS on Linux still has annoying issues with ARC size, Hammer2 is now default, NetBSD audio – an application perspective, new FreeNAS Mini, and more. </p>
19558
19559 <h2>Headlines</h2>
19560
19561 <h3><a href="https://opnsense.org/opnsense-19-7-1-released/" rel="nofollow">OPNsense 19.7.1</a></h3>
19562
19563 <blockquote>
19564 <p>We do not wish to keep you from enjoying your summer time, but this<br>
19565 is a recommended security update enriched with reliability fixes for the<br>
19566 new 19.7 series. Of special note are performance improvements as well<br>
19567 as a fix for a longstanding NAT before IPsec limitation.</p>
19568
19569 <p>Full patch notes:</p>
19570 </blockquote>
19571
19572 <ul>
19573 <li>system: do not create automatic copies of existing gateways</li>
19574 <li>system: do not translate empty tunables descriptions</li>
19575 <li>system: remove unwanted form action tags</li>
19576 <li>system: do not include Syslog-ng in rc.freebsd handler</li>
19577 <li>system: fix manual system log stop/start/restart</li>
19578 <li>system: scoped IPv6 "%" could confuse mwexecf(), use plain mwexec() instead</li>
19579 <li>system: allow curl-based downloads to use both trusted and local authorities</li>
19580 <li>system: fix group privilege print and correctly redirect after edit</li>
19581 <li>system: use cached address list in referrer check</li>
19582 <li>system: fix Syslog-ng search stats</li>
19583 <li>firewall: HTML-escape dynamic entries to display aliases</li>
19584 <li>firewall: display correct IP version in automatic rules</li>
19585 <li>firewall: fix a warning while reading empty outbound rules configuration</li>
19586 <li>firewall: skip illegal log lines in live log</li>
19587 <li>interfaces: performance improvements for configurations with hundreds of interfaces</li>
19588 <li>reporting: performance improvements for Python 3 NetFlow aggregator rewrite</li>
19589 <li>dhcp: move advanced router advertisement options to correct config section</li>
19590 <li>ipsec: replace global array access with function to ensure side-effect free boot</li>
19591 <li>ipsec: change DPD action on start to "dpdaction = restart"</li>
19592 <li>ipsec: remove already default "dpdaction = none" if not set</li>
19593 <li>ipsec: use interface IP address in local ID when doing NAT before IPsec</li>
19594 <li>web proxy: fix database reset for Squid 4 by replacing use of ssl_crtd with security_file_certgen</li>
19595 <li>plugins: os-acme-client 1.24[1]</li>
19596 <li>plugins: os-bind 1.6[2]</li>
19597 <li>plugins: os-dnscrypt-proxy 1.5[3]</li>
19598 <li>plugins: os-frr now restricts characters BGP prefix-list and route-maps[4]</li>
19599 <li>plugins: os-google-cloud-sdk 1.0[5]</li>
19600 <li>ports: curl 7.65.3[6]</li>
19601 <li>ports: monit 5.26.0[7]</li>
19602 <li>ports: openssh 8.0p1[8]</li>
19603 <li>ports: php 7.2.20[9]</li>
19604 <li>ports: python 3.7.4[10]</li>
19605 <li>ports: sqlite 3.29.0[11]</li>
19606 <li>ports: squid 4.8[12]</li>
19607 </ul>
19608
19609 <blockquote>
19610 <p>Stay safe and hydrated, Your OPNsense team</p>
19611 </blockquote>
19612
19613 <hr>
19614
19615 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/linux/ZFSOnLinuxARCShrinkage" rel="nofollow">ZFS on Linux still has annoying issues with ARC size</a></h3>
19616
19617 <p><code>One of the frustrating things about operating ZFS on Linux is that the ARC size is critical but ZFS's auto-tuning of it is opaque and apparently prone to malfunctions, where your ARC will mysteriously shrink drastically and then stick there.</code></p>
19618
19619 <blockquote>
19620 <p>Linux's regular filesystem disk cache is very predictable; if you do disk IO, the cache will relentlessly grow to use all of your free memory. This sometimes disconcerts people when free reports that there's very little memory actually free, but at least you're getting value from your RAM. This is so reliable and regular that we generally don't think about 'is my system going to use all of my RAM as a disk cache', because the answer is always 'yes'. (The general filesystem cache is also called the page cache.)</p>
19621
19622 <p>This is unfortunately not the case with the ZFS ARC in ZFS on Linux (and it wasn't necessarily the case even on Solaris). ZFS has both a current size and a 'target size' for the ARC (called 'c' in ZFS statistics). When your system boots this target size starts out as the maximum allowed size for the ARC, but various events afterward can cause it to be reduced (which obviously limits the size of your ARC, since that's its purpose). In practice, this reduction in the target size is both pretty sticky and rather mysterious (as ZFS on Linux doesn't currently expose enough statistics to tell why your ARC target size shrunk in any particular case).</p>
19623
19624 <p>The net effect is that the ZFS ARC is not infrequently quite shy and hesitant about using memory, in stark contrast to Linux's normal filesystem cache. The default maximum ARC size starts out as only half of your RAM (unlike the regular filesystem cache, which will use all of it), and then it shrinks from there, sometimes very significantly, and once shrunk it only recovers slowly (if at all).</p>
19625 </blockquote>
19626
19627 <hr>
19628
19629 <h2>News Roundup</h2>
19630
19631 <h3><a href="http://lists.dragonflybsd.org/pipermail/commits/2019-June/718989.html" rel="nofollow">Hammer2 is now default</a></h3>
19632
19633 <pre><code>commit a49112761c919d42d405ec10252eb0553662c824
19634 Author: Matthew Dillon <dillon at apollo.backplane.com>
19635 Date: Mon Jun 10 17:53:46 2019 -0700
19636
19637 installer - Default to HAMMER2
19638
19639 * Change the installer default from HAMMER1 to HAMMER2.
19640
19641 * Adjust the nrelease build to print the location of the image files
19642 when it finishes.
19643
19644 Summary of changes:
19645 nrelease/Makefile | 2 +-
19646 usr.sbin/installer/dfuibe_installer/flow.c | 20 ++++++++++----------
19647 2 files changed, 11 insertions(+), 11 deletions(-)
19648
19649 http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/a49112761c919d42d405ec10252eb0553662c824
19650 </code></pre>
19651
19652 <hr>
19653
19654 <h3><a href="https://netbsd.org/gallery/presentations/nia/netbsd-audio/" rel="nofollow">NetBSD audio – an application perspective</a></h3>
19655
19656 <blockquote>
19657 <p>NetBSD audio – an application perspective ... or, "doing it natively, because we can"</p>
19658 </blockquote>
19659
19660 <ul>
19661 <li><p>audio options for NetBSD in pkgsrc</p>
19662
19663 <ul>
19664 <li>Use NetBSD native audio (sun audio/audioio.h)</li>
19665 <li>Or OSS emulation layer: Basically a wrapper around sun audio in the kernel. Incomplete and old version, but works for simple stuff</li>
19666 </ul></li>
19667 <li><p>Many many abstraction layers available:</p>
19668
19669 <ul>
19670 <li>OpenAL-Soft</li>
19671 <li>alsa-lib (config file required)</li>
19672 <li>libao, GStreamer (plugins!)</li>
19673 <li>PortAudio, SDL</li>
19674 <li>PulseAudio, JACK</li>
19675 <li>... lots more!? some obsolete stuff (esd, nas?)</li>
19676 </ul></li>
19677 <li><p>Advantages of using NetBSD audio directly</p>
19678
19679 <ul>
19680 <li>Low latency, low CPU usage: Abstraction layers differ in latency (SDL2 vs ALSA/OpenAL)</li>
19681 <li>Query device information: Is /dev/audio1 a USB microphone or another sound card?</li>
19682 <li>Avoid bugs from excessive layering</li>
19683 <li>Nice API, well documented: [nia note: I had no idea how to write audio code. I read a man page and now I do.]</li>
19684 <li>Your code might work on illumos too</li>
19685 </ul></li>
19686 <li><p>[nia note: SDL2 seems very sensitive to the blk_ms sysctl being high or low, with other implementations there seems to be a less noticable difference. I don't know why.]</p></li>
19687 </ul>
19688
19689 <hr>
19690
19691 <h3><a href="https://www.ixsystems.com/blog/new-freenas-mini-models-release-pr/" rel="nofollow">New FreeNAS Mini</a></h3>
19692
19693 <blockquote>
19694 <p>Two new FreeNAS Mini systems join the very popular FreeNAS Mini and Mini XL:</p>
19695
19696 <p>FreeNAS Mini XL+: This powerful 10 Bay platform (8x 3.5” and 1x 2.5” hot-swap, 1x 2.5” internal) includes the latest, compact server technology and provides dual 10GbE ports, 8 CPU cores and 32 GB RAM for high performance workgroups. The Mini XL+ scales beyond 100TB and is ideal for very demanding applications, including hosting virtual machines and multimedia editing. Starting at $1499, the Mini XL+ configured with cache SSD and 80 TB capacity is $4299, and consumes about 100 Watts.</p>
19697
19698 <p>FreeNAS Mini E: This cost-effective 4 Bay platform provides the resources required for SOHO use with quad GbE ports and 8 GB of RAM. The Mini E is ideal for file sharing, streaming and transcoding video at 1080p. Starting at $749, the Mini E configured with 8 TB capacity is $999, and consumes about 36 Watts.</p>
19699 </blockquote>
19700
19701 <hr>
19702
19703 <h2>Beastie Bits</h2>
19704
19705 <ul>
19706 <li><a href="https://mail-index.netbsd.org/source-changes/2019/07/30/msg107671.html" rel="nofollow">Welcome to NetBSD 9.99.1!</a></li>
19707 <li><a href="http://blog.snailtext.com/posts/berkeley-smorgasbord-part-2.html" rel="nofollow">Berkeley smorgasbord — part II</a></li>
19708 <li><a href="https://www.youtube.com/watch?v=Brt41xnMZqo&list=PLuJmmKtsV1dOTmlImlD9U5j1P1rLxS2V8&index=20&t=0s" rel="nofollow">dtracing postgres</a></li>
19709 <li><a href="https://project-trident.org/post/2019-07-30_19.07-u1_available/" rel="nofollow">Project Trident 19.07-U1 now available</a></li>
19710 <li><a href="https://www.devprojournal.com/technology-trends/operating-systems/need-a-secure-operating-system-take-a-look-at-openbsd/" rel="nofollow">Need a Secure Operating System? Take a Look at OpenBSD</a></li>
19711 </ul>
19712
19713 <hr>
19714
19715 <h2>Feedback/Questions</h2>
19716
19717 <ul>
19718 <li>Jeff - <a href="http://dpaste.com/2AT7JGP#wrap" rel="nofollow">OpenZFS Port Testing Feedback</a></li>
19719 <li>Malcolm - <a href="http://dpaste.com/1R170D7" rel="nofollow">Best Practices for Custom Ports</a></li>
19720 <li>Michael - <a href="http://dpaste.com/0CERP6R" rel="nofollow">Little Correction</a></li>
19721 </ul>
19722
19723 <hr>
19724
19725 <ul>
19726 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
19727 </ul>
19728
19729 <hr>
19730
19731 <video controls preload="metadata" style=" width:426px; height:240px;">
19732 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0310.mp4" type="video/mp4">
19733 Your browser does not support the HTML5 video tag.
19734 </video>]]>
19735 </itunes:summary>
19736 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+IvVLOWrX</fireside:playerURL>
19737 <fireside:playerEmbedCode>
19738 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+IvVLOWrX" width="740" height="200" frameborder="0" scrolling="no">]]>
19739 </fireside:playerEmbedCode>
19740 </item>
19741 <item>
19742 <title>Episode 309: Get Your Telnet Fix</title>
19743 <link>https://www.bsdnow.tv/309</link>
19744 <guid isPermaLink="false">630a645e-fe37-4a56-a2fd-8c51abb5dfe5</guid>
19745 <pubDate>Wed, 31 Jul 2019 20:45:00 -0700</pubDate>
19746 <author>Allan Jude</author>
19747 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/630a645e-fe37-4a56-a2fd-8c51abb5dfe5.mp3" length="34856460" type="audio/mp3"/>
19748 <itunes:episodeType>full</itunes:episodeType>
19749 <itunes:author>Allan Jude</itunes:author>
19750 <itunes:subtitle>
19751 DragonFlyBSD Project colo upgrade, future trends, resuming ZFS send, realtime bandwidth terminal graph visualization, fixing telnet fixes, a chapter from the FBI’s history with OpenBSD, an OpenSSH vulnerability, and more.</itunes:subtitle>
19752 <itunes:duration>48:24</itunes:duration>
19753 <itunes:explicit>no</itunes:explicit>
19754 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
19755 <description>DragonFlyBSD Project Update - colo upgrade, future trends, resuming ZFS send, realtime bandwidth terminal graph visualization, fixing telnet fixes, a chapter from the FBI’s history with OpenBSD and an OpenSSH vuln, and more.
19756 Headlines
19757 DragonFlyBSD Project Update - colo upgrade, future trends (http://lists.dragonflybsd.org/pipermail/users/2019-July/358226.html)
19758 For the last week I've been testing out a replacement for Monster, our 48-core opteron server. The project will be removing Monster from the colo in a week or two and replacing it with three machines which together will use half the power that Monster did alone.
19759 The goal is to clear out a little power budget in the colo and to really beef-up our package-building capabilities to reduce the turn-around time needed to test ports syncs and updates to the binary package system.
19760 Currently we use two blades to do most of the building, plus monster sometimes. The blades take almost a week (120 hours+) to do a full synth run and monster takes around 27.5 hours. But we need to do three bulk builds more or less at the same time... one for the release branch, one for the development branch, and one for staging updates. It just takes too long and its been gnawing at me for a little while.
19761 Well, Zen 2 to the rescue! These new CPUs can take ECC, there's actually an IPMI mobo available, and they are fast as hell and cheap for what we get.
19762 The new machines will be two 3900X based servers, plus a dual-xeon system that I already had at home. The 3900X's can each do a full synth run in 24.5 hours and the Xeon can do it in around 31 hours. Monster will be retired. And the crazy thing about this? Monster burns 1000W going full bore. Each of the 3900X servers burns 160W and the Xeon burns 200W. In otherwords, we are replacing 1000W with only 520W and getting roughly 6x the performance efficiency in the upgrade. This tell you just how much more power-efficient machines have become in the last 9 years or so. > This upgrade will allow us to do full builds for both release and dev in roughly one day instead of seven days, and do it without interfering with staging work that might be happening at the same time.
19763 Future trends - DragonFlyBSD has reached a bit of a cross-roads. With most of the SMP work now essentially complete across the entire system the main project focus is now on supplying reliable binary ports for release and developer branches, DRM (GPU) support and other UI elements to keep DragonFlyBSD relevant on workstations, and continuing Filesystem work on HAMMER2 to get multi-device and clustering going.
19764 Resuming ZFS send (https://www.oshogbo.vexillium.org/blog/66/)
19765 One of the amazing functionalities of ZFS is the possibility of sending a whole dataset from one place to another. This mechanism is amazing to create backups of your ZFS based machines. Although, there were some issues with this functionality for a long time when a user sent a big chunk of data. What if you would do that over the network and your connection has disappeared? What if your machine was rebooted as you are sending a snapshot?
19766 For a very long time, you didn't have any options - you had to send a snapshot from the beginning. Now, this limitation was already bad enough. However, another downside of this approach was that all the data which you already send was thrown away. Therefore, ZFS had to go over all this data and remove them from the dataset. Imagine the terabytes of data which you sent via the network was thrown away because as you were sending the last few bytes, the network went off.
19767 In this short post, I don't want to go over the whole ZFS snapshot infrastructure (if you think that such a post would be useful, please leave a comment). Now, to get back to the point, this infrastructure is used to clone the datasets. Some time ago a new feature called “Resuming ZFS send” was introduced. That means that if there was some problem with transmitting the dataset from one point to another you could resume it or throw them away. But the point is, that yes, you finally have a choice.
19768 News Roundup
19769 Realtime bandwidth terminal graph visualization (https://dataswamp.org/~solene/2019-07-19-ttyplot-netstat-openbsd.html)
19770 If for some reasons you want to visualize your bandwidth traffic on an interface (in or out) in a terminal with a nice graph, here is a small script to do so, involving ttyplot, a nice software making graphics in a terminal.
19771 The following will works on OpenBSD. You can install ttyplot by pkg_add ttyplot as root, ttyplot package appeared since OpenBSD 6.5.
19772 fixing telnet fixes (https://flak.tedunangst.com/post/fixing-telnet-fixes)
19773 There’s a FreeBSD commit to telnet. fix a couple of snprintf() buffer overflows. It’s received a bit of attention for various reasons, telnet in 2019?, etc. I thought I’d take a look. Here’s a few random observations.
19774 The first line is indented with spaces while the others use tabs.
19775 The correct type for string length is size_t not unsigned int.
19776 sizeof(char) is always one. There’s no need to multiply by it.
19777 If you do need to multiply by a size, this is an unsafe pattern. Use calloc or something similar. (OpenBSD provides reallocarray to avoid zeroing cost of calloc.)
19778 Return value of malloc doesn’t need to be cast. In fact, should not be, lest you disguise a warning.
19779 Return value of malloc is not checked for NULL.
19780 No reason to cast cp to char * when passing to snprintf. It already is that type. And if it weren’t, what are you doing?
19781 The whole operation could be simplified by using asprintf.
19782 Although unlikely (probably impossible here, but more generally), adding the two source lengths together can overflow, resulting in truncation with an unchecked snprintf call. asprintf avoids this failure case.
19783 A Chapter from the FBI’s History with OpenBSD and an OpenSSH Vuln (https://twitter.com/RooneyMcNibNug/status/1152327783055601664)
19784 Earlier this year I FOIAed the FBI for details on allegations of backdoor installed in the IPSEC stack in 2010, originally discussed by OpenBSD devs (https://marc.info/?l=openbsd-tech&m=129236621626462 …) Today, I got an interesting but unexpected responsive record:
19785 Freedom of Information Act: FBI: OpenBSD (https://www.muckrock.com/foi/united-states-of-america-10/foia-fbi-openbsd-70084/)
19786 GitHub Repo (https://github.com/RooneyMcNibNug/FOIA/blob/master/Responsive%20Docs/OpenBSD/FBI_OpenBSD_response_OCRd.pdf)
19787 Beastie Bits
19788 “Sudo Mastery, 2nd Edition” open for tech review (https://mwl.io/archives/4378)
19789 FreeBSD Journal: FreeBSD for Makers (https://www.freebsdnews.com/2019/07/12/freebsd-journal-freebsd-for-makers/)
19790 OpenBSD and NetBSD machines at Open Source Conference 2019 Nagoya (http://mail-index.netbsd.org/netbsd-advocacy/2019/07/19/msg000808.html)
19791 FreeBSD 12.0: WINE Gaming (https://www.youtube.com/watch?v=zuj9pRNR2oM)
19792 Introduction to the Structure and Interpretation of TNF (The NetBSD Foundation) (https://www.netbsd.org/gallery/presentations/wiz/pkgsrccon2019/index.html#/)
19793 vBSDcon speakers announced (https://www.vbsdcon.com/)
19794 Feedback/Questions
19795 Pat - NYCBug Aug 7th (http://dpaste.com/21Y1PRM)
19796 Tyler - SSH keys vs password (http://dpaste.com/3JEVVEF#wrap)
19797 Lars - Tor-Talk (http://dpaste.com/0RAFMXZ)
19798 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
19799 <video controls preload="metadata" style=" width:426px; height:240px;">
19800 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0309.mp4" type="video/mp4">
19801 Your browser does not support the HTML5 video tag.
19802 </video>
19803 </description>
19804 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, zfs, send, terminal, bandwidth, graph, realtime, telnet</itunes:keywords>
19805 <content:encoded>
19806 <![CDATA[<p>DragonFlyBSD Project Update - colo upgrade, future trends, resuming ZFS send, realtime bandwidth terminal graph visualization, fixing telnet fixes, a chapter from the FBI’s history with OpenBSD and an OpenSSH vuln, and more.</p>
19807
19808 <h2>Headlines</h2>
19809
19810 <h3><a href="http://lists.dragonflybsd.org/pipermail/users/2019-July/358226.html" rel="nofollow">DragonFlyBSD Project Update - colo upgrade, future trends</a></h3>
19811
19812 <blockquote>
19813 <p>For the last week I've been testing out a replacement for Monster, our 48-core opteron server. The project will be removing Monster from the colo in a week or two and replacing it with three machines which together will use half the power that Monster did alone.</p>
19814
19815 <p>The goal is to clear out a little power budget in the colo and to really beef-up our package-building capabilities to reduce the turn-around time needed to test ports syncs and updates to the binary package system.</p>
19816
19817 <p>Currently we use two blades to do most of the building, plus monster sometimes. The blades take almost a week (120 hours+) to do a full synth run and monster takes around 27.5 hours. But we need to do three bulk builds more or less at the same time... one for the release branch, one for the development branch, and one for staging updates. It just takes too long and its been gnawing at me for a little while.</p>
19818
19819 <p>Well, Zen 2 to the rescue! These new CPUs can take ECC, there's actually an IPMI mobo available, and they are fast as hell and cheap for what we get. </p>
19820
19821 <p>The new machines will be two 3900X based servers, plus a dual-xeon system that I already had at home. The 3900X's can each do a full synth run in 24.5 hours and the Xeon can do it in around 31 hours. Monster will be retired. And the crazy thing about this? Monster burns 1000W going full bore. Each of the 3900X servers burns 160W and the Xeon burns 200W. In otherwords, we are replacing 1000W with only 520W and getting roughly 6x the performance efficiency in the upgrade. This tell you just how much more power-efficient machines have become in the last 9 years or so. > This upgrade will allow us to do full builds for both release and dev in roughly one day instead of seven days, and do it without interfering with staging work that might be happening at the same time.</p>
19822
19823 <p>Future trends - DragonFlyBSD has reached a bit of a cross-roads. With most of the SMP work now essentially complete across the entire system the main project focus is now on supplying reliable binary ports for release and developer branches, DRM (GPU) support and other UI elements to keep DragonFlyBSD relevant on workstations, and continuing Filesystem work on HAMMER2 to get multi-device and clustering going.</p>
19824 </blockquote>
19825
19826 <hr>
19827
19828 <h3><a href="https://www.oshogbo.vexillium.org/blog/66/" rel="nofollow">Resuming ZFS send</a></h3>
19829
19830 <blockquote>
19831 <p>One of the amazing functionalities of ZFS is the possibility of sending a whole dataset from one place to another. This mechanism is amazing to create backups of your ZFS based machines. Although, there were some issues with this functionality for a long time when a user sent a big chunk of data. What if you would do that over the network and your connection has disappeared? What if your machine was rebooted as you are sending a snapshot?</p>
19832
19833 <p>For a very long time, you didn't have any options - you had to send a snapshot from the beginning. Now, this limitation was already bad enough. However, another downside of this approach was that all the data which you already send was thrown away. Therefore, ZFS had to go over all this data and remove them from the dataset. Imagine the terabytes of data which you sent via the network was thrown away because as you were sending the last few bytes, the network went off.</p>
19834
19835 <p>In this short post, I don't want to go over the whole ZFS snapshot infrastructure (if you think that such a post would be useful, please leave a comment). Now, to get back to the point, this infrastructure is used to clone the datasets. Some time ago a new feature called “Resuming ZFS send” was introduced. That means that if there was some problem with transmitting the dataset from one point to another you could resume it or throw them away. But the point is, that yes, you finally have a choice.</p>
19836 </blockquote>
19837
19838 <hr>
19839
19840 <h2>News Roundup</h2>
19841
19842 <h3><a href="https://dataswamp.org/%7Esolene/2019-07-19-ttyplot-netstat-openbsd.html" rel="nofollow">Realtime bandwidth terminal graph visualization</a></h3>
19843
19844 <blockquote>
19845 <p>If for some reasons you want to visualize your bandwidth traffic on an interface (in or out) in a terminal with a nice graph, here is a small script to do so, involving ttyplot, a nice software making graphics in a terminal.</p>
19846
19847 <p>The following will works on OpenBSD. You can install ttyplot by pkg_add ttyplot as root, ttyplot package appeared since OpenBSD 6.5.</p>
19848 </blockquote>
19849
19850 <hr>
19851
19852 <h3><a href="https://flak.tedunangst.com/post/fixing-telnet-fixes" rel="nofollow">fixing telnet fixes</a></h3>
19853
19854 <blockquote>
19855 <p>There’s a FreeBSD commit to telnet. fix a couple of snprintf() buffer overflows. It’s received a bit of attention for various reasons, telnet in 2019?, etc. I thought I’d take a look. Here’s a few random observations.</p>
19856
19857 <ol>
19858 <li><p>The first line is indented with spaces while the others use tabs.</p></li>
19859 <li><p>The correct type for string length is size_t not unsigned int.</p></li>
19860 <li><p>sizeof(char) is always one. There’s no need to multiply by it.</p></li>
19861 <li><p>If you do need to multiply by a size, this is an unsafe pattern. Use calloc or something similar. (OpenBSD provides reallocarray to avoid zeroing cost of calloc.)</p></li>
19862 <li><p>Return value of malloc doesn’t need to be cast. In fact, should not be, lest you disguise a warning.</p></li>
19863 <li><p>Return value of malloc is not checked for NULL.</p></li>
19864 <li><p>No reason to cast cp to char * when passing to snprintf. It already is that type. And if it weren’t, what are you doing?</p></li>
19865 <li><p>The whole operation could be simplified by using asprintf.</p></li>
19866 <li><p>Although unlikely (probably impossible here, but more generally), adding the two source lengths together can overflow, resulting in truncation with an unchecked snprintf call. asprintf avoids this failure case.</p></li>
19867 </ol>
19868 </blockquote>
19869
19870 <hr>
19871
19872 <h3><a href="https://twitter.com/RooneyMcNibNug/status/1152327783055601664" rel="nofollow">A Chapter from the FBI’s History with OpenBSD and an OpenSSH Vuln</a></h3>
19873
19874 <blockquote>
19875 <p>Earlier this year I FOIAed the FBI for details on allegations of backdoor installed in the IPSEC stack in 2010, originally discussed by OpenBSD devs (<a href="https://marc.info/?l=openbsd-tech&m=129236621626462" rel="nofollow">https://marc.info/?l=openbsd-tech&m=129236621626462</a> …) Today, I got an interesting but unexpected responsive record: </p>
19876 </blockquote>
19877
19878 <ul>
19879 <li><a href="https://www.muckrock.com/foi/united-states-of-america-10/foia-fbi-openbsd-70084/" rel="nofollow">Freedom of Information Act: FBI: OpenBSD</a> </li>
19880 <li><a href="https://github.com/RooneyMcNibNug/FOIA/blob/master/Responsive%20Docs/OpenBSD/FBI_OpenBSD_response_OCRd.pdf" rel="nofollow">GitHub Repo</a></li>
19881 </ul>
19882
19883 <hr>
19884
19885 <h2>Beastie Bits</h2>
19886
19887 <ul>
19888 <li><a href="https://mwl.io/archives/4378" rel="nofollow">“Sudo Mastery, 2nd Edition” open for tech review</a></li>
19889 <li><a href="https://www.freebsdnews.com/2019/07/12/freebsd-journal-freebsd-for-makers/" rel="nofollow">FreeBSD Journal: FreeBSD for Makers</a></li>
19890 <li><a href="http://mail-index.netbsd.org/netbsd-advocacy/2019/07/19/msg000808.html" rel="nofollow">OpenBSD and NetBSD machines at Open Source Conference 2019 Nagoya</a></li>
19891 <li><a href="https://www.youtube.com/watch?v=zuj9pRNR2oM" rel="nofollow">FreeBSD 12.0: WINE Gaming</a></li>
19892 <li><a href="https://www.netbsd.org/gallery/presentations/wiz/pkgsrccon2019/index.html#/" rel="nofollow">Introduction to the Structure and Interpretation of TNF (The NetBSD Foundation)</a></li>
19893 <li><a href="https://www.vbsdcon.com/" rel="nofollow">vBSDcon speakers announced</a></li>
19894 </ul>
19895
19896 <hr>
19897
19898 <h2>Feedback/Questions</h2>
19899
19900 <ul>
19901 <li>Pat - <a href="http://dpaste.com/21Y1PRM" rel="nofollow">NYCBug Aug 7th</a></li>
19902 <li>Tyler - <a href="http://dpaste.com/3JEVVEF#wrap" rel="nofollow">SSH keys vs password</a></li>
19903 <li>Lars - <a href="http://dpaste.com/0RAFMXZ" rel="nofollow">Tor-Talk</a></li>
19904 </ul>
19905
19906 <hr>
19907
19908 <ul>
19909 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
19910 </ul>
19911
19912 <hr>
19913
19914 <video controls preload="metadata" style=" width:426px; height:240px;">
19915 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0309.mp4" type="video/mp4">
19916 Your browser does not support the HTML5 video tag.
19917 </video>]]>
19918 </content:encoded>
19919 <itunes:summary>
19920 <![CDATA[<p>DragonFlyBSD Project Update - colo upgrade, future trends, resuming ZFS send, realtime bandwidth terminal graph visualization, fixing telnet fixes, a chapter from the FBI’s history with OpenBSD and an OpenSSH vuln, and more.</p>
19921
19922 <h2>Headlines</h2>
19923
19924 <h3><a href="http://lists.dragonflybsd.org/pipermail/users/2019-July/358226.html" rel="nofollow">DragonFlyBSD Project Update - colo upgrade, future trends</a></h3>
19925
19926 <blockquote>
19927 <p>For the last week I've been testing out a replacement for Monster, our 48-core opteron server. The project will be removing Monster from the colo in a week or two and replacing it with three machines which together will use half the power that Monster did alone.</p>
19928
19929 <p>The goal is to clear out a little power budget in the colo and to really beef-up our package-building capabilities to reduce the turn-around time needed to test ports syncs and updates to the binary package system.</p>
19930
19931 <p>Currently we use two blades to do most of the building, plus monster sometimes. The blades take almost a week (120 hours+) to do a full synth run and monster takes around 27.5 hours. But we need to do three bulk builds more or less at the same time... one for the release branch, one for the development branch, and one for staging updates. It just takes too long and its been gnawing at me for a little while.</p>
19932
19933 <p>Well, Zen 2 to the rescue! These new CPUs can take ECC, there's actually an IPMI mobo available, and they are fast as hell and cheap for what we get. </p>
19934
19935 <p>The new machines will be two 3900X based servers, plus a dual-xeon system that I already had at home. The 3900X's can each do a full synth run in 24.5 hours and the Xeon can do it in around 31 hours. Monster will be retired. And the crazy thing about this? Monster burns 1000W going full bore. Each of the 3900X servers burns 160W and the Xeon burns 200W. In otherwords, we are replacing 1000W with only 520W and getting roughly 6x the performance efficiency in the upgrade. This tell you just how much more power-efficient machines have become in the last 9 years or so. > This upgrade will allow us to do full builds for both release and dev in roughly one day instead of seven days, and do it without interfering with staging work that might be happening at the same time.</p>
19936
19937 <p>Future trends - DragonFlyBSD has reached a bit of a cross-roads. With most of the SMP work now essentially complete across the entire system the main project focus is now on supplying reliable binary ports for release and developer branches, DRM (GPU) support and other UI elements to keep DragonFlyBSD relevant on workstations, and continuing Filesystem work on HAMMER2 to get multi-device and clustering going.</p>
19938 </blockquote>
19939
19940 <hr>
19941
19942 <h3><a href="https://www.oshogbo.vexillium.org/blog/66/" rel="nofollow">Resuming ZFS send</a></h3>
19943
19944 <blockquote>
19945 <p>One of the amazing functionalities of ZFS is the possibility of sending a whole dataset from one place to another. This mechanism is amazing to create backups of your ZFS based machines. Although, there were some issues with this functionality for a long time when a user sent a big chunk of data. What if you would do that over the network and your connection has disappeared? What if your machine was rebooted as you are sending a snapshot?</p>
19946
19947 <p>For a very long time, you didn't have any options - you had to send a snapshot from the beginning. Now, this limitation was already bad enough. However, another downside of this approach was that all the data which you already send was thrown away. Therefore, ZFS had to go over all this data and remove them from the dataset. Imagine the terabytes of data which you sent via the network was thrown away because as you were sending the last few bytes, the network went off.</p>
19948
19949 <p>In this short post, I don't want to go over the whole ZFS snapshot infrastructure (if you think that such a post would be useful, please leave a comment). Now, to get back to the point, this infrastructure is used to clone the datasets. Some time ago a new feature called “Resuming ZFS send” was introduced. That means that if there was some problem with transmitting the dataset from one point to another you could resume it or throw them away. But the point is, that yes, you finally have a choice.</p>
19950 </blockquote>
19951
19952 <hr>
19953
19954 <h2>News Roundup</h2>
19955
19956 <h3><a href="https://dataswamp.org/%7Esolene/2019-07-19-ttyplot-netstat-openbsd.html" rel="nofollow">Realtime bandwidth terminal graph visualization</a></h3>
19957
19958 <blockquote>
19959 <p>If for some reasons you want to visualize your bandwidth traffic on an interface (in or out) in a terminal with a nice graph, here is a small script to do so, involving ttyplot, a nice software making graphics in a terminal.</p>
19960
19961 <p>The following will works on OpenBSD. You can install ttyplot by pkg_add ttyplot as root, ttyplot package appeared since OpenBSD 6.5.</p>
19962 </blockquote>
19963
19964 <hr>
19965
19966 <h3><a href="https://flak.tedunangst.com/post/fixing-telnet-fixes" rel="nofollow">fixing telnet fixes</a></h3>
19967
19968 <blockquote>
19969 <p>There’s a FreeBSD commit to telnet. fix a couple of snprintf() buffer overflows. It’s received a bit of attention for various reasons, telnet in 2019?, etc. I thought I’d take a look. Here’s a few random observations.</p>
19970
19971 <ol>
19972 <li><p>The first line is indented with spaces while the others use tabs.</p></li>
19973 <li><p>The correct type for string length is size_t not unsigned int.</p></li>
19974 <li><p>sizeof(char) is always one. There’s no need to multiply by it.</p></li>
19975 <li><p>If you do need to multiply by a size, this is an unsafe pattern. Use calloc or something similar. (OpenBSD provides reallocarray to avoid zeroing cost of calloc.)</p></li>
19976 <li><p>Return value of malloc doesn’t need to be cast. In fact, should not be, lest you disguise a warning.</p></li>
19977 <li><p>Return value of malloc is not checked for NULL.</p></li>
19978 <li><p>No reason to cast cp to char * when passing to snprintf. It already is that type. And if it weren’t, what are you doing?</p></li>
19979 <li><p>The whole operation could be simplified by using asprintf.</p></li>
19980 <li><p>Although unlikely (probably impossible here, but more generally), adding the two source lengths together can overflow, resulting in truncation with an unchecked snprintf call. asprintf avoids this failure case.</p></li>
19981 </ol>
19982 </blockquote>
19983
19984 <hr>
19985
19986 <h3><a href="https://twitter.com/RooneyMcNibNug/status/1152327783055601664" rel="nofollow">A Chapter from the FBI’s History with OpenBSD and an OpenSSH Vuln</a></h3>
19987
19988 <blockquote>
19989 <p>Earlier this year I FOIAed the FBI for details on allegations of backdoor installed in the IPSEC stack in 2010, originally discussed by OpenBSD devs (<a href="https://marc.info/?l=openbsd-tech&m=129236621626462" rel="nofollow">https://marc.info/?l=openbsd-tech&m=129236621626462</a> …) Today, I got an interesting but unexpected responsive record: </p>
19990 </blockquote>
19991
19992 <ul>
19993 <li><a href="https://www.muckrock.com/foi/united-states-of-america-10/foia-fbi-openbsd-70084/" rel="nofollow">Freedom of Information Act: FBI: OpenBSD</a> </li>
19994 <li><a href="https://github.com/RooneyMcNibNug/FOIA/blob/master/Responsive%20Docs/OpenBSD/FBI_OpenBSD_response_OCRd.pdf" rel="nofollow">GitHub Repo</a></li>
19995 </ul>
19996
19997 <hr>
19998
19999 <h2>Beastie Bits</h2>
20000
20001 <ul>
20002 <li><a href="https://mwl.io/archives/4378" rel="nofollow">“Sudo Mastery, 2nd Edition” open for tech review</a></li>
20003 <li><a href="https://www.freebsdnews.com/2019/07/12/freebsd-journal-freebsd-for-makers/" rel="nofollow">FreeBSD Journal: FreeBSD for Makers</a></li>
20004 <li><a href="http://mail-index.netbsd.org/netbsd-advocacy/2019/07/19/msg000808.html" rel="nofollow">OpenBSD and NetBSD machines at Open Source Conference 2019 Nagoya</a></li>
20005 <li><a href="https://www.youtube.com/watch?v=zuj9pRNR2oM" rel="nofollow">FreeBSD 12.0: WINE Gaming</a></li>
20006 <li><a href="https://www.netbsd.org/gallery/presentations/wiz/pkgsrccon2019/index.html#/" rel="nofollow">Introduction to the Structure and Interpretation of TNF (The NetBSD Foundation)</a></li>
20007 <li><a href="https://www.vbsdcon.com/" rel="nofollow">vBSDcon speakers announced</a></li>
20008 </ul>
20009
20010 <hr>
20011
20012 <h2>Feedback/Questions</h2>
20013
20014 <ul>
20015 <li>Pat - <a href="http://dpaste.com/21Y1PRM" rel="nofollow">NYCBug Aug 7th</a></li>
20016 <li>Tyler - <a href="http://dpaste.com/3JEVVEF#wrap" rel="nofollow">SSH keys vs password</a></li>
20017 <li>Lars - <a href="http://dpaste.com/0RAFMXZ" rel="nofollow">Tor-Talk</a></li>
20018 </ul>
20019
20020 <hr>
20021
20022 <ul>
20023 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
20024 </ul>
20025
20026 <hr>
20027
20028 <video controls preload="metadata" style=" width:426px; height:240px;">
20029 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0309.mp4" type="video/mp4">
20030 Your browser does not support the HTML5 video tag.
20031 </video>]]>
20032 </itunes:summary>
20033 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+8-NK-R3F</fireside:playerURL>
20034 <fireside:playerEmbedCode>
20035 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+8-NK-R3F" width="740" height="200" frameborder="0" scrolling="no">]]>
20036 </fireside:playerEmbedCode>
20037 </item>
20038 <item>
20039 <title>308: Mumbling with OpenBSD</title>
20040 <link>https://www.bsdnow.tv/308</link>
20041 <guid isPermaLink="false">583db96b-f838-461b-a366-c6d49825c5be</guid>
20042 <pubDate>Wed, 24 Jul 2019 20:00:00 -0700</pubDate>
20043 <author>Allan Jude</author>
20044 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/583db96b-f838-461b-a366-c6d49825c5be.mp3" length="31984767" type="audio/mp3"/>
20045 <itunes:episodeType>full</itunes:episodeType>
20046 <itunes:author>Allan Jude</itunes:author>
20047 <itunes:subtitle>Replacing a (silently) failing disk in a ZFS pool, OPNsense 19.7 RC1 released, implementing DRM ioctl support for NetBSD, High quality/low latency VOIP server with umurmur/Mumble on OpenBSD, the PDP-7 where Unix began, LLDB watchpoints, and more.</itunes:subtitle>
20048 <itunes:duration>44:25</itunes:duration>
20049 <itunes:explicit>no</itunes:explicit>
20050 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
20051 <description>Replacing a (silently) failing disk in a ZFS pool, OPNsense 19.7 RC1 released, implementing DRM ioctl support for NetBSD, High quality/low latency VOIP server with umurmur/Mumble on OpenBSD, the PDP-7 where Unix began, LLDB watchpoints, and more.
20052 Headlines
20053 Replacing a (silently) failing disk in a ZFS pool (https://imil.net/blog/2019/07/02/Replacing-a-silently-failing-disk-in-a-ZFS-pool/)
20054 Maybe I can’t read, but I have the feeling that official documentations explain every single corner case for a given tool, except the one you will actually need. My today’s struggle: replacing a disk within a FreeBSD ZFS pool.
20055 What? there’s a shitton of docs on this topic! Are you stupid?
20056 I don’t know, maybe. Yet none covered the process in a simple, straight and complete manner.
20057 OPNsense 19.7 RC1 released (https://opnsense.org/opnsense-19-7-rc1-released/)
20058 Hi there,
20059 For four and a half years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.
20060 We thank all of you for helping test, shape and contribute to the project! We know it would not be the same without you.
20061 Download links, an installation guide[1] and the checksums for the images can be found below as well.
20062 News Roundup
20063 Implementation of DRM ioctl Support for NetBSD kernel (https://blog.netbsd.org/tnf/entry/implementation_of_drm_ioctl_support)
20064 What is DRM ioctl ?
20065 Ioctls are input/output control system calls and DRM stands for direct rendering manager The DRM layer provides several services to graphics drivers, many of them driven by the application interfaces it provides through libdrm, the library that wraps most of the DRM ioctls. These include vblank event handling, memory management, output management, framebuffer management, command submission & fencing, suspend/resume support, and DMA services.
20066 Native DRM ioctl calls
20067 NetBSD was able to make native DRM ioctl calls with hardware rendering once xorg and proper mesa packages where installed. We used the glxinfo and glxgears applications to test this out.
20068 High quality / low latency VOIP server with umurmur/Mumble on OpenBSD (https://dataswamp.org/~solene/2019-07-04-umurmur.html)
20069 Discord users keep telling about their so called discord server, which is not dedicated to them at all. And Discord has a very bad quality and a lot of voice distorsion.
20070 Why not run your very own mumble server with high voice quality and low latency and privacy respect? This is very easy to setup on OpenBSD!
20071 Mumble is an open source voip client, it has a client named Mumble (available on various operating system) and at least Android, the server part is murmur but there is a lightweight server named umurmur. People authentication is done through certificate generated locally and automatically accepted on a server, and the certificate get associated with a nickname. Nobody can pick the same nickname as another person if it’s not the same certificate.
20072 TMWL June’19 — JS Fetch API, scheduling in Spring, thoughts on Unix (https://blog.softwaremill.com/tmwl-june19-js-fetch-api-scheduling-in-spring-thoughts-on-unix-fd54f50ecd64)
20073 Unix — going back to the roots
20074 From time to time, I like to review my knowledge in a certain area, even when I feel like I know a lot about it already. I go back to the basics and read tutorials, manuals, books or watch interesting videos.
20075 I’ve been using macOS for a couple of years now, previously being a linux user for some (relatively short) time. Both these operating systems have a common ancestor — Unix. While I’m definitely not an expert, I feel quite comfortable using linux & macOS — I understand the concepts behind the system architecture, know a lot of command line tools & navigate through the shell without a hassle. So-called unix philosophy is also close to my heart. I always feel like there’s more I could squeeze out of it.
20076 Recently, I found that book titled “Unix for dummies, 5th edition” which was published back in… 2004. Feels literally like AGES in the computer-related world. However, it was a great shot — the book starts with the basics, providing some brief history of Unix and how it came to life. It talks a lot about the structure of the system and where certain pieces fit (eg. “standard” set of tools), and how to understand permissions and work with files & directories. There’s even a whole chapter about shell-based text editors like Vi and Emacs! Despite the fact that I am familiar with most of these, I could still find some interesting pieces & tools that I either knew existed (but never had a chance to use), or even haven’t ever heard of. And almost all of these are still valid in the modern “incarnations” of Unix’s descendants: Linux and macOS.
20077 The book also talks about networking, surfing the web & working with email. It’s cute to see pictures of those old browsers rendering “ancient” Internet websites, but hey — this is how it looked like no more than fifteen years ago!
20078 I can really recommend this book to anyone working on modern macOS or Linux — you will certainly find some interesting pieces. Especially if you like to go back to the roots from time to time as I do!
20079 ThePDP-7 Where Unix Began (https://bsdimp.blogspot.com/2019/07/the-pdp-7-where-unix-began.html)
20080 In preparation for a talk on Seventh Edition Unix this fall, I stumbled upon a service list from DEC for all known PDP-7 machines. From that list, and other sources, I believe that PDP-7 serial number 34 was the original Unix machine.
20081 V0 Unix could run on only one of the PDP-7s. Of the 99 PDP-7s produced, only two had disks. Serial number 14 had an RA01 listed, presumably a disk, though of a different type. In addition to the PDP-7 being obsolete in 1970, no other PDP-7 could run Unix, limiting its appeal outside of Bell Labs. By porting Unix to the PDP-11 in 1970, the group ensured Unix would live on into the future. The PDP-9 and PDP-15 were both upgrades of the PDP-7, so to be fair, PDP-7 Unix did have a natural upgrade path (the PDP-11 out sold the 18 bit systems though ~600,000 to ~1000). Ken Thompson reports in a private email that there were 2 PDP-9s and 1 PDP-15 at Bell Labs that could run a version of the PDP-7 Unix, though those machines were viewed as born obsolete.
20082 LLDB: watchpoints, XSTATE in ptrace() and core dumps (https://blog.netbsd.org/tnf/entry/lldb_watchpoints_xstate_in_ptrace)
20083 Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.
20084 In February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support and lately extending NetBSD's ptrace interface to cover more register types and fix compat32 issues. You can read more about that in my May 2019 report.
20085 In June, I have finally finished the remaining ptrace() work for xstate and got it merged both on NetBSD and LLDB end (meaning it's going to make it into NetBSD 9). I have also worked on debug register support in LLDB, effectively fixing watchpoint support. Once again I had to fight some upstream regressions.
20086 Beastie Bits
20087 Project Trident 19.07 Available (https://project-trident.org/post/2019-07-12_19.07_available/)
20088 A list of names from "Cold Blood" -- Any familiar? (https://www.montanalinux.org/cold-blood-list-of-numbers-201907.html)
20089 fern: a curses-based mastodon client modeled off usenet news readers & pine, with an emphasis on getting to 'timeline zero' (https://github.com/enkiv2/fern)
20090 OpenBSD Community goes Platinum for 2019! (https://undeadly.org/cgi?action=article;sid=20190707065226)
20091 tcp keepalive and dports on DragonFly (https://www.dragonflydigest.com/2019/07/15/23199.html)
20092 Feedback/Questions
20093 Patrick - OpenZFS/ZoL Module from Ports (http://dpaste.com/1W2HJ04)
20094 Brad - Services not starting (http://dpaste.com/345VM9Y#wrap)
20095 Simon - Feedback (http://dpaste.com/1B4ZKC8#wrap)
20096 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
20097 <video controls preload="metadata" style=" width:426px; height:240px;">
20098 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0308.mp4" type="video/mp4">
20099 Your browser does not support the HTML5 video tag.
20100 </video>
20101
20102 </description>
20103 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, zfs, zpool, opnsense, drm, voip, umurmur, mumble, pdp-7, lldp, watchpoints</itunes:keywords>
20104 <content:encoded>
20105 <![CDATA[<p>Replacing a (silently) failing disk in a ZFS pool, OPNsense 19.7 RC1 released, implementing DRM ioctl support for NetBSD, High quality/low latency VOIP server with umurmur/Mumble on OpenBSD, the PDP-7 where Unix began, LLDB watchpoints, and more.</p>
20106
20107 <h2>Headlines</h2>
20108
20109 <h3><a href="https://imil.net/blog/2019/07/02/Replacing-a-silently-failing-disk-in-a-ZFS-pool/" rel="nofollow">Replacing a (silently) failing disk in a ZFS pool</a></h3>
20110
20111 <blockquote>
20112 <p>Maybe I can’t read, but I have the feeling that official documentations explain every single corner case for a given tool, except the one you will actually need. My today’s struggle: replacing a disk within a FreeBSD ZFS pool.<br>
20113 What? there’s a shitton of docs on this topic! Are you stupid?<br>
20114 I don’t know, maybe. Yet none covered the process in a simple, straight and complete manner.</p>
20115 </blockquote>
20116
20117 <hr>
20118
20119 <h3><a href="https://opnsense.org/opnsense-19-7-rc1-released/" rel="nofollow">OPNsense 19.7 RC1 released</a></h3>
20120
20121 <blockquote>
20122 <p>Hi there,<br>
20123 For four and a half years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.<br>
20124 We thank all of you for helping test, shape and contribute to the project! We know it would not be the same without you.<br>
20125 Download links, an installation guide[1] and the checksums for the images can be found below as well.</p>
20126 </blockquote>
20127
20128 <hr>
20129
20130 <h2>News Roundup</h2>
20131
20132 <h3><a href="https://blog.netbsd.org/tnf/entry/implementation_of_drm_ioctl_support" rel="nofollow">Implementation of DRM ioctl Support for NetBSD kernel</a></h3>
20133
20134 <ul>
20135 <li>What is DRM ioctl ?</li>
20136 </ul>
20137
20138 <blockquote>
20139 <p>Ioctls are input/output control system calls and DRM stands for direct rendering manager The DRM layer provides several services to graphics drivers, many of them driven by the application interfaces it provides through libdrm, the library that wraps most of the DRM ioctls. These include vblank event handling, memory management, output management, framebuffer management, command submission & fencing, suspend/resume support, and DMA services.</p>
20140 </blockquote>
20141
20142 <ul>
20143 <li>Native DRM ioctl calls</li>
20144 </ul>
20145
20146 <blockquote>
20147 <p>NetBSD was able to make native DRM ioctl calls with hardware rendering once xorg and proper mesa packages where installed. We used the glxinfo and glxgears applications to test this out.</p>
20148 </blockquote>
20149
20150 <hr>
20151
20152 <h3><a href="https://dataswamp.org/%7Esolene/2019-07-04-umurmur.html" rel="nofollow">High quality / low latency VOIP server with umurmur/Mumble on OpenBSD</a></h3>
20153
20154 <blockquote>
20155 <p>Discord users keep telling about their so called discord server, which is not dedicated to them at all. And Discord has a very bad quality and a lot of voice distorsion.<br>
20156 Why not run your very own mumble server with high voice quality and low latency and privacy respect? This is very easy to setup on OpenBSD!<br>
20157 Mumble is an open source voip client, it has a client named Mumble (available on various operating system) and at least Android, the server part is murmur but there is a lightweight server named umurmur. People authentication is done through certificate generated locally and automatically accepted on a server, and the certificate get associated with a nickname. Nobody can pick the same nickname as another person if it’s not the same certificate.</p>
20158 </blockquote>
20159
20160 <hr>
20161
20162 <h3><a href="https://blog.softwaremill.com/tmwl-june19-js-fetch-api-scheduling-in-spring-thoughts-on-unix-fd54f50ecd64" rel="nofollow">TMWL June’19 — JS Fetch API, scheduling in Spring, thoughts on Unix</a></h3>
20163
20164 <ul>
20165 <li>Unix — going back to the roots</li>
20166 </ul>
20167
20168 <blockquote>
20169 <p>From time to time, I like to review my knowledge in a certain area, even when I feel like I know a lot about it already. I go back to the basics and read tutorials, manuals, books or watch interesting videos.<br>
20170 I’ve been using macOS for a couple of years now, previously being a linux user for some (relatively short) time. Both these operating systems have a common ancestor — Unix. While I’m definitely not an expert, I feel quite comfortable using linux & macOS — I understand the concepts behind the system architecture, know a lot of command line tools & navigate through the shell without a hassle. So-called unix philosophy is also close to my heart. I always feel like there’s more I could squeeze out of it.<br>
20171 Recently, I found that book titled “Unix for dummies, 5th edition” which was published back in… 2004. Feels literally like AGES in the computer-related world. However, it was a great shot — the book starts with the basics, providing some brief history of Unix and how it came to life. It talks a lot about the structure of the system and where certain pieces fit (eg. “standard” set of tools), and how to understand permissions and work with files & directories. There’s even a whole chapter about shell-based text editors like Vi and Emacs! Despite the fact that I am familiar with most of these, I could still find some interesting pieces & tools that I either knew existed (but never had a chance to use), or even haven’t ever heard of. And almost all of these are still valid in the modern “incarnations” of Unix’s descendants: Linux and macOS.<br>
20172 The book also talks about networking, surfing the web & working with email. It’s cute to see pictures of those old browsers rendering “ancient” Internet websites, but hey — this is how it looked like no more than fifteen years ago!<br>
20173 I can really recommend this book to anyone working on modern macOS or Linux — you will certainly find some interesting pieces. Especially if you like to go back to the roots from time to time as I do!</p>
20174 </blockquote>
20175
20176 <hr>
20177
20178 <h3><a href="https://bsdimp.blogspot.com/2019/07/the-pdp-7-where-unix-began.html" rel="nofollow">ThePDP-7 Where Unix Began</a></h3>
20179
20180 <blockquote>
20181 <p>In preparation for a talk on Seventh Edition Unix this fall, I stumbled upon a service list from DEC for all known PDP-7 machines. From that list, and other sources, I believe that PDP-7 serial number 34 was the original Unix machine.<br>
20182 V0 Unix could run on only one of the PDP-7s. Of the 99 PDP-7s produced, only two had disks. Serial number 14 had an RA01 listed, presumably a disk, though of a different type. In addition to the PDP-7 being obsolete in 1970, no other PDP-7 could run Unix, limiting its appeal outside of Bell Labs. By porting Unix to the PDP-11 in 1970, the group ensured Unix would live on into the future. The PDP-9 and PDP-15 were both upgrades of the PDP-7, so to be fair, PDP-7 Unix did have a natural upgrade path (the PDP-11 out sold the 18 bit systems though ~600,000 to ~1000). Ken Thompson reports in a private email that there were 2 PDP-9s and 1 PDP-15 at Bell Labs that could run a version of the PDP-7 Unix, though those machines were viewed as born obsolete.</p>
20183 </blockquote>
20184
20185 <hr>
20186
20187 <h3><a href="https://blog.netbsd.org/tnf/entry/lldb_watchpoints_xstate_in_ptrace" rel="nofollow">LLDB: watchpoints, XSTATE in ptrace() and core dumps</a></h3>
20188
20189 <blockquote>
20190 <p>Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.<br>
20191 In February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support and lately extending NetBSD's ptrace interface to cover more register types and fix compat32 issues. You can read more about that in my May 2019 report.<br>
20192 In June, I have finally finished the remaining ptrace() work for xstate and got it merged both on NetBSD and LLDB end (meaning it's going to make it into NetBSD 9). I have also worked on debug register support in LLDB, effectively fixing watchpoint support. Once again I had to fight some upstream regressions.</p>
20193 </blockquote>
20194
20195 <h2>Beastie Bits</h2>
20196
20197 <ul>
20198 <li><a href="https://project-trident.org/post/2019-07-12_19.07_available/" rel="nofollow">Project Trident 19.07 Available</a></li>
20199 <li><a href="https://www.montanalinux.org/cold-blood-list-of-numbers-201907.html" rel="nofollow">A list of names from "Cold Blood" -- Any familiar?</a></li>
20200 <li><a href="https://github.com/enkiv2/fern" rel="nofollow">fern: a curses-based mastodon client modeled off usenet news readers & pine, with an emphasis on getting to 'timeline zero'</a></li>
20201 <li><a href="https://undeadly.org/cgi?action=article;sid=20190707065226" rel="nofollow">OpenBSD Community goes Platinum for 2019!</a></li>
20202 <li><a href="https://www.dragonflydigest.com/2019/07/15/23199.html" rel="nofollow">tcp keepalive and dports on DragonFly</a></li>
20203 </ul>
20204
20205 <hr>
20206
20207 <h2>Feedback/Questions</h2>
20208
20209 <ul>
20210 <li>Patrick - <a href="http://dpaste.com/1W2HJ04" rel="nofollow">OpenZFS/ZoL Module from Ports</a></li>
20211 <li>Brad - <a href="http://dpaste.com/345VM9Y#wrap" rel="nofollow">Services not starting</a></li>
20212 <li>Simon - <a href="http://dpaste.com/1B4ZKC8#wrap" rel="nofollow">Feedback</a></li>
20213 </ul>
20214
20215 <hr>
20216
20217 <ul>
20218 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
20219 </ul>
20220
20221 <hr>
20222
20223 <video controls preload="metadata" style=" width:426px; height:240px;">
20224 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0308.mp4" type="video/mp4">
20225 Your browser does not support the HTML5 video tag.
20226 </video>]]>
20227 </content:encoded>
20228 <itunes:summary>
20229 <![CDATA[<p>Replacing a (silently) failing disk in a ZFS pool, OPNsense 19.7 RC1 released, implementing DRM ioctl support for NetBSD, High quality/low latency VOIP server with umurmur/Mumble on OpenBSD, the PDP-7 where Unix began, LLDB watchpoints, and more.</p>
20230
20231 <h2>Headlines</h2>
20232
20233 <h3><a href="https://imil.net/blog/2019/07/02/Replacing-a-silently-failing-disk-in-a-ZFS-pool/" rel="nofollow">Replacing a (silently) failing disk in a ZFS pool</a></h3>
20234
20235 <blockquote>
20236 <p>Maybe I can’t read, but I have the feeling that official documentations explain every single corner case for a given tool, except the one you will actually need. My today’s struggle: replacing a disk within a FreeBSD ZFS pool.<br>
20237 What? there’s a shitton of docs on this topic! Are you stupid?<br>
20238 I don’t know, maybe. Yet none covered the process in a simple, straight and complete manner.</p>
20239 </blockquote>
20240
20241 <hr>
20242
20243 <h3><a href="https://opnsense.org/opnsense-19-7-rc1-released/" rel="nofollow">OPNsense 19.7 RC1 released</a></h3>
20244
20245 <blockquote>
20246 <p>Hi there,<br>
20247 For four and a half years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.<br>
20248 We thank all of you for helping test, shape and contribute to the project! We know it would not be the same without you.<br>
20249 Download links, an installation guide[1] and the checksums for the images can be found below as well.</p>
20250 </blockquote>
20251
20252 <hr>
20253
20254 <h2>News Roundup</h2>
20255
20256 <h3><a href="https://blog.netbsd.org/tnf/entry/implementation_of_drm_ioctl_support" rel="nofollow">Implementation of DRM ioctl Support for NetBSD kernel</a></h3>
20257
20258 <ul>
20259 <li>What is DRM ioctl ?</li>
20260 </ul>
20261
20262 <blockquote>
20263 <p>Ioctls are input/output control system calls and DRM stands for direct rendering manager The DRM layer provides several services to graphics drivers, many of them driven by the application interfaces it provides through libdrm, the library that wraps most of the DRM ioctls. These include vblank event handling, memory management, output management, framebuffer management, command submission & fencing, suspend/resume support, and DMA services.</p>
20264 </blockquote>
20265
20266 <ul>
20267 <li>Native DRM ioctl calls</li>
20268 </ul>
20269
20270 <blockquote>
20271 <p>NetBSD was able to make native DRM ioctl calls with hardware rendering once xorg and proper mesa packages where installed. We used the glxinfo and glxgears applications to test this out.</p>
20272 </blockquote>
20273
20274 <hr>
20275
20276 <h3><a href="https://dataswamp.org/%7Esolene/2019-07-04-umurmur.html" rel="nofollow">High quality / low latency VOIP server with umurmur/Mumble on OpenBSD</a></h3>
20277
20278 <blockquote>
20279 <p>Discord users keep telling about their so called discord server, which is not dedicated to them at all. And Discord has a very bad quality and a lot of voice distorsion.<br>
20280 Why not run your very own mumble server with high voice quality and low latency and privacy respect? This is very easy to setup on OpenBSD!<br>
20281 Mumble is an open source voip client, it has a client named Mumble (available on various operating system) and at least Android, the server part is murmur but there is a lightweight server named umurmur. People authentication is done through certificate generated locally and automatically accepted on a server, and the certificate get associated with a nickname. Nobody can pick the same nickname as another person if it’s not the same certificate.</p>
20282 </blockquote>
20283
20284 <hr>
20285
20286 <h3><a href="https://blog.softwaremill.com/tmwl-june19-js-fetch-api-scheduling-in-spring-thoughts-on-unix-fd54f50ecd64" rel="nofollow">TMWL June’19 — JS Fetch API, scheduling in Spring, thoughts on Unix</a></h3>
20287
20288 <ul>
20289 <li>Unix — going back to the roots</li>
20290 </ul>
20291
20292 <blockquote>
20293 <p>From time to time, I like to review my knowledge in a certain area, even when I feel like I know a lot about it already. I go back to the basics and read tutorials, manuals, books or watch interesting videos.<br>
20294 I’ve been using macOS for a couple of years now, previously being a linux user for some (relatively short) time. Both these operating systems have a common ancestor — Unix. While I’m definitely not an expert, I feel quite comfortable using linux & macOS — I understand the concepts behind the system architecture, know a lot of command line tools & navigate through the shell without a hassle. So-called unix philosophy is also close to my heart. I always feel like there’s more I could squeeze out of it.<br>
20295 Recently, I found that book titled “Unix for dummies, 5th edition” which was published back in… 2004. Feels literally like AGES in the computer-related world. However, it was a great shot — the book starts with the basics, providing some brief history of Unix and how it came to life. It talks a lot about the structure of the system and where certain pieces fit (eg. “standard” set of tools), and how to understand permissions and work with files & directories. There’s even a whole chapter about shell-based text editors like Vi and Emacs! Despite the fact that I am familiar with most of these, I could still find some interesting pieces & tools that I either knew existed (but never had a chance to use), or even haven’t ever heard of. And almost all of these are still valid in the modern “incarnations” of Unix’s descendants: Linux and macOS.<br>
20296 The book also talks about networking, surfing the web & working with email. It’s cute to see pictures of those old browsers rendering “ancient” Internet websites, but hey — this is how it looked like no more than fifteen years ago!<br>
20297 I can really recommend this book to anyone working on modern macOS or Linux — you will certainly find some interesting pieces. Especially if you like to go back to the roots from time to time as I do!</p>
20298 </blockquote>
20299
20300 <hr>
20301
20302 <h3><a href="https://bsdimp.blogspot.com/2019/07/the-pdp-7-where-unix-began.html" rel="nofollow">ThePDP-7 Where Unix Began</a></h3>
20303
20304 <blockquote>
20305 <p>In preparation for a talk on Seventh Edition Unix this fall, I stumbled upon a service list from DEC for all known PDP-7 machines. From that list, and other sources, I believe that PDP-7 serial number 34 was the original Unix machine.<br>
20306 V0 Unix could run on only one of the PDP-7s. Of the 99 PDP-7s produced, only two had disks. Serial number 14 had an RA01 listed, presumably a disk, though of a different type. In addition to the PDP-7 being obsolete in 1970, no other PDP-7 could run Unix, limiting its appeal outside of Bell Labs. By porting Unix to the PDP-11 in 1970, the group ensured Unix would live on into the future. The PDP-9 and PDP-15 were both upgrades of the PDP-7, so to be fair, PDP-7 Unix did have a natural upgrade path (the PDP-11 out sold the 18 bit systems though ~600,000 to ~1000). Ken Thompson reports in a private email that there were 2 PDP-9s and 1 PDP-15 at Bell Labs that could run a version of the PDP-7 Unix, though those machines were viewed as born obsolete.</p>
20307 </blockquote>
20308
20309 <hr>
20310
20311 <h3><a href="https://blog.netbsd.org/tnf/entry/lldb_watchpoints_xstate_in_ptrace" rel="nofollow">LLDB: watchpoints, XSTATE in ptrace() and core dumps</a></h3>
20312
20313 <blockquote>
20314 <p>Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.<br>
20315 In February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support and lately extending NetBSD's ptrace interface to cover more register types and fix compat32 issues. You can read more about that in my May 2019 report.<br>
20316 In June, I have finally finished the remaining ptrace() work for xstate and got it merged both on NetBSD and LLDB end (meaning it's going to make it into NetBSD 9). I have also worked on debug register support in LLDB, effectively fixing watchpoint support. Once again I had to fight some upstream regressions.</p>
20317 </blockquote>
20318
20319 <h2>Beastie Bits</h2>
20320
20321 <ul>
20322 <li><a href="https://project-trident.org/post/2019-07-12_19.07_available/" rel="nofollow">Project Trident 19.07 Available</a></li>
20323 <li><a href="https://www.montanalinux.org/cold-blood-list-of-numbers-201907.html" rel="nofollow">A list of names from "Cold Blood" -- Any familiar?</a></li>
20324 <li><a href="https://github.com/enkiv2/fern" rel="nofollow">fern: a curses-based mastodon client modeled off usenet news readers & pine, with an emphasis on getting to 'timeline zero'</a></li>
20325 <li><a href="https://undeadly.org/cgi?action=article;sid=20190707065226" rel="nofollow">OpenBSD Community goes Platinum for 2019!</a></li>
20326 <li><a href="https://www.dragonflydigest.com/2019/07/15/23199.html" rel="nofollow">tcp keepalive and dports on DragonFly</a></li>
20327 </ul>
20328
20329 <hr>
20330
20331 <h2>Feedback/Questions</h2>
20332
20333 <ul>
20334 <li>Patrick - <a href="http://dpaste.com/1W2HJ04" rel="nofollow">OpenZFS/ZoL Module from Ports</a></li>
20335 <li>Brad - <a href="http://dpaste.com/345VM9Y#wrap" rel="nofollow">Services not starting</a></li>
20336 <li>Simon - <a href="http://dpaste.com/1B4ZKC8#wrap" rel="nofollow">Feedback</a></li>
20337 </ul>
20338
20339 <hr>
20340
20341 <ul>
20342 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
20343 </ul>
20344
20345 <hr>
20346
20347 <video controls preload="metadata" style=" width:426px; height:240px;">
20348 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0308.mp4" type="video/mp4">
20349 Your browser does not support the HTML5 video tag.
20350 </video>]]>
20351 </itunes:summary>
20352 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+Js40yXpD</fireside:playerURL>
20353 <fireside:playerEmbedCode>
20354 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+Js40yXpD" width="740" height="200" frameborder="0" scrolling="no">]]>
20355 </fireside:playerEmbedCode>
20356 </item>
20357 <item>
20358 <title>307: Twitching with OpenBSD</title>
20359 <link>https://www.bsdnow.tv/307</link>
20360 <guid isPermaLink="false">1bd153c0-be65-44ed-8f12-f73d97e93d8b</guid>
20361 <pubDate>Thu, 18 Jul 2019 07:00:00 -0700</pubDate>
20362 <author>Allan Jude</author>
20363 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/1bd153c0-be65-44ed-8f12-f73d97e93d8b.mp3" length="36709691" type="audio/mp3"/>
20364 <itunes:episodeType>full</itunes:episodeType>
20365 <itunes:author>Allan Jude</itunes:author>
20366 <itunes:subtitle>FreeBSD 11.3 has been released, OpenBSD workstation, write your own fuzzer for the NetBSD kernel, Exploiting FreeBSD-SA-19:02.fd, streaming to twitch using OpenBSD, 3 different ways of dumping hex contents of a file, and more.</itunes:subtitle>
20367 <itunes:duration>50:59</itunes:duration>
20368 <itunes:explicit>no</itunes:explicit>
20369 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
20370 <description>FreeBSD 11.3 has been released, OpenBSD workstation, write your own fuzzer for the NetBSD kernel, Exploiting FreeBSD-SA-19:02.fd, streaming to twitch using OpenBSD, 3 different ways of dumping hex contents of a file, and more.
20371 Headlines
20372 FreeBSD 11.3-RELEASE Announcement (https://www.freebsd.org/releases/11.3R/announce.html)
20373 The FreeBSD Release Engineering Team is pleased to announce the availability of FreeBSD 11.3-RELEASE. This is the fourth release of the stable/11 branch.
20374 Some of the highlights:
20375 The clang, llvm, lld, lldb, and compiler-rt utilities as well as libc++ have been updated to upstream version 8.0.0.
20376 The ELF Tool Chain has been updated to version r3614.
20377 OpenSSL has been updated to version 1.0.2s.
20378 The ZFS filesystem has been updated to implement parallel mounting.
20379 The loader(8) has been updated to extend geli(8) support to all architectures.
20380 The pkg(8) utility has been updated to version 1.10.5.
20381 The KDE desktop environment has been updated to version 5.15.3.
20382 The GNOME desktop environment has been updated to version 3.28.
20383 The kernel will now log the jail(8) ID when logging a process exit.
20384 Several feature additions and updates to userland applications.
20385 Several network driver firmware updates.
20386 Warnings for features deprecated in future releases will now be printed on all FreeBSD versions.
20387 Warnings have been added for IPSec algorithms deprecated in RFC 8221.
20388 Deprecation warnings have been added for weaker algorithms when creating geli(8) providers.
20389 And more...
20390 OpenBSD Is Now My Workstation (https://sogubsys.com/openbsd-is-now-my-workstation-operating-system/)
20391 Why OpenBSD? Simply because it is the best tool for the job for me for my new-to-me Lenovo Thinkpad T420. Additionally, I do care about security and non-bloat in my personal operating systems (business needs can have different priorities, to be clear).
20392 I will try to detail what my reasons are for going with OpenBSD (instead of GNU/Linux, NetBSD, or FreeBSD of which I’m comfortable using without issue), challenges and frustrations I’ve encountered, and what my opinions are along the way.
20393 Disclaimer: in this post, I’m speaking about what is my opinion, and I’m not trying to convince you to use OpenBSD or anything else. I don’t truly care, but wanted to share in case it could be useful to you. I do hope you give OpenBSD a shot as your workstation, especially if it has been a while.
20394 A Bit About Me and OpenBSD
20395 I’m not new to OpenBSD, to be clear. I’ve been using it off and on for over 20 years. The biggest time in my life was the early 2000s (I was even the Python port maintainer for a bit), where I not only used it for my workstation, but also for production servers and network devices.
20396 I just haven’t used it as a workstation (outside of a virtual machine) in over 10 years, but have used it for servers. Workstation needs, especially for a primary workstation, are greatly different and the small things end up mattering most.
20397 News Roundup
20398 Write your own fuzzer for NetBSD kernel! [Part 1] (https://blog.netbsd.org/tnf/entry/write_your_own_fuzzer_for)
20399 How Fuzzing works? The dummy Fuzzer.
20400 The easy way to describe fuzzing is to compare it to the process of unit testing a program, but with different input. This input can be random, or it can be generated in some way that makes it unexpected form standard execution perspective.
20401 The simplest 'fuzzer' can be written in few lines of bash, by getting N bytes from /dev/rand, and putting them to the program as a parameter.
20402 Coverage and Fuzzing
20403 What can be done to make fuzzing more effective? If we think about fuzzing as a process, where we place data into the input of the program (which is a black box), and we can only interact via input, not much more can be done.
20404 However, programs usually process different inputs at different speeds, which can give us some insight into the program's behavior. During fuzzing, we are trying to crash the program, thus we need additional probes to observe the program's behaviour.
20405 Additional knowledge about program state can be exploited as a feedback loop for generating new input vectors. Knowledge about the program itself and the structure of input data can also be considered. As an example, if the input data is in the form of HTML, changing characters inside the body will probably cause less problems for the parser than experimenting with headers and HTML tags.
20406 For open source programs, we can read the source code to know what input takes which execution path. Nonetheless, this might be very time consuming, and it would be much more helpful if this can be automated. As it turns out, this process can be improved by tracing coverage of the execution
20407 vBSDcon - CFP - Call for Papers ends July 19th (https://vbsdcon.com/)
20408 You can submit your proposal at https://easychair.org/conferences/?conf=vbsdcon2019
20409 The talks will have a very strong technical content bias. Proposals of a business development or marketing nature are not appropriate for this venue.
20410 If you are doing something interesting with a BSD operating system, please submit a proposal. Whether you are developing a very complex system using BSD as the foundation, or helping others and have a story to tell about how BSD played a role, we want to hear about your experience. People using BSD as a platform for research are also encouraged to submit a proposal.
20411 Possible topics include: How we manage a giant installation with respect to handling spam, snd/or sysadmin, and/or networking, Cool new stuff in BSD, Tell us about your project which runs on BSD.
20412 Both users and developers are encouraged to share their experiences.
20413 Exploiting FreeBSD-SA-19:02.fd (https://secfault-security.com/blog/FreeBSD-SA-1902.fd.html)
20414 In February 2019 the FreeBSD project issued an advisory about a possible vulnerability in the handling of file descriptors. UNIX-like systems such as FreeBSD allow to send file descriptors to other processes via UNIX-domain sockets. This can for example be used to pass file access privileges to the receiving process.
20415 Inside the kernel, file descriptors are used to indirectly reference a C struct which stores the relevant information about the file object. This could for instance include a reference to a vnode which describes the file for the file system, the file type, or the access privileges.
20416 What really happens if a UNIX-domain socket is used to send a file descriptor to another process is that for the receiving process, inside the kernel a reference to this struct is created. As the new file descriptor is a reference to the same file object, all information is inherited. For instance, this can allow to give another process write access to a file on the drive even if the process owner is normally not able to open the file writable.
20417 The advisory describes that FreeBSD 12.0 introduced a bug in this mechanism. As the file descriptor information is sent via a socket, the sender and the receiver have to allocate buffers for the procedure. If the receiving buffer is not large enough, the FreeBSD kernel attempts to close the received file descriptors to prevent a leak of these to the sender. However, while the responsible function closes the file descriptor, it fails to release the reference from the file descriptor to the file object. This could cause the reference counter to wrap.
20418 The advisory further states that the impact of this bug is possibly a local privilege escalation to gain root privileges or a jail escape. However, no proof-of-concept was provided by the advisory authors.
20419 In the next section, the bug itself is analyzed to make a statement about the bug class and a guess about a possible exploitation primitive.
20420 After that, the bug trigger is addressed.
20421 It follows a discussion of three imaginable exploitation strategies - including a discussion of why two of these approaches failed.
20422 In the section before last, the working exploit primitive is discussed. It introduces a (at least to the author’s knowledge) new exploitation technique for these kind of vulnerabilities in FreeBSD. The stabilization of the exploit is addressed, too.
20423 The last section wraps everything up in a conclusion and points out further steps and challenges.
20424 The privilege escalation is now a piece of cake thanks to a technique used by kingcope, who published a FreeBSD root exploit in 2005, which writes to the file /etc/libmap.conf. This configuration file can be used to hook the loading of dynamic libraries if a program is started. The exploit therefore creates a dynamic library, which copies /bin/sh to another file and sets the suid-bit for the copy. The hooked library is libutil, which is for instance called by su. Therefore, a call to su by the user will afterwards result in a suid copy of /bin/sh.
20425 Streaming to Twitch using OpenBSD (https://dataswamp.org/~solene/2019-07-06-twitch.html)
20426 Introduction
20427 If you ever wanted to make a twitch stream from your OpenBSD system, this is now possible, thanks to OpenBSD developer thfr@ who made a wrapper named fauxstream using ffmpeg with relevant parameters.
20428 The setup is quite easy, it only requires a few steps and searching on Twitch website two informations, hopefully, to ease the process, I found the links for you.
20429 You will need to make an account on twitch, get your api key (a long string of characters) which should stay secret because it allow anyone having it to stream on your account.
20430 These same techniques should work for Twitch, YouTube Live, Periscope, Facebook, etc, including the live streaming service ScaleEngine provides free to BSD user groups.
20431 There is also an open source application called ‘OBS’ or Open Broadcaster Studio. It is in FreeBSD ports and should work on all of the other BSDs as well. It has a GUI and supports compositing and green screening. We use it heavily at ScaleEngine and it is also used at JupiterBroadcasting in place of WireCast, a $1000-per-copy commercial application.
20432 Beastie Bits
20433 Portland BSD Pizza Night - 2019-07-25 19:00 - Rudy's Gourmet Pizza (http://calagator.org/events/1250475868)
20434 KnoxBUG - Michael W. Lucas : Twenty Years in Jail (http://knoxbug.org/2019-07-29)
20435 Ohio Linuxfest - CFP - Closes August 17th (https://ohiolinux.org/call-for-presentations/)
20436 My college (NYU Tandon) is moving their CS department and I saw this on a shelf being moved (https://old.reddit.com/r/freebsd/comments/cdx8fp/my_college_nyu_tandon_is_moving_their_cs/)
20437 3 different ways of dumping hex contents of a file (https://moopost.blogspot.com/2019/07/3-different-ways-of-dumping-hex.html)
20438 Feedback/Questions
20439 Sebastian - ZFS setup toward ESXi (http://dpaste.com/0DRKFH6#wrap)
20440 Christopher - Questions (http://dpaste.com/2YNN1SH)
20441 Ser - Bhyve and Microsoft SQL (http://dpaste.com/1F5TMT0#wrap)
20442 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
20443 <video controls preload="metadata" style=" width:426px; height:240px;">
20444 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0307.mp4" type="video/mp4">
20445 Your browser does not support the HTML5 video tag.
20446 </video>
20447 </description>
20448 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, workstation, streaming, twitch, hex, dump, dumping</itunes:keywords>
20449 <content:encoded>
20450 <![CDATA[<p>FreeBSD 11.3 has been released, OpenBSD workstation, write your own fuzzer for the NetBSD kernel, Exploiting FreeBSD-SA-19:02.fd, streaming to twitch using OpenBSD, 3 different ways of dumping hex contents of a file, and more.</p>
20451
20452 <h2>Headlines</h2>
20453
20454 <h3><a href="https://www.freebsd.org/releases/11.3R/announce.html" rel="nofollow">FreeBSD 11.3-RELEASE Announcement</a></h3>
20455
20456 <blockquote>
20457 <p>The FreeBSD Release Engineering Team is pleased to announce the availability of FreeBSD 11.3-RELEASE. This is the fourth release of the stable/11 branch.</p>
20458 </blockquote>
20459
20460 <ul>
20461 <li>Some of the highlights:
20462
20463 <ul>
20464 <li>The clang, llvm, lld, lldb, and compiler-rt utilities as well as libc++ have been updated to upstream version 8.0.0.</li>
20465 <li>The ELF Tool Chain has been updated to version r3614.</li>
20466 <li>OpenSSL has been updated to version 1.0.2s.</li>
20467 <li>The ZFS filesystem has been updated to implement parallel mounting.</li>
20468 <li>The loader(8) has been updated to extend geli(8) support to all architectures.</li>
20469 <li>The pkg(8) utility has been updated to version 1.10.5.</li>
20470 <li>The KDE desktop environment has been updated to version 5.15.3.</li>
20471 <li>The GNOME desktop environment has been updated to version 3.28.</li>
20472 <li>The kernel will now log the jail(8) ID when logging a process exit.</li>
20473 <li>Several feature additions and updates to userland applications.</li>
20474 <li>Several network driver firmware updates.</li>
20475 <li>Warnings for features deprecated in future releases will now be printed on all FreeBSD versions.</li>
20476 <li>Warnings have been added for IPSec algorithms deprecated in RFC 8221.</li>
20477 <li>Deprecation warnings have been added for weaker algorithms when creating geli(8) providers.</li>
20478 <li>And more...</li>
20479 </ul></li>
20480 </ul>
20481
20482 <hr>
20483
20484 <h3><a href="https://sogubsys.com/openbsd-is-now-my-workstation-operating-system/" rel="nofollow">OpenBSD Is Now My Workstation</a></h3>
20485
20486 <blockquote>
20487 <p>Why OpenBSD? Simply because it is the best tool for the job for me for my new-to-me Lenovo Thinkpad T420. Additionally, I do care about security and non-bloat in my personal operating systems (business needs can have different priorities, to be clear).</p>
20488
20489 <p>I will try to detail what my reasons are for going with OpenBSD (instead of GNU/Linux, NetBSD, or FreeBSD of which I’m comfortable using without issue), challenges and frustrations I’ve encountered, and what my opinions are along the way.</p>
20490
20491 <p>Disclaimer: in this post, I’m speaking about what is my opinion, and I’m not trying to convince you to use OpenBSD or anything else. I don’t truly care, but wanted to share in case it could be useful to you. I do hope you give OpenBSD a shot as your workstation, especially if it has been a while.</p>
20492 </blockquote>
20493
20494 <ul>
20495 <li>A Bit About Me and OpenBSD</li>
20496 </ul>
20497
20498 <blockquote>
20499 <p>I’m not new to OpenBSD, to be clear. I’ve been using it off and on for over 20 years. The biggest time in my life was the early 2000s (I was even the Python port maintainer for a bit), where I not only used it for my workstation, but also for production servers and network devices.</p>
20500
20501 <p>I just haven’t used it as a workstation (outside of a virtual machine) in over 10 years, but have used it for servers. Workstation needs, especially for a primary workstation, are greatly different and the small things end up mattering most.</p>
20502 </blockquote>
20503
20504 <hr>
20505
20506 <h2>News Roundup</h2>
20507
20508 <h3><a href="https://blog.netbsd.org/tnf/entry/write_your_own_fuzzer_for" rel="nofollow">Write your own fuzzer for NetBSD kernel! [Part 1]</a></h3>
20509
20510 <ul>
20511 <li>How Fuzzing works? The dummy Fuzzer.</li>
20512 </ul>
20513
20514 <blockquote>
20515 <p>The easy way to describe fuzzing is to compare it to the process of unit testing a program, but with different input. This input can be random, or it can be generated in some way that makes it unexpected form standard execution perspective.</p>
20516
20517 <p>The simplest 'fuzzer' can be written in few lines of bash, by getting N bytes from /dev/rand, and putting them to the program as a parameter.</p>
20518 </blockquote>
20519
20520 <ul>
20521 <li>Coverage and Fuzzing</li>
20522 </ul>
20523
20524 <blockquote>
20525 <p>What can be done to make fuzzing more effective? If we think about fuzzing as a process, where we place data into the input of the program (which is a black box), and we can only interact via input, not much more can be done.</p>
20526
20527 <p>However, programs usually process different inputs at different speeds, which can give us some insight into the program's behavior. During fuzzing, we are trying to crash the program, thus we need additional probes to observe the program's behaviour.</p>
20528
20529 <p>Additional knowledge about program state can be exploited as a feedback loop for generating new input vectors. Knowledge about the program itself and the structure of input data can also be considered. As an example, if the input data is in the form of HTML, changing characters inside the body will probably cause less problems for the parser than experimenting with headers and HTML tags.</p>
20530
20531 <p>For open source programs, we can read the source code to know what input takes which execution path. Nonetheless, this might be very time consuming, and it would be much more helpful if this can be automated. As it turns out, this process can be improved by tracing coverage of the execution</p>
20532 </blockquote>
20533
20534 <hr>
20535
20536 <h3><a href="https://vbsdcon.com/" rel="nofollow">vBSDcon - CFP - Call for Papers ends July 19th</a></h3>
20537
20538 <blockquote>
20539 <p>You can submit your proposal at <a href="https://easychair.org/conferences/?conf=vbsdcon2019" rel="nofollow">https://easychair.org/conferences/?conf=vbsdcon2019</a></p>
20540
20541 <p>The talks will have a very strong technical content bias. Proposals of a business development or marketing nature are not appropriate for this venue.</p>
20542
20543 <p>If you are doing something interesting with a BSD operating system, please submit a proposal. Whether you are developing a very complex system using BSD as the foundation, or helping others and have a story to tell about how BSD played a role, we want to hear about your experience. People using BSD as a platform for research are also encouraged to submit a proposal.</p>
20544
20545 <p>Possible topics include: How we manage a giant installation with respect to handling spam, snd/or sysadmin, and/or networking, Cool new stuff in BSD, Tell us about your project which runs on BSD.</p>
20546
20547 <p>Both users and developers are encouraged to share their experiences.</p>
20548 </blockquote>
20549
20550 <hr>
20551
20552 <h3><a href="https://secfault-security.com/blog/FreeBSD-SA-1902.fd.html" rel="nofollow">Exploiting FreeBSD-SA-19:02.fd</a></h3>
20553
20554 <blockquote>
20555 <p>In February 2019 the FreeBSD project issued an advisory about a possible vulnerability in the handling of file descriptors. UNIX-like systems such as FreeBSD allow to send file descriptors to other processes via UNIX-domain sockets. This can for example be used to pass file access privileges to the receiving process.</p>
20556
20557 <p>Inside the kernel, file descriptors are used to indirectly reference a C struct which stores the relevant information about the file object. This could for instance include a reference to a vnode which describes the file for the file system, the file type, or the access privileges.</p>
20558
20559 <p>What really happens if a UNIX-domain socket is used to send a file descriptor to another process is that for the receiving process, inside the kernel a reference to this struct is created. As the new file descriptor is a reference to the same file object, all information is inherited. For instance, this can allow to give another process write access to a file on the drive even if the process owner is normally not able to open the file writable.</p>
20560
20561 <p>The advisory describes that FreeBSD 12.0 introduced a bug in this mechanism. As the file descriptor information is sent via a socket, the sender and the receiver have to allocate buffers for the procedure. If the receiving buffer is not large enough, the FreeBSD kernel attempts to close the received file descriptors to prevent a leak of these to the sender. However, while the responsible function closes the file descriptor, it fails to release the reference from the file descriptor to the file object. This could cause the reference counter to wrap.</p>
20562
20563 <p>The advisory further states that the impact of this bug is possibly a local privilege escalation to gain root privileges or a jail escape. However, no proof-of-concept was provided by the advisory authors.</p>
20564 </blockquote>
20565
20566 <ul>
20567 <li>In the next section, the bug itself is analyzed to make a statement about the bug class and a guess about a possible exploitation primitive.</li>
20568 <li>After that, the bug trigger is addressed.</li>
20569 <li>It follows a discussion of three imaginable exploitation strategies - including a discussion of why two of these approaches failed.</li>
20570 <li>In the section before last, the working exploit primitive is discussed. It introduces a (at least to the author’s knowledge) new exploitation technique for these kind of vulnerabilities in FreeBSD. The stabilization of the exploit is addressed, too.</li>
20571 <li>The last section wraps everything up in a conclusion and points out further steps and challenges.</li>
20572 </ul>
20573
20574 <blockquote>
20575 <p>The privilege escalation is now a piece of cake thanks to a technique used by kingcope, who published a FreeBSD root exploit in 2005, which writes to the file /etc/libmap.conf. This configuration file can be used to hook the loading of dynamic libraries if a program is started. The exploit therefore creates a dynamic library, which copies /bin/sh to another file and sets the suid-bit for the copy. The hooked library is libutil, which is for instance called by su. Therefore, a call to su by the user will afterwards result in a suid copy of /bin/sh.</p>
20576 </blockquote>
20577
20578 <hr>
20579
20580 <h3><a href="https://dataswamp.org/%7Esolene/2019-07-06-twitch.html" rel="nofollow">Streaming to Twitch using OpenBSD</a></h3>
20581
20582 <ul>
20583 <li> Introduction</li>
20584 </ul>
20585
20586 <blockquote>
20587 <p>If you ever wanted to make a twitch stream from your OpenBSD system, this is now possible, thanks to OpenBSD developer thfr@ who made a wrapper named fauxstream using ffmpeg with relevant parameters.</p>
20588
20589 <p>The setup is quite easy, it only requires a few steps and searching on Twitch website two informations, hopefully, to ease the process, I found the links for you.</p>
20590
20591 <p>You will need to make an account on twitch, get your api key (a long string of characters) which should stay secret because it allow anyone having it to stream on your account.</p>
20592 </blockquote>
20593
20594 <ul>
20595 <li>These same techniques should work for Twitch, YouTube Live, Periscope, Facebook, etc, including the live streaming service ScaleEngine provides free to BSD user groups.</li>
20596 <li>There is also an open source application called ‘OBS’ or Open Broadcaster Studio. It is in FreeBSD ports and should work on all of the other BSDs as well. It has a GUI and supports compositing and green screening. We use it heavily at ScaleEngine and it is also used at JupiterBroadcasting in place of WireCast, a $1000-per-copy commercial application.</li>
20597 </ul>
20598
20599 <hr>
20600
20601 <h2>Beastie Bits</h2>
20602
20603 <ul>
20604 <li><a href="http://calagator.org/events/1250475868" rel="nofollow">Portland BSD Pizza Night - 2019-07-25 19:00 - Rudy's Gourmet Pizza</a></li>
20605 <li><a href="http://knoxbug.org/2019-07-29" rel="nofollow">KnoxBUG - Michael W. Lucas : Twenty Years in Jail</a></li>
20606 <li><a href="https://ohiolinux.org/call-for-presentations/" rel="nofollow">Ohio Linuxfest - CFP - Closes August 17th</a></li>
20607 <li><a href="https://old.reddit.com/r/freebsd/comments/cdx8fp/my_college_nyu_tandon_is_moving_their_cs/" rel="nofollow">My college (NYU Tandon) is moving their CS department and I saw this on a shelf being moved</a></li>
20608 <li><a href="https://moopost.blogspot.com/2019/07/3-different-ways-of-dumping-hex.html" rel="nofollow">3 different ways of dumping hex contents of a file</a></li>
20609 </ul>
20610
20611 <hr>
20612
20613 <h2>Feedback/Questions</h2>
20614
20615 <ul>
20616 <li>Sebastian - <a href="http://dpaste.com/0DRKFH6#wrap" rel="nofollow">ZFS setup toward ESXi</a></li>
20617 <li>Christopher - <a href="http://dpaste.com/2YNN1SH" rel="nofollow">Questions</a></li>
20618 <li>Ser - <a href="http://dpaste.com/1F5TMT0#wrap" rel="nofollow">Bhyve and Microsoft SQL</a></li>
20619 </ul>
20620
20621 <hr>
20622
20623 <ul>
20624 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
20625 </ul>
20626
20627 <hr>
20628
20629 <video controls preload="metadata" style=" width:426px; height:240px;">
20630 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0307.mp4" type="video/mp4">
20631 Your browser does not support the HTML5 video tag.
20632 </video>]]>
20633 </content:encoded>
20634 <itunes:summary>
20635 <![CDATA[<p>FreeBSD 11.3 has been released, OpenBSD workstation, write your own fuzzer for the NetBSD kernel, Exploiting FreeBSD-SA-19:02.fd, streaming to twitch using OpenBSD, 3 different ways of dumping hex contents of a file, and more.</p>
20636
20637 <h2>Headlines</h2>
20638
20639 <h3><a href="https://www.freebsd.org/releases/11.3R/announce.html" rel="nofollow">FreeBSD 11.3-RELEASE Announcement</a></h3>
20640
20641 <blockquote>
20642 <p>The FreeBSD Release Engineering Team is pleased to announce the availability of FreeBSD 11.3-RELEASE. This is the fourth release of the stable/11 branch.</p>
20643 </blockquote>
20644
20645 <ul>
20646 <li>Some of the highlights:
20647
20648 <ul>
20649 <li>The clang, llvm, lld, lldb, and compiler-rt utilities as well as libc++ have been updated to upstream version 8.0.0.</li>
20650 <li>The ELF Tool Chain has been updated to version r3614.</li>
20651 <li>OpenSSL has been updated to version 1.0.2s.</li>
20652 <li>The ZFS filesystem has been updated to implement parallel mounting.</li>
20653 <li>The loader(8) has been updated to extend geli(8) support to all architectures.</li>
20654 <li>The pkg(8) utility has been updated to version 1.10.5.</li>
20655 <li>The KDE desktop environment has been updated to version 5.15.3.</li>
20656 <li>The GNOME desktop environment has been updated to version 3.28.</li>
20657 <li>The kernel will now log the jail(8) ID when logging a process exit.</li>
20658 <li>Several feature additions and updates to userland applications.</li>
20659 <li>Several network driver firmware updates.</li>
20660 <li>Warnings for features deprecated in future releases will now be printed on all FreeBSD versions.</li>
20661 <li>Warnings have been added for IPSec algorithms deprecated in RFC 8221.</li>
20662 <li>Deprecation warnings have been added for weaker algorithms when creating geli(8) providers.</li>
20663 <li>And more...</li>
20664 </ul></li>
20665 </ul>
20666
20667 <hr>
20668
20669 <h3><a href="https://sogubsys.com/openbsd-is-now-my-workstation-operating-system/" rel="nofollow">OpenBSD Is Now My Workstation</a></h3>
20670
20671 <blockquote>
20672 <p>Why OpenBSD? Simply because it is the best tool for the job for me for my new-to-me Lenovo Thinkpad T420. Additionally, I do care about security and non-bloat in my personal operating systems (business needs can have different priorities, to be clear).</p>
20673
20674 <p>I will try to detail what my reasons are for going with OpenBSD (instead of GNU/Linux, NetBSD, or FreeBSD of which I’m comfortable using without issue), challenges and frustrations I’ve encountered, and what my opinions are along the way.</p>
20675
20676 <p>Disclaimer: in this post, I’m speaking about what is my opinion, and I’m not trying to convince you to use OpenBSD or anything else. I don’t truly care, but wanted to share in case it could be useful to you. I do hope you give OpenBSD a shot as your workstation, especially if it has been a while.</p>
20677 </blockquote>
20678
20679 <ul>
20680 <li>A Bit About Me and OpenBSD</li>
20681 </ul>
20682
20683 <blockquote>
20684 <p>I’m not new to OpenBSD, to be clear. I’ve been using it off and on for over 20 years. The biggest time in my life was the early 2000s (I was even the Python port maintainer for a bit), where I not only used it for my workstation, but also for production servers and network devices.</p>
20685
20686 <p>I just haven’t used it as a workstation (outside of a virtual machine) in over 10 years, but have used it for servers. Workstation needs, especially for a primary workstation, are greatly different and the small things end up mattering most.</p>
20687 </blockquote>
20688
20689 <hr>
20690
20691 <h2>News Roundup</h2>
20692
20693 <h3><a href="https://blog.netbsd.org/tnf/entry/write_your_own_fuzzer_for" rel="nofollow">Write your own fuzzer for NetBSD kernel! [Part 1]</a></h3>
20694
20695 <ul>
20696 <li>How Fuzzing works? The dummy Fuzzer.</li>
20697 </ul>
20698
20699 <blockquote>
20700 <p>The easy way to describe fuzzing is to compare it to the process of unit testing a program, but with different input. This input can be random, or it can be generated in some way that makes it unexpected form standard execution perspective.</p>
20701
20702 <p>The simplest 'fuzzer' can be written in few lines of bash, by getting N bytes from /dev/rand, and putting them to the program as a parameter.</p>
20703 </blockquote>
20704
20705 <ul>
20706 <li>Coverage and Fuzzing</li>
20707 </ul>
20708
20709 <blockquote>
20710 <p>What can be done to make fuzzing more effective? If we think about fuzzing as a process, where we place data into the input of the program (which is a black box), and we can only interact via input, not much more can be done.</p>
20711
20712 <p>However, programs usually process different inputs at different speeds, which can give us some insight into the program's behavior. During fuzzing, we are trying to crash the program, thus we need additional probes to observe the program's behaviour.</p>
20713
20714 <p>Additional knowledge about program state can be exploited as a feedback loop for generating new input vectors. Knowledge about the program itself and the structure of input data can also be considered. As an example, if the input data is in the form of HTML, changing characters inside the body will probably cause less problems for the parser than experimenting with headers and HTML tags.</p>
20715
20716 <p>For open source programs, we can read the source code to know what input takes which execution path. Nonetheless, this might be very time consuming, and it would be much more helpful if this can be automated. As it turns out, this process can be improved by tracing coverage of the execution</p>
20717 </blockquote>
20718
20719 <hr>
20720
20721 <h3><a href="https://vbsdcon.com/" rel="nofollow">vBSDcon - CFP - Call for Papers ends July 19th</a></h3>
20722
20723 <blockquote>
20724 <p>You can submit your proposal at <a href="https://easychair.org/conferences/?conf=vbsdcon2019" rel="nofollow">https://easychair.org/conferences/?conf=vbsdcon2019</a></p>
20725
20726 <p>The talks will have a very strong technical content bias. Proposals of a business development or marketing nature are not appropriate for this venue.</p>
20727
20728 <p>If you are doing something interesting with a BSD operating system, please submit a proposal. Whether you are developing a very complex system using BSD as the foundation, or helping others and have a story to tell about how BSD played a role, we want to hear about your experience. People using BSD as a platform for research are also encouraged to submit a proposal.</p>
20729
20730 <p>Possible topics include: How we manage a giant installation with respect to handling spam, snd/or sysadmin, and/or networking, Cool new stuff in BSD, Tell us about your project which runs on BSD.</p>
20731
20732 <p>Both users and developers are encouraged to share their experiences.</p>
20733 </blockquote>
20734
20735 <hr>
20736
20737 <h3><a href="https://secfault-security.com/blog/FreeBSD-SA-1902.fd.html" rel="nofollow">Exploiting FreeBSD-SA-19:02.fd</a></h3>
20738
20739 <blockquote>
20740 <p>In February 2019 the FreeBSD project issued an advisory about a possible vulnerability in the handling of file descriptors. UNIX-like systems such as FreeBSD allow to send file descriptors to other processes via UNIX-domain sockets. This can for example be used to pass file access privileges to the receiving process.</p>
20741
20742 <p>Inside the kernel, file descriptors are used to indirectly reference a C struct which stores the relevant information about the file object. This could for instance include a reference to a vnode which describes the file for the file system, the file type, or the access privileges.</p>
20743
20744 <p>What really happens if a UNIX-domain socket is used to send a file descriptor to another process is that for the receiving process, inside the kernel a reference to this struct is created. As the new file descriptor is a reference to the same file object, all information is inherited. For instance, this can allow to give another process write access to a file on the drive even if the process owner is normally not able to open the file writable.</p>
20745
20746 <p>The advisory describes that FreeBSD 12.0 introduced a bug in this mechanism. As the file descriptor information is sent via a socket, the sender and the receiver have to allocate buffers for the procedure. If the receiving buffer is not large enough, the FreeBSD kernel attempts to close the received file descriptors to prevent a leak of these to the sender. However, while the responsible function closes the file descriptor, it fails to release the reference from the file descriptor to the file object. This could cause the reference counter to wrap.</p>
20747
20748 <p>The advisory further states that the impact of this bug is possibly a local privilege escalation to gain root privileges or a jail escape. However, no proof-of-concept was provided by the advisory authors.</p>
20749 </blockquote>
20750
20751 <ul>
20752 <li>In the next section, the bug itself is analyzed to make a statement about the bug class and a guess about a possible exploitation primitive.</li>
20753 <li>After that, the bug trigger is addressed.</li>
20754 <li>It follows a discussion of three imaginable exploitation strategies - including a discussion of why two of these approaches failed.</li>
20755 <li>In the section before last, the working exploit primitive is discussed. It introduces a (at least to the author’s knowledge) new exploitation technique for these kind of vulnerabilities in FreeBSD. The stabilization of the exploit is addressed, too.</li>
20756 <li>The last section wraps everything up in a conclusion and points out further steps and challenges.</li>
20757 </ul>
20758
20759 <blockquote>
20760 <p>The privilege escalation is now a piece of cake thanks to a technique used by kingcope, who published a FreeBSD root exploit in 2005, which writes to the file /etc/libmap.conf. This configuration file can be used to hook the loading of dynamic libraries if a program is started. The exploit therefore creates a dynamic library, which copies /bin/sh to another file and sets the suid-bit for the copy. The hooked library is libutil, which is for instance called by su. Therefore, a call to su by the user will afterwards result in a suid copy of /bin/sh.</p>
20761 </blockquote>
20762
20763 <hr>
20764
20765 <h3><a href="https://dataswamp.org/%7Esolene/2019-07-06-twitch.html" rel="nofollow">Streaming to Twitch using OpenBSD</a></h3>
20766
20767 <ul>
20768 <li> Introduction</li>
20769 </ul>
20770
20771 <blockquote>
20772 <p>If you ever wanted to make a twitch stream from your OpenBSD system, this is now possible, thanks to OpenBSD developer thfr@ who made a wrapper named fauxstream using ffmpeg with relevant parameters.</p>
20773
20774 <p>The setup is quite easy, it only requires a few steps and searching on Twitch website two informations, hopefully, to ease the process, I found the links for you.</p>
20775
20776 <p>You will need to make an account on twitch, get your api key (a long string of characters) which should stay secret because it allow anyone having it to stream on your account.</p>
20777 </blockquote>
20778
20779 <ul>
20780 <li>These same techniques should work for Twitch, YouTube Live, Periscope, Facebook, etc, including the live streaming service ScaleEngine provides free to BSD user groups.</li>
20781 <li>There is also an open source application called ‘OBS’ or Open Broadcaster Studio. It is in FreeBSD ports and should work on all of the other BSDs as well. It has a GUI and supports compositing and green screening. We use it heavily at ScaleEngine and it is also used at JupiterBroadcasting in place of WireCast, a $1000-per-copy commercial application.</li>
20782 </ul>
20783
20784 <hr>
20785
20786 <h2>Beastie Bits</h2>
20787
20788 <ul>
20789 <li><a href="http://calagator.org/events/1250475868" rel="nofollow">Portland BSD Pizza Night - 2019-07-25 19:00 - Rudy's Gourmet Pizza</a></li>
20790 <li><a href="http://knoxbug.org/2019-07-29" rel="nofollow">KnoxBUG - Michael W. Lucas : Twenty Years in Jail</a></li>
20791 <li><a href="https://ohiolinux.org/call-for-presentations/" rel="nofollow">Ohio Linuxfest - CFP - Closes August 17th</a></li>
20792 <li><a href="https://old.reddit.com/r/freebsd/comments/cdx8fp/my_college_nyu_tandon_is_moving_their_cs/" rel="nofollow">My college (NYU Tandon) is moving their CS department and I saw this on a shelf being moved</a></li>
20793 <li><a href="https://moopost.blogspot.com/2019/07/3-different-ways-of-dumping-hex.html" rel="nofollow">3 different ways of dumping hex contents of a file</a></li>
20794 </ul>
20795
20796 <hr>
20797
20798 <h2>Feedback/Questions</h2>
20799
20800 <ul>
20801 <li>Sebastian - <a href="http://dpaste.com/0DRKFH6#wrap" rel="nofollow">ZFS setup toward ESXi</a></li>
20802 <li>Christopher - <a href="http://dpaste.com/2YNN1SH" rel="nofollow">Questions</a></li>
20803 <li>Ser - <a href="http://dpaste.com/1F5TMT0#wrap" rel="nofollow">Bhyve and Microsoft SQL</a></li>
20804 </ul>
20805
20806 <hr>
20807
20808 <ul>
20809 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
20810 </ul>
20811
20812 <hr>
20813
20814 <video controls preload="metadata" style=" width:426px; height:240px;">
20815 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0307.mp4" type="video/mp4">
20816 Your browser does not support the HTML5 video tag.
20817 </video>]]>
20818 </itunes:summary>
20819 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+8cwQfEyb</fireside:playerURL>
20820 <fireside:playerEmbedCode>
20821 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+8cwQfEyb" width="740" height="200" frameborder="0" scrolling="no">]]>
20822 </fireside:playerEmbedCode>
20823 </item>
20824 <item>
20825 <title>306: Comparing Hammers</title>
20826 <link>https://www.bsdnow.tv/306</link>
20827 <guid isPermaLink="false">2e907009-f426-4bbd-a592-d91329f11f0f</guid>
20828 <pubDate>Thu, 11 Jul 2019 07:00:00 -0700</pubDate>
20829 <author>Allan Jude</author>
20830 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/2e907009-f426-4bbd-a592-d91329f11f0f.mp3" length="27620333" type="audio/mp3"/>
20831 <itunes:episodeType>full</itunes:episodeType>
20832 <itunes:author>Allan Jude</itunes:author>
20833 <itunes:subtitle>Am5x86 based retro UNIX build log, setting up services in a FreeNAS Jail, first taste of DragonflyBSD, streaming Netflix on NetBSD, NetBSD on the last G4 Mac mini, Hammer vs Hammer2, and more.</itunes:subtitle>
20834 <itunes:duration>38:21</itunes:duration>
20835 <itunes:explicit>no</itunes:explicit>
20836 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
20837 <description>Am5x86 based retro UNIX build log, setting up services in a FreeNAS Jail, first taste of DragonflyBSD, streaming Netflix on NetBSD, NetBSD on the last G4 Mac mini, Hammer vs Hammer2, and more.
20838 Headlines
20839 Polprog's Am5x86 based retro UNIX build log (https://polprog.net/blog/486/)
20840 I have recently acquired an Am5x86 computer, in a surprisingly good condition. This is an ongoing project, check this page often for updates!
20841 I began by connecting a front panel. The panel came from a different chassis and is slightly too wide, so I had to attach it with a couple of zip-ties. However, that makes it stick out from the PC front at an angle, allowing easy access when the computer sits at the floor - and thats where it is most of the time. It's not that bad, to be honest, and its way easier to access than it would be, if mounted vertically
20842 There is a mains switch on the front panel because the computer uses an older style power supply. Those power supplies instead of relying on a PSON signal, like modern ATX supplies, run a 4 wire cable to a mains switch. The cable carries live and neutral both ways, and the switch keys in or out the power. The system powers on as soon as the switch is enabled.
20843 Originally there was no graphics card in it. Since a PC will not boot with out a GPU, I had to find one. The mainboard only has PCI and ISA slots, and all the GPUs I had were AGP. Fortunately, I bought a PCI GPU hoping it would solve my issue...
20844 However the GPU turned out to be faulty. It took me some time to repair it. I had to repair a broken trace leading to one of the EEPROM pins, and replace a contact in the EEPROM's socket. Then I replaced all the electrolytic capacitors on it, and that fixed it for good.
20845 Having used up only one of the three PCI slots, I populated the remaining pair with two ethernet cards. I still have a bunch of ISA slots available, but I have nothing to install there. Yet.
20846 See the article for the rest of the writeup
20847 Setting up services in a FreeNAS Jail (https://www.ixsystems.com/blog/services-in-freenas-jail/)
20848 This piece demonstrates the setup of a server service in a FreeNAS jail and how to share files with a jail using Apache 2.4 as an example. Jails are powerful, self-contained FreeBSD environments with separate network settings, package management, and access to thousands of FreeBSD application packages. Popular packages such as Apache, NGINX, LigHTTPD, MySQL, and PHP can be found and installed with the pkg search and pkg install commands.
20849 This example shows creating a jail, installing an Apache web server, and setting up a simple web page.
20850 NOTE: Do not directly attach FreeNAS to an external network (WAN). Use port forwarding, proper firewalls and DDoS protections when using FreeNAS for external web sites. This example demonstrates expanding the functionality of FreeNAS in an isolated LAN environment.
20851 News Roundup
20852 First taste of DragonflyBSD (https://nanxiao.me/en/first-taste-of-dragonfly-bsd/)
20853 Last week, I needed to pick a BSD Operating System which supports NUMA to do some testing, so I decided to give Dragonfly BSD a shot. Dragonfly BSDonly can run on X86_64 architecture, which reminds me of Arch Linux, and after some tweaking, I feel Dragonfly BSD may be a “developer-friendly” Operating System, at least for me.
20854 I mainly use Dragonfly BSD as a server, so I don’t care whether GUI is fancy or not. But I have high requirements of developer tools, i.e., compiler and debugger. The default compiler of Dragonfly BSD is gcc 8.3, and I can also install clang 8.0.0 from package. This means I can test state-of-the-art features of compilers, and it is really important for me. gdb‘s version is 7.6.1, a little lag behind, but still OK.
20855 Furthermore, the upgradation of Dragonfly BSD is pretty simple and straightforward. I followed document to upgrade my Operating System to 5.6.0 this morning, just copied and pasted, no single error, booted successfully.
20856 Streaming Netflix on NetBSD (https://www.unitedbsd.com/d/68-streaming-netflix-on-netbsd)
20857 Here's a step-by-step guide that allows streaming Netflix media on NetBSD using a intel-haxm accelerated QEMU vm.
20858 Heads-up! Sound doesn't work, but everything else is fine. Please read the rest of this thread for a solution to this!!
20859 “Sudo Mastery 2nd Edition” cover art reveal (https://mwl.io/archives/4320)
20860 I’m about halfway through the new edition of Sudo Mastery. Assuming nothing terrible happens, should have a complete first draft in four to six weeks. Enough stuff has changed in sudo that I need to carefully double-check every single feature. (I’m also horrified by the painfully obsolete versions of sudo shipped in the latest versions of CentOS and Debian, but people running those operating systems are already accustomed to their creaky obsolescence.)
20861 But the reason for this blog post? I have Eddie Sharam’s glorious cover art. My Patronizers saw it last month, so now the rest of you get a turn.
20862 NetBSD on the last G4 Mac mini (https://tenfourfox.blogspot.com/2019/06/and-now-for-something-completely.html)
20863 I'm a big fan of NetBSD. I've run it since 2000 on a Mac IIci (of course it's still running it) and I ran it for several years on a Power Mac 7300 with a G3 card which was the second incarnation of the Floodgap gopher server. Today I also still run it on a MIPS-based Cobalt RaQ 2 and an HP Jornada 690. I think NetBSD is a better match for smaller or underpowered systems than current-day Linux, and is fairly easy to harden and keep secure even though none of these systems are exposed to the outside world.
20864 Recently I had a need to set up a bridge system that would be fast enough to connect two networks and I happened to have two of the "secret" last-of-the-line 1.5GHz G4 Mac minis sitting on the shelf doing nothing. Yes, they're probably outclassed by later Raspberry Pi models, but I don't have to buy anything and I like putting old hardware to good use.
20865 Hammer vs Hammer2 (https://phoronix.com/scan.php?page=news_item&px=DragonFlyBSD-5.6-HAMMER2-Perf)
20866 With the newly released DragonFlyBSD 5.6 there are improvements to its original HAMMER2 file-system to the extent that it's now selected by its installer as the default file-system choice for new installations. Curious how the performance now compares between HAMMER and HAMMER2, here are some initial benchmarks on an NVMe solid-state drive using DragonFlyBSD 5.6.0.
20867 With a 120GB Toshiba NVMe SSD on an Intel Core i7 8700K system, I ran some benchmarks of DragonFlyBSD 5.6.0 freshly installed with HAMMER2 and then again when returning to the original HAMMER file-system that remains available via its installer. No other changes were made to the setup during testing.
20868 And then for the more synthetic workloads it was just a mix. But overall HAMMER2 was performing well during the initial testing and great to see it continuing to offer noticeable leads in real-world workloads compared to the aging HAMMER file-system. HAMMER2 also offers better clustering, online deduplication, snapshots, compression, encryption, and many other modern file-system features.
20869 Beastie Bits
20870 Unix CLI relational database (https://spin.atomicobject.com/2019/06/16/unix-cli-relational-database/)
20871 The TTY demystified (https://www.linusakesson.net/programming/tty/index.php)
20872 Ranger, a console file manager with VI keybindings (https://ranger.github.io/)
20873 Some Unix Humor (https://www.reddit.com/r/unix/comments/c6o5ze/some_unix_humor/)
20874 OpenBSD -import vulkan-loader for Vulkan API support (https://marc.info/?l=openbsd-ports-cvs&m=156121732625604&w=2)
20875 FreeBSD ZFS without drives (https://savagedlight.me/2019/06/09/freebsd-zfs-without-drives/)
20876 Feedback/Questions
20877 Moritz - ARM Builds (http://dpaste.com/175RRAZ)
20878 Dave - Videos (http://dpaste.com/2DYK85B)
20879 Chris - Raspberry Pi4 (http://dpaste.com/1B16QVN)
20880 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
20881 <video controls preload="metadata" style=" width:426px; height:240px;">
20882 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0306.mp4" type="video/mp4">
20883 Your browser does not support the HTML5 video tag.
20884 </video>
20885 </description>
20886 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, Am5x86, freenas, jail, g4, mac, streaming, netflix, hammer</itunes:keywords>
20887 <content:encoded>
20888 <![CDATA[<p>Am5x86 based retro UNIX build log, setting up services in a FreeNAS Jail, first taste of DragonflyBSD, streaming Netflix on NetBSD, NetBSD on the last G4 Mac mini, Hammer vs Hammer2, and more.</p>
20889
20890 <hr>
20891
20892 <h2>Headlines</h2>
20893
20894 <h3><a href="https://polprog.net/blog/486/" rel="nofollow">Polprog's Am5x86 based retro UNIX build log</a></h3>
20895
20896 <blockquote>
20897 <p>I have recently acquired an Am5x86 computer, in a surprisingly good condition. This is an ongoing project, check this page often for updates!</p>
20898
20899 <p>I began by connecting a front panel. The panel came from a different chassis and is slightly too wide, so I had to attach it with a couple of zip-ties. However, that makes it stick out from the PC front at an angle, allowing easy access when the computer sits at the floor - and thats where it is most of the time. It's not that bad, to be honest, and its way easier to access than it would be, if mounted vertically</p>
20900
20901 <p>There is a mains switch on the front panel because the computer uses an older style power supply. Those power supplies instead of relying on a PSON signal, like modern ATX supplies, run a 4 wire cable to a mains switch. The cable carries live and neutral both ways, and the switch keys in or out the power. The system powers on as soon as the switch is enabled.</p>
20902
20903 <p>Originally there was no graphics card in it. Since a PC will not boot with out a GPU, I had to find one. The mainboard only has PCI and ISA slots, and all the GPUs I had were AGP. Fortunately, I bought a PCI GPU hoping it would solve my issue...</p>
20904
20905 <p>However the GPU turned out to be faulty. It took me some time to repair it. I had to repair a broken trace leading to one of the EEPROM pins, and replace a contact in the EEPROM's socket. Then I replaced all the electrolytic capacitors on it, and that fixed it for good.</p>
20906
20907 <p>Having used up only one of the three PCI slots, I populated the remaining pair with two ethernet cards. I still have a bunch of ISA slots available, but I have nothing to install there. Yet.</p>
20908 </blockquote>
20909
20910 <ul>
20911 <li>See the article for the rest of the writeup</li>
20912 </ul>
20913
20914 <hr>
20915
20916 <h3><a href="https://www.ixsystems.com/blog/services-in-freenas-jail/" rel="nofollow">Setting up services in a FreeNAS Jail</a></h3>
20917
20918 <blockquote>
20919 <p>This piece demonstrates the setup of a server service in a FreeNAS jail and how to share files with a jail using Apache 2.4 as an example. Jails are powerful, self-contained FreeBSD environments with separate network settings, package management, and access to thousands of FreeBSD application packages. Popular packages such as Apache, NGINX, LigHTTPD, MySQL, and PHP can be found and installed with the pkg search and pkg install commands. </p>
20920
20921 <p>This example shows creating a jail, installing an Apache web server, and setting up a simple web page. </p>
20922
20923 <p>NOTE: Do not directly attach FreeNAS to an external network (WAN). Use port forwarding, proper firewalls and DDoS protections when using FreeNAS for external web sites. This example demonstrates expanding the functionality of FreeNAS in an isolated LAN environment.</p>
20924 </blockquote>
20925
20926 <hr>
20927
20928 <h2>News Roundup</h2>
20929
20930 <h3><a href="https://nanxiao.me/en/first-taste-of-dragonfly-bsd/" rel="nofollow">First taste of DragonflyBSD</a></h3>
20931
20932 <blockquote>
20933 <p>Last week, I needed to pick a BSD Operating System which supports NUMA to do some testing, so I decided to give Dragonfly BSD a shot. Dragonfly BSDonly can run on X86_64 architecture, which reminds me of Arch Linux, and after some tweaking, I feel Dragonfly BSD may be a “developer-friendly” Operating System, at least for me.</p>
20934
20935 <p>I mainly use Dragonfly BSD as a server, so I don’t care whether GUI is fancy or not. But I have high requirements of developer tools, i.e., compiler and debugger. The default compiler of Dragonfly BSD is gcc 8.3, and I can also install clang 8.0.0 from package. This means I can test state-of-the-art features of compilers, and it is really important for me. gdb‘s version is 7.6.1, a little lag behind, but still OK.</p>
20936
20937 <p>Furthermore, the upgradation of Dragonfly BSD is pretty simple and straightforward. I followed document to upgrade my Operating System to 5.6.0 this morning, just copied and pasted, no single error, booted successfully.</p>
20938 </blockquote>
20939
20940 <hr>
20941
20942 <h3><a href="https://www.unitedbsd.com/d/68-streaming-netflix-on-netbsd" rel="nofollow">Streaming Netflix on NetBSD</a></h3>
20943
20944 <blockquote>
20945 <p>Here's a step-by-step guide that allows streaming Netflix media on NetBSD using a intel-haxm accelerated QEMU vm.</p>
20946
20947 <p>Heads-up! Sound doesn't work, but everything else is fine. Please read the rest of this thread for a solution to this!!</p>
20948 </blockquote>
20949
20950 <hr>
20951
20952 <h3><a href="https://mwl.io/archives/4320" rel="nofollow">“Sudo Mastery 2nd Edition” cover art reveal</a></h3>
20953
20954 <blockquote>
20955 <p>I’m about halfway through the new edition of Sudo Mastery. Assuming nothing terrible happens, should have a complete first draft in four to six weeks. Enough stuff has changed in sudo that I need to carefully double-check every single feature. (I’m also horrified by the painfully obsolete versions of sudo shipped in the latest versions of CentOS and Debian, but people running those operating systems are already accustomed to their creaky obsolescence.)</p>
20956
20957 <p>But the reason for this blog post? I have Eddie Sharam’s glorious cover art. My Patronizers saw it last month, so now the rest of you get a turn.</p>
20958 </blockquote>
20959
20960 <hr>
20961
20962 <h3><a href="https://tenfourfox.blogspot.com/2019/06/and-now-for-something-completely.html" rel="nofollow">NetBSD on the last G4 Mac mini</a></h3>
20963
20964 <blockquote>
20965 <p>I'm a big fan of NetBSD. I've run it since 2000 on a Mac IIci (of course it's still running it) and I ran it for several years on a Power Mac 7300 with a G3 card which was the second incarnation of the Floodgap gopher server. Today I also still run it on a MIPS-based Cobalt RaQ 2 and an HP Jornada 690. I think NetBSD is a better match for smaller or underpowered systems than current-day Linux, and is fairly easy to harden and keep secure even though none of these systems are exposed to the outside world.</p>
20966
20967 <p>Recently I had a need to set up a bridge system that would be fast enough to connect two networks and I happened to have two of the "secret" last-of-the-line 1.5GHz G4 Mac minis sitting on the shelf doing nothing. Yes, they're probably outclassed by later Raspberry Pi models, but I don't have to buy anything and I like putting old hardware to good use.</p>
20968 </blockquote>
20969
20970 <hr>
20971
20972 <h3><a href="https://phoronix.com/scan.php?page=news_item&px=DragonFlyBSD-5.6-HAMMER2-Perf" rel="nofollow">Hammer vs Hammer2</a></h3>
20973
20974 <blockquote>
20975 <p>With the newly released DragonFlyBSD 5.6 there are improvements to its original HAMMER2 file-system to the extent that it's now selected by its installer as the default file-system choice for new installations. Curious how the performance now compares between HAMMER and HAMMER2, here are some initial benchmarks on an NVMe solid-state drive using DragonFlyBSD 5.6.0. </p>
20976
20977 <p>With a 120GB Toshiba NVMe SSD on an Intel Core i7 8700K system, I ran some benchmarks of DragonFlyBSD 5.6.0 freshly installed with HAMMER2 and then again when returning to the original HAMMER file-system that remains available via its installer. No other changes were made to the setup during testing. </p>
20978
20979 <p>And then for the more synthetic workloads it was just a mix. But overall HAMMER2 was performing well during the initial testing and great to see it continuing to offer noticeable leads in real-world workloads compared to the aging HAMMER file-system. HAMMER2 also offers better clustering, online deduplication, snapshots, compression, encryption, and many other modern file-system features.</p>
20980 </blockquote>
20981
20982 <hr>
20983
20984 <h2>Beastie Bits</h2>
20985
20986 <ul>
20987 <li><a href="https://spin.atomicobject.com/2019/06/16/unix-cli-relational-database/" rel="nofollow">Unix CLI relational database</a></li>
20988 <li><a href="https://www.linusakesson.net/programming/tty/index.php" rel="nofollow">The TTY demystified</a></li>
20989 <li><a href="https://ranger.github.io/" rel="nofollow">Ranger, a console file manager with VI keybindings</a></li>
20990 <li><a href="https://www.reddit.com/r/unix/comments/c6o5ze/some_unix_humor/" rel="nofollow">Some Unix Humor</a></li>
20991 <li><a href="https://marc.info/?l=openbsd-ports-cvs&m=156121732625604&w=2" rel="nofollow">OpenBSD -import vulkan-loader for Vulkan API support</a></li>
20992 <li><a href="https://savagedlight.me/2019/06/09/freebsd-zfs-without-drives/" rel="nofollow">FreeBSD ZFS without drives</a></li>
20993 </ul>
20994
20995 <hr>
20996
20997 <h2>Feedback/Questions</h2>
20998
20999 <ul>
21000 <li>Moritz - <a href="http://dpaste.com/175RRAZ" rel="nofollow">ARM Builds</a></li>
21001 <li>Dave - <a href="http://dpaste.com/2DYK85B" rel="nofollow">Videos</a></li>
21002 <li>Chris - <a href="http://dpaste.com/1B16QVN" rel="nofollow">Raspberry Pi4</a></li>
21003 </ul>
21004
21005 <hr>
21006
21007 <ul>
21008 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
21009 </ul>
21010
21011 <hr>
21012
21013 <video controls preload="metadata" style=" width:426px; height:240px;">
21014 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0306.mp4" type="video/mp4">
21015 Your browser does not support the HTML5 video tag.
21016 </video>]]>
21017 </content:encoded>
21018 <itunes:summary>
21019 <![CDATA[<p>Am5x86 based retro UNIX build log, setting up services in a FreeNAS Jail, first taste of DragonflyBSD, streaming Netflix on NetBSD, NetBSD on the last G4 Mac mini, Hammer vs Hammer2, and more.</p>
21020
21021 <hr>
21022
21023 <h2>Headlines</h2>
21024
21025 <h3><a href="https://polprog.net/blog/486/" rel="nofollow">Polprog's Am5x86 based retro UNIX build log</a></h3>
21026
21027 <blockquote>
21028 <p>I have recently acquired an Am5x86 computer, in a surprisingly good condition. This is an ongoing project, check this page often for updates!</p>
21029
21030 <p>I began by connecting a front panel. The panel came from a different chassis and is slightly too wide, so I had to attach it with a couple of zip-ties. However, that makes it stick out from the PC front at an angle, allowing easy access when the computer sits at the floor - and thats where it is most of the time. It's not that bad, to be honest, and its way easier to access than it would be, if mounted vertically</p>
21031
21032 <p>There is a mains switch on the front panel because the computer uses an older style power supply. Those power supplies instead of relying on a PSON signal, like modern ATX supplies, run a 4 wire cable to a mains switch. The cable carries live and neutral both ways, and the switch keys in or out the power. The system powers on as soon as the switch is enabled.</p>
21033
21034 <p>Originally there was no graphics card in it. Since a PC will not boot with out a GPU, I had to find one. The mainboard only has PCI and ISA slots, and all the GPUs I had were AGP. Fortunately, I bought a PCI GPU hoping it would solve my issue...</p>
21035
21036 <p>However the GPU turned out to be faulty. It took me some time to repair it. I had to repair a broken trace leading to one of the EEPROM pins, and replace a contact in the EEPROM's socket. Then I replaced all the electrolytic capacitors on it, and that fixed it for good.</p>
21037
21038 <p>Having used up only one of the three PCI slots, I populated the remaining pair with two ethernet cards. I still have a bunch of ISA slots available, but I have nothing to install there. Yet.</p>
21039 </blockquote>
21040
21041 <ul>
21042 <li>See the article for the rest of the writeup</li>
21043 </ul>
21044
21045 <hr>
21046
21047 <h3><a href="https://www.ixsystems.com/blog/services-in-freenas-jail/" rel="nofollow">Setting up services in a FreeNAS Jail</a></h3>
21048
21049 <blockquote>
21050 <p>This piece demonstrates the setup of a server service in a FreeNAS jail and how to share files with a jail using Apache 2.4 as an example. Jails are powerful, self-contained FreeBSD environments with separate network settings, package management, and access to thousands of FreeBSD application packages. Popular packages such as Apache, NGINX, LigHTTPD, MySQL, and PHP can be found and installed with the pkg search and pkg install commands. </p>
21051
21052 <p>This example shows creating a jail, installing an Apache web server, and setting up a simple web page. </p>
21053
21054 <p>NOTE: Do not directly attach FreeNAS to an external network (WAN). Use port forwarding, proper firewalls and DDoS protections when using FreeNAS for external web sites. This example demonstrates expanding the functionality of FreeNAS in an isolated LAN environment.</p>
21055 </blockquote>
21056
21057 <hr>
21058
21059 <h2>News Roundup</h2>
21060
21061 <h3><a href="https://nanxiao.me/en/first-taste-of-dragonfly-bsd/" rel="nofollow">First taste of DragonflyBSD</a></h3>
21062
21063 <blockquote>
21064 <p>Last week, I needed to pick a BSD Operating System which supports NUMA to do some testing, so I decided to give Dragonfly BSD a shot. Dragonfly BSDonly can run on X86_64 architecture, which reminds me of Arch Linux, and after some tweaking, I feel Dragonfly BSD may be a “developer-friendly” Operating System, at least for me.</p>
21065
21066 <p>I mainly use Dragonfly BSD as a server, so I don’t care whether GUI is fancy or not. But I have high requirements of developer tools, i.e., compiler and debugger. The default compiler of Dragonfly BSD is gcc 8.3, and I can also install clang 8.0.0 from package. This means I can test state-of-the-art features of compilers, and it is really important for me. gdb‘s version is 7.6.1, a little lag behind, but still OK.</p>
21067
21068 <p>Furthermore, the upgradation of Dragonfly BSD is pretty simple and straightforward. I followed document to upgrade my Operating System to 5.6.0 this morning, just copied and pasted, no single error, booted successfully.</p>
21069 </blockquote>
21070
21071 <hr>
21072
21073 <h3><a href="https://www.unitedbsd.com/d/68-streaming-netflix-on-netbsd" rel="nofollow">Streaming Netflix on NetBSD</a></h3>
21074
21075 <blockquote>
21076 <p>Here's a step-by-step guide that allows streaming Netflix media on NetBSD using a intel-haxm accelerated QEMU vm.</p>
21077
21078 <p>Heads-up! Sound doesn't work, but everything else is fine. Please read the rest of this thread for a solution to this!!</p>
21079 </blockquote>
21080
21081 <hr>
21082
21083 <h3><a href="https://mwl.io/archives/4320" rel="nofollow">“Sudo Mastery 2nd Edition” cover art reveal</a></h3>
21084
21085 <blockquote>
21086 <p>I’m about halfway through the new edition of Sudo Mastery. Assuming nothing terrible happens, should have a complete first draft in four to six weeks. Enough stuff has changed in sudo that I need to carefully double-check every single feature. (I’m also horrified by the painfully obsolete versions of sudo shipped in the latest versions of CentOS and Debian, but people running those operating systems are already accustomed to their creaky obsolescence.)</p>
21087
21088 <p>But the reason for this blog post? I have Eddie Sharam’s glorious cover art. My Patronizers saw it last month, so now the rest of you get a turn.</p>
21089 </blockquote>
21090
21091 <hr>
21092
21093 <h3><a href="https://tenfourfox.blogspot.com/2019/06/and-now-for-something-completely.html" rel="nofollow">NetBSD on the last G4 Mac mini</a></h3>
21094
21095 <blockquote>
21096 <p>I'm a big fan of NetBSD. I've run it since 2000 on a Mac IIci (of course it's still running it) and I ran it for several years on a Power Mac 7300 with a G3 card which was the second incarnation of the Floodgap gopher server. Today I also still run it on a MIPS-based Cobalt RaQ 2 and an HP Jornada 690. I think NetBSD is a better match for smaller or underpowered systems than current-day Linux, and is fairly easy to harden and keep secure even though none of these systems are exposed to the outside world.</p>
21097
21098 <p>Recently I had a need to set up a bridge system that would be fast enough to connect two networks and I happened to have two of the "secret" last-of-the-line 1.5GHz G4 Mac minis sitting on the shelf doing nothing. Yes, they're probably outclassed by later Raspberry Pi models, but I don't have to buy anything and I like putting old hardware to good use.</p>
21099 </blockquote>
21100
21101 <hr>
21102
21103 <h3><a href="https://phoronix.com/scan.php?page=news_item&px=DragonFlyBSD-5.6-HAMMER2-Perf" rel="nofollow">Hammer vs Hammer2</a></h3>
21104
21105 <blockquote>
21106 <p>With the newly released DragonFlyBSD 5.6 there are improvements to its original HAMMER2 file-system to the extent that it's now selected by its installer as the default file-system choice for new installations. Curious how the performance now compares between HAMMER and HAMMER2, here are some initial benchmarks on an NVMe solid-state drive using DragonFlyBSD 5.6.0. </p>
21107
21108 <p>With a 120GB Toshiba NVMe SSD on an Intel Core i7 8700K system, I ran some benchmarks of DragonFlyBSD 5.6.0 freshly installed with HAMMER2 and then again when returning to the original HAMMER file-system that remains available via its installer. No other changes were made to the setup during testing. </p>
21109
21110 <p>And then for the more synthetic workloads it was just a mix. But overall HAMMER2 was performing well during the initial testing and great to see it continuing to offer noticeable leads in real-world workloads compared to the aging HAMMER file-system. HAMMER2 also offers better clustering, online deduplication, snapshots, compression, encryption, and many other modern file-system features.</p>
21111 </blockquote>
21112
21113 <hr>
21114
21115 <h2>Beastie Bits</h2>
21116
21117 <ul>
21118 <li><a href="https://spin.atomicobject.com/2019/06/16/unix-cli-relational-database/" rel="nofollow">Unix CLI relational database</a></li>
21119 <li><a href="https://www.linusakesson.net/programming/tty/index.php" rel="nofollow">The TTY demystified</a></li>
21120 <li><a href="https://ranger.github.io/" rel="nofollow">Ranger, a console file manager with VI keybindings</a></li>
21121 <li><a href="https://www.reddit.com/r/unix/comments/c6o5ze/some_unix_humor/" rel="nofollow">Some Unix Humor</a></li>
21122 <li><a href="https://marc.info/?l=openbsd-ports-cvs&m=156121732625604&w=2" rel="nofollow">OpenBSD -import vulkan-loader for Vulkan API support</a></li>
21123 <li><a href="https://savagedlight.me/2019/06/09/freebsd-zfs-without-drives/" rel="nofollow">FreeBSD ZFS without drives</a></li>
21124 </ul>
21125
21126 <hr>
21127
21128 <h2>Feedback/Questions</h2>
21129
21130 <ul>
21131 <li>Moritz - <a href="http://dpaste.com/175RRAZ" rel="nofollow">ARM Builds</a></li>
21132 <li>Dave - <a href="http://dpaste.com/2DYK85B" rel="nofollow">Videos</a></li>
21133 <li>Chris - <a href="http://dpaste.com/1B16QVN" rel="nofollow">Raspberry Pi4</a></li>
21134 </ul>
21135
21136 <hr>
21137
21138 <ul>
21139 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
21140 </ul>
21141
21142 <hr>
21143
21144 <video controls preload="metadata" style=" width:426px; height:240px;">
21145 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0306.mp4" type="video/mp4">
21146 Your browser does not support the HTML5 video tag.
21147 </video>]]>
21148 </itunes:summary>
21149 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+NHr7nOD5</fireside:playerURL>
21150 <fireside:playerEmbedCode>
21151 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+NHr7nOD5" width="740" height="200" frameborder="0" scrolling="no">]]>
21152 </fireside:playerEmbedCode>
21153 </item>
21154 <item>
21155 <title>305: Changing face of Unix</title>
21156 <link>https://www.bsdnow.tv/305</link>
21157 <guid isPermaLink="false">3ad52b9d-03b4-4c00-a16f-cc4be091e6ff</guid>
21158 <pubDate>Wed, 03 Jul 2019 19:00:00 -0700</pubDate>
21159 <author>Allan Jude</author>
21160 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/3ad52b9d-03b4-4c00-a16f-cc4be091e6ff.mp3" length="40433394" type="audio/mp3"/>
21161 <itunes:episodeType>full</itunes:episodeType>
21162 <itunes:author>Allan Jude</itunes:author>
21163 <itunes:subtitle>Website protection with OPNsense, FreeBSD Support Pull Request for ZFS-on-Linux, How much has Unix changed, Porting Wine to amd64 on NetBSD, FreeBSD Enterprise 1 PB Storage, the death watch for X11 has started, and more.</itunes:subtitle>
21164 <itunes:duration>56:09</itunes:duration>
21165 <itunes:explicit>no</itunes:explicit>
21166 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
21167 <description>Website protection with OPNsense, FreeBSD Support Pull Request for ZFS-on-Linux, How much has Unix changed, Porting Wine to amd64 on NetBSD, FreeBSD Enterprise 1 PB Storage, the death watch for X11 has started, and more.
21168 Headlines
21169 Website protection with OPNsense (https://medium.com/@jccwbb/website-protection-with-opnsense-3586a529d487)
21170 with nginx plugin OPNsense become a strong full featured Web Application Firewall (WAF)
21171 The OPNsense security platform can help you to protect your network and your webservers with the nginx plugin addition.
21172 In old days, install an open source firewall was a very trick task, but today it can be done with few clicks (or key strokes). In this article I'll not describe the detailed OPNsense installation process, but you can watch this video that was extracted from my OPNsense course available in Udemy. The video is in portuguese language, but with the translation CC Youtube feature you may be able to follow it without problems (if you don't are a portuguese speaker ofcourse) :-)
21173 + See the article for the rest of the writeup
21174 FreeBSD Support Pull Request against the ZFS-on-Linux repo (https://github.com/zfsonlinux/zfs/pull/8987)
21175 This pull request integrates the sysutils/openzfs port’s sources into the upstream ZoL repo
21176 > Adding FreeBSD support to ZoL will make it easier to move changes back and forth between FreeBSD and Linux
21177 > Refactor tree to separate out Linux and FreeBSD specific code
21178 > import FreeBSD's SPL
21179 > add ifdefs in common code where it made more sense to do so than duplicate the code in separate files
21180 > Adapted ZFS Test Suite to run on FreeBSD and all tests that pass on ZoL passing on ZoF
21181 The plan to officially rename the common repo from ZFSonLinux to OpenZFS was announced at the ZFS Leadership Meeting on June 25th
21182 Video of Leadership Meeting (https://www.youtube.com/watch?v=TJwykiJmH0M)
21183 Meeting Agenda and Notes (https://docs.google.com/document/d/1w2jv2XVYFmBVvG1EGf-9A5HBVsjAYoLIFZAnWHhV-BM/edit)
21184 This will allow improvements made on one OS to be made available more easily (and more quickly) to the other platforms
21185 For example, mav@’s recent work:
21186 Add wakeupany(), cheaper version of wakeupone() for taskqueue(9) (https://svnweb.freebsd.org/base?view=revision&revision=349220)
21187 > As result, on 72-core Xeon v4 machine sequential ZFS write to 12 ZVOLs with 16KB block size spend 34% less time in wakeupany() and descendants then it was spending in wakeupone(), and total write throughput increased by ~10% with the same as before CPU usage.
21188 News Roundup
21189 Episode 5 Notes - How much has UNIX changed? (http://adventofcomputing.libsyn.com/episode-5-notes-how-much-has-unix-changed)
21190 UNIX-like systems have dominated computing for decades, and with the rise of the internet and mobile devices their reach has become even larger. True, most systems now use more modern OSs like Linux, but how much has the UNIX-like landscape changed since the early days?
21191 So, my question was this: how close is a modern *NIX userland to some of the earliest UNIX releases? To do this I'm going to compare a few key points of a modern Linux system with the earliest UNIX documentation I can get my hands on. The doc I am going to be covering(https://www.tuhs.org/Archive/Distributions/Research/Dennisv1/UNIXProgrammersManual_Nov71.pdf) is from November 1971, predating v1 of the system.
21192 I think the best place to start this comparison is to look at one of the highest-profile parts of the OS, that being the file system. Under the hood modern EXT file systems are completely different from the early UNIX file systems. However, they are still presented in basically the same way, as a heirerarchicat structure of directories with device files. So paths still look identical, and navigating the file system still functions the same. Often used commands like ls, cp, mv, du, and df function the same. So are mount and umount. But, there are some key differences. For instance, cd didn't exist, yet instead chdir filled its place. Also, chmod is somewhat different. Instead of the usual 3-digit octal codes for permissions, this older version only uses 2 digits. Really, that difference is due to the underlying file system using a different permission set than modern systems. For the most part, all the file handling is actually pretty close to a Linux system from 2019.
21193 See the article for the rest of the writeup
21194 Porting Wine to amd64 on NetBSD (https://blog.netbsd.org/tnf/entry/porting_wine_to_amd64_on)
21195 I have been working on porting Wine to amd64 on NetBSD as a GSoC 2019 project. Wine is a compatibility layer which allows running Microsoft Windows applications on POSIX-complaint operating systems. This report provides an overview of the progress of the project during the first coding period.
21196 Initially, when I started working on getting Wine-4.4 to build and run on NetBSD i386 the primary issue that I faced was Wine displaying black windows instead of UI, and this applied to any graphical program I tried running with Wine.
21197 I suspected it , as it is related to graphics, to be an issue with the graphics driver or Xorg. Subsequently, I tried building modular Xorg, and I tried running Wine on it only to realize that Xorg being modular didn't affect it in the least. After having tried a couple of configurations, I realized that trying to hazard out every other probability is going to take an awful lot of time that I didn't have. This motivated me to bisect the repo using git, and find the first version of Wine which failed on NetBSD.
21198 + See the article for the rest of the writeup
21199 FreeBSD Enterprise 1 PB Storage (https://vermaden.wordpress.com/2019/06/19/freebsd-enterprise-1-pb-storage/?utm_source=discoverbsd)
21200 Today FreeBSD operating system turns 26 years old. 19 June is an International FreeBSD Day. This is why I got something special today :). How about using FreeBSD as an Enterprise Storage solution on real hardware? This where FreeBSD shines with all its storage features ZFS included.
21201 Today I will show you how I have built so called Enterprise Storage based on FreeBSD system along with more then 1 PB (Petabyte) of raw capacity.
21202 This project is different. How much storage space can you squeeze from a single 4U system? It turns out a lot! Definitely more then 1 PB (1024 TB) of raw storage space.
21203 See the article for the rest of the writeup
21204 The death watch for the X Window System (aka X11) has probably started (https://utcc.utoronto.ca/~cks/space/blog/unix/XDeathwatchStarts)
21205 Once we are done with this we expect X.org to go into hard maintenance mode fairly quickly. The reality is that X.org is basically maintained by us and thus once we stop paying attention to it there is unlikely to be any major new releases coming out and there might even be some bitrot setting in over time. We will keep an eye on it as we will want to ensure X.org stays supportable until the end of the RHEL8 lifecycle at a minimum, but let this be a friendly notice for everyone who rely the work we do maintaining the Linux graphics stack, get onto Wayland, that is where the future is.
21206 I have no idea how true this is about X.org X server maintenance, either now or in the future, but I definitely think it's a sign that developers have started saying this. If Gnome developers feel that X.org is going to be in hard maintenance mode almost immediately, they're probably pretty likely to also put the Gnome code that deals with X into hard maintenance mode. And public Gnome statements about this (and public action or lack of it) provide implicit support for KDE and any other desktop to move in this direction if they want to (and probably create some pressure to do so). I've known that Wayland was the future for some time, but I would still like it to not arrive any time soon.
21207 Beastie Bits
21208 Porting NetBSD to Risc-V -- Video (https://www.youtube.com/watch?v=2vQXGomKoxA)
21209 FreeBSD 11.3RC3 Available (https://www.freebsd.org/news/newsflash.html#event20190628:01)
21210 Open Source Could Be a Casualty of the Trade War (https://www.bunniestudios.com/blog/?p=5590)
21211 Celebrate UNIX50 and SDF32 (https://sdf.org/sdf32/)
21212 doas environmental security (https://undeadly.org/cgi?action=article;sid=20190621104048)
21213 Feedback/Questions
21214 Matt - BSD or Older Hardware (http://dpaste.com/1RP09F0#wrap)
21215 MJRodriguez - Some Playstation news (http://dpaste.com/046SPPB#wrap)
21216 Moritz - bhyve VT-x passthrough (http://dpaste.com/1H4PJXW)
21217 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
21218 <video controls preload="metadata" style=" width:426px; height:240px;">
21219 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0305.mp4" type="video/mp4">
21220 Your browser does not support the HTML5 video tag.
21221 </video>
21222 </description>
21223 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, opnsense, wine, storage, x11, x windows, risc-v, unix50, sdf32, doas</itunes:keywords>
21224 <content:encoded>
21225 <![CDATA[<p>Website protection with OPNsense, FreeBSD Support Pull Request for ZFS-on-Linux, How much has Unix changed, Porting Wine to amd64 on NetBSD, FreeBSD Enterprise 1 PB Storage, the death watch for X11 has started, and more.</p>
21226
21227 <h2>Headlines</h2>
21228
21229 <h3><a href="https://medium.com/@jccwbb/website-protection-with-opnsense-3586a529d487" rel="nofollow">Website protection with OPNsense</a></h3>
21230
21231 <ul>
21232 <li>with nginx plugin OPNsense become a strong full featured Web Application Firewall (WAF)</li>
21233 </ul>
21234
21235 <blockquote>
21236 <p>The OPNsense security platform can help you to protect your network and your webservers with the nginx plugin addition.<br>
21237 In old days, install an open source firewall was a very trick task, but today it can be done with few clicks (or key strokes). In this article I'll not describe the detailed OPNsense installation process, but you can watch this video that was extracted from my OPNsense course available in Udemy. The video is in portuguese language, but with the translation CC Youtube feature you may be able to follow it without problems (if you don't are a portuguese speaker ofcourse) :-)</p>
21238
21239 <ul>
21240 <li>See the article for the rest of the writeup</li>
21241 </ul>
21242 </blockquote>
21243
21244 <hr>
21245
21246 <h3><a href="https://github.com/zfsonlinux/zfs/pull/8987" rel="nofollow">FreeBSD Support Pull Request against the ZFS-on-Linux repo</a></h3>
21247
21248 <ul>
21249 <li>This pull request integrates the sysutils/openzfs port’s sources into the upstream ZoL repo
21250 > Adding FreeBSD support to ZoL will make it easier to move changes back and forth between FreeBSD and Linux
21251 > Refactor tree to separate out Linux and FreeBSD specific code
21252 > import FreeBSD's SPL
21253 > add ifdefs in common code where it made more sense to do so than duplicate the code in separate files
21254 > Adapted ZFS Test Suite to run on FreeBSD and all tests that pass on ZoL passing on ZoF</li>
21255 <li>The plan to officially rename the common repo from ZFSonLinux to OpenZFS was announced at the ZFS Leadership Meeting on June 25th</li>
21256 <li><a href="https://www.youtube.com/watch?v=TJwykiJmH0M" rel="nofollow">Video of Leadership Meeting</a></li>
21257 <li><a href="https://docs.google.com/document/d/1w2jv2XVYFmBVvG1EGf-9A5HBVsjAYoLIFZAnWHhV-BM/edit" rel="nofollow">Meeting Agenda and Notes</a></li>
21258 <li>This will allow improvements made on one OS to be made available more easily (and more quickly) to the other platforms</li>
21259 <li>For example, mav@’s recent work:</li>
21260 <li><a href="https://svnweb.freebsd.org/base?view=revision&revision=349220" rel="nofollow">Add wakeup_any(), cheaper version of wakeup_one() for taskqueue(9)</a>
21261 > As result, on 72-core Xeon v4 machine sequential ZFS write to 12 ZVOLs with 16KB block size spend 34% less time in wakeup_any() and descendants then it was spending in wakeup_one(), and total write throughput increased by ~10% with the same as before CPU usage.</li>
21262 </ul>
21263
21264 <hr>
21265
21266 <h2>News Roundup</h2>
21267
21268 <h3><a href="http://adventofcomputing.libsyn.com/episode-5-notes-how-much-has-unix-changed" rel="nofollow">Episode 5 Notes - How much has UNIX changed?</a></h3>
21269
21270 <blockquote>
21271 <p>UNIX-like systems have dominated computing for decades, and with the rise of the internet and mobile devices their reach has become even larger. True, most systems now use more modern OSs like Linux, but how much has the UNIX-like landscape changed since the early days?<br>
21272 So, my question was this: how close is a modern *NIX userland to some of the earliest UNIX releases? To do this I'm going to compare a few key points of a modern Linux system with the earliest UNIX documentation I can get my hands on. The doc I am going to be covering(<a href="https://www.tuhs.org/Archive/Distributions/Research/Dennis_v1/UNIX_ProgrammersManual_Nov71.pdf" rel="nofollow">https://www.tuhs.org/Archive/Distributions/Research/Dennis_v1/UNIX_ProgrammersManual_Nov71.pdf</a>) is from November 1971, predating v1 of the system.<br>
21273 I think the best place to start this comparison is to look at one of the highest-profile parts of the OS, that being the file system. Under the hood modern EXT file systems are completely different from the early UNIX file systems. However, they are still presented in basically the same way, as a heirerarchicat structure of directories with device files. So paths still look identical, and navigating the file system still functions the same. Often used commands like <code>ls</code>, <code>cp</code>, <code>mv</code>, <code>du</code>, and <code>df</code> function the same. So are <code>mount</code> and <code>umount</code>. But, there are some key differences. For instance, <code>cd</code> didn't exist, yet instead <code>chdir</code> filled its place. Also, <code>chmod</code> is somewhat different. Instead of the usual 3-digit octal codes for permissions, this older version only uses 2 digits. Really, that difference is due to the underlying file system using a different permission set than modern systems. For the most part, all the file handling is actually pretty close to a Linux system from 2019.</p>
21274 </blockquote>
21275
21276 <ul>
21277 <li>See the article for the rest of the writeup</li>
21278 </ul>
21279
21280 <hr>
21281
21282 <h3><a href="https://blog.netbsd.org/tnf/entry/porting_wine_to_amd64_on" rel="nofollow">Porting Wine to amd64 on NetBSD</a></h3>
21283
21284 <blockquote>
21285 <p>I have been working on porting Wine to amd64 on NetBSD as a GSoC 2019 project. Wine is a compatibility layer which allows running Microsoft Windows applications on POSIX-complaint operating systems. This report provides an overview of the progress of the project during the first coding period.<br>
21286 Initially, when I started working on getting Wine-4.4 to build and run on NetBSD i386 the primary issue that I faced was Wine displaying black windows instead of UI, and this applied to any graphical program I tried running with Wine.<br>
21287 I suspected it , as it is related to graphics, to be an issue with the graphics driver or Xorg. Subsequently, I tried building modular Xorg, and I tried running Wine on it only to realize that Xorg being modular didn't affect it in the least. After having tried a couple of configurations, I realized that trying to hazard out every other probability is going to take an awful lot of time that I didn't have. This motivated me to bisect the repo using git, and find the first version of Wine which failed on NetBSD.</p>
21288
21289 <ul>
21290 <li>See the article for the rest of the writeup</li>
21291 </ul>
21292 </blockquote>
21293
21294 <hr>
21295
21296 <h3><a href="https://vermaden.wordpress.com/2019/06/19/freebsd-enterprise-1-pb-storage/?utm_source=discoverbsd" rel="nofollow">FreeBSD Enterprise 1 PB Storage</a></h3>
21297
21298 <blockquote>
21299 <p>Today FreeBSD operating system turns 26 years old. 19 June is an International FreeBSD Day. This is why I got something special today :). How about using FreeBSD as an Enterprise Storage solution on real hardware? This where FreeBSD shines with all its storage features ZFS included.<br>
21300 Today I will show you how I have built so called Enterprise Storage based on FreeBSD system along with more then 1 PB (Petabyte) of raw capacity.<br>
21301 This project is different. How much storage space can you squeeze from a single 4U system? It turns out a lot! Definitely more then 1 PB (1024 TB) of raw storage space.</p>
21302 </blockquote>
21303
21304 <ul>
21305 <li>See the article for the rest of the writeup</li>
21306 </ul>
21307
21308 <hr>
21309
21310 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/unix/XDeathwatchStarts" rel="nofollow">The death watch for the X Window System (aka X11) has probably started</a></h3>
21311
21312 <blockquote>
21313 <p>Once we are done with this we expect X.org to go into hard maintenance mode fairly quickly. The reality is that X.org is basically maintained by us and thus once we stop paying attention to it there is unlikely to be any major new releases coming out and there might even be some bitrot setting in over time. We will keep an eye on it as we will want to ensure X.org stays supportable until the end of the RHEL8 lifecycle at a minimum, but let this be a friendly notice for everyone who rely the work we do maintaining the Linux graphics stack, get onto Wayland, that is where the future is.<br>
21314 I have no idea how true this is about X.org X server maintenance, either now or in the future, but I definitely think it's a sign that developers have started saying this. If Gnome developers feel that X.org is going to be in hard maintenance mode almost immediately, they're probably pretty likely to also put the Gnome code that deals with X into hard maintenance mode. And public Gnome statements about this (and public action or lack of it) provide implicit support for KDE and any other desktop to move in this direction if they want to (and probably create some pressure to do so). I've known that Wayland was the future for some time, but I would still like it to not arrive any time soon.</p>
21315 </blockquote>
21316
21317 <hr>
21318
21319 <h2>Beastie Bits</h2>
21320
21321 <ul>
21322 <li><a href="https://www.youtube.com/watch?v=2vQXGomKoxA" rel="nofollow">Porting NetBSD to Risc-V -- Video</a></li>
21323 <li><a href="https://www.freebsd.org/news/newsflash.html#event20190628:01" rel="nofollow">FreeBSD 11.3RC3 Available</a></li>
21324 <li><a href="https://www.bunniestudios.com/blog/?p=5590" rel="nofollow">Open Source Could Be a Casualty of the Trade War</a></li>
21325 <li><a href="https://sdf.org/sdf32/" rel="nofollow">Celebrate UNIX50 and SDF32</a></li>
21326 <li><a href="https://undeadly.org/cgi?action=article;sid=20190621104048" rel="nofollow">doas environmental security</a></li>
21327 </ul>
21328
21329 <hr>
21330
21331 <h2>Feedback/Questions</h2>
21332
21333 <ul>
21334 <li>Matt - <a href="http://dpaste.com/1RP09F0#wrap" rel="nofollow">BSD or Older Hardware</a></li>
21335 <li>MJRodriguez - <a href="http://dpaste.com/046SPPB#wrap" rel="nofollow">Some Playstation news</a></li>
21336 <li>Moritz - <a href="http://dpaste.com/1H4PJXW" rel="nofollow">bhyve VT-x passthrough</a></li>
21337 </ul>
21338
21339 <hr>
21340
21341 <ul>
21342 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
21343 </ul>
21344
21345 <hr>
21346
21347 <video controls preload="metadata" style=" width:426px; height:240px;">
21348 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0305.mp4" type="video/mp4">
21349 Your browser does not support the HTML5 video tag.
21350 </video>]]>
21351 </content:encoded>
21352 <itunes:summary>
21353 <![CDATA[<p>Website protection with OPNsense, FreeBSD Support Pull Request for ZFS-on-Linux, How much has Unix changed, Porting Wine to amd64 on NetBSD, FreeBSD Enterprise 1 PB Storage, the death watch for X11 has started, and more.</p>
21354
21355 <h2>Headlines</h2>
21356
21357 <h3><a href="https://medium.com/@jccwbb/website-protection-with-opnsense-3586a529d487" rel="nofollow">Website protection with OPNsense</a></h3>
21358
21359 <ul>
21360 <li>with nginx plugin OPNsense become a strong full featured Web Application Firewall (WAF)</li>
21361 </ul>
21362
21363 <blockquote>
21364 <p>The OPNsense security platform can help you to protect your network and your webservers with the nginx plugin addition.<br>
21365 In old days, install an open source firewall was a very trick task, but today it can be done with few clicks (or key strokes). In this article I'll not describe the detailed OPNsense installation process, but you can watch this video that was extracted from my OPNsense course available in Udemy. The video is in portuguese language, but with the translation CC Youtube feature you may be able to follow it without problems (if you don't are a portuguese speaker ofcourse) :-)</p>
21366
21367 <ul>
21368 <li>See the article for the rest of the writeup</li>
21369 </ul>
21370 </blockquote>
21371
21372 <hr>
21373
21374 <h3><a href="https://github.com/zfsonlinux/zfs/pull/8987" rel="nofollow">FreeBSD Support Pull Request against the ZFS-on-Linux repo</a></h3>
21375
21376 <ul>
21377 <li>This pull request integrates the sysutils/openzfs port’s sources into the upstream ZoL repo
21378 > Adding FreeBSD support to ZoL will make it easier to move changes back and forth between FreeBSD and Linux
21379 > Refactor tree to separate out Linux and FreeBSD specific code
21380 > import FreeBSD's SPL
21381 > add ifdefs in common code where it made more sense to do so than duplicate the code in separate files
21382 > Adapted ZFS Test Suite to run on FreeBSD and all tests that pass on ZoL passing on ZoF</li>
21383 <li>The plan to officially rename the common repo from ZFSonLinux to OpenZFS was announced at the ZFS Leadership Meeting on June 25th</li>
21384 <li><a href="https://www.youtube.com/watch?v=TJwykiJmH0M" rel="nofollow">Video of Leadership Meeting</a></li>
21385 <li><a href="https://docs.google.com/document/d/1w2jv2XVYFmBVvG1EGf-9A5HBVsjAYoLIFZAnWHhV-BM/edit" rel="nofollow">Meeting Agenda and Notes</a></li>
21386 <li>This will allow improvements made on one OS to be made available more easily (and more quickly) to the other platforms</li>
21387 <li>For example, mav@’s recent work:</li>
21388 <li><a href="https://svnweb.freebsd.org/base?view=revision&revision=349220" rel="nofollow">Add wakeup_any(), cheaper version of wakeup_one() for taskqueue(9)</a>
21389 > As result, on 72-core Xeon v4 machine sequential ZFS write to 12 ZVOLs with 16KB block size spend 34% less time in wakeup_any() and descendants then it was spending in wakeup_one(), and total write throughput increased by ~10% with the same as before CPU usage.</li>
21390 </ul>
21391
21392 <hr>
21393
21394 <h2>News Roundup</h2>
21395
21396 <h3><a href="http://adventofcomputing.libsyn.com/episode-5-notes-how-much-has-unix-changed" rel="nofollow">Episode 5 Notes - How much has UNIX changed?</a></h3>
21397
21398 <blockquote>
21399 <p>UNIX-like systems have dominated computing for decades, and with the rise of the internet and mobile devices their reach has become even larger. True, most systems now use more modern OSs like Linux, but how much has the UNIX-like landscape changed since the early days?<br>
21400 So, my question was this: how close is a modern *NIX userland to some of the earliest UNIX releases? To do this I'm going to compare a few key points of a modern Linux system with the earliest UNIX documentation I can get my hands on. The doc I am going to be covering(<a href="https://www.tuhs.org/Archive/Distributions/Research/Dennis_v1/UNIX_ProgrammersManual_Nov71.pdf" rel="nofollow">https://www.tuhs.org/Archive/Distributions/Research/Dennis_v1/UNIX_ProgrammersManual_Nov71.pdf</a>) is from November 1971, predating v1 of the system.<br>
21401 I think the best place to start this comparison is to look at one of the highest-profile parts of the OS, that being the file system. Under the hood modern EXT file systems are completely different from the early UNIX file systems. However, they are still presented in basically the same way, as a heirerarchicat structure of directories with device files. So paths still look identical, and navigating the file system still functions the same. Often used commands like <code>ls</code>, <code>cp</code>, <code>mv</code>, <code>du</code>, and <code>df</code> function the same. So are <code>mount</code> and <code>umount</code>. But, there are some key differences. For instance, <code>cd</code> didn't exist, yet instead <code>chdir</code> filled its place. Also, <code>chmod</code> is somewhat different. Instead of the usual 3-digit octal codes for permissions, this older version only uses 2 digits. Really, that difference is due to the underlying file system using a different permission set than modern systems. For the most part, all the file handling is actually pretty close to a Linux system from 2019.</p>
21402 </blockquote>
21403
21404 <ul>
21405 <li>See the article for the rest of the writeup</li>
21406 </ul>
21407
21408 <hr>
21409
21410 <h3><a href="https://blog.netbsd.org/tnf/entry/porting_wine_to_amd64_on" rel="nofollow">Porting Wine to amd64 on NetBSD</a></h3>
21411
21412 <blockquote>
21413 <p>I have been working on porting Wine to amd64 on NetBSD as a GSoC 2019 project. Wine is a compatibility layer which allows running Microsoft Windows applications on POSIX-complaint operating systems. This report provides an overview of the progress of the project during the first coding period.<br>
21414 Initially, when I started working on getting Wine-4.4 to build and run on NetBSD i386 the primary issue that I faced was Wine displaying black windows instead of UI, and this applied to any graphical program I tried running with Wine.<br>
21415 I suspected it , as it is related to graphics, to be an issue with the graphics driver or Xorg. Subsequently, I tried building modular Xorg, and I tried running Wine on it only to realize that Xorg being modular didn't affect it in the least. After having tried a couple of configurations, I realized that trying to hazard out every other probability is going to take an awful lot of time that I didn't have. This motivated me to bisect the repo using git, and find the first version of Wine which failed on NetBSD.</p>
21416
21417 <ul>
21418 <li>See the article for the rest of the writeup</li>
21419 </ul>
21420 </blockquote>
21421
21422 <hr>
21423
21424 <h3><a href="https://vermaden.wordpress.com/2019/06/19/freebsd-enterprise-1-pb-storage/?utm_source=discoverbsd" rel="nofollow">FreeBSD Enterprise 1 PB Storage</a></h3>
21425
21426 <blockquote>
21427 <p>Today FreeBSD operating system turns 26 years old. 19 June is an International FreeBSD Day. This is why I got something special today :). How about using FreeBSD as an Enterprise Storage solution on real hardware? This where FreeBSD shines with all its storage features ZFS included.<br>
21428 Today I will show you how I have built so called Enterprise Storage based on FreeBSD system along with more then 1 PB (Petabyte) of raw capacity.<br>
21429 This project is different. How much storage space can you squeeze from a single 4U system? It turns out a lot! Definitely more then 1 PB (1024 TB) of raw storage space.</p>
21430 </blockquote>
21431
21432 <ul>
21433 <li>See the article for the rest of the writeup</li>
21434 </ul>
21435
21436 <hr>
21437
21438 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/unix/XDeathwatchStarts" rel="nofollow">The death watch for the X Window System (aka X11) has probably started</a></h3>
21439
21440 <blockquote>
21441 <p>Once we are done with this we expect X.org to go into hard maintenance mode fairly quickly. The reality is that X.org is basically maintained by us and thus once we stop paying attention to it there is unlikely to be any major new releases coming out and there might even be some bitrot setting in over time. We will keep an eye on it as we will want to ensure X.org stays supportable until the end of the RHEL8 lifecycle at a minimum, but let this be a friendly notice for everyone who rely the work we do maintaining the Linux graphics stack, get onto Wayland, that is where the future is.<br>
21442 I have no idea how true this is about X.org X server maintenance, either now or in the future, but I definitely think it's a sign that developers have started saying this. If Gnome developers feel that X.org is going to be in hard maintenance mode almost immediately, they're probably pretty likely to also put the Gnome code that deals with X into hard maintenance mode. And public Gnome statements about this (and public action or lack of it) provide implicit support for KDE and any other desktop to move in this direction if they want to (and probably create some pressure to do so). I've known that Wayland was the future for some time, but I would still like it to not arrive any time soon.</p>
21443 </blockquote>
21444
21445 <hr>
21446
21447 <h2>Beastie Bits</h2>
21448
21449 <ul>
21450 <li><a href="https://www.youtube.com/watch?v=2vQXGomKoxA" rel="nofollow">Porting NetBSD to Risc-V -- Video</a></li>
21451 <li><a href="https://www.freebsd.org/news/newsflash.html#event20190628:01" rel="nofollow">FreeBSD 11.3RC3 Available</a></li>
21452 <li><a href="https://www.bunniestudios.com/blog/?p=5590" rel="nofollow">Open Source Could Be a Casualty of the Trade War</a></li>
21453 <li><a href="https://sdf.org/sdf32/" rel="nofollow">Celebrate UNIX50 and SDF32</a></li>
21454 <li><a href="https://undeadly.org/cgi?action=article;sid=20190621104048" rel="nofollow">doas environmental security</a></li>
21455 </ul>
21456
21457 <hr>
21458
21459 <h2>Feedback/Questions</h2>
21460
21461 <ul>
21462 <li>Matt - <a href="http://dpaste.com/1RP09F0#wrap" rel="nofollow">BSD or Older Hardware</a></li>
21463 <li>MJRodriguez - <a href="http://dpaste.com/046SPPB#wrap" rel="nofollow">Some Playstation news</a></li>
21464 <li>Moritz - <a href="http://dpaste.com/1H4PJXW" rel="nofollow">bhyve VT-x passthrough</a></li>
21465 </ul>
21466
21467 <hr>
21468
21469 <ul>
21470 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
21471 </ul>
21472
21473 <hr>
21474
21475 <video controls preload="metadata" style=" width:426px; height:240px;">
21476 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0305.mp4" type="video/mp4">
21477 Your browser does not support the HTML5 video tag.
21478 </video>]]>
21479 </itunes:summary>
21480 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+qGi6lEDM</fireside:playerURL>
21481 <fireside:playerEmbedCode>
21482 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+qGi6lEDM" width="740" height="200" frameborder="0" scrolling="no">]]>
21483 </fireside:playerEmbedCode>
21484 </item>
21485 <item>
21486 <title>304: Prospering with Vulkan</title>
21487 <link>https://www.bsdnow.tv/304</link>
21488 <guid isPermaLink="false">6da25674-3858-4ebc-b4a5-257e1eefcbf4</guid>
21489 <pubDate>Thu, 27 Jun 2019 00:45:00 -0700</pubDate>
21490 <author>Allan Jude</author>
21491 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/6da25674-3858-4ebc-b4a5-257e1eefcbf4.mp3" length="45762060" type="audio/mp3"/>
21492 <itunes:episodeType>full</itunes:episodeType>
21493 <itunes:author>Allan Jude</itunes:author>
21494 <itunes:subtitle>DragonflyBSD 5.6 is out, OpenBSD Vulkan Support, bad utmp implementations in glibc and FreeBSD, OpenSSH protects itself against Side Channel attacks, ZFS vs OpenZFS, and more.</itunes:subtitle>
21495 <itunes:duration>1:03:33</itunes:duration>
21496 <itunes:explicit>no</itunes:explicit>
21497 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
21498 <description>DragonflyBSD 5.6 is out, OpenBSD Vulkan Support, bad utmp implementations in glibc and FreeBSD, OpenSSH protects itself against Side Channel attacks, ZFS vs OpenZFS, and more.
21499 Headlines
21500 DragonflyBSD 5.6 is out (https://www.dragonflybsd.org/release56)
21501 Version 5.6.0 released 17 June 2019
21502 Version 5.6.1 released 19 June 2019 (https://www.dragonflydigest.com/2019/06/19/23091.html)
21503 Big-ticket items
21504 Improved VM
21505 Informal test results showing the changes from 5.4 to 5.6 are available.
21506 Reduce stalls in the kernel vmpagealloc() code (vmpagelist_find()).
21507 Improve page allocation algorithm to avoid re-iterating the same queues as the search is widened.
21508 Add a vmpagehash*() API that allows the kernel to do heuristical lockless lookups of VM pages.
21509 Change vmhold() and vmunhold() semantics to not require any spin-locks.
21510 Change vmpagewakeup() to not require any spin-locks.
21511 Change wiring vm_page's no longer manipulates the queue the page is on, saving a lot of overhead. Instead, the page will be removed from its queue only if the pageout demon encounters it. This allows pages to enter and leave the buffer cache quickly.
21512 Refactor the handling of fictitious pages.
21513 Remove m->md.pvlist entirely. VM pages in mappings no longer allocate pventry's, saving an enormous amount of memory when multiple processes utilize large shared memory maps (e.g. postgres database cache).
21514 Refactor vmobject shadowing, disconnecting the backing linkages from the vmobject itself and instead organizing the linkages in a new structure called vmmapbacking which hangs off the vmmapentry.
21515 pmap operations now iterate vmmapbacking structures (rather than spin-locked page lists based on the vmpage and pventry's), and will test/match operations against the PTE found in the pmap at the requisite location. This doubles VM fault performance on shared pages and reduces the locking overhead for fault and pmap operations.
21516 Simplify the collapse code, removing most of the original code and replacing it with simpler per-vmmapentry optimizations to limit the shadow depth.
21517 DRM
21518 Major updates to the radeon and ttm (amd support code) drivers. We have not quite gotten the AMD support up to the more modern cards or Ryzen APUs yet, however.
21519 Improve UEFI framebuffer support.
21520 A major deadlock has been fixed in the radeon/ttm code.
21521 Refactor the startup delay designed to avoid conflicts between the i915 driver initialization and X startup.
21522 Add DRMIOCTLGET_PCIINFO to improve mesa/libdrm support.
21523 Fix excessive wired memory build-ups.
21524 Fix Linux/DragonFly PAGE_MASK confusion in the DRM code.
21525 Fix idr_*() API bugs.
21526 HAMMER2
21527 The filesystem sync code has been rewritten to significantly improve performance.
21528 Sequential write performance also improved.
21529 Add simple dependency tracking to prevent directory/file splits during create/rename/remove operations, for better consistency after a crash.
21530 Refactor the snapshot code to reduce flush latency and to ensure a consistent snapshot.
21531 Attempt to pipeline the flush code against the frontend, improving flush vs frontend write concurrency.
21532 Improve umount operation.
21533 Fix an allocator race that could lead to corruption.
21534 Numerous other bugs fixed.
21535 Improve verbosity of CHECK (CRC error) console messages.
21536 OpenBSD Vulkan Support (https://www.phoronix.com/scan.php?page=news_item&px=OpenBSD-Vulkan-Support)
21537 Somewhat surprisingly, OpenBSD has added the Vulkan library and ICD loader support as their newest port.
21538 This new graphics/vulkan-loader port provides the generic Vulkan library and ICD support that is the common code for Vulkan implementations on the system. This doesn't enable any Vulkan hardware drivers or provide something new not available elsewhere, but is rare seeing Vulkan work among the BSDs. There is also in ports the related components like the SPIR-V headers and tools, glsllang, and the Vulkan tools and validation layers.
21539 This is of limited usefulness, at least for the time being considering OpenBSD like the other BSDs lag behind in their DRM kernel driver support that is ported over from the mainline Linux kernel tree but generally years behind the kernel upstream. Particularly with Vulkan, newer kernel releases are needed for some Vulkan features as well as achieving decent performance. The Vulkan drivers of relevance are the open-source Intel ANV Vulkan driver and Radeon RADV drivers, both of which are in Mesa though we haven't seen any testing results to know how well they would work if at all currently on OpenBSD, but they're at least in Mesa and obviously open-source.
21540 + A note: The BSDs are no longer that far behind.
21541 + FreeBSD 12.0 uses DRM from Linux 4.16 (April 2018), and the drm-devel port is based on Linux 5.0 (March 2019)
21542 + OpenBSD -current as of April 2019 uses DRM from Linux 4.19.34
21543 News Roundup
21544 Bad utmp implementations in glibc and freebsd (https://davmac.wordpress.com/2019/05/04/bad-utmp-implementations-in-glibc-and-freebsd/)
21545 I recently released another version – 0.5.0 – of Dinit, the service manager / init system. There were a number of minor improvements, including to the build system (just running “make” or “gmake” should be enough on any of the systems which have a pre-defined configuration, no need to edit mconfig by hand), but the main features of the release were S6-compatible readiness notification, and support for updating the utmp database.
21546 In other words, utmp is a record of who is currently logged in to the system (another file, “wtmp”, records all logins and logouts, as well as, potentially, certain system events such as reboots and time updates). This is a hint at the main motivation for having utmp support in Dinit – I wanted the “who” command to correctly report current logins (and I wanted boot time to be correctly recorded in the wtmp file).
21547 I wondered: If the files consist of fixed-sized records, and are readable by regular users, how is consistency maintained? That is – how can a process ensure that, when it updates the database, it doesn’t conflict with another process also attempting to update the database at the same time? Similarly, how can a process reading an entry from the database be sure that it receives a consistent, full record and not a record which has been partially updated? (after all, POSIX allows that a write(2) call can return without having written all the requested bytes, and I’m not aware of Linux or any of the *BSDs documenting that this cannot happen for regular files). Clearly, some kind of locking is needed; a process that wants to write to or read from the database locks it first, performs its operation, and then unlocks the database. Once again, this happens under the hood, in the implementation of the getutent/pututline functions or their equivalents.
21548 Then I wondered: if a user process is able to lock the utmp file, and this prevents updates, what’s to stop a user process from manually acquiring and then holding such a lock for a long – even practically infinite – duration? This would prevent the database from being updated, and would perhaps even prevent logins/logouts from completing. Unfortunately, the answer is – nothing; and yes, it is possible on different systems to prevent the database from being correctly updated or even to prevent all other users – including root – from logging in to the system.
21549 + A good find
21550 + On FreeBSD, even though write(2) can be asynchronous, once the write syscall returns, the data is in the buffer cache (or ARC), and any future read(2) will see that new data even if it has not yet been written to disk.
21551 OpenSSH gets an update to protect against Side Channel attacks (https://securityboulevard.com/2019/06/openssh-code-gets-an-update-to-protect-against-side-channel-attacks/)
21552 Last week, Damien Miller, a Google security researcher, and one of the popular OpenSSH and OpenBSD developers announced an update to the existing OpenSSH code that can help protect against the side-channel attacks that leak sensitive data from computer’s memory. This protection, Miller says, will protect the private keys residing in the RAM against Spectre, Meltdown, Rowhammer, and the latest RAMBleed attack.
21553 SSH private keys can be used by malicious threat actors to connect to remote servers without the need of a password. According to CSO, “The approach used by OpenSSH could be copied by other software projects to protect their own keys and secrets in memory”.
21554 However, if the attacker is successful in extracting the data from a computer or server’s RAM, they will only obtain an encrypted version of an SSH private key, rather than the cleartext version.
21555 In an email to OpenBSD, Miller writes, “this change encrypts private keys when they are not in use with a symmetric key that is derived from a relatively large ‘prekey’ consisting of random data (currently 16KB).”
21556 ZFS vs OpenZFS (https://www.ixsystems.com/blog/zfs-vs-openzfs/)
21557 You’ve probably heard us say a mix of “ZFS” and “OpenZFS” and an explanation is long-overdue.
21558 From its inception, “ZFS” has referred to the “Zettabyte File System” developed at Sun Microsystems and published under the CDDL Open Source license in 2005 as part of the OpenSolaris operating system. ZFS was revolutionary for completely decoupling the file system from specialized storage hardware and even a specific computer platform. The portable nature and advanced features of ZFS led FreeBSD, Linux, and even Apple developers to start porting ZFS to their operating systems and by 2008, FreeBSD shipped with ZFS in the 7.0 release. For the first time, ZFS empowered users of any budget with enterprise-class scalability and data integrity and management features like checksumming, compression and snapshotting, and those features remain unrivaled at any price to this day. On any ZFS platform, administrators use the zpool and zfs utilities to configure and manage their storage devices and file systems respectively. Both commands employ a user-friendly syntax such as‘zfs create mypool/mydataset’ and I welcome you to watch the appropriately-titled webinar “Why we love ZFS & you should too” or try a completely-graphical ZFS experience with FreeNAS.
21559 Oracle has steadily continued to develop its own proprietary branch of ZFS and Matt Ahrens points out that over 50% of the original OpenSolaris ZFS code has been replaced in OpenZFS with community contributions. This means that there are, sadly, two politically and technologically-incompatible branches of “ZFS” but fortunately, OpenZFS is orders of magnitude more popular thanks to its open nature. The two projects should be referred to as “Oracle ZFS” and “OpenZFS” to distinguish them as development efforts, but the user still types the ‘zfs’ command, which on FreeBSD relies on the ‘zfs.ko’ kernel module. My impression is that the terms of the CDDL license under which the OpenZFS branch of ZFS is published protects its users from any patent and trademark risks. Hopefully, this all helps you distinguish the OpenZFS project from the ZFS technology.
21560 + There was further discussion of how the ZFSOnLinux repo will become the OpenZFS repo in the future once it also contains the bits to build on FreeBSD as well during the June 25th ZFS Leadership Meeting. The videos for all of the meetings are available here (https://www.youtube.com/channel/UC0IK6Y4Go2KtRueHDiQcxow)
21561 Beastie Bits
21562 How to safely and portably close a file descriptor in a multithreaded process without running into problems with EINTR (https://twitter.com/cperciva/status/1141852451756105729?s=03)
21563 KnoxBug Meetup June 27th at 6pm (http://knoxbug.org/2019-06-27)
21564 BSD Pizza Night, June 27th at 7pm, Flying Pie Pizzeria, 3 Monroe Pkwy, Ste S, Lake Oswego, OR (https://www.flying-pie.com/locations/lake-oswego/)
21565 Difference between $x and ${x} (https://moopost.blogspot.com/2019/06/difference-between-x-and-x.html)
21566 Beware of Software Engineering Media Sites (https://www.nemil.com/on-software-engineering/beware-engineering-media.html)
21567 How Verizon and a BGP optimizer knocked large parts of the internet offline today (https://blog.cloudflare.com/how-verizon-and-a-bgp-optimizer-knocked-large-parts-of-the-internet-offline-today/)
21568 DragonflyBSD - MDS mitigation added a while ago (http://lists.dragonflybsd.org/pipermail/commits/2019-May/718899.html)
21569 Reminder: Register for EuroBSDcon 2019 in Lillehammer, Norway (https://eurobsdcon.org)
21570 Feedback/Questions
21571 Dave - CheriBSD (http://dpaste.com/38233JC)
21572 Neb - Hello from Norway (http://dpaste.com/0B8XKXT#wrap)
21573 Lars - Ansible tutorial? (http://dpaste.com/3N85SHR)
21574 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
21575 ***
21576 <video controls preload="metadata" style=" width:426px; height:240px;">
21577 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0304.mp4" type="video/mp4">
21578 Your browser does not support the HTML5 video tag.
21579 </video>
21580 </description>
21581 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, vm, drm, hammer2, vulkan, openssh, zfs, openzfs,</itunes:keywords>
21582 <content:encoded>
21583 <![CDATA[<p>DragonflyBSD 5.6 is out, OpenBSD Vulkan Support, bad utmp implementations in glibc and FreeBSD, OpenSSH protects itself against Side Channel attacks, ZFS vs OpenZFS, and more.</p>
21584
21585 <h2>Headlines</h2>
21586
21587 <h3><a href="https://www.dragonflybsd.org/release56" rel="nofollow">DragonflyBSD 5.6 is out</a></h3>
21588
21589 <ul>
21590 <li>Version 5.6.0 released 17 June 2019</li>
21591 <li><p><a href="https://www.dragonflydigest.com/2019/06/19/23091.html" rel="nofollow">Version 5.6.1 released 19 June 2019</a></p></li>
21592 <li><p>Big-ticket items</p></li>
21593 <li><p>Improved VM</p>
21594
21595 <ul>
21596 <li>Informal test results showing the changes from 5.4 to 5.6 are available.</li>
21597 <li>Reduce stalls in the kernel vm_page_alloc() code (vm_page_list_find()).</li>
21598 <li>Improve page allocation algorithm to avoid re-iterating the same queues as the search is widened.</li>
21599 <li>Add a vm_page_hash*() API that allows the kernel to do heuristical lockless lookups of VM pages.</li>
21600 <li>Change vm_hold() and vm_unhold() semantics to not require any spin-locks.</li>
21601 <li>Change vm_page_wakeup() to not require any spin-locks.</li>
21602 <li>Change wiring vm_page's no longer manipulates the queue the page is on, saving a lot of overhead. Instead, the page will be removed from its queue only if the pageout demon encounters it. This allows pages to enter and leave the buffer cache quickly.</li>
21603 <li>Refactor the handling of fictitious pages.</li>
21604 <li>Remove m->md.pv_list entirely. VM pages in mappings no longer allocate pv_entry's, saving an enormous amount of memory when multiple processes utilize large shared memory maps (e.g. postgres database cache).</li>
21605 <li>Refactor vm_object shadowing, disconnecting the backing linkages from the vm_object itself and instead organizing the linkages in a new structure called vm_map_backing which hangs off the vm_map_entry.</li>
21606 <li>pmap operations now iterate vm_map_backing structures (rather than spin-locked page lists based on the vm_page and pv_entry's), and will test/match operations against the PTE found in the pmap at the requisite location. This doubles VM fault performance on shared pages and reduces the locking overhead for fault and pmap operations.</li>
21607 <li>Simplify the collapse code, removing most of the original code and replacing it with simpler per-vm_map_entry optimizations to limit the shadow depth.</li>
21608 </ul></li>
21609 <li><p>DRM</p>
21610
21611 <ul>
21612 <li>Major updates to the radeon and ttm (amd support code) drivers. We have not quite gotten the AMD support up to the more modern cards or Ryzen APUs yet, however.</li>
21613 <li>Improve UEFI framebuffer support.</li>
21614 <li>A major deadlock has been fixed in the radeon/ttm code.</li>
21615 <li>Refactor the startup delay designed to avoid conflicts between the i915 driver initialization and X startup.</li>
21616 <li>Add DRM_IOCTL_GET_PCIINFO to improve mesa/libdrm support.</li>
21617 <li>Fix excessive wired memory build-ups.</li>
21618 <li>Fix Linux/DragonFly PAGE_MASK confusion in the DRM code.</li>
21619 <li>Fix idr_*() API bugs.</li>
21620 </ul></li>
21621 <li><p>HAMMER2</p>
21622
21623 <ul>
21624 <li>The filesystem sync code has been rewritten to significantly improve performance.</li>
21625 <li>Sequential write performance also improved.</li>
21626 <li>Add simple dependency tracking to prevent directory/file splits during create/rename/remove operations, for better consistency after a crash.</li>
21627 <li>Refactor the snapshot code to reduce flush latency and to ensure a consistent snapshot.</li>
21628 <li>Attempt to pipeline the flush code against the frontend, improving flush vs frontend write concurrency.</li>
21629 <li>Improve umount operation.</li>
21630 <li>Fix an allocator race that could lead to corruption.</li>
21631 <li>Numerous other bugs fixed.</li>
21632 <li>Improve verbosity of CHECK (CRC error) console messages.</li>
21633 </ul></li>
21634 </ul>
21635
21636 <hr>
21637
21638 <h3><a href="https://www.phoronix.com/scan.php?page=news_item&px=OpenBSD-Vulkan-Support" rel="nofollow">OpenBSD Vulkan Support</a></h3>
21639
21640 <blockquote>
21641 <p>Somewhat surprisingly, OpenBSD has added the Vulkan library and ICD loader support as their newest port. <br>
21642 This new graphics/vulkan-loader port provides the generic Vulkan library and ICD support that is the common code for Vulkan implementations on the system. This doesn't enable any Vulkan hardware drivers or provide something new not available elsewhere, but is rare seeing Vulkan work among the BSDs. There is also in ports the related components like the SPIR-V headers and tools, glsllang, and the Vulkan tools and validation layers. <br>
21643 This is of limited usefulness, at least for the time being considering OpenBSD like the other BSDs lag behind in their DRM kernel driver support that is ported over from the mainline Linux kernel tree but generally years behind the kernel upstream. Particularly with Vulkan, newer kernel releases are needed for some Vulkan features as well as achieving decent performance. The Vulkan drivers of relevance are the open-source Intel ANV Vulkan driver and Radeon RADV drivers, both of which are in Mesa though we haven't seen any testing results to know how well they would work if at all currently on OpenBSD, but they're at least in Mesa and obviously open-source. </p>
21644
21645 <ul>
21646 <li>A note: The BSDs are no longer that far behind.</li>
21647 <li>FreeBSD 12.0 uses DRM from Linux 4.16 (April 2018), and the drm-devel port is based on Linux 5.0 (March 2019)</li>
21648 <li>OpenBSD -current as of April 2019 uses DRM from Linux 4.19.34
21649 ***</li>
21650 </ul>
21651 </blockquote>
21652
21653 <h2>News Roundup</h2>
21654
21655 <h3><a href="https://davmac.wordpress.com/2019/05/04/bad-utmp-implementations-in-glibc-and-freebsd/" rel="nofollow">Bad utmp implementations in glibc and freebsd</a></h3>
21656
21657 <blockquote>
21658 <p>I recently released another version – 0.5.0 – of Dinit, the service manager / init system. There were a number of minor improvements, including to the build system (just running “make” or “gmake” should be enough on any of the systems which have a pre-defined configuration, no need to edit mconfig by hand), but the main features of the release were S6-compatible readiness notification, and support for updating the utmp database.<br>
21659 In other words, utmp is a record of who is currently logged in to the system (another file, “wtmp”, records all logins and logouts, as well as, potentially, certain system events such as reboots and time updates). This is a hint at the main motivation for having utmp support in Dinit – I wanted the “who” command to correctly report current logins (and I wanted boot time to be correctly recorded in the wtmp file).<br>
21660 I wondered: If the files consist of fixed-sized records, and are readable by regular users, how is consistency maintained? That is – how can a process ensure that, when it updates the database, it doesn’t conflict with another process also attempting to update the database at the same time? Similarly, how can a process reading an entry from the database be sure that it receives a consistent, full record and not a record which has been partially updated? (after all, POSIX allows that a write(2) call can return without having written all the requested bytes, and I’m not aware of Linux or any of the *BSDs documenting that this cannot happen for regular files). Clearly, some kind of locking is needed; a process that wants to write to or read from the database locks it first, performs its operation, and then unlocks the database. Once again, this happens under the hood, in the implementation of the getutent/pututline functions or their equivalents.<br>
21661 Then I wondered: if a user process is able to lock the utmp file, and this prevents updates, what’s to stop a user process from manually acquiring and then holding such a lock for a long – even practically infinite – duration? This would prevent the database from being updated, and would perhaps even prevent logins/logouts from completing. Unfortunately, the answer is – nothing; and yes, it is possible on different systems to prevent the database from being correctly updated or even to prevent all other users – including root – from logging in to the system.</p>
21662
21663 <ul>
21664 <li>A good find</li>
21665 <li>On FreeBSD, even though write(2) can be asynchronous, once the write syscall returns, the data is in the buffer cache (or ARC), and any future read(2) will see that new data even if it has not yet been written to disk.
21666 ***</li>
21667 </ul>
21668 </blockquote>
21669
21670 <h3><a href="https://securityboulevard.com/2019/06/openssh-code-gets-an-update-to-protect-against-side-channel-attacks/" rel="nofollow">OpenSSH gets an update to protect against Side Channel attacks</a></h3>
21671
21672 <blockquote>
21673 <p>Last week, Damien Miller, a Google security researcher, and one of the popular OpenSSH and OpenBSD developers announced an update to the existing OpenSSH code that can help protect against the side-channel attacks that leak sensitive data from computer’s memory. This protection, Miller says, will protect the private keys residing in the RAM against Spectre, Meltdown, Rowhammer, and the latest RAMBleed attack.<br>
21674 SSH private keys can be used by malicious threat actors to connect to remote servers without the need of a password. According to CSO, “The approach used by OpenSSH could be copied by other software projects to protect their own keys and secrets in memory”.<br>
21675 However, if the attacker is successful in extracting the data from a computer or server’s RAM, they will only obtain an encrypted version of an SSH private key, rather than the cleartext version.<br>
21676 In an email to OpenBSD, Miller writes, “this change encrypts private keys when they are not in use with a symmetric key that is derived from a relatively large ‘prekey’ consisting of random data (currently 16KB).”</p>
21677 </blockquote>
21678
21679 <hr>
21680
21681 <h3><a href="https://www.ixsystems.com/blog/zfs-vs-openzfs/" rel="nofollow">ZFS vs OpenZFS</a></h3>
21682
21683 <blockquote>
21684 <p>You’ve probably heard us say a mix of “ZFS” and “OpenZFS” and an explanation is long-overdue. <br>
21685 From its inception, “ZFS” has referred to the “Zettabyte File System” developed at Sun Microsystems and published under the CDDL Open Source license in 2005 as part of the OpenSolaris operating system. ZFS was revolutionary for completely decoupling the file system from specialized storage hardware and even a specific computer platform. The portable nature and advanced features of ZFS led FreeBSD, Linux, and even Apple developers to start porting ZFS to their operating systems and by 2008, FreeBSD shipped with ZFS in the 7.0 release. For the first time, ZFS empowered users of any budget with enterprise-class scalability and data integrity and management features like checksumming, compression and snapshotting, and those features remain unrivaled at any price to this day. On any ZFS platform, administrators use the zpool and zfs utilities to configure and manage their storage devices and file systems respectively. Both commands employ a user-friendly syntax such as‘zfs create mypool/mydataset’ and I welcome you to watch the appropriately-titled webinar “Why we love ZFS & you should too” or try a completely-graphical ZFS experience with FreeNAS.<br>
21686 Oracle has steadily continued to develop its own proprietary branch of ZFS and Matt Ahrens points out that over 50% of the original OpenSolaris ZFS code has been replaced in OpenZFS with community contributions. This means that there are, sadly, two politically and technologically-incompatible branches of “ZFS” but fortunately, OpenZFS is orders of magnitude more popular thanks to its open nature. The two projects should be referred to as “Oracle ZFS” and “OpenZFS” to distinguish them as development efforts, but the user still types the ‘zfs’ command, which on FreeBSD relies on the ‘zfs.ko’ kernel module. My impression is that the terms of the CDDL license under which the OpenZFS branch of ZFS is published protects its users from any patent and trademark risks. Hopefully, this all helps you distinguish the OpenZFS project from the ZFS technology.</p>
21687
21688 <ul>
21689 <li>There was further discussion of how the ZFSOnLinux repo will become the OpenZFS repo in the future once it also contains the bits to build on FreeBSD as well during the June 25th ZFS Leadership Meeting. The videos for all of the meetings are available <a href="https://www.youtube.com/channel/UC0IK6Y4Go2KtRueHDiQcxow" rel="nofollow">here</a>
21690 ***</li>
21691 </ul>
21692 </blockquote>
21693
21694 <h2>Beastie Bits</h2>
21695
21696 <ul>
21697 <li><a href="https://twitter.com/cperciva/status/1141852451756105729?s=03" rel="nofollow">How to safely and portably close a file descriptor in a multithreaded process without running into problems with EINTR</a></li>
21698 <li><a href="http://knoxbug.org/2019-06-27" rel="nofollow">KnoxBug Meetup June 27th at 6pm</a></li>
21699 <li><a href="https://www.flying-pie.com/locations/lake-oswego/" rel="nofollow">BSD Pizza Night, June 27th at 7pm, Flying Pie Pizzeria, 3 Monroe Pkwy, Ste S, Lake Oswego, OR</a></li>
21700 <li><a href="https://moopost.blogspot.com/2019/06/difference-between-x-and-x.html" rel="nofollow">Difference between $x and ${x}</a></li>
21701 <li><a href="https://www.nemil.com/on-software-engineering/beware-engineering-media.html" rel="nofollow">Beware of Software Engineering Media Sites</a></li>
21702 <li><a href="https://blog.cloudflare.com/how-verizon-and-a-bgp-optimizer-knocked-large-parts-of-the-internet-offline-today/" rel="nofollow">How Verizon and a BGP optimizer knocked large parts of the internet offline today</a></li>
21703 <li><a href="http://lists.dragonflybsd.org/pipermail/commits/2019-May/718899.html" rel="nofollow">DragonflyBSD - MDS mitigation added a while ago</a></li>
21704 <li><a href="https://eurobsdcon.org" rel="nofollow">Reminder: Register for EuroBSDcon 2019 in Lillehammer, Norway</a></li>
21705 </ul>
21706
21707 <hr>
21708
21709 <h2>Feedback/Questions</h2>
21710
21711 <ul>
21712 <li>Dave - <a href="http://dpaste.com/38233JC" rel="nofollow">CheriBSD</a></li>
21713 <li>Neb - <a href="http://dpaste.com/0B8XKXT#wrap" rel="nofollow">Hello from Norway</a></li>
21714 <li>Lars - <a href="http://dpaste.com/3N85SHR" rel="nofollow">Ansible tutorial?</a></li>
21715 </ul>
21716
21717 <hr>
21718
21719 <ul>
21720 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a>
21721 ***</li>
21722 </ul>
21723
21724 <video controls preload="metadata" style=" width:426px; height:240px;">
21725 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0304.mp4" type="video/mp4">
21726 Your browser does not support the HTML5 video tag.
21727 </video>]]>
21728 </content:encoded>
21729 <itunes:summary>
21730 <![CDATA[<p>DragonflyBSD 5.6 is out, OpenBSD Vulkan Support, bad utmp implementations in glibc and FreeBSD, OpenSSH protects itself against Side Channel attacks, ZFS vs OpenZFS, and more.</p>
21731
21732 <h2>Headlines</h2>
21733
21734 <h3><a href="https://www.dragonflybsd.org/release56" rel="nofollow">DragonflyBSD 5.6 is out</a></h3>
21735
21736 <ul>
21737 <li>Version 5.6.0 released 17 June 2019</li>
21738 <li><p><a href="https://www.dragonflydigest.com/2019/06/19/23091.html" rel="nofollow">Version 5.6.1 released 19 June 2019</a></p></li>
21739 <li><p>Big-ticket items</p></li>
21740 <li><p>Improved VM</p>
21741
21742 <ul>
21743 <li>Informal test results showing the changes from 5.4 to 5.6 are available.</li>
21744 <li>Reduce stalls in the kernel vm_page_alloc() code (vm_page_list_find()).</li>
21745 <li>Improve page allocation algorithm to avoid re-iterating the same queues as the search is widened.</li>
21746 <li>Add a vm_page_hash*() API that allows the kernel to do heuristical lockless lookups of VM pages.</li>
21747 <li>Change vm_hold() and vm_unhold() semantics to not require any spin-locks.</li>
21748 <li>Change vm_page_wakeup() to not require any spin-locks.</li>
21749 <li>Change wiring vm_page's no longer manipulates the queue the page is on, saving a lot of overhead. Instead, the page will be removed from its queue only if the pageout demon encounters it. This allows pages to enter and leave the buffer cache quickly.</li>
21750 <li>Refactor the handling of fictitious pages.</li>
21751 <li>Remove m->md.pv_list entirely. VM pages in mappings no longer allocate pv_entry's, saving an enormous amount of memory when multiple processes utilize large shared memory maps (e.g. postgres database cache).</li>
21752 <li>Refactor vm_object shadowing, disconnecting the backing linkages from the vm_object itself and instead organizing the linkages in a new structure called vm_map_backing which hangs off the vm_map_entry.</li>
21753 <li>pmap operations now iterate vm_map_backing structures (rather than spin-locked page lists based on the vm_page and pv_entry's), and will test/match operations against the PTE found in the pmap at the requisite location. This doubles VM fault performance on shared pages and reduces the locking overhead for fault and pmap operations.</li>
21754 <li>Simplify the collapse code, removing most of the original code and replacing it with simpler per-vm_map_entry optimizations to limit the shadow depth.</li>
21755 </ul></li>
21756 <li><p>DRM</p>
21757
21758 <ul>
21759 <li>Major updates to the radeon and ttm (amd support code) drivers. We have not quite gotten the AMD support up to the more modern cards or Ryzen APUs yet, however.</li>
21760 <li>Improve UEFI framebuffer support.</li>
21761 <li>A major deadlock has been fixed in the radeon/ttm code.</li>
21762 <li>Refactor the startup delay designed to avoid conflicts between the i915 driver initialization and X startup.</li>
21763 <li>Add DRM_IOCTL_GET_PCIINFO to improve mesa/libdrm support.</li>
21764 <li>Fix excessive wired memory build-ups.</li>
21765 <li>Fix Linux/DragonFly PAGE_MASK confusion in the DRM code.</li>
21766 <li>Fix idr_*() API bugs.</li>
21767 </ul></li>
21768 <li><p>HAMMER2</p>
21769
21770 <ul>
21771 <li>The filesystem sync code has been rewritten to significantly improve performance.</li>
21772 <li>Sequential write performance also improved.</li>
21773 <li>Add simple dependency tracking to prevent directory/file splits during create/rename/remove operations, for better consistency after a crash.</li>
21774 <li>Refactor the snapshot code to reduce flush latency and to ensure a consistent snapshot.</li>
21775 <li>Attempt to pipeline the flush code against the frontend, improving flush vs frontend write concurrency.</li>
21776 <li>Improve umount operation.</li>
21777 <li>Fix an allocator race that could lead to corruption.</li>
21778 <li>Numerous other bugs fixed.</li>
21779 <li>Improve verbosity of CHECK (CRC error) console messages.</li>
21780 </ul></li>
21781 </ul>
21782
21783 <hr>
21784
21785 <h3><a href="https://www.phoronix.com/scan.php?page=news_item&px=OpenBSD-Vulkan-Support" rel="nofollow">OpenBSD Vulkan Support</a></h3>
21786
21787 <blockquote>
21788 <p>Somewhat surprisingly, OpenBSD has added the Vulkan library and ICD loader support as their newest port. <br>
21789 This new graphics/vulkan-loader port provides the generic Vulkan library and ICD support that is the common code for Vulkan implementations on the system. This doesn't enable any Vulkan hardware drivers or provide something new not available elsewhere, but is rare seeing Vulkan work among the BSDs. There is also in ports the related components like the SPIR-V headers and tools, glsllang, and the Vulkan tools and validation layers. <br>
21790 This is of limited usefulness, at least for the time being considering OpenBSD like the other BSDs lag behind in their DRM kernel driver support that is ported over from the mainline Linux kernel tree but generally years behind the kernel upstream. Particularly with Vulkan, newer kernel releases are needed for some Vulkan features as well as achieving decent performance. The Vulkan drivers of relevance are the open-source Intel ANV Vulkan driver and Radeon RADV drivers, both of which are in Mesa though we haven't seen any testing results to know how well they would work if at all currently on OpenBSD, but they're at least in Mesa and obviously open-source. </p>
21791
21792 <ul>
21793 <li>A note: The BSDs are no longer that far behind.</li>
21794 <li>FreeBSD 12.0 uses DRM from Linux 4.16 (April 2018), and the drm-devel port is based on Linux 5.0 (March 2019)</li>
21795 <li>OpenBSD -current as of April 2019 uses DRM from Linux 4.19.34
21796 ***</li>
21797 </ul>
21798 </blockquote>
21799
21800 <h2>News Roundup</h2>
21801
21802 <h3><a href="https://davmac.wordpress.com/2019/05/04/bad-utmp-implementations-in-glibc-and-freebsd/" rel="nofollow">Bad utmp implementations in glibc and freebsd</a></h3>
21803
21804 <blockquote>
21805 <p>I recently released another version – 0.5.0 – of Dinit, the service manager / init system. There were a number of minor improvements, including to the build system (just running “make” or “gmake” should be enough on any of the systems which have a pre-defined configuration, no need to edit mconfig by hand), but the main features of the release were S6-compatible readiness notification, and support for updating the utmp database.<br>
21806 In other words, utmp is a record of who is currently logged in to the system (another file, “wtmp”, records all logins and logouts, as well as, potentially, certain system events such as reboots and time updates). This is a hint at the main motivation for having utmp support in Dinit – I wanted the “who” command to correctly report current logins (and I wanted boot time to be correctly recorded in the wtmp file).<br>
21807 I wondered: If the files consist of fixed-sized records, and are readable by regular users, how is consistency maintained? That is – how can a process ensure that, when it updates the database, it doesn’t conflict with another process also attempting to update the database at the same time? Similarly, how can a process reading an entry from the database be sure that it receives a consistent, full record and not a record which has been partially updated? (after all, POSIX allows that a write(2) call can return without having written all the requested bytes, and I’m not aware of Linux or any of the *BSDs documenting that this cannot happen for regular files). Clearly, some kind of locking is needed; a process that wants to write to or read from the database locks it first, performs its operation, and then unlocks the database. Once again, this happens under the hood, in the implementation of the getutent/pututline functions or their equivalents.<br>
21808 Then I wondered: if a user process is able to lock the utmp file, and this prevents updates, what’s to stop a user process from manually acquiring and then holding such a lock for a long – even practically infinite – duration? This would prevent the database from being updated, and would perhaps even prevent logins/logouts from completing. Unfortunately, the answer is – nothing; and yes, it is possible on different systems to prevent the database from being correctly updated or even to prevent all other users – including root – from logging in to the system.</p>
21809
21810 <ul>
21811 <li>A good find</li>
21812 <li>On FreeBSD, even though write(2) can be asynchronous, once the write syscall returns, the data is in the buffer cache (or ARC), and any future read(2) will see that new data even if it has not yet been written to disk.
21813 ***</li>
21814 </ul>
21815 </blockquote>
21816
21817 <h3><a href="https://securityboulevard.com/2019/06/openssh-code-gets-an-update-to-protect-against-side-channel-attacks/" rel="nofollow">OpenSSH gets an update to protect against Side Channel attacks</a></h3>
21818
21819 <blockquote>
21820 <p>Last week, Damien Miller, a Google security researcher, and one of the popular OpenSSH and OpenBSD developers announced an update to the existing OpenSSH code that can help protect against the side-channel attacks that leak sensitive data from computer’s memory. This protection, Miller says, will protect the private keys residing in the RAM against Spectre, Meltdown, Rowhammer, and the latest RAMBleed attack.<br>
21821 SSH private keys can be used by malicious threat actors to connect to remote servers without the need of a password. According to CSO, “The approach used by OpenSSH could be copied by other software projects to protect their own keys and secrets in memory”.<br>
21822 However, if the attacker is successful in extracting the data from a computer or server’s RAM, they will only obtain an encrypted version of an SSH private key, rather than the cleartext version.<br>
21823 In an email to OpenBSD, Miller writes, “this change encrypts private keys when they are not in use with a symmetric key that is derived from a relatively large ‘prekey’ consisting of random data (currently 16KB).”</p>
21824 </blockquote>
21825
21826 <hr>
21827
21828 <h3><a href="https://www.ixsystems.com/blog/zfs-vs-openzfs/" rel="nofollow">ZFS vs OpenZFS</a></h3>
21829
21830 <blockquote>
21831 <p>You’ve probably heard us say a mix of “ZFS” and “OpenZFS” and an explanation is long-overdue. <br>
21832 From its inception, “ZFS” has referred to the “Zettabyte File System” developed at Sun Microsystems and published under the CDDL Open Source license in 2005 as part of the OpenSolaris operating system. ZFS was revolutionary for completely decoupling the file system from specialized storage hardware and even a specific computer platform. The portable nature and advanced features of ZFS led FreeBSD, Linux, and even Apple developers to start porting ZFS to their operating systems and by 2008, FreeBSD shipped with ZFS in the 7.0 release. For the first time, ZFS empowered users of any budget with enterprise-class scalability and data integrity and management features like checksumming, compression and snapshotting, and those features remain unrivaled at any price to this day. On any ZFS platform, administrators use the zpool and zfs utilities to configure and manage their storage devices and file systems respectively. Both commands employ a user-friendly syntax such as‘zfs create mypool/mydataset’ and I welcome you to watch the appropriately-titled webinar “Why we love ZFS & you should too” or try a completely-graphical ZFS experience with FreeNAS.<br>
21833 Oracle has steadily continued to develop its own proprietary branch of ZFS and Matt Ahrens points out that over 50% of the original OpenSolaris ZFS code has been replaced in OpenZFS with community contributions. This means that there are, sadly, two politically and technologically-incompatible branches of “ZFS” but fortunately, OpenZFS is orders of magnitude more popular thanks to its open nature. The two projects should be referred to as “Oracle ZFS” and “OpenZFS” to distinguish them as development efforts, but the user still types the ‘zfs’ command, which on FreeBSD relies on the ‘zfs.ko’ kernel module. My impression is that the terms of the CDDL license under which the OpenZFS branch of ZFS is published protects its users from any patent and trademark risks. Hopefully, this all helps you distinguish the OpenZFS project from the ZFS technology.</p>
21834
21835 <ul>
21836 <li>There was further discussion of how the ZFSOnLinux repo will become the OpenZFS repo in the future once it also contains the bits to build on FreeBSD as well during the June 25th ZFS Leadership Meeting. The videos for all of the meetings are available <a href="https://www.youtube.com/channel/UC0IK6Y4Go2KtRueHDiQcxow" rel="nofollow">here</a>
21837 ***</li>
21838 </ul>
21839 </blockquote>
21840
21841 <h2>Beastie Bits</h2>
21842
21843 <ul>
21844 <li><a href="https://twitter.com/cperciva/status/1141852451756105729?s=03" rel="nofollow">How to safely and portably close a file descriptor in a multithreaded process without running into problems with EINTR</a></li>
21845 <li><a href="http://knoxbug.org/2019-06-27" rel="nofollow">KnoxBug Meetup June 27th at 6pm</a></li>
21846 <li><a href="https://www.flying-pie.com/locations/lake-oswego/" rel="nofollow">BSD Pizza Night, June 27th at 7pm, Flying Pie Pizzeria, 3 Monroe Pkwy, Ste S, Lake Oswego, OR</a></li>
21847 <li><a href="https://moopost.blogspot.com/2019/06/difference-between-x-and-x.html" rel="nofollow">Difference between $x and ${x}</a></li>
21848 <li><a href="https://www.nemil.com/on-software-engineering/beware-engineering-media.html" rel="nofollow">Beware of Software Engineering Media Sites</a></li>
21849 <li><a href="https://blog.cloudflare.com/how-verizon-and-a-bgp-optimizer-knocked-large-parts-of-the-internet-offline-today/" rel="nofollow">How Verizon and a BGP optimizer knocked large parts of the internet offline today</a></li>
21850 <li><a href="http://lists.dragonflybsd.org/pipermail/commits/2019-May/718899.html" rel="nofollow">DragonflyBSD - MDS mitigation added a while ago</a></li>
21851 <li><a href="https://eurobsdcon.org" rel="nofollow">Reminder: Register for EuroBSDcon 2019 in Lillehammer, Norway</a></li>
21852 </ul>
21853
21854 <hr>
21855
21856 <h2>Feedback/Questions</h2>
21857
21858 <ul>
21859 <li>Dave - <a href="http://dpaste.com/38233JC" rel="nofollow">CheriBSD</a></li>
21860 <li>Neb - <a href="http://dpaste.com/0B8XKXT#wrap" rel="nofollow">Hello from Norway</a></li>
21861 <li>Lars - <a href="http://dpaste.com/3N85SHR" rel="nofollow">Ansible tutorial?</a></li>
21862 </ul>
21863
21864 <hr>
21865
21866 <ul>
21867 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a>
21868 ***</li>
21869 </ul>
21870
21871 <video controls preload="metadata" style=" width:426px; height:240px;">
21872 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0304.mp4" type="video/mp4">
21873 Your browser does not support the HTML5 video tag.
21874 </video>]]>
21875 </itunes:summary>
21876 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+Hm0xKzyo</fireside:playerURL>
21877 <fireside:playerEmbedCode>
21878 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+Hm0xKzyo" width="740" height="200" frameborder="0" scrolling="no">]]>
21879 </fireside:playerEmbedCode>
21880 </item>
21881 <item>
21882 <title>303: OpenZFS in Ports</title>
21883 <link>https://www.bsdnow.tv/303</link>
21884 <guid isPermaLink="false">1ed8b630-10c4-44f6-9a48-2ffcb4a8b6fe</guid>
21885 <pubDate>Wed, 19 Jun 2019 19:30:00 -0700</pubDate>
21886 <author>Allan Jude</author>
21887 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/1ed8b630-10c4-44f6-9a48-2ffcb4a8b6fe.mp3" length="37840062" type="audio/mp3"/>
21888 <itunes:episodeType>full</itunes:episodeType>
21889 <itunes:author>Allan Jude</itunes:author>
21890 <itunes:subtitle>OpenZFS-kmod port available, using blacklistd with NPF as fail2ban replacement, ZFS raidz expansion alpha preview 1, audio VU-meter increases CO2 footprint rant, XSAVE and compat32 kernel work for LLDB, where icons for modern X applications come from, and more.</itunes:subtitle>
21891 <itunes:duration>52:33</itunes:duration>
21892 <itunes:explicit>no</itunes:explicit>
21893 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
21894 <description>OpenZFS-kmod port available, using blacklistd with NPF as fail2ban replacement, ZFS raidz expansion alpha preview 1, audio VU-meter increases CO2 footprint rant, XSAVE and compat32 kernel work for LLDB, where icons for modern X applications come from, and more.
21895 Headlines
21896 ZFSonFreeBSD ports renamed OpenZFS (https://www.freshports.org/sysutils/openzfs-kmod)
21897 The ZFS on FreeBSD project has renamed the userland and kernel ports from zol and zol-kmod to openzfs and openzfs-kmod
21898 The new versions from this week are IOCTL compatible with the command line tools in FreeBSD 12.0, so you can use the old userland with the new kernel module (although obviously not the new features)
21899 With the renaming it is easier to specify which kernel module you want to load in /boot/loader.conf:
21900 > zfs_load=”YES”
21901 or
21902 > openzfs_load=”YES”
21903 To load traditional or the newer version of ZFS
21904 The kmod still requires FreeBSD 12-stable or 13-current because it depends on the newer crypto support in the kernel for the ZFS native encryption feature. Allan is looking at ways to work around this, but it may not be practical.
21905 We would like to do an unofficial poll on how people would the userland to co-exist. Add a suffix to the new commands in /usr/local (zfs.new zpool.new or whatever). One idea i’ve had is to move the zfs and zpool commands to /libexec and make /sbin/zfs and /sbin/zpool a switcher script, that will call the base or ports version based on a config file (or just based on if the port is installed)
21906 For testing purposes, generally you should be fine as long as you don’t run ‘zpool upgrade’, which will make your pool only importable using the newer ZFS.
21907 For extra safety, you can create a ‘zpool checkpoint’, which will allow you to undo any changes that are made to the pool during your testing with the new openzfs tools. Note: the checkpoint will undo EVERYTHING. So don’t save new data you want to keep.
21908 Note: Checkpoints disable all freeing operations, to prevent any data from being overwritten so that you can re-import at the checkpoint and undo any operation (including zfs destroy-ing a dataset), so also be careful you don’t run out of space during testing.
21909 Please test and provide feedback.
21910 How to use blacklistd(8) with NPF as a fail2ban replacement (https://www.unitedbsd.com/d/63-how-to-use-blacklistd8-with-npf-as-a-fail2ban-replacement)
21911 About blacklistd(8)
21912 blacklistd(8) provides an API that can be used by network daemons to communicate with a packet filter via a daemon to enforce opening and closing ports dynamically based on policy.
21913 The interface to the packet filter is in /libexec/blacklistd-helper (this is currently designed for npf) and the configuration file (inspired from inetd.conf) is in etc/blacklistd.conf
21914 Now, blacklistd(8) will require bpfjit(4) (Just-In-Time compiler for Berkeley Packet Filter) in order to properly work, in addition to, naturally, npf(7) as frontend and syslogd(8), as a backend to print diagnostic messages. Also remember npf shall rely on the npflog* virtual network interface to provide logging for tcpdump() to use.
21915 Unfortunately (dont' ask me why :P) in 8.1 all the required kernel components are still not compiled by default in the GENERIC kernel (though they are in HEAD), and are rather provided as modules. Enabling NPF and blacklistd services would normally result in them being automatically loaded as root, but predictably on securelevel=1 this is not going to happen
21916 News Roundup
21917 [WIP] raidz expansion, alpha preview 1 (https://github.com/zfsonlinux/zfs/pull/8853)
21918 Motivation and Context
21919 > This is a alpha-quality preview of RAID-Z expansion. This feature allows disks to be added one at a time to a RAID-Z group, expanding its capacity incrementally. This feature is especially useful for small pools (typically with only one RAID-Z group), where there isn't sufficient hardware to add capacity by adding a whole new RAID-Z group (typically doubling the number of disks).
21920 > For additional context as well as a design overview, see my short talk from the 2017 OpenZFS Developer Summit: slides video
21921 Rant: running audio VU-meter increases my CO2 footprint (https://medium.com/@MartinCracauer/bug-rant-running-audio-vu-meter-increases-my-co2-footprint-871d5c1bee5a)
21922 A couple months ago I noticed that the monitor on my workstation never power off anymore. Screensaver would go on, but DPMs (to do the poweroff) never kicked in.
21923 I grovels the output of various tools that display DPMS settings, which as usual in Xorg were useless. Everybody said DPMS is on with a timeout. I even wrote my own C program to use every available Xlib API call and even the xscreensaver library calls. (should make it available) No go, everybody says that DPMs is on, enabled and set on a timeout. Didn’t matter whether I let xscreeensaver do the job or just the X11 server.
21924 After a while I noticed that DPMS actually worked between starting my X11 server and starting all my clients. I have a minimal .xinitrc and start the actual session from a script, that is how I could notice. If I used a regular desktop login I wouldn’t have noticed. A server state bug was much more likely than a client bug.
21925 + See the article for the rest...
21926 XSAVE and compat32 kernel work for LLDB (http://blog.netbsd.org/tnf/entry/xsave_and_compat32_kernel_work)
21927 Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.
21928 In February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support and lately extending NetBSD's ptrace interface to cover more register types. You can read more about that in my Apr 2019 report.
21929 In May, I was primarily continuing the work on new ptrace interface. Besides that, I've found and fixed a bug in ptrace() compat32 code, pushed LLVM buildbot to ‘green’ status and found some upstream LLVM regressions. More below.
21930 Some things about where icons for modern X applications come from (https://utcc.utoronto.ca/~cks/space/blog/unix/ModernXAppIcons)
21931 If you have a traditional window manager like fvwm, one of the things it can do is iconify X windows so that they turn into icons on the root window (which would often be called the 'desktop'). Even modern desktop environments that don't iconify programs to the root window (or their desktop) may have per-program icons for running programs in their dock or taskbar. If your window manager or desktop environment can do this, you might reasonably wonder where those icons come from by default.
21932 Although I don't know how it was done in the early days of X, the modern standard for this is part of the Extended Window Manager Hints. In EWMH, applications give the window manager a number of possible icons, generally in different sizes, as ARGB bitmaps (instead of, say, SVG format). The window manager or desktop environment can then pick whichever icon size it likes best, taking into account things like the display resolution and so on, and display it however it wants to (in its original size or scaled up or down).
21933 How this is communicated in specific is through the only good interprocess communication method that X supplies, namely X properties. In the specific case of icons, the NETWMICON property is what is used, and xprop can display the size information and an ASCII art summary of what each icon looks like. It's also possible to use some additional magic to read out the raw data from _NETWM_ICON in a useful format; see, for example, this Stackoverflow question and its answers.
21934 Beastie Bits
21935 Recent Security Innovations (http://undeadly.org/cgi?action=article;sid=20190605110020)
21936 Old Unix books + Solaris (https://imgur.com/a/HbSYtQI)
21937 Pro-Desktop - A Tiling Desktop Environment (https://bitcannon.net/post/pro-desktop/)
21938 The Tar Pipe (https://blog.extracheese.org/2010/05/the-tar-pipe.html)
21939 At least one vim trick you might not know (https://www.hillelwayne.com/post/intermediate-vim/)
21940 Feedback/Questions
21941 Johnny - listener feedback (http://dpaste.com/0ZQCQ8Y#wrap)
21942 Brian - Questions (http://dpaste.com/1843RNX#wrap)
21943 Mark - ZFS Question (http://dpaste.com/3M83X9G#wrap)
21944 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
21945 <video controls preload="metadata" style=" width:426px; height:240px;">
21946 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0303.mp4" type="video/mp4">
21947 Your browser does not support the HTML5 video tag.
21948 </video>
21949 </description>
21950 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, zfs, openzfs, blacklistd, raidz, xsave, compat32, awesomewm, vim, npf, </itunes:keywords>
21951 <content:encoded>
21952 <![CDATA[<p>OpenZFS-kmod port available, using blacklistd with NPF as fail2ban replacement, ZFS raidz expansion alpha preview 1, audio VU-meter increases CO2 footprint rant, XSAVE and compat32 kernel work for LLDB, where icons for modern X applications come from, and more.</p>
21953
21954 <h2>Headlines</h2>
21955
21956 <h3><a href="https://www.freshports.org/sysutils/openzfs-kmod" rel="nofollow">ZFSonFreeBSD ports renamed OpenZFS</a></h3>
21957
21958 <ul>
21959 <li>The ZFS on FreeBSD project has renamed the userland and kernel ports from zol and zol-kmod to openzfs and openzfs-kmod</li>
21960 <li>The new versions from this week are IOCTL compatible with the command line tools in FreeBSD 12.0, so you can use the old userland with the new kernel module (although obviously not the new features)</li>
21961 <li>With the renaming it is easier to specify which kernel module you want to load in /boot/loader.conf:
21962 > zfs_load=”YES”</li>
21963 <li>or
21964 > openzfs_load=”YES”</li>
21965 <li>To load traditional or the newer version of ZFS</li>
21966 <li>The kmod still requires FreeBSD 12-stable or 13-current because it depends on the newer crypto support in the kernel for the ZFS native encryption feature. Allan is looking at ways to work around this, but it may not be practical.</li>
21967 <li>We would like to do an unofficial poll on how people would the userland to co-exist. Add a suffix to the new commands in /usr/local (zfs.new zpool.new or whatever). One idea i’ve had is to move the zfs and zpool commands to /libexec and make /sbin/zfs and /sbin/zpool a switcher script, that will call the base or ports version based on a config file (or just based on if the port is installed)</li>
21968 <li>For testing purposes, generally you should be fine as long as you don’t run ‘zpool upgrade’, which will make your pool only importable using the newer ZFS.</li>
21969 <li>For extra safety, you can create a ‘zpool checkpoint’, which will allow you to undo any changes that are made to the pool during your testing with the new openzfs tools. Note: the checkpoint will undo EVERYTHING. So don’t save new data you want to keep.</li>
21970 <li>Note: Checkpoints disable all freeing operations, to prevent any data from being overwritten so that you can re-import at the checkpoint and undo any operation (including zfs destroy-ing a dataset), so also be careful you don’t run out of space during testing.</li>
21971 <li>Please test and provide feedback.</li>
21972 </ul>
21973
21974 <hr>
21975
21976 <h3><a href="https://www.unitedbsd.com/d/63-how-to-use-blacklistd8-with-npf-as-a-fail2ban-replacement" rel="nofollow">How to use blacklistd(8) with NPF as a fail2ban replacement</a></h3>
21977
21978 <ul>
21979 <li>About blacklistd(8)</li>
21980 </ul>
21981
21982 <blockquote>
21983 <p>blacklistd(8) provides an API that can be used by network daemons to communicate with a packet filter via a daemon to enforce opening and closing ports dynamically based on policy.<br>
21984 The interface to the packet filter is in /libexec/blacklistd-helper (this is currently designed for npf) and the configuration file (inspired from inetd.conf) is in etc/blacklistd.conf<br>
21985 Now, blacklistd(8) will require bpfjit(4) (Just-In-Time compiler for Berkeley Packet Filter) in order to properly work, in addition to, naturally, npf(7) as frontend and syslogd(8), as a backend to print diagnostic messages. Also remember npf shall rely on the npflog* virtual network interface to provide logging for tcpdump() to use. <br>
21986 Unfortunately (dont' ask me why :P) in 8.1 all the required kernel components are still not compiled by default in the GENERIC kernel (though they are in HEAD), and are rather provided as modules. Enabling NPF and blacklistd services would normally result in them being automatically loaded as root, but predictably on securelevel=1 this is not going to happen</p>
21987 </blockquote>
21988
21989 <hr>
21990
21991 <h2>News Roundup</h2>
21992
21993 <h3><a href="https://github.com/zfsonlinux/zfs/pull/8853" rel="nofollow">[WIP] raidz expansion, alpha preview 1</a></h3>
21994
21995 <ul>
21996 <li>Motivation and Context
21997 > This is a alpha-quality preview of RAID-Z expansion. This feature allows disks to be added one at a time to a RAID-Z group, expanding its capacity incrementally. This feature is especially useful for small pools (typically with only one RAID-Z group), where there isn't sufficient hardware to add capacity by adding a whole new RAID-Z group (typically doubling the number of disks).
21998 > For additional context as well as a design overview, see my short talk from the 2017 OpenZFS Developer Summit: slides video</li>
21999 </ul>
22000
22001 <hr>
22002
22003 <h3><a href="https://medium.com/@MartinCracauer/bug-rant-running-audio-vu-meter-increases-my-co2-footprint-871d5c1bee5a" rel="nofollow">Rant: running audio VU-meter increases my CO2 footprint</a></h3>
22004
22005 <blockquote>
22006 <p>A couple months ago I noticed that the monitor on my workstation never power off anymore. Screensaver would go on, but DPMs (to do the poweroff) never kicked in.<br>
22007 I grovels the output of various tools that display DPMS settings, which as usual in Xorg were useless. Everybody said DPMS is on with a timeout. I even wrote my own C program to use every available Xlib API call and even the xscreensaver library calls. (should make it available) No go, everybody says that DPMs is on, enabled and set on a timeout. Didn’t matter whether I let xscreeensaver do the job or just the X11 server.<br>
22008 After a while I noticed that DPMS actually worked between starting my X11 server and starting all my clients. I have a minimal .xinitrc and start the actual session from a script, that is how I could notice. If I used a regular desktop login I wouldn’t have noticed. A server state bug was much more likely than a client bug.</p>
22009
22010 <ul>
22011 <li>See the article for the rest...</li>
22012 </ul>
22013 </blockquote>
22014
22015 <hr>
22016
22017 <h3><a href="http://blog.netbsd.org/tnf/entry/xsave_and_compat32_kernel_work" rel="nofollow">XSAVE and compat32 kernel work for LLDB</a></h3>
22018
22019 <blockquote>
22020 <p>Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.<br>
22021 In February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support and lately extending NetBSD's ptrace interface to cover more register types. You can read more about that in my Apr 2019 report.<br>
22022 In May, I was primarily continuing the work on new ptrace interface. Besides that, I've found and fixed a bug in ptrace() compat32 code, pushed LLVM buildbot to ‘green’ status and found some upstream LLVM regressions. More below.</p>
22023 </blockquote>
22024
22025 <hr>
22026
22027 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/unix/ModernXAppIcons" rel="nofollow">Some things about where icons for modern X applications come from</a></h3>
22028
22029 <blockquote>
22030 <p>If you have a traditional window manager like fvwm, one of the things it can do is iconify X windows so that they turn into icons on the root window (which would often be called the 'desktop'). Even modern desktop environments that don't iconify programs to the root window (or their desktop) may have per-program icons for running programs in their dock or taskbar. If your window manager or desktop environment can do this, you might reasonably wonder where those icons come from by default.<br>
22031 Although I don't know how it was done in the early days of X, the modern standard for this is part of the Extended Window Manager Hints. In EWMH, applications give the window manager a number of possible icons, generally in different sizes, as ARGB bitmaps (instead of, say, SVG format). The window manager or desktop environment can then pick whichever icon size it likes best, taking into account things like the display resolution and so on, and display it however it wants to (in its original size or scaled up or down).<br>
22032 How this is communicated in specific is through the only good interprocess communication method that X supplies, namely X properties. In the specific case of icons, the _NET_WM_ICON property is what is used, and xprop can display the size information and an ASCII art summary of what each icon looks like. It's also possible to use some additional magic to read out the raw data from _NET_WM_ICON in a useful format; see, for example, this Stackoverflow question and its answers.</p>
22033 </blockquote>
22034
22035 <hr>
22036
22037 <h2>Beastie Bits</h2>
22038
22039 <ul>
22040 <li><a href="http://undeadly.org/cgi?action=article;sid=20190605110020" rel="nofollow">Recent Security Innovations</a></li>
22041 <li><a href="https://imgur.com/a/HbSYtQI" rel="nofollow">Old Unix books + Solaris</a></li>
22042 <li><a href="https://bitcannon.net/post/pro-desktop/" rel="nofollow">Pro-Desktop - A Tiling Desktop Environment</a></li>
22043 <li><a href="https://blog.extracheese.org/2010/05/the-tar-pipe.html" rel="nofollow">The Tar Pipe</a></li>
22044 <li><a href="https://www.hillelwayne.com/post/intermediate-vim/" rel="nofollow">At least one vim trick you might not know</a></li>
22045 </ul>
22046
22047 <hr>
22048
22049 <h2>Feedback/Questions</h2>
22050
22051 <ul>
22052 <li>Johnny - <a href="http://dpaste.com/0ZQCQ8Y#wrap" rel="nofollow">listener feedback</a></li>
22053 <li>Brian - <a href="http://dpaste.com/1843RNX#wrap" rel="nofollow">Questions</a></li>
22054 <li>Mark - <a href="http://dpaste.com/3M83X9G#wrap" rel="nofollow">ZFS Question</a></li>
22055 </ul>
22056
22057 <hr>
22058
22059 <ul>
22060 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
22061 </ul>
22062
22063 <hr>
22064
22065 <video controls preload="metadata" style=" width:426px; height:240px;">
22066 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0303.mp4" type="video/mp4">
22067 Your browser does not support the HTML5 video tag.
22068 </video>]]>
22069 </content:encoded>
22070 <itunes:summary>
22071 <![CDATA[<p>OpenZFS-kmod port available, using blacklistd with NPF as fail2ban replacement, ZFS raidz expansion alpha preview 1, audio VU-meter increases CO2 footprint rant, XSAVE and compat32 kernel work for LLDB, where icons for modern X applications come from, and more.</p>
22072
22073 <h2>Headlines</h2>
22074
22075 <h3><a href="https://www.freshports.org/sysutils/openzfs-kmod" rel="nofollow">ZFSonFreeBSD ports renamed OpenZFS</a></h3>
22076
22077 <ul>
22078 <li>The ZFS on FreeBSD project has renamed the userland and kernel ports from zol and zol-kmod to openzfs and openzfs-kmod</li>
22079 <li>The new versions from this week are IOCTL compatible with the command line tools in FreeBSD 12.0, so you can use the old userland with the new kernel module (although obviously not the new features)</li>
22080 <li>With the renaming it is easier to specify which kernel module you want to load in /boot/loader.conf:
22081 > zfs_load=”YES”</li>
22082 <li>or
22083 > openzfs_load=”YES”</li>
22084 <li>To load traditional or the newer version of ZFS</li>
22085 <li>The kmod still requires FreeBSD 12-stable or 13-current because it depends on the newer crypto support in the kernel for the ZFS native encryption feature. Allan is looking at ways to work around this, but it may not be practical.</li>
22086 <li>We would like to do an unofficial poll on how people would the userland to co-exist. Add a suffix to the new commands in /usr/local (zfs.new zpool.new or whatever). One idea i’ve had is to move the zfs and zpool commands to /libexec and make /sbin/zfs and /sbin/zpool a switcher script, that will call the base or ports version based on a config file (or just based on if the port is installed)</li>
22087 <li>For testing purposes, generally you should be fine as long as you don’t run ‘zpool upgrade’, which will make your pool only importable using the newer ZFS.</li>
22088 <li>For extra safety, you can create a ‘zpool checkpoint’, which will allow you to undo any changes that are made to the pool during your testing with the new openzfs tools. Note: the checkpoint will undo EVERYTHING. So don’t save new data you want to keep.</li>
22089 <li>Note: Checkpoints disable all freeing operations, to prevent any data from being overwritten so that you can re-import at the checkpoint and undo any operation (including zfs destroy-ing a dataset), so also be careful you don’t run out of space during testing.</li>
22090 <li>Please test and provide feedback.</li>
22091 </ul>
22092
22093 <hr>
22094
22095 <h3><a href="https://www.unitedbsd.com/d/63-how-to-use-blacklistd8-with-npf-as-a-fail2ban-replacement" rel="nofollow">How to use blacklistd(8) with NPF as a fail2ban replacement</a></h3>
22096
22097 <ul>
22098 <li>About blacklistd(8)</li>
22099 </ul>
22100
22101 <blockquote>
22102 <p>blacklistd(8) provides an API that can be used by network daemons to communicate with a packet filter via a daemon to enforce opening and closing ports dynamically based on policy.<br>
22103 The interface to the packet filter is in /libexec/blacklistd-helper (this is currently designed for npf) and the configuration file (inspired from inetd.conf) is in etc/blacklistd.conf<br>
22104 Now, blacklistd(8) will require bpfjit(4) (Just-In-Time compiler for Berkeley Packet Filter) in order to properly work, in addition to, naturally, npf(7) as frontend and syslogd(8), as a backend to print diagnostic messages. Also remember npf shall rely on the npflog* virtual network interface to provide logging for tcpdump() to use. <br>
22105 Unfortunately (dont' ask me why :P) in 8.1 all the required kernel components are still not compiled by default in the GENERIC kernel (though they are in HEAD), and are rather provided as modules. Enabling NPF and blacklistd services would normally result in them being automatically loaded as root, but predictably on securelevel=1 this is not going to happen</p>
22106 </blockquote>
22107
22108 <hr>
22109
22110 <h2>News Roundup</h2>
22111
22112 <h3><a href="https://github.com/zfsonlinux/zfs/pull/8853" rel="nofollow">[WIP] raidz expansion, alpha preview 1</a></h3>
22113
22114 <ul>
22115 <li>Motivation and Context
22116 > This is a alpha-quality preview of RAID-Z expansion. This feature allows disks to be added one at a time to a RAID-Z group, expanding its capacity incrementally. This feature is especially useful for small pools (typically with only one RAID-Z group), where there isn't sufficient hardware to add capacity by adding a whole new RAID-Z group (typically doubling the number of disks).
22117 > For additional context as well as a design overview, see my short talk from the 2017 OpenZFS Developer Summit: slides video</li>
22118 </ul>
22119
22120 <hr>
22121
22122 <h3><a href="https://medium.com/@MartinCracauer/bug-rant-running-audio-vu-meter-increases-my-co2-footprint-871d5c1bee5a" rel="nofollow">Rant: running audio VU-meter increases my CO2 footprint</a></h3>
22123
22124 <blockquote>
22125 <p>A couple months ago I noticed that the monitor on my workstation never power off anymore. Screensaver would go on, but DPMs (to do the poweroff) never kicked in.<br>
22126 I grovels the output of various tools that display DPMS settings, which as usual in Xorg were useless. Everybody said DPMS is on with a timeout. I even wrote my own C program to use every available Xlib API call and even the xscreensaver library calls. (should make it available) No go, everybody says that DPMs is on, enabled and set on a timeout. Didn’t matter whether I let xscreeensaver do the job or just the X11 server.<br>
22127 After a while I noticed that DPMS actually worked between starting my X11 server and starting all my clients. I have a minimal .xinitrc and start the actual session from a script, that is how I could notice. If I used a regular desktop login I wouldn’t have noticed. A server state bug was much more likely than a client bug.</p>
22128
22129 <ul>
22130 <li>See the article for the rest...</li>
22131 </ul>
22132 </blockquote>
22133
22134 <hr>
22135
22136 <h3><a href="http://blog.netbsd.org/tnf/entry/xsave_and_compat32_kernel_work" rel="nofollow">XSAVE and compat32 kernel work for LLDB</a></h3>
22137
22138 <blockquote>
22139 <p>Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.<br>
22140 In February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support and lately extending NetBSD's ptrace interface to cover more register types. You can read more about that in my Apr 2019 report.<br>
22141 In May, I was primarily continuing the work on new ptrace interface. Besides that, I've found and fixed a bug in ptrace() compat32 code, pushed LLVM buildbot to ‘green’ status and found some upstream LLVM regressions. More below.</p>
22142 </blockquote>
22143
22144 <hr>
22145
22146 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/unix/ModernXAppIcons" rel="nofollow">Some things about where icons for modern X applications come from</a></h3>
22147
22148 <blockquote>
22149 <p>If you have a traditional window manager like fvwm, one of the things it can do is iconify X windows so that they turn into icons on the root window (which would often be called the 'desktop'). Even modern desktop environments that don't iconify programs to the root window (or their desktop) may have per-program icons for running programs in their dock or taskbar. If your window manager or desktop environment can do this, you might reasonably wonder where those icons come from by default.<br>
22150 Although I don't know how it was done in the early days of X, the modern standard for this is part of the Extended Window Manager Hints. In EWMH, applications give the window manager a number of possible icons, generally in different sizes, as ARGB bitmaps (instead of, say, SVG format). The window manager or desktop environment can then pick whichever icon size it likes best, taking into account things like the display resolution and so on, and display it however it wants to (in its original size or scaled up or down).<br>
22151 How this is communicated in specific is through the only good interprocess communication method that X supplies, namely X properties. In the specific case of icons, the _NET_WM_ICON property is what is used, and xprop can display the size information and an ASCII art summary of what each icon looks like. It's also possible to use some additional magic to read out the raw data from _NET_WM_ICON in a useful format; see, for example, this Stackoverflow question and its answers.</p>
22152 </blockquote>
22153
22154 <hr>
22155
22156 <h2>Beastie Bits</h2>
22157
22158 <ul>
22159 <li><a href="http://undeadly.org/cgi?action=article;sid=20190605110020" rel="nofollow">Recent Security Innovations</a></li>
22160 <li><a href="https://imgur.com/a/HbSYtQI" rel="nofollow">Old Unix books + Solaris</a></li>
22161 <li><a href="https://bitcannon.net/post/pro-desktop/" rel="nofollow">Pro-Desktop - A Tiling Desktop Environment</a></li>
22162 <li><a href="https://blog.extracheese.org/2010/05/the-tar-pipe.html" rel="nofollow">The Tar Pipe</a></li>
22163 <li><a href="https://www.hillelwayne.com/post/intermediate-vim/" rel="nofollow">At least one vim trick you might not know</a></li>
22164 </ul>
22165
22166 <hr>
22167
22168 <h2>Feedback/Questions</h2>
22169
22170 <ul>
22171 <li>Johnny - <a href="http://dpaste.com/0ZQCQ8Y#wrap" rel="nofollow">listener feedback</a></li>
22172 <li>Brian - <a href="http://dpaste.com/1843RNX#wrap" rel="nofollow">Questions</a></li>
22173 <li>Mark - <a href="http://dpaste.com/3M83X9G#wrap" rel="nofollow">ZFS Question</a></li>
22174 </ul>
22175
22176 <hr>
22177
22178 <ul>
22179 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></li>
22180 </ul>
22181
22182 <hr>
22183
22184 <video controls preload="metadata" style=" width:426px; height:240px;">
22185 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0303.mp4" type="video/mp4">
22186 Your browser does not support the HTML5 video tag.
22187 </video>]]>
22188 </itunes:summary>
22189 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+y0gaq6ep</fireside:playerURL>
22190 <fireside:playerEmbedCode>
22191 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+y0gaq6ep" width="740" height="200" frameborder="0" scrolling="no">]]>
22192 </fireside:playerEmbedCode>
22193 </item>
22194 <item>
22195 <title>302: Contention Reduction</title>
22196 <link>https://www.bsdnow.tv/302</link>
22197 <guid isPermaLink="false">42938801-0d4a-4cf9-a297-c1eeddac85dc</guid>
22198 <pubDate>Wed, 12 Jun 2019 20:00:00 -0700</pubDate>
22199 <author>Allan Jude</author>
22200 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/42938801-0d4a-4cf9-a297-c1eeddac85dc.mp3" length="50043425" type="audio/mp3"/>
22201 <itunes:episodeType>full</itunes:episodeType>
22202 <itunes:author>Allan Jude</itunes:author>
22203 <itunes:subtitle>DragonFlyBSD's kernel optimizations pay off, differences between OpenBSD and Linux, NetBSD 2019 Google Summer of Code project list, Reducing that contention, fnaify 1.3 released, vmctl(8): CLI syntax changes, and things that Linux distributions should not do when packaging.</itunes:subtitle>
22204 <itunes:duration>1:09:30</itunes:duration>
22205 <itunes:explicit>no</itunes:explicit>
22206 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
22207 <description>DragonFlyBSD's kernel optimizations pay off, differences between OpenBSD and Linux, NetBSD 2019 Google Summer of Code project list, Reducing that contention, fnaify 1.3 released, vmctl(8): CLI syntax changes, and things that Linux distributions should not do when packaging.
22208 Headlines
22209 DragonFlyBSD's Kernel Optimizations Are Paying Off (https://www.phoronix.com/scan.php?page=article&item=dragonfly-55-threadripper&num=1)
22210 DragonFlyBSD lead developer Matthew Dillon has been working on a big VM rework in the name of performance and other kernel improvements recently. Here is a look at how those DragonFlyBSD 5.5-DEVELOPMENT improvements are paying off compared to DragonFlyBSD 5.4 as well as FreeBSD 12 and five Linux distribution releases. With Dillon using an AMD Ryzen Threadripper system, we used that too for this round of BSD vs. Linux performance benchmarks.
22211 The work by Dillon on the VM overhaul and other changes (including more HAMMER2 file-system work) will ultimately culminate with the DragonFlyBSD 5.6 release (well, unless he opts for DragonFlyBSD 6.0 or so). These are benchmarks of the latest DragonFlyBSD 5.5-DEVELOPMENT daily ISO as of this week benchmarked across DragonFlyBSD 5.4.3 stable, FreeBSD 12.0, Ubuntu 19.04, Red Hat Enterprise Linux 8.0, Debian 9.9, Debian Buster, and CentOS 7 1810 as a wide variety of reference points both from newer and older Linux distributions. (As for no Clear Linux reference point for a speedy reference point, it currently has a regression with AMD + Samsung NVMe SSD support on some hardware, including this box, prohibiting the drive from coming up due to a presumed power management issue that is still being resolved.)
22212 With Matthew Dillon doing much of his development on an AMD Ryzen Threadripper system after he last year proclaimed the greatness of these AMD HEDT CPUs, for this round of testing I also used a Ryzen Threadripper 2990WX with 32 cores / 64 threads. Tests of other AMD/Intel hardware with DragonFlyBSD will come as the next stable release is near and all of the kernel work has settled down. For now it's mostly entertaining our own curiosity how well these DragonFlyBSD optimizations are paying off and how it's increasing the competition against FreeBSD 12 and Linux distributions.
22213 What are the differences between OpenBSD and Linux? (https://cfenollosa.com/blog/what-are-the-differences-between-openbsd-and-linux.html)
22214 Maybe you have been reading recently about the release of OpenBSD 6.5 and wonder, "What are the differences between Linux and OpenBSD?"
22215 I've also been there at some point in the past and these are my conclusions.
22216 They also apply, to some extent, to other BSDs. However, an important disclaimer applies to this article.
22217 This list is aimed at people who are used to Linux and are curious about OpenBSD. It is written to highlight the most important changes from their perspective, not the absolute most important changes from a technical standpoint.
22218 Please bear with me.
22219 A terminal is a terminal is a terminal
22220 Practical differences
22221 Security and system administration
22222 Why philosophical differences matter
22223 So what do I choose?
22224 How to try OpenBSD
22225 ***
22226 News Roundup
22227 NetBSD 2019 Google Summer of Code (http://blog.netbsd.org/tnf/entry/announcing_google_summer_of_code1)
22228 We are very happy to announce The NetBSD Foundation Google Summer of Code 2019 projects:
22229 Akul Abhilash Pillai - Adapting TriforceAFL for NetBSD kernel fuzzing
22230 Manikishan Ghantasala - Add KNF (NetBSD style) clang-format configuration
22231 Siddharth Muralee - Enhancing Syzkaller support for NetBSD
22232 Surya P - Implementation of COMPATLINUX and COMPATNETBSD32 DRM ioctls support for NetBSD kernel
22233 Jason High - Incorporation of Argon2 Password Hashing Algorithm into NetBSD
22234 Saurav Prakash - Porting NetBSD to HummingBoard Pulse
22235 Naveen Narayanan - Porting WINE to amd64 architecture on NetBSD
22236 The communiting bonding period - where students get in touch with mentors and community - started yesterday. The coding period will start from May 27 until August 19.
22237 Please welcome all our students and a big good luck to students and mentors! A big thank to Google and The NetBSD Foundation organization mentors and administrators! Looking forward to a great Google Summer of Code!
22238 Reducing that contention (http://www.grenadille.net/post/2019/05/09/Reducing-that-contention)
22239 The opening keynote at EuroBSDCon 2016 predicted the future 10 years of BSDs. Amongst all the funny previsions, gnn@FreeBSD said that by 2026 OpenBSD will have its first implementation of SMP. Almost 3 years after this talk, that sounds like a plausible forecast... Why? Where are we? What can we do? Let's dive into the issue!
22240 State of affairs
22241 Most of OpenBSD's kernel still runs under a single lock, ze KERNEL_LOCK(). That includes most of the syscalls, most of the interrupt handlers and most of the fault handlers. Most of them, not all of them. Meaning we have collected & fixed bugs while setting up infrastructures and examples. Now this lock remains the principal responsible for the spin % you can observe in top(1) and systat(1).
22242 I believe that we opted for a difficult hike when we decided to start removing this lock from the bottom. As a result many SCSI & Network interrupt handlers as well as all Audio & USB ones can be executed without big lock. On the other hand very few syscalls are already or almost ready to be unlocked, as we incorrectly say. This explains why basic primitives like tsleep(9), csignal() and selwakeup() are only receiving attention now that the top of the Network Stack is running (mostly) without big lock.
22243 Next steps
22244 In the past years, most of our efforts have been invested into the Network Stack. As I already mentioned it should be ready to be parallelized. However think we should now concentrate on removing the KERNEL_LOCK(), even if the code paths aren't performance critical.
22245 See the Article for the rest of the post
22246 fnaify 1.3 released - more games are "fnaify & run" now (https://www.reddit.com/r/openbsd_gaming/comments/btste9/fnaify_13_released_more_games_are_fnaify_run_now/)
22247 This release finally addresses some of the problems that prevent simple running of several games.
22248 This happens for example when an old FNA.dll library comes with the games that doesn't match the API of our native libraries like SDL2, OpenAL, or MojoShader anymore. Some of those cases can be fixed by simply dropping in a newer FNA.dll. fnaify now asks if FNA 17.12 should be automatically added if a known incompatible FNA version is found. You simply answer yes or no.
22249 Another blocker happens when the game expects to check the SteamAPI - either from a running Steam process, or a bundled steam_api library. OpenBSD 6.5-current now has steamworks-nosteam in ports, a stub library for Steamworks.NET that prevents games from crashing simply because an API function isn't found. The repo is here. fnaify now finds this library in /usr/local/share/steamstubs and uses it instead of the bundled (full) Steamworks.NET.dll.
22250 This may help with any games that use this layer to interact with the SteamAPI, mostly those that can only be obtained via Steam.
22251 vmctl(8): command line syntax changed (https://www.openbsd.org/faq/current.html#r20190529)
22252 The order of the arguments in the create, start, and stop commands of vmctl(8) has been changed to match a commonly expected style. Manual usage or scripting with vmctl must be adjusted to use the new syntax.
22253 For example, the old syntax looked like this:
22254 # vmctl create disk.qcow2 -s 50G
22255 The new syntax specifies the command options before the argument:
22256 # vmctl create -s 50G disk.qcow2
22257 Something that Linux distributions should not do when packaging things (https://utcc.utoronto.ca/~cks/space/blog/linux/PackageNameClashProblem)
22258 Right now I am a bit unhappy at Fedora for a specific packaging situation, so let me tell you a little story of what I, as a system administrator, would really like distributions to not do.
22259 For reasons beyond the scope of this blog entry, I run a Prometheus and Grafana setup on both my home and office Fedora Linux machines (among other things, it gives me a place to test out various things involving them). When I set this up, I used the official upstream versions of both, because I needed to match what we are running (or would soon be).
22260 Recently, Fedora decided to package Grafana themselves (as a RPM), and they called this RPM package 'grafana'. Since the two different packages are different versions of the same thing as far as package management tools are concerned, Fedora basically took over the 'grafana' package name from Grafana. This caused my systems to offer to upgrade me from the Grafana.com 'grafana-6.1.5-1' package to the Fedora 'grafana-6.1.6-1.fc29' one, which I actually did after taking reasonable steps to make sure that the Fedora version of 6.1.6 was compatible with the file layouts and so on from the Grafana version of 6.1.5.
22261 Why is this a problem? It's simple. If you're going to take over a package name from the upstream, you should keep up with the upstream releases. If you take over a package name and don't keep up to date or keep up to date only sporadically, you cause all sorts of heartburn for system administrators who use the package. The least annoying future of this situation is that Fedora has abandoned Grafana at 6.1.6 and I am going to 'upgrade' it with the upstream 6.2.1, which will hopefully be a transparent replacement and not blow up in my face. The most annoying future is that Fedora and Grafana keep ping-ponging versions back and forth, which will make 'dnf upgrade' into a minefield (because it will frequently try to give me a 'grafana' upgrade that I don't want and that would be dangerous to accept). And of course this situation turns Fedora version upgrades into their own minefield, since now I risk an upgrade to Fedora 30 actually reverting the 'grafana' package version on me.
22262 Beastie Bits
22263 [talk] ZFS v UFS on APU2 msata SSD with FreeBSD (http://lists.nycbug.org:8080/pipermail/talk/2019-May/017885.html)
22264 NetBSD 8.1 is out (http://www.netbsd.org/releases/formal-8/NetBSD-8.1.html)
22265 lazyboi – the laziest possible way to send raw HTTP POST data (https://github.com/ctsrc/lazyboi)
22266 A Keyboard layout that changes by markov frequency (https://github.com/shapr/markovkeyboard)
22267 Open Source Game Clones (https://osgameclones.com/)
22268 EuroBSDcon program & registration open (https://eurobsdcon.org)
22269 ***
22270 Feedback/Questions
22271 John - A segment idea (http://dpaste.com/3YTBQTX#wrap)
22272 Johnny - Audio only format please don't (http://dpaste.com/3WD0A25#wrap)
22273 Alex - Thanks and some Linux Snaps vs PBI feedback (http://dpaste.com/1RQF4QM#wrap)
22274 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
22275 ***
22276 <video controls preload="metadata" style=" width:426px; height:240px;">
22277 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0302.mp4" type="video/mp4">
22278 Your browser does not support the HTML5 video tag.
22279 </video>
22280 </description>
22281 <content:encoded>
22282 <![CDATA[<p>DragonFlyBSD's kernel optimizations pay off, differences between OpenBSD and Linux, NetBSD 2019 Google Summer of Code project list, Reducing that contention, fnaify 1.3 released, vmctl(8): CLI syntax changes, and things that Linux distributions should not do when packaging.</p>
22283
22284 <h2>Headlines</h2>
22285
22286 <h3><a href="https://www.phoronix.com/scan.php?page=article&item=dragonfly-55-threadripper&num=1" rel="nofollow">DragonFlyBSD's Kernel Optimizations Are Paying Off</a></h3>
22287
22288 <blockquote>
22289 <p>DragonFlyBSD lead developer Matthew Dillon has been working on a big VM rework in the name of performance and other kernel improvements recently. Here is a look at how those DragonFlyBSD 5.5-DEVELOPMENT improvements are paying off compared to DragonFlyBSD 5.4 as well as FreeBSD 12 and five Linux distribution releases. With Dillon using an AMD Ryzen Threadripper system, we used that too for this round of BSD vs. Linux performance benchmarks.<br>
22290 The work by Dillon on the VM overhaul and other changes (including more HAMMER2 file-system work) will ultimately culminate with the DragonFlyBSD 5.6 release (well, unless he opts for DragonFlyBSD 6.0 or so). These are benchmarks of the latest DragonFlyBSD 5.5-DEVELOPMENT daily ISO as of this week benchmarked across DragonFlyBSD 5.4.3 stable, FreeBSD 12.0, Ubuntu 19.04, Red Hat Enterprise Linux 8.0, Debian 9.9, Debian Buster, and CentOS 7 1810 as a wide variety of reference points both from newer and older Linux distributions. (As for no Clear Linux reference point for a speedy reference point, it currently has a regression with AMD + Samsung NVMe SSD support on some hardware, including this box, prohibiting the drive from coming up due to a presumed power management issue that is still being resolved.)<br>
22291 With Matthew Dillon doing much of his development on an AMD Ryzen Threadripper system after he last year proclaimed the greatness of these AMD HEDT CPUs, for this round of testing I also used a Ryzen Threadripper 2990WX with 32 cores / 64 threads. Tests of other AMD/Intel hardware with DragonFlyBSD will come as the next stable release is near and all of the kernel work has settled down. For now it's mostly entertaining our own curiosity how well these DragonFlyBSD optimizations are paying off and how it's increasing the competition against FreeBSD 12 and Linux distributions.</p>
22292
22293 <hr>
22294 </blockquote>
22295
22296 <h3><a href="https://cfenollosa.com/blog/what-are-the-differences-between-openbsd-and-linux.html" rel="nofollow">What are the differences between OpenBSD and Linux?</a></h3>
22297
22298 <blockquote>
22299 <p>Maybe you have been reading recently about the release of OpenBSD 6.5 and wonder, "What are the differences between Linux and OpenBSD?"<br>
22300 I've also been there at some point in the past and these are my conclusions.<br>
22301 They also apply, to some extent, to other BSDs. However, an important disclaimer applies to this article.<br>
22302 This list is aimed at people who are used to Linux and are curious about OpenBSD. It is written to highlight the most important changes from their perspective, not the absolute most important changes from a technical standpoint.<br>
22303 Please bear with me.</p>
22304 </blockquote>
22305
22306 <ul>
22307 <li>A terminal is a terminal is a terminal</li>
22308 <li>Practical differences</li>
22309 <li>Security and system administration</li>
22310 <li>Why philosophical differences matter</li>
22311 <li>So what do I choose?</li>
22312 <li>How to try OpenBSD
22313 ***</li>
22314 </ul>
22315
22316 <h2>News Roundup</h2>
22317
22318 <h3><a href="http://blog.netbsd.org/tnf/entry/announcing_google_summer_of_code1" rel="nofollow">NetBSD 2019 Google Summer of Code</a></h3>
22319
22320 <blockquote>
22321 <p>We are very happy to announce The NetBSD Foundation Google Summer of Code 2019 projects:</p>
22322 </blockquote>
22323
22324 <ul>
22325 <li>Akul Abhilash Pillai - Adapting TriforceAFL for NetBSD kernel fuzzing</li>
22326 <li>Manikishan Ghantasala - Add KNF (NetBSD style) clang-format configuration</li>
22327 <li>Siddharth Muralee - Enhancing Syzkaller support for NetBSD</li>
22328 <li>Surya P - Implementation of COMPAT_LINUX and COMPAT_NETBSD32 DRM ioctls support for NetBSD kernel</li>
22329 <li>Jason High - Incorporation of Argon2 Password Hashing Algorithm into NetBSD</li>
22330 <li>Saurav Prakash - Porting NetBSD to HummingBoard Pulse</li>
22331 <li>Naveen Narayanan - Porting WINE to amd64 architecture on NetBSD</li>
22332 </ul>
22333
22334 <blockquote>
22335 <p>The communiting bonding period - where students get in touch with mentors and community - started yesterday. The coding period will start from May 27 until August 19.<br>
22336 Please welcome all our students and a big good luck to students and mentors! A big thank to Google and The NetBSD Foundation organization mentors and administrators! Looking forward to a great Google Summer of Code!</p>
22337 </blockquote>
22338
22339 <hr>
22340
22341 <h3><a href="http://www.grenadille.net/post/2019/05/09/Reducing-that-contention" rel="nofollow">Reducing that contention</a></h3>
22342
22343 <blockquote>
22344 <p>The opening keynote at EuroBSDCon 2016 predicted the future 10 years of BSDs. Amongst all the funny previsions, gnn@FreeBSD said that by 2026 OpenBSD will have its first implementation of SMP. Almost 3 years after this talk, that sounds like a plausible forecast... Why? Where are we? What can we do? Let's dive into the issue!</p>
22345 </blockquote>
22346
22347 <ul>
22348 <li>State of affairs</li>
22349 </ul>
22350
22351 <blockquote>
22352 <p>Most of OpenBSD's kernel still runs under a single lock, ze KERNEL_LOCK(). That includes most of the syscalls, most of the interrupt handlers and most of the fault handlers. Most of them, not all of them. Meaning we have collected & fixed bugs while setting up infrastructures and examples. Now this lock remains the principal responsible for the spin % you can observe in top(1) and systat(1).<br>
22353 I believe that we opted for a difficult hike when we decided to start removing this lock from the bottom. As a result many SCSI & Network interrupt handlers as well as all Audio & USB ones can be executed without big lock. On the other hand very few syscalls are already or almost ready to be unlocked, as we incorrectly say. This explains why basic primitives like tsleep(9), csignal() and selwakeup() are only receiving attention now that the top of the Network Stack is running (mostly) without big lock.</p>
22354 </blockquote>
22355
22356 <ul>
22357 <li>Next steps</li>
22358 </ul>
22359
22360 <blockquote>
22361 <p>In the past years, most of our efforts have been invested into the Network Stack. As I already mentioned it should be ready to be parallelized. However think we should now concentrate on removing the KERNEL_LOCK(), even if the code paths aren't performance critical. </p>
22362 </blockquote>
22363
22364 <ul>
22365 <li>See the Article for the rest of the post</li>
22366 </ul>
22367
22368 <hr>
22369
22370 <h3><a href="https://www.reddit.com/r/openbsd_gaming/comments/btste9/fnaify_13_released_more_games_are_fnaify_run_now/" rel="nofollow">fnaify 1.3 released - more games are "fnaify & run" now</a></h3>
22371
22372 <blockquote>
22373 <p>This release finally addresses some of the problems that prevent simple running of several games.<br>
22374 This happens for example when an old FNA.dll library comes with the games that doesn't match the API of our native libraries like SDL2, OpenAL, or MojoShader anymore. Some of those cases can be fixed by simply dropping in a newer FNA.dll. fnaify now asks if FNA 17.12 should be automatically added if a known incompatible FNA version is found. You simply answer yes or no. </p>
22375
22376 <p>Another blocker happens when the game expects to check the SteamAPI - either from a running Steam process, or a bundled steam_api library. OpenBSD 6.5-current now has steamworks-nosteam in ports, a stub library for Steamworks.NET that prevents games from crashing simply because an API function isn't found. The repo is here. fnaify now finds this library in /usr/local/share/steamstubs and uses it instead of the bundled (full) Steamworks.NET.dll.<br>
22377 This may help with any games that use this layer to interact with the SteamAPI, mostly those that can only be obtained via Steam. </p>
22378 </blockquote>
22379
22380 <h3><a href="https://www.openbsd.org/faq/current.html#r20190529" rel="nofollow">vmctl(8): command line syntax changed</a></h3>
22381
22382 <blockquote>
22383 <p>The order of the arguments in the create, start, and stop commands of vmctl(8) has been changed to match a commonly expected style. Manual usage or scripting with vmctl must be adjusted to use the new syntax. <br>
22384 For example, the old syntax looked like this:</p>
22385 </blockquote>
22386
22387 <p><code># vmctl create disk.qcow2 -s 50G</code></p>
22388
22389 <blockquote>
22390 <p>The new syntax specifies the command options before the argument:</p>
22391 </blockquote>
22392
22393 <p><code># vmctl create -s 50G disk.qcow2</code></p>
22394
22395 <hr>
22396
22397 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/linux/PackageNameClashProblem" rel="nofollow">Something that Linux distributions should not do when packaging things</a></h3>
22398
22399 <blockquote>
22400 <p>Right now I am a bit unhappy at Fedora for a specific packaging situation, so let me tell you a little story of what I, as a system administrator, would really like distributions to not do.<br>
22401 For reasons beyond the scope of this blog entry, I run a Prometheus and Grafana setup on both my home and office Fedora Linux machines (among other things, it gives me a place to test out various things involving them). When I set this up, I used the official upstream versions of both, because I needed to match what we are running (or would soon be).<br>
22402 Recently, Fedora decided to package Grafana themselves (as a RPM), and they called this RPM package 'grafana'. Since the two different packages are different versions of the same thing as far as package management tools are concerned, Fedora basically took over the 'grafana' package name from Grafana. This caused my systems to offer to upgrade me from the Grafana.com 'grafana-6.1.5-1' package to the Fedora 'grafana-6.1.6-1.fc29' one, which I actually did after taking reasonable steps to make sure that the Fedora version of 6.1.6 was compatible with the file layouts and so on from the Grafana version of 6.1.5.<br>
22403 Why is this a problem? It's simple. If you're going to take over a package name from the upstream, you should keep up with the upstream releases. If you take over a package name and don't keep up to date or keep up to date only sporadically, you cause all sorts of heartburn for system administrators who use the package. The least annoying future of this situation is that Fedora has abandoned Grafana at 6.1.6 and I am going to 'upgrade' it with the upstream 6.2.1, which will hopefully be a transparent replacement and not blow up in my face. The most annoying future is that Fedora and Grafana keep ping-ponging versions back and forth, which will make 'dnf upgrade' into a minefield (because it will frequently try to give me a 'grafana' upgrade that I don't want and that would be dangerous to accept). And of course this situation turns Fedora version upgrades into their own minefield, since now I risk an upgrade to Fedora 30 actually reverting the 'grafana' package version on me.</p>
22404
22405 <hr>
22406 </blockquote>
22407
22408 <h2>Beastie Bits</h2>
22409
22410 <ul>
22411 <li><a href="http://lists.nycbug.org:8080/pipermail/talk/2019-May/017885.html" rel="nofollow">[talk] ZFS v UFS on APU2 msata SSD with FreeBSD</a></li>
22412 <li><a href="http://www.netbsd.org/releases/formal-8/NetBSD-8.1.html" rel="nofollow">NetBSD 8.1 is out</a></li>
22413 <li><a href="https://github.com/ctsrc/lazyboi" rel="nofollow">lazyboi – the laziest possible way to send raw HTTP POST data</a></li>
22414 <li><a href="https://github.com/shapr/markovkeyboard" rel="nofollow">A Keyboard layout that changes by markov frequency</a></li>
22415 <li><a href="https://osgameclones.com/" rel="nofollow">Open Source Game Clones</a></li>
22416 <li><a href="https://eurobsdcon.org" rel="nofollow">EuroBSDcon program & registration open</a>
22417 ***</li>
22418 </ul>
22419
22420 <h2>Feedback/Questions</h2>
22421
22422 <ul>
22423 <li>John - <a href="http://dpaste.com/3YTBQTX#wrap" rel="nofollow">A segment idea</a></li>
22424 <li>Johnny - <a href="http://dpaste.com/3WD0A25#wrap" rel="nofollow">Audio only format please don't</a></li>
22425 <li>Alex - <a href="http://dpaste.com/1RQF4QM#wrap" rel="nofollow">Thanks and some Linux Snaps vs PBI feedback</a></li>
22426 </ul>
22427
22428 <hr>
22429
22430 <ul>
22431 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a>
22432 ***</li>
22433 </ul>
22434
22435 <video controls preload="metadata" style=" width:426px; height:240px;">
22436 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0302.mp4" type="video/mp4">
22437 Your browser does not support the HTML5 video tag.
22438 </video>]]>
22439 </content:encoded>
22440 <itunes:summary>
22441 <![CDATA[<p>DragonFlyBSD's kernel optimizations pay off, differences between OpenBSD and Linux, NetBSD 2019 Google Summer of Code project list, Reducing that contention, fnaify 1.3 released, vmctl(8): CLI syntax changes, and things that Linux distributions should not do when packaging.</p>
22442
22443 <h2>Headlines</h2>
22444
22445 <h3><a href="https://www.phoronix.com/scan.php?page=article&item=dragonfly-55-threadripper&num=1" rel="nofollow">DragonFlyBSD's Kernel Optimizations Are Paying Off</a></h3>
22446
22447 <blockquote>
22448 <p>DragonFlyBSD lead developer Matthew Dillon has been working on a big VM rework in the name of performance and other kernel improvements recently. Here is a look at how those DragonFlyBSD 5.5-DEVELOPMENT improvements are paying off compared to DragonFlyBSD 5.4 as well as FreeBSD 12 and five Linux distribution releases. With Dillon using an AMD Ryzen Threadripper system, we used that too for this round of BSD vs. Linux performance benchmarks.<br>
22449 The work by Dillon on the VM overhaul and other changes (including more HAMMER2 file-system work) will ultimately culminate with the DragonFlyBSD 5.6 release (well, unless he opts for DragonFlyBSD 6.0 or so). These are benchmarks of the latest DragonFlyBSD 5.5-DEVELOPMENT daily ISO as of this week benchmarked across DragonFlyBSD 5.4.3 stable, FreeBSD 12.0, Ubuntu 19.04, Red Hat Enterprise Linux 8.0, Debian 9.9, Debian Buster, and CentOS 7 1810 as a wide variety of reference points both from newer and older Linux distributions. (As for no Clear Linux reference point for a speedy reference point, it currently has a regression with AMD + Samsung NVMe SSD support on some hardware, including this box, prohibiting the drive from coming up due to a presumed power management issue that is still being resolved.)<br>
22450 With Matthew Dillon doing much of his development on an AMD Ryzen Threadripper system after he last year proclaimed the greatness of these AMD HEDT CPUs, for this round of testing I also used a Ryzen Threadripper 2990WX with 32 cores / 64 threads. Tests of other AMD/Intel hardware with DragonFlyBSD will come as the next stable release is near and all of the kernel work has settled down. For now it's mostly entertaining our own curiosity how well these DragonFlyBSD optimizations are paying off and how it's increasing the competition against FreeBSD 12 and Linux distributions.</p>
22451
22452 <hr>
22453 </blockquote>
22454
22455 <h3><a href="https://cfenollosa.com/blog/what-are-the-differences-between-openbsd-and-linux.html" rel="nofollow">What are the differences between OpenBSD and Linux?</a></h3>
22456
22457 <blockquote>
22458 <p>Maybe you have been reading recently about the release of OpenBSD 6.5 and wonder, "What are the differences between Linux and OpenBSD?"<br>
22459 I've also been there at some point in the past and these are my conclusions.<br>
22460 They also apply, to some extent, to other BSDs. However, an important disclaimer applies to this article.<br>
22461 This list is aimed at people who are used to Linux and are curious about OpenBSD. It is written to highlight the most important changes from their perspective, not the absolute most important changes from a technical standpoint.<br>
22462 Please bear with me.</p>
22463 </blockquote>
22464
22465 <ul>
22466 <li>A terminal is a terminal is a terminal</li>
22467 <li>Practical differences</li>
22468 <li>Security and system administration</li>
22469 <li>Why philosophical differences matter</li>
22470 <li>So what do I choose?</li>
22471 <li>How to try OpenBSD
22472 ***</li>
22473 </ul>
22474
22475 <h2>News Roundup</h2>
22476
22477 <h3><a href="http://blog.netbsd.org/tnf/entry/announcing_google_summer_of_code1" rel="nofollow">NetBSD 2019 Google Summer of Code</a></h3>
22478
22479 <blockquote>
22480 <p>We are very happy to announce The NetBSD Foundation Google Summer of Code 2019 projects:</p>
22481 </blockquote>
22482
22483 <ul>
22484 <li>Akul Abhilash Pillai - Adapting TriforceAFL for NetBSD kernel fuzzing</li>
22485 <li>Manikishan Ghantasala - Add KNF (NetBSD style) clang-format configuration</li>
22486 <li>Siddharth Muralee - Enhancing Syzkaller support for NetBSD</li>
22487 <li>Surya P - Implementation of COMPAT_LINUX and COMPAT_NETBSD32 DRM ioctls support for NetBSD kernel</li>
22488 <li>Jason High - Incorporation of Argon2 Password Hashing Algorithm into NetBSD</li>
22489 <li>Saurav Prakash - Porting NetBSD to HummingBoard Pulse</li>
22490 <li>Naveen Narayanan - Porting WINE to amd64 architecture on NetBSD</li>
22491 </ul>
22492
22493 <blockquote>
22494 <p>The communiting bonding period - where students get in touch with mentors and community - started yesterday. The coding period will start from May 27 until August 19.<br>
22495 Please welcome all our students and a big good luck to students and mentors! A big thank to Google and The NetBSD Foundation organization mentors and administrators! Looking forward to a great Google Summer of Code!</p>
22496 </blockquote>
22497
22498 <hr>
22499
22500 <h3><a href="http://www.grenadille.net/post/2019/05/09/Reducing-that-contention" rel="nofollow">Reducing that contention</a></h3>
22501
22502 <blockquote>
22503 <p>The opening keynote at EuroBSDCon 2016 predicted the future 10 years of BSDs. Amongst all the funny previsions, gnn@FreeBSD said that by 2026 OpenBSD will have its first implementation of SMP. Almost 3 years after this talk, that sounds like a plausible forecast... Why? Where are we? What can we do? Let's dive into the issue!</p>
22504 </blockquote>
22505
22506 <ul>
22507 <li>State of affairs</li>
22508 </ul>
22509
22510 <blockquote>
22511 <p>Most of OpenBSD's kernel still runs under a single lock, ze KERNEL_LOCK(). That includes most of the syscalls, most of the interrupt handlers and most of the fault handlers. Most of them, not all of them. Meaning we have collected & fixed bugs while setting up infrastructures and examples. Now this lock remains the principal responsible for the spin % you can observe in top(1) and systat(1).<br>
22512 I believe that we opted for a difficult hike when we decided to start removing this lock from the bottom. As a result many SCSI & Network interrupt handlers as well as all Audio & USB ones can be executed without big lock. On the other hand very few syscalls are already or almost ready to be unlocked, as we incorrectly say. This explains why basic primitives like tsleep(9), csignal() and selwakeup() are only receiving attention now that the top of the Network Stack is running (mostly) without big lock.</p>
22513 </blockquote>
22514
22515 <ul>
22516 <li>Next steps</li>
22517 </ul>
22518
22519 <blockquote>
22520 <p>In the past years, most of our efforts have been invested into the Network Stack. As I already mentioned it should be ready to be parallelized. However think we should now concentrate on removing the KERNEL_LOCK(), even if the code paths aren't performance critical. </p>
22521 </blockquote>
22522
22523 <ul>
22524 <li>See the Article for the rest of the post</li>
22525 </ul>
22526
22527 <hr>
22528
22529 <h3><a href="https://www.reddit.com/r/openbsd_gaming/comments/btste9/fnaify_13_released_more_games_are_fnaify_run_now/" rel="nofollow">fnaify 1.3 released - more games are "fnaify & run" now</a></h3>
22530
22531 <blockquote>
22532 <p>This release finally addresses some of the problems that prevent simple running of several games.<br>
22533 This happens for example when an old FNA.dll library comes with the games that doesn't match the API of our native libraries like SDL2, OpenAL, or MojoShader anymore. Some of those cases can be fixed by simply dropping in a newer FNA.dll. fnaify now asks if FNA 17.12 should be automatically added if a known incompatible FNA version is found. You simply answer yes or no. </p>
22534
22535 <p>Another blocker happens when the game expects to check the SteamAPI - either from a running Steam process, or a bundled steam_api library. OpenBSD 6.5-current now has steamworks-nosteam in ports, a stub library for Steamworks.NET that prevents games from crashing simply because an API function isn't found. The repo is here. fnaify now finds this library in /usr/local/share/steamstubs and uses it instead of the bundled (full) Steamworks.NET.dll.<br>
22536 This may help with any games that use this layer to interact with the SteamAPI, mostly those that can only be obtained via Steam. </p>
22537 </blockquote>
22538
22539 <h3><a href="https://www.openbsd.org/faq/current.html#r20190529" rel="nofollow">vmctl(8): command line syntax changed</a></h3>
22540
22541 <blockquote>
22542 <p>The order of the arguments in the create, start, and stop commands of vmctl(8) has been changed to match a commonly expected style. Manual usage or scripting with vmctl must be adjusted to use the new syntax. <br>
22543 For example, the old syntax looked like this:</p>
22544 </blockquote>
22545
22546 <p><code># vmctl create disk.qcow2 -s 50G</code></p>
22547
22548 <blockquote>
22549 <p>The new syntax specifies the command options before the argument:</p>
22550 </blockquote>
22551
22552 <p><code># vmctl create -s 50G disk.qcow2</code></p>
22553
22554 <hr>
22555
22556 <h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/linux/PackageNameClashProblem" rel="nofollow">Something that Linux distributions should not do when packaging things</a></h3>
22557
22558 <blockquote>
22559 <p>Right now I am a bit unhappy at Fedora for a specific packaging situation, so let me tell you a little story of what I, as a system administrator, would really like distributions to not do.<br>
22560 For reasons beyond the scope of this blog entry, I run a Prometheus and Grafana setup on both my home and office Fedora Linux machines (among other things, it gives me a place to test out various things involving them). When I set this up, I used the official upstream versions of both, because I needed to match what we are running (or would soon be).<br>
22561 Recently, Fedora decided to package Grafana themselves (as a RPM), and they called this RPM package 'grafana'. Since the two different packages are different versions of the same thing as far as package management tools are concerned, Fedora basically took over the 'grafana' package name from Grafana. This caused my systems to offer to upgrade me from the Grafana.com 'grafana-6.1.5-1' package to the Fedora 'grafana-6.1.6-1.fc29' one, which I actually did after taking reasonable steps to make sure that the Fedora version of 6.1.6 was compatible with the file layouts and so on from the Grafana version of 6.1.5.<br>
22562 Why is this a problem? It's simple. If you're going to take over a package name from the upstream, you should keep up with the upstream releases. If you take over a package name and don't keep up to date or keep up to date only sporadically, you cause all sorts of heartburn for system administrators who use the package. The least annoying future of this situation is that Fedora has abandoned Grafana at 6.1.6 and I am going to 'upgrade' it with the upstream 6.2.1, which will hopefully be a transparent replacement and not blow up in my face. The most annoying future is that Fedora and Grafana keep ping-ponging versions back and forth, which will make 'dnf upgrade' into a minefield (because it will frequently try to give me a 'grafana' upgrade that I don't want and that would be dangerous to accept). And of course this situation turns Fedora version upgrades into their own minefield, since now I risk an upgrade to Fedora 30 actually reverting the 'grafana' package version on me.</p>
22563
22564 <hr>
22565 </blockquote>
22566
22567 <h2>Beastie Bits</h2>
22568
22569 <ul>
22570 <li><a href="http://lists.nycbug.org:8080/pipermail/talk/2019-May/017885.html" rel="nofollow">[talk] ZFS v UFS on APU2 msata SSD with FreeBSD</a></li>
22571 <li><a href="http://www.netbsd.org/releases/formal-8/NetBSD-8.1.html" rel="nofollow">NetBSD 8.1 is out</a></li>
22572 <li><a href="https://github.com/ctsrc/lazyboi" rel="nofollow">lazyboi – the laziest possible way to send raw HTTP POST data</a></li>
22573 <li><a href="https://github.com/shapr/markovkeyboard" rel="nofollow">A Keyboard layout that changes by markov frequency</a></li>
22574 <li><a href="https://osgameclones.com/" rel="nofollow">Open Source Game Clones</a></li>
22575 <li><a href="https://eurobsdcon.org" rel="nofollow">EuroBSDcon program & registration open</a>
22576 ***</li>
22577 </ul>
22578
22579 <h2>Feedback/Questions</h2>
22580
22581 <ul>
22582 <li>John - <a href="http://dpaste.com/3YTBQTX#wrap" rel="nofollow">A segment idea</a></li>
22583 <li>Johnny - <a href="http://dpaste.com/3WD0A25#wrap" rel="nofollow">Audio only format please don't</a></li>
22584 <li>Alex - <a href="http://dpaste.com/1RQF4QM#wrap" rel="nofollow">Thanks and some Linux Snaps vs PBI feedback</a></li>
22585 </ul>
22586
22587 <hr>
22588
22589 <ul>
22590 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a>
22591 ***</li>
22592 </ul>
22593
22594 <video controls preload="metadata" style=" width:426px; height:240px;">
22595 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0302.mp4" type="video/mp4">
22596 Your browser does not support the HTML5 video tag.
22597 </video>]]>
22598 </itunes:summary>
22599 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+ksMFuwi3</fireside:playerURL>
22600 <fireside:playerEmbedCode>
22601 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+ksMFuwi3" width="740" height="200" frameborder="0" scrolling="no">]]>
22602 </fireside:playerEmbedCode>
22603 </item>
22604 <item>
22605 <title>301: GPU Passthrough</title>
22606 <link>https://www.bsdnow.tv/301</link>
22607 <guid isPermaLink="false">d11a1228-2ac2-4e13-9d11-7a4c5a2dc0c1</guid>
22608 <pubDate>Wed, 05 Jun 2019 20:15:00 -0700</pubDate>
22609 <author>Allan Jude</author>
22610 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/d11a1228-2ac2-4e13-9d11-7a4c5a2dc0c1.mp3" length="32812013" type="audio/mp3"/>
22611 <itunes:episodeType>full</itunes:episodeType>
22612 <itunes:author>Allan Jude</itunes:author>
22613 <itunes:subtitle>GPU passthrough on bhyve, confusion with used/free disk space on ZFS, OmniOS Community Edition, pfSense 2.4.4 Release p3, NetBSD 8.1 RC1, FreeNAS as your Server OS, and more.</itunes:subtitle>
22614 <itunes:duration>45:34</itunes:duration>
22615 <itunes:explicit>no</itunes:explicit>
22616 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
22617 <description>GPU passthrough on bhyve, confusion with used/free disk space on ZFS, OmniOS Community Edition, pfSense 2.4.4 Release p3, NetBSD 8.1 RC1, FreeNAS as your Server OS, and more.
22618 <h2 id="headlines">Headlines</h2>
22619
22620 <h3 id="gpupassthroughreportedworkingonbhyvehttpspassthroughpostgpupassthroughreportedworkingonbhyve"><a href="https://passthroughpo.st/gpu-passthrough-reported-working-on-bhyve/">GPU Passthrough Reported Working on Bhyve</a></h3>
22621
22622 <blockquote>
22623 <p>Normally we cover news focused on KVM and sometimes Xen, but something very special has happened with their younger cousin in the BSD world, Bhyve.
22624 For those that don’t know, Bhyve (pronounced bee-hive) is the native hypervisor in FreeBSD. It has many powerful features, but one that’s been a pain point for some years now is VGA passthrough. Consumer GPUs have not been useable until very recently despite limited success with enterprise cards.
22625 However, Twitter user Michael Yuji found a workaround that enables passing through a consumer card to any *nix system configured to use X11:</p>
22626 </blockquote>
22627
22628 <ul>
22629 <li>https://twitter.com/michael_yuji/status/1127136891365658625</li>
22630 </ul>
22631
22632 <blockquote>
22633 <p>All you have to do is add a line pointing the X server to the Bus ID of the passed card and the VM will boot, with acceleration and everything. He theorizes that this may not be possible on windows because of the way it looks for display devices, but it’s a solid start.
22634 As soon as development surrounding VGA passthrough matures on Bhyve, it will become a very attractive alternative to more common tools like Hyper-V and Qemu, because it makes many powerful features available in the host system like jails, boot environments, BSD networking, and tight ZFS integration. For example, you could potentially run your Router, NAS, preferred workstation OS and any number of other things in one box, and only have to spin up a single VM because of the flexibility afforded by jails over Linux-based containers.
22635 The user who found this workaround also announced they’d be writing it up at some point, so stay tuned for details on the process.
22636 It’s been slow going on Bhyve passthrough development for a while, but this new revelation is encouraging. We’ll be closely monitoring the situation and report on any other happenings.</p>
22637
22638 <hr />
22639 </blockquote>
22640
22641 <h3 id="confusionwithusedfreediskspaceinzfshttpsoshogbovexilliumorgblog65"><a href="https://oshogbo.vexillium.org/blog/65/">Confusion with used/free disk space in ZFS</a></h3>
22642
22643 <blockquote>
22644 <p>I use ZFS extensively. ZFS is my favorite file system. I write articles and give lectures about it. I work with it every day. In traditional file systems we use df(1) to determine free space on partitions. We can also use du(1) to count the size of the files in the directory. But it’s different on ZFS and this is the most confusing thing EVER. I always forget which tool reports what disk space usage! Every time somebody asks me, I need to google it. For this reason I decided to document it here - for myself - because if I can’t remember it at least I will not need to google it, as it will be on my blog, but maybe you will also benefit from this blog post if you have the same problem or you are starting your journey with ZFS.</p>
22645
22646 <p>The understanding of how ZFS is uses space and how to determine which value means what is a crucial thing. I hope thanks to this article I will finally remember it!</p>
22647 </blockquote>
22648
22649 <hr />
22650 <h2 id="newsroundup">News Roundup</h2>
22651
22652 <h3 id="omnioscommunityeditionhttpsomniosceorgarticlerelease030html"><a href="https://omniosce.org/article/release-030.html">OmniOS Community Edition</a></h3>
22653
22654 <blockquote>
22655 <p>The OmniOS Community Edition Association is proud to announce the general availability of OmniOS - r151030.
22656 OmniOS is published according to a 6-month release cycle, r151030 LTS takes over from r151028, published in November 2018; and since it is a LTS release it also takes over from r151022. The r151030 LTS release will be supported for 3 Years. It is the first LTS release published by the OmniOS CE Association since taking over the reins from OmniTI in 2017. The next LTS release is scheduled for May 2021. The old stable r151026 release is now end-of-life. See the release schedule for further details.
22657 This is only a small selection of the new features, and bug fixes in the new release; review the release notes for full details.
22658 If you upgrade from r22 and want to see all new features added since then, make sure to also read the release notes for r24, r26 and r28.
22659 The OmniOS team and the illumos community have been very active in creating new features and improving existing ones over the last 6 months.</p>
22660 </blockquote>
22661
22662 <hr />
22663 <h3 id="pfsense244releasep3isavailablehttpswwwnetgatecomblogpfsense244releasep3nowavailablehtml"><a href="https://www.netgate.com/blog/pfsense-2-4-4-release-p3-now-available.html">pfSense 2.4.4 Release p3 is available</a></h3>
22664
22665 <blockquote>
22666 <p>We are pleased to announce the release of pfSense® software version 2.4.4-p3, now available for new installations and upgrades!
22667 pfSense software version 2.4.4-p3 is a maintenance release, bringing a number of security enhancements as well as a handful of fixes for issues present in the 2.4.4-p2 release.
22668 pfSense 2.4.4-RELEASE-p3 updates and installation images are available now!
22669 To see a complete list of changes and find more detail, see the Release Notes.
22670 We had hoped to bring you this release a few days earlier, but given the announcement last Tuesday of the Intel Microarchitectural Data Sampling (MDS) issue, we did not have sufficient time to fully incorporate those corrections and properly test for release on Thursday. We felt that it was worth delaying for a few days, rather than making multiple releases within a week.</p>
22671 </blockquote>
22672
22673 <ul>
22674 <li>Upgrade Notes</li>
22675 </ul>
22676
22677 <blockquote>
22678 <p>Due to the significant nature of the changes in 2.4.4 and later,
22679 warnings and error messages, particularly from PHP and package updates, are likely to occur during the upgrade process. In nearly all cases these errors are a harmless side effect of the changes between FreeBSD 11.1 and 11.2 and between PHP 5.6 and PHP 7.2.
22680 Always take a backup of the firewall configuration prior to any major change to the firewall, such as an upgrade.
22681 Do not update packages before upgrading pfSense! Either remove all packages or do not update packages before running the upgrade.
22682 The upgrade will take several minutes to complete. The exact time varies based on download speed, hardware speed, and other factors such installed packages. Be patient during the upgrade and allow the firewall enough time to complete the entire process. After the update packages finish downloading it could take 10-20 minutes or more until the upgrade process ends. The firewall may reboot several times during the upgrade process. Monitor the upgrade from the firewall console for the most accurate view.</p>
22683 </blockquote>
22684
22685 <hr />
22686 <h3 id="netbsd81rc1isouthttpswwwnetbsdorgreleasesformal8netbsd81html"><a href="https://www.netbsd.org/releases/formal-8/NetBSD-8.1.html">NetBSD 8.1 RC1 is out</a></h3>
22687
22688 <blockquote>
22689 <p>The NetBSD Project is pleased to announce NetBSD 8.1, the first update of the NetBSD 8 release branch. It represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements.</p>
22690
22691 <p>Some highlights of the 8.1 release are:</p>
22692 </blockquote>
22693
22694 <ul>
22695 <li>x86: Mitigation for INTEL-SA-00233 (MDS)</li>
22696
22697 <li>Various local user kernel data leaks fixed.</li>
22698
22699 <li>x86: new rc.conf(5) setting smtoff to disable Simultaneous Multi-Threading</li>
22700
22701 <li>Various network driver fixes and improvements.</li>
22702
22703 <li>Fixes for thread local storage (TLS) in position independent executables (PIE).</li>
22704
22705 <li>Fixes to reproducible builds.</li>
22706
22707 <li>Fixed a performance regression in tmpfs.</li>
22708
22709 <li>DRM/KMS improvements.</li>
22710
22711 <li>bwfm(4) wireless driver for Broadcom FullMAC PCI and USB devices added.</li>
22712
22713 <li>Various sh(1) fixes.</li>
22714
22715 <li>mfii(4) SAS driver added.</li>
22716
22717 <li>hcpcd(8) updated to 7.2.2</li>
22718
22719 <li>httpd(8) updated.</li>
22720 </ul>
22721
22722 <hr />
22723 <h3 id="freenasasyourserveroshttpswwwixsystemscomblogfreenasasyourserveros"><a href="https://www.ixsystems.com/blog/freenas-as-your-server-os/">FreeNAS as your Server OS</a></h3>
22724
22725 <blockquote>
22726 <p>What if you could have a server OS that had built in RAID, NAS and SAN functionality, and could manage packages, containers and VMs in a GUI? What if that server OS was also free to download and install? Wouldn’t that be kind of awesome? Wouldn’t that be FreeNAS?
22727 FreeNAS is the world’s number one, open source storage OS, but it also comes equipped with all the jails, plugins, and VMs you need to run additional server-level services for things like email and web site hosting. File, Block, and even Object storage is all built-in and can be enabled with a few clicks. The ZFS file system scales to more drives than you could ever buy, with no limits for dataset sizes, snapshots, and restores.
22728 FreeNAS is also 100% FreeBSD. This is the OS used in the Netflix CDN, your PS4, and the basis for iOS. Set up a jail and get started downloading packages like Apache or NGINX for web hosting or Postfix for email service.
22729 Just released, our new TrueCommand management platform also streamlines alerts and enables multi-system monitoring.</p>
22730 </blockquote>
22731
22732 <hr />
22733 <h2 id="beastiebits">Beastie Bits</h2>
22734
22735 <ul>
22736 <li><a href="https://www.babaei.net/blog/keep-crashing-daemons-running-on-freebsd/">Keep Crashing Daemons Running on FreeBSD</a></li>
22737
22738 <li><a href="https://old.reddit.com/r/freebsd/comments/btksgf/look_what_i_found_today_my_first_set_of_bsd_cds/">Look what I found today... my first set of BSD CDs...</a></li>
22739
22740 <li><a href="https://wiki.netbsd.org/security/intel_mds/">NetBSD - Intel MDS</a></li>
22741
22742 <li><a href="https://lists.freebsd.org/pipermail/freebsd-stable/2019-May/091227.html">FreeBSD 11.3-BETA2 -- Please test!</a></li>
22743 </ul>
22744
22745 <hr />
22746 <h2 id="feedbackquestions">Feedback/Questions</h2>
22747
22748 <ul>
22749 <li>Anthony - <a href="http://dpaste.com/33S61HH#wrap">Question</a></li>
22750
22751 <li>Guntbert - <a href="http://dpaste.com/0NDACM2">Podcast</a></li>
22752
22753 <li>Guillaume - <a href="http://dpaste.com/0N3Q9TN">Another suggestion for Ales from Serbia</a></li>
22754 </ul>
22755
22756 <hr />
22757 <ul>
22758 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
22759 </ul>
22760
22761 <hr />
22762 <video controls preload="metadata" style=" width:426px; height:240px;">
22763 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0301.mp4" type="video/mp4">
22764 Your browser does not support the HTML5 video tag.
22765 </video>
22766 </description>
22767 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, omniOS, pfsense, p3</itunes:keywords>
22768 <content:encoded>
22769 <![CDATA[<p>GPU passthrough on bhyve, confusion with used/free disk space on ZFS, OmniOS Community Edition, pfSense 2.4.4 Release p3, NetBSD 8.1 RC1, FreeNAS as your Server OS, and more.</p>
22770
22771 <h2 id="headlines">Headlines</h2>
22772
22773 <h3 id="gpupassthroughreportedworkingonbhyvehttpspassthroughpostgpupassthroughreportedworkingonbhyve"><a href="https://passthroughpo.st/gpu-passthrough-reported-working-on-bhyve/">GPU Passthrough Reported Working on Bhyve</a></h3>
22774
22775 <blockquote>
22776 <p>Normally we cover news focused on KVM and sometimes Xen, but something very special has happened with their younger cousin in the BSD world, Bhyve.
22777 For those that don’t know, Bhyve (pronounced bee-hive) is the native hypervisor in FreeBSD. It has many powerful features, but one that’s been a pain point for some years now is VGA passthrough. Consumer GPUs have not been useable until very recently despite limited success with enterprise cards.
22778 However, Twitter user Michael Yuji found a workaround that enables passing through a consumer card to any *nix system configured to use X11:</p>
22779 </blockquote>
22780
22781 <ul>
22782 <li>https://twitter.com/michael_yuji/status/1127136891365658625</li>
22783 </ul>
22784
22785 <blockquote>
22786 <p>All you have to do is add a line pointing the X server to the Bus ID of the passed card and the VM will boot, with acceleration and everything. He theorizes that this may not be possible on windows because of the way it looks for display devices, but it’s a solid start.
22787 As soon as development surrounding VGA passthrough matures on Bhyve, it will become a very attractive alternative to more common tools like Hyper-V and Qemu, because it makes many powerful features available in the host system like jails, boot environments, BSD networking, and tight ZFS integration. For example, you could potentially run your Router, NAS, preferred workstation OS and any number of other things in one box, and only have to spin up a single VM because of the flexibility afforded by jails over Linux-based containers.
22788 The user who found this workaround also announced they’d be writing it up at some point, so stay tuned for details on the process.
22789 It’s been slow going on Bhyve passthrough development for a while, but this new revelation is encouraging. We’ll be closely monitoring the situation and report on any other happenings.</p>
22790
22791 <hr />
22792 </blockquote>
22793
22794 <h3 id="confusionwithusedfreediskspaceinzfshttpsoshogbovexilliumorgblog65"><a href="https://oshogbo.vexillium.org/blog/65/">Confusion with used/free disk space in ZFS</a></h3>
22795
22796 <blockquote>
22797 <p>I use ZFS extensively. ZFS is my favorite file system. I write articles and give lectures about it. I work with it every day. In traditional file systems we use df(1) to determine free space on partitions. We can also use du(1) to count the size of the files in the directory. But it’s different on ZFS and this is the most confusing thing EVER. I always forget which tool reports what disk space usage! Every time somebody asks me, I need to google it. For this reason I decided to document it here - for myself - because if I can’t remember it at least I will not need to google it, as it will be on my blog, but maybe you will also benefit from this blog post if you have the same problem or you are starting your journey with ZFS.</p>
22798
22799 <p>The understanding of how ZFS is uses space and how to determine which value means what is a crucial thing. I hope thanks to this article I will finally remember it!</p>
22800 </blockquote>
22801
22802 <p><hr /></p>
22803
22804 <h2 id="newsroundup">News Roundup</h2>
22805
22806 <h3 id="omnioscommunityeditionhttpsomniosceorgarticlerelease030html"><a href="https://omniosce.org/article/release-030.html">OmniOS Community Edition</a></h3>
22807
22808 <blockquote>
22809 <p>The OmniOS Community Edition Association is proud to announce the general availability of OmniOS - r151030.
22810 OmniOS is published according to a 6-month release cycle, r151030 LTS takes over from r151028, published in November 2018; and since it is a LTS release it also takes over from r151022. The r151030 LTS release will be supported for 3 Years. It is the first LTS release published by the OmniOS CE Association since taking over the reins from OmniTI in 2017. The next LTS release is scheduled for May 2021. The old stable r151026 release is now end-of-life. See the release schedule for further details.
22811 This is only a small selection of the new features, and bug fixes in the new release; review the release notes for full details.
22812 If you upgrade from r22 and want to see all new features added since then, make sure to also read the release notes for r24, r26 and r28.
22813 The OmniOS team and the illumos community have been very active in creating new features and improving existing ones over the last 6 months.</p>
22814 </blockquote>
22815
22816 <p><hr /></p>
22817
22818 <h3 id="pfsense244releasep3isavailablehttpswwwnetgatecomblogpfsense244releasep3nowavailablehtml"><a href="https://www.netgate.com/blog/pfsense-2-4-4-release-p3-now-available.html">pfSense 2.4.4 Release p3 is available</a></h3>
22819
22820 <blockquote>
22821 <p>We are pleased to announce the release of pfSense® software version 2.4.4-p3, now available for new installations and upgrades!
22822 pfSense software version 2.4.4-p3 is a maintenance release, bringing a number of security enhancements as well as a handful of fixes for issues present in the 2.4.4-p2 release.
22823 pfSense 2.4.4-RELEASE-p3 updates and installation images are available now!
22824 To see a complete list of changes and find more detail, see the Release Notes.
22825 We had hoped to bring you this release a few days earlier, but given the announcement last Tuesday of the Intel Microarchitectural Data Sampling (MDS) issue, we did not have sufficient time to fully incorporate those corrections and properly test for release on Thursday. We felt that it was worth delaying for a few days, rather than making multiple releases within a week.</p>
22826 </blockquote>
22827
22828 <ul>
22829 <li>Upgrade Notes</li>
22830 </ul>
22831
22832 <blockquote>
22833 <p>Due to the significant nature of the changes in 2.4.4 and later,
22834 warnings and error messages, particularly from PHP and package updates, are likely to occur during the upgrade process. In nearly all cases these errors are a harmless side effect of the changes between FreeBSD 11.1 and 11.2 and between PHP 5.6 and PHP 7.2.
22835 Always take a backup of the firewall configuration prior to any major change to the firewall, such as an upgrade.
22836 Do not update packages before upgrading pfSense! Either remove all packages or do not update packages before running the upgrade.
22837 The upgrade will take several minutes to complete. The exact time varies based on download speed, hardware speed, and other factors such installed packages. Be patient during the upgrade and allow the firewall enough time to complete the entire process. After the update packages finish downloading it could take 10-20 minutes or more until the upgrade process ends. The firewall may reboot several times during the upgrade process. Monitor the upgrade from the firewall console for the most accurate view.</p>
22838 </blockquote>
22839
22840 <p><hr /></p>
22841
22842 <h3 id="netbsd81rc1isouthttpswwwnetbsdorgreleasesformal8netbsd81html"><a href="https://www.netbsd.org/releases/formal-8/NetBSD-8.1.html">NetBSD 8.1 RC1 is out</a></h3>
22843
22844 <blockquote>
22845 <p>The NetBSD Project is pleased to announce NetBSD 8.1, the first update of the NetBSD 8 release branch. It represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements.</p>
22846
22847 <p>Some highlights of the 8.1 release are:</p>
22848 </blockquote>
22849
22850 <ul>
22851 <li>x86: Mitigation for INTEL-SA-00233 (MDS)</li>
22852
22853 <li>Various local user kernel data leaks fixed.</li>
22854
22855 <li>x86: new rc.conf(5) setting smtoff to disable Simultaneous Multi-Threading</li>
22856
22857 <li>Various network driver fixes and improvements.</li>
22858
22859 <li>Fixes for thread local storage (TLS) in position independent executables (PIE).</li>
22860
22861 <li>Fixes to reproducible builds.</li>
22862
22863 <li>Fixed a performance regression in tmpfs.</li>
22864
22865 <li>DRM/KMS improvements.</li>
22866
22867 <li>bwfm(4) wireless driver for Broadcom FullMAC PCI and USB devices added.</li>
22868
22869 <li>Various sh(1) fixes.</li>
22870
22871 <li>mfii(4) SAS driver added.</li>
22872
22873 <li>hcpcd(8) updated to 7.2.2</li>
22874
22875 <li>httpd(8) updated.</li>
22876 </ul>
22877
22878 <p><hr /></p>
22879
22880 <h3 id="freenasasyourserveroshttpswwwixsystemscomblogfreenasasyourserveros"><a href="https://www.ixsystems.com/blog/freenas-as-your-server-os/">FreeNAS as your Server OS</a></h3>
22881
22882 <blockquote>
22883 <p>What if you could have a server OS that had built in RAID, NAS and SAN functionality, and could manage packages, containers and VMs in a GUI? What if that server OS was also free to download and install? Wouldn’t that be kind of awesome? Wouldn’t that be FreeNAS?
22884 FreeNAS is the world’s number one, open source storage OS, but it also comes equipped with all the jails, plugins, and VMs you need to run additional server-level services for things like email and web site hosting. File, Block, and even Object storage is all built-in and can be enabled with a few clicks. The ZFS file system scales to more drives than you could ever buy, with no limits for dataset sizes, snapshots, and restores.
22885 FreeNAS is also 100% FreeBSD. This is the OS used in the Netflix CDN, your PS4, and the basis for iOS. Set up a jail and get started downloading packages like Apache or NGINX for web hosting or Postfix for email service.
22886 Just released, our new TrueCommand management platform also streamlines alerts and enables multi-system monitoring.</p>
22887 </blockquote>
22888
22889 <p><hr /></p>
22890
22891 <h2 id="beastiebits">Beastie Bits</h2>
22892
22893 <ul>
22894 <li><a href="https://www.babaei.net/blog/keep-crashing-daemons-running-on-freebsd/">Keep Crashing Daemons Running on FreeBSD</a></li>
22895
22896 <li><a href="https://old.reddit.com/r/freebsd/comments/btksgf/look_what_i_found_today_my_first_set_of_bsd_cds/">Look what I found today... my first set of BSD CDs...</a></li>
22897
22898 <li><a href="https://wiki.netbsd.org/security/intel_mds/">NetBSD - Intel MDS</a></li>
22899
22900 <li><a href="https://lists.freebsd.org/pipermail/freebsd-stable/2019-May/091227.html">FreeBSD 11.3-BETA2 -- Please test!</a></li>
22901 </ul>
22902
22903 <p><hr /></p>
22904
22905 <h2 id="feedbackquestions">Feedback/Questions</h2>
22906
22907 <ul>
22908 <li>Anthony - <a href="http://dpaste.com/33S61HH#wrap">Question</a></li>
22909
22910 <li>Guntbert - <a href="http://dpaste.com/0NDACM2">Podcast</a></li>
22911
22912 <li>Guillaume - <a href="http://dpaste.com/0N3Q9TN">Another suggestion for Ales from Serbia</a></li>
22913 </ul>
22914
22915 <p><hr /></p>
22916
22917 <ul>
22918 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
22919 </ul>
22920
22921 <p><hr /></p>
22922
22923 <video controls preload="metadata" style=" width:426px; height:240px;">
22924 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0301.mp4" type="video/mp4">
22925 Your browser does not support the HTML5 video tag.
22926 </video>]]>
22927 </content:encoded>
22928 <itunes:summary>
22929 <![CDATA[<p>GPU passthrough on bhyve, confusion with used/free disk space on ZFS, OmniOS Community Edition, pfSense 2.4.4 Release p3, NetBSD 8.1 RC1, FreeNAS as your Server OS, and more.</p>
22930
22931 <h2 id="headlines">Headlines</h2>
22932
22933 <h3 id="gpupassthroughreportedworkingonbhyvehttpspassthroughpostgpupassthroughreportedworkingonbhyve"><a href="https://passthroughpo.st/gpu-passthrough-reported-working-on-bhyve/">GPU Passthrough Reported Working on Bhyve</a></h3>
22934
22935 <blockquote>
22936 <p>Normally we cover news focused on KVM and sometimes Xen, but something very special has happened with their younger cousin in the BSD world, Bhyve.
22937 For those that don’t know, Bhyve (pronounced bee-hive) is the native hypervisor in FreeBSD. It has many powerful features, but one that’s been a pain point for some years now is VGA passthrough. Consumer GPUs have not been useable until very recently despite limited success with enterprise cards.
22938 However, Twitter user Michael Yuji found a workaround that enables passing through a consumer card to any *nix system configured to use X11:</p>
22939 </blockquote>
22940
22941 <ul>
22942 <li>https://twitter.com/michael_yuji/status/1127136891365658625</li>
22943 </ul>
22944
22945 <blockquote>
22946 <p>All you have to do is add a line pointing the X server to the Bus ID of the passed card and the VM will boot, with acceleration and everything. He theorizes that this may not be possible on windows because of the way it looks for display devices, but it’s a solid start.
22947 As soon as development surrounding VGA passthrough matures on Bhyve, it will become a very attractive alternative to more common tools like Hyper-V and Qemu, because it makes many powerful features available in the host system like jails, boot environments, BSD networking, and tight ZFS integration. For example, you could potentially run your Router, NAS, preferred workstation OS and any number of other things in one box, and only have to spin up a single VM because of the flexibility afforded by jails over Linux-based containers.
22948 The user who found this workaround also announced they’d be writing it up at some point, so stay tuned for details on the process.
22949 It’s been slow going on Bhyve passthrough development for a while, but this new revelation is encouraging. We’ll be closely monitoring the situation and report on any other happenings.</p>
22950
22951 <hr />
22952 </blockquote>
22953
22954 <h3 id="confusionwithusedfreediskspaceinzfshttpsoshogbovexilliumorgblog65"><a href="https://oshogbo.vexillium.org/blog/65/">Confusion with used/free disk space in ZFS</a></h3>
22955
22956 <blockquote>
22957 <p>I use ZFS extensively. ZFS is my favorite file system. I write articles and give lectures about it. I work with it every day. In traditional file systems we use df(1) to determine free space on partitions. We can also use du(1) to count the size of the files in the directory. But it’s different on ZFS and this is the most confusing thing EVER. I always forget which tool reports what disk space usage! Every time somebody asks me, I need to google it. For this reason I decided to document it here - for myself - because if I can’t remember it at least I will not need to google it, as it will be on my blog, but maybe you will also benefit from this blog post if you have the same problem or you are starting your journey with ZFS.</p>
22958
22959 <p>The understanding of how ZFS is uses space and how to determine which value means what is a crucial thing. I hope thanks to this article I will finally remember it!</p>
22960 </blockquote>
22961
22962 <p><hr /></p>
22963
22964 <h2 id="newsroundup">News Roundup</h2>
22965
22966 <h3 id="omnioscommunityeditionhttpsomniosceorgarticlerelease030html"><a href="https://omniosce.org/article/release-030.html">OmniOS Community Edition</a></h3>
22967
22968 <blockquote>
22969 <p>The OmniOS Community Edition Association is proud to announce the general availability of OmniOS - r151030.
22970 OmniOS is published according to a 6-month release cycle, r151030 LTS takes over from r151028, published in November 2018; and since it is a LTS release it also takes over from r151022. The r151030 LTS release will be supported for 3 Years. It is the first LTS release published by the OmniOS CE Association since taking over the reins from OmniTI in 2017. The next LTS release is scheduled for May 2021. The old stable r151026 release is now end-of-life. See the release schedule for further details.
22971 This is only a small selection of the new features, and bug fixes in the new release; review the release notes for full details.
22972 If you upgrade from r22 and want to see all new features added since then, make sure to also read the release notes for r24, r26 and r28.
22973 The OmniOS team and the illumos community have been very active in creating new features and improving existing ones over the last 6 months.</p>
22974 </blockquote>
22975
22976 <p><hr /></p>
22977
22978 <h3 id="pfsense244releasep3isavailablehttpswwwnetgatecomblogpfsense244releasep3nowavailablehtml"><a href="https://www.netgate.com/blog/pfsense-2-4-4-release-p3-now-available.html">pfSense 2.4.4 Release p3 is available</a></h3>
22979
22980 <blockquote>
22981 <p>We are pleased to announce the release of pfSense® software version 2.4.4-p3, now available for new installations and upgrades!
22982 pfSense software version 2.4.4-p3 is a maintenance release, bringing a number of security enhancements as well as a handful of fixes for issues present in the 2.4.4-p2 release.
22983 pfSense 2.4.4-RELEASE-p3 updates and installation images are available now!
22984 To see a complete list of changes and find more detail, see the Release Notes.
22985 We had hoped to bring you this release a few days earlier, but given the announcement last Tuesday of the Intel Microarchitectural Data Sampling (MDS) issue, we did not have sufficient time to fully incorporate those corrections and properly test for release on Thursday. We felt that it was worth delaying for a few days, rather than making multiple releases within a week.</p>
22986 </blockquote>
22987
22988 <ul>
22989 <li>Upgrade Notes</li>
22990 </ul>
22991
22992 <blockquote>
22993 <p>Due to the significant nature of the changes in 2.4.4 and later,
22994 warnings and error messages, particularly from PHP and package updates, are likely to occur during the upgrade process. In nearly all cases these errors are a harmless side effect of the changes between FreeBSD 11.1 and 11.2 and between PHP 5.6 and PHP 7.2.
22995 Always take a backup of the firewall configuration prior to any major change to the firewall, such as an upgrade.
22996 Do not update packages before upgrading pfSense! Either remove all packages or do not update packages before running the upgrade.
22997 The upgrade will take several minutes to complete. The exact time varies based on download speed, hardware speed, and other factors such installed packages. Be patient during the upgrade and allow the firewall enough time to complete the entire process. After the update packages finish downloading it could take 10-20 minutes or more until the upgrade process ends. The firewall may reboot several times during the upgrade process. Monitor the upgrade from the firewall console for the most accurate view.</p>
22998 </blockquote>
22999
23000 <p><hr /></p>
23001
23002 <h3 id="netbsd81rc1isouthttpswwwnetbsdorgreleasesformal8netbsd81html"><a href="https://www.netbsd.org/releases/formal-8/NetBSD-8.1.html">NetBSD 8.1 RC1 is out</a></h3>
23003
23004 <blockquote>
23005 <p>The NetBSD Project is pleased to announce NetBSD 8.1, the first update of the NetBSD 8 release branch. It represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements.</p>
23006
23007 <p>Some highlights of the 8.1 release are:</p>
23008 </blockquote>
23009
23010 <ul>
23011 <li>x86: Mitigation for INTEL-SA-00233 (MDS)</li>
23012
23013 <li>Various local user kernel data leaks fixed.</li>
23014
23015 <li>x86: new rc.conf(5) setting smtoff to disable Simultaneous Multi-Threading</li>
23016
23017 <li>Various network driver fixes and improvements.</li>
23018
23019 <li>Fixes for thread local storage (TLS) in position independent executables (PIE).</li>
23020
23021 <li>Fixes to reproducible builds.</li>
23022
23023 <li>Fixed a performance regression in tmpfs.</li>
23024
23025 <li>DRM/KMS improvements.</li>
23026
23027 <li>bwfm(4) wireless driver for Broadcom FullMAC PCI and USB devices added.</li>
23028
23029 <li>Various sh(1) fixes.</li>
23030
23031 <li>mfii(4) SAS driver added.</li>
23032
23033 <li>hcpcd(8) updated to 7.2.2</li>
23034
23035 <li>httpd(8) updated.</li>
23036 </ul>
23037
23038 <p><hr /></p>
23039
23040 <h3 id="freenasasyourserveroshttpswwwixsystemscomblogfreenasasyourserveros"><a href="https://www.ixsystems.com/blog/freenas-as-your-server-os/">FreeNAS as your Server OS</a></h3>
23041
23042 <blockquote>
23043 <p>What if you could have a server OS that had built in RAID, NAS and SAN functionality, and could manage packages, containers and VMs in a GUI? What if that server OS was also free to download and install? Wouldn’t that be kind of awesome? Wouldn’t that be FreeNAS?
23044 FreeNAS is the world’s number one, open source storage OS, but it also comes equipped with all the jails, plugins, and VMs you need to run additional server-level services for things like email and web site hosting. File, Block, and even Object storage is all built-in and can be enabled with a few clicks. The ZFS file system scales to more drives than you could ever buy, with no limits for dataset sizes, snapshots, and restores.
23045 FreeNAS is also 100% FreeBSD. This is the OS used in the Netflix CDN, your PS4, and the basis for iOS. Set up a jail and get started downloading packages like Apache or NGINX for web hosting or Postfix for email service.
23046 Just released, our new TrueCommand management platform also streamlines alerts and enables multi-system monitoring.</p>
23047 </blockquote>
23048
23049 <p><hr /></p>
23050
23051 <h2 id="beastiebits">Beastie Bits</h2>
23052
23053 <ul>
23054 <li><a href="https://www.babaei.net/blog/keep-crashing-daemons-running-on-freebsd/">Keep Crashing Daemons Running on FreeBSD</a></li>
23055
23056 <li><a href="https://old.reddit.com/r/freebsd/comments/btksgf/look_what_i_found_today_my_first_set_of_bsd_cds/">Look what I found today... my first set of BSD CDs...</a></li>
23057
23058 <li><a href="https://wiki.netbsd.org/security/intel_mds/">NetBSD - Intel MDS</a></li>
23059
23060 <li><a href="https://lists.freebsd.org/pipermail/freebsd-stable/2019-May/091227.html">FreeBSD 11.3-BETA2 -- Please test!</a></li>
23061 </ul>
23062
23063 <p><hr /></p>
23064
23065 <h2 id="feedbackquestions">Feedback/Questions</h2>
23066
23067 <ul>
23068 <li>Anthony - <a href="http://dpaste.com/33S61HH#wrap">Question</a></li>
23069
23070 <li>Guntbert - <a href="http://dpaste.com/0NDACM2">Podcast</a></li>
23071
23072 <li>Guillaume - <a href="http://dpaste.com/0N3Q9TN">Another suggestion for Ales from Serbia</a></li>
23073 </ul>
23074
23075 <p><hr /></p>
23076
23077 <ul>
23078 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
23079 </ul>
23080
23081 <p><hr /></p>
23082
23083 <video controls preload="metadata" style=" width:426px; height:240px;">
23084 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0301.mp4" type="video/mp4">
23085 Your browser does not support the HTML5 video tag.
23086 </video>]]>
23087 </itunes:summary>
23088 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+OlJBI_4R</fireside:playerURL>
23089 <fireside:playerEmbedCode>
23090 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+OlJBI_4R" width="740" height="200" frameborder="0" scrolling="no">]]>
23091 </fireside:playerEmbedCode>
23092 </item>
23093 <item>
23094 <title>300: The Big Three</title>
23095 <link>https://www.bsdnow.tv/300</link>
23096 <guid isPermaLink="false">f4d00ce6-8060-4be0-9049-570b73a6adbd</guid>
23097 <pubDate>Thu, 30 May 2019 09:00:00 -0700</pubDate>
23098 <author>Allan Jude</author>
23099 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/f4d00ce6-8060-4be0-9049-570b73a6adbd.mp3" length="44983170" type="audio/mp3"/>
23100 <itunes:episodeType>full</itunes:episodeType>
23101 <itunes:author>Allan Jude</itunes:author>
23102 <itunes:subtitle>FreeBSD 11.3-beta 1 is out, BSDCan 2019 recap, OpenIndiana 2019.04 is out, Overview of ZFS Pools in FreeNAS, why open source firmware is important for security, a new Opnsense release, wireguard on OpenBSD, and more. </itunes:subtitle>
23103 <itunes:duration>1:14:06</itunes:duration>
23104 <itunes:explicit>no</itunes:explicit>
23105 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
23106 <description>FreeBSD 11.3-beta 1 is out, BSDCan 2019 recap, OpenIndiana 2019.04 is out, Overview of ZFS Pools in FreeNAS, why open source firmware is important for security, a new Opnsense release, wireguard on OpenBSD, and more.
23107 <h2 id="headlines">Headlines</h2>
23108
23109 <h3 id="freebsd113b1isouthttpslistsfreebsdorgpipermailfreebsdstable2019may091210html"><a href="https://lists.freebsd.org/pipermail/freebsd-stable/2019-May/091210.html">FreeBSD 11.3-b1 is out</a></h3>
23110
23111 <h3 id="bsdcan2019recaphttpswwwbsdcanorg2019"><a href="https://www.bsdcan.org/2019/">BSDCan 2019 Recap</a></h3>
23112
23113 <ul>
23114 <li>We’re back from BSDCan and it was a packed week as always.</li>
23115
23116 <li>It started with <a href="http://bhyvecon.org/">bhyvecon</a> on Tuesday. Meanwhile, Benedict spent the whole day in productive meetings: annual FreeBSD Foundation board meeting and FreeBSD Journal editorial board meeting.</li>
23117
23118 <li>On Wednesday, tutorials for BSDCan started as well as the <a href="https://wiki.freebsd.org/DevSummit/201905">FreeBSD Developer Summit</a>. In the mornings, there were presentations in the big auditorium, while working groups about networking, failsafe bootcode, development web services, swap space management, and testing/CI were held. Friday had a similar format with an update from the FreeBSD core team and the “have, need, want” session for FreeBSD 13. In the afternoon, there were working groups about translation tools, package base, GSoC/Outreachy, or general hacking. Benedict held his Icinga tutorial in the afternoon with about 15 people attending.
23119 Devsummit presentation slides can be found on the wiki page and video recordings done by <a href="https://www.scaleengine.com/">ScaleEngine</a> are available on <a href="https://www.youtube.com/channel/UCxLxR_oW-NAmChIcSkAyZGQ">FreeBSD’s youtube channel</a>.</li>
23120
23121 <li>The conference program was a good mixture of sysadmin and tech talks across the major BSDs. Benedict saw the following talks: How ZFS snapshots really work by Matt Ahrens, 20 years in Jail by Michael W. Lucas, OpenZFS BOF session, the future of OpenZFS and FreeBSD, MQTT for system administrators by Jan-Piet Mens, and spent the rest of the time in between in the hallway track. </li>
23122
23123 <li>Photos from the event are available on <a href="https://www.talegraph.com/tales/Qg446T5bKT">Ollivier Robert’s talegraph
23124 </a> and Diane Bruce’s website for <a href="http://www.db.net/gallery/BSDCan/2019_BSDCan_day_1_web/">day 1</a>, <a href="http://www.db.net/gallery/BSDCan/2019_FreeBSD_Dev_Summit_day_2_web">day 2</a>, <a href="http://www.db.net/gallery/BSDCan/2019_BSDCan_day_1_web">conference day 1</a>, and <a href="http://www.db.net/gallery/BSDCan/2019_BSDCan_day_2_web">conference day 2</a>.</li>
23125
23126 <li>Thanks to all the sponsors, supporters, organizers, speakers, and attendees for making this yet another great BSDCan. Next year’s BSDCan will be from June 2 - 6, 2020.</li>
23127 </ul>
23128
23129 <hr />
23130 <h3 id="openindiana201904isouthttpswwwopenindianaorg20190512openindianahipster201904ishere"><a href="https://www.openindiana.org/2019/05/12/openindiana-hipster-2019-04-is-here/">OpenIndiana 2019.04 is out</a></h3>
23131
23132 <blockquote>
23133 <p>We have released a new OpenIndiana Hipster snapshot 2019.04. The noticeable changes:</p>
23134 </blockquote>
23135
23136 <ul>
23137 <li><p>Firefox was updated to 60.6.3 ESR</p></li>
23138
23139 <li><p>Virtualbox packages were added (including guest additions)</p></li>
23140
23141 <li><p>Mate was updated to 1.22</p></li>
23142
23143 <li><p>IPS has received updates from OmniOS CE and Oracle IPS repos, including automatic boot environment naming</p></li>
23144
23145 <li><p>Some OI-specific applications have been ported from Python 2.7/GTK 2 to Python 3.5/GTK 3</p></li>
23146
23147 <li><p>Quick Demo Video: https://www.youtube.com/watch?v=tQ0-fo3XNrg</p></li>
23148 </ul>
23149
23150 <hr />
23151 <h2 id="newsroundup">News Roundup</h2>
23152
23153 <h3 id="overviewofzfspoolsinfreenashttpswwwixsystemscomblogzfspoolsinfreenas"><a href="https://www.ixsystems.com/blog/zfs-pools-in-freenas/">Overview of ZFS Pools in FreeNAS</a></h3>
23154
23155 <blockquote>
23156 <p>FreeNAS uses the OpenZFS (ZFS) file system, which handles both disk and volume management. ZFS offers RAID options mirror, stripe, and its own parity distribution called RAIDZ that functions like RAID5 on hardware RAID. The file system is extremely flexible and secure, with various drive combinations, checksums, snapshots, and replication all possible. For a deeper dive on ZFS technology, read the ZFS Primer section of the FreeNAS documentation.</p>
23157
23158 <p>SUGGEST LAYOUT attempts to balance usable capacity and redundancy by automatically choosing an ideal vdev layout for the number of available disks.</p>
23159 </blockquote>
23160
23161 <ul>
23162 <li>The following vdev layout options are available when creating a pool:
23163
23164
23165 <ul>
23166 <li>Stripe data is shared on two drives, similar to RAID0)</li>
23167
23168 <li>Mirror copies data on two drives, similar to RAID1 but not limited to 2 disks)</li>
23169
23170 <li>RAIDZ1 single parity similar to RAID5</li>
23171
23172 <li>RAIDZ2 double parity similar to RAID6</li>
23173
23174 <li>RAIDZ3 which uses triple parity and has no RAID equivalent</li></ul>
23175 </li>
23176 </ul>
23177
23178 <hr />
23179 <h3 id="whyopensourcefirmwareisimportantforsecurityhttpsblogjessfrazcompostwhyopensourcefirmwareisimportantforsecurity"><a href="https://blog.jessfraz.com/post/why-open-source-firmware-is-important-for-security/">Why OpenSource Firmware is Important for Security</a></h3>
23180
23181 <ul>
23182 <li>Roots of Trust</li>
23183 </ul>
23184
23185 <blockquote>
23186 <p>The goal of the root of trust should be to verify that the software installed in every component of the hardware is the software that was intended. This way you can know without a doubt and verify if hardware has been hacked. Since we have very little to no visibility into the code running in a lot of places in our hardware it is hard to do this. How do we really know that the firmware in a component is not vulnerable or that is doesn’t have any backdoors? Well we can’t. Not unless it was all open source.
23187 Every cloud and vendor seems to have their own way of doing a root of trust. Microsoft has Cerberus, Google has Titan, and Amazon has Nitro. These seem to assume an explicit amount of trust in the proprietary code (the code we cannot see). This leaves me with not a great feeling. Wouldn’t it be better to be able to use all open source code? Then we could verify without a doubt that the code you can read and build yourself is the same code running on hardware for all the various places we have firmware. We could then verify that a machine was in a correct state without a doubt of it being vulnerable or with a backdoor.
23188 It makes me wonder what the smaller cloud providers like DigitalOcean or Packet have for a root of trust. Often times we only hear of these projects from the big three or five. </p>
23189 </blockquote>
23190
23191 <hr />
23192 <h3 id="opnsensehttpsopnsenseorgopnsense1918released"><a href="https://opnsense.org/opnsense-19-1-8-released/">OPNsense</a></h3>
23193
23194 <blockquote>
23195 <p>This update addresses several privilege escalation issues in the access control implementation and new memory disclosure issues in Intel CPUs. We would like to thank Arnaud Cordier and Bill Marquette for the top-notch reports and coordination.</p>
23196 </blockquote>
23197
23198 <ul>
23199 <li><p>Here are the full patch notes:</p></li>
23200
23201 <li><p>system: address CVE-2019-11816 privilege escalation bugs[1] (reported by Arnaud Cordier)</p></li>
23202
23203 <li><p>system: /etc/hosts generation without interface<em>has</em>gateway()</p></li>
23204
23205 <li><p>system: show correct timestamp in config restore save message (contributed by nhirokinet)</p></li>
23206
23207 <li><p>system: list the commands for the pluginctl utility when n+ argument is given</p></li>
23208
23209 <li><p>system: introduce and use userIsAdmin() helper function instead of checking for 'page-all' privilege directly</p></li>
23210
23211 <li><p>system: use absolute path in widget ACLs (reported by Netgate)</p></li>
23212
23213 <li><p>system: RRD-related cleanups for less code exposure</p></li>
23214
23215 <li><p>interfaces: add EN DUID Generation using OPNsense PEN (contributed by Team Rebellion)</p></li>
23216
23217 <li><p>interfaces: replace legacy<em>getall</em>interface_addresses() usage</p></li>
23218
23219 <li><p>firewall: fix port validation in aliases with leading / trailing spaces</p></li>
23220
23221 <li><p>firewall: fix outbound NAT translation display in overview page</p></li>
23222
23223 <li><p>firewall: prevent CARP outgoing packets from using the configured gateway</p></li>
23224
23225 <li><p>firewall: use CARP net.inet.carp.demotion to control current demotion in status page</p></li>
23226
23227 <li><p>firewall: stop live log poller on error result</p></li>
23228
23229 <li><p>dhcpd: change rule priority to 1 to avoid bogon clash</p></li>
23230
23231 <li><p>dnsmasq: only admins may edit custom options field</p></li>
23232
23233 <li><p>firmware: use insecure mode for base and kernel sets when package fingerprints are disabled</p></li>
23234
23235 <li><p>firmware: add optional device support for base and kernel sets</p></li>
23236
23237 <li><p>firmware: add Hostcentral mirror (HTTP, Melbourne, Australia)</p></li>
23238
23239 <li><p>ipsec: always reset rightallowany to default when writing configuration</p></li>
23240
23241 <li><p>lang: say "hola" to Spanish as the newest available GUI language</p></li>
23242
23243 <li><p>lang: updates for Chinese, Czech, Japanese, German, French, Russian and Portuguese</p></li>
23244
23245 <li><p>network time: only admins may edit custom options field</p></li>
23246
23247 <li><p>openvpn: call openvpn<em>refresh</em>crls() indirectly via plugin_configure() for less code exposure</p></li>
23248
23249 <li><p>openvpn: only admins may edit custom options field to prevent privilege escalation (reported by Bill Marquette)</p></li>
23250
23251 <li><p>openvpn: remove custom options field from wizard</p></li>
23252
23253 <li><p>unbound: only admins may edit custom options field</p></li>
23254
23255 <li><p>wizard: translate typehint as well</p></li>
23256
23257 <li><p>plugins: os-freeradius 1.9.3 fixes string interpolation in LDAP filters (contributed by theq86)</p></li>
23258
23259 <li><p>plugins: os-nginx 1.12[2]</p></li>
23260
23261 <li><p>plugins: os-theme-cicada 1.17 (contributed by Team Rebellion)</p></li>
23262
23263 <li><p>plugins: os-theme-tukan 1.17 (contributed by Team Rebellion)</p></li>
23264
23265 <li><p>src: timezone database information update[3]</p></li>
23266
23267 <li><p>src: install(1) broken with partially matching relative paths[4]</p></li>
23268
23269 <li><p>src: microarchitectural Data Sampling (MDS) mitigation[5]</p></li>
23270
23271 <li><p>ports: ca<em>root</em>nss 3.44</p></li>
23272
23273 <li><p>ports: php 7.2.18[6]</p></li>
23274
23275 <li><p>ports: sqlite 3.28.0[7]</p></li>
23276
23277 <li><p>ports: strongswan custom XAuth generic patch removed</p></li>
23278 </ul>
23279
23280 <hr />
23281 <h3 id="wiregaurdonopenbsdhttpsblogjasperlawireguardonopenbsdhtml"><a href="https://blog.jasper.la/wireguard-on-openbsd.html">wiregaurd on OpenBSD</a></h3>
23282
23283 <blockquote>
23284 <p>Earlier this week I imported a port for WireGuard into the OpenBSD ports tree. At the moment we have the userland daemon and the tools available. The in-kernel implementation is only available for Linux. At the time of writing there are packages available for -current.
23285 Jason A. Donenfeld (WireGuard author) has worked to support OpenBSD in WireGuard and as such his post on ports@ last year got me interested in WireGuard, since then others have toyed with WireGuard on OpenBSD before and as such I've used Ted's article as a reference. Note however that some of the options mentioned there are no longer valid. Also, I'll be using two OpenBSD peers here.
23286 The setup will be as follows: two OpenBSD peers, of which we'll dub wg1 the server and wg2 the client. The WireGuard service on wg1 is listening on 100.64.4.3:51820.</p>
23287 </blockquote>
23288
23289 <ul>
23290 <li>Conclusion</li>
23291 </ul>
23292
23293 <blockquote>
23294 <p>WireGuard (cl)aims to be easier to setup and faster than OpenVPN and while I haven't been able to verify the latter, the first is certainly true...once you've figured it out. Most documentation out there is for Linux so I had to figure out the wireguard<em>go service and the tun parameters. But all in all, sure, it's easier. Especially the client configuration on iOS which I didn't cover here because it's essentially pkg</em>add libqrencode ; cat client.conf | qrencode -t ansiutf8, scan the code with the WireGuard app and you're good to go. What is particularly neat is that WireGuard on iOS supports Always-on.</p>
23295 </blockquote>
23296
23297 <hr />
23298 <h2 id="beastiebits">Beastie Bits</h2>
23299
23300 <ul>
23301 <li><a href="https://github.com/SerenityOS/serenity">Serenity OS</a></li>
23302
23303 <li><a href="https://www.dragonflydigest.com/2019/05/27/22985.html">vkernels vs pmap</a></li>
23304
23305 <li><a href="https://www.youtube.com/watch?v=EY6q5dv_B-o">Brian Kernighan interviews Ken Thompson</a></li>
23306
23307 <li><a href="http://blog.netbsd.org/tnf/entry/improvements_in_forking_threading_and">Improvements in forking, threading, and signal code</a></li>
23308
23309 <li><a href="https://www.dragonflydigest.com/2019/05/21/22946.html">DragonFly 5.4.3</a></li>
23310
23311 <li><a href="https://magazine.odroid.com/article/netbsd-for-the-the-odroid-c2/">NetBSD on the Odroid C2</a></li>
23312 </ul>
23313
23314 <hr />
23315 <h2 id="feedbackquestions">Feedback/Questions</h2>
23316
23317 <ul>
23318 <li>Paulo - <a href="http://dpaste.com/3VXMGX8">Laptops</a></li>
23319
23320 <li>A Listener - <a href="http://dpaste.com/0SWJNRX#wrap">Thanks</a></li>
23321
23322 <li>Bostjan - <a href="http://dpaste.com/35NRF40#wrap">Extend a pool and lower RAM footprint</a></li>
23323 </ul>
23324
23325 <hr />
23326 <ul>
23327 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
23328 </ul>
23329
23330 <hr />
23331 <video controls preload="metadata" style=" width:426px; height:240px;">
23332 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0300.mp4" type="video/mp4">
23333 Your browser does not support the HTML5 video tag.
23334 </video>
23335 </description>
23336 <itunes:keywords> freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, bsdcan, zfs, openindiana, freenas, firmware, wireguard</itunes:keywords>
23337 <content:encoded>
23338 <![CDATA[<p>FreeBSD 11.3-beta 1 is out, BSDCan 2019 recap, OpenIndiana 2019.04 is out, Overview of ZFS Pools in FreeNAS, why open source firmware is important for security, a new Opnsense release, wireguard on OpenBSD, and more. </p>
23339
23340 <h2 id="headlines">Headlines</h2>
23341
23342 <h3 id="freebsd113b1isouthttpslistsfreebsdorgpipermailfreebsdstable2019may091210html"><a href="https://lists.freebsd.org/pipermail/freebsd-stable/2019-May/091210.html">FreeBSD 11.3-b1 is out</a></h3>
23343
23344 <h3 id="bsdcan2019recaphttpswwwbsdcanorg2019"><a href="https://www.bsdcan.org/2019/">BSDCan 2019 Recap</a></h3>
23345
23346 <ul>
23347 <li>We’re back from BSDCan and it was a packed week as always.</li>
23348
23349 <li>It started with <a href="http://bhyvecon.org/">bhyvecon</a> on Tuesday. Meanwhile, Benedict spent the whole day in productive meetings: annual FreeBSD Foundation board meeting and FreeBSD Journal editorial board meeting.</li>
23350
23351 <li>On Wednesday, tutorials for BSDCan started as well as the <a href="https://wiki.freebsd.org/DevSummit/201905">FreeBSD Developer Summit</a>. In the mornings, there were presentations in the big auditorium, while working groups about networking, failsafe bootcode, development web services, swap space management, and testing/CI were held. Friday had a similar format with an update from the FreeBSD core team and the “have, need, want” session for FreeBSD 13. In the afternoon, there were working groups about translation tools, package base, GSoC/Outreachy, or general hacking. Benedict held his Icinga tutorial in the afternoon with about 15 people attending.
23352 Devsummit presentation slides can be found on the wiki page and video recordings done by <a href="https://www.scaleengine.com/">ScaleEngine</a> are available on <a href="https://www.youtube.com/channel/UCxLxR_oW-NAmChIcSkAyZGQ">FreeBSD’s youtube channel</a>.</li>
23353
23354 <li>The conference program was a good mixture of sysadmin and tech talks across the major BSDs. Benedict saw the following talks: How ZFS snapshots really work by Matt Ahrens, 20 years in Jail by Michael W. Lucas, OpenZFS BOF session, the future of OpenZFS and FreeBSD, MQTT for system administrators by Jan-Piet Mens, and spent the rest of the time in between in the hallway track. </li>
23355
23356 <li>Photos from the event are available on <a href="https://www.talegraph.com/tales/Qg446T5bKT">Ollivier Robert’s talegraph
23357 </a> and Diane Bruce’s website for <a href="http://www.db.net/gallery/BSDCan/2019_BSDCan_day_1_web/">day 1</a>, <a href="http://www.db.net/gallery/BSDCan/2019_FreeBSD_Dev_Summit_day_2_web">day 2</a>, <a href="http://www.db.net/gallery/BSDCan/2019_BSDCan_day_1_web">conference day 1</a>, and <a href="http://www.db.net/gallery/BSDCan/2019_BSDCan_day_2_web">conference day 2</a>.</li>
23358
23359 <li>Thanks to all the sponsors, supporters, organizers, speakers, and attendees for making this yet another great BSDCan. Next year’s BSDCan will be from June 2 - 6, 2020.</li>
23360 </ul>
23361
23362 <p><hr /></p>
23363
23364 <h3 id="openindiana201904isouthttpswwwopenindianaorg20190512openindianahipster201904ishere"><a href="https://www.openindiana.org/2019/05/12/openindiana-hipster-2019-04-is-here/">OpenIndiana 2019.04 is out</a></h3>
23365
23366 <blockquote>
23367 <p>We have released a new OpenIndiana Hipster snapshot 2019.04. The noticeable changes:</p>
23368 </blockquote>
23369
23370 <ul>
23371 <li><p>Firefox was updated to 60.6.3 ESR</p></li>
23372
23373 <li><p>Virtualbox packages were added (including guest additions)</p></li>
23374
23375 <li><p>Mate was updated to 1.22</p></li>
23376
23377 <li><p>IPS has received updates from OmniOS CE and Oracle IPS repos, including automatic boot environment naming</p></li>
23378
23379 <li><p>Some OI-specific applications have been ported from Python 2.7/GTK 2 to Python 3.5/GTK 3</p></li>
23380
23381 <li><p>Quick Demo Video: https://www.youtube.com/watch?v=tQ0-fo3XNrg</p></li>
23382 </ul>
23383
23384 <p><hr /></p>
23385
23386 <h2 id="newsroundup">News Roundup</h2>
23387
23388 <h3 id="overviewofzfspoolsinfreenashttpswwwixsystemscomblogzfspoolsinfreenas"><a href="https://www.ixsystems.com/blog/zfs-pools-in-freenas/">Overview of ZFS Pools in FreeNAS</a></h3>
23389
23390 <blockquote>
23391 <p>FreeNAS uses the OpenZFS (ZFS) file system, which handles both disk and volume management. ZFS offers RAID options mirror, stripe, and its own parity distribution called RAIDZ that functions like RAID5 on hardware RAID. The file system is extremely flexible and secure, with various drive combinations, checksums, snapshots, and replication all possible. For a deeper dive on ZFS technology, read the ZFS Primer section of the FreeNAS documentation.</p>
23392
23393 <p>SUGGEST LAYOUT attempts to balance usable capacity and redundancy by automatically choosing an ideal vdev layout for the number of available disks.</p>
23394 </blockquote>
23395
23396 <ul>
23397 <li>The following vdev layout options are available when creating a pool:
23398
23399
23400 <ul>
23401 <li>Stripe data is shared on two drives, similar to RAID0)</li>
23402
23403 <li>Mirror copies data on two drives, similar to RAID1 but not limited to 2 disks)</li>
23404
23405 <li>RAIDZ1 single parity similar to RAID5</li>
23406
23407 <li>RAIDZ2 double parity similar to RAID6</li>
23408
23409 <li>RAIDZ3 which uses triple parity and has no RAID equivalent</li></ul>
23410 </li>
23411 </ul>
23412
23413 <p><hr /></p>
23414
23415 <h3 id="whyopensourcefirmwareisimportantforsecurityhttpsblogjessfrazcompostwhyopensourcefirmwareisimportantforsecurity"><a href="https://blog.jessfraz.com/post/why-open-source-firmware-is-important-for-security/">Why OpenSource Firmware is Important for Security</a></h3>
23416
23417 <ul>
23418 <li>Roots of Trust</li>
23419 </ul>
23420
23421 <blockquote>
23422 <p>The goal of the root of trust should be to verify that the software installed in every component of the hardware is the software that was intended. This way you can know without a doubt and verify if hardware has been hacked. Since we have very little to no visibility into the code running in a lot of places in our hardware it is hard to do this. How do we really know that the firmware in a component is not vulnerable or that is doesn’t have any backdoors? Well we can’t. Not unless it was all open source.
23423 Every cloud and vendor seems to have their own way of doing a root of trust. Microsoft has Cerberus, Google has Titan, and Amazon has Nitro. These seem to assume an explicit amount of trust in the proprietary code (the code we cannot see). This leaves me with not a great feeling. Wouldn’t it be better to be able to use all open source code? Then we could verify without a doubt that the code you can read and build yourself is the same code running on hardware for all the various places we have firmware. We could then verify that a machine was in a correct state without a doubt of it being vulnerable or with a backdoor.
23424 It makes me wonder what the smaller cloud providers like DigitalOcean or Packet have for a root of trust. Often times we only hear of these projects from the big three or five. </p>
23425 </blockquote>
23426
23427 <p><hr /></p>
23428
23429 <h3 id="opnsensehttpsopnsenseorgopnsense1918released"><a href="https://opnsense.org/opnsense-19-1-8-released/">OPNsense</a></h3>
23430
23431 <blockquote>
23432 <p>This update addresses several privilege escalation issues in the access control implementation and new memory disclosure issues in Intel CPUs. We would like to thank Arnaud Cordier and Bill Marquette for the top-notch reports and coordination.</p>
23433 </blockquote>
23434
23435 <ul>
23436 <li><p>Here are the full patch notes:</p></li>
23437
23438 <li><p>system: address CVE-2019-11816 privilege escalation bugs[1] (reported by Arnaud Cordier)</p></li>
23439
23440 <li><p>system: /etc/hosts generation without interface<em>has</em>gateway()</p></li>
23441
23442 <li><p>system: show correct timestamp in config restore save message (contributed by nhirokinet)</p></li>
23443
23444 <li><p>system: list the commands for the pluginctl utility when n+ argument is given</p></li>
23445
23446 <li><p>system: introduce and use userIsAdmin() helper function instead of checking for 'page-all' privilege directly</p></li>
23447
23448 <li><p>system: use absolute path in widget ACLs (reported by Netgate)</p></li>
23449
23450 <li><p>system: RRD-related cleanups for less code exposure</p></li>
23451
23452 <li><p>interfaces: add EN DUID Generation using OPNsense PEN (contributed by Team Rebellion)</p></li>
23453
23454 <li><p>interfaces: replace legacy<em>getall</em>interface_addresses() usage</p></li>
23455
23456 <li><p>firewall: fix port validation in aliases with leading / trailing spaces</p></li>
23457
23458 <li><p>firewall: fix outbound NAT translation display in overview page</p></li>
23459
23460 <li><p>firewall: prevent CARP outgoing packets from using the configured gateway</p></li>
23461
23462 <li><p>firewall: use CARP net.inet.carp.demotion to control current demotion in status page</p></li>
23463
23464 <li><p>firewall: stop live log poller on error result</p></li>
23465
23466 <li><p>dhcpd: change rule priority to 1 to avoid bogon clash</p></li>
23467
23468 <li><p>dnsmasq: only admins may edit custom options field</p></li>
23469
23470 <li><p>firmware: use insecure mode for base and kernel sets when package fingerprints are disabled</p></li>
23471
23472 <li><p>firmware: add optional device support for base and kernel sets</p></li>
23473
23474 <li><p>firmware: add Hostcentral mirror (HTTP, Melbourne, Australia)</p></li>
23475
23476 <li><p>ipsec: always reset rightallowany to default when writing configuration</p></li>
23477
23478 <li><p>lang: say "hola" to Spanish as the newest available GUI language</p></li>
23479
23480 <li><p>lang: updates for Chinese, Czech, Japanese, German, French, Russian and Portuguese</p></li>
23481
23482 <li><p>network time: only admins may edit custom options field</p></li>
23483
23484 <li><p>openvpn: call openvpn<em>refresh</em>crls() indirectly via plugin_configure() for less code exposure</p></li>
23485
23486 <li><p>openvpn: only admins may edit custom options field to prevent privilege escalation (reported by Bill Marquette)</p></li>
23487
23488 <li><p>openvpn: remove custom options field from wizard</p></li>
23489
23490 <li><p>unbound: only admins may edit custom options field</p></li>
23491
23492 <li><p>wizard: translate typehint as well</p></li>
23493
23494 <li><p>plugins: os-freeradius 1.9.3 fixes string interpolation in LDAP filters (contributed by theq86)</p></li>
23495
23496 <li><p>plugins: os-nginx 1.12[2]</p></li>
23497
23498 <li><p>plugins: os-theme-cicada 1.17 (contributed by Team Rebellion)</p></li>
23499
23500 <li><p>plugins: os-theme-tukan 1.17 (contributed by Team Rebellion)</p></li>
23501
23502 <li><p>src: timezone database information update[3]</p></li>
23503
23504 <li><p>src: install(1) broken with partially matching relative paths[4]</p></li>
23505
23506 <li><p>src: microarchitectural Data Sampling (MDS) mitigation[5]</p></li>
23507
23508 <li><p>ports: ca<em>root</em>nss 3.44</p></li>
23509
23510 <li><p>ports: php 7.2.18[6]</p></li>
23511
23512 <li><p>ports: sqlite 3.28.0[7]</p></li>
23513
23514 <li><p>ports: strongswan custom XAuth generic patch removed</p></li>
23515 </ul>
23516
23517 <p><hr /></p>
23518
23519 <h3 id="wiregaurdonopenbsdhttpsblogjasperlawireguardonopenbsdhtml"><a href="https://blog.jasper.la/wireguard-on-openbsd.html">wiregaurd on OpenBSD</a></h3>
23520
23521 <blockquote>
23522 <p>Earlier this week I imported a port for WireGuard into the OpenBSD ports tree. At the moment we have the userland daemon and the tools available. The in-kernel implementation is only available for Linux. At the time of writing there are packages available for -current.
23523 Jason A. Donenfeld (WireGuard author) has worked to support OpenBSD in WireGuard and as such his post on ports@ last year got me interested in WireGuard, since then others have toyed with WireGuard on OpenBSD before and as such I've used Ted's article as a reference. Note however that some of the options mentioned there are no longer valid. Also, I'll be using two OpenBSD peers here.
23524 The setup will be as follows: two OpenBSD peers, of which we'll dub wg1 the server and wg2 the client. The WireGuard service on wg1 is listening on 100.64.4.3:51820.</p>
23525 </blockquote>
23526
23527 <ul>
23528 <li>Conclusion</li>
23529 </ul>
23530
23531 <blockquote>
23532 <p>WireGuard (cl)aims to be easier to setup and faster than OpenVPN and while I haven't been able to verify the latter, the first is certainly true...once you've figured it out. Most documentation out there is for Linux so I had to figure out the wireguard<em>go service and the tun parameters. But all in all, sure, it's easier. Especially the client configuration on iOS which I didn't cover here because it's essentially pkg</em>add libqrencode ; cat client.conf | qrencode -t ansiutf8, scan the code with the WireGuard app and you're good to go. What is particularly neat is that WireGuard on iOS supports Always-on.</p>
23533 </blockquote>
23534
23535 <p><hr /></p>
23536
23537 <h2 id="beastiebits">Beastie Bits</h2>
23538
23539 <ul>
23540 <li><a href="https://github.com/SerenityOS/serenity">Serenity OS</a></li>
23541
23542 <li><a href="https://www.dragonflydigest.com/2019/05/27/22985.html">vkernels vs pmap</a></li>
23543
23544 <li><a href="https://www.youtube.com/watch?v=EY6q5dv_B-o">Brian Kernighan interviews Ken Thompson</a></li>
23545
23546 <li><a href="http://blog.netbsd.org/tnf/entry/improvements_in_forking_threading_and">Improvements in forking, threading, and signal code</a></li>
23547
23548 <li><a href="https://www.dragonflydigest.com/2019/05/21/22946.html">DragonFly 5.4.3</a></li>
23549
23550 <li><a href="https://magazine.odroid.com/article/netbsd-for-the-the-odroid-c2/">NetBSD on the Odroid C2</a></li>
23551 </ul>
23552
23553 <p><hr /></p>
23554
23555 <h2 id="feedbackquestions">Feedback/Questions</h2>
23556
23557 <ul>
23558 <li>Paulo - <a href="http://dpaste.com/3VXMGX8">Laptops</a></li>
23559
23560 <li>A Listener - <a href="http://dpaste.com/0SWJNRX#wrap">Thanks</a></li>
23561
23562 <li>Bostjan - <a href="http://dpaste.com/35NRF40#wrap">Extend a pool and lower RAM footprint</a></li>
23563 </ul>
23564
23565 <p><hr /></p>
23566
23567 <ul>
23568 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
23569 </ul>
23570
23571 <p><hr /></p>
23572
23573 <video controls preload="metadata" style=" width:426px; height:240px;">
23574 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0300.mp4" type="video/mp4">
23575 Your browser does not support the HTML5 video tag.
23576 </video>]]>
23577 </content:encoded>
23578 <itunes:summary>
23579 <![CDATA[<p>FreeBSD 11.3-beta 1 is out, BSDCan 2019 recap, OpenIndiana 2019.04 is out, Overview of ZFS Pools in FreeNAS, why open source firmware is important for security, a new Opnsense release, wireguard on OpenBSD, and more. </p>
23580
23581 <h2 id="headlines">Headlines</h2>
23582
23583 <h3 id="freebsd113b1isouthttpslistsfreebsdorgpipermailfreebsdstable2019may091210html"><a href="https://lists.freebsd.org/pipermail/freebsd-stable/2019-May/091210.html">FreeBSD 11.3-b1 is out</a></h3>
23584
23585 <h3 id="bsdcan2019recaphttpswwwbsdcanorg2019"><a href="https://www.bsdcan.org/2019/">BSDCan 2019 Recap</a></h3>
23586
23587 <ul>
23588 <li>We’re back from BSDCan and it was a packed week as always.</li>
23589
23590 <li>It started with <a href="http://bhyvecon.org/">bhyvecon</a> on Tuesday. Meanwhile, Benedict spent the whole day in productive meetings: annual FreeBSD Foundation board meeting and FreeBSD Journal editorial board meeting.</li>
23591
23592 <li>On Wednesday, tutorials for BSDCan started as well as the <a href="https://wiki.freebsd.org/DevSummit/201905">FreeBSD Developer Summit</a>. In the mornings, there were presentations in the big auditorium, while working groups about networking, failsafe bootcode, development web services, swap space management, and testing/CI were held. Friday had a similar format with an update from the FreeBSD core team and the “have, need, want” session for FreeBSD 13. In the afternoon, there were working groups about translation tools, package base, GSoC/Outreachy, or general hacking. Benedict held his Icinga tutorial in the afternoon with about 15 people attending.
23593 Devsummit presentation slides can be found on the wiki page and video recordings done by <a href="https://www.scaleengine.com/">ScaleEngine</a> are available on <a href="https://www.youtube.com/channel/UCxLxR_oW-NAmChIcSkAyZGQ">FreeBSD’s youtube channel</a>.</li>
23594
23595 <li>The conference program was a good mixture of sysadmin and tech talks across the major BSDs. Benedict saw the following talks: How ZFS snapshots really work by Matt Ahrens, 20 years in Jail by Michael W. Lucas, OpenZFS BOF session, the future of OpenZFS and FreeBSD, MQTT for system administrators by Jan-Piet Mens, and spent the rest of the time in between in the hallway track. </li>
23596
23597 <li>Photos from the event are available on <a href="https://www.talegraph.com/tales/Qg446T5bKT">Ollivier Robert’s talegraph
23598 </a> and Diane Bruce’s website for <a href="http://www.db.net/gallery/BSDCan/2019_BSDCan_day_1_web/">day 1</a>, <a href="http://www.db.net/gallery/BSDCan/2019_FreeBSD_Dev_Summit_day_2_web">day 2</a>, <a href="http://www.db.net/gallery/BSDCan/2019_BSDCan_day_1_web">conference day 1</a>, and <a href="http://www.db.net/gallery/BSDCan/2019_BSDCan_day_2_web">conference day 2</a>.</li>
23599
23600 <li>Thanks to all the sponsors, supporters, organizers, speakers, and attendees for making this yet another great BSDCan. Next year’s BSDCan will be from June 2 - 6, 2020.</li>
23601 </ul>
23602
23603 <p><hr /></p>
23604
23605 <h3 id="openindiana201904isouthttpswwwopenindianaorg20190512openindianahipster201904ishere"><a href="https://www.openindiana.org/2019/05/12/openindiana-hipster-2019-04-is-here/">OpenIndiana 2019.04 is out</a></h3>
23606
23607 <blockquote>
23608 <p>We have released a new OpenIndiana Hipster snapshot 2019.04. The noticeable changes:</p>
23609 </blockquote>
23610
23611 <ul>
23612 <li><p>Firefox was updated to 60.6.3 ESR</p></li>
23613
23614 <li><p>Virtualbox packages were added (including guest additions)</p></li>
23615
23616 <li><p>Mate was updated to 1.22</p></li>
23617
23618 <li><p>IPS has received updates from OmniOS CE and Oracle IPS repos, including automatic boot environment naming</p></li>
23619
23620 <li><p>Some OI-specific applications have been ported from Python 2.7/GTK 2 to Python 3.5/GTK 3</p></li>
23621
23622 <li><p>Quick Demo Video: https://www.youtube.com/watch?v=tQ0-fo3XNrg</p></li>
23623 </ul>
23624
23625 <p><hr /></p>
23626
23627 <h2 id="newsroundup">News Roundup</h2>
23628
23629 <h3 id="overviewofzfspoolsinfreenashttpswwwixsystemscomblogzfspoolsinfreenas"><a href="https://www.ixsystems.com/blog/zfs-pools-in-freenas/">Overview of ZFS Pools in FreeNAS</a></h3>
23630
23631 <blockquote>
23632 <p>FreeNAS uses the OpenZFS (ZFS) file system, which handles both disk and volume management. ZFS offers RAID options mirror, stripe, and its own parity distribution called RAIDZ that functions like RAID5 on hardware RAID. The file system is extremely flexible and secure, with various drive combinations, checksums, snapshots, and replication all possible. For a deeper dive on ZFS technology, read the ZFS Primer section of the FreeNAS documentation.</p>
23633
23634 <p>SUGGEST LAYOUT attempts to balance usable capacity and redundancy by automatically choosing an ideal vdev layout for the number of available disks.</p>
23635 </blockquote>
23636
23637 <ul>
23638 <li>The following vdev layout options are available when creating a pool:
23639
23640
23641 <ul>
23642 <li>Stripe data is shared on two drives, similar to RAID0)</li>
23643
23644 <li>Mirror copies data on two drives, similar to RAID1 but not limited to 2 disks)</li>
23645
23646 <li>RAIDZ1 single parity similar to RAID5</li>
23647
23648 <li>RAIDZ2 double parity similar to RAID6</li>
23649
23650 <li>RAIDZ3 which uses triple parity and has no RAID equivalent</li></ul>
23651 </li>
23652 </ul>
23653
23654 <p><hr /></p>
23655
23656 <h3 id="whyopensourcefirmwareisimportantforsecurityhttpsblogjessfrazcompostwhyopensourcefirmwareisimportantforsecurity"><a href="https://blog.jessfraz.com/post/why-open-source-firmware-is-important-for-security/">Why OpenSource Firmware is Important for Security</a></h3>
23657
23658 <ul>
23659 <li>Roots of Trust</li>
23660 </ul>
23661
23662 <blockquote>
23663 <p>The goal of the root of trust should be to verify that the software installed in every component of the hardware is the software that was intended. This way you can know without a doubt and verify if hardware has been hacked. Since we have very little to no visibility into the code running in a lot of places in our hardware it is hard to do this. How do we really know that the firmware in a component is not vulnerable or that is doesn’t have any backdoors? Well we can’t. Not unless it was all open source.
23664 Every cloud and vendor seems to have their own way of doing a root of trust. Microsoft has Cerberus, Google has Titan, and Amazon has Nitro. These seem to assume an explicit amount of trust in the proprietary code (the code we cannot see). This leaves me with not a great feeling. Wouldn’t it be better to be able to use all open source code? Then we could verify without a doubt that the code you can read and build yourself is the same code running on hardware for all the various places we have firmware. We could then verify that a machine was in a correct state without a doubt of it being vulnerable or with a backdoor.
23665 It makes me wonder what the smaller cloud providers like DigitalOcean or Packet have for a root of trust. Often times we only hear of these projects from the big three or five. </p>
23666 </blockquote>
23667
23668 <p><hr /></p>
23669
23670 <h3 id="opnsensehttpsopnsenseorgopnsense1918released"><a href="https://opnsense.org/opnsense-19-1-8-released/">OPNsense</a></h3>
23671
23672 <blockquote>
23673 <p>This update addresses several privilege escalation issues in the access control implementation and new memory disclosure issues in Intel CPUs. We would like to thank Arnaud Cordier and Bill Marquette for the top-notch reports and coordination.</p>
23674 </blockquote>
23675
23676 <ul>
23677 <li><p>Here are the full patch notes:</p></li>
23678
23679 <li><p>system: address CVE-2019-11816 privilege escalation bugs[1] (reported by Arnaud Cordier)</p></li>
23680
23681 <li><p>system: /etc/hosts generation without interface<em>has</em>gateway()</p></li>
23682
23683 <li><p>system: show correct timestamp in config restore save message (contributed by nhirokinet)</p></li>
23684
23685 <li><p>system: list the commands for the pluginctl utility when n+ argument is given</p></li>
23686
23687 <li><p>system: introduce and use userIsAdmin() helper function instead of checking for 'page-all' privilege directly</p></li>
23688
23689 <li><p>system: use absolute path in widget ACLs (reported by Netgate)</p></li>
23690
23691 <li><p>system: RRD-related cleanups for less code exposure</p></li>
23692
23693 <li><p>interfaces: add EN DUID Generation using OPNsense PEN (contributed by Team Rebellion)</p></li>
23694
23695 <li><p>interfaces: replace legacy<em>getall</em>interface_addresses() usage</p></li>
23696
23697 <li><p>firewall: fix port validation in aliases with leading / trailing spaces</p></li>
23698
23699 <li><p>firewall: fix outbound NAT translation display in overview page</p></li>
23700
23701 <li><p>firewall: prevent CARP outgoing packets from using the configured gateway</p></li>
23702
23703 <li><p>firewall: use CARP net.inet.carp.demotion to control current demotion in status page</p></li>
23704
23705 <li><p>firewall: stop live log poller on error result</p></li>
23706
23707 <li><p>dhcpd: change rule priority to 1 to avoid bogon clash</p></li>
23708
23709 <li><p>dnsmasq: only admins may edit custom options field</p></li>
23710
23711 <li><p>firmware: use insecure mode for base and kernel sets when package fingerprints are disabled</p></li>
23712
23713 <li><p>firmware: add optional device support for base and kernel sets</p></li>
23714
23715 <li><p>firmware: add Hostcentral mirror (HTTP, Melbourne, Australia)</p></li>
23716
23717 <li><p>ipsec: always reset rightallowany to default when writing configuration</p></li>
23718
23719 <li><p>lang: say "hola" to Spanish as the newest available GUI language</p></li>
23720
23721 <li><p>lang: updates for Chinese, Czech, Japanese, German, French, Russian and Portuguese</p></li>
23722
23723 <li><p>network time: only admins may edit custom options field</p></li>
23724
23725 <li><p>openvpn: call openvpn<em>refresh</em>crls() indirectly via plugin_configure() for less code exposure</p></li>
23726
23727 <li><p>openvpn: only admins may edit custom options field to prevent privilege escalation (reported by Bill Marquette)</p></li>
23728
23729 <li><p>openvpn: remove custom options field from wizard</p></li>
23730
23731 <li><p>unbound: only admins may edit custom options field</p></li>
23732
23733 <li><p>wizard: translate typehint as well</p></li>
23734
23735 <li><p>plugins: os-freeradius 1.9.3 fixes string interpolation in LDAP filters (contributed by theq86)</p></li>
23736
23737 <li><p>plugins: os-nginx 1.12[2]</p></li>
23738
23739 <li><p>plugins: os-theme-cicada 1.17 (contributed by Team Rebellion)</p></li>
23740
23741 <li><p>plugins: os-theme-tukan 1.17 (contributed by Team Rebellion)</p></li>
23742
23743 <li><p>src: timezone database information update[3]</p></li>
23744
23745 <li><p>src: install(1) broken with partially matching relative paths[4]</p></li>
23746
23747 <li><p>src: microarchitectural Data Sampling (MDS) mitigation[5]</p></li>
23748
23749 <li><p>ports: ca<em>root</em>nss 3.44</p></li>
23750
23751 <li><p>ports: php 7.2.18[6]</p></li>
23752
23753 <li><p>ports: sqlite 3.28.0[7]</p></li>
23754
23755 <li><p>ports: strongswan custom XAuth generic patch removed</p></li>
23756 </ul>
23757
23758 <p><hr /></p>
23759
23760 <h3 id="wiregaurdonopenbsdhttpsblogjasperlawireguardonopenbsdhtml"><a href="https://blog.jasper.la/wireguard-on-openbsd.html">wiregaurd on OpenBSD</a></h3>
23761
23762 <blockquote>
23763 <p>Earlier this week I imported a port for WireGuard into the OpenBSD ports tree. At the moment we have the userland daemon and the tools available. The in-kernel implementation is only available for Linux. At the time of writing there are packages available for -current.
23764 Jason A. Donenfeld (WireGuard author) has worked to support OpenBSD in WireGuard and as such his post on ports@ last year got me interested in WireGuard, since then others have toyed with WireGuard on OpenBSD before and as such I've used Ted's article as a reference. Note however that some of the options mentioned there are no longer valid. Also, I'll be using two OpenBSD peers here.
23765 The setup will be as follows: two OpenBSD peers, of which we'll dub wg1 the server and wg2 the client. The WireGuard service on wg1 is listening on 100.64.4.3:51820.</p>
23766 </blockquote>
23767
23768 <ul>
23769 <li>Conclusion</li>
23770 </ul>
23771
23772 <blockquote>
23773 <p>WireGuard (cl)aims to be easier to setup and faster than OpenVPN and while I haven't been able to verify the latter, the first is certainly true...once you've figured it out. Most documentation out there is for Linux so I had to figure out the wireguard<em>go service and the tun parameters. But all in all, sure, it's easier. Especially the client configuration on iOS which I didn't cover here because it's essentially pkg</em>add libqrencode ; cat client.conf | qrencode -t ansiutf8, scan the code with the WireGuard app and you're good to go. What is particularly neat is that WireGuard on iOS supports Always-on.</p>
23774 </blockquote>
23775
23776 <p><hr /></p>
23777
23778 <h2 id="beastiebits">Beastie Bits</h2>
23779
23780 <ul>
23781 <li><a href="https://github.com/SerenityOS/serenity">Serenity OS</a></li>
23782
23783 <li><a href="https://www.dragonflydigest.com/2019/05/27/22985.html">vkernels vs pmap</a></li>
23784
23785 <li><a href="https://www.youtube.com/watch?v=EY6q5dv_B-o">Brian Kernighan interviews Ken Thompson</a></li>
23786
23787 <li><a href="http://blog.netbsd.org/tnf/entry/improvements_in_forking_threading_and">Improvements in forking, threading, and signal code</a></li>
23788
23789 <li><a href="https://www.dragonflydigest.com/2019/05/21/22946.html">DragonFly 5.4.3</a></li>
23790
23791 <li><a href="https://magazine.odroid.com/article/netbsd-for-the-the-odroid-c2/">NetBSD on the Odroid C2</a></li>
23792 </ul>
23793
23794 <p><hr /></p>
23795
23796 <h2 id="feedbackquestions">Feedback/Questions</h2>
23797
23798 <ul>
23799 <li>Paulo - <a href="http://dpaste.com/3VXMGX8">Laptops</a></li>
23800
23801 <li>A Listener - <a href="http://dpaste.com/0SWJNRX#wrap">Thanks</a></li>
23802
23803 <li>Bostjan - <a href="http://dpaste.com/35NRF40#wrap">Extend a pool and lower RAM footprint</a></li>
23804 </ul>
23805
23806 <p><hr /></p>
23807
23808 <ul>
23809 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
23810 </ul>
23811
23812 <p><hr /></p>
23813
23814 <video controls preload="metadata" style=" width:426px; height:240px;">
23815 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0300.mp4" type="video/mp4">
23816 Your browser does not support the HTML5 video tag.
23817 </video>]]>
23818 </itunes:summary>
23819 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+XngnkJ3s</fireside:playerURL>
23820 <fireside:playerEmbedCode>
23821 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+XngnkJ3s" width="740" height="200" frameborder="0" scrolling="no">]]>
23822 </fireside:playerEmbedCode>
23823 </item>
23824 <item>
23825 <title>299: The NAS Fleet</title>
23826 <link>https://www.bsdnow.tv/299</link>
23827 <guid isPermaLink="false">22eb77a0-e162-4fce-bb37-987c1d34c477</guid>
23828 <pubDate>Wed, 22 May 2019 11:00:00 -0700</pubDate>
23829 <author>Allan Jude</author>
23830 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/22eb77a0-e162-4fce-bb37-987c1d34c477.mp3" length="32188343" type="audio/mp3"/>
23831 <itunes:episodeType>full</itunes:episodeType>
23832 <itunes:author>Allan Jude</itunes:author>
23833 <itunes:subtitle>Running AIX on QEMU on Linux on Windows, your NAS fleet with TrueCommand, Unleashed 1.3 is available, LLDB: CPU register inspection support extension, V7 Unix programs often not written as expected, and more.</itunes:subtitle>
23834 <itunes:duration>52:47</itunes:duration>
23835 <itunes:explicit>no</itunes:explicit>
23836 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
23837 <description>Running AIX on QEMU on Linux on Windows, your NAS fleet with TrueCommand, Unleashed 1.3 is available, LLDB: CPU register inspection support extension, V7 Unix programs often not written as expected, and more.
23838 <h2 id="headlines">Headlines</h2>
23839
23840 <h3 id="runningaixonqemuonlinuxonwindowshttpsvirtuallyfuncomwordpress20190422installingaixonqemu"><a href="https://virtuallyfun.com/wordpress/2019/04/22/installing-aix-on-qemu/">Running AiX on QEMU on Linux on Windows</a></h3>
23841
23842 <blockquote>
23843 <p>YES it’s real!
23844 I’m using the Linux subsystem on Windows, as it’s easier to build this Qemu tree from source. I’m using Debian, but these steps will work on other systems that use Debian as a base.
23845 first thing first, you need to get your system with the needed pre-requisites to compile
23846 Great with those in place, now clone Artyom Tarasenko’s source repository
23847 Since the frame buffer apparently isn’t quite working just yet, I configure for something more like a text mode build.
23848 Now for me, GCC 7 didn’t build the source cleanly. I had to make a change to the file config-host.mak and remove all references to -Werror. Also I removed the sound hooks, as we won’t need them.
23849 Now you can build Qemu.
23850 Okay, all being well you now have a Qemu. Now following the steps from Artyom Tarasenko’s blog post, we can get started on the install!</p>
23851 </blockquote>
23852
23853 <ul>
23854 <li>See article for rest of walkthrough.</li>
23855 </ul>
23856
23857 <hr />
23858 <h3 id="takecommandofyournasfleetwithtruecommandhttpswwwixsystemscomblogtruecommand"><a href="https://www.ixsystems.com/blog/truecommand/">Take Command of Your NAS Fleet with TrueCommand</a></h3>
23859
23860 <blockquote>
23861 <p>Hundreds of thousands of FreeNAS and TrueNAS systems are deployed around the world, with many sites having dozens of systems. Managing multiple systems individually can be time-consuming. iXsystems has responded to the challenge by creating a “single pane of glass” application to simplify the scaling of data, drive management, and administration of iXsystems NAS platforms. We are proud to introduce TrueCommand.
23862 TrueCommand is a ZFS-aware management application that manages TrueNAS and FreeNAS systems.
23863 The public Beta of TrueCommand is available for download now. TrueCommand can be used with small iXsystems NAS fleets for free. Licenses can be purchased for large-scale deployments and enterprise support.
23864 TrueCommand expands on the ease of use and power of TrueNAS and FreeNAS systems with multi-system management and reporting.</p>
23865 </blockquote>
23866
23867 <hr />
23868 <h2 id="newsroundup">News Roundup</h2>
23869
23870 <h3 id="unleashed13releasedhttplists31bitsnetarchivesdevel2019april000052html"><a href="http://lists.31bits.net/archives/devel/2019-April/000052.html">Unleashed 1.3 Released</a></h3>
23871
23872 <blockquote>
23873 <p>This is the fourth release of Unleashed - an operating system fork of illumos. For more information about Unleashed itself and the download links, see our website.
23874 As one might expect, this release removes a few things.
23875 The most notable being the removal of ksh93 along with all its libs.
23876 As far as libc interfaces are concerned, a number of non-standard functions were removed. In general, they have been replaced by the standards-compliant versions. (getgrent<em>r, fgetgrent</em>r, getgrgid<em>r, getgrnam</em>r, ttyname<em>r, getlogin</em>r, shmdt, sigwait, gethostname, putmsg, putpmsg, and getaddrinfo)
23877 Additionally, wordexp and wordfree have been removed from libc. Even though they are technically required by POSIX, software doesn't seem to use them. Because of the fragile implementation (shelling out), we took the OpenBSD approach and just removed them.
23878 The default compilation environment now includes <em>XOPEN</em>SOURCE=700 and <strong>EXTENSIONS</strong>. Additionally, all applications now use 64-bit file offsets, making use of <em>LARGEFILE</em>SOURCE, <em>LARGEFILE64</em>SOURCE, and <em>FILE</em>OFFSET_BITS unnecessary.
23879 Last but not least, nightly.sh is no more. In short, to build one simply runs 'make'. (See README for detailed build instructions.)</p>
23880 </blockquote>
23881
23882 <ul>
23883 <li><a href="https://www.unleashed-os.org/why.html">Why Unleashed</a></li>
23884 </ul>
23885
23886 <blockquote>
23887 <p>Why did we decide to fork illumos? After all, there are already many illumos distributions available to choose from. We felt we could do better than any of them by taking a more aggressive stance toward compatibility and reducing cruft from code and community interactions alike.</p>
23888 </blockquote>
23889
23890 <hr />
23891 <h3 id="lldbextendingcpuregisterinspectionsupporthttpblognetbsdorgtnfentrylldb_extending_cpu_register_inspection"><a href="http://blog.netbsd.org/tnf/entry/lldb_extending_cpu_register_inspection">LLDB: extending CPU register inspection support</a></h3>
23892
23893 <blockquote>
23894 <p>Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.
23895 In February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support and updating NetBSD distribution to LLVM 8 (which is still stalled by unresolved regressions in inline assembly syntax). You can read more about that in my Mar 2019 report.
23896 In April, my main focus was on fixing and enhancing the support for reading and writing CPU registers. In this report, I'd like to shortly summarize what I have done, what I have learned in the process and what I still need to do.</p>
23897 </blockquote>
23898
23899 <ul>
23900 <li>Future plans</li>
23901 </ul>
23902
23903 <blockquote>
23904 <p>My work continues with the two milestones from last month, plus a third that's closely related:
23905 Add support for FPU registers support for NetBSD/i386 and NetBSD/amd64.
23906 Support XSAVE, XSAVEOPT, ... registers in core(5) files on NetBSD/amd64.
23907 Add support for Debug Registers support for NetBSD/i386 and NetBSD/amd64.
23908 The most important point right now is deciding on the format for passing the remaining registers, and implementing the missing ptrace interface kernel-side. The support for core files should follow using the same format then.
23909 Userland-side, I will work on adding matching ATF tests for ptrace features and implement LLDB side of support for the new ptrace interface and core file notes. Afterwards, I will start working on improving support for the same things on 32-bit (i386) executables.</p>
23910 </blockquote>
23911
23912 <hr />
23913 <h3 id="v7unixprogramsareoftennotwrittenthewayyouwouldexpecthttpsutccutorontocatcksspaceblogunixedv7codedunusually"><a href="https://utcc.utoronto.ca/~cks/space/blog/unix/EdV7CodedUnusually">V7 Unix programs are often not written the way you would expect</a></h3>
23914
23915 <blockquote>
23916 <p>Yesterday I wrote that V7 ed read its terminal input in cooked mode a line at a time, which was an efficient, low-CPU design that was important on V7's small and low-power hardware. Then in comments, frankg pointed out that I was wrong about part of that, namely about how ed read its input.</p>
23917 </blockquote>
23918
23919 <ul>
23920 <li>Sidebar: An interesting undocumented ed feature</li>
23921 </ul>
23922
23923 <blockquote>
23924 <p>Reading this section of the source code for ed taught me that it has an interesting, undocumented, and entirely characteristic little behavior. Officially, ed commands that have you enter new text have that new text terminate by a . on a line by itself:</p>
23925
23926 <p>In other words, it turns a single line with '.' into an EOF. The consequence of this is that if you type a real EOF at the start of a line, you get the same result, thus saving you one character (you use Control-D instead of '.' plus newline). This is very V7 Unix behavior, including the lack of documentation.</p>
23927
23928 <p>This is also a natural behavior in one sense. A proper program has to react to EOF here in some way, and it might as well do so by ending the input mode. It's also natural to go on to try reading from the terminal again for subsequent commands; if this was a real and persistent EOF, for example because the pty closed, you'll just get EOF again and eventually quit. V7 ed is slightly unusual here in that it deliberately converts '.' by itself to EOF, instead of signaling this in a different way, but in a way that's also the simplest approach; if you have to have some signal for each case and you're going to treat them the same, you might as well have the same signal for both cases.</p>
23929
23930 <p>Modern versions of ed appear to faithfully reimplement this convenient behavior, although they don't appear to document it. I haven't checked OpenBSD, but both FreeBSD ed and GNU ed work like this in a quick test. I haven't checked their source code to see if they implement it the same way.</p>
23931
23932 <hr />
23933 </blockquote>
23934
23935 <h2 id="beastiebits">Beastie Bits</h2>
23936
23937 <ul>
23938 <li><a href="https://lteo.net/blog/2019/04/27/carolinacon-15-writing-exploit-resistant-code-with-openbsd/">CarolinaCon 15: Writing Exploit-Resistant Code With OpenBSD</a></li>
23939
23940 <li><a href="https://lists.freebsd.org/pipermail/freebsd-pkgbase/2019-April/000396.html">CFT: FreeBSD Package Base</a></li>
23941
23942 <li><a href="https://www.dragonflydigest.com/2019/05/02/22862.html">Initial FUSE support in DragonFly</a></li>
23943
23944 <li><a href="https://www.dragonflydigest.com/2019/05/03/22869.html">Two significant bugfixes for 5.4</a></li>
23945
23946 <li><a href="https://www.reddit.com/r/openbsd/comments/bkb2zk/surprised_this_can_still_run_current/">Libretto 100ct: 166mhz Pentium, 16gb compactflash, 32mb ram running OpenBSD</a></li>
23947 </ul>
23948
23949 <hr />
23950 <h2 id="feedbackquestions">Feedback/Questions</h2>
23951
23952 <ul>
23953 <li>DJ - <a href="http://dpaste.com/0DSYJAH#wrap">Feedback</a></li>
23954
23955 <li>Fabian - <a href="http://dpaste.com/2EC7S10#wrap">ZFS ARC</a></li>
23956
23957 <li>Caleb - <a href="http://dpaste.com/3ZX177B#wrap">Question</a></li>
23958
23959 <li>A small programming note: After BSDNow episode 300, the podcast will switch to audio-only, using a new higher quality recording and production system. The live stream will likely still include video.</li>
23960 </ul>
23961
23962 <hr />
23963 <ul>
23964 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
23965 </ul>
23966
23967 <hr />
23968 <video controls preload="metadata" style=" width:426px; height:240px;">
23969 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0299.mp4" type="video/mp4">
23970 Your browser does not support the HTML5 video tag.
23971 </video>
23972 </description>
23973 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, aix, qemu, true command, nas, unleashed, lldb, v7</itunes:keywords>
23974 <content:encoded>
23975 <![CDATA[<p>Running AIX on QEMU on Linux on Windows, your NAS fleet with TrueCommand, Unleashed 1.3 is available, LLDB: CPU register inspection support extension, V7 Unix programs often not written as expected, and more.</p>
23976
23977 <h2 id="headlines">Headlines</h2>
23978
23979 <h3 id="runningaixonqemuonlinuxonwindowshttpsvirtuallyfuncomwordpress20190422installingaixonqemu"><a href="https://virtuallyfun.com/wordpress/2019/04/22/installing-aix-on-qemu/">Running AiX on QEMU on Linux on Windows</a></h3>
23980
23981 <blockquote>
23982 <p>YES it’s real!
23983 I’m using the Linux subsystem on Windows, as it’s easier to build this Qemu tree from source. I’m using Debian, but these steps will work on other systems that use Debian as a base.
23984 first thing first, you need to get your system with the needed pre-requisites to compile
23985 Great with those in place, now clone Artyom Tarasenko’s source repository
23986 Since the frame buffer apparently isn’t quite working just yet, I configure for something more like a text mode build.
23987 Now for me, GCC 7 didn’t build the source cleanly. I had to make a change to the file config-host.mak and remove all references to -Werror. Also I removed the sound hooks, as we won’t need them.
23988 Now you can build Qemu.
23989 Okay, all being well you now have a Qemu. Now following the steps from Artyom Tarasenko’s blog post, we can get started on the install!</p>
23990 </blockquote>
23991
23992 <ul>
23993 <li>See article for rest of walkthrough.</li>
23994 </ul>
23995
23996 <p><hr /></p>
23997
23998 <h3 id="takecommandofyournasfleetwithtruecommandhttpswwwixsystemscomblogtruecommand"><a href="https://www.ixsystems.com/blog/truecommand/">Take Command of Your NAS Fleet with TrueCommand</a></h3>
23999
24000 <blockquote>
24001 <p>Hundreds of thousands of FreeNAS and TrueNAS systems are deployed around the world, with many sites having dozens of systems. Managing multiple systems individually can be time-consuming. iXsystems has responded to the challenge by creating a “single pane of glass” application to simplify the scaling of data, drive management, and administration of iXsystems NAS platforms. We are proud to introduce TrueCommand.
24002 TrueCommand is a ZFS-aware management application that manages TrueNAS and FreeNAS systems.
24003 The public Beta of TrueCommand is available for download now. TrueCommand can be used with small iXsystems NAS fleets for free. Licenses can be purchased for large-scale deployments and enterprise support.
24004 TrueCommand expands on the ease of use and power of TrueNAS and FreeNAS systems with multi-system management and reporting.</p>
24005 </blockquote>
24006
24007 <p><hr /></p>
24008
24009 <h2 id="newsroundup">News Roundup</h2>
24010
24011 <h3 id="unleashed13releasedhttplists31bitsnetarchivesdevel2019april000052html"><a href="http://lists.31bits.net/archives/devel/2019-April/000052.html">Unleashed 1.3 Released</a></h3>
24012
24013 <blockquote>
24014 <p>This is the fourth release of Unleashed - an operating system fork of illumos. For more information about Unleashed itself and the download links, see our website.
24015 As one might expect, this release removes a few things.
24016 The most notable being the removal of ksh93 along with all its libs.
24017 As far as libc interfaces are concerned, a number of non-standard functions were removed. In general, they have been replaced by the standards-compliant versions. (getgrent<em>r, fgetgrent</em>r, getgrgid<em>r, getgrnam</em>r, ttyname<em>r, getlogin</em>r, shmdt, sigwait, gethostname, putmsg, putpmsg, and getaddrinfo)
24018 Additionally, wordexp and wordfree have been removed from libc. Even though they are technically required by POSIX, software doesn't seem to use them. Because of the fragile implementation (shelling out), we took the OpenBSD approach and just removed them.
24019 The default compilation environment now includes <em>XOPEN</em>SOURCE=700 and <strong>EXTENSIONS</strong>. Additionally, all applications now use 64-bit file offsets, making use of <em>LARGEFILE</em>SOURCE, <em>LARGEFILE64</em>SOURCE, and <em>FILE</em>OFFSET_BITS unnecessary.
24020 Last but not least, nightly.sh is no more. In short, to build one simply runs 'make'. (See README for detailed build instructions.)</p>
24021 </blockquote>
24022
24023 <ul>
24024 <li><a href="https://www.unleashed-os.org/why.html">Why Unleashed</a></li>
24025 </ul>
24026
24027 <blockquote>
24028 <p>Why did we decide to fork illumos? After all, there are already many illumos distributions available to choose from. We felt we could do better than any of them by taking a more aggressive stance toward compatibility and reducing cruft from code and community interactions alike.</p>
24029 </blockquote>
24030
24031 <p><hr /></p>
24032
24033 <h3 id="lldbextendingcpuregisterinspectionsupporthttpblognetbsdorgtnfentrylldb_extending_cpu_register_inspection"><a href="http://blog.netbsd.org/tnf/entry/lldb_extending_cpu_register_inspection">LLDB: extending CPU register inspection support</a></h3>
24034
24035 <blockquote>
24036 <p>Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.
24037 In February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support and updating NetBSD distribution to LLVM 8 (which is still stalled by unresolved regressions in inline assembly syntax). You can read more about that in my Mar 2019 report.
24038 In April, my main focus was on fixing and enhancing the support for reading and writing CPU registers. In this report, I'd like to shortly summarize what I have done, what I have learned in the process and what I still need to do.</p>
24039 </blockquote>
24040
24041 <ul>
24042 <li>Future plans</li>
24043 </ul>
24044
24045 <blockquote>
24046 <p>My work continues with the two milestones from last month, plus a third that's closely related:
24047 Add support for FPU registers support for NetBSD/i386 and NetBSD/amd64.
24048 Support XSAVE, XSAVEOPT, ... registers in core(5) files on NetBSD/amd64.
24049 Add support for Debug Registers support for NetBSD/i386 and NetBSD/amd64.
24050 The most important point right now is deciding on the format for passing the remaining registers, and implementing the missing ptrace interface kernel-side. The support for core files should follow using the same format then.
24051 Userland-side, I will work on adding matching ATF tests for ptrace features and implement LLDB side of support for the new ptrace interface and core file notes. Afterwards, I will start working on improving support for the same things on 32-bit (i386) executables.</p>
24052 </blockquote>
24053
24054 <p><hr /></p>
24055
24056 <h3 id="v7unixprogramsareoftennotwrittenthewayyouwouldexpecthttpsutccutorontocatcksspaceblogunixedv7codedunusually"><a href="https://utcc.utoronto.ca/~cks/space/blog/unix/EdV7CodedUnusually">V7 Unix programs are often not written the way you would expect</a></h3>
24057
24058 <blockquote>
24059 <p>Yesterday I wrote that V7 ed read its terminal input in cooked mode a line at a time, which was an efficient, low-CPU design that was important on V7's small and low-power hardware. Then in comments, frankg pointed out that I was wrong about part of that, namely about how ed read its input.</p>
24060 </blockquote>
24061
24062 <ul>
24063 <li>Sidebar: An interesting undocumented ed feature</li>
24064 </ul>
24065
24066 <blockquote>
24067 <p>Reading this section of the source code for ed taught me that it has an interesting, undocumented, and entirely characteristic little behavior. Officially, ed commands that have you enter new text have that new text terminate by a . on a line by itself:</p>
24068
24069 <p>In other words, it turns a single line with '.' into an EOF. The consequence of this is that if you type a real EOF at the start of a line, you get the same result, thus saving you one character (you use Control-D instead of '.' plus newline). This is very V7 Unix behavior, including the lack of documentation.</p>
24070
24071 <p>This is also a natural behavior in one sense. A proper program has to react to EOF here in some way, and it might as well do so by ending the input mode. It's also natural to go on to try reading from the terminal again for subsequent commands; if this was a real and persistent EOF, for example because the pty closed, you'll just get EOF again and eventually quit. V7 ed is slightly unusual here in that it deliberately converts '.' by itself to EOF, instead of signaling this in a different way, but in a way that's also the simplest approach; if you have to have some signal for each case and you're going to treat them the same, you might as well have the same signal for both cases.</p>
24072
24073 <p>Modern versions of ed appear to faithfully reimplement this convenient behavior, although they don't appear to document it. I haven't checked OpenBSD, but both FreeBSD ed and GNU ed work like this in a quick test. I haven't checked their source code to see if they implement it the same way.</p>
24074
24075 <hr />
24076 </blockquote>
24077
24078 <h2 id="beastiebits">Beastie Bits</h2>
24079
24080 <ul>
24081 <li><a href="https://lteo.net/blog/2019/04/27/carolinacon-15-writing-exploit-resistant-code-with-openbsd/">CarolinaCon 15: Writing Exploit-Resistant Code With OpenBSD</a></li>
24082
24083 <li><a href="https://lists.freebsd.org/pipermail/freebsd-pkgbase/2019-April/000396.html">CFT: FreeBSD Package Base</a></li>
24084
24085 <li><a href="https://www.dragonflydigest.com/2019/05/02/22862.html">Initial FUSE support in DragonFly</a></li>
24086
24087 <li><a href="https://www.dragonflydigest.com/2019/05/03/22869.html">Two significant bugfixes for 5.4</a></li>
24088
24089 <li><a href="https://www.reddit.com/r/openbsd/comments/bkb2zk/surprised_this_can_still_run_current/">Libretto 100ct: 166mhz Pentium, 16gb compactflash, 32mb ram running OpenBSD</a></li>
24090 </ul>
24091
24092 <p><hr /></p>
24093
24094 <h2 id="feedbackquestions">Feedback/Questions</h2>
24095
24096 <ul>
24097 <li>DJ - <a href="http://dpaste.com/0DSYJAH#wrap">Feedback</a></li>
24098
24099 <li>Fabian - <a href="http://dpaste.com/2EC7S10#wrap">ZFS ARC</a></li>
24100
24101 <li>Caleb - <a href="http://dpaste.com/3ZX177B#wrap">Question</a></li>
24102
24103 <li>A small programming note: After BSDNow episode 300, the podcast will switch to audio-only, using a new higher quality recording and production system. The live stream will likely still include video.</li>
24104 </ul>
24105
24106 <p><hr /></p>
24107
24108 <ul>
24109 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
24110 </ul>
24111
24112 <p><hr /></p>
24113
24114 <video controls preload="metadata" style=" width:426px; height:240px;">
24115 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0299.mp4" type="video/mp4">
24116 Your browser does not support the HTML5 video tag.
24117 </video>]]>
24118 </content:encoded>
24119 <itunes:summary>
24120 <![CDATA[<p>Running AIX on QEMU on Linux on Windows, your NAS fleet with TrueCommand, Unleashed 1.3 is available, LLDB: CPU register inspection support extension, V7 Unix programs often not written as expected, and more.</p>
24121
24122 <h2 id="headlines">Headlines</h2>
24123
24124 <h3 id="runningaixonqemuonlinuxonwindowshttpsvirtuallyfuncomwordpress20190422installingaixonqemu"><a href="https://virtuallyfun.com/wordpress/2019/04/22/installing-aix-on-qemu/">Running AiX on QEMU on Linux on Windows</a></h3>
24125
24126 <blockquote>
24127 <p>YES it’s real!
24128 I’m using the Linux subsystem on Windows, as it’s easier to build this Qemu tree from source. I’m using Debian, but these steps will work on other systems that use Debian as a base.
24129 first thing first, you need to get your system with the needed pre-requisites to compile
24130 Great with those in place, now clone Artyom Tarasenko’s source repository
24131 Since the frame buffer apparently isn’t quite working just yet, I configure for something more like a text mode build.
24132 Now for me, GCC 7 didn’t build the source cleanly. I had to make a change to the file config-host.mak and remove all references to -Werror. Also I removed the sound hooks, as we won’t need them.
24133 Now you can build Qemu.
24134 Okay, all being well you now have a Qemu. Now following the steps from Artyom Tarasenko’s blog post, we can get started on the install!</p>
24135 </blockquote>
24136
24137 <ul>
24138 <li>See article for rest of walkthrough.</li>
24139 </ul>
24140
24141 <p><hr /></p>
24142
24143 <h3 id="takecommandofyournasfleetwithtruecommandhttpswwwixsystemscomblogtruecommand"><a href="https://www.ixsystems.com/blog/truecommand/">Take Command of Your NAS Fleet with TrueCommand</a></h3>
24144
24145 <blockquote>
24146 <p>Hundreds of thousands of FreeNAS and TrueNAS systems are deployed around the world, with many sites having dozens of systems. Managing multiple systems individually can be time-consuming. iXsystems has responded to the challenge by creating a “single pane of glass” application to simplify the scaling of data, drive management, and administration of iXsystems NAS platforms. We are proud to introduce TrueCommand.
24147 TrueCommand is a ZFS-aware management application that manages TrueNAS and FreeNAS systems.
24148 The public Beta of TrueCommand is available for download now. TrueCommand can be used with small iXsystems NAS fleets for free. Licenses can be purchased for large-scale deployments and enterprise support.
24149 TrueCommand expands on the ease of use and power of TrueNAS and FreeNAS systems with multi-system management and reporting.</p>
24150 </blockquote>
24151
24152 <p><hr /></p>
24153
24154 <h2 id="newsroundup">News Roundup</h2>
24155
24156 <h3 id="unleashed13releasedhttplists31bitsnetarchivesdevel2019april000052html"><a href="http://lists.31bits.net/archives/devel/2019-April/000052.html">Unleashed 1.3 Released</a></h3>
24157
24158 <blockquote>
24159 <p>This is the fourth release of Unleashed - an operating system fork of illumos. For more information about Unleashed itself and the download links, see our website.
24160 As one might expect, this release removes a few things.
24161 The most notable being the removal of ksh93 along with all its libs.
24162 As far as libc interfaces are concerned, a number of non-standard functions were removed. In general, they have been replaced by the standards-compliant versions. (getgrent<em>r, fgetgrent</em>r, getgrgid<em>r, getgrnam</em>r, ttyname<em>r, getlogin</em>r, shmdt, sigwait, gethostname, putmsg, putpmsg, and getaddrinfo)
24163 Additionally, wordexp and wordfree have been removed from libc. Even though they are technically required by POSIX, software doesn't seem to use them. Because of the fragile implementation (shelling out), we took the OpenBSD approach and just removed them.
24164 The default compilation environment now includes <em>XOPEN</em>SOURCE=700 and <strong>EXTENSIONS</strong>. Additionally, all applications now use 64-bit file offsets, making use of <em>LARGEFILE</em>SOURCE, <em>LARGEFILE64</em>SOURCE, and <em>FILE</em>OFFSET_BITS unnecessary.
24165 Last but not least, nightly.sh is no more. In short, to build one simply runs 'make'. (See README for detailed build instructions.)</p>
24166 </blockquote>
24167
24168 <ul>
24169 <li><a href="https://www.unleashed-os.org/why.html">Why Unleashed</a></li>
24170 </ul>
24171
24172 <blockquote>
24173 <p>Why did we decide to fork illumos? After all, there are already many illumos distributions available to choose from. We felt we could do better than any of them by taking a more aggressive stance toward compatibility and reducing cruft from code and community interactions alike.</p>
24174 </blockquote>
24175
24176 <p><hr /></p>
24177
24178 <h3 id="lldbextendingcpuregisterinspectionsupporthttpblognetbsdorgtnfentrylldb_extending_cpu_register_inspection"><a href="http://blog.netbsd.org/tnf/entry/lldb_extending_cpu_register_inspection">LLDB: extending CPU register inspection support</a></h3>
24179
24180 <blockquote>
24181 <p>Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.
24182 In February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support and updating NetBSD distribution to LLVM 8 (which is still stalled by unresolved regressions in inline assembly syntax). You can read more about that in my Mar 2019 report.
24183 In April, my main focus was on fixing and enhancing the support for reading and writing CPU registers. In this report, I'd like to shortly summarize what I have done, what I have learned in the process and what I still need to do.</p>
24184 </blockquote>
24185
24186 <ul>
24187 <li>Future plans</li>
24188 </ul>
24189
24190 <blockquote>
24191 <p>My work continues with the two milestones from last month, plus a third that's closely related:
24192 Add support for FPU registers support for NetBSD/i386 and NetBSD/amd64.
24193 Support XSAVE, XSAVEOPT, ... registers in core(5) files on NetBSD/amd64.
24194 Add support for Debug Registers support for NetBSD/i386 and NetBSD/amd64.
24195 The most important point right now is deciding on the format for passing the remaining registers, and implementing the missing ptrace interface kernel-side. The support for core files should follow using the same format then.
24196 Userland-side, I will work on adding matching ATF tests for ptrace features and implement LLDB side of support for the new ptrace interface and core file notes. Afterwards, I will start working on improving support for the same things on 32-bit (i386) executables.</p>
24197 </blockquote>
24198
24199 <p><hr /></p>
24200
24201 <h3 id="v7unixprogramsareoftennotwrittenthewayyouwouldexpecthttpsutccutorontocatcksspaceblogunixedv7codedunusually"><a href="https://utcc.utoronto.ca/~cks/space/blog/unix/EdV7CodedUnusually">V7 Unix programs are often not written the way you would expect</a></h3>
24202
24203 <blockquote>
24204 <p>Yesterday I wrote that V7 ed read its terminal input in cooked mode a line at a time, which was an efficient, low-CPU design that was important on V7's small and low-power hardware. Then in comments, frankg pointed out that I was wrong about part of that, namely about how ed read its input.</p>
24205 </blockquote>
24206
24207 <ul>
24208 <li>Sidebar: An interesting undocumented ed feature</li>
24209 </ul>
24210
24211 <blockquote>
24212 <p>Reading this section of the source code for ed taught me that it has an interesting, undocumented, and entirely characteristic little behavior. Officially, ed commands that have you enter new text have that new text terminate by a . on a line by itself:</p>
24213
24214 <p>In other words, it turns a single line with '.' into an EOF. The consequence of this is that if you type a real EOF at the start of a line, you get the same result, thus saving you one character (you use Control-D instead of '.' plus newline). This is very V7 Unix behavior, including the lack of documentation.</p>
24215
24216 <p>This is also a natural behavior in one sense. A proper program has to react to EOF here in some way, and it might as well do so by ending the input mode. It's also natural to go on to try reading from the terminal again for subsequent commands; if this was a real and persistent EOF, for example because the pty closed, you'll just get EOF again and eventually quit. V7 ed is slightly unusual here in that it deliberately converts '.' by itself to EOF, instead of signaling this in a different way, but in a way that's also the simplest approach; if you have to have some signal for each case and you're going to treat them the same, you might as well have the same signal for both cases.</p>
24217
24218 <p>Modern versions of ed appear to faithfully reimplement this convenient behavior, although they don't appear to document it. I haven't checked OpenBSD, but both FreeBSD ed and GNU ed work like this in a quick test. I haven't checked their source code to see if they implement it the same way.</p>
24219
24220 <hr />
24221 </blockquote>
24222
24223 <h2 id="beastiebits">Beastie Bits</h2>
24224
24225 <ul>
24226 <li><a href="https://lteo.net/blog/2019/04/27/carolinacon-15-writing-exploit-resistant-code-with-openbsd/">CarolinaCon 15: Writing Exploit-Resistant Code With OpenBSD</a></li>
24227
24228 <li><a href="https://lists.freebsd.org/pipermail/freebsd-pkgbase/2019-April/000396.html">CFT: FreeBSD Package Base</a></li>
24229
24230 <li><a href="https://www.dragonflydigest.com/2019/05/02/22862.html">Initial FUSE support in DragonFly</a></li>
24231
24232 <li><a href="https://www.dragonflydigest.com/2019/05/03/22869.html">Two significant bugfixes for 5.4</a></li>
24233
24234 <li><a href="https://www.reddit.com/r/openbsd/comments/bkb2zk/surprised_this_can_still_run_current/">Libretto 100ct: 166mhz Pentium, 16gb compactflash, 32mb ram running OpenBSD</a></li>
24235 </ul>
24236
24237 <p><hr /></p>
24238
24239 <h2 id="feedbackquestions">Feedback/Questions</h2>
24240
24241 <ul>
24242 <li>DJ - <a href="http://dpaste.com/0DSYJAH#wrap">Feedback</a></li>
24243
24244 <li>Fabian - <a href="http://dpaste.com/2EC7S10#wrap">ZFS ARC</a></li>
24245
24246 <li>Caleb - <a href="http://dpaste.com/3ZX177B#wrap">Question</a></li>
24247
24248 <li>A small programming note: After BSDNow episode 300, the podcast will switch to audio-only, using a new higher quality recording and production system. The live stream will likely still include video.</li>
24249 </ul>
24250
24251 <p><hr /></p>
24252
24253 <ul>
24254 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
24255 </ul>
24256
24257 <p><hr /></p>
24258
24259 <video controls preload="metadata" style=" width:426px; height:240px;">
24260 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0299.mp4" type="video/mp4">
24261 Your browser does not support the HTML5 video tag.
24262 </video>]]>
24263 </itunes:summary>
24264 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+RgAQrAoA</fireside:playerURL>
24265 <fireside:playerEmbedCode>
24266 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+RgAQrAoA" width="740" height="200" frameborder="0" scrolling="no">]]>
24267 </fireside:playerEmbedCode>
24268 </item>
24269 <item>
24270 <title>298: BSD On The Road</title>
24271 <link>https://www.bsdnow.tv/298</link>
24272 <guid isPermaLink="false">85a43874-a080-4a57-9fb0-2a0210e9718e</guid>
24273 <pubDate>Wed, 15 May 2019 20:00:00 -0700</pubDate>
24274 <author>Allan Jude</author>
24275 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/85a43874-a080-4a57-9fb0-2a0210e9718e.mp3" length="31937689" type="audio/mp3"/>
24276 <itunes:episodeType>full</itunes:episodeType>
24277 <itunes:author>Allan Jude</itunes:author>
24278 <itunes:subtitle>36 year old UFS bug fixed, a BSD for the road, automatic upgrades with OpenBSD, DTrace ext2fs support in FreeBSD, Dedicated SSH tunnel user, upgrading VMM VMs to OpenBSD 6.5, and more.</itunes:subtitle>
24279 <itunes:duration>52:22</itunes:duration>
24280 <itunes:explicit>no</itunes:explicit>
24281 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
24282 <description>36 year old UFS bug fixed, a BSD for the road, automatic upgrades with OpenBSD, DTrace ext2fs support in FreeBSD, Dedicated SSH tunnel user, upgrading VMM VMs to OpenBSD 6.5, and more.
24283 <h2 id="headlines">Headlines</h2>
24284
24285 <h3 id="36yearoldbuginffsufsdiscoveredandpatchedhttpssvnwebfreebsdorgbaseviewrevisionrevision347066"><a href="https://svnweb.freebsd.org/base?view=revision&amp;revision=347066">36+ year old bug in FFS/UFS discovered and patched </a></h3>
24286
24287 <blockquote>
24288 <p>This update eliminates a kernel stack disclosure bug in UFS/FFS directory entries that is caused by uninitialized directory entry padding written to the disk.</p>
24289
24290 <ul>
24291 <li>When the directory entry is written to disk, it is written as a full 32bit entry, and the unused bytes were not initialized, so could possibly contain sensitive data from the kernel stack
24292 It can be viewed by any user with read access to that directory. Up to 3 bytes of kernel stack are disclosed per file entry, depending on the the amount of padding the kernel needs to pad out the entry to a 32 bit boundary. The offset in the kernel stack that is disclosed is a function of the filename size. Furthermore, if the user can create files in a directory, this 3 byte window can be expanded 3 bytes at a time to a 254 byte window with 75% of the data in that window exposed. The additional exposure is done by removing the entry, creating a new entry with a 4-byte longer name, extracting 3 more bytes by reading the directory, and repeating until a 252 byte name is created.
24293 This exploit works in part because the area of the kernel stack that is being disclosed is in an area that typically doesn't change that often (perhaps a few times a second on a lightly loaded system), and these file creates and unlinks themselves don't overwrite the area of kernel stack being disclosed.
24294 It appears that this bug originated with the creation of the Fast File System in 4.1b-BSD (Circa 1982, more than 36 years ago!), and is likely present in every Unix or Unix-like system that uses UFS/FFS. Amazingly, nobody noticed until now.
24295 This update also adds the -z flag to fsck_ffs to have it scrub the leaked information in the name padding of existing directories. It only needs to be run once on each UFS/FFS filesystem after a patched kernel is installed and running.
24296 Submitted by: David G. Lawrence <a href="&#109;a&#105;&#108;&#116;&#111;:&#x64;&#x67;&#64;&#100;&#103;&#x6c;&#97;&#x77;&#x72;&#101;n&#x63;&#101;&#x2e;&#x63;&#x6f;&#109;">&#x64;&#x67;&#64;&#100;&#103;&#x6c;&#97;&#x77;&#x72;&#101;n&#x63;&#101;&#x2e;&#x63;&#x6f;&#109;</a></li>
24297
24298 <li>So a patched kernel will no longer leak this data, and running the <code>fsck_ffs -z</code> command will erase any leaked data that may exist on your system</li>
24299
24300 <li><a href="https://marc.info/?l=openbsd-cvs&amp;m=155699268122858&amp;w=2">OpenBSD commit with additional detail on mitigations</a>
24301 The impact on OpenBSD is very limited:
24302 1 - such stack bytes can be found in raw-device reads, from group operator. If you can read the raw disks you can undertake other more powerful actions.
24303 2 - read(2) upon directory fd was disabled July 1997 because I didn't like how grep * would display garbage and mess up the tty, and applying vis(3) for just directory reads seemed silly. read(2) was changed to return 0 (EOF). Sep 2016 this was further changed to EISDIR, so you still cannot see the bad bytes.
24304 3 - In 2013 when guenther adapted the getdents(2) directory-reading system call to 64-bit ino_t, the userland data format changed to 8-byte-alignment, making it incompatible with the 4-byte-alignment UFS on-disk format. As a result of code refactoring the bad bytes were not copied to userland. Bad bytes will remain in old directories on old filesystems, but nothing makes those bytes user visible.
24305 There will be no errata or syspatch issued. I urge other systems which do expose the information to userland to issue errata quickly, since this is a 254 byte infoleak of the stack which is great for ROP-chain building to attack some other bug. Especially if the kernel has no layout/link-order randomization ...</li>
24306 </ul>
24307
24308 <hr />
24309 </blockquote>
24310
24311 <h3 id="nomadbsdabsdfortheroadhttpsitsfosscomnomadbsd"><a href="https://itsfoss.com/nomadbsd/">NomadBSD, a BSD for the Road</a></h3>
24312
24313 <blockquote>
24314 <p>As regular It’s FOSS readers should know, I like diving into the world of BSDs. Recently, I came across an interesting BSD that is designed to live on a thumb drive. Let’s take a look at NomadBSD.
24315 NomadBSD is different than most available BSDs. NomadBSD is a live system based on FreeBSD. It comes with automatic hardware detection and an initial config tool. NomadBSD is designed to “be used as a desktop system that works out of the box, but can also be used for data recovery, for educational purposes, or to test FreeBSD’s hardware compatibility.”
24316 This German BSD comes with an OpenBox-based desktop with the Plank application dock. NomadBSD makes use of the DSB project. DSB stands for “Desktop Suite (for) (Free)BSD” and consists of a collection of programs designed to create a simple and working environment without needing a ton of dependencies to use one tool. DSB is created by Marcel Kaiser one of the lead devs of NomadBSD.
24317 Just like the original BSD projects, you can contact the NomadBSD developers via a mailing list.</p>
24318 </blockquote>
24319
24320 <ul>
24321 <li>Version 1.2 Released</li>
24322 </ul>
24323
24324 <blockquote>
24325 <p>NomadBSD recently released version 1.2 on April 21, 2019. This means that NomadBSD is now based on FreeBSD 12.0-p3. TRIM is now enabled by default. One of the biggest changes is that the initial command-line setup was replaced with a Qt graphical interface. They also added a Qt5 tool to install NomadBSD to your hard drive. A number of fixes were included to improve graphics support. They also added support for creating 32-bit images.</p>
24326 </blockquote>
24327
24328 <ul>
24329 <li>Thoughts on NomadBSD</li>
24330 </ul>
24331
24332 <blockquote>
24333 <p>I first discovered NomadBSD back in January when they released 1.2-RC1. At the time, I had been unable to install Project Trident on my laptop and was very frustrated with BSDs. I downloaded NomadBSD and tried it out. I initially ran into issues reaching the desktop, but RC2 fixed that issue. However, I was unable to get on the internet, even though I had an Ethernet cable plugged in. Luckily, I found the wifi manager in the menu and was able to connect to my wifi.
24334 Overall, my experience with NomadBSD was pleasant. Once I figured out a few things, I was good to go. I hope that NomadBSD is the first of a new generation of BSDs that focus on mobility and ease of use. BSD has conquered the server world, it’s about time they figured out how to be more user-friendly.</p>
24335
24336 <hr />
24337 </blockquote>
24338
24339 <h2 id="newsroundup">News Roundup</h2>
24340
24341 <h3 id="openbsdautomatic">[OpenBSD automatic</h3>
24342
24343 <p>upgrade](https://www.tumfatig.net/20190426/openbsd-automatic-upgrade/)</p>
24344
24345 <blockquote>
24346 <p>OpenBSD 6.5 advertises for an installer improvement: rdsetroot(8) (a build-time tool) is now available for general use. Used in combination with autoinstall.8, it is now really easy to do automatic upgrades of your OpenBSD instances.
24347 I first manually upgraded my OpenBSD sandbox to 6.5. Once that was done, I could use the stock rdsetroot(8) tool. The plan is quite simple: write an unattended installation response file, insert it to a bsd.rd 6.5 installation image and reboot my other OpenBSD instances using that image.</p>
24348 </blockquote>
24349
24350 <ul>
24351 <li>Extra notes</li>
24352 </ul>
24353
24354 <blockquote>
24355 <p>There must be a way to run onetime commands (in the manner of fw_update) to automatically run sysmerge and packages upgrades. As for now, I’d rather do it manually.
24356 This worked like a charm on two Synology KVM instances using a single sd0 disk, on my Thinkpad X260 using Encrypted root with Keydisk and on a Vultr instance using Encrypted root with passphrase. And BTW, the upgrade on the X260 used the (iwn0) wireless connection.
24357 I just read that florian@ has released the sysupgrade(8) utility which should be released with OpenBSD 6.6. That will make upgrades even easier! Until then, happy upgrading.</p>
24358 </blockquote>
24359
24360 <hr />
24361 <h3 id="freebsddtraceext2fssupporthttpsreviewsfreebsdorgd19848"><a href="https://reviews.freebsd.org/D19848">FreeBSD Dtrace ext2fs Support</a></h3>
24362
24363 <ul>
24364 <li><p>Which logs were replaced by dtrace-probes:</p>
24365
24366 <ul>
24367 <li>Misc printf's under DEBUG macro in the blocks allocation path.</li>
24368
24369 <li>Different on-disk structures validation errors, now the filesystem will silently return EIO's.</li>
24370
24371 <li>Misc checksum errors, same as above.</li></ul></li>
24372
24373 <li><p>The only debug macro, which was leaved is EXT2FS<em>PRINT</em>EXTENTS.</p></li>
24374
24375 <li><p>It is impossible to replace it by dtrace-probes, because the additional logic is required to walk thru file extents.</p></li>
24376
24377 <li><p>The user still be able to see mount errors in the dmesg in case of:</p>
24378
24379 <p><ul>
24380 <li>Filesystem features incompatibility.</li></p>
24381
24382 <p><li>Superblock checksum error.</li></ul>
24383
24384 <p></p></li>
24385 </ul></p>
24386
24387 <hr />
24388
24389 <h3 id="createadedicateduserforsshtunnelingonlyhttpsdataswamporgtsolene20190417sshtunnelinghtml"><a href="https://dataswamp.org/~solene/2019-04-17-ssh-tunneling.html">Create a dedicated user for ssh tunneling only</a></h3>
24390
24391 <blockquote>
24392 <p>I use ssh tunneling A LOT, for everything. Yesterday, I removed the public access of my IMAP server, it’s now only available through ssh tunneling to access the daemon listening on localhost. I have plenty of daemons listening only on localhost that I can only reach through a ssh tunnel. If you don’t want to bother with ssh and redirect ports you need, you can also make a VPN (using ssh, openvpn, iked, tinc…) between your system and your server. I tend to avoid setting up VPN for the current use case as it requires more work and more maintenance than running ssh server and a ssh client.
24393 The last change, for my IMAP server, added an issue. I want my phone to access the IMAP server but I don’t want to connect to my main account from my phone for security reasons. So, I need a dedicated user that will only be allowed to forward ports.
24394 This is done very easily on OpenBSD.
24395 The steps are: 1. generate ssh keys for the new user 2. add an user with no password 3. allow public key for port forwarding
24396 Obviously, you must allow users (or only this one) to make port forwarding in your sshd_config.</p>
24397
24398 <hr />
24399 </blockquote>
24400
24401 <h3 id="thatwaseasysomeinfoonupgradingvmmvmsto65httpsopenbsdamsterdamupgradehtml"><a href="https://openbsd.amsterdam/upgrade.html">That was easy. Some info on upgrading VMM VMs to 6.5</a></h3>
24402
24403 <blockquote>
24404 <p>We're running dedicated vmm(4)/vmd(8) servers to host opinionated VMs.
24405 OpenBSD 6.5 is released! There are two ways you can upgrade your VM.
24406 Either do a manual upgrade or leverage autoinstall(8). You can take care of it via the console with vmctl(8).</p>
24407 </blockquote>
24408
24409 <ul>
24410 <li>Upgrade yourself</li>
24411 </ul>
24412
24413 <blockquote>
24414 <p>To get connected to the console you need to have access to the host your VM is running on. The same username and public SSH key, as provided for the VM, are used to create a local user on the host.
24415 When this is done you can use vmctl(8) to manage your VM. The options you have are:</p>
24416 </blockquote>
24417
24418 <pre><code class="$ vmctl console id``` language-$ vmctl console id```">```$ vmctl start id [-c]```
24419 </code></pre>
24420
24421 <p>$ vmctl stop id [-fw]```</p>
24422
24423 <pre><code class="-f Forcefully stop the VM without attempting a graceful shutdown.``` language--f Forcefully stop the VM without attempting a graceful shutdown.```">```-w Wait until the VM has been terminated.```
24424 </code></pre>
24425
24426 <p>-c Automatically connect to the VM console.```</p>
24427
24428 <ul>
24429 <li>See the Article for the rest of the guide</li>
24430 </ul>
24431
24432 <hr />
24433 <h2 id="beastiebits">Beastie Bits</h2>
24434
24435 <ul>
24436 <li><a href="https://inks.tedunangst.com/l/3791">powerpc64 architecture support in FreeBSD ports</a></li>
24437
24438 <li><a href="https://twitter.com/ribalinux/status/1117856218251517956">GhostBSD 19.04 overview</a></li>
24439
24440 <li><a href="https://twitter.com/lattera/status/1119018409575026688">HardenedBSD will have two user selectable ASLR implementations</a></li>
24441
24442 <li><a href="https://www.youtube.com/watch?v=S_aTzXVRRlM&amp;feature=youtu.be">NYCBUG 2016 Talk Shell-Fu Uploaded</a></li>
24443
24444 <li><a href="http://blog.zarfhome.com/2019/04/what-is-zil-anyway.html">What is ZIL anyway?</a></li>
24445 </ul>
24446
24447 <hr />
24448 <h2 id="feedbackquestions">Feedback/Questions</h2>
24449
24450 <ul>
24451 <li>Quentin - <a href="http://dpaste.com/0K9PQW9#wrap">Organize an Ada/BSD interview</a></li>
24452
24453 <li>DJ - <a href="http://dpaste.com/3KTQ45G#wrap">Update</a></li>
24454
24455 <li>Patrick - <a href="http://dpaste.com/07V6ZJN">Bhyve frontends</a></li>
24456
24457 <li>A small programming note: After BSDNow episode 300, the podcast will switch to audio-only, using a new higher quality recording and production system. The live stream will likely still include video.</li>
24458 </ul>
24459
24460 <hr />
24461 <ul>
24462 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
24463 </ul>
24464
24465 <hr />
24466 <video controls preload="metadata" style=" width:426px; height:240px;">
24467 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0298.mp4" type="video/mp4">
24468 Your browser does not support the HTML5 video tag.
24469 </video>
24470 </description>
24471 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, ssh, nomadbsd, dtrace, ext2, unleashed, vmm</itunes:keywords>
24472 <content:encoded>
24473 <</p>
24536
24537 <blockquote>
24538 <p>OpenBSD 6.5 advertises for an installer improvement: rdsetroot(8) (a build-time tool) is now available for general use. Used in combination with autoinstall.8, it is now really easy to do automatic upgrades of your OpenBSD instances.
24539 I first manually upgraded my OpenBSD sandbox to 6.5. Once that was done, I could use the stock rdsetroot(8) tool. The plan is quite simple: write an unattended installation response file, insert it to a bsd.rd 6.5 installation image and reboot my other OpenBSD instances using that image.</p>
24540 </blockquote>
24541
24542 <ul>
24543 <li>Extra notes</li>
24544 </ul>
24545
24546 <blockquote>
24547 <p>There must be a way to run onetime commands (in the manner of fw_update) to automatically run sysmerge and packages upgrades. As for now, I’d rather do it manually.
24548 This worked like a charm on two Synology KVM instances using a single sd0 disk, on my Thinkpad X260 using Encrypted root with Keydisk and on a Vultr instance using Encrypted root with passphrase. And BTW, the upgrade on the X260 used the (iwn0) wireless connection.
24549 I just read that florian@ has released the sysupgrade(8) utility which should be released with OpenBSD 6.6. That will make upgrades even easier! Until then, happy upgrading.</p>
24550 </blockquote>
24551
24552 <p><hr /></p>
24553
24554 <h3 id="freebsddtraceext2fssupporthttpsreviewsfreebsdorgd19848"><a href="https://reviews.freebsd.org/D19848">FreeBSD Dtrace ext2fs Support</a></h3>
24555
24556 <ul>
24557 <li><p>Which logs were replaced by dtrace-probes:</p>
24558
24559 <ul>
24560 <li>Misc printf's under DEBUG macro in the blocks allocation path.</li>
24561
24562 <li>Different on-disk structures validation errors, now the filesystem will silently return EIO's.</li>
24563
24564 <li>Misc checksum errors, same as above.</li></ul></li>
24565
24566 <li><p>The only debug macro, which was leaved is EXT2FS<em>PRINT</em>EXTENTS.</p></li>
24567
24568 <li><p>It is impossible to replace it by dtrace-probes, because the additional logic is required to walk thru file extents.</p></li>
24569
24570 <li><p>The user still be able to see mount errors in the dmesg in case of:</p>
24571
24572 <p><ul>
24573 <li>Filesystem features incompatibility.</li></p>
24574
24575 <p><li>Superblock checksum error.</li></ul>
24576
24577 <p></p></li>
24578 </ul></p>
24579
24580 <hr />
24581
24582 <h3 id="createadedicateduserforsshtunnelingonlyhttpsdataswamporgtsolene20190417sshtunnelinghtml"><a href="https://dataswamp.org/~solene/2019-04-17-ssh-tunneling.html">Create a dedicated user for ssh tunneling only</a></h3>
24583
24584 <blockquote>
24585 <p>I use ssh tunneling A LOT, for everything. Yesterday, I removed the public access of my IMAP server, it’s now only available through ssh tunneling to access the daemon listening on localhost. I have plenty of daemons listening only on localhost that I can only reach through a ssh tunnel. If you don’t want to bother with ssh and redirect ports you need, you can also make a VPN (using ssh, openvpn, iked, tinc…) between your system and your server. I tend to avoid setting up VPN for the current use case as it requires more work and more maintenance than running ssh server and a ssh client.
24586 The last change, for my IMAP server, added an issue. I want my phone to access the IMAP server but I don’t want to connect to my main account from my phone for security reasons. So, I need a dedicated user that will only be allowed to forward ports.
24587 This is done very easily on OpenBSD.
24588 The steps are: 1. generate ssh keys for the new user 2. add an user with no password 3. allow public key for port forwarding
24589 Obviously, you must allow users (or only this one) to make port forwarding in your sshd_config.</p>
24590
24591 <hr />
24592 </blockquote>
24593
24594 <h3 id="thatwaseasysomeinfoonupgradingvmmvmsto65httpsopenbsdamsterdamupgradehtml"><a href="https://openbsd.amsterdam/upgrade.html">That was easy. Some info on upgrading VMM VMs to 6.5</a></h3>
24595
24596 <blockquote>
24597 <p>We're running dedicated vmm(4)/vmd(8) servers to host opinionated VMs.
24598 OpenBSD 6.5 is released! There are two ways you can upgrade your VM.
24599 Either do a manual upgrade or leverage autoinstall(8). You can take care of it via the console with vmctl(8).</p>
24600 </blockquote>
24601
24602 <ul>
24603 <li>Upgrade yourself</li>
24604 </ul>
24605
24606 <blockquote>
24607 <p>To get connected to the console you need to have access to the host your VM is running on. The same username and public SSH key, as provided for the VM, are used to create a local user on the host.
24608 When this is done you can use vmctl(8) to manage your VM. The options you have are:</p>
24609 </blockquote>
24610
24611 <pre><code class="$ vmctl console id``` language-$ vmctl console id```">```$ vmctl start id [-c]```
24612 </code></pre>
24613
24614 <p>$ vmctl stop id [-fw]```</p>
24615
24616 <pre><code class="-f Forcefully stop the VM without attempting a graceful shutdown.``` language--f Forcefully stop the VM without attempting a graceful shutdown.```">```-w Wait until the VM has been terminated.```
24617 </code></pre>
24618
24619 <p>-c Automatically connect to the VM console.```</p>
24620
24621 <ul>
24622 <li>See the Article for the rest of the guide</li>
24623 </ul>
24624
24625 <p><hr /></p>
24626
24627 <h2 id="beastiebits">Beastie Bits</h2>
24628
24629 <ul>
24630 <li><a href="https://inks.tedunangst.com/l/3791">powerpc64 architecture support in FreeBSD ports</a></li>
24631
24632 <li><a href="https://twitter.com/ribalinux/status/1117856218251517956">GhostBSD 19.04 overview</a></li>
24633
24634 <li><a href="https://twitter.com/lattera/status/1119018409575026688">HardenedBSD will have two user selectable ASLR implementations</a></li>
24635
24636 <li><a href="https://www.youtube.com/watch?v=S_aTzXVRRlM&feature=youtu.be">NYCBUG 2016 Talk Shell-Fu Uploaded</a></li>
24637
24638 <li><a href="http://blog.zarfhome.com/2019/04/what-is-zil-anyway.html">What is ZIL anyway?</a></li>
24639 </ul>
24640
24641 <p><hr /></p>
24642
24643 <h2 id="feedbackquestions">Feedback/Questions</h2>
24644
24645 <ul>
24646 <li>Quentin - <a href="http://dpaste.com/0K9PQW9#wrap">Organize an Ada/BSD interview</a></li>
24647
24648 <li>DJ - <a href="http://dpaste.com/3KTQ45G#wrap">Update</a></li>
24649
24650 <li>Patrick - <a href="http://dpaste.com/07V6ZJN">Bhyve frontends</a></li>
24651
24652 <li>A small programming note: After BSDNow episode 300, the podcast will switch to audio-only, using a new higher quality recording and production system. The live stream will likely still include video.</li>
24653 </ul>
24654
24655 <p><hr /></p>
24656
24657 <ul>
24658 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
24659 </ul>
24660
24661 <p><hr /></p>
24662
24663 <video controls preload="metadata" style=" width:426px; height:240px;">
24664 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0298.mp4" type="video/mp4">
24665 Your browser does not support the HTML5 video tag.
24666 </video>]]>
24667 </content:encoded>
24668 <itunes:summary>
24669 <</p>
24732
24733 <blockquote>
24734 <p>OpenBSD 6.5 advertises for an installer improvement: rdsetroot(8) (a build-time tool) is now available for general use. Used in combination with autoinstall.8, it is now really easy to do automatic upgrades of your OpenBSD instances.
24735 I first manually upgraded my OpenBSD sandbox to 6.5. Once that was done, I could use the stock rdsetroot(8) tool. The plan is quite simple: write an unattended installation response file, insert it to a bsd.rd 6.5 installation image and reboot my other OpenBSD instances using that image.</p>
24736 </blockquote>
24737
24738 <ul>
24739 <li>Extra notes</li>
24740 </ul>
24741
24742 <blockquote>
24743 <p>There must be a way to run onetime commands (in the manner of fw_update) to automatically run sysmerge and packages upgrades. As for now, I’d rather do it manually.
24744 This worked like a charm on two Synology KVM instances using a single sd0 disk, on my Thinkpad X260 using Encrypted root with Keydisk and on a Vultr instance using Encrypted root with passphrase. And BTW, the upgrade on the X260 used the (iwn0) wireless connection.
24745 I just read that florian@ has released the sysupgrade(8) utility which should be released with OpenBSD 6.6. That will make upgrades even easier! Until then, happy upgrading.</p>
24746 </blockquote>
24747
24748 <p><hr /></p>
24749
24750 <h3 id="freebsddtraceext2fssupporthttpsreviewsfreebsdorgd19848"><a href="https://reviews.freebsd.org/D19848">FreeBSD Dtrace ext2fs Support</a></h3>
24751
24752 <ul>
24753 <li><p>Which logs were replaced by dtrace-probes:</p>
24754
24755 <ul>
24756 <li>Misc printf's under DEBUG macro in the blocks allocation path.</li>
24757
24758 <li>Different on-disk structures validation errors, now the filesystem will silently return EIO's.</li>
24759
24760 <li>Misc checksum errors, same as above.</li></ul></li>
24761
24762 <li><p>The only debug macro, which was leaved is EXT2FS<em>PRINT</em>EXTENTS.</p></li>
24763
24764 <li><p>It is impossible to replace it by dtrace-probes, because the additional logic is required to walk thru file extents.</p></li>
24765
24766 <li><p>The user still be able to see mount errors in the dmesg in case of:</p>
24767
24768 <p><ul>
24769 <li>Filesystem features incompatibility.</li></p>
24770
24771 <p><li>Superblock checksum error.</li></ul>
24772
24773 <p></p></li>
24774 </ul></p>
24775
24776 <hr />
24777
24778 <h3 id="createadedicateduserforsshtunnelingonlyhttpsdataswamporgtsolene20190417sshtunnelinghtml"><a href="https://dataswamp.org/~solene/2019-04-17-ssh-tunneling.html">Create a dedicated user for ssh tunneling only</a></h3>
24779
24780 <blockquote>
24781 <p>I use ssh tunneling A LOT, for everything. Yesterday, I removed the public access of my IMAP server, it’s now only available through ssh tunneling to access the daemon listening on localhost. I have plenty of daemons listening only on localhost that I can only reach through a ssh tunnel. If you don’t want to bother with ssh and redirect ports you need, you can also make a VPN (using ssh, openvpn, iked, tinc…) between your system and your server. I tend to avoid setting up VPN for the current use case as it requires more work and more maintenance than running ssh server and a ssh client.
24782 The last change, for my IMAP server, added an issue. I want my phone to access the IMAP server but I don’t want to connect to my main account from my phone for security reasons. So, I need a dedicated user that will only be allowed to forward ports.
24783 This is done very easily on OpenBSD.
24784 The steps are: 1. generate ssh keys for the new user 2. add an user with no password 3. allow public key for port forwarding
24785 Obviously, you must allow users (or only this one) to make port forwarding in your sshd_config.</p>
24786
24787 <hr />
24788 </blockquote>
24789
24790 <h3 id="thatwaseasysomeinfoonupgradingvmmvmsto65httpsopenbsdamsterdamupgradehtml"><a href="https://openbsd.amsterdam/upgrade.html">That was easy. Some info on upgrading VMM VMs to 6.5</a></h3>
24791
24792 <blockquote>
24793 <p>We're running dedicated vmm(4)/vmd(8) servers to host opinionated VMs.
24794 OpenBSD 6.5 is released! There are two ways you can upgrade your VM.
24795 Either do a manual upgrade or leverage autoinstall(8). You can take care of it via the console with vmctl(8).</p>
24796 </blockquote>
24797
24798 <ul>
24799 <li>Upgrade yourself</li>
24800 </ul>
24801
24802 <blockquote>
24803 <p>To get connected to the console you need to have access to the host your VM is running on. The same username and public SSH key, as provided for the VM, are used to create a local user on the host.
24804 When this is done you can use vmctl(8) to manage your VM. The options you have are:</p>
24805 </blockquote>
24806
24807 <pre><code class="$ vmctl console id``` language-$ vmctl console id```">```$ vmctl start id [-c]```
24808 </code></pre>
24809
24810 <p>$ vmctl stop id [-fw]```</p>
24811
24812 <pre><code class="-f Forcefully stop the VM without attempting a graceful shutdown.``` language--f Forcefully stop the VM without attempting a graceful shutdown.```">```-w Wait until the VM has been terminated.```
24813 </code></pre>
24814
24815 <p>-c Automatically connect to the VM console.```</p>
24816
24817 <ul>
24818 <li>See the Article for the rest of the guide</li>
24819 </ul>
24820
24821 <p><hr /></p>
24822
24823 <h2 id="beastiebits">Beastie Bits</h2>
24824
24825 <ul>
24826 <li><a href="https://inks.tedunangst.com/l/3791">powerpc64 architecture support in FreeBSD ports</a></li>
24827
24828 <li><a href="https://twitter.com/ribalinux/status/1117856218251517956">GhostBSD 19.04 overview</a></li>
24829
24830 <li><a href="https://twitter.com/lattera/status/1119018409575026688">HardenedBSD will have two user selectable ASLR implementations</a></li>
24831
24832 <li><a href="https://www.youtube.com/watch?v=S_aTzXVRRlM&feature=youtu.be">NYCBUG 2016 Talk Shell-Fu Uploaded</a></li>
24833
24834 <li><a href="http://blog.zarfhome.com/2019/04/what-is-zil-anyway.html">What is ZIL anyway?</a></li>
24835 </ul>
24836
24837 <p><hr /></p>
24838
24839 <h2 id="feedbackquestions">Feedback/Questions</h2>
24840
24841 <ul>
24842 <li>Quentin - <a href="http://dpaste.com/0K9PQW9#wrap">Organize an Ada/BSD interview</a></li>
24843
24844 <li>DJ - <a href="http://dpaste.com/3KTQ45G#wrap">Update</a></li>
24845
24846 <li>Patrick - <a href="http://dpaste.com/07V6ZJN">Bhyve frontends</a></li>
24847
24848 <li>A small programming note: After BSDNow episode 300, the podcast will switch to audio-only, using a new higher quality recording and production system. The live stream will likely still include video.</li>
24849 </ul>
24850
24851 <p><hr /></p>
24852
24853 <ul>
24854 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
24855 </ul>
24856
24857 <p><hr /></p>
24858
24859 <video controls preload="metadata" style=" width:426px; height:240px;">
24860 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0298.mp4" type="video/mp4">
24861 Your browser does not support the HTML5 video tag.
24862 </video>]]>
24863 </itunes:summary>
24864 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+dSjnII5o</fireside:playerURL>
24865 <fireside:playerEmbedCode>
24866 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+dSjnII5o" width="740" height="200" frameborder="0" scrolling="no">]]>
24867 </fireside:playerEmbedCode>
24868 </item>
24869 <item>
24870 <title>297: Dragonfly In The Wild</title>
24871 <link>https://www.bsdnow.tv/297</link>
24872 <guid isPermaLink="false">b83c5930-57a8-4c27-855a-97b6d88f5f00</guid>
24873 <pubDate>Wed, 08 May 2019 21:00:00 -0700</pubDate>
24874 <author>Allan Jude</author>
24875 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/b83c5930-57a8-4c27-855a-97b6d88f5f00.mp3" length="24677382" type="audio/mp3"/>
24876 <itunes:episodeType>full</itunes:episodeType>
24877 <itunes:author>Allan Jude</itunes:author>
24878 <itunes:subtitle>FreeBSD ZFS vs. ZoL performance, Dragonfly 5.4.2 has been release, containing web services with iocell, Solaris 11.4 SRU8, Problem with SSH Agent forwarding, OpenBSD 6.4 to 6.5 upgrade guide, and more.</itunes:subtitle>
24879 <itunes:duration>40:16</itunes:duration>
24880 <itunes:explicit>no</itunes:explicit>
24881 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
24882 <description>FreeBSD ZFS vs. ZoL performance, Dragonfly 5.4.2 has been release, containing web services with iocell, Solaris 11.4 SRU8, Problem with SSH Agent forwarding, OpenBSD 6.4 to 6.5 upgrade guide, and more.
24883 <h2 id="headlines">Headlines</h2>
24884
24885 <h3 id="freebsdzfsvszolperformanceubuntuzfsonlinuxreferencehttpswwwphoronixcomscanphppagearticleitemfreebsdzolaprilnum1"><a href="https://www.phoronix.com/scan.php?page=article&amp;item=freebsd-zol-april&amp;num=1">FreeBSD ZFS vs. ZoL Performance, Ubuntu ZFS On Linux Reference</a></h3>
24886
24887 <blockquote>
24888 <p>With iX Systems having released new images of FreeBSD reworked with their ZFS On Linux code that is in development to ultimately replace their existing FreeBSD ZFS support derived from the code originally found in the Illumos source tree, here are some fresh benchmarks looking at the FreeBSD 12 performance of ZFS vs. ZoL vs. UFS and compared to Ubuntu Linux on the same system with EXT4 and ZFS.
24889 Using an Intel Xeon E3-1275 v6 with ASUS P10S-M WS motherboard, 2 x 8GB DDR4-2400 ECC UDIMMs, and Samsung 970 EVO Plus 500GB NVMe solid-state drive was used for all of this round of testing. Just a single modern NVMe SSD was used for this round of ZFS testing while as the FreeBSD ZoL code matures I'll test on multiple systems using a more diverse range of storage devices.
24890 FreeBSD 12 ZoL was tested using the iX Systems image and then fresh installs done of FreeBSD 12.0-RELEASE when defaulting to the existing ZFS root file-system support and again when using the aging UFS file-system. Ubuntu 18.04.2 LTS with the Linux 4.18 kernel was used when testing its default EXT4 file-system and then again when using the Ubuntu-ZFS ZoL support. Via the Phoronix Test Suite various BSD/Linux I/O benchmarks were carried out.
24891 Overall, the FreeBSD ZFS On Linux port is looking good so far and we are looking forward to it hopefully maturing in time for FreeBSD 13.0. Nice job to iX Systems and all of those involved, especially the ZFS On Linux project. Those wanting to help in testing can try the FreeBSD ZoL spins. Stay tuned for more benchmarks and on more diverse hardware as time allows and the FreeBSD ZoL support further matures, but so far at least the performance numbers are in good shape.</p>
24892 </blockquote>
24893
24894 <hr />
24895 <h3 id="dragonflybsd542isouthttpswwwdragonflybsdorgrelease54"><a href="https://www.dragonflybsd.org/release54/">DragonFlyBSD 5.4.2 is out</a></h3>
24896
24897 <p><a href="http://lists.dragonflybsd.org/pipermail/users/2019-April/358160.html">Upgrading guide</a></p>
24898
24899 <blockquote>
24900 <p>Here's the tag commit, for what has changed from <a href="http://lists.dragonflybsd.org/pipermail/commits/2019-April/718697.html">5.4.1 to 5.4.2</a>
24901 The normal ISO and IMG files are available for download and install, plus an uncompressed ISO image for those installing remotely. I uploaded them to mirror-master.dragonflybsd.org last night so they should be at your local mirror or will be soon. This version includes Matt's fix for the HAMMER2 corruption bug he identified recently.
24902 If you have an existing 5.4 system and are running a generic kernel, the normal upgrade process will work.</p>
24903 </blockquote>
24904
24905 <pre><code>&gt; cd /usr/src
24906 &gt; git pull
24907 &gt; make buildworld.
24908 &gt; make buildkernel.
24909 &gt; make installkernel.
24910 &gt; make installworld
24911 &gt; make upgrade
24912 </code></pre>
24913
24914 <blockquote>
24915 <p>After your next reboot, you can optionally update your rescue system:</p>
24916 </blockquote>
24917
24918 <pre><code>&gt; cd /usr/src
24919 &gt; make initrd
24920 </code></pre>
24921
24922 <blockquote>
24923 <p>As always, make sure your packages are up to date:</p>
24924 </blockquote>
24925
24926 <pre><code>&gt; pkg update
24927 &gt; pkg upgrade
24928 </code></pre>
24929
24930 <hr />
24931 <h2 id="newsroundup">News Roundup</h2>
24932
24933 <h3 id="containingwebserviceswithiocellhttpsgioarcme20170305containingwebserviceswithiocell"><a href="https://gioarc.me/2017/03/05/containing-web-services-with-iocell/">Containing web services with iocell</a></h3>
24934
24935 <blockquote>
24936 <p>I'm a huge fan of the FreeBSD jails feature. It is a great system for splitting services into logical units with all the performance of the bare metal system. In fact, this very site runs in its own jail! If this is starting to sound like LXC or Docker, it might surprise you to learn that OS-level virtualization has existed for quite some time. Kudos to the Linux folks for finally getting around to it. 😛
24937 If you're interested in the history behind Jails, there is an excellent talk from Papers We Love on the subject: https://www.youtube.com/watch?v=hgN8pCMLI2U</p>
24938 </blockquote>
24939
24940 <ul>
24941 <li>Getting started</li>
24942 </ul>
24943
24944 <blockquote>
24945 <p>There are plenty of options when it comes to setting up the jail system. Ezjail and Iocage seem popular, or you could do things manually. Iocage was recently rewritten in python, but was originally a set of shell scripts. That version has since been forked under the name Iocell, and I think it's pretty neat, so this tutorial will be using Iocell.</p>
24946 </blockquote>
24947
24948 <ul>
24949 <li>To start, you'll need the following:
24950
24951
24952 <ul>
24953 <li>A FreeBSD install (we'll be using 11.0)</li>
24954
24955 <li>The iocell package (available as a package, also in the ports tree)</li>
24956
24957 <li>A ZFS pool for hosting the jails</li></ul>
24958 </li>
24959 </ul>
24960
24961 <blockquote>
24962 <p>Once you have installed iocell and configured your ZFS pool, you'll need to run a few commands before creating your first jail. First, tell iocell which ZFS pool to use by issuing iocell activate $POOLNAME. Iocell will create a few datasets.</p>
24963
24964 <p>As you can imagine, your jails are contained within the /iocell/jails dataset. The /iocell/releases dataset is used for storing the next command we need to run, iocell fetch. Iocell will ask you which release you'd like to pull down. Since we're running 11.0 on the host, pick 11.0-RELEASE. Iocell will download the necessary txz files and unpack them in /iocell/releases.</p>
24965 </blockquote>
24966
24967 <ul>
24968 <li>See Article for the rest of the walkthrough.</li>
24969 </ul>
24970
24971 <hr />
24972 <h3 id="oraclesolaris114sru8httpsblogsoraclecomsolarisannouncingoraclesolaris114sru8"><a href="https://blogs.oracle.com/solaris/announcing-oracle-solaris-114-sru8">Oracle Solaris 11.4 SRU8</a></h3>
24973
24974 <blockquote>
24975 <p>Today we are releasing the SRU 8 for Oracle Solaris 11.4. It is available via 'pkg update' from the support repository or by downloading the SRU from My Oracle Support Doc ID 2433412.1.</p>
24976
24977 <ul>
24978 <li>This SRU introduces the following enhancements:
24979
24980
24981 <ul>
24982 <li>Integration of 28060039 introduced an issue where any firmware update/query commands will log eereports and repeated execution of such commands led to faulty/degraded NIC. The issue has been addressed in this SRU.</li>
24983
24984 <li>UCB (libucb, librpcsoc, libdbm, libtermcap, and libcurses) libraries have been reinstated for Oracle Solaris 11.4</li>
24985
24986 <li>Re-introduction of the service fc-fabric.</li>
24987
24988 <li>ibus has been updated to 1.5.19</li></ul>
24989 </li>
24990 </ul>
24991 </blockquote>
24992
24993 <ul>
24994 <li>The following components have also been updated to address security issues:
24995
24996
24997 <ul>
24998 <li>NTP has been updated to 4.2.8p12</li>
24999
25000 <li>Firefox has been updated to 60.6.0esr</li>
25001
25002 <li>BIND has been updated to 9.11.6</li>
25003
25004 <li>OpenSSL has been updated to 1.0.2r</li>
25005
25006 <li>MySQL has been updated to 5.6.43 &amp; 5.7.25</li>
25007
25008 <li>libxml2 has been updated to 2.9.9</li>
25009
25010 <li>libxslt has been updated to 1.1.33</li>
25011
25012 <li>Wireshark has been updated to 2.6.7</li>
25013
25014 <li>ncurses has been updated to 6.1.0.20190105</li>
25015
25016 <li>Apache Web Server has been updated to 2.4.38</li>
25017
25018 <li>perl 5.22</li>
25019
25020 <li>pkg.depot</li></ul>
25021 </li>
25022 </ul>
25023
25024 <hr />
25025 <h3 id="theproblemwithsshagentforwardinghttpsdefnio20190412sshforwarding"><a href="https://defn.io/2019/04/12/ssh-forwarding/">The Problem with SSH Agent Forwarding</a></h3>
25026
25027 <blockquote>
25028 <p>After hacking the matrix.org website today, the attacker opened a series of GitHub issues mentioning the flaws he discovered. In one of those issues, he mentions that “complete compromise could have been avoided if developers were prohibited from using [SSH agent forwarding].”
25029 Here’s what man ssh_config has to say about ForwardAgent: "Agent forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the agent’s Unix-domain socket) can access the local agent through the forwarded connection. An attacker cannot obtain key material from the agent, however they can perform operations on the keys that enable them to authenticate using the identities loaded into the agent.""
25030 Simply put: if your jump box is compromised and you use SSH agent forwarding to connect to another machine through it, then you risk also compromising the target machine!
25031 Instead, you should use either ProxyCommand or ProxyJump (added in OpenSSH 7.3). That way, ssh will forward the TCP connection to the target host via the jump box and the actual connection will be made on your workstation. If someone on the jump box tries to MITM your connection, then you will be warned by ssh.</p>
25032 </blockquote>
25033
25034 <hr />
25035 <h3 id="openbsdupgradeguide64to65httpswwwopenbsdorgfaqupgrade65html">[<a href="https://www.openbsd.org/faq/upgrade65.html">OpenBSD Upgrade Guide: 6.4 to 6.5</a></h3>
25036
25037 <blockquote>
25038 <p>Start by performing the pre-upgrade steps. Next, boot from the install kernel, bsd.rd: use bootable install media, or place the 6.5 version of bsd.rd in the root of your filesystem and instruct the boot loader to boot this kernel. Once this kernel is booted, choose the (U)pgrade option and follow the prompts. Apply the configuration changes and remove the old files. Finish up by upgrading the packages: pkg_add -u.
25039 Alternatively, you can use the manual upgrade process.
25040 You may wish to check the errata page or upgrade to the stable branch to get any post-release fixes.</p>
25041 </blockquote>
25042
25043 <ul>
25044 <li>Before rebooting into the install kernel</li>
25045
25046 <li>Configuration and syntax changes</li>
25047
25048 <li>Files to remove</li>
25049
25050 <li>Special packages</li>
25051
25052 <li>Upgrade without the install kernel</li>
25053 </ul>
25054
25055 <hr />
25056 <h2 id="beastiebits">Beastie Bits</h2>
25057
25058 <ul>
25059 <li><a href="https://lists.freebsd.org/pipermail/freebsd-announce/2019-April/001873.html">2019 FreeBSD Community Survey</a></li>
25060
25061 <li><a href="https://blog.seagate.com/craftsman-ship/seagate-shows-dual-actuator-speed-gains-in-real-world-setup/">Seagate runs Mach.2 demo on FreeBSD</a></li>
25062
25063 <li><a href="https://www.youtube.com/watch?v=2KoD-jXjHok&amp;t=7s">FreeBSD: Resizing and Growing Disks</a></li>
25064
25065 <li><a href="https://old.reddit.com/r/freebsd/comments/bh1abv/loading_49_on_an_old_tandy_4025lx_386_16mb_1gb_hd/">Loading 4.9 on an old Tandy 4025LX - 386, 16MB, 1GB HD. Good old external SCSI CD</a></li>
25066
25067 <li><a href="https://forums.os108.org/d/6-os108-mate-20190422-released">OS108 MATE 20190422 released</a></li>
25068 </ul>
25069
25070 <hr />
25071 <h2 id="feedbackquestions">Feedback/Questions</h2>
25072
25073 <ul>
25074 <li>Casey - <a href="http://dpaste.com/39VJ7NH#wrap">Oklahoma City &amp; James</a></li>
25075
25076 <li>Michael - <a href="http://dpaste.com/2VSKEGW#wrap">Question on SAS backplane (camcontrol?)</a></li>
25077
25078 <li>Ales - <a href="http://dpaste.com/0AD0HBY#wrap">OpenBSD, FreeNAS, OpenZFS questions</a></li>
25079 </ul>
25080
25081 <hr />
25082 <ul>
25083 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
25084 </ul>
25085
25086 <hr />
25087 <video controls preload="metadata" style=" width:426px; height:240px;">
25088 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0297.mp4" type="video/mp4">
25089 Your browser does not support the HTML5 video tag.
25090 </video>
25091 </description>
25092 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, ZoL, iocell, Solaris, SSH, forwarding</itunes:keywords>
25093 <content:encoded>
25094 <![CDATA[<p>FreeBSD ZFS vs. ZoL performance, Dragonfly 5.4.2 has been release, containing web services with iocell, Solaris 11.4 SRU8, Problem with SSH Agent forwarding, OpenBSD 6.4 to 6.5 upgrade guide, and more.</p>
25095
25096 <h2 id="headlines">Headlines</h2>
25097
25098 <h3 id="freebsdzfsvszolperformanceubuntuzfsonlinuxreferencehttpswwwphoronixcomscanphppagearticleitemfreebsdzolaprilnum1"><a href="https://www.phoronix.com/scan.php?page=article&item=freebsd-zol-april&num=1">FreeBSD ZFS vs. ZoL Performance, Ubuntu ZFS On Linux Reference</a></h3>
25099
25100 <blockquote>
25101 <p>With iX Systems having released new images of FreeBSD reworked with their ZFS On Linux code that is in development to ultimately replace their existing FreeBSD ZFS support derived from the code originally found in the Illumos source tree, here are some fresh benchmarks looking at the FreeBSD 12 performance of ZFS vs. ZoL vs. UFS and compared to Ubuntu Linux on the same system with EXT4 and ZFS.
25102 Using an Intel Xeon E3-1275 v6 with ASUS P10S-M WS motherboard, 2 x 8GB DDR4-2400 ECC UDIMMs, and Samsung 970 EVO Plus 500GB NVMe solid-state drive was used for all of this round of testing. Just a single modern NVMe SSD was used for this round of ZFS testing while as the FreeBSD ZoL code matures I'll test on multiple systems using a more diverse range of storage devices.
25103 FreeBSD 12 ZoL was tested using the iX Systems image and then fresh installs done of FreeBSD 12.0-RELEASE when defaulting to the existing ZFS root file-system support and again when using the aging UFS file-system. Ubuntu 18.04.2 LTS with the Linux 4.18 kernel was used when testing its default EXT4 file-system and then again when using the Ubuntu-ZFS ZoL support. Via the Phoronix Test Suite various BSD/Linux I/O benchmarks were carried out.
25104 Overall, the FreeBSD ZFS On Linux port is looking good so far and we are looking forward to it hopefully maturing in time for FreeBSD 13.0. Nice job to iX Systems and all of those involved, especially the ZFS On Linux project. Those wanting to help in testing can try the FreeBSD ZoL spins. Stay tuned for more benchmarks and on more diverse hardware as time allows and the FreeBSD ZoL support further matures, but so far at least the performance numbers are in good shape.</p>
25105 </blockquote>
25106
25107 <p><hr /></p>
25108
25109 <h3 id="dragonflybsd542isouthttpswwwdragonflybsdorgrelease54"><a href="https://www.dragonflybsd.org/release54/">DragonFlyBSD 5.4.2 is out</a></h3>
25110
25111 <p><a href="http://lists.dragonflybsd.org/pipermail/users/2019-April/358160.html">Upgrading guide</a></p>
25112
25113 <blockquote>
25114 <p>Here's the tag commit, for what has changed from <a href="http://lists.dragonflybsd.org/pipermail/commits/2019-April/718697.html">5.4.1 to 5.4.2</a>
25115 The normal ISO and IMG files are available for download and install, plus an uncompressed ISO image for those installing remotely. I uploaded them to mirror-master.dragonflybsd.org last night so they should be at your local mirror or will be soon. This version includes Matt's fix for the HAMMER2 corruption bug he identified recently.
25116 If you have an existing 5.4 system and are running a generic kernel, the normal upgrade process will work.</p>
25117 </blockquote>
25118
25119 <pre><code>> cd /usr/src
25120 > git pull
25121 > make buildworld.
25122 > make buildkernel.
25123 > make installkernel.
25124 > make installworld
25125 > make upgrade
25126 </code></pre>
25127
25128 <blockquote>
25129 <p>After your next reboot, you can optionally update your rescue system:</p>
25130 </blockquote>
25131
25132 <pre><code>> cd /usr/src
25133 > make initrd
25134 </code></pre>
25135
25136 <blockquote>
25137 <p>As always, make sure your packages are up to date:</p>
25138 </blockquote>
25139
25140 <pre><code>> pkg update
25141 > pkg upgrade
25142 </code></pre>
25143
25144 <p><hr /></p>
25145
25146 <h2 id="newsroundup">News Roundup</h2>
25147
25148 <h3 id="containingwebserviceswithiocellhttpsgioarcme20170305containingwebserviceswithiocell"><a href="https://gioarc.me/2017/03/05/containing-web-services-with-iocell/">Containing web services with iocell</a></h3>
25149
25150 <blockquote>
25151 <p>I'm a huge fan of the FreeBSD jails feature. It is a great system for splitting services into logical units with all the performance of the bare metal system. In fact, this very site runs in its own jail! If this is starting to sound like LXC or Docker, it might surprise you to learn that OS-level virtualization has existed for quite some time. Kudos to the Linux folks for finally getting around to it. 😛
25152 If you're interested in the history behind Jails, there is an excellent talk from Papers We Love on the subject: https://www.youtube.com/watch?v=hgN8pCMLI2U</p>
25153 </blockquote>
25154
25155 <ul>
25156 <li>Getting started</li>
25157 </ul>
25158
25159 <blockquote>
25160 <p>There are plenty of options when it comes to setting up the jail system. Ezjail and Iocage seem popular, or you could do things manually. Iocage was recently rewritten in python, but was originally a set of shell scripts. That version has since been forked under the name Iocell, and I think it's pretty neat, so this tutorial will be using Iocell.</p>
25161 </blockquote>
25162
25163 <ul>
25164 <li>To start, you'll need the following:
25165
25166
25167 <ul>
25168 <li>A FreeBSD install (we'll be using 11.0)</li>
25169
25170 <li>The iocell package (available as a package, also in the ports tree)</li>
25171
25172 <li>A ZFS pool for hosting the jails</li></ul>
25173 </li>
25174 </ul>
25175
25176 <blockquote>
25177 <p>Once you have installed iocell and configured your ZFS pool, you'll need to run a few commands before creating your first jail. First, tell iocell which ZFS pool to use by issuing iocell activate $POOLNAME. Iocell will create a few datasets.</p>
25178
25179 <p>As you can imagine, your jails are contained within the /iocell/jails dataset. The /iocell/releases dataset is used for storing the next command we need to run, iocell fetch. Iocell will ask you which release you'd like to pull down. Since we're running 11.0 on the host, pick 11.0-RELEASE. Iocell will download the necessary txz files and unpack them in /iocell/releases.</p>
25180 </blockquote>
25181
25182 <ul>
25183 <li>See Article for the rest of the walkthrough.</li>
25184 </ul>
25185
25186 <p><hr /></p>
25187
25188 <h3 id="oraclesolaris114sru8httpsblogsoraclecomsolarisannouncingoraclesolaris114sru8"><a href="https://blogs.oracle.com/solaris/announcing-oracle-solaris-114-sru8">Oracle Solaris 11.4 SRU8</a></h3>
25189
25190 <blockquote>
25191 <p>Today we are releasing the SRU 8 for Oracle Solaris 11.4. It is available via 'pkg update' from the support repository or by downloading the SRU from My Oracle Support Doc ID 2433412.1.</p>
25192
25193 <ul>
25194 <li>This SRU introduces the following enhancements:
25195
25196
25197 <ul>
25198 <li>Integration of 28060039 introduced an issue where any firmware update/query commands will log eereports and repeated execution of such commands led to faulty/degraded NIC. The issue has been addressed in this SRU.</li>
25199
25200 <li>UCB (libucb, librpcsoc, libdbm, libtermcap, and libcurses) libraries have been reinstated for Oracle Solaris 11.4</li>
25201
25202 <li>Re-introduction of the service fc-fabric.</li>
25203
25204 <li>ibus has been updated to 1.5.19</li></ul>
25205 </li>
25206 </ul>
25207 </blockquote>
25208
25209 <ul>
25210 <li>The following components have also been updated to address security issues:
25211
25212
25213 <ul>
25214 <li>NTP has been updated to 4.2.8p12</li>
25215
25216 <li>Firefox has been updated to 60.6.0esr</li>
25217
25218 <li>BIND has been updated to 9.11.6</li>
25219
25220 <li>OpenSSL has been updated to 1.0.2r</li>
25221
25222 <li>MySQL has been updated to 5.6.43 & 5.7.25</li>
25223
25224 <li>libxml2 has been updated to 2.9.9</li>
25225
25226 <li>libxslt has been updated to 1.1.33</li>
25227
25228 <li>Wireshark has been updated to 2.6.7</li>
25229
25230 <li>ncurses has been updated to 6.1.0.20190105</li>
25231
25232 <li>Apache Web Server has been updated to 2.4.38</li>
25233
25234 <li>perl 5.22</li>
25235
25236 <li>pkg.depot</li></ul>
25237 </li>
25238 </ul>
25239
25240 <p><hr /></p>
25241
25242 <h3 id="theproblemwithsshagentforwardinghttpsdefnio20190412sshforwarding"><a href="https://defn.io/2019/04/12/ssh-forwarding/">The Problem with SSH Agent Forwarding</a></h3>
25243
25244 <blockquote>
25245 <p>After hacking the matrix.org website today, the attacker opened a series of GitHub issues mentioning the flaws he discovered. In one of those issues, he mentions that “complete compromise could have been avoided if developers were prohibited from using [SSH agent forwarding].”
25246 Here’s what man ssh_config has to say about ForwardAgent: "Agent forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the agent’s Unix-domain socket) can access the local agent through the forwarded connection. An attacker cannot obtain key material from the agent, however they can perform operations on the keys that enable them to authenticate using the identities loaded into the agent.""
25247 Simply put: if your jump box is compromised and you use SSH agent forwarding to connect to another machine through it, then you risk also compromising the target machine!
25248 Instead, you should use either ProxyCommand or ProxyJump (added in OpenSSH 7.3). That way, ssh will forward the TCP connection to the target host via the jump box and the actual connection will be made on your workstation. If someone on the jump box tries to MITM your connection, then you will be warned by ssh.</p>
25249 </blockquote>
25250
25251 <p><hr /></p>
25252
25253 <h3 id="openbsdupgradeguide64to65httpswwwopenbsdorgfaqupgrade65html">[<a href="https://www.openbsd.org/faq/upgrade65.html">OpenBSD Upgrade Guide: 6.4 to 6.5</a></h3>
25254
25255 <blockquote>
25256 <p>Start by performing the pre-upgrade steps. Next, boot from the install kernel, bsd.rd: use bootable install media, or place the 6.5 version of bsd.rd in the root of your filesystem and instruct the boot loader to boot this kernel. Once this kernel is booted, choose the (U)pgrade option and follow the prompts. Apply the configuration changes and remove the old files. Finish up by upgrading the packages: pkg_add -u.
25257 Alternatively, you can use the manual upgrade process.
25258 You may wish to check the errata page or upgrade to the stable branch to get any post-release fixes.</p>
25259 </blockquote>
25260
25261 <ul>
25262 <li>Before rebooting into the install kernel</li>
25263
25264 <li>Configuration and syntax changes</li>
25265
25266 <li>Files to remove</li>
25267
25268 <li>Special packages</li>
25269
25270 <li>Upgrade without the install kernel</li>
25271 </ul>
25272
25273 <p><hr /></p>
25274
25275 <h2 id="beastiebits">Beastie Bits</h2>
25276
25277 <ul>
25278 <li><a href="https://lists.freebsd.org/pipermail/freebsd-announce/2019-April/001873.html">2019 FreeBSD Community Survey</a></li>
25279
25280 <li><a href="https://blog.seagate.com/craftsman-ship/seagate-shows-dual-actuator-speed-gains-in-real-world-setup/">Seagate runs Mach.2 demo on FreeBSD</a></li>
25281
25282 <li><a href="https://www.youtube.com/watch?v=2KoD-jXjHok&t=7s">FreeBSD: Resizing and Growing Disks</a></li>
25283
25284 <li><a href="https://old.reddit.com/r/freebsd/comments/bh1abv/loading_49_on_an_old_tandy_4025lx_386_16mb_1gb_hd/">Loading 4.9 on an old Tandy 4025LX - 386, 16MB, 1GB HD. Good old external SCSI CD</a></li>
25285
25286 <li><a href="https://forums.os108.org/d/6-os108-mate-20190422-released">OS108 MATE 20190422 released</a></li>
25287 </ul>
25288
25289 <p><hr /></p>
25290
25291 <h2 id="feedbackquestions">Feedback/Questions</h2>
25292
25293 <ul>
25294 <li>Casey - <a href="http://dpaste.com/39VJ7NH#wrap">Oklahoma City & James</a></li>
25295
25296 <li>Michael - <a href="http://dpaste.com/2VSKEGW#wrap">Question on SAS backplane (camcontrol?)</a></li>
25297
25298 <li>Ales - <a href="http://dpaste.com/0AD0HBY#wrap">OpenBSD, FreeNAS, OpenZFS questions</a></li>
25299 </ul>
25300
25301 <p><hr /></p>
25302
25303 <ul>
25304 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
25305 </ul>
25306
25307 <p><hr /></p>
25308
25309 <video controls preload="metadata" style=" width:426px; height:240px;">
25310 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0297.mp4" type="video/mp4">
25311 Your browser does not support the HTML5 video tag.
25312 </video>]]>
25313 </content:encoded>
25314 <itunes:summary>
25315 <![CDATA[<p>FreeBSD ZFS vs. ZoL performance, Dragonfly 5.4.2 has been release, containing web services with iocell, Solaris 11.4 SRU8, Problem with SSH Agent forwarding, OpenBSD 6.4 to 6.5 upgrade guide, and more.</p>
25316
25317 <h2 id="headlines">Headlines</h2>
25318
25319 <h3 id="freebsdzfsvszolperformanceubuntuzfsonlinuxreferencehttpswwwphoronixcomscanphppagearticleitemfreebsdzolaprilnum1"><a href="https://www.phoronix.com/scan.php?page=article&item=freebsd-zol-april&num=1">FreeBSD ZFS vs. ZoL Performance, Ubuntu ZFS On Linux Reference</a></h3>
25320
25321 <blockquote>
25322 <p>With iX Systems having released new images of FreeBSD reworked with their ZFS On Linux code that is in development to ultimately replace their existing FreeBSD ZFS support derived from the code originally found in the Illumos source tree, here are some fresh benchmarks looking at the FreeBSD 12 performance of ZFS vs. ZoL vs. UFS and compared to Ubuntu Linux on the same system with EXT4 and ZFS.
25323 Using an Intel Xeon E3-1275 v6 with ASUS P10S-M WS motherboard, 2 x 8GB DDR4-2400 ECC UDIMMs, and Samsung 970 EVO Plus 500GB NVMe solid-state drive was used for all of this round of testing. Just a single modern NVMe SSD was used for this round of ZFS testing while as the FreeBSD ZoL code matures I'll test on multiple systems using a more diverse range of storage devices.
25324 FreeBSD 12 ZoL was tested using the iX Systems image and then fresh installs done of FreeBSD 12.0-RELEASE when defaulting to the existing ZFS root file-system support and again when using the aging UFS file-system. Ubuntu 18.04.2 LTS with the Linux 4.18 kernel was used when testing its default EXT4 file-system and then again when using the Ubuntu-ZFS ZoL support. Via the Phoronix Test Suite various BSD/Linux I/O benchmarks were carried out.
25325 Overall, the FreeBSD ZFS On Linux port is looking good so far and we are looking forward to it hopefully maturing in time for FreeBSD 13.0. Nice job to iX Systems and all of those involved, especially the ZFS On Linux project. Those wanting to help in testing can try the FreeBSD ZoL spins. Stay tuned for more benchmarks and on more diverse hardware as time allows and the FreeBSD ZoL support further matures, but so far at least the performance numbers are in good shape.</p>
25326 </blockquote>
25327
25328 <p><hr /></p>
25329
25330 <h3 id="dragonflybsd542isouthttpswwwdragonflybsdorgrelease54"><a href="https://www.dragonflybsd.org/release54/">DragonFlyBSD 5.4.2 is out</a></h3>
25331
25332 <p><a href="http://lists.dragonflybsd.org/pipermail/users/2019-April/358160.html">Upgrading guide</a></p>
25333
25334 <blockquote>
25335 <p>Here's the tag commit, for what has changed from <a href="http://lists.dragonflybsd.org/pipermail/commits/2019-April/718697.html">5.4.1 to 5.4.2</a>
25336 The normal ISO and IMG files are available for download and install, plus an uncompressed ISO image for those installing remotely. I uploaded them to mirror-master.dragonflybsd.org last night so they should be at your local mirror or will be soon. This version includes Matt's fix for the HAMMER2 corruption bug he identified recently.
25337 If you have an existing 5.4 system and are running a generic kernel, the normal upgrade process will work.</p>
25338 </blockquote>
25339
25340 <pre><code>> cd /usr/src
25341 > git pull
25342 > make buildworld.
25343 > make buildkernel.
25344 > make installkernel.
25345 > make installworld
25346 > make upgrade
25347 </code></pre>
25348
25349 <blockquote>
25350 <p>After your next reboot, you can optionally update your rescue system:</p>
25351 </blockquote>
25352
25353 <pre><code>> cd /usr/src
25354 > make initrd
25355 </code></pre>
25356
25357 <blockquote>
25358 <p>As always, make sure your packages are up to date:</p>
25359 </blockquote>
25360
25361 <pre><code>> pkg update
25362 > pkg upgrade
25363 </code></pre>
25364
25365 <p><hr /></p>
25366
25367 <h2 id="newsroundup">News Roundup</h2>
25368
25369 <h3 id="containingwebserviceswithiocellhttpsgioarcme20170305containingwebserviceswithiocell"><a href="https://gioarc.me/2017/03/05/containing-web-services-with-iocell/">Containing web services with iocell</a></h3>
25370
25371 <blockquote>
25372 <p>I'm a huge fan of the FreeBSD jails feature. It is a great system for splitting services into logical units with all the performance of the bare metal system. In fact, this very site runs in its own jail! If this is starting to sound like LXC or Docker, it might surprise you to learn that OS-level virtualization has existed for quite some time. Kudos to the Linux folks for finally getting around to it. 😛
25373 If you're interested in the history behind Jails, there is an excellent talk from Papers We Love on the subject: https://www.youtube.com/watch?v=hgN8pCMLI2U</p>
25374 </blockquote>
25375
25376 <ul>
25377 <li>Getting started</li>
25378 </ul>
25379
25380 <blockquote>
25381 <p>There are plenty of options when it comes to setting up the jail system. Ezjail and Iocage seem popular, or you could do things manually. Iocage was recently rewritten in python, but was originally a set of shell scripts. That version has since been forked under the name Iocell, and I think it's pretty neat, so this tutorial will be using Iocell.</p>
25382 </blockquote>
25383
25384 <ul>
25385 <li>To start, you'll need the following:
25386
25387
25388 <ul>
25389 <li>A FreeBSD install (we'll be using 11.0)</li>
25390
25391 <li>The iocell package (available as a package, also in the ports tree)</li>
25392
25393 <li>A ZFS pool for hosting the jails</li></ul>
25394 </li>
25395 </ul>
25396
25397 <blockquote>
25398 <p>Once you have installed iocell and configured your ZFS pool, you'll need to run a few commands before creating your first jail. First, tell iocell which ZFS pool to use by issuing iocell activate $POOLNAME. Iocell will create a few datasets.</p>
25399
25400 <p>As you can imagine, your jails are contained within the /iocell/jails dataset. The /iocell/releases dataset is used for storing the next command we need to run, iocell fetch. Iocell will ask you which release you'd like to pull down. Since we're running 11.0 on the host, pick 11.0-RELEASE. Iocell will download the necessary txz files and unpack them in /iocell/releases.</p>
25401 </blockquote>
25402
25403 <ul>
25404 <li>See Article for the rest of the walkthrough.</li>
25405 </ul>
25406
25407 <p><hr /></p>
25408
25409 <h3 id="oraclesolaris114sru8httpsblogsoraclecomsolarisannouncingoraclesolaris114sru8"><a href="https://blogs.oracle.com/solaris/announcing-oracle-solaris-114-sru8">Oracle Solaris 11.4 SRU8</a></h3>
25410
25411 <blockquote>
25412 <p>Today we are releasing the SRU 8 for Oracle Solaris 11.4. It is available via 'pkg update' from the support repository or by downloading the SRU from My Oracle Support Doc ID 2433412.1.</p>
25413
25414 <ul>
25415 <li>This SRU introduces the following enhancements:
25416
25417
25418 <ul>
25419 <li>Integration of 28060039 introduced an issue where any firmware update/query commands will log eereports and repeated execution of such commands led to faulty/degraded NIC. The issue has been addressed in this SRU.</li>
25420
25421 <li>UCB (libucb, librpcsoc, libdbm, libtermcap, and libcurses) libraries have been reinstated for Oracle Solaris 11.4</li>
25422
25423 <li>Re-introduction of the service fc-fabric.</li>
25424
25425 <li>ibus has been updated to 1.5.19</li></ul>
25426 </li>
25427 </ul>
25428 </blockquote>
25429
25430 <ul>
25431 <li>The following components have also been updated to address security issues:
25432
25433
25434 <ul>
25435 <li>NTP has been updated to 4.2.8p12</li>
25436
25437 <li>Firefox has been updated to 60.6.0esr</li>
25438
25439 <li>BIND has been updated to 9.11.6</li>
25440
25441 <li>OpenSSL has been updated to 1.0.2r</li>
25442
25443 <li>MySQL has been updated to 5.6.43 & 5.7.25</li>
25444
25445 <li>libxml2 has been updated to 2.9.9</li>
25446
25447 <li>libxslt has been updated to 1.1.33</li>
25448
25449 <li>Wireshark has been updated to 2.6.7</li>
25450
25451 <li>ncurses has been updated to 6.1.0.20190105</li>
25452
25453 <li>Apache Web Server has been updated to 2.4.38</li>
25454
25455 <li>perl 5.22</li>
25456
25457 <li>pkg.depot</li></ul>
25458 </li>
25459 </ul>
25460
25461 <p><hr /></p>
25462
25463 <h3 id="theproblemwithsshagentforwardinghttpsdefnio20190412sshforwarding"><a href="https://defn.io/2019/04/12/ssh-forwarding/">The Problem with SSH Agent Forwarding</a></h3>
25464
25465 <blockquote>
25466 <p>After hacking the matrix.org website today, the attacker opened a series of GitHub issues mentioning the flaws he discovered. In one of those issues, he mentions that “complete compromise could have been avoided if developers were prohibited from using [SSH agent forwarding].”
25467 Here’s what man ssh_config has to say about ForwardAgent: "Agent forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the agent’s Unix-domain socket) can access the local agent through the forwarded connection. An attacker cannot obtain key material from the agent, however they can perform operations on the keys that enable them to authenticate using the identities loaded into the agent.""
25468 Simply put: if your jump box is compromised and you use SSH agent forwarding to connect to another machine through it, then you risk also compromising the target machine!
25469 Instead, you should use either ProxyCommand or ProxyJump (added in OpenSSH 7.3). That way, ssh will forward the TCP connection to the target host via the jump box and the actual connection will be made on your workstation. If someone on the jump box tries to MITM your connection, then you will be warned by ssh.</p>
25470 </blockquote>
25471
25472 <p><hr /></p>
25473
25474 <h3 id="openbsdupgradeguide64to65httpswwwopenbsdorgfaqupgrade65html">[<a href="https://www.openbsd.org/faq/upgrade65.html">OpenBSD Upgrade Guide: 6.4 to 6.5</a></h3>
25475
25476 <blockquote>
25477 <p>Start by performing the pre-upgrade steps. Next, boot from the install kernel, bsd.rd: use bootable install media, or place the 6.5 version of bsd.rd in the root of your filesystem and instruct the boot loader to boot this kernel. Once this kernel is booted, choose the (U)pgrade option and follow the prompts. Apply the configuration changes and remove the old files. Finish up by upgrading the packages: pkg_add -u.
25478 Alternatively, you can use the manual upgrade process.
25479 You may wish to check the errata page or upgrade to the stable branch to get any post-release fixes.</p>
25480 </blockquote>
25481
25482 <ul>
25483 <li>Before rebooting into the install kernel</li>
25484
25485 <li>Configuration and syntax changes</li>
25486
25487 <li>Files to remove</li>
25488
25489 <li>Special packages</li>
25490
25491 <li>Upgrade without the install kernel</li>
25492 </ul>
25493
25494 <p><hr /></p>
25495
25496 <h2 id="beastiebits">Beastie Bits</h2>
25497
25498 <ul>
25499 <li><a href="https://lists.freebsd.org/pipermail/freebsd-announce/2019-April/001873.html">2019 FreeBSD Community Survey</a></li>
25500
25501 <li><a href="https://blog.seagate.com/craftsman-ship/seagate-shows-dual-actuator-speed-gains-in-real-world-setup/">Seagate runs Mach.2 demo on FreeBSD</a></li>
25502
25503 <li><a href="https://www.youtube.com/watch?v=2KoD-jXjHok&t=7s">FreeBSD: Resizing and Growing Disks</a></li>
25504
25505 <li><a href="https://old.reddit.com/r/freebsd/comments/bh1abv/loading_49_on_an_old_tandy_4025lx_386_16mb_1gb_hd/">Loading 4.9 on an old Tandy 4025LX - 386, 16MB, 1GB HD. Good old external SCSI CD</a></li>
25506
25507 <li><a href="https://forums.os108.org/d/6-os108-mate-20190422-released">OS108 MATE 20190422 released</a></li>
25508 </ul>
25509
25510 <p><hr /></p>
25511
25512 <h2 id="feedbackquestions">Feedback/Questions</h2>
25513
25514 <ul>
25515 <li>Casey - <a href="http://dpaste.com/39VJ7NH#wrap">Oklahoma City & James</a></li>
25516
25517 <li>Michael - <a href="http://dpaste.com/2VSKEGW#wrap">Question on SAS backplane (camcontrol?)</a></li>
25518
25519 <li>Ales - <a href="http://dpaste.com/0AD0HBY#wrap">OpenBSD, FreeNAS, OpenZFS questions</a></li>
25520 </ul>
25521
25522 <p><hr /></p>
25523
25524 <ul>
25525 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
25526 </ul>
25527
25528 <p><hr /></p>
25529
25530 <video controls preload="metadata" style=" width:426px; height:240px;">
25531 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0297.mp4" type="video/mp4">
25532 Your browser does not support the HTML5 video tag.
25533 </video>]]>
25534 </itunes:summary>
25535 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+KHsEGk1H</fireside:playerURL>
25536 <fireside:playerEmbedCode>
25537 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+KHsEGk1H" width="740" height="200" frameborder="0" scrolling="no">]]>
25538 </fireside:playerEmbedCode>
25539 </item>
25540 <item>
25541 <title>296: It’s Alive: OpenBSD 6.5</title>
25542 <link>https://www.bsdnow.tv/296</link>
25543 <guid isPermaLink="false">81313d3c-40f8-49f3-bc58-f34f5dfcf51d</guid>
25544 <pubDate>Fri, 03 May 2019 10:00:00 -0700</pubDate>
25545 <author>Allan Jude</author>
25546 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/81313d3c-40f8-49f3-bc58-f34f5dfcf51d.mp3" length="37476669" type="audio/mp3"/>
25547 <itunes:episodeType>full</itunes:episodeType>
25548 <itunes:author>Allan Jude</itunes:author>
25549 <itunes:subtitle>OpenBSD 6.5 has been released, mount ZFS datasets anywhere, help test upcoming NetBSD 9 branch, LibreSSL 2.9.1 is available, Bail Bond Denied Edition of FreeBSD Mastery: Jails, and one reason ed(1) was a good editor back in the days in this week’s episode.</itunes:subtitle>
25550 <itunes:duration>1:01:35</itunes:duration>
25551 <itunes:explicit>no</itunes:explicit>
25552 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
25553 <description>OpenBSD 6.5 has been released, mount ZFS datasets anywhere, help test upcoming NetBSD 9 branch, LibreSSL 2.9.1 is available, Bail Bond Denied Edition of FreeBSD Mastery: Jails, and one reason ed(1) was a good editor back in the days in this week’s episode.
25554 <h2 id="headlines">Headlines</h2>
25555
25556 <h3 id="openbsd65releasedhttpswwwopenbsdorg65html"><a href="https://www.openbsd.org/65.html">OpenBSD 6.5 Released</a></h3>
25557
25558 <ul>
25559 <li><a href="https://www.openbsd.org/plus65.html">Changelog</a></li>
25560
25561 <li><a href="https://www.openbsd.org/ftp.html">Mirrors</a></li>
25562
25563 <li>6.5 Includes
25564
25565
25566 <ul>
25567 <li>OpenSMTPD 6.5.0</li>
25568
25569 <li>LibreSSL 2.9.1</li>
25570
25571 <li>OpenSSH 8.0</li>
25572
25573 <li>Mandoc 1.14.5</li>
25574
25575 <li>Xenocara</li>
25576
25577 <li>LLVM/Clang 7.0.1 (+ patches)</li>
25578
25579 <li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)</li></ul>
25580 </li>
25581
25582 <li>Many pre-built packages for each architecture:
25583
25584
25585 <ul>
25586 <li>aarch64: 9654</li>
25587
25588 <li>amd64: 10602</li>
25589
25590 <li>i386: 10535</li></ul>
25591 </li>
25592 </ul>
25593
25594 <hr />
25595 <h3 id="mountyourzfsdatasetsanywhereyouwanthttpsdanlangilleorg20190422mountyourzfsdatasetsanywhereyouwant"><a href="https://dan.langille.org/2019/04/22/mount-your-zfs-datasets-anywhere-you-want/">Mount your ZFS datasets anywhere you want</a></h3>
25596
25597 <blockquote>
25598 <p>ZFS is very flexible about mountpoints, and there are many features available to provide great flexibility.
25599 When you create zpool main<em>tank, the default mountpoint is /main</em>tank.
25600 You might be happy with that, but you don’t have to be content. You can do magical things.</p>
25601 </blockquote>
25602
25603 <ul>
25604 <li>Some highlights are:
25605
25606
25607 <ul>
25608 <li>mount point can be inherited</li>
25609
25610 <li>not all filesystems in a zpool need to be mounted</li>
25611
25612 <li>each filesystem (directory) can have different ZFS characteristics</li>
25613
25614 <li>In my case, let’s look at this new zpool I created earlier today and I will show you some very simple alternatives. This zpool use NVMe devices which should be faster than SSDs especially when used with multiple concurrent writes. This is my plan: run all the Bacula regression tests concurrently.</li></ul>
25615 </li>
25616 </ul>
25617
25618 <hr />
25619 <h2 id="newsroundup">News Roundup</h2>
25620
25621 <h3 id="branchfornetbsd9upcomingpleasehelpandtestcurrenthttpsmailindexnetbsdorgcurrentusers20190424msg035645html"><a href="https://mail-index.netbsd.org/current-users/2019/04/24/msg035645.html">Branch for netbsd 9 upcoming, please help and test -current</a></h3>
25622
25623 <blockquote>
25624 <p>Folks,
25625 once again we are quite late for branching the next NetBSD release (NetBSD 9).
25626 Initially planned to happen early in February 2019, we are now approaching May and it is unlikely that the branch will happen before that.
25627 On the positive side, lots of good things landed in -current in between, like new Mesa, new jemalloc, lots of ZFS improvements - and some of those would be hard to pull up to the branch later.
25628 On the bad side we saw lots of churn in -current recently, and there is quite some fallout where we not even have a good overview right now. And this is where you can help:</p>
25629
25630 <ul>
25631 <li>please test -current, on all the various machines you have</li>
25632
25633 <li>especially interesting would be test results from uncommon architectures
25634 or strange combinations (like the sparc userland on sparc64 kernel issue
25635 I ran in yesterday)
25636 Please test, report success, and file PRs for failures!
25637 We will likely announce the real branch date on quite short notice, the likely next candidates would be mid may or end of may.
25638 We may need to do extra steps after the branch (like switch some architectures back to old jemalloc on the branch). However, the less difference between -current and the branch, the easier will the release cycle go.
25639 Our goal is to have an unprecedented short release cycle this time. But..
25640 we always say that upfront.</li>
25641 </ul>
25642
25643 <hr />
25644 </blockquote>
25645
25646 <h3 id="libressl291releasedhttpsmarcinfolopenbsdannouncem155590112606279w2"><a href="https://marc.info/?l=openbsd-announce&amp;m=155590112606279&amp;w=2">LibreSSL 2.9.1 Released</a></h3>
25647
25648 <blockquote>
25649 <p>We have released LibreSSL 2.9.1, which will be arriving in the LibreSSL
25650 directory of your local OpenBSD mirror soon. This is the first stable release
25651 from the 2.9 series, which is also included with OpenBSD 6.5</p>
25652
25653 <p>It includes the following changes and improvements from LibreSSL 2.8.x:</p>
25654 </blockquote>
25655
25656 <ul>
25657 <li><p>API and Documentation Enhancements</p>
25658
25659 <ul>
25660 <li>CRYPTO_LOCK is now automatically initialized, with the legacy
25661 callbacks stubbed for compatibility.</li>
25662
25663 <li>Added the SM3 hash function from the Chinese standard GB/T 32905-2016.</li>
25664
25665 <li>Added the SM4 block cipher from the Chinese standard GB/T 32907-2016.</li>
25666
25667 <li>Added more OPENSSL<em>NO</em>* macros for compatibility with OpenSSL.</li>
25668
25669 <li>Partial port of the OpenSSL EC<em>KEY</em>METHOD API for use by OpenSSH.</li>
25670
25671 <li>Implemented further missing OpenSSL 1.1 API.</li>
25672
25673 <li>Added support for XChaCha20 and XChaCha20-Poly1305.</li>
25674
25675 <li>Added support for AES key wrap constructions via the EVP interface.</li></ul></li>
25676
25677 <li><p>Compatibility Changes</p>
25678
25679 <ul>
25680 <li>Added pbkdf2 key derivation support to openssl(1) enc.</li>
25681
25682 <li>Changed the default digest type of openssl(1) enc to sha256.</li>
25683
25684 <li>Changed the default digest type of openssl(1) dgst to sha256.</li>
25685
25686 <li>Changed the default digest type of openssl(1) x509 -fingerprint to sha256.</li>
25687
25688 <li>Changed the default digest type of openssl(1) crl -fingerprint to sha256.</li></ul></li>
25689
25690 <li><p>Testing and Proactive Security</p>
25691
25692 <ul>
25693 <li>Added extensive interoperability tests between LibreSSL and OpenSSL
25694 1.0 and 1.1.</li>
25695
25696 <li>Added additional Wycheproof tests and related bug fixes.</li></ul></li>
25697
25698 <li><p>Internal Improvements</p>
25699
25700 <ul>
25701 <li>Simplified sigalgs option processing and handshake signing
25702 algorithm selection.</li>
25703
25704 <li>Added the ability to use the RSA PSS algorithm for handshake signatures.</li>
25705
25706 <li>Added bn<em>rand</em>interval() and use it in code needing ranges of
25707 random bn values.</li>
25708
25709 <li>Added functionality to derive early, handshake, and application
25710 secrets as per RFC8446.</li>
25711
25712 <li>Added handshake state machine from RFC8446.</li>
25713
25714 <li>Removed some ASN.1 related code from libcrypto that had not been
25715 used since around 2000.</li>
25716
25717 <li>Unexported internal symbols and internalized more record layer structs.</li>
25718
25719 <li>Removed SHA224 based handshake signatures from consideration for
25720 use in a TLS 1.2 handshake.</li></ul></li>
25721
25722 <li><p>Portable Improvements</p>
25723
25724 <ul>
25725 <li>Added support for assembly optimizations on 32-bit ARM ELF targets.</li>
25726
25727 <li>Added support for assembly optimizations on Mingw-w64 targets.</li>
25728
25729 <li>Improved Android compatibility</li></ul></li>
25730
25731 <li><p>Bug Fixes</p>
25732
25733 <p><ul>
25734 <li>Improved protection against timing side channels in ECDSA signature
25735 generation.</li></p>
25736
25737 <p><li>Coordinate blinding was added to some elliptic curves. This is the
25738 last bit of the work by Brumley et al. to protect against the Portsmash
25739 vulnerability.</li></p>
25740
25741 <p><li>Ensure transcript handshake is always freed with TLS 1.2.</li></ul>
25742
25743 <p></p></li>
25744 </ul></p>
25745
25746 <blockquote>
25747 <p>The LibreSSL project continues improvement of the codebase to reflect modern,
25748 safe programming practices. We welcome feedback and improvements from the
25749 broader community. Thanks to all of the contributors who helped make this
25750 release possible.</p>
25751
25752 <hr />
25753 </blockquote>
25754
25755 <h3 id="freebsdmasteryjailsbailbonddeniededitionhttpsmwlioarchives4227"><a href="https://mwl.io/archives/4227">FreeBSD Mastery: Jails – Bail Bond Denied Edition</a></h3>
25756
25757 <blockquote>
25758 <p>I had a brilliant, hideous idea: to produce a charity edition of FreeBSD Mastery: Jails featuring the cover art I would use if I was imprisoned and did not have access to a real cover artist. (Never mind that I wouldn’t be permitted to release books while in jail: we creative sorts scoff at mere legal and cultural details.)
25759 I originally wanted to produce my own take on the book’s cover art. My first attempt failed spectacularly.
25760 I downgraded my expectations and tried again. And again. And again.
25761 I’m pleased to reveal the final cover for FreeBSD Mastery: Jails–Bail Bond Edition!
25762 This cover represents the very pinnacle of my artistic talents, and is the result of literally hours of effort.
25763 But, as this book is available only to the winner of charity fund-raisers, purchase of this tome represents moral supremacy. I recommend flaunting it to your family, coworkers, and all those of lesser character.
25764 Get your copy by winning the BSDCan 2019 charity auction… or any other other auction-type event I deem worthwhile.
25765 As far as my moral fiber goes: I have learned that art is hard, and that artists are not paid enough.
25766 And if I am ever imprisoned, I do hope that you’ll contribute to my bail fund. Otherwise, you’ll get more covers like this one.</p>
25767 </blockquote>
25768
25769 <hr />
25770
25771 <h3 id="onereasoned1wasagoodeditorbackinthedaysofv7unixhttpsutccutorontocatcksspaceblogunixeddesignedforcookedinput"><a href="https://utcc.utoronto.ca/~cks/space/blog/unix/EdDesignedForCookedInput">One reason ed(1) was a good editor back in the days of V7 Unix</a></h3>
25772
25773 <blockquote>
25774 <p>It is common to describe ed(1) as being line oriented, as opposed to screen oriented editors like vi. This is completely accurate but it is perhaps not a complete enough description for today, because ed is line oriented in a way that is now uncommon. After all, you could say that your shell is line oriented too, and very few people use shells that work and feel the same way ed does.
25775 The surface difference between most people's shells and ed is that most people's shells have some version of cursor based interactive editing. The deeper difference is that this requires the shell to run in character by character TTY input mode, also called raw mode. By contrast, ed runs in what Unix usually calls cooked mode, where it reads whole lines from the kernel and the kernel handles things like backspace. All of ed's commands are designed so that they work in this line focused way (including being terminated by the end of the line), and as a whole ed's interface makes this whole line input approach natural. In fact I think ed makes it so natural that it's hard to think of things as being any other way. Ed was designed for line at a time input, not just to not be screen oriented.
25776 This input mode difference is not very important today, but in the days of V7 and serial terminals it made a real difference. In cooked mode, V7 ran very little code when you entered each character; almost everything was deferred until it could be processed in bulk by the kernel, and then handed to ed all in a single line which ed could also process all at once. A version of ed that tried to work in raw mode would have been much more resource intensive, even if it still operated on single lines at a time.</p>
25777 </blockquote>
25778
25779 <hr />
25780
25781 <h2 id="beastiebits">Beastie Bits</h2>
25782
25783 <ul>
25784 <li><a href="https://lists.freebsd.org/pipermail/freebsd-fs/2019-April/027603.html">CFT for FreeBSD ZoL</a></li>
25785
25786 <li><a href="https://github.com/wilyarti/simple-dns-adblock">Simple DNS Adblock</a></li>
25787
25788 <li><a href="https://twitter.com/unix_byte/status/1119904828182781958">AT&amp;T Unix PC in 1985</a></li>
25789
25790 <li><a href="https://marc.info/?l=openbsd-cvs&amp;m=155523690813457&amp;w=2">OpenBSD-current drm at 4.19, includes new support for Intel GPUs like Coffee Lake</a></li>
25791
25792 <li><a href="https://twitter.com/cfenollosa/status/1122069042083323904">"What are the differences between Linux and OpenBSD?" - Twitter thread</a></li>
25793
25794 <li><a href="http://mail-index.netbsd.org/pkgsrc-users/2019/04/10/msg028308.html">Announcing the pkgsrc-2019Q1 release (2019-04-10)</a></li>
25795 </ul>
25796
25797 <hr />
25798 <h2 id="feedbackquestions">Feedback/Questions</h2>
25799
25800 <ul>
25801 <li>Brad - <a href="http://dpaste.com/0K2QFTM#wrap">iocage</a></li>
25802
25803 <li>Frank - <a href="http://dpaste.com/3110R96#wrap">Video from Level1Tech and a question</a></li>
25804
25805 <li>Niall - <a href="http://dpaste.com/0A32XDK#wrap">Revision Control</a></li>
25806 </ul>
25807
25808 <hr />
25809 <ul>
25810 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
25811 </ul>
25812
25813 <hr />
25814 <video controls preload="metadata" style=" width:426px; height:240px;">
25815 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0296.mp4" type="video/mp4">
25816 Your browser does not support the HTML5 video tag.
25817 </video>
25818 </description>
25819 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, zfs, libressl, ed, michael lucas, dns, pkgsrc</itunes:keywords>
25820 <content:encoded>
25821 <![CDATA[<p>OpenBSD 6.5 has been released, mount ZFS datasets anywhere, help test upcoming NetBSD 9 branch, LibreSSL 2.9.1 is available, Bail Bond Denied Edition of FreeBSD Mastery: Jails, and one reason ed(1) was a good editor back in the days in this week’s episode.</p>
25822
25823 <h2 id="headlines">Headlines</h2>
25824
25825 <h3 id="openbsd65releasedhttpswwwopenbsdorg65html"><a href="https://www.openbsd.org/65.html">OpenBSD 6.5 Released</a></h3>
25826
25827 <ul>
25828 <li><a href="https://www.openbsd.org/plus65.html">Changelog</a></li>
25829
25830 <li><a href="https://www.openbsd.org/ftp.html">Mirrors</a></li>
25831
25832 <li>6.5 Includes
25833
25834
25835 <ul>
25836 <li>OpenSMTPD 6.5.0</li>
25837
25838 <li>LibreSSL 2.9.1</li>
25839
25840 <li>OpenSSH 8.0</li>
25841
25842 <li>Mandoc 1.14.5</li>
25843
25844 <li>Xenocara</li>
25845
25846 <li>LLVM/Clang 7.0.1 (+ patches)</li>
25847
25848 <li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)</li></ul>
25849 </li>
25850
25851 <li>Many pre-built packages for each architecture:
25852
25853
25854 <ul>
25855 <li>aarch64: 9654</li>
25856
25857 <li>amd64: 10602</li>
25858
25859 <li>i386: 10535</li></ul>
25860 </li>
25861 </ul>
25862
25863 <p><hr /></p>
25864
25865 <h3 id="mountyourzfsdatasetsanywhereyouwanthttpsdanlangilleorg20190422mountyourzfsdatasetsanywhereyouwant"><a href="https://dan.langille.org/2019/04/22/mount-your-zfs-datasets-anywhere-you-want/">Mount your ZFS datasets anywhere you want</a></h3>
25866
25867 <blockquote>
25868 <p>ZFS is very flexible about mountpoints, and there are many features available to provide great flexibility.
25869 When you create zpool main<em>tank, the default mountpoint is /main</em>tank.
25870 You might be happy with that, but you don’t have to be content. You can do magical things.</p>
25871 </blockquote>
25872
25873 <ul>
25874 <li>Some highlights are:
25875
25876
25877 <ul>
25878 <li>mount point can be inherited</li>
25879
25880 <li>not all filesystems in a zpool need to be mounted</li>
25881
25882 <li>each filesystem (directory) can have different ZFS characteristics</li>
25883
25884 <li>In my case, let’s look at this new zpool I created earlier today and I will show you some very simple alternatives. This zpool use NVMe devices which should be faster than SSDs especially when used with multiple concurrent writes. This is my plan: run all the Bacula regression tests concurrently.</li></ul>
25885 </li>
25886 </ul>
25887
25888 <p><hr /></p>
25889
25890 <h2 id="newsroundup">News Roundup</h2>
25891
25892 <h3 id="branchfornetbsd9upcomingpleasehelpandtestcurrenthttpsmailindexnetbsdorgcurrentusers20190424msg035645html"><a href="https://mail-index.netbsd.org/current-users/2019/04/24/msg035645.html">Branch for netbsd 9 upcoming, please help and test -current</a></h3>
25893
25894 <blockquote>
25895 <p>Folks,
25896 once again we are quite late for branching the next NetBSD release (NetBSD 9).
25897 Initially planned to happen early in February 2019, we are now approaching May and it is unlikely that the branch will happen before that.
25898 On the positive side, lots of good things landed in -current in between, like new Mesa, new jemalloc, lots of ZFS improvements - and some of those would be hard to pull up to the branch later.
25899 On the bad side we saw lots of churn in -current recently, and there is quite some fallout where we not even have a good overview right now. And this is where you can help:</p>
25900
25901 <ul>
25902 <li>please test -current, on all the various machines you have</li>
25903
25904 <li>especially interesting would be test results from uncommon architectures
25905 or strange combinations (like the sparc userland on sparc64 kernel issue
25906 I ran in yesterday)
25907 Please test, report success, and file PRs for failures!
25908 We will likely announce the real branch date on quite short notice, the likely next candidates would be mid may or end of may.
25909 We may need to do extra steps after the branch (like switch some architectures back to old jemalloc on the branch). However, the less difference between -current and the branch, the easier will the release cycle go.
25910 Our goal is to have an unprecedented short release cycle this time. But..
25911 we always say that upfront.</li>
25912 </ul>
25913
25914 <hr />
25915 </blockquote>
25916
25917 <h3 id="libressl291releasedhttpsmarcinfolopenbsdannouncem155590112606279w2"><a href="https://marc.info/?l=openbsd-announce&m=155590112606279&w=2">LibreSSL 2.9.1 Released</a></h3>
25918
25919 <blockquote>
25920 <p>We have released LibreSSL 2.9.1, which will be arriving in the LibreSSL
25921 directory of your local OpenBSD mirror soon. This is the first stable release
25922 from the 2.9 series, which is also included with OpenBSD 6.5</p>
25923
25924 <p>It includes the following changes and improvements from LibreSSL 2.8.x:</p>
25925 </blockquote>
25926
25927 <ul>
25928 <li><p>API and Documentation Enhancements</p>
25929
25930 <ul>
25931 <li>CRYPTO_LOCK is now automatically initialized, with the legacy
25932 callbacks stubbed for compatibility.</li>
25933
25934 <li>Added the SM3 hash function from the Chinese standard GB/T 32905-2016.</li>
25935
25936 <li>Added the SM4 block cipher from the Chinese standard GB/T 32907-2016.</li>
25937
25938 <li>Added more OPENSSL<em>NO</em>* macros for compatibility with OpenSSL.</li>
25939
25940 <li>Partial port of the OpenSSL EC<em>KEY</em>METHOD API for use by OpenSSH.</li>
25941
25942 <li>Implemented further missing OpenSSL 1.1 API.</li>
25943
25944 <li>Added support for XChaCha20 and XChaCha20-Poly1305.</li>
25945
25946 <li>Added support for AES key wrap constructions via the EVP interface.</li></ul></li>
25947
25948 <li><p>Compatibility Changes</p>
25949
25950 <ul>
25951 <li>Added pbkdf2 key derivation support to openssl(1) enc.</li>
25952
25953 <li>Changed the default digest type of openssl(1) enc to sha256.</li>
25954
25955 <li>Changed the default digest type of openssl(1) dgst to sha256.</li>
25956
25957 <li>Changed the default digest type of openssl(1) x509 -fingerprint to sha256.</li>
25958
25959 <li>Changed the default digest type of openssl(1) crl -fingerprint to sha256.</li></ul></li>
25960
25961 <li><p>Testing and Proactive Security</p>
25962
25963 <ul>
25964 <li>Added extensive interoperability tests between LibreSSL and OpenSSL
25965 1.0 and 1.1.</li>
25966
25967 <li>Added additional Wycheproof tests and related bug fixes.</li></ul></li>
25968
25969 <li><p>Internal Improvements</p>
25970
25971 <ul>
25972 <li>Simplified sigalgs option processing and handshake signing
25973 algorithm selection.</li>
25974
25975 <li>Added the ability to use the RSA PSS algorithm for handshake signatures.</li>
25976
25977 <li>Added bn<em>rand</em>interval() and use it in code needing ranges of
25978 random bn values.</li>
25979
25980 <li>Added functionality to derive early, handshake, and application
25981 secrets as per RFC8446.</li>
25982
25983 <li>Added handshake state machine from RFC8446.</li>
25984
25985 <li>Removed some ASN.1 related code from libcrypto that had not been
25986 used since around 2000.</li>
25987
25988 <li>Unexported internal symbols and internalized more record layer structs.</li>
25989
25990 <li>Removed SHA224 based handshake signatures from consideration for
25991 use in a TLS 1.2 handshake.</li></ul></li>
25992
25993 <li><p>Portable Improvements</p>
25994
25995 <ul>
25996 <li>Added support for assembly optimizations on 32-bit ARM ELF targets.</li>
25997
25998 <li>Added support for assembly optimizations on Mingw-w64 targets.</li>
25999
26000 <li>Improved Android compatibility</li></ul></li>
26001
26002 <li><p>Bug Fixes</p>
26003
26004 <p><ul>
26005 <li>Improved protection against timing side channels in ECDSA signature
26006 generation.</li></p>
26007
26008 <p><li>Coordinate blinding was added to some elliptic curves. This is the
26009 last bit of the work by Brumley et al. to protect against the Portsmash
26010 vulnerability.</li></p>
26011
26012 <p><li>Ensure transcript handshake is always freed with TLS 1.2.</li></ul>
26013
26014 <p></p></li>
26015 </ul></p>
26016
26017 <blockquote>
26018 <p>The LibreSSL project continues improvement of the codebase to reflect modern,
26019 safe programming practices. We welcome feedback and improvements from the
26020 broader community. Thanks to all of the contributors who helped make this
26021 release possible.</p>
26022
26023 <hr />
26024 </blockquote>
26025
26026 <h3 id="freebsdmasteryjailsbailbonddeniededitionhttpsmwlioarchives4227"><a href="https://mwl.io/archives/4227">FreeBSD Mastery: Jails – Bail Bond Denied Edition</a></h3>
26027
26028 <blockquote>
26029 <p>I had a brilliant, hideous idea: to produce a charity edition of FreeBSD Mastery: Jails featuring the cover art I would use if I was imprisoned and did not have access to a real cover artist. (Never mind that I wouldn’t be permitted to release books while in jail: we creative sorts scoff at mere legal and cultural details.)
26030 I originally wanted to produce my own take on the book’s cover art. My first attempt failed spectacularly.
26031 I downgraded my expectations and tried again. And again. And again.
26032 I’m pleased to reveal the final cover for FreeBSD Mastery: Jails–Bail Bond Edition!
26033 This cover represents the very pinnacle of my artistic talents, and is the result of literally hours of effort.
26034 But, as this book is available only to the winner of charity fund-raisers, purchase of this tome represents moral supremacy. I recommend flaunting it to your family, coworkers, and all those of lesser character.
26035 Get your copy by winning the BSDCan 2019 charity auction… or any other other auction-type event I deem worthwhile.
26036 As far as my moral fiber goes: I have learned that art is hard, and that artists are not paid enough.
26037 And if I am ever imprisoned, I do hope that you’ll contribute to my bail fund. Otherwise, you’ll get more covers like this one.</p>
26038 </blockquote>
26039
26040 <hr />
26041
26042 <h3 id="onereasoned1wasagoodeditorbackinthedaysofv7unixhttpsutccutorontocatcksspaceblogunixeddesignedforcookedinput"><a href="https://utcc.utoronto.ca/~cks/space/blog/unix/EdDesignedForCookedInput">One reason ed(1) was a good editor back in the days of V7 Unix</a></h3>
26043
26044 <blockquote>
26045 <p>It is common to describe ed(1) as being line oriented, as opposed to screen oriented editors like vi. This is completely accurate but it is perhaps not a complete enough description for today, because ed is line oriented in a way that is now uncommon. After all, you could say that your shell is line oriented too, and very few people use shells that work and feel the same way ed does.
26046 The surface difference between most people's shells and ed is that most people's shells have some version of cursor based interactive editing. The deeper difference is that this requires the shell to run in character by character TTY input mode, also called raw mode. By contrast, ed runs in what Unix usually calls cooked mode, where it reads whole lines from the kernel and the kernel handles things like backspace. All of ed's commands are designed so that they work in this line focused way (including being terminated by the end of the line), and as a whole ed's interface makes this whole line input approach natural. In fact I think ed makes it so natural that it's hard to think of things as being any other way. Ed was designed for line at a time input, not just to not be screen oriented.
26047 This input mode difference is not very important today, but in the days of V7 and serial terminals it made a real difference. In cooked mode, V7 ran very little code when you entered each character; almost everything was deferred until it could be processed in bulk by the kernel, and then handed to ed all in a single line which ed could also process all at once. A version of ed that tried to work in raw mode would have been much more resource intensive, even if it still operated on single lines at a time.</p>
26048 </blockquote>
26049
26050 <hr />
26051
26052 <h2 id="beastiebits">Beastie Bits</h2>
26053
26054 <ul>
26055 <li><a href="https://lists.freebsd.org/pipermail/freebsd-fs/2019-April/027603.html">CFT for FreeBSD ZoL</a></li>
26056
26057 <li><a href="https://github.com/wilyarti/simple-dns-adblock">Simple DNS Adblock</a></li>
26058
26059 <li><a href="https://twitter.com/unix_byte/status/1119904828182781958">AT&T Unix PC in 1985</a></li>
26060
26061 <li><a href="https://marc.info/?l=openbsd-cvs&m=155523690813457&w=2">OpenBSD-current drm at 4.19, includes new support for Intel GPUs like Coffee Lake</a></li>
26062
26063 <li><a href="https://twitter.com/cfenollosa/status/1122069042083323904">"What are the differences between Linux and OpenBSD?" - Twitter thread</a></li>
26064
26065 <li><a href="http://mail-index.netbsd.org/pkgsrc-users/2019/04/10/msg028308.html">Announcing the pkgsrc-2019Q1 release (2019-04-10)</a></li>
26066 </ul>
26067
26068 <p><hr /></p>
26069
26070 <h2 id="feedbackquestions">Feedback/Questions</h2>
26071
26072 <ul>
26073 <li>Brad - <a href="http://dpaste.com/0K2QFTM#wrap">iocage</a></li>
26074
26075 <li>Frank - <a href="http://dpaste.com/3110R96#wrap">Video from Level1Tech and a question</a></li>
26076
26077 <li>Niall - <a href="http://dpaste.com/0A32XDK#wrap">Revision Control</a></li>
26078 </ul>
26079
26080 <p><hr /></p>
26081
26082 <ul>
26083 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
26084 </ul>
26085
26086 <p><hr /></p>
26087
26088 <video controls preload="metadata" style=" width:426px; height:240px;">
26089 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0296.mp4" type="video/mp4">
26090 Your browser does not support the HTML5 video tag.
26091 </video>]]>
26092 </content:encoded>
26093 <itunes:summary>
26094 <![CDATA[<p>OpenBSD 6.5 has been released, mount ZFS datasets anywhere, help test upcoming NetBSD 9 branch, LibreSSL 2.9.1 is available, Bail Bond Denied Edition of FreeBSD Mastery: Jails, and one reason ed(1) was a good editor back in the days in this week’s episode.</p>
26095
26096 <h2 id="headlines">Headlines</h2>
26097
26098 <h3 id="openbsd65releasedhttpswwwopenbsdorg65html"><a href="https://www.openbsd.org/65.html">OpenBSD 6.5 Released</a></h3>
26099
26100 <ul>
26101 <li><a href="https://www.openbsd.org/plus65.html">Changelog</a></li>
26102
26103 <li><a href="https://www.openbsd.org/ftp.html">Mirrors</a></li>
26104
26105 <li>6.5 Includes
26106
26107
26108 <ul>
26109 <li>OpenSMTPD 6.5.0</li>
26110
26111 <li>LibreSSL 2.9.1</li>
26112
26113 <li>OpenSSH 8.0</li>
26114
26115 <li>Mandoc 1.14.5</li>
26116
26117 <li>Xenocara</li>
26118
26119 <li>LLVM/Clang 7.0.1 (+ patches)</li>
26120
26121 <li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)</li></ul>
26122 </li>
26123
26124 <li>Many pre-built packages for each architecture:
26125
26126
26127 <ul>
26128 <li>aarch64: 9654</li>
26129
26130 <li>amd64: 10602</li>
26131
26132 <li>i386: 10535</li></ul>
26133 </li>
26134 </ul>
26135
26136 <p><hr /></p>
26137
26138 <h3 id="mountyourzfsdatasetsanywhereyouwanthttpsdanlangilleorg20190422mountyourzfsdatasetsanywhereyouwant"><a href="https://dan.langille.org/2019/04/22/mount-your-zfs-datasets-anywhere-you-want/">Mount your ZFS datasets anywhere you want</a></h3>
26139
26140 <blockquote>
26141 <p>ZFS is very flexible about mountpoints, and there are many features available to provide great flexibility.
26142 When you create zpool main<em>tank, the default mountpoint is /main</em>tank.
26143 You might be happy with that, but you don’t have to be content. You can do magical things.</p>
26144 </blockquote>
26145
26146 <ul>
26147 <li>Some highlights are:
26148
26149
26150 <ul>
26151 <li>mount point can be inherited</li>
26152
26153 <li>not all filesystems in a zpool need to be mounted</li>
26154
26155 <li>each filesystem (directory) can have different ZFS characteristics</li>
26156
26157 <li>In my case, let’s look at this new zpool I created earlier today and I will show you some very simple alternatives. This zpool use NVMe devices which should be faster than SSDs especially when used with multiple concurrent writes. This is my plan: run all the Bacula regression tests concurrently.</li></ul>
26158 </li>
26159 </ul>
26160
26161 <p><hr /></p>
26162
26163 <h2 id="newsroundup">News Roundup</h2>
26164
26165 <h3 id="branchfornetbsd9upcomingpleasehelpandtestcurrenthttpsmailindexnetbsdorgcurrentusers20190424msg035645html"><a href="https://mail-index.netbsd.org/current-users/2019/04/24/msg035645.html">Branch for netbsd 9 upcoming, please help and test -current</a></h3>
26166
26167 <blockquote>
26168 <p>Folks,
26169 once again we are quite late for branching the next NetBSD release (NetBSD 9).
26170 Initially planned to happen early in February 2019, we are now approaching May and it is unlikely that the branch will happen before that.
26171 On the positive side, lots of good things landed in -current in between, like new Mesa, new jemalloc, lots of ZFS improvements - and some of those would be hard to pull up to the branch later.
26172 On the bad side we saw lots of churn in -current recently, and there is quite some fallout where we not even have a good overview right now. And this is where you can help:</p>
26173
26174 <ul>
26175 <li>please test -current, on all the various machines you have</li>
26176
26177 <li>especially interesting would be test results from uncommon architectures
26178 or strange combinations (like the sparc userland on sparc64 kernel issue
26179 I ran in yesterday)
26180 Please test, report success, and file PRs for failures!
26181 We will likely announce the real branch date on quite short notice, the likely next candidates would be mid may or end of may.
26182 We may need to do extra steps after the branch (like switch some architectures back to old jemalloc on the branch). However, the less difference between -current and the branch, the easier will the release cycle go.
26183 Our goal is to have an unprecedented short release cycle this time. But..
26184 we always say that upfront.</li>
26185 </ul>
26186
26187 <hr />
26188 </blockquote>
26189
26190 <h3 id="libressl291releasedhttpsmarcinfolopenbsdannouncem155590112606279w2"><a href="https://marc.info/?l=openbsd-announce&m=155590112606279&w=2">LibreSSL 2.9.1 Released</a></h3>
26191
26192 <blockquote>
26193 <p>We have released LibreSSL 2.9.1, which will be arriving in the LibreSSL
26194 directory of your local OpenBSD mirror soon. This is the first stable release
26195 from the 2.9 series, which is also included with OpenBSD 6.5</p>
26196
26197 <p>It includes the following changes and improvements from LibreSSL 2.8.x:</p>
26198 </blockquote>
26199
26200 <ul>
26201 <li><p>API and Documentation Enhancements</p>
26202
26203 <ul>
26204 <li>CRYPTO_LOCK is now automatically initialized, with the legacy
26205 callbacks stubbed for compatibility.</li>
26206
26207 <li>Added the SM3 hash function from the Chinese standard GB/T 32905-2016.</li>
26208
26209 <li>Added the SM4 block cipher from the Chinese standard GB/T 32907-2016.</li>
26210
26211 <li>Added more OPENSSL<em>NO</em>* macros for compatibility with OpenSSL.</li>
26212
26213 <li>Partial port of the OpenSSL EC<em>KEY</em>METHOD API for use by OpenSSH.</li>
26214
26215 <li>Implemented further missing OpenSSL 1.1 API.</li>
26216
26217 <li>Added support for XChaCha20 and XChaCha20-Poly1305.</li>
26218
26219 <li>Added support for AES key wrap constructions via the EVP interface.</li></ul></li>
26220
26221 <li><p>Compatibility Changes</p>
26222
26223 <ul>
26224 <li>Added pbkdf2 key derivation support to openssl(1) enc.</li>
26225
26226 <li>Changed the default digest type of openssl(1) enc to sha256.</li>
26227
26228 <li>Changed the default digest type of openssl(1) dgst to sha256.</li>
26229
26230 <li>Changed the default digest type of openssl(1) x509 -fingerprint to sha256.</li>
26231
26232 <li>Changed the default digest type of openssl(1) crl -fingerprint to sha256.</li></ul></li>
26233
26234 <li><p>Testing and Proactive Security</p>
26235
26236 <ul>
26237 <li>Added extensive interoperability tests between LibreSSL and OpenSSL
26238 1.0 and 1.1.</li>
26239
26240 <li>Added additional Wycheproof tests and related bug fixes.</li></ul></li>
26241
26242 <li><p>Internal Improvements</p>
26243
26244 <ul>
26245 <li>Simplified sigalgs option processing and handshake signing
26246 algorithm selection.</li>
26247
26248 <li>Added the ability to use the RSA PSS algorithm for handshake signatures.</li>
26249
26250 <li>Added bn<em>rand</em>interval() and use it in code needing ranges of
26251 random bn values.</li>
26252
26253 <li>Added functionality to derive early, handshake, and application
26254 secrets as per RFC8446.</li>
26255
26256 <li>Added handshake state machine from RFC8446.</li>
26257
26258 <li>Removed some ASN.1 related code from libcrypto that had not been
26259 used since around 2000.</li>
26260
26261 <li>Unexported internal symbols and internalized more record layer structs.</li>
26262
26263 <li>Removed SHA224 based handshake signatures from consideration for
26264 use in a TLS 1.2 handshake.</li></ul></li>
26265
26266 <li><p>Portable Improvements</p>
26267
26268 <ul>
26269 <li>Added support for assembly optimizations on 32-bit ARM ELF targets.</li>
26270
26271 <li>Added support for assembly optimizations on Mingw-w64 targets.</li>
26272
26273 <li>Improved Android compatibility</li></ul></li>
26274
26275 <li><p>Bug Fixes</p>
26276
26277 <p><ul>
26278 <li>Improved protection against timing side channels in ECDSA signature
26279 generation.</li></p>
26280
26281 <p><li>Coordinate blinding was added to some elliptic curves. This is the
26282 last bit of the work by Brumley et al. to protect against the Portsmash
26283 vulnerability.</li></p>
26284
26285 <p><li>Ensure transcript handshake is always freed with TLS 1.2.</li></ul>
26286
26287 <p></p></li>
26288 </ul></p>
26289
26290 <blockquote>
26291 <p>The LibreSSL project continues improvement of the codebase to reflect modern,
26292 safe programming practices. We welcome feedback and improvements from the
26293 broader community. Thanks to all of the contributors who helped make this
26294 release possible.</p>
26295
26296 <hr />
26297 </blockquote>
26298
26299 <h3 id="freebsdmasteryjailsbailbonddeniededitionhttpsmwlioarchives4227"><a href="https://mwl.io/archives/4227">FreeBSD Mastery: Jails – Bail Bond Denied Edition</a></h3>
26300
26301 <blockquote>
26302 <p>I had a brilliant, hideous idea: to produce a charity edition of FreeBSD Mastery: Jails featuring the cover art I would use if I was imprisoned and did not have access to a real cover artist. (Never mind that I wouldn’t be permitted to release books while in jail: we creative sorts scoff at mere legal and cultural details.)
26303 I originally wanted to produce my own take on the book’s cover art. My first attempt failed spectacularly.
26304 I downgraded my expectations and tried again. And again. And again.
26305 I’m pleased to reveal the final cover for FreeBSD Mastery: Jails–Bail Bond Edition!
26306 This cover represents the very pinnacle of my artistic talents, and is the result of literally hours of effort.
26307 But, as this book is available only to the winner of charity fund-raisers, purchase of this tome represents moral supremacy. I recommend flaunting it to your family, coworkers, and all those of lesser character.
26308 Get your copy by winning the BSDCan 2019 charity auction… or any other other auction-type event I deem worthwhile.
26309 As far as my moral fiber goes: I have learned that art is hard, and that artists are not paid enough.
26310 And if I am ever imprisoned, I do hope that you’ll contribute to my bail fund. Otherwise, you’ll get more covers like this one.</p>
26311 </blockquote>
26312
26313 <hr />
26314
26315 <h3 id="onereasoned1wasagoodeditorbackinthedaysofv7unixhttpsutccutorontocatcksspaceblogunixeddesignedforcookedinput"><a href="https://utcc.utoronto.ca/~cks/space/blog/unix/EdDesignedForCookedInput">One reason ed(1) was a good editor back in the days of V7 Unix</a></h3>
26316
26317 <blockquote>
26318 <p>It is common to describe ed(1) as being line oriented, as opposed to screen oriented editors like vi. This is completely accurate but it is perhaps not a complete enough description for today, because ed is line oriented in a way that is now uncommon. After all, you could say that your shell is line oriented too, and very few people use shells that work and feel the same way ed does.
26319 The surface difference between most people's shells and ed is that most people's shells have some version of cursor based interactive editing. The deeper difference is that this requires the shell to run in character by character TTY input mode, also called raw mode. By contrast, ed runs in what Unix usually calls cooked mode, where it reads whole lines from the kernel and the kernel handles things like backspace. All of ed's commands are designed so that they work in this line focused way (including being terminated by the end of the line), and as a whole ed's interface makes this whole line input approach natural. In fact I think ed makes it so natural that it's hard to think of things as being any other way. Ed was designed for line at a time input, not just to not be screen oriented.
26320 This input mode difference is not very important today, but in the days of V7 and serial terminals it made a real difference. In cooked mode, V7 ran very little code when you entered each character; almost everything was deferred until it could be processed in bulk by the kernel, and then handed to ed all in a single line which ed could also process all at once. A version of ed that tried to work in raw mode would have been much more resource intensive, even if it still operated on single lines at a time.</p>
26321 </blockquote>
26322
26323 <hr />
26324
26325 <h2 id="beastiebits">Beastie Bits</h2>
26326
26327 <ul>
26328 <li><a href="https://lists.freebsd.org/pipermail/freebsd-fs/2019-April/027603.html">CFT for FreeBSD ZoL</a></li>
26329
26330 <li><a href="https://github.com/wilyarti/simple-dns-adblock">Simple DNS Adblock</a></li>
26331
26332 <li><a href="https://twitter.com/unix_byte/status/1119904828182781958">AT&T Unix PC in 1985</a></li>
26333
26334 <li><a href="https://marc.info/?l=openbsd-cvs&m=155523690813457&w=2">OpenBSD-current drm at 4.19, includes new support for Intel GPUs like Coffee Lake</a></li>
26335
26336 <li><a href="https://twitter.com/cfenollosa/status/1122069042083323904">"What are the differences between Linux and OpenBSD?" - Twitter thread</a></li>
26337
26338 <li><a href="http://mail-index.netbsd.org/pkgsrc-users/2019/04/10/msg028308.html">Announcing the pkgsrc-2019Q1 release (2019-04-10)</a></li>
26339 </ul>
26340
26341 <p><hr /></p>
26342
26343 <h2 id="feedbackquestions">Feedback/Questions</h2>
26344
26345 <ul>
26346 <li>Brad - <a href="http://dpaste.com/0K2QFTM#wrap">iocage</a></li>
26347
26348 <li>Frank - <a href="http://dpaste.com/3110R96#wrap">Video from Level1Tech and a question</a></li>
26349
26350 <li>Niall - <a href="http://dpaste.com/0A32XDK#wrap">Revision Control</a></li>
26351 </ul>
26352
26353 <p><hr /></p>
26354
26355 <ul>
26356 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
26357 </ul>
26358
26359 <p><hr /></p>
26360
26361 <video controls preload="metadata" style=" width:426px; height:240px;">
26362 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0296.mp4" type="video/mp4">
26363 Your browser does not support the HTML5 video tag.
26364 </video>]]>
26365 </itunes:summary>
26366 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+xeDHWshf</fireside:playerURL>
26367 <fireside:playerEmbedCode>
26368 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+xeDHWshf" width="740" height="200" frameborder="0" scrolling="no">]]>
26369 </fireside:playerEmbedCode>
26370 </item>
26371 <item>
26372 <title>295: Fun with funlinkat()</title>
26373 <link>https://www.bsdnow.tv/295</link>
26374 <guid isPermaLink="false">f856e52d-1f51-46e1-9dd9-658045523279</guid>
26375 <pubDate>Thu, 25 Apr 2019 13:00:00 -0700</pubDate>
26376 <author>Allan Jude</author>
26377 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/f856e52d-1f51-46e1-9dd9-658045523279.mp3" length="37143014" type="audio/mp3"/>
26378 <itunes:episodeType>full</itunes:episodeType>
26379 <itunes:author>Allan Jude</itunes:author>
26380 <itunes:subtitle>Introducing funlinkat(), an OpenBSD Router with AT&T U-Verse, using NetBSD on a raspberry pi, ZFS encryption is still under development, Rump kernel servers and clients tutorial, Snort on OpenBSD 6.4, and more.</itunes:subtitle>
26381 <itunes:duration>1:01:02</itunes:duration>
26382 <itunes:explicit>no</itunes:explicit>
26383 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
26384 <description>Introducing funlinkat(), an OpenBSD Router with AT&T U-Verse, using NetBSD on a raspberry pi, ZFS encryption is still under development, Rump kernel servers and clients tutorial, Snort on OpenBSD 6.4, and more.
26385 <h2 id="headlines">Headlines</h2>
26386
26387 <h3 id="introducingfunlinkathttpsoshogbovexilliumorgblog63"><a href="https://oshogbo.vexillium.org/blog/63/">Introducing funlinkat</a></h3>
26388
26389 <ul>
26390 <li>It turns out, every file you have ever deleted on a unix machine was probably susceptible to a race condition</li>
26391 </ul>
26392
26393 <blockquote>
26394 <p>One of the first syscalls which was created in Unix-like systems is unlink. In FreeBSD this syscall is number 10 (source) and in Linux, the number is dependent on the architecture but for most of them is also the tenth syscall (source). This indicated that this is one of the primary syscalls. The unlink syscall is very simple and we provide one single path to the file that we want to remove.
26395 The “removing file” process itself is very interesting so let’s spend a moment to understand the it. First, by removing the file we are removing a link from the directory to it. In Unix-like systems we can have many links to a single file (hard links). When we remove all links to the file, the file system will mark the blocks used by the file as free (a different file system will behave differently but let’s not jump into a second digression). This is why the process is called unlinking and not “removing file”. While we unlink the file two or three things will happen:</p>
26396
26397 <ul>
26398 <li>We will remove an entry in the directory with the filename.</li>
26399
26400 <li>We will decrease a file reference count (in inode).</li>
26401
26402 <li>If links go to zero - the file will be removed from the disk (again this doesn't mean that the blocks from the disk will be filled with zeros, though this may happen depending on the file system and configuration. However, in most cases this means that the file system will mark those blocks to as free and use them to write new data later
26403 This mostly means that “removing file” from a directory is an operation on the directory and not on the file (inode) itself.
26404 Another interesting subject is what happens if our system will perform only first or second step from the list. This depends on the file system and this is also something we will leave for another time.
26405 The problem with the unlink and even unlinkat function is that we don’t have any guarantee of which file we really are unlinking.
26406
26407
26408 <ul>
26409 <li>When you delete a file using its name, you have no guarantee that someone has not already deleted the file, or renamed it, and created a new file with the name you are about to delete.
26410 We have some stats about the file that we want to unlink. We performed some tests. In the same time another process removed our file and recreated it. When we finally try to remove our file it is no longer the same file. It’s a classic race condition.</li>
26411
26412 <li>Many programs will perform checks before trying to remove a file, to make sure it is the correct file, that you have the correct permissions etc. However this exposes the ‘Time-of-Check / Time-of-Use’ class of bugs. I check if the file I am about to remove is the one I created yesterday, it is, so I call unlink() on it. However, between when I checked the date on the file, and when I call unlink, I, some program I am running, might have updated the file. Or a malicious user might have put some other file at that name, so I would be the one who deleted it.
26413 In Unix-like operating systems we can get a handle for our file called file - a descriptor. File descriptors guarantee us that all the operations that we will be performing on it are done on the same file (inode). Even if someone was to unlink a number of directories entries, the operating system will not free the structures behind the file descriptor, and we can detect the file that was removed by someone and recreated (or just unlinked). So, for example, we have an alternative functions fstat which allows us to get file status of the given descriptor
26414 We already know that the file may have many links on the disk which point to the single inode. What happens when we open the file? Simplifying: kernel creates a memory representation of the inode (the inode itself is stored on the disk) called vnode. This single representation is used by all processes to refer the inode to the disk. If in a process we open the same file (inode) using different names (for example through hard links) all those files will be linked to the single vnode. That means that the pathname is not stored in the kernel.
26415 This is basically the reason why we don’t have a funlink function so that instead of the path we are providing just the file descriptor to the file. If we performed the fdunlink syscall, the kernel wouldn’t know which directory entry you would like to remove. Another problem is more architectural: as we discussed earlier unlinking is really an operation on the directory not on the file (inode) itself, so using funlink(fd) may create some confusion because we are not removing the inode corresponding to the file descriptor, we are performing action on the directory which points to the file.
26416 After some discussion we decided that the only sensible option for FreeBSD would be to create a funlinkat() function. This syscall would only performs additional sanitary checks if we are removing a directory entry which corresponds to the inode stored which refers to the file descriptor.
26417 int funlinkat(int dfd, const char *path, int fd, int flags);
26418 The API above will check if the path opened relative to the dfd points to the same vnode. Thanks to that we removed a race condition because all those sanitary checks are performed in the kernel mode while the file system is locked and there is no possibility to change it.
26419 The fd parameter may be set to the FD_NONE value which will mean that the sanitary check should not be performed and funlinkat will behave just like unlinkat.
26420 As you can notice I often refer to the unlink syscall but at the end the APIs looks like unlinkat syscall. It is true that the unlink syscall is very old and kind of deprecated. That said I referred to unlink because it’s just simpler. These days unlink simply uses the same code as unlinkat.</li></ul>
26421 </li>
26422 </ul>
26423
26424 <hr />
26425 </blockquote>
26426
26427 <h3 id="usinganopenbsdrouterwithattuversehttpsjcsorg20190321uverse"><a href="https://jcs.org/2019/03/21/uverse">Using an OpenBSD Router with AT&amp;T U-Verse</a></h3>
26428
26429 <blockquote>
26430 <p>I upgraded to AT&amp;T's U-verse Gigabit internet service in 2017 and it came with an Arris BGW-210 as the WiFi AP and router. The BGW-210 is not a terrible device, but I already had my own Airport Extreme APs wired throughout my house and an OpenBSD router configured with various things, so I had no use for this device. It's also a potentially-insecure device that I can't upgrade or fully disable remote control over.
26431 Fully removing the BGW-210 is not possible as we'll see later, but it is possible to remove it from the routing path. This is how I did it with OpenBSD.</p>
26432
26433 <hr />
26434 </blockquote>
26435
26436 <h2 id="newsroundup">News Roundup</h2>
26437
26438 <h3 id="howtousenetbsdonaraspberrypihttpsopensourcecomarticle193netbsdraspberrypi"><a href="https://opensource.com/article/19/3/netbsd-raspberry-pi">How to use NetBSD on a Raspberry Pi</a></h3>
26439
26440 <blockquote>
26441 <p>Do you have an old Raspberry Pi lying around gathering dust, maybe after a recent Pi upgrade? Are you curious about BSD Unix? If you answered "yes" to both of these questions, you'll be pleased to know that the first is the solution to the second, because you can run NetBSD, as far back as the very first release, on a Raspberry Pi.
26442 BSD is the Berkley Software Distribution of Unix. In fact, it's the only open source Unix with direct lineage back to the original source code written by Dennis Ritchie and Ken Thompson at Bell Labs. Other modern versions are either proprietary (such as AIX and Solaris) or clever re-implementations (such as Minix and GNU/Linux). If you're used to Linux, you'll feel mostly right at home with BSD, but there are plenty of new commands and conventions to discover. If you're still relatively new to open source, trying BSD is a good way to experience a traditional Unix.
26443 Admittedly, NetBSD isn't an operating system that's perfectly suited for the Pi. It's a minimal install compared to many Linux distributions designed specifically for the Pi, and not all components of recent Pi models are functional under NetBSD yet. However, it's arguably an ideal OS for the older Pi models, since it's lightweight and lovingly maintained. And if nothing else, it's a lot of fun for any die-hard Unix geek to experience another side of the POSIX world.</p>
26444
26445 <hr />
26446 </blockquote>
26447
26448 <h3 id="zfsencryptionisstillunderdevelopmentasofmarch2019httpsutccutorontocatcksspacebloglinuxzfsencryptionnotready"><a href="https://utcc.utoronto.ca/~cks/space/blog/linux/ZFSEncryptionNotReady">ZFS Encryption is still under development (as of March 2019)</a></h3>
26449
26450 <blockquote>
26451 <p>One of the big upcoming features that a bunch of people are looking forward to in ZFS is natively encrypted filesystems. This is already in the main development tree of ZFS On Linux, will likely propagate to FreeBSD (since FreeBSD ZFS will be based on ZoL), and will make it to Illumos if the Illumos people want to pull it in. People are looking forward to native encryption so much, in fact, that some of them have started using it in ZFS On Linux already, using either the development tip or one of the 0.8.0 release candidate pre-releases (ZoL is up to 0.8.0-rc3 as of now). People either doing this or planning to do this show up on the ZoL mailing list every so often.</p>
26452
26453 <ul>
26454 <li><a href="https://lists.freebsd.org/pipermail/freebsd-stable/2019-April/090915.html">CFT for FreeBSD + ZoL</a></li>
26455 </ul>
26456
26457 <hr />
26458 </blockquote>
26459
26460 <h3 id="tutorialonrumpkernelserversandclientshttpswwwnetbsdorgdocsrumpsptuthtml"><a href="https://www.netbsd.org/docs/rump/sptut.html">Tutorial On Rump Kernel Servers and Clients</a></h3>
26461
26462 <blockquote>
26463 <p>The rump anykernel architecture allows to run highly componentized kernel code configurations in userspace processes. Coupled with the rump sysproxy facility it is possible to run loosely distributed client-server "mini-operating systems". Since there is minimum configuration and the bootstrap time is measured in milliseconds, these environments are very cheap to set up, use, and tear down on-demand.
26464 This document acts as a tutorial on how to configure and use unmodified NetBSD kernel drivers as userspace services with utilities available from the NetBSD base system. As part of this, it presents various use cases. One uses the kernel cryptographic disk driver (cgd) to encrypt a partition. Another one demonstrates how to operate an FFS server for editing the contents of a file system even though your user account does not have privileges to use the host's mount() system call. Additionally, using a userspace TCP/IP server with an unmodified web browser is detailed.</p>
26465
26466 <hr />
26467 </blockquote>
26468
26469 <h3 id="installingsnortonopenbsd64httpsfunctionallyparanoidcom20190318installingsnortonopenbsd64"><a href="https://functionallyparanoid.com/2019/03/18/installing-snort-on-openbsd-6-4/">Installing Snort on OpenBSD 6.4</a></h3>
26470
26471 <blockquote>
26472 <p>As you may recall from previous posts, I am running an OpenBSD server on an APU2 air-cooled 3 Intel NIC box as my router/firewall for my secure home network. Given that all of my Internet traffic flows through this box, I thought it would be a cool idea to run an Intrusion Detection System (IDS) on it. Snort is the big hog of the open source world so I took a peek in the packages directory on one of the mirrors and lo and behold we have the latest &amp; greatest version of Snort available! Thanks devs!!!
26473 I did some quick Googling and didn’t find much “modern” howto help out there so, after some trial and error, I have it up and running. I thought I’d give back in a small way and share a quickie howto for other Googlers out there who are looking for guidance. Here’s hoping that my title is good enough “SEO” to get you here! </p>
26474
26475 <hr />
26476 </blockquote>
26477
26478 <h2 id="beastiebits">Beastie Bits</h2>
26479
26480 <ul>
26481 <li><a href="https://os108.org/">os108</a></li>
26482
26483 <li><a href="https://www.youtube.com/watch?v=tc4ROCJYbm0&amp;feature=youtu.be">AT&amp;T Archives: The UNIX Operating System</a></li>
26484
26485 <li><a href="https://marc.info/?l=openbsd-tech&amp;m=155407864604288&amp;w=2">httpd(8): Adapt to industry wide current best security practices</a></li>
26486
26487 <li><a href="https://codesmithdev.com/quotes-from-a-book-that-bashes-unix/">Quotes From A Book That Bashes Unix</a></li>
26488
26489 <li><a href="https://github.com/ligurio/openbsd-tests/wiki">OpenBSD QA wiki</a></li>
26490 </ul>
26491
26492 <hr />
26493 <h2 id="feedbackquestions">Feedback/Questions</h2>
26494
26495 <ul>
26496 <li>Malcolm - <a href="http://dpaste.com/1AFFTNJ">Laptop Experience : Dell XPS 13</a></li>
26497
26498 <li>DJ - <a href="http://dpaste.com/0V74SZC#wrap">Feedback</a></li>
26499
26500 <li>Alex - <a href="http://dpaste.com/1WVV1W7">GhostBSD and Wifi : FIXED</a></li>
26501 </ul>
26502
26503 <hr />
26504 <ul>
26505 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
26506 </ul>
26507
26508 <hr />
26509 <video controls preload="metadata" style=" width:426px; height:240px;">
26510 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0295.mp4" type="video/mp4">
26511 Your browser does not support the HTML5 video tag.
26512 </video>
26513 </description>
26514 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview</itunes:keywords>
26515 <content:encoded>
26516 <![CDATA[<p>Introducing funlinkat(), an OpenBSD Router with AT&T U-Verse, using NetBSD on a raspberry pi, ZFS encryption is still under development, Rump kernel servers and clients tutorial, Snort on OpenBSD 6.4, and more.</p>
26517
26518 <h2 id="headlines">Headlines</h2>
26519
26520 <h3 id="introducingfunlinkathttpsoshogbovexilliumorgblog63"><a href="https://oshogbo.vexillium.org/blog/63/">Introducing funlinkat</a></h3>
26521
26522 <ul>
26523 <li>It turns out, every file you have ever deleted on a unix machine was probably susceptible to a race condition</li>
26524 </ul>
26525
26526 <blockquote>
26527 <p>One of the first syscalls which was created in Unix-like systems is unlink. In FreeBSD this syscall is number 10 (source) and in Linux, the number is dependent on the architecture but for most of them is also the tenth syscall (source). This indicated that this is one of the primary syscalls. The unlink syscall is very simple and we provide one single path to the file that we want to remove.
26528 The “removing file” process itself is very interesting so let’s spend a moment to understand the it. First, by removing the file we are removing a link from the directory to it. In Unix-like systems we can have many links to a single file (hard links). When we remove all links to the file, the file system will mark the blocks used by the file as free (a different file system will behave differently but let’s not jump into a second digression). This is why the process is called unlinking and not “removing file”. While we unlink the file two or three things will happen:</p>
26529
26530 <ul>
26531 <li>We will remove an entry in the directory with the filename.</li>
26532
26533 <li>We will decrease a file reference count (in inode).</li>
26534
26535 <li>If links go to zero - the file will be removed from the disk (again this doesn't mean that the blocks from the disk will be filled with zeros, though this may happen depending on the file system and configuration. However, in most cases this means that the file system will mark those blocks to as free and use them to write new data later
26536 This mostly means that “removing file” from a directory is an operation on the directory and not on the file (inode) itself.
26537 Another interesting subject is what happens if our system will perform only first or second step from the list. This depends on the file system and this is also something we will leave for another time.
26538 The problem with the unlink and even unlinkat function is that we don’t have any guarantee of which file we really are unlinking.
26539
26540
26541 <ul>
26542 <li>When you delete a file using its name, you have no guarantee that someone has not already deleted the file, or renamed it, and created a new file with the name you are about to delete.
26543 We have some stats about the file that we want to unlink. We performed some tests. In the same time another process removed our file and recreated it. When we finally try to remove our file it is no longer the same file. It’s a classic race condition.</li>
26544
26545 <li>Many programs will perform checks before trying to remove a file, to make sure it is the correct file, that you have the correct permissions etc. However this exposes the ‘Time-of-Check / Time-of-Use’ class of bugs. I check if the file I am about to remove is the one I created yesterday, it is, so I call unlink() on it. However, between when I checked the date on the file, and when I call unlink, I, some program I am running, might have updated the file. Or a malicious user might have put some other file at that name, so I would be the one who deleted it.
26546 In Unix-like operating systems we can get a handle for our file called file - a descriptor. File descriptors guarantee us that all the operations that we will be performing on it are done on the same file (inode). Even if someone was to unlink a number of directories entries, the operating system will not free the structures behind the file descriptor, and we can detect the file that was removed by someone and recreated (or just unlinked). So, for example, we have an alternative functions fstat which allows us to get file status of the given descriptor
26547 We already know that the file may have many links on the disk which point to the single inode. What happens when we open the file? Simplifying: kernel creates a memory representation of the inode (the inode itself is stored on the disk) called vnode. This single representation is used by all processes to refer the inode to the disk. If in a process we open the same file (inode) using different names (for example through hard links) all those files will be linked to the single vnode. That means that the pathname is not stored in the kernel.
26548 This is basically the reason why we don’t have a funlink function so that instead of the path we are providing just the file descriptor to the file. If we performed the fdunlink syscall, the kernel wouldn’t know which directory entry you would like to remove. Another problem is more architectural: as we discussed earlier unlinking is really an operation on the directory not on the file (inode) itself, so using funlink(fd) may create some confusion because we are not removing the inode corresponding to the file descriptor, we are performing action on the directory which points to the file.
26549 After some discussion we decided that the only sensible option for FreeBSD would be to create a funlinkat() function. This syscall would only performs additional sanitary checks if we are removing a directory entry which corresponds to the inode stored which refers to the file descriptor.
26550 int funlinkat(int dfd, const char *path, int fd, int flags);
26551 The API above will check if the path opened relative to the dfd points to the same vnode. Thanks to that we removed a race condition because all those sanitary checks are performed in the kernel mode while the file system is locked and there is no possibility to change it.
26552 The fd parameter may be set to the FD_NONE value which will mean that the sanitary check should not be performed and funlinkat will behave just like unlinkat.
26553 As you can notice I often refer to the unlink syscall but at the end the APIs looks like unlinkat syscall. It is true that the unlink syscall is very old and kind of deprecated. That said I referred to unlink because it’s just simpler. These days unlink simply uses the same code as unlinkat.</li></ul>
26554 </li>
26555 </ul>
26556
26557 <hr />
26558 </blockquote>
26559
26560 <h3 id="usinganopenbsdrouterwithattuversehttpsjcsorg20190321uverse"><a href="https://jcs.org/2019/03/21/uverse">Using an OpenBSD Router with AT&T U-Verse</a></h3>
26561
26562 <blockquote>
26563 <p>I upgraded to AT&T's U-verse Gigabit internet service in 2017 and it came with an Arris BGW-210 as the WiFi AP and router. The BGW-210 is not a terrible device, but I already had my own Airport Extreme APs wired throughout my house and an OpenBSD router configured with various things, so I had no use for this device. It's also a potentially-insecure device that I can't upgrade or fully disable remote control over.
26564 Fully removing the BGW-210 is not possible as we'll see later, but it is possible to remove it from the routing path. This is how I did it with OpenBSD.</p>
26565
26566 <hr />
26567 </blockquote>
26568
26569 <h2 id="newsroundup">News Roundup</h2>
26570
26571 <h3 id="howtousenetbsdonaraspberrypihttpsopensourcecomarticle193netbsdraspberrypi"><a href="https://opensource.com/article/19/3/netbsd-raspberry-pi">How to use NetBSD on a Raspberry Pi</a></h3>
26572
26573 <blockquote>
26574 <p>Do you have an old Raspberry Pi lying around gathering dust, maybe after a recent Pi upgrade? Are you curious about BSD Unix? If you answered "yes" to both of these questions, you'll be pleased to know that the first is the solution to the second, because you can run NetBSD, as far back as the very first release, on a Raspberry Pi.
26575 BSD is the Berkley Software Distribution of Unix. In fact, it's the only open source Unix with direct lineage back to the original source code written by Dennis Ritchie and Ken Thompson at Bell Labs. Other modern versions are either proprietary (such as AIX and Solaris) or clever re-implementations (such as Minix and GNU/Linux). If you're used to Linux, you'll feel mostly right at home with BSD, but there are plenty of new commands and conventions to discover. If you're still relatively new to open source, trying BSD is a good way to experience a traditional Unix.
26576 Admittedly, NetBSD isn't an operating system that's perfectly suited for the Pi. It's a minimal install compared to many Linux distributions designed specifically for the Pi, and not all components of recent Pi models are functional under NetBSD yet. However, it's arguably an ideal OS for the older Pi models, since it's lightweight and lovingly maintained. And if nothing else, it's a lot of fun for any die-hard Unix geek to experience another side of the POSIX world.</p>
26577
26578 <hr />
26579 </blockquote>
26580
26581 <h3 id="zfsencryptionisstillunderdevelopmentasofmarch2019httpsutccutorontocatcksspacebloglinuxzfsencryptionnotready"><a href="https://utcc.utoronto.ca/~cks/space/blog/linux/ZFSEncryptionNotReady">ZFS Encryption is still under development (as of March 2019)</a></h3>
26582
26583 <blockquote>
26584 <p>One of the big upcoming features that a bunch of people are looking forward to in ZFS is natively encrypted filesystems. This is already in the main development tree of ZFS On Linux, will likely propagate to FreeBSD (since FreeBSD ZFS will be based on ZoL), and will make it to Illumos if the Illumos people want to pull it in. People are looking forward to native encryption so much, in fact, that some of them have started using it in ZFS On Linux already, using either the development tip or one of the 0.8.0 release candidate pre-releases (ZoL is up to 0.8.0-rc3 as of now). People either doing this or planning to do this show up on the ZoL mailing list every so often.</p>
26585
26586 <ul>
26587 <li><a href="https://lists.freebsd.org/pipermail/freebsd-stable/2019-April/090915.html">CFT for FreeBSD + ZoL</a></li>
26588 </ul>
26589
26590 <hr />
26591 </blockquote>
26592
26593 <h3 id="tutorialonrumpkernelserversandclientshttpswwwnetbsdorgdocsrumpsptuthtml"><a href="https://www.netbsd.org/docs/rump/sptut.html">Tutorial On Rump Kernel Servers and Clients</a></h3>
26594
26595 <blockquote>
26596 <p>The rump anykernel architecture allows to run highly componentized kernel code configurations in userspace processes. Coupled with the rump sysproxy facility it is possible to run loosely distributed client-server "mini-operating systems". Since there is minimum configuration and the bootstrap time is measured in milliseconds, these environments are very cheap to set up, use, and tear down on-demand.
26597 This document acts as a tutorial on how to configure and use unmodified NetBSD kernel drivers as userspace services with utilities available from the NetBSD base system. As part of this, it presents various use cases. One uses the kernel cryptographic disk driver (cgd) to encrypt a partition. Another one demonstrates how to operate an FFS server for editing the contents of a file system even though your user account does not have privileges to use the host's mount() system call. Additionally, using a userspace TCP/IP server with an unmodified web browser is detailed.</p>
26598
26599 <hr />
26600 </blockquote>
26601
26602 <h3 id="installingsnortonopenbsd64httpsfunctionallyparanoidcom20190318installingsnortonopenbsd64"><a href="https://functionallyparanoid.com/2019/03/18/installing-snort-on-openbsd-6-4/">Installing Snort on OpenBSD 6.4</a></h3>
26603
26604 <blockquote>
26605 <p>As you may recall from previous posts, I am running an OpenBSD server on an APU2 air-cooled 3 Intel NIC box as my router/firewall for my secure home network. Given that all of my Internet traffic flows through this box, I thought it would be a cool idea to run an Intrusion Detection System (IDS) on it. Snort is the big hog of the open source world so I took a peek in the packages directory on one of the mirrors and lo and behold we have the latest & greatest version of Snort available! Thanks devs!!!
26606 I did some quick Googling and didn’t find much “modern” howto help out there so, after some trial and error, I have it up and running. I thought I’d give back in a small way and share a quickie howto for other Googlers out there who are looking for guidance. Here’s hoping that my title is good enough “SEO” to get you here! </p>
26607
26608 <hr />
26609 </blockquote>
26610
26611 <h2 id="beastiebits">Beastie Bits</h2>
26612
26613 <ul>
26614 <li><a href="https://os108.org/">os108</a></li>
26615
26616 <li><a href="https://www.youtube.com/watch?v=tc4ROCJYbm0&feature=youtu.be">AT&T Archives: The UNIX Operating System</a></li>
26617
26618 <li><a href="https://marc.info/?l=openbsd-tech&m=155407864604288&w=2">httpd(8): Adapt to industry wide current best security practices</a></li>
26619
26620 <li><a href="https://codesmithdev.com/quotes-from-a-book-that-bashes-unix/">Quotes From A Book That Bashes Unix</a></li>
26621
26622 <li><a href="https://github.com/ligurio/openbsd-tests/wiki">OpenBSD QA wiki</a></li>
26623 </ul>
26624
26625 <p><hr /></p>
26626
26627 <h2 id="feedbackquestions">Feedback/Questions</h2>
26628
26629 <ul>
26630 <li>Malcolm - <a href="http://dpaste.com/1AFFTNJ">Laptop Experience : Dell XPS 13</a></li>
26631
26632 <li>DJ - <a href="http://dpaste.com/0V74SZC#wrap">Feedback</a></li>
26633
26634 <li>Alex - <a href="http://dpaste.com/1WVV1W7">GhostBSD and Wifi : FIXED</a></li>
26635 </ul>
26636
26637 <p><hr /></p>
26638
26639 <ul>
26640 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
26641 </ul>
26642
26643 <p><hr /></p>
26644
26645 <video controls preload="metadata" style=" width:426px; height:240px;">
26646 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0295.mp4" type="video/mp4">
26647 Your browser does not support the HTML5 video tag.
26648 </video>]]>
26649 </content:encoded>
26650 <itunes:summary>
26651 <![CDATA[<p>Introducing funlinkat(), an OpenBSD Router with AT&T U-Verse, using NetBSD on a raspberry pi, ZFS encryption is still under development, Rump kernel servers and clients tutorial, Snort on OpenBSD 6.4, and more.</p>
26652
26653 <h2 id="headlines">Headlines</h2>
26654
26655 <h3 id="introducingfunlinkathttpsoshogbovexilliumorgblog63"><a href="https://oshogbo.vexillium.org/blog/63/">Introducing funlinkat</a></h3>
26656
26657 <ul>
26658 <li>It turns out, every file you have ever deleted on a unix machine was probably susceptible to a race condition</li>
26659 </ul>
26660
26661 <blockquote>
26662 <p>One of the first syscalls which was created in Unix-like systems is unlink. In FreeBSD this syscall is number 10 (source) and in Linux, the number is dependent on the architecture but for most of them is also the tenth syscall (source). This indicated that this is one of the primary syscalls. The unlink syscall is very simple and we provide one single path to the file that we want to remove.
26663 The “removing file” process itself is very interesting so let’s spend a moment to understand the it. First, by removing the file we are removing a link from the directory to it. In Unix-like systems we can have many links to a single file (hard links). When we remove all links to the file, the file system will mark the blocks used by the file as free (a different file system will behave differently but let’s not jump into a second digression). This is why the process is called unlinking and not “removing file”. While we unlink the file two or three things will happen:</p>
26664
26665 <ul>
26666 <li>We will remove an entry in the directory with the filename.</li>
26667
26668 <li>We will decrease a file reference count (in inode).</li>
26669
26670 <li>If links go to zero - the file will be removed from the disk (again this doesn't mean that the blocks from the disk will be filled with zeros, though this may happen depending on the file system and configuration. However, in most cases this means that the file system will mark those blocks to as free and use them to write new data later
26671 This mostly means that “removing file” from a directory is an operation on the directory and not on the file (inode) itself.
26672 Another interesting subject is what happens if our system will perform only first or second step from the list. This depends on the file system and this is also something we will leave for another time.
26673 The problem with the unlink and even unlinkat function is that we don’t have any guarantee of which file we really are unlinking.
26674
26675
26676 <ul>
26677 <li>When you delete a file using its name, you have no guarantee that someone has not already deleted the file, or renamed it, and created a new file with the name you are about to delete.
26678 We have some stats about the file that we want to unlink. We performed some tests. In the same time another process removed our file and recreated it. When we finally try to remove our file it is no longer the same file. It’s a classic race condition.</li>
26679
26680 <li>Many programs will perform checks before trying to remove a file, to make sure it is the correct file, that you have the correct permissions etc. However this exposes the ‘Time-of-Check / Time-of-Use’ class of bugs. I check if the file I am about to remove is the one I created yesterday, it is, so I call unlink() on it. However, between when I checked the date on the file, and when I call unlink, I, some program I am running, might have updated the file. Or a malicious user might have put some other file at that name, so I would be the one who deleted it.
26681 In Unix-like operating systems we can get a handle for our file called file - a descriptor. File descriptors guarantee us that all the operations that we will be performing on it are done on the same file (inode). Even if someone was to unlink a number of directories entries, the operating system will not free the structures behind the file descriptor, and we can detect the file that was removed by someone and recreated (or just unlinked). So, for example, we have an alternative functions fstat which allows us to get file status of the given descriptor
26682 We already know that the file may have many links on the disk which point to the single inode. What happens when we open the file? Simplifying: kernel creates a memory representation of the inode (the inode itself is stored on the disk) called vnode. This single representation is used by all processes to refer the inode to the disk. If in a process we open the same file (inode) using different names (for example through hard links) all those files will be linked to the single vnode. That means that the pathname is not stored in the kernel.
26683 This is basically the reason why we don’t have a funlink function so that instead of the path we are providing just the file descriptor to the file. If we performed the fdunlink syscall, the kernel wouldn’t know which directory entry you would like to remove. Another problem is more architectural: as we discussed earlier unlinking is really an operation on the directory not on the file (inode) itself, so using funlink(fd) may create some confusion because we are not removing the inode corresponding to the file descriptor, we are performing action on the directory which points to the file.
26684 After some discussion we decided that the only sensible option for FreeBSD would be to create a funlinkat() function. This syscall would only performs additional sanitary checks if we are removing a directory entry which corresponds to the inode stored which refers to the file descriptor.
26685 int funlinkat(int dfd, const char *path, int fd, int flags);
26686 The API above will check if the path opened relative to the dfd points to the same vnode. Thanks to that we removed a race condition because all those sanitary checks are performed in the kernel mode while the file system is locked and there is no possibility to change it.
26687 The fd parameter may be set to the FD_NONE value which will mean that the sanitary check should not be performed and funlinkat will behave just like unlinkat.
26688 As you can notice I often refer to the unlink syscall but at the end the APIs looks like unlinkat syscall. It is true that the unlink syscall is very old and kind of deprecated. That said I referred to unlink because it’s just simpler. These days unlink simply uses the same code as unlinkat.</li></ul>
26689 </li>
26690 </ul>
26691
26692 <hr />
26693 </blockquote>
26694
26695 <h3 id="usinganopenbsdrouterwithattuversehttpsjcsorg20190321uverse"><a href="https://jcs.org/2019/03/21/uverse">Using an OpenBSD Router with AT&T U-Verse</a></h3>
26696
26697 <blockquote>
26698 <p>I upgraded to AT&T's U-verse Gigabit internet service in 2017 and it came with an Arris BGW-210 as the WiFi AP and router. The BGW-210 is not a terrible device, but I already had my own Airport Extreme APs wired throughout my house and an OpenBSD router configured with various things, so I had no use for this device. It's also a potentially-insecure device that I can't upgrade or fully disable remote control over.
26699 Fully removing the BGW-210 is not possible as we'll see later, but it is possible to remove it from the routing path. This is how I did it with OpenBSD.</p>
26700
26701 <hr />
26702 </blockquote>
26703
26704 <h2 id="newsroundup">News Roundup</h2>
26705
26706 <h3 id="howtousenetbsdonaraspberrypihttpsopensourcecomarticle193netbsdraspberrypi"><a href="https://opensource.com/article/19/3/netbsd-raspberry-pi">How to use NetBSD on a Raspberry Pi</a></h3>
26707
26708 <blockquote>
26709 <p>Do you have an old Raspberry Pi lying around gathering dust, maybe after a recent Pi upgrade? Are you curious about BSD Unix? If you answered "yes" to both of these questions, you'll be pleased to know that the first is the solution to the second, because you can run NetBSD, as far back as the very first release, on a Raspberry Pi.
26710 BSD is the Berkley Software Distribution of Unix. In fact, it's the only open source Unix with direct lineage back to the original source code written by Dennis Ritchie and Ken Thompson at Bell Labs. Other modern versions are either proprietary (such as AIX and Solaris) or clever re-implementations (such as Minix and GNU/Linux). If you're used to Linux, you'll feel mostly right at home with BSD, but there are plenty of new commands and conventions to discover. If you're still relatively new to open source, trying BSD is a good way to experience a traditional Unix.
26711 Admittedly, NetBSD isn't an operating system that's perfectly suited for the Pi. It's a minimal install compared to many Linux distributions designed specifically for the Pi, and not all components of recent Pi models are functional under NetBSD yet. However, it's arguably an ideal OS for the older Pi models, since it's lightweight and lovingly maintained. And if nothing else, it's a lot of fun for any die-hard Unix geek to experience another side of the POSIX world.</p>
26712
26713 <hr />
26714 </blockquote>
26715
26716 <h3 id="zfsencryptionisstillunderdevelopmentasofmarch2019httpsutccutorontocatcksspacebloglinuxzfsencryptionnotready"><a href="https://utcc.utoronto.ca/~cks/space/blog/linux/ZFSEncryptionNotReady">ZFS Encryption is still under development (as of March 2019)</a></h3>
26717
26718 <blockquote>
26719 <p>One of the big upcoming features that a bunch of people are looking forward to in ZFS is natively encrypted filesystems. This is already in the main development tree of ZFS On Linux, will likely propagate to FreeBSD (since FreeBSD ZFS will be based on ZoL), and will make it to Illumos if the Illumos people want to pull it in. People are looking forward to native encryption so much, in fact, that some of them have started using it in ZFS On Linux already, using either the development tip or one of the 0.8.0 release candidate pre-releases (ZoL is up to 0.8.0-rc3 as of now). People either doing this or planning to do this show up on the ZoL mailing list every so often.</p>
26720
26721 <ul>
26722 <li><a href="https://lists.freebsd.org/pipermail/freebsd-stable/2019-April/090915.html">CFT for FreeBSD + ZoL</a></li>
26723 </ul>
26724
26725 <hr />
26726 </blockquote>
26727
26728 <h3 id="tutorialonrumpkernelserversandclientshttpswwwnetbsdorgdocsrumpsptuthtml"><a href="https://www.netbsd.org/docs/rump/sptut.html">Tutorial On Rump Kernel Servers and Clients</a></h3>
26729
26730 <blockquote>
26731 <p>The rump anykernel architecture allows to run highly componentized kernel code configurations in userspace processes. Coupled with the rump sysproxy facility it is possible to run loosely distributed client-server "mini-operating systems". Since there is minimum configuration and the bootstrap time is measured in milliseconds, these environments are very cheap to set up, use, and tear down on-demand.
26732 This document acts as a tutorial on how to configure and use unmodified NetBSD kernel drivers as userspace services with utilities available from the NetBSD base system. As part of this, it presents various use cases. One uses the kernel cryptographic disk driver (cgd) to encrypt a partition. Another one demonstrates how to operate an FFS server for editing the contents of a file system even though your user account does not have privileges to use the host's mount() system call. Additionally, using a userspace TCP/IP server with an unmodified web browser is detailed.</p>
26733
26734 <hr />
26735 </blockquote>
26736
26737 <h3 id="installingsnortonopenbsd64httpsfunctionallyparanoidcom20190318installingsnortonopenbsd64"><a href="https://functionallyparanoid.com/2019/03/18/installing-snort-on-openbsd-6-4/">Installing Snort on OpenBSD 6.4</a></h3>
26738
26739 <blockquote>
26740 <p>As you may recall from previous posts, I am running an OpenBSD server on an APU2 air-cooled 3 Intel NIC box as my router/firewall for my secure home network. Given that all of my Internet traffic flows through this box, I thought it would be a cool idea to run an Intrusion Detection System (IDS) on it. Snort is the big hog of the open source world so I took a peek in the packages directory on one of the mirrors and lo and behold we have the latest & greatest version of Snort available! Thanks devs!!!
26741 I did some quick Googling and didn’t find much “modern” howto help out there so, after some trial and error, I have it up and running. I thought I’d give back in a small way and share a quickie howto for other Googlers out there who are looking for guidance. Here’s hoping that my title is good enough “SEO” to get you here! </p>
26742
26743 <hr />
26744 </blockquote>
26745
26746 <h2 id="beastiebits">Beastie Bits</h2>
26747
26748 <ul>
26749 <li><a href="https://os108.org/">os108</a></li>
26750
26751 <li><a href="https://www.youtube.com/watch?v=tc4ROCJYbm0&feature=youtu.be">AT&T Archives: The UNIX Operating System</a></li>
26752
26753 <li><a href="https://marc.info/?l=openbsd-tech&m=155407864604288&w=2">httpd(8): Adapt to industry wide current best security practices</a></li>
26754
26755 <li><a href="https://codesmithdev.com/quotes-from-a-book-that-bashes-unix/">Quotes From A Book That Bashes Unix</a></li>
26756
26757 <li><a href="https://github.com/ligurio/openbsd-tests/wiki">OpenBSD QA wiki</a></li>
26758 </ul>
26759
26760 <p><hr /></p>
26761
26762 <h2 id="feedbackquestions">Feedback/Questions</h2>
26763
26764 <ul>
26765 <li>Malcolm - <a href="http://dpaste.com/1AFFTNJ">Laptop Experience : Dell XPS 13</a></li>
26766
26767 <li>DJ - <a href="http://dpaste.com/0V74SZC#wrap">Feedback</a></li>
26768
26769 <li>Alex - <a href="http://dpaste.com/1WVV1W7">GhostBSD and Wifi : FIXED</a></li>
26770 </ul>
26771
26772 <p><hr /></p>
26773
26774 <ul>
26775 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
26776 </ul>
26777
26778 <p><hr /></p>
26779
26780 <video controls preload="metadata" style=" width:426px; height:240px;">
26781 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0295.mp4" type="video/mp4">
26782 Your browser does not support the HTML5 video tag.
26783 </video>]]>
26784 </itunes:summary>
26785 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+3DPGd62S</fireside:playerURL>
26786 <fireside:playerEmbedCode>
26787 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+3DPGd62S" width="740" height="200" frameborder="0" scrolling="no">]]>
26788 </fireside:playerEmbedCode>
26789 </item>
26790 <item>
26791 <title>294: The SSH Tarpit</title>
26792 <link>https://www.bsdnow.tv/294</link>
26793 <guid isPermaLink="false">b1d75436-414e-48d2-bc93-a09aae8e7d82</guid>
26794 <pubDate>Thu, 18 Apr 2019 09:00:00 -0700</pubDate>
26795 <author>Allan Jude</author>
26796 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/b1d75436-414e-48d2-bc93-a09aae8e7d82.mp3" length="34751503" type="audio/mp3"/>
26797 <itunes:episodeType>full</itunes:episodeType>
26798 <itunes:author>Allan Jude</itunes:author>
26799 <itunes:subtitle>A PI-powered Plan 9 cluster, an SSH tarpit, rdist for when Ansible is too much, falling in love with OpenBSD again, how I created my first FreeBSD port, the Tilde Institute of OpenBSD education and more.</itunes:subtitle>
26800 <itunes:duration>57:03</itunes:duration>
26801 <itunes:explicit>no</itunes:explicit>
26802 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
26803 <description>A PI-powered Plan 9 cluster, an SSH tarpit, rdist for when Ansible is too much, falling in love with OpenBSD again, how I created my first FreeBSD port, the Tilde Institute of OpenBSD education and more.
26804 <h2 id="headlines">Headlines</h2>
26805
26806 <h3 id="apipoweredplan9clusterhttpswwwrsonlinecomdesignsparkapipoweredplan9cluster"><a href="https://www.rs-online.com/designspark/a-pi-powered-plan-9-cluster">A Pi-Powered Plan 9 Cluster</a></h3>
26807
26808 <blockquote>
26809 <p>Plan 9 from Bell Labs comes from the same stable as the UNIX operating system, which of course Linux was designed after, and Apple’s OS X runs on top of a certified UNIX operating system. Just like UNIX, Plan 9 was developed as a research O/S — a vehicle for trying out new concepts — with it building on key UNIX principles and taking the idea of devices are just files even further.
26810 In this post, we take a quick look at the Plan 9 O/S and some of the notable features, before moving on to the construction of a self-contained 4-node Raspberry Pi cluster that will provide a compact platform for experimentation.</p>
26811
26812 <hr />
26813 </blockquote>
26814
26815 <h3 id="endlesshansshtarpithttpsnullprogramcomblog20190322"><a href="https://nullprogram.com/blog/2019/03/22/">Endlessh: an SSH Tarpit</a></h3>
26816
26817 <blockquote>
26818 <p>I’m a big fan of tarpits: a network service that intentionally inserts delays in its protocol, slowing down clients by forcing them to wait. This arrests the speed at which a bad actor can attack or probe the host system, and it ties up some of the attacker’s resources that might otherwise be spent attacking another host. When done well, a tarpit imposes more cost on the attacker than the defender.
26819 The Internet is a very hostile place, and anyone who’s ever stood up an Internet-facing IPv4 host has witnessed the immediate and continuous attacks against their server. I’ve maintained such a server for nearly six years now, and more than 99% of my incoming traffic has ill intent. One part of my defenses has been tarpits in various forms.</p>
26820
26821 <hr />
26822 </blockquote>
26823
26824 <h2 id="newsroundup">News Roundup</h2>
26825
26826 <h3 id="rdist1whenansibleistoomuchhttpschargenoneobsdamsrdist1whenansibleistoomuch"><a href="https://chargen.one/obsdams/rdist-1-when-ansible-is-too-much">rdist(1) – when Ansible is too much</a></h3>
26827
26828 <blockquote>
26829 <p>The post written about rdist(1) on johan.huldtgren.com sparked
26830 us to write one as well. It's a great, underappreciated, tool. And we wanted to show how we wrapped doas(1) around it.
26831 There are two services in our infrastructure for which we were looking to keep the configuration in sync and to reload the process when the configuration had indeed changed. There is a pair of nsd(8)/unbound(8) hosts and a pair of hosts running relayd(8)/httpd(8) with carp(4) between them.
26832 We didn't have a requirement to go full configuration management with tools like Ansible or Salt Stack. And there wasn't any interest in building additional logic on top of rsync or repositories. > Enter rdist(1), rdist is a program to maintain identical copies of files over multiple hosts. It preserves the owner, group, mode, and mtime of files if possible and can update programs that are executing.</p>
26833
26834 <hr />
26835 </blockquote>
26836
26837 <h3 id="fallinginlovewithopenbsdagainhttpsfunctionallyparanoidcom20190313wellitsbeenawhilefallinginlovewithopenbsdagain"><a href="https://functionallyparanoid.com/2019/03/13/well-its-been-a-while-falling-in-love-with-openbsd-again/">Falling in love with OpenBSD again</a></h3>
26838
26839 <blockquote>
26840 <p>I was checking the other day and was appalled at how long it has been since I posted here. I had been working a job during 2018 that had me traveling 3,600 miles by air every week so that is at least a viable excuse.
26841 So what is my latest project? I wanted to get something better than the clunky old T500 “freedom laptop” that I could use as my daily driver. Some background here. My first paid gig as a programmer was on SunOS 4 (predecessor to Solaris) and Ultrix (on a DEC MicroVAX). I went from there to a Commodore Amiga (preemptive multitasking in 1985!). I went from there to OS/2 (I know, patron saint of lost causes) and then finally decided to “sell out” and move to Windows as the path of least resistance in the mid 90’s.
26842 My wife bought me an iPod literally just as they started working with computers other than Macs and I watched with fascination as Apple made the big gamble and moved away from PowerPC chips to Intel. That was the beginning of the Apple Fan Boi years for me. My gateway drug was a G4 MacMini and I managed somehow to get in on the pre-production, developer build of an Intel-based Mac. I was quite happy on the platform until about three years ago.</p>
26843
26844 <hr />
26845 </blockquote>
26846
26847 <h3 id="howicreatedmyfirstfreebsdporthttpsaikchardevbloghowicreatedmyfirstfreebsdporthtml"><a href="https://aikchar.dev/blog/how-i-created-my-first-freebsd-port.html">How I Created My First FreeBSD Port</a></h3>
26848
26849 <blockquote>
26850 <p>I created my first FreeBSD port recently. I found that FreeBSD didn't have a port for GoCD, which is a continuous integration and continuous deployment (CI/CD) system. This was a great opportunity to learn how to build a FreeBSD port while also contributing back to the community</p>
26851
26852 <hr />
26853 </blockquote>
26854
26855 <h3 id="thetildeinstituteofopenbsdeducationhttpstildeinstitute"><a href="https://tilde.institute/">The Tilde Institute of OpenBSD Education</a></h3>
26856
26857 <blockquote>
26858 <p>Welcome to tilde.institute! This is an OpenBSD machine whose purpose is to provide a space in the tildeverse for experimentation with and education of the OpenBSD operating system. A variety of editors, shells, and compilers are installed to allow for development in a native OpenBSD environment. OpenBSD's httpd(8) is configured with slowcgi(8) as the fastcgi provider and sqlite3 available. This allows users to experiment with web development using compiled CGI in C, aka the BCHS Stack. In addition to php7.0 and mysql (mariadb) by request, this provides an environment where the development of complex web apps is possible.</p>
26859
26860 <hr />
26861 </blockquote>
26862
26863 <h2 id="beastiebits">Beastie Bits</h2>
26864
26865 <ul>
26866 <li><a href="https://www.solobsd.org/index.php/2019/03/26/solobsd-19-03-stable/">SoloBSD 19.03-STABLE</a></li>
26867
26868 <li><a href="https://docs.google.com/presentation/d/1BbveYtY9IhuPCOLsEafwXMefkiY3REJBYl-opMAKQC0/edit#slide=id.p">WireGuard for NetBSD</a></li>
26869
26870 <li>[NetBSD - Removing PF](https://mail-index.netbsd.org/tech-kern/2019/03/29/msg024883.html
26871 )</li>
26872
26873 <li><a href="https://devblogs.microsoft.com/oldnewthing/20190325-00/?p=102359">What does the N in nmake stand for?</a></li>
26874
26875 <li><a href="https://kottke.org/19/03/a-map-of-the-internet-from-may-1973">A Map of the Internet from May 1973</a></li>
26876
26877 <li><a href="https://hackaday.io/project/164343-nsa-b-gone">NSA-B-Gone : A sketchy hardware security device for your x220</a></li>
26878 </ul>
26879
26880 <hr />
26881 <h2 id="feedbackquestions">Feedback/Questions</h2>
26882
26883 <ul>
26884 <li>Jake - <a href="http://dpaste.com/1Y22ZJM">A single jail as a VPN client</a></li>
26885
26886 <li>Matt - <a href="http://dpaste.com/2FAFC3A#wrap">Surprising BSD Features</a></li>
26887
26888 <li>cia - <a href="http://dpaste.com/2T4J7G3">Routing and ZFS</a></li>
26889 </ul>
26890
26891 <hr />
26892 <ul>
26893 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
26894 </ul>
26895
26896 <hr />
26897 <video controls preload="metadata" style=" width:426px; height:240px;">
26898 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0294.mp4" type="video/mp4">
26899 Your browser does not support the HTML5 video tag.
26900 </video>
26901 </description>
26902 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, plan9, ssh, ansible, rdist, wireguard, solobsd, nmake</itunes:keywords>
26903 <content:encoded>
26904 <</li>
26974
26975 <li><a href="https://devblogs.microsoft.com/oldnewthing/20190325-00/?p=102359">What does the N in nmake stand for?</a></li>
26976
26977 <li><a href="https://kottke.org/19/03/a-map-of-the-internet-from-may-1973">A Map of the Internet from May 1973</a></li>
26978
26979 <li><a href="https://hackaday.io/project/164343-nsa-b-gone">NSA-B-Gone : A sketchy hardware security device for your x220</a></li>
26980 </ul>
26981
26982 <p><hr /></p>
26983
26984 <h2 id="feedbackquestions">Feedback/Questions</h2>
26985
26986 <ul>
26987 <li>Jake - <a href="http://dpaste.com/1Y22ZJM">A single jail as a VPN client</a></li>
26988
26989 <li>Matt - <a href="http://dpaste.com/2FAFC3A#wrap">Surprising BSD Features</a></li>
26990
26991 <li>cia - <a href="http://dpaste.com/2T4J7G3">Routing and ZFS</a></li>
26992 </ul>
26993
26994 <p><hr /></p>
26995
26996 <ul>
26997 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
26998 </ul>
26999
27000 <p><hr /></p>
27001
27002 <video controls preload="metadata" style=" width:426px; height:240px;">
27003 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0294.mp4" type="video/mp4">
27004 Your browser does not support the HTML5 video tag.
27005 </video>]]>
27006 </content:encoded>
27007 <itunes:summary>
27008 <</li>
27078
27079 <li><a href="https://devblogs.microsoft.com/oldnewthing/20190325-00/?p=102359">What does the N in nmake stand for?</a></li>
27080
27081 <li><a href="https://kottke.org/19/03/a-map-of-the-internet-from-may-1973">A Map of the Internet from May 1973</a></li>
27082
27083 <li><a href="https://hackaday.io/project/164343-nsa-b-gone">NSA-B-Gone : A sketchy hardware security device for your x220</a></li>
27084 </ul>
27085
27086 <p><hr /></p>
27087
27088 <h2 id="feedbackquestions">Feedback/Questions</h2>
27089
27090 <ul>
27091 <li>Jake - <a href="http://dpaste.com/1Y22ZJM">A single jail as a VPN client</a></li>
27092
27093 <li>Matt - <a href="http://dpaste.com/2FAFC3A#wrap">Surprising BSD Features</a></li>
27094
27095 <li>cia - <a href="http://dpaste.com/2T4J7G3">Routing and ZFS</a></li>
27096 </ul>
27097
27098 <p><hr /></p>
27099
27100 <ul>
27101 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
27102 </ul>
27103
27104 <p><hr /></p>
27105
27106 <video controls preload="metadata" style=" width:426px; height:240px;">
27107 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0294.mp4" type="video/mp4">
27108 Your browser does not support the HTML5 video tag.
27109 </video>]]>
27110 </itunes:summary>
27111 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+eh64HOUD</fireside:playerURL>
27112 <fireside:playerEmbedCode>
27113 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+eh64HOUD" width="740" height="200" frameborder="0" scrolling="no">]]>
27114 </fireside:playerEmbedCode>
27115 </item>
27116 <item>
27117 <title>293: Booking Jails</title>
27118 <link>https://www.bsdnow.tv/293</link>
27119 <guid isPermaLink="false">ca87df46-31a6-4c71-883e-e34d10e4fd2d</guid>
27120 <pubDate>Thu, 11 Apr 2019 09:00:00 -0700</pubDate>
27121 <author>Allan Jude</author>
27122 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ca87df46-31a6-4c71-883e-e34d10e4fd2d.mp3" length="46528143" type="audio/mp3"/>
27123 <itunes:episodeType>full</itunes:episodeType>
27124 <itunes:author>Allan Jude</itunes:author>
27125 <itunes:subtitle>This week we have a special episode with a Michael W. Lucas interview about his latest jail book that’s been released. We’re talking all things jails, writing, book sponsoring, the upcoming BSDCan 2019 conference, and more.</itunes:subtitle>
27126 <itunes:duration>1:16:41</itunes:duration>
27127 <itunes:explicit>no</itunes:explicit>
27128 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
27129 <description>This week we have a special episode with a Michael W. Lucas interview about his latest jail book that’s been released. We’re talking all things jails, writing, book sponsoring, the upcoming BSDCan 2019 conference, and more.
27130 <p>###Interview - Michael W. Lucas - <a href="mailto:mwl@mwl.io">mwl@mwl.io</a> / <a href="https://twitter.com/mwlauthor">@mwlauthor</a><br>
27131 FreeBSD Mastery: Jails</p>
27132 <ul>
27133 <li>BR: Welcome back to the show and congratulations on your latest book. How many books did you have to write before you could start on FreeBSD Mastery: Jails?</li>
27134 <li>AJ: How much research did you have to do about jails?</li>
27135 <li>BR: The book talks about something called ‘incomplete’ jails. What do you mean by that?</li>
27136 <li>AJ: There are a lot of jail management frameworks out there. Why did you chose to write about iocage in the book?</li>
27137 <li>BR: How many jails do you run yourself?</li>
27138 <li>AJ: Can you tell us a bit about how you handle book sponsorship these days?</li>
27139 <li>BR: What other books (fiction and non-fiction) are you currently working on?</li>
27140 <li>AJ: Which talks are you looking forward to attend at the upcoming BSDCan conference?</li>
27141 <li>BR: How is the BSD user group going?</li>
27142 <li>AJ: Anything else you’d like to mention before we release you from our interview jail cell?</li>
27143 </ul>
27144 <hr>
27145 <ul>
27146 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
27147 </ul>
27148 <hr>
27149 <video controls preload="metadata" style=" width:426px; height:240px;">
27150 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0293.mp4" type="video/mp4">
27151 Your browser does not support the HTML5 video tag.
27152 </video>
27153 </description>
27154 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, jails, iocage, ezjail, books, sudo, bsdcan, gelato, writing, sponsoring, user group</itunes:keywords>
27155 <content:encoded>
27156 <![CDATA[<p>This week we have a special episode with a Michael W. Lucas interview about his latest jail book that’s been released. We’re talking all things jails, writing, book sponsoring, the upcoming BSDCan 2019 conference, and more.</p>
27157
27158 <p>###Interview - Michael W. Lucas - <a href="mailto:mwl@mwl.io">mwl@mwl.io</a> / <a href="https://twitter.com/mwlauthor">@mwlauthor</a><br>
27159 FreeBSD Mastery: Jails</p>
27160
27161 <ul>
27162 <li>BR: Welcome back to the show and congratulations on your latest book. How many books did you have to write before you could start on FreeBSD Mastery: Jails?</li>
27163 <li>AJ: How much research did you have to do about jails?</li>
27164 <li>BR: The book talks about something called ‘incomplete’ jails. What do you mean by that?</li>
27165 <li>AJ: There are a lot of jail management frameworks out there. Why did you chose to write about iocage in the book?</li>
27166 <li>BR: How many jails do you run yourself?</li>
27167 <li>AJ: Can you tell us a bit about how you handle book sponsorship these days?</li>
27168 <li>BR: What other books (fiction and non-fiction) are you currently working on?</li>
27169 <li>AJ: Which talks are you looking forward to attend at the upcoming BSDCan conference?</li>
27170 <li>BR: How is the BSD user group going?</li>
27171 <li>AJ: Anything else you’d like to mention before we release you from our interview jail cell?</li>
27172 </ul>
27173
27174 <p><hr></p>
27175
27176 <ul>
27177 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
27178 </ul>
27179
27180 <p><hr></p>
27181
27182 <video controls preload="metadata" style=" width:426px; height:240px;">
27183 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0293.mp4" type="video/mp4">
27184 Your browser does not support the HTML5 video tag.
27185 </video>]]>
27186 </content:encoded>
27187 <itunes:summary>
27188 <![CDATA[<p>This week we have a special episode with a Michael W. Lucas interview about his latest jail book that’s been released. We’re talking all things jails, writing, book sponsoring, the upcoming BSDCan 2019 conference, and more.</p>
27189
27190 <p>###Interview - Michael W. Lucas - <a href="mailto:mwl@mwl.io">mwl@mwl.io</a> / <a href="https://twitter.com/mwlauthor">@mwlauthor</a><br>
27191 FreeBSD Mastery: Jails</p>
27192
27193 <ul>
27194 <li>BR: Welcome back to the show and congratulations on your latest book. How many books did you have to write before you could start on FreeBSD Mastery: Jails?</li>
27195 <li>AJ: How much research did you have to do about jails?</li>
27196 <li>BR: The book talks about something called ‘incomplete’ jails. What do you mean by that?</li>
27197 <li>AJ: There are a lot of jail management frameworks out there. Why did you chose to write about iocage in the book?</li>
27198 <li>BR: How many jails do you run yourself?</li>
27199 <li>AJ: Can you tell us a bit about how you handle book sponsorship these days?</li>
27200 <li>BR: What other books (fiction and non-fiction) are you currently working on?</li>
27201 <li>AJ: Which talks are you looking forward to attend at the upcoming BSDCan conference?</li>
27202 <li>BR: How is the BSD user group going?</li>
27203 <li>AJ: Anything else you’d like to mention before we release you from our interview jail cell?</li>
27204 </ul>
27205
27206 <p><hr></p>
27207
27208 <ul>
27209 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
27210 </ul>
27211
27212 <p><hr></p>
27213
27214 <video controls preload="metadata" style=" width:426px; height:240px;">
27215 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0293.mp4" type="video/mp4">
27216 Your browser does not support the HTML5 video tag.
27217 </video>]]>
27218 </itunes:summary>
27219 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+JQWf22RV</fireside:playerURL>
27220 <fireside:playerEmbedCode>
27221 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+JQWf22RV" width="740" height="200" frameborder="0" scrolling="no">]]>
27222 </fireside:playerEmbedCode>
27223 </item>
27224 <item>
27225 <title>292: AsiaBSDcon 2019 Recap</title>
27226 <link>https://www.bsdnow.tv/292</link>
27227 <guid isPermaLink="false">6f743ea3-0e96-445c-a46e-944f1a62450b</guid>
27228 <pubDate>Thu, 04 Apr 2019 08:00:00 -0700</pubDate>
27229 <author>Allan Jude</author>
27230 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/6f743ea3-0e96-445c-a46e-944f1a62450b.mp3" length="54434181" type="audio/mp3"/>
27231 <itunes:episodeType>full</itunes:episodeType>
27232 <itunes:author>Allan Jude</itunes:author>
27233 <itunes:subtitle>FreeBSD Q4 2018 status report, the GhostBSD alternative, the coolest 90s laptop, OpenSSH 8.0 with quantum computing resistant keys exchange, project trident: 18.12-U8 is here, and more.</itunes:subtitle>
27234 <itunes:duration>1:30:25</itunes:duration>
27235 <itunes:explicit>no</itunes:explicit>
27236 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
27237 <description>FreeBSD Q4 2018 status report, the GhostBSD alternative, the coolest 90s laptop, OpenSSH 8.0 with quantum computing resistant keys exchange, project trident: 18.12-U8 is here, and more.
27238 <p>##Headlines<br>
27239 ###<a href="https://2019.asiabsdcon.org">AsiaBSDcon 2019 recap</a></p>
27240 <ul>
27241 <li>Both Allan and I attended AsiaBSDcon 2019 in Tokyo in mid march. After a couple of days of Tokyo sightseeing and tasting the local food, the conference started with tutorials.</li>
27242 <li>Benedict gave his tutorial about “BSD-based Systems Monitoring with Icinga2 and OpenSSH”, while Allan ran the FreeBSD developer summit.</li>
27243 <li>On the next day, Benedict attended the tutorial “writing (network) tests for FreeBSD” held by Kristof Provost. I learned a lot about Kyua, where tests live and how they are executed. I took some notes, which will likely become an article or chapter in the developers handbook about writing tests.</li>
27244 <li>On the third day, Hiroki Sato officially opened the paper session and then people went into individual talks.</li>
27245 <li>Benedict attended
27246 <blockquote>
27247 <p>Adventure in DRMland - Or how to write a FreeBSD ARM64 DRM driver by Emmanuel<br>
27248 Vadot</p>
27249 </blockquote>
27250 </li>
27251 </ul>
27252 <blockquote>
27253 <p>powerpc64 architecture support in FreeBSD ports by Piotr Kubaj<br>
27254 Managing System Images with ZFS by Allan Jude<br>
27255 FreeBSD - Improving block I/O compatibility in bhyve by Sergiu Weisz<br>
27256 <a href="https://www.youtube.com/watch?v=7kShjboN6ek">Security Fantasies and Realities for the BSDs by George V.<br>
27257 Neville-Neil</a><br>
27258 ZRouter: Remote update of firmware by Hiroki Mori<br>
27259 Improving security of the FreeBSD boot process by Marcin Wojtas</p>
27260 </blockquote>
27261 <ul>
27262 <li>Allan attended
27263 <blockquote>
27264 <p>Adventures in DRMland by Emmanuel Vadot<br>
27265 Intel HAXM by Kamil Rytarowski<br>
27266 BSD Solutions in Australian NGOs<br>
27267 Container Migration on FreeBSD by Yuhei Takagawa<br>
27268 Security Fantasies and Realities for the BSDs by George Neville-Neil</p>
27269 </blockquote>
27270 </li>
27271 </ul>
27272 <blockquote>
27273 <p>ZRouter: Remote update of firmware by Hiroki Mori<br>
27274 Improving security of the FreeBSD boot process by Marcin Wojtas</p>
27275 </blockquote>
27276 <ul>
27277 <li>When not in talks, time was spent in the hallway track and conversations would often continue over dinner.</li>
27278 <li>Stay tuned for announcements about where AsiaBSDcon 2020 will be, as the Tokyo Olympics will likely force some changes for next year. Overall, it was nice to see people at the conference again, listen to talks, and enjoy the hospitality of Japan.</li>
27279 </ul>
27280 <p>###<a href="https://lists.freebsd.org/pipermail/freebsd-announce/2019-March/001871.html">FreeBSD Quarterly Status Report - Fourth Quarter 2018</a></p>
27281 <blockquote>
27282 <p>Since we are still on this island among many in this vast ocean of the Internet, we write this message in a bottle to inform you of the work we have finished and what lies ahead of us. These deeds that we have wrought with our minds and hands, they are for all to partake of - in the hopes that anyone of their free will, will join us in making improvements. In todays message the following by no means complete or ordered set of improvements and additions will be covered:<br>
27283 i386 PAE Pagetables for up to 24GB memory support, Continuous Integration efforts, driver updates to ENA and graphics, ARM enhancements such as RochChip, Marvell 8K, and Broadcom support as well as more DTS files, more Capsicum possibilities, as well as pfsync improvements, and many more things that you can read about for yourselves.<br>
27284 Additionally, we bring news from some islands further down stream, namely the nosh project, HardenedBSD, ClonOS, and the Polish BSD User-Group.<br>
27285 We would, selfishly, encourage those of you who give us the good word to please send in your submissions sooner than just before the deadline, and also encourage anyone willing to share the good word to please read the section on which submissions we’re also interested in having.</p>
27286 </blockquote>
27287 <hr>
27288 <p>###<a href="https://www.linuxinsider.com/story/GhostBSD-A-Solid-Linux-Like-Open-Source-Alternative-85859.html">GhostBSD: A Solid Linux-Like Open Source Alternative</a></p>
27289 <blockquote>
27290 <p>The subject of this week’s Linux Picks and Pans is a representative of a less well-known computing platform that coexists with Linux as an open source operating system. If you thought that the Linux kernel was the only open source engine for a free OS, think again. BSD (Berkeley Software Distribution) shares many of the same features that make Linux OSes viable alternatives to proprietary computing platforms.<br>
27291 GhostBSD is a user-friendly Linux-like desktop operating system based on TrueOS. TrueOS is, in turn, based on FreeBSD’s development branch. TrueOS’ goal is to combine the stability and security of FreeBSD with a preinstalled GNOME, MATE, Xfce, LXDE or Openbox graphical user interface.<br>
27292 I stumbled on TrueOS while checking out new desktop environments and features in recent new releases of a few obscure Linux distros. Along the way, I discovered that today’s BSD computing family is not the closed source Unix platform the “BSD” name might suggest.<br>
27293 In last week’s Redcore Linux review, I mentioned that the Lumina desktop environment was under development for an upcoming Redcore Linux release. Lumina is being developed primarily for BSD OSes. That led me to circle back to a review I wrote two years ago on Lumina being developed for Linux.<br>
27294 GhostBSD is a pleasant discovery. It has nothing to do with being spooky, either. That goes for both the distro and the open source computing family it exposes.<br>
27295 Keep reading to find out what piqued my excitement about Linux-like GhostBSD.</p>
27296 </blockquote>
27297 <hr>
27298 <p>##News Roundup<br>
27299 <a href="http://triosdevelopers.com/jason.eckert/blog/Entries/2019/3/14_SPARCbook_3000ST_-_The_coolest_90s_laptop.html">SPARCbook 3000ST - The coolest 90s laptop</a></p>
27300 <blockquote>
27301 <p>A few weeks back I managed to pick up an incredibly rare laptop in immaculate condition for $50 on Kijiji: a Tadpole Technologies SPARCbook 3000ST from 1997 (it also came with two other working Pentium laptops from the 1990s).<br>
27302 Sun computers were an expensive desire for many computer geeks in the 1990s, and running UNIX on a SPARC-based laptop was, well, just as cool as it gets. SPARC was an open hardware platform that anyone could make, and Tadpole licensed the Solaris UNIX operating system from Sun for their SPARCbooks. Tadpole essentially made high-end UNIX/VAX workstations on costly, unusual platforms (PowerPC, DEC Alpha, SPARC) but only their SPARCbooks were popular in the high-end UNIX market of the 1990s.</p>
27303 </blockquote>
27304 <hr>
27305 <p>###<a href="https://codesmithdev.com/openssh-8-0-releasing-with-quantum-computing-resistant-keys/">OpenSSH 8.0 Releasing With Quantum Computing Resistant Keys</a></p>
27306 <blockquote>
27307 <p>OpenSSH 7.9 came out with a host of bug fixes last year with few new features, as is to be expected in minor releases. However, recently, Damien Miller has announced that OpenSSH 8.0 is nearly ready to be released. Currently, it’s undergoing testing to ensure compatibility across supported systems.</p>
27308 </blockquote>
27309 <ul>
27310 <li><a href="https://twitter.com/damienmiller/status/1111416334737244160">https://twitter.com/damienmiller/status/1111416334737244160</a></li>
27311 </ul>
27312 <blockquote>
27313 <p>Better Security<br>
27314 Copying filenames with scp will be more secure in OpenSSH 8.0 due to the fact that copying filenames from a remote to local directory will prompt scp to check if the files sent from the server match your request. Otherwise, an attack server would theoretically be able to intercept the request by serving malicious files in place of the ones originally requested. Knowing this, you’re probably better off never using scp anyway. OpenSSH advises against it:<br>
27315 “The scp protocol is outdated, inflexible and not readily fixed. We recommend the use of more modern protocols like sftp and rsync for file transfer instead.”</p>
27316 </blockquote>
27317 <ul>
27318 <li>Interesting new features</li>
27319 </ul>
27320 <blockquote>
27321 <p>ssh(1): When prompting whether to record a new host key, accept the key fingerprint as a synonym for “yes”. This allows the user to paste a fingerprint obtained out of band at the prompt and have the client do the comparison for you.</p>
27322 </blockquote>
27323 <hr>
27324 <p>###<a href="https://project-trident.org/post/2019-03-29_18.12-u8_available/">Project Trident : 18.12-U8 Available</a></p>
27325 <blockquote>
27326 <p>Thank you all for your patience! Project Trident has finally finished some significant infrastructure updates over the last 2 weeks, and we are pleased to announce that package update 8 for 18.12-RELEASE is now available.<br>
27327 To switch to the new update, you will need to open the “Configuration” tab in the update manager and switch to the new “Trident-release” package repository. You can also perform this transition via the command line by running: sudo sysup --change-train Trident-release</p>
27328 </blockquote>
27329 <hr>
27330 <p>##Beastie Bits</p>
27331 <ul>
27332 <li><a href="https://sourceforge.net/projects/bsdrp/files/BSD_Router_Project/1.92/">BSD Router Project - Release 1.92</a></li>
27333 <li><a href="https://registration.eurobsdcon.org/conferences/2019/program/proposals/new">EuroBSDcon - New Proposals</a></li>
27334 <li><a href="https://www.reddit.com/r/unix/comments/b1wyde/funny_unix_shirt_ren%C3%A9_magritte_art_parody/">Funny UNIX shirt (René Magritte art parody)</a></li>
27335 <li><a href="https://geoff.greer.fm/2019/03/04/thinkpad-x210/">51NB’s Thinkpad X210</a></li>
27336 <li><a href="https://www.dragonflydigest.com/2019/03/26/22703.html">DragonFly: No more gcc50</a></li>
27337 <li><a href="https://mwl.io/archives/4139">“FreeBSD Mastery: Jails” ebook escaping!</a></li>
27338 <li><a href="https://frab.luga.de/en/LIT2019/public/events/68">FreeBSD talk at the Augsburger Linux Info Days (german)</a></li>
27339 </ul>
27340 <hr>
27341 <p>##Feedback/Questions</p>
27342 <ul>
27343 <li>DJ - <a href="http://dpaste.com/3ZRJ5DA#wrap">FuguIta Feedback</a></li>
27344 <li>Mike - <a href="http://dpaste.com/32TSCH4#wrap">Another Good Show</a></li>
27345 <li>Alex - <a href="http://dpaste.com/34ND6BC#wrap">GhostBSD and wifi</a></li>
27346 </ul>
27347 <hr>
27348 <ul>
27349 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
27350 </ul>
27351 <hr>
27352 <video controls preload="metadata" style=" width:426px; height:240px;">
27353 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0292.mp4" type="video/mp4">
27354 Your browser does not support the HTML5 video tag.
27355 </video>
27356 </description>
27357 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview</itunes:keywords>
27358 <content:encoded>
27359 <![CDATA[<p>FreeBSD Q4 2018 status report, the GhostBSD alternative, the coolest 90s laptop, OpenSSH 8.0 with quantum computing resistant keys exchange, project trident: 18.12-U8 is here, and more.</p>
27360
27361 <p>##Headlines<br>
27362 ###<a href="https://2019.asiabsdcon.org">AsiaBSDcon 2019 recap</a></p>
27363
27364 <ul>
27365 <li>Both Allan and I attended AsiaBSDcon 2019 in Tokyo in mid march. After a couple of days of Tokyo sightseeing and tasting the local food, the conference started with tutorials.</li>
27366 <li>Benedict gave his tutorial about “BSD-based Systems Monitoring with Icinga2 and OpenSSH”, while Allan ran the FreeBSD developer summit.</li>
27367 <li>On the next day, Benedict attended the tutorial “writing (network) tests for FreeBSD” held by Kristof Provost. I learned a lot about Kyua, where tests live and how they are executed. I took some notes, which will likely become an article or chapter in the developers handbook about writing tests.</li>
27368 <li>On the third day, Hiroki Sato officially opened the paper session and then people went into individual talks.</li>
27369 <li>Benedict attended
27370 <blockquote>
27371 <p>Adventure in DRMland - Or how to write a FreeBSD ARM64 DRM driver by Emmanuel<br>
27372 Vadot</p>
27373 </blockquote>
27374 </li>
27375 </ul>
27376
27377 <blockquote>
27378 <p>powerpc64 architecture support in FreeBSD ports by Piotr Kubaj<br>
27379 Managing System Images with ZFS by Allan Jude<br>
27380 FreeBSD - Improving block I/O compatibility in bhyve by Sergiu Weisz<br>
27381 <a href="https://www.youtube.com/watch?v=7kShjboN6ek">Security Fantasies and Realities for the BSDs by George V.<br>
27382 Neville-Neil</a><br>
27383 ZRouter: Remote update of firmware by Hiroki Mori<br>
27384 Improving security of the FreeBSD boot process by Marcin Wojtas</p>
27385 </blockquote>
27386
27387 <ul>
27388 <li>Allan attended
27389 <blockquote>
27390 <p>Adventures in DRMland by Emmanuel Vadot<br>
27391 Intel HAXM by Kamil Rytarowski<br>
27392 BSD Solutions in Australian NGOs<br>
27393 Container Migration on FreeBSD by Yuhei Takagawa<br>
27394 Security Fantasies and Realities for the BSDs by George Neville-Neil</p>
27395 </blockquote>
27396 </li>
27397 </ul>
27398
27399 <blockquote>
27400 <p>ZRouter: Remote update of firmware by Hiroki Mori<br>
27401 Improving security of the FreeBSD boot process by Marcin Wojtas</p>
27402 </blockquote>
27403
27404 <ul>
27405 <li>When not in talks, time was spent in the hallway track and conversations would often continue over dinner.</li>
27406 <li>Stay tuned for announcements about where AsiaBSDcon 2020 will be, as the Tokyo Olympics will likely force some changes for next year. Overall, it was nice to see people at the conference again, listen to talks, and enjoy the hospitality of Japan.</li>
27407 </ul>
27408
27409 <p>###<a href="https://lists.freebsd.org/pipermail/freebsd-announce/2019-March/001871.html">FreeBSD Quarterly Status Report - Fourth Quarter 2018</a></p>
27410
27411 <blockquote>
27412 <p>Since we are still on this island among many in this vast ocean of the Internet, we write this message in a bottle to inform you of the work we have finished and what lies ahead of us. These deeds that we have wrought with our minds and hands, they are for all to partake of - in the hopes that anyone of their free will, will join us in making improvements. In todays message the following by no means complete or ordered set of improvements and additions will be covered:<br>
27413 i386 PAE Pagetables for up to 24GB memory support, Continuous Integration efforts, driver updates to ENA and graphics, ARM enhancements such as RochChip, Marvell 8K, and Broadcom support as well as more DTS files, more Capsicum possibilities, as well as pfsync improvements, and many more things that you can read about for yourselves.<br>
27414 Additionally, we bring news from some islands further down stream, namely the nosh project, HardenedBSD, ClonOS, and the Polish BSD User-Group.<br>
27415 We would, selfishly, encourage those of you who give us the good word to please send in your submissions sooner than just before the deadline, and also encourage anyone willing to share the good word to please read the section on which submissions we’re also interested in having.</p>
27416 </blockquote>
27417
27418 <p><hr></p>
27419
27420 <p>###<a href="https://www.linuxinsider.com/story/GhostBSD-A-Solid-Linux-Like-Open-Source-Alternative-85859.html">GhostBSD: A Solid Linux-Like Open Source Alternative</a></p>
27421
27422 <blockquote>
27423 <p>The subject of this week’s Linux Picks and Pans is a representative of a less well-known computing platform that coexists with Linux as an open source operating system. If you thought that the Linux kernel was the only open source engine for a free OS, think again. BSD (Berkeley Software Distribution) shares many of the same features that make Linux OSes viable alternatives to proprietary computing platforms.<br>
27424 GhostBSD is a user-friendly Linux-like desktop operating system based on TrueOS. TrueOS is, in turn, based on FreeBSD’s development branch. TrueOS’ goal is to combine the stability and security of FreeBSD with a preinstalled GNOME, MATE, Xfce, LXDE or Openbox graphical user interface.<br>
27425 I stumbled on TrueOS while checking out new desktop environments and features in recent new releases of a few obscure Linux distros. Along the way, I discovered that today’s BSD computing family is not the closed source Unix platform the “BSD” name might suggest.<br>
27426 In last week’s Redcore Linux review, I mentioned that the Lumina desktop environment was under development for an upcoming Redcore Linux release. Lumina is being developed primarily for BSD OSes. That led me to circle back to a review I wrote two years ago on Lumina being developed for Linux.<br>
27427 GhostBSD is a pleasant discovery. It has nothing to do with being spooky, either. That goes for both the distro and the open source computing family it exposes.<br>
27428 Keep reading to find out what piqued my excitement about Linux-like GhostBSD.</p>
27429 </blockquote>
27430
27431 <p><hr></p>
27432
27433 <p>##News Roundup<br>
27434 ###<a href="http://triosdevelopers.com/jason.eckert/blog/Entries/2019/3/14_SPARCbook_3000ST_-_The_coolest_90s_laptop.html">SPARCbook 3000ST - The coolest 90s laptop</a></p>
27435
27436 <blockquote>
27437 <p>A few weeks back I managed to pick up an incredibly rare laptop in immaculate condition for $50 on Kijiji: a Tadpole Technologies SPARCbook 3000ST from 1997 (it also came with two other working Pentium laptops from the 1990s).<br>
27438 Sun computers were an expensive desire for many computer geeks in the 1990s, and running UNIX on a SPARC-based laptop was, well, just as cool as it gets. SPARC was an open hardware platform that anyone could make, and Tadpole licensed the Solaris UNIX operating system from Sun for their SPARCbooks. Tadpole essentially made high-end UNIX/VAX workstations on costly, unusual platforms (PowerPC, DEC Alpha, SPARC) but only their SPARCbooks were popular in the high-end UNIX market of the 1990s.</p>
27439 </blockquote>
27440
27441 <p><hr></p>
27442
27443 <p>###<a href="https://codesmithdev.com/openssh-8-0-releasing-with-quantum-computing-resistant-keys/">OpenSSH 8.0 Releasing With Quantum Computing Resistant Keys</a></p>
27444
27445 <blockquote>
27446 <p>OpenSSH 7.9 came out with a host of bug fixes last year with few new features, as is to be expected in minor releases. However, recently, Damien Miller has announced that OpenSSH 8.0 is nearly ready to be released. Currently, it’s undergoing testing to ensure compatibility across supported systems.</p>
27447 </blockquote>
27448
27449 <ul>
27450 <li><a href="https://twitter.com/damienmiller/status/1111416334737244160">https://twitter.com/damienmiller/status/1111416334737244160</a></li>
27451 </ul>
27452
27453 <blockquote>
27454 <p>Better Security<br>
27455 Copying filenames with scp will be more secure in OpenSSH 8.0 due to the fact that copying filenames from a remote to local directory will prompt scp to check if the files sent from the server match your request. Otherwise, an attack server would theoretically be able to intercept the request by serving malicious files in place of the ones originally requested. Knowing this, you’re probably better off never using scp anyway. OpenSSH advises against it:<br>
27456 “The scp protocol is outdated, inflexible and not readily fixed. We recommend the use of more modern protocols like sftp and rsync for file transfer instead.”</p>
27457 </blockquote>
27458
27459 <ul>
27460 <li>Interesting new features</li>
27461 </ul>
27462
27463 <blockquote>
27464 <p>ssh(1): When prompting whether to record a new host key, accept the key fingerprint as a synonym for “yes”. This allows the user to paste a fingerprint obtained out of band at the prompt and have the client do the comparison for you.</p>
27465 </blockquote>
27466
27467 <p><hr></p>
27468
27469 <p>###<a href="https://project-trident.org/post/2019-03-29_18.12-u8_available/">Project Trident : 18.12-U8 Available</a></p>
27470
27471 <blockquote>
27472 <p>Thank you all for your patience! Project Trident has finally finished some significant infrastructure updates over the last 2 weeks, and we are pleased to announce that package update 8 for 18.12-RELEASE is now available.<br>
27473 To switch to the new update, you will need to open the “Configuration” tab in the update manager and switch to the new “Trident-release” package repository. You can also perform this transition via the command line by running: sudo sysup --change-train Trident-release</p>
27474 </blockquote>
27475
27476 <p><hr></p>
27477
27478 <p>##Beastie Bits</p>
27479
27480 <ul>
27481 <li><a href="https://sourceforge.net/projects/bsdrp/files/BSD_Router_Project/1.92/">BSD Router Project - Release 1.92</a></li>
27482 <li><a href="https://registration.eurobsdcon.org/conferences/2019/program/proposals/new">EuroBSDcon - New Proposals</a></li>
27483 <li><a href="https://www.reddit.com/r/unix/comments/b1wyde/funny_unix_shirt_ren%C3%A9_magritte_art_parody/">Funny UNIX shirt (René Magritte art parody)</a></li>
27484 <li><a href="https://geoff.greer.fm/2019/03/04/thinkpad-x210/">51NB’s Thinkpad X210</a></li>
27485 <li><a href="https://www.dragonflydigest.com/2019/03/26/22703.html">DragonFly: No more gcc50</a></li>
27486 <li><a href="https://mwl.io/archives/4139">“FreeBSD Mastery: Jails” ebook escaping!</a></li>
27487 <li><a href="https://frab.luga.de/en/LIT2019/public/events/68">FreeBSD talk at the Augsburger Linux Info Days (german)</a></li>
27488 </ul>
27489
27490 <p><hr></p>
27491
27492 <p>##Feedback/Questions</p>
27493
27494 <ul>
27495 <li>DJ - <a href="http://dpaste.com/3ZRJ5DA#wrap">FuguIta Feedback</a></li>
27496 <li>Mike - <a href="http://dpaste.com/32TSCH4#wrap">Another Good Show</a></li>
27497 <li>Alex - <a href="http://dpaste.com/34ND6BC#wrap">GhostBSD and wifi</a></li>
27498 </ul>
27499
27500 <p><hr></p>
27501
27502 <ul>
27503 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
27504 </ul>
27505
27506 <p><hr></p>
27507
27508 <video controls preload="metadata" style=" width:426px; height:240px;">
27509 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0292.mp4" type="video/mp4">
27510 Your browser does not support the HTML5 video tag.
27511 </video>]]>
27512 </content:encoded>
27513 <itunes:summary>
27514 <![CDATA[<p>FreeBSD Q4 2018 status report, the GhostBSD alternative, the coolest 90s laptop, OpenSSH 8.0 with quantum computing resistant keys exchange, project trident: 18.12-U8 is here, and more.</p>
27515
27516 <p>##Headlines<br>
27517 ###<a href="https://2019.asiabsdcon.org">AsiaBSDcon 2019 recap</a></p>
27518
27519 <ul>
27520 <li>Both Allan and I attended AsiaBSDcon 2019 in Tokyo in mid march. After a couple of days of Tokyo sightseeing and tasting the local food, the conference started with tutorials.</li>
27521 <li>Benedict gave his tutorial about “BSD-based Systems Monitoring with Icinga2 and OpenSSH”, while Allan ran the FreeBSD developer summit.</li>
27522 <li>On the next day, Benedict attended the tutorial “writing (network) tests for FreeBSD” held by Kristof Provost. I learned a lot about Kyua, where tests live and how they are executed. I took some notes, which will likely become an article or chapter in the developers handbook about writing tests.</li>
27523 <li>On the third day, Hiroki Sato officially opened the paper session and then people went into individual talks.</li>
27524 <li>Benedict attended
27525 <blockquote>
27526 <p>Adventure in DRMland - Or how to write a FreeBSD ARM64 DRM driver by Emmanuel<br>
27527 Vadot</p>
27528 </blockquote>
27529 </li>
27530 </ul>
27531
27532 <blockquote>
27533 <p>powerpc64 architecture support in FreeBSD ports by Piotr Kubaj<br>
27534 Managing System Images with ZFS by Allan Jude<br>
27535 FreeBSD - Improving block I/O compatibility in bhyve by Sergiu Weisz<br>
27536 <a href="https://www.youtube.com/watch?v=7kShjboN6ek">Security Fantasies and Realities for the BSDs by George V.<br>
27537 Neville-Neil</a><br>
27538 ZRouter: Remote update of firmware by Hiroki Mori<br>
27539 Improving security of the FreeBSD boot process by Marcin Wojtas</p>
27540 </blockquote>
27541
27542 <ul>
27543 <li>Allan attended
27544 <blockquote>
27545 <p>Adventures in DRMland by Emmanuel Vadot<br>
27546 Intel HAXM by Kamil Rytarowski<br>
27547 BSD Solutions in Australian NGOs<br>
27548 Container Migration on FreeBSD by Yuhei Takagawa<br>
27549 Security Fantasies and Realities for the BSDs by George Neville-Neil</p>
27550 </blockquote>
27551 </li>
27552 </ul>
27553
27554 <blockquote>
27555 <p>ZRouter: Remote update of firmware by Hiroki Mori<br>
27556 Improving security of the FreeBSD boot process by Marcin Wojtas</p>
27557 </blockquote>
27558
27559 <ul>
27560 <li>When not in talks, time was spent in the hallway track and conversations would often continue over dinner.</li>
27561 <li>Stay tuned for announcements about where AsiaBSDcon 2020 will be, as the Tokyo Olympics will likely force some changes for next year. Overall, it was nice to see people at the conference again, listen to talks, and enjoy the hospitality of Japan.</li>
27562 </ul>
27563
27564 <p>###<a href="https://lists.freebsd.org/pipermail/freebsd-announce/2019-March/001871.html">FreeBSD Quarterly Status Report - Fourth Quarter 2018</a></p>
27565
27566 <blockquote>
27567 <p>Since we are still on this island among many in this vast ocean of the Internet, we write this message in a bottle to inform you of the work we have finished and what lies ahead of us. These deeds that we have wrought with our minds and hands, they are for all to partake of - in the hopes that anyone of their free will, will join us in making improvements. In todays message the following by no means complete or ordered set of improvements and additions will be covered:<br>
27568 i386 PAE Pagetables for up to 24GB memory support, Continuous Integration efforts, driver updates to ENA and graphics, ARM enhancements such as RochChip, Marvell 8K, and Broadcom support as well as more DTS files, more Capsicum possibilities, as well as pfsync improvements, and many more things that you can read about for yourselves.<br>
27569 Additionally, we bring news from some islands further down stream, namely the nosh project, HardenedBSD, ClonOS, and the Polish BSD User-Group.<br>
27570 We would, selfishly, encourage those of you who give us the good word to please send in your submissions sooner than just before the deadline, and also encourage anyone willing to share the good word to please read the section on which submissions we’re also interested in having.</p>
27571 </blockquote>
27572
27573 <p><hr></p>
27574
27575 <p>###<a href="https://www.linuxinsider.com/story/GhostBSD-A-Solid-Linux-Like-Open-Source-Alternative-85859.html">GhostBSD: A Solid Linux-Like Open Source Alternative</a></p>
27576
27577 <blockquote>
27578 <p>The subject of this week’s Linux Picks and Pans is a representative of a less well-known computing platform that coexists with Linux as an open source operating system. If you thought that the Linux kernel was the only open source engine for a free OS, think again. BSD (Berkeley Software Distribution) shares many of the same features that make Linux OSes viable alternatives to proprietary computing platforms.<br>
27579 GhostBSD is a user-friendly Linux-like desktop operating system based on TrueOS. TrueOS is, in turn, based on FreeBSD’s development branch. TrueOS’ goal is to combine the stability and security of FreeBSD with a preinstalled GNOME, MATE, Xfce, LXDE or Openbox graphical user interface.<br>
27580 I stumbled on TrueOS while checking out new desktop environments and features in recent new releases of a few obscure Linux distros. Along the way, I discovered that today’s BSD computing family is not the closed source Unix platform the “BSD” name might suggest.<br>
27581 In last week’s Redcore Linux review, I mentioned that the Lumina desktop environment was under development for an upcoming Redcore Linux release. Lumina is being developed primarily for BSD OSes. That led me to circle back to a review I wrote two years ago on Lumina being developed for Linux.<br>
27582 GhostBSD is a pleasant discovery. It has nothing to do with being spooky, either. That goes for both the distro and the open source computing family it exposes.<br>
27583 Keep reading to find out what piqued my excitement about Linux-like GhostBSD.</p>
27584 </blockquote>
27585
27586 <p><hr></p>
27587
27588 <p>##News Roundup<br>
27589 ###<a href="http://triosdevelopers.com/jason.eckert/blog/Entries/2019/3/14_SPARCbook_3000ST_-_The_coolest_90s_laptop.html">SPARCbook 3000ST - The coolest 90s laptop</a></p>
27590
27591 <blockquote>
27592 <p>A few weeks back I managed to pick up an incredibly rare laptop in immaculate condition for $50 on Kijiji: a Tadpole Technologies SPARCbook 3000ST from 1997 (it also came with two other working Pentium laptops from the 1990s).<br>
27593 Sun computers were an expensive desire for many computer geeks in the 1990s, and running UNIX on a SPARC-based laptop was, well, just as cool as it gets. SPARC was an open hardware platform that anyone could make, and Tadpole licensed the Solaris UNIX operating system from Sun for their SPARCbooks. Tadpole essentially made high-end UNIX/VAX workstations on costly, unusual platforms (PowerPC, DEC Alpha, SPARC) but only their SPARCbooks were popular in the high-end UNIX market of the 1990s.</p>
27594 </blockquote>
27595
27596 <p><hr></p>
27597
27598 <p>###<a href="https://codesmithdev.com/openssh-8-0-releasing-with-quantum-computing-resistant-keys/">OpenSSH 8.0 Releasing With Quantum Computing Resistant Keys</a></p>
27599
27600 <blockquote>
27601 <p>OpenSSH 7.9 came out with a host of bug fixes last year with few new features, as is to be expected in minor releases. However, recently, Damien Miller has announced that OpenSSH 8.0 is nearly ready to be released. Currently, it’s undergoing testing to ensure compatibility across supported systems.</p>
27602 </blockquote>
27603
27604 <ul>
27605 <li><a href="https://twitter.com/damienmiller/status/1111416334737244160">https://twitter.com/damienmiller/status/1111416334737244160</a></li>
27606 </ul>
27607
27608 <blockquote>
27609 <p>Better Security<br>
27610 Copying filenames with scp will be more secure in OpenSSH 8.0 due to the fact that copying filenames from a remote to local directory will prompt scp to check if the files sent from the server match your request. Otherwise, an attack server would theoretically be able to intercept the request by serving malicious files in place of the ones originally requested. Knowing this, you’re probably better off never using scp anyway. OpenSSH advises against it:<br>
27611 “The scp protocol is outdated, inflexible and not readily fixed. We recommend the use of more modern protocols like sftp and rsync for file transfer instead.”</p>
27612 </blockquote>
27613
27614 <ul>
27615 <li>Interesting new features</li>
27616 </ul>
27617
27618 <blockquote>
27619 <p>ssh(1): When prompting whether to record a new host key, accept the key fingerprint as a synonym for “yes”. This allows the user to paste a fingerprint obtained out of band at the prompt and have the client do the comparison for you.</p>
27620 </blockquote>
27621
27622 <p><hr></p>
27623
27624 <p>###<a href="https://project-trident.org/post/2019-03-29_18.12-u8_available/">Project Trident : 18.12-U8 Available</a></p>
27625
27626 <blockquote>
27627 <p>Thank you all for your patience! Project Trident has finally finished some significant infrastructure updates over the last 2 weeks, and we are pleased to announce that package update 8 for 18.12-RELEASE is now available.<br>
27628 To switch to the new update, you will need to open the “Configuration” tab in the update manager and switch to the new “Trident-release” package repository. You can also perform this transition via the command line by running: sudo sysup --change-train Trident-release</p>
27629 </blockquote>
27630
27631 <p><hr></p>
27632
27633 <p>##Beastie Bits</p>
27634
27635 <ul>
27636 <li><a href="https://sourceforge.net/projects/bsdrp/files/BSD_Router_Project/1.92/">BSD Router Project - Release 1.92</a></li>
27637 <li><a href="https://registration.eurobsdcon.org/conferences/2019/program/proposals/new">EuroBSDcon - New Proposals</a></li>
27638 <li><a href="https://www.reddit.com/r/unix/comments/b1wyde/funny_unix_shirt_ren%C3%A9_magritte_art_parody/">Funny UNIX shirt (René Magritte art parody)</a></li>
27639 <li><a href="https://geoff.greer.fm/2019/03/04/thinkpad-x210/">51NB’s Thinkpad X210</a></li>
27640 <li><a href="https://www.dragonflydigest.com/2019/03/26/22703.html">DragonFly: No more gcc50</a></li>
27641 <li><a href="https://mwl.io/archives/4139">“FreeBSD Mastery: Jails” ebook escaping!</a></li>
27642 <li><a href="https://frab.luga.de/en/LIT2019/public/events/68">FreeBSD talk at the Augsburger Linux Info Days (german)</a></li>
27643 </ul>
27644
27645 <p><hr></p>
27646
27647 <p>##Feedback/Questions</p>
27648
27649 <ul>
27650 <li>DJ - <a href="http://dpaste.com/3ZRJ5DA#wrap">FuguIta Feedback</a></li>
27651 <li>Mike - <a href="http://dpaste.com/32TSCH4#wrap">Another Good Show</a></li>
27652 <li>Alex - <a href="http://dpaste.com/34ND6BC#wrap">GhostBSD and wifi</a></li>
27653 </ul>
27654
27655 <p><hr></p>
27656
27657 <ul>
27658 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
27659 </ul>
27660
27661 <p><hr></p>
27662
27663 <video controls preload="metadata" style=" width:426px; height:240px;">
27664 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0292.mp4" type="video/mp4">
27665 Your browser does not support the HTML5 video tag.
27666 </video>]]>
27667 </itunes:summary>
27668 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+JI4U-36G</fireside:playerURL>
27669 <fireside:playerEmbedCode>
27670 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+JI4U-36G" width="740" height="200" frameborder="0" scrolling="no">]]>
27671 </fireside:playerEmbedCode>
27672 </item>
27673 <item>
27674 <title>291: Storage Changes Software</title>
27675 <link>https://www.bsdnow.tv/291</link>
27676 <guid isPermaLink="false">54559ca9-f84f-4e9e-8323-3a5a0919937f</guid>
27677 <pubDate>Thu, 28 Mar 2019 07:00:00 -0700</pubDate>
27678 <author>Allan Jude</author>
27679 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/54559ca9-f84f-4e9e-8323-3a5a0919937f.mp3" length="43826319" type="audio/mp3"/>
27680 <itunes:episodeType>full</itunes:episodeType>
27681 <itunes:author>Allan Jude</itunes:author>
27682 <itunes:subtitle>Storage changing software, what makes Unix special, what you need may be “pipeline +Unix commands”, running a bakery on Emacs and PostgreSQL, the ultimate guide to memorable tech talks, light-weight contexts, and more.</itunes:subtitle>
27683 <itunes:duration>1:12:44</itunes:duration>
27684 <itunes:explicit>no</itunes:explicit>
27685 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
27686 <description>Storage changing software, what makes Unix special, what you need may be “pipeline +Unix commands”, running a bakery on Emacs and PostgreSQL, the ultimate guide to memorable tech talks, light-weight contexts, and more.
27687 <p>##Headlines</p>
27688 <p>###<a href="https://news.gandi.net/en/2019/03/tracking-a-storage-issue-led-to-software-change/">Tracking a storage issue led to software change</a></p>
27689 <blockquote>
27690 <p>Early last year we completed a massive migration that moved our customers’ hosting data off of a legacy datacenter (that we called FR-SD2) onto several new datacenters (that we call FR-SD3, FR-SD5, and FR-SD6) with much more modern, up-to-date infrastructure.<br>
27691 This migration required several changes in both the software and hardware we use, including switching the operating system on our storage units to FreeBSD.<br>
27692 Currently, we use the NFS protocol to provide storage and export the filesystems on Simple Hosting, our web hosting service, and the FreeBSD kernel includes an NFS server for just this purpose.</p>
27693 </blockquote>
27694 <ul>
27695 <li>Problem</li>
27696 </ul>
27697 <blockquote>
27698 <p>While migrating virtual disks of Simple Hosting instances from FR-SD2, we noticed high CPU load spikes on the new storage units.</p>
27699 </blockquote>
27700 <hr>
27701 <p>###<a href="https://www.softwaredevelopment.site/2019/02/what-makes-unix-special.html">What Makes Unix Special</a></p>
27702 <blockquote>
27703 <p>Ever since Unix burst onto the scene within the early '70s, observers within the pc world have been fast to put in writing it off as a unusual working system designed by and for knowledgeable programmers. Regardless of their proclamations, Unix refuses to die. Means again in 1985, Stewart Cheifet puzzled if Unix would turn out to be the usual working system of the longer term on the PBS present “The Laptop Chronicles,” though MS-DOS was effectively in its heyday. In 2018, it is clear that Unix actually is the usual working system, not on desktop PCs, however on smartphones and tablets.</p>
27704 </blockquote>
27705 <ul>
27706 <li>What Makes Unix Special?</li>
27707 </ul>
27708 <blockquote>
27709 <p>It is also the usual system for net servers. The actual fact is, hundreds of thousands of individuals all over the world have interacted with Linux and Unix programs daily, most of whom have by no means written a line of code of their lives.<br>
27710 So what makes Unix so beloved by programmers and different techie sorts? Let’s check out a few of issues this working system has going for it. (For some background on Unix, try The Historical past of Unix: From Bell Labs to the iPhone.)</p>
27711 </blockquote>
27712 <hr>
27713 <p>##News Roundup<br>
27714 <a href="https://nanxiao.me/en/what-you-need-may-be-pipeline-unix-commands-only/">What you need may be “pipeline +Unix commands” only</a></p>
27715 <blockquote>
27716 <p>I came across Taco Bell Programming recently, and think this article is worthy to read for every software engineer. The post mentions a scenario which you may consider to use Hadoop to solve but actually xargs may be a simpler and better choice. This reminds me a similar experience: last year a client wanted me to process a data file which has 5 million records. After some investigations, no novel technologies, a concise awk script (less than 10 lines) worked like a charm! What surprised me more is that awk is just a single-thread program, no nifty concurrency involved.<br>
27717 The IT field never lacks “new” technologies: cloud computing, big data, high concurrency, etc. However, the thinkings behind these “fancy” words may date back to the era when Unix arose. Unix command line tools are invaluable treasure. In many cases, picking the right components and using pipeline to glue them can satisfy your requirement perfectly. So spending some time in reviewing Unixcommand line manual instead of chasing state-of-the-art techniques exhaustedly, you may gain more.<br>
27718 BTW, if your data set can be disposed by an awk script, it should not be called “big data”.</p>
27719 </blockquote>
27720 <ul>
27721 <li><a href="http://widgetsandshit.com/teddziuba/2010/10/taco-bell-programming.html">Taco Bell Programming</a></li>
27722 </ul>
27723 <hr>
27724 <p>###<a href="https://bofh.org.uk/2019/02/25/baking-with-emacs/">Running a bakery on Emacs and PostgreSQL</a></p>
27725 <blockquote>
27726 <p>Just over a year ago now, I finally opened the bakery I’d been dreaming of for years. It’s been a big change in my life, from spending all my time sat in front of a computer, to spending most of it making actual stuff. And stuff that makes people happy, at that. It’s been a huge change, but I can’t think of a single job change that’s ever made me as happy as this one.<br>
27727 One of the big changes that came with going pro was that suddenly I was having to work out how much stuff I needed to mix to fill the orders I needed. On the face of it, this is really simple, just work out how much dough you need, then work out what quantities to mix to make that much dough. Easy. You can do it with a pencil and paper. Or, in traditional bakers’ fashion, by scrawling with your finger on a floured work bench.<br>
27728 And that’s how I coped for a few weeks early on. But I kept making mistakes, which makes for an inconsistent product (bread is very forgiving, you have to work quite hard to make something that isn’t bread, but consistency matters). I needed to automate.</p>
27729 </blockquote>
27730 <hr>
27731 <p>###<a href="https://medium.com/@nnja/the-ultimate-guide-to-memorable-tech-talks-e7c350778d4b">The Ultimate Guide To Memorable Tech Talks</a></p>
27732 <blockquote>
27733 <p>Imagine this. You’re a woman in a male-dominated field. English is not your first language. Even though you’re confident in your engineering work, the thought of public speaking and being recorded for the world to see absolutely terrifies you.<br>
27734 That was me, five years ago. Since then, I’ve moved into a successful career in Developer Advocacy and spoken at dozens of technical events in the U.S. and worldwide.<br>
27735 I think everyone has the ability to deliver stellar conference talks, which is why I took the time to write this post.</p>
27736 </blockquote>
27737 <ul>
27738 <li>The Ultimate Guide</li>
27739 <li>1: Introduction</li>
27740 <li>2: Choosing a Topic</li>
27741 <li>3: Writing a Conference Proposal (or CFP)</li>
27742 <li>4: Tools of the Trade</li>
27743 <li>5: Planning and Time Estimation</li>
27744 <li>6: Writing a Talk</li>
27745 <li>7: Practice and Delivery</li>
27746 </ul>
27747 <hr>
27748 <p>###<a href="https://people.mpi-sws.org/~druschel/publications/osdi16.pdf">Light-weight Contexts: An OS Abstraction for Safety and Performance (2016)</a></p>
27749 <blockquote>
27750 <p>Abstract: “We introduce a new OS abstraction—light-weight con-texts (lwCs)—that provides independent units of protection, privilege, and execution state within a process. A process may include several lwCs, each with possibly different views of memory, file descriptors, and access capabilities. lwCs can be used to efficiently implement roll-back (process can return to a prior recorded state),isolated address spaces (lwCs within the process may have different views of memory, e.g., isolating sensitive data from network-facing components or isolating different user sessions), and privilege separation (in-process reference monitors can arbitrate and control access).<br>
27751 lwCs can be implemented efficiently: the overhead of a lwC is proportional to the amount of memory exclusive to the lwC; switching lwCs is quicker than switching kernel threads within the same process. We describe the lwC abstraction and API, and an implementation of lwCs within the FreeBSD 11.0 kernel. Finally, we present an evaluation of common usage patterns, including fast roll-back, session isolation, sensitive data isolation, and in-process reference monitoring, using Apache, nginx, PHP,and OpenSSL.”</p>
27752 </blockquote>
27753 <hr>
27754 <p>##Beastie Bits</p>
27755 <ul>
27756 <li><a href="https://www.meetup.com/BSD-Users-Stockholm/events/259528492/">May 7th - BSD Users Stockholm Meetup #6 </a></li>
27757 <li><a href="https://lists.freebsd.org/pipermail/freebsd-virtualization/2019-February/007218.html">sysutils/docker-freebsd: Searching for people to help</a></li>
27758 <li><a href="https://twitter.com/midnightbsd/status/1104018684748677122">Cat Tax - Ever wonder what Midnight the cat was like?</a></li>
27759 <li><a href="https://dwheeler.com/essays/fixing-unix-linux-filenames.html">Fixing Unix/Linux/POSIX Filenames</a></li>
27760 <li><a href="https://chargen.one/h3artbl33d/metasploit-on-openbsd">Metasploit on OpenBSD</a></li>
27761 <li><a href="https://schmonz.com/2019/01/25/devopsdays-nyc-run-your-own-email-server/slides/#1">Run Your @wn Email Server! with NetBSD</a></li>
27762 <li><a href="http://johan.huldtgren.com/posts/2019/rdist">rdist(1)</a></li>
27763 <li><a href="https://joecmarshall.com/posts/book-writing-environment/">Writing a Book with Unix</a></li>
27764 <li><a href="https://neowaylabs.github.io/programming/unix-shell-for-data-scientists/">7 Unix Commands Every Data Scientist Should Know</a></li>
27765 <li><a href="https://blog.regehr.org/archives/1653">Explaining Code using ASCII Art</a></li>
27766 <li><a href="https://wiki.freebsd.org/Hackathon/201904">FreeBSD Aberdeen Hackathon</a></li>
27767 <li><a href="https://wiki.freebsd.org/Hackathon/201906">FreeBSD Vienna Hackathon</a></li>
27768 </ul>
27769 <hr>
27770 <p>##Feedback/Questions</p>
27771 <ul>
27772 <li>
27773 <p>Mike - <a href="http://dpaste.com/2405MF1#wrap">FreeBSD Update and Erased EFI files</a></p>
27774 </li>
27775 <li>
27776 <p>Charles - <a href="http://dpaste.com/2WFTXR2#wrap">Volunteer work</a></p>
27777 </li>
27778 <li>
27779 <p>Jake - <a href="http://dpaste.com/1AA6C55">Bhyve Front Ends</a></p>
27780 </li>
27781 <li>
27782 <p>We’ve hit that point where we are running low on your questions, so if you have any questions rolling around in your head that you’ve not thought of to ask yet… send them in!</p>
27783 </li>
27784 </ul>
27785 <hr>
27786 <ul>
27787 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
27788 </ul>
27789 <hr>
27790 <video controls preload="metadata" style=" width:426px; height:240px;">
27791 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0291.mp4" type="video/mp4">
27792 Your browser does not support the HTML5 video tag.
27793 </video>
27794 </description>
27795 <itunes:keywords> freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview</itunes:keywords>
27796 <content:encoded>
27797 <![CDATA[<p>Storage changing software, what makes Unix special, what you need may be “pipeline +Unix commands”, running a bakery on Emacs and PostgreSQL, the ultimate guide to memorable tech talks, light-weight contexts, and more.</p>
27798
27799 <p>##Headlines</p>
27800
27801 <p>###<a href="https://news.gandi.net/en/2019/03/tracking-a-storage-issue-led-to-software-change/">Tracking a storage issue led to software change</a></p>
27802
27803 <blockquote>
27804 <p>Early last year we completed a massive migration that moved our customers’ hosting data off of a legacy datacenter (that we called FR-SD2) onto several new datacenters (that we call FR-SD3, FR-SD5, and FR-SD6) with much more modern, up-to-date infrastructure.<br>
27805 This migration required several changes in both the software and hardware we use, including switching the operating system on our storage units to FreeBSD.<br>
27806 Currently, we use the NFS protocol to provide storage and export the filesystems on Simple Hosting, our web hosting service, and the FreeBSD kernel includes an NFS server for just this purpose.</p>
27807 </blockquote>
27808
27809 <ul>
27810 <li>Problem</li>
27811 </ul>
27812
27813 <blockquote>
27814 <p>While migrating virtual disks of Simple Hosting instances from FR-SD2, we noticed high CPU load spikes on the new storage units.</p>
27815 </blockquote>
27816
27817 <p><hr></p>
27818
27819 <p>###<a href="https://www.softwaredevelopment.site/2019/02/what-makes-unix-special.html">What Makes Unix Special</a></p>
27820
27821 <blockquote>
27822 <p>Ever since Unix burst onto the scene within the early '70s, observers within the pc world have been fast to put in writing it off as a unusual working system designed by and for knowledgeable programmers. Regardless of their proclamations, Unix refuses to die. Means again in 1985, Stewart Cheifet puzzled if Unix would turn out to be the usual working system of the longer term on the PBS present “The Laptop Chronicles,” though MS-DOS was effectively in its heyday. In 2018, it is clear that Unix actually is the usual working system, not on desktop PCs, however on smartphones and tablets.</p>
27823 </blockquote>
27824
27825 <ul>
27826 <li>What Makes Unix Special?</li>
27827 </ul>
27828
27829 <blockquote>
27830 <p>It is also the usual system for net servers. The actual fact is, hundreds of thousands of individuals all over the world have interacted with Linux and Unix programs daily, most of whom have by no means written a line of code of their lives.<br>
27831 So what makes Unix so beloved by programmers and different techie sorts? Let’s check out a few of issues this working system has going for it. (For some background on Unix, try The Historical past of Unix: From Bell Labs to the iPhone.)</p>
27832 </blockquote>
27833
27834 <p><hr></p>
27835
27836 <p>##News Roundup<br>
27837 ###<a href="https://nanxiao.me/en/what-you-need-may-be-pipeline-unix-commands-only/">What you need may be “pipeline +Unix commands” only</a></p>
27838
27839 <blockquote>
27840 <p>I came across Taco Bell Programming recently, and think this article is worthy to read for every software engineer. The post mentions a scenario which you may consider to use Hadoop to solve but actually xargs may be a simpler and better choice. This reminds me a similar experience: last year a client wanted me to process a data file which has 5 million records. After some investigations, no novel technologies, a concise awk script (less than 10 lines) worked like a charm! What surprised me more is that awk is just a single-thread program, no nifty concurrency involved.<br>
27841 The IT field never lacks “new” technologies: cloud computing, big data, high concurrency, etc. However, the thinkings behind these “fancy” words may date back to the era when Unix arose. Unix command line tools are invaluable treasure. In many cases, picking the right components and using pipeline to glue them can satisfy your requirement perfectly. So spending some time in reviewing Unixcommand line manual instead of chasing state-of-the-art techniques exhaustedly, you may gain more.<br>
27842 BTW, if your data set can be disposed by an awk script, it should not be called “big data”.</p>
27843 </blockquote>
27844
27845 <ul>
27846 <li><a href="http://widgetsandshit.com/teddziuba/2010/10/taco-bell-programming.html">Taco Bell Programming</a></li>
27847 </ul>
27848
27849 <p><hr></p>
27850
27851 <p>###<a href="https://bofh.org.uk/2019/02/25/baking-with-emacs/">Running a bakery on Emacs and PostgreSQL</a></p>
27852
27853 <blockquote>
27854 <p>Just over a year ago now, I finally opened the bakery I’d been dreaming of for years. It’s been a big change in my life, from spending all my time sat in front of a computer, to spending most of it making actual stuff. And stuff that makes people happy, at that. It’s been a huge change, but I can’t think of a single job change that’s ever made me as happy as this one.<br>
27855 One of the big changes that came with going pro was that suddenly I was having to work out how much stuff I needed to mix to fill the orders I needed. On the face of it, this is really simple, just work out how much dough you need, then work out what quantities to mix to make that much dough. Easy. You can do it with a pencil and paper. Or, in traditional bakers’ fashion, by scrawling with your finger on a floured work bench.<br>
27856 And that’s how I coped for a few weeks early on. But I kept making mistakes, which makes for an inconsistent product (bread is very forgiving, you have to work quite hard to make something that isn’t bread, but consistency matters). I needed to automate.</p>
27857 </blockquote>
27858
27859 <p><hr></p>
27860
27861 <p>###<a href="https://medium.com/@nnja/the-ultimate-guide-to-memorable-tech-talks-e7c350778d4b">The Ultimate Guide To Memorable Tech Talks</a></p>
27862
27863 <blockquote>
27864 <p>Imagine this. You’re a woman in a male-dominated field. English is not your first language. Even though you’re confident in your engineering work, the thought of public speaking and being recorded for the world to see absolutely terrifies you.<br>
27865 That was me, five years ago. Since then, I’ve moved into a successful career in Developer Advocacy and spoken at dozens of technical events in the U.S. and worldwide.<br>
27866 I think everyone has the ability to deliver stellar conference talks, which is why I took the time to write this post.</p>
27867 </blockquote>
27868
27869 <ul>
27870 <li>The Ultimate Guide</li>
27871 <li>1: Introduction</li>
27872 <li>2: Choosing a Topic</li>
27873 <li>3: Writing a Conference Proposal (or CFP)</li>
27874 <li>4: Tools of the Trade</li>
27875 <li>5: Planning and Time Estimation</li>
27876 <li>6: Writing a Talk</li>
27877 <li>7: Practice and Delivery</li>
27878 </ul>
27879
27880 <p><hr></p>
27881
27882 <p>###<a href="https://people.mpi-sws.org/~druschel/publications/osdi16.pdf">Light-weight Contexts: An OS Abstraction for Safety and Performance (2016)</a></p>
27883
27884 <blockquote>
27885 <p>Abstract: “We introduce a new OS abstraction—light-weight con-texts (lwCs)—that provides independent units of protection, privilege, and execution state within a process. A process may include several lwCs, each with possibly different views of memory, file descriptors, and access capabilities. lwCs can be used to efficiently implement roll-back (process can return to a prior recorded state),isolated address spaces (lwCs within the process may have different views of memory, e.g., isolating sensitive data from network-facing components or isolating different user sessions), and privilege separation (in-process reference monitors can arbitrate and control access).<br>
27886 lwCs can be implemented efficiently: the overhead of a lwC is proportional to the amount of memory exclusive to the lwC; switching lwCs is quicker than switching kernel threads within the same process. We describe the lwC abstraction and API, and an implementation of lwCs within the FreeBSD 11.0 kernel. Finally, we present an evaluation of common usage patterns, including fast roll-back, session isolation, sensitive data isolation, and in-process reference monitoring, using Apache, nginx, PHP,and OpenSSL.”</p>
27887 </blockquote>
27888
27889 <p><hr></p>
27890
27891 <p>##Beastie Bits</p>
27892
27893 <ul>
27894 <li><a href="https://www.meetup.com/BSD-Users-Stockholm/events/259528492/">May 7th - BSD Users Stockholm Meetup #6 </a></li>
27895 <li><a href="https://lists.freebsd.org/pipermail/freebsd-virtualization/2019-February/007218.html">sysutils/docker-freebsd: Searching for people to help</a></li>
27896 <li><a href="https://twitter.com/midnightbsd/status/1104018684748677122">Cat Tax - Ever wonder what Midnight the cat was like?</a></li>
27897 <li><a href="https://dwheeler.com/essays/fixing-unix-linux-filenames.html">Fixing Unix/Linux/POSIX Filenames</a></li>
27898 <li><a href="https://chargen.one/h3artbl33d/metasploit-on-openbsd">Metasploit on OpenBSD</a></li>
27899 <li><a href="https://schmonz.com/2019/01/25/devopsdays-nyc-run-your-own-email-server/slides/#1">Run Your @wn Email Server! with NetBSD</a></li>
27900 <li><a href="http://johan.huldtgren.com/posts/2019/rdist">rdist(1)</a></li>
27901 <li><a href="https://joecmarshall.com/posts/book-writing-environment/">Writing a Book with Unix</a></li>
27902 <li><a href="https://neowaylabs.github.io/programming/unix-shell-for-data-scientists/">7 Unix Commands Every Data Scientist Should Know</a></li>
27903 <li><a href="https://blog.regehr.org/archives/1653">Explaining Code using ASCII Art</a></li>
27904 <li><a href="https://wiki.freebsd.org/Hackathon/201904">FreeBSD Aberdeen Hackathon</a></li>
27905 <li><a href="https://wiki.freebsd.org/Hackathon/201906">FreeBSD Vienna Hackathon</a></li>
27906 </ul>
27907
27908 <p><hr></p>
27909
27910 <p>##Feedback/Questions</p>
27911
27912 <ul>
27913 <li>
27914 <p>Mike - <a href="http://dpaste.com/2405MF1#wrap">FreeBSD Update and Erased EFI files</a></p>
27915 </li>
27916 <li>
27917 <p>Charles - <a href="http://dpaste.com/2WFTXR2#wrap">Volunteer work</a></p>
27918 </li>
27919 <li>
27920 <p>Jake - <a href="http://dpaste.com/1AA6C55">Bhyve Front Ends</a></p>
27921 </li>
27922 <li>
27923 <p>We’ve hit that point where we are running low on your questions, so if you have any questions rolling around in your head that you’ve not thought of to ask yet… send them in!</p>
27924 </li>
27925 </ul>
27926
27927 <p><hr></p>
27928
27929 <ul>
27930 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
27931 </ul>
27932
27933 <p><hr></p>
27934
27935 <video controls preload="metadata" style=" width:426px; height:240px;">
27936 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0291.mp4" type="video/mp4">
27937 Your browser does not support the HTML5 video tag.
27938 </video>]]>
27939 </content:encoded>
27940 <itunes:summary>
27941 <![CDATA[<p>Storage changing software, what makes Unix special, what you need may be “pipeline +Unix commands”, running a bakery on Emacs and PostgreSQL, the ultimate guide to memorable tech talks, light-weight contexts, and more.</p>
27942
27943 <p>##Headlines</p>
27944
27945 <p>###<a href="https://news.gandi.net/en/2019/03/tracking-a-storage-issue-led-to-software-change/">Tracking a storage issue led to software change</a></p>
27946
27947 <blockquote>
27948 <p>Early last year we completed a massive migration that moved our customers’ hosting data off of a legacy datacenter (that we called FR-SD2) onto several new datacenters (that we call FR-SD3, FR-SD5, and FR-SD6) with much more modern, up-to-date infrastructure.<br>
27949 This migration required several changes in both the software and hardware we use, including switching the operating system on our storage units to FreeBSD.<br>
27950 Currently, we use the NFS protocol to provide storage and export the filesystems on Simple Hosting, our web hosting service, and the FreeBSD kernel includes an NFS server for just this purpose.</p>
27951 </blockquote>
27952
27953 <ul>
27954 <li>Problem</li>
27955 </ul>
27956
27957 <blockquote>
27958 <p>While migrating virtual disks of Simple Hosting instances from FR-SD2, we noticed high CPU load spikes on the new storage units.</p>
27959 </blockquote>
27960
27961 <p><hr></p>
27962
27963 <p>###<a href="https://www.softwaredevelopment.site/2019/02/what-makes-unix-special.html">What Makes Unix Special</a></p>
27964
27965 <blockquote>
27966 <p>Ever since Unix burst onto the scene within the early '70s, observers within the pc world have been fast to put in writing it off as a unusual working system designed by and for knowledgeable programmers. Regardless of their proclamations, Unix refuses to die. Means again in 1985, Stewart Cheifet puzzled if Unix would turn out to be the usual working system of the longer term on the PBS present “The Laptop Chronicles,” though MS-DOS was effectively in its heyday. In 2018, it is clear that Unix actually is the usual working system, not on desktop PCs, however on smartphones and tablets.</p>
27967 </blockquote>
27968
27969 <ul>
27970 <li>What Makes Unix Special?</li>
27971 </ul>
27972
27973 <blockquote>
27974 <p>It is also the usual system for net servers. The actual fact is, hundreds of thousands of individuals all over the world have interacted with Linux and Unix programs daily, most of whom have by no means written a line of code of their lives.<br>
27975 So what makes Unix so beloved by programmers and different techie sorts? Let’s check out a few of issues this working system has going for it. (For some background on Unix, try The Historical past of Unix: From Bell Labs to the iPhone.)</p>
27976 </blockquote>
27977
27978 <p><hr></p>
27979
27980 <p>##News Roundup<br>
27981 ###<a href="https://nanxiao.me/en/what-you-need-may-be-pipeline-unix-commands-only/">What you need may be “pipeline +Unix commands” only</a></p>
27982
27983 <blockquote>
27984 <p>I came across Taco Bell Programming recently, and think this article is worthy to read for every software engineer. The post mentions a scenario which you may consider to use Hadoop to solve but actually xargs may be a simpler and better choice. This reminds me a similar experience: last year a client wanted me to process a data file which has 5 million records. After some investigations, no novel technologies, a concise awk script (less than 10 lines) worked like a charm! What surprised me more is that awk is just a single-thread program, no nifty concurrency involved.<br>
27985 The IT field never lacks “new” technologies: cloud computing, big data, high concurrency, etc. However, the thinkings behind these “fancy” words may date back to the era when Unix arose. Unix command line tools are invaluable treasure. In many cases, picking the right components and using pipeline to glue them can satisfy your requirement perfectly. So spending some time in reviewing Unixcommand line manual instead of chasing state-of-the-art techniques exhaustedly, you may gain more.<br>
27986 BTW, if your data set can be disposed by an awk script, it should not be called “big data”.</p>
27987 </blockquote>
27988
27989 <ul>
27990 <li><a href="http://widgetsandshit.com/teddziuba/2010/10/taco-bell-programming.html">Taco Bell Programming</a></li>
27991 </ul>
27992
27993 <p><hr></p>
27994
27995 <p>###<a href="https://bofh.org.uk/2019/02/25/baking-with-emacs/">Running a bakery on Emacs and PostgreSQL</a></p>
27996
27997 <blockquote>
27998 <p>Just over a year ago now, I finally opened the bakery I’d been dreaming of for years. It’s been a big change in my life, from spending all my time sat in front of a computer, to spending most of it making actual stuff. And stuff that makes people happy, at that. It’s been a huge change, but I can’t think of a single job change that’s ever made me as happy as this one.<br>
27999 One of the big changes that came with going pro was that suddenly I was having to work out how much stuff I needed to mix to fill the orders I needed. On the face of it, this is really simple, just work out how much dough you need, then work out what quantities to mix to make that much dough. Easy. You can do it with a pencil and paper. Or, in traditional bakers’ fashion, by scrawling with your finger on a floured work bench.<br>
28000 And that’s how I coped for a few weeks early on. But I kept making mistakes, which makes for an inconsistent product (bread is very forgiving, you have to work quite hard to make something that isn’t bread, but consistency matters). I needed to automate.</p>
28001 </blockquote>
28002
28003 <p><hr></p>
28004
28005 <p>###<a href="https://medium.com/@nnja/the-ultimate-guide-to-memorable-tech-talks-e7c350778d4b">The Ultimate Guide To Memorable Tech Talks</a></p>
28006
28007 <blockquote>
28008 <p>Imagine this. You’re a woman in a male-dominated field. English is not your first language. Even though you’re confident in your engineering work, the thought of public speaking and being recorded for the world to see absolutely terrifies you.<br>
28009 That was me, five years ago. Since then, I’ve moved into a successful career in Developer Advocacy and spoken at dozens of technical events in the U.S. and worldwide.<br>
28010 I think everyone has the ability to deliver stellar conference talks, which is why I took the time to write this post.</p>
28011 </blockquote>
28012
28013 <ul>
28014 <li>The Ultimate Guide</li>
28015 <li>1: Introduction</li>
28016 <li>2: Choosing a Topic</li>
28017 <li>3: Writing a Conference Proposal (or CFP)</li>
28018 <li>4: Tools of the Trade</li>
28019 <li>5: Planning and Time Estimation</li>
28020 <li>6: Writing a Talk</li>
28021 <li>7: Practice and Delivery</li>
28022 </ul>
28023
28024 <p><hr></p>
28025
28026 <p>###<a href="https://people.mpi-sws.org/~druschel/publications/osdi16.pdf">Light-weight Contexts: An OS Abstraction for Safety and Performance (2016)</a></p>
28027
28028 <blockquote>
28029 <p>Abstract: “We introduce a new OS abstraction—light-weight con-texts (lwCs)—that provides independent units of protection, privilege, and execution state within a process. A process may include several lwCs, each with possibly different views of memory, file descriptors, and access capabilities. lwCs can be used to efficiently implement roll-back (process can return to a prior recorded state),isolated address spaces (lwCs within the process may have different views of memory, e.g., isolating sensitive data from network-facing components or isolating different user sessions), and privilege separation (in-process reference monitors can arbitrate and control access).<br>
28030 lwCs can be implemented efficiently: the overhead of a lwC is proportional to the amount of memory exclusive to the lwC; switching lwCs is quicker than switching kernel threads within the same process. We describe the lwC abstraction and API, and an implementation of lwCs within the FreeBSD 11.0 kernel. Finally, we present an evaluation of common usage patterns, including fast roll-back, session isolation, sensitive data isolation, and in-process reference monitoring, using Apache, nginx, PHP,and OpenSSL.”</p>
28031 </blockquote>
28032
28033 <p><hr></p>
28034
28035 <p>##Beastie Bits</p>
28036
28037 <ul>
28038 <li><a href="https://www.meetup.com/BSD-Users-Stockholm/events/259528492/">May 7th - BSD Users Stockholm Meetup #6 </a></li>
28039 <li><a href="https://lists.freebsd.org/pipermail/freebsd-virtualization/2019-February/007218.html">sysutils/docker-freebsd: Searching for people to help</a></li>
28040 <li><a href="https://twitter.com/midnightbsd/status/1104018684748677122">Cat Tax - Ever wonder what Midnight the cat was like?</a></li>
28041 <li><a href="https://dwheeler.com/essays/fixing-unix-linux-filenames.html">Fixing Unix/Linux/POSIX Filenames</a></li>
28042 <li><a href="https://chargen.one/h3artbl33d/metasploit-on-openbsd">Metasploit on OpenBSD</a></li>
28043 <li><a href="https://schmonz.com/2019/01/25/devopsdays-nyc-run-your-own-email-server/slides/#1">Run Your @wn Email Server! with NetBSD</a></li>
28044 <li><a href="http://johan.huldtgren.com/posts/2019/rdist">rdist(1)</a></li>
28045 <li><a href="https://joecmarshall.com/posts/book-writing-environment/">Writing a Book with Unix</a></li>
28046 <li><a href="https://neowaylabs.github.io/programming/unix-shell-for-data-scientists/">7 Unix Commands Every Data Scientist Should Know</a></li>
28047 <li><a href="https://blog.regehr.org/archives/1653">Explaining Code using ASCII Art</a></li>
28048 <li><a href="https://wiki.freebsd.org/Hackathon/201904">FreeBSD Aberdeen Hackathon</a></li>
28049 <li><a href="https://wiki.freebsd.org/Hackathon/201906">FreeBSD Vienna Hackathon</a></li>
28050 </ul>
28051
28052 <p><hr></p>
28053
28054 <p>##Feedback/Questions</p>
28055
28056 <ul>
28057 <li>
28058 <p>Mike - <a href="http://dpaste.com/2405MF1#wrap">FreeBSD Update and Erased EFI files</a></p>
28059 </li>
28060 <li>
28061 <p>Charles - <a href="http://dpaste.com/2WFTXR2#wrap">Volunteer work</a></p>
28062 </li>
28063 <li>
28064 <p>Jake - <a href="http://dpaste.com/1AA6C55">Bhyve Front Ends</a></p>
28065 </li>
28066 <li>
28067 <p>We’ve hit that point where we are running low on your questions, so if you have any questions rolling around in your head that you’ve not thought of to ask yet… send them in!</p>
28068 </li>
28069 </ul>
28070
28071 <p><hr></p>
28072
28073 <ul>
28074 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
28075 </ul>
28076
28077 <p><hr></p>
28078
28079 <video controls preload="metadata" style=" width:426px; height:240px;">
28080 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0291.mp4" type="video/mp4">
28081 Your browser does not support the HTML5 video tag.
28082 </video>]]>
28083 </itunes:summary>
28084 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+2Jmcr5Mf</fireside:playerURL>
28085 <fireside:playerEmbedCode>
28086 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+2Jmcr5Mf" width="740" height="200" frameborder="0" scrolling="no">]]>
28087 </fireside:playerEmbedCode>
28088 </item>
28089 <item>
28090 <title>290: Timestamped Notes</title>
28091 <link>https://www.bsdnow.tv/290</link>
28092 <guid isPermaLink="false">75bc6dda-ec5d-45fe-adf3-2afde9a7f099</guid>
28093 <pubDate>Thu, 21 Mar 2019 07:00:00 -0700</pubDate>
28094 <author>Allan Jude</author>
28095 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/75bc6dda-ec5d-45fe-adf3-2afde9a7f099.mp3" length="30199731" type="audio/mp3"/>
28096 <itunes:episodeType>full</itunes:episodeType>
28097 <itunes:author>Allan Jude</itunes:author>
28098 <itunes:subtitle>FreeBSD on Cavium ThunderX, looking at NetBSD as an OpenBSD user, taking time-stamped notes in vim, OpenBSD 6.5 has been tagged, FreeBSD and NetBSD in GSoC 2019, SecBSD: an UNIX-like OS for Hackers, and more.</itunes:subtitle>
28099 <itunes:duration>50:01</itunes:duration>
28100 <itunes:explicit>no</itunes:explicit>
28101 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
28102 <description>FreeBSD on Cavium ThunderX, looking at NetBSD as an OpenBSD user, taking time-stamped notes in vim, OpenBSD 6.5 has been tagged, FreeBSD and NetBSD in GSoC 2019, SecBSD: an UNIX-like OS for Hackers, and more.
28103 <p>##Headlines<br>
28104 ###<a href="https://eerielinux.wordpress.com/2019/02/25/armd-and-dangerous-freebsd-on-cavium-thunderx-aarch64/">ARM’d and dangerous: FreeBSD on Cavium ThunderX (aarch64)</a></p>
28105 <blockquote>
28106 <p>While I don’t remember for how many years I’ve had an interest in CPU architectures that could be an alternative to AMD64, I know pretty well when I started proposing to test 64-bit ARM at work. It was shortly after the disaster named Spectre / Meltdown that I first dug out server-class ARM hardware and asked whether we should get one such server and run some tests with it.<br>
28107 While the answer wasn’t a clear “no” it also wasn’t exactly “yes”. I tried again a few times over the course of 2018 and each time I presented some more points why I thought it might be a good thing to test this. But still I wasn’t able to get a positive answer. Finally in January 2019 year I got a definitive answer – and it was “yes, go ahead”! The fact that Amazon had just presented their Graviton ARM Processor may have helped the decision.</p>
28108 </blockquote>
28109 <hr>
28110 <p>###<a href="https://www.tumfatig.net/20190301/looking-at-netbsd-from-an-openbsd-user-perspective/">Looking at NetBSD from an OpenBSD user perspective</a></p>
28111 <blockquote>
28112 <p>I use to use NetBSD quite a lot. From 2.0 to 6.99. But for some reasons, I stopped using it about 2012, in favor of OpenBSD. Reading on the new 8 release, I wanted to see if all the things I didn’t like on NetBSD were gone. Here is a personal Pros / Cons list. No Troll, hopefully. Just trying to be objective.</p>
28113 </blockquote>
28114 <ul>
28115 <li>What I liked (pros)</li>
28116 <li>Things I didn’t like (cons)</li>
28117 <li>Conclusion</li>
28118 </ul>
28119 <blockquote>
28120 <p>So that was it. I didn’t spend more than 30 minutes of it. But I didn’t want to spend more time on it. I did stop using NetBSD because of the need to compile each and every packages ; it was in the early days of pkgin. I also didn’t like the way system maintenance was to be done. OpenBSD’s 6-months release seemed far more easy to manage. I still think NetBSD is a great OS. But I believe you have to spent more time on it than you would have to do with OpenBSD.<br>
28121 That said, I’ll keep using my Puffy OS.</p>
28122 </blockquote>
28123 <hr>
28124 <p>##News Roundup<br>
28125 <a href="https://www.codesections.com/blog/vim-timestamped/">Using Vim to take time-stamped notes</a></p>
28126 <blockquote>
28127 <p>I frequently find myself needing to take time-stamped notes. Specifically, I’ll be in a call, meeting, or interview and need to take notes that show how long it’s been since the meeting started.<br>
28128 My first thought was that there’s be a plugin to add time stamps, but a quick search didn’t turn anything up. However, I little digging did turn up the fact that vim has the built-in ability to tell time.<br>
28129 This means that writing a bit of vimscript to insert a time stamp is pretty easy. After a bit of fiddling, I came up with something that serves my needs, and I decided it might be useful enough to others to be worth sharing.</p>
28130 </blockquote>
28131 <ul>
28132 <li><a href="https://github.com/bsdjhb/meetings">John Baldwin’s notes on bhyve meetings</a></li>
28133 </ul>
28134 <hr>
28135 <p>###<a href="https://www.undeadly.org/cgi?action=article;sid=20190228062751">OpenBSD 6.5-beta has been tagged</a></p>
28136 <blockquote>
28137 <p>It’s that time of year again; Theo (deraadt@) has just tagged 6.5-beta. A good reminder for us all run an extra test install and see if your favorite port still works as you expect.</p>
28138 </blockquote>
28139 <p><code>CVSROOT: /cvs</code><br>
28140 <code>Module name: src</code><br>
28141 <code>Changes by: deraadt@cvs.openbsd.org 2019/02/26 15:24:41</code><br>
28142 <code></code><br>
28143 <code>Modified files:</code><br>
28144 <code>etc/root : root.mail</code><br>
28145 <code>share/mk : sys.mk</code><br>
28146 <code>sys/conf : newvers.sh</code><br>
28147 <code>sys/sys : ktrace.h param.h</code><br>
28148 <code>usr.bin/signify: signify.1</code><br>
28149 <code>sys/arch/macppc/stand/tbxidata: bsd.tbxi</code><br>
28150 <code></code><br>
28151 <code>Log message:</code><br>
28152 <code>crank to 6.5-beta</code><br>
28153 <code></code></p>
28154 <hr>
28155 <p>###<a href="https://blog.netbsd.org/tnf/entry/the_netbsd_foundation_participating_in">The NetBSD Foundation participating in Google Summer of Code 2019</a></p>
28156 <blockquote>
28157 <p>For the 4th year in a row and for the 13th time The NetBSD Foundation will participate in Google Summer of Code 2019!<br>
28158 If you are a student and would like to learn more about Google Summer of Code please go to the Google Summer of Code homepage.<br>
28159 You can find a list of projects in Google Summer of Code project proposals in the wiki.<br>
28160 Do not hesitate to get in touch with us via #netbsd-code IRC channel on Freenode and via NetBSD mailing lists!</p>
28161 </blockquote>
28162 <hr>
28163 <p>###<a href="https://discoverbsd.com/p/d83c2c66dc">SecBSD: an UNIX-like OS for Hackers</a></p>
28164 <blockquote>
28165 <p>SecBSD is an UNIX-like operating system focused on computer security based on OpenBSD. Designed for security testing, hacking and vulnerability assessment, it uses full disk encryption and ProtonVPN + OpenVPN by default.<br>
28166 A security BSD enviroment for security researchers, penetration testers, bug hunters and cybersecurity experts. Developed by Dark Intelligence Team for private use and will be public release coming soon.</p>
28167 </blockquote>
28168 <hr>
28169 <p>##Beastie Bits</p>
28170 <ul>
28171 <li><a href="https://why-openbsd.rocks/fact/">Why OpenBSD Rocks</a></li>
28172 <li><a href="http://www.etalabs.net/sh_tricks.html">Rich’s sh (POSIX shell) tricks</a></li>
28173 <li><a href="https://opensource.com/article/19/2/drinking-coffee-awk">Drinking coffee with AWK</a></li>
28174 <li><a href="https://github.com/AMEE/8XX-rfc">Civilisational HTTP Error Codes</a></li>
28175 <li><a href="https://www.midnightbsd.org/news/">MidnightBSD Roadmap</a></li>
28176 <li><a href="https://gist.github.com/murachue/531ed3ca201ab4155d22442272d92ed2#file-201902140007-txt">NetBSD on Nintendo64</a></li>
28177 <li><a href="https://nullprogram.com/blog/2018/09/20/">From Vimperator to Tridactyl</a></li>
28178 </ul>
28179 <hr>
28180 <p>##Feedback/Questions</p>
28181 <ul>
28182 <li>Russell - <a href="http://dpaste.com/3QRYM70#wrap">BSD Now Question :: ZFS &amp; FreeNAS</a></li>
28183 <li>Alan - <a href="http://dpaste.com/1KQZPN6">Tutorial, install ARM *BSD with no other BSD box pls</a></li>
28184 <li>Johnny - <a href="http://dpaste.com/2ZKRC2A">New section to add to the show</a></li>
28185 </ul>
28186 <hr>
28187 <ul>
28188 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
28189 </ul>
28190 <hr>
28191 <video controls preload="metadata" style=" width:426px; height:240px;">
28192 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0290.mp4" type="video/mp4">
28193 Your browser does not support the HTML5 video tag.
28194 </video>
28195 </description>
28196 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview</itunes:keywords>
28197 <content:encoded>
28198 <![CDATA[<p>FreeBSD on Cavium ThunderX, looking at NetBSD as an OpenBSD user, taking time-stamped notes in vim, OpenBSD 6.5 has been tagged, FreeBSD and NetBSD in GSoC 2019, SecBSD: an UNIX-like OS for Hackers, and more.</p>
28199
28200 <p>##Headlines<br>
28201 ###<a href="https://eerielinux.wordpress.com/2019/02/25/armd-and-dangerous-freebsd-on-cavium-thunderx-aarch64/">ARM’d and dangerous: FreeBSD on Cavium ThunderX (aarch64)</a></p>
28202
28203 <blockquote>
28204 <p>While I don’t remember for how many years I’ve had an interest in CPU architectures that could be an alternative to AMD64, I know pretty well when I started proposing to test 64-bit ARM at work. It was shortly after the disaster named Spectre / Meltdown that I first dug out server-class ARM hardware and asked whether we should get one such server and run some tests with it.<br>
28205 While the answer wasn’t a clear “no” it also wasn’t exactly “yes”. I tried again a few times over the course of 2018 and each time I presented some more points why I thought it might be a good thing to test this. But still I wasn’t able to get a positive answer. Finally in January 2019 year I got a definitive answer – and it was “yes, go ahead”! The fact that Amazon had just presented their Graviton ARM Processor may have helped the decision.</p>
28206 </blockquote>
28207
28208 <p><hr></p>
28209
28210 <p>###<a href="https://www.tumfatig.net/20190301/looking-at-netbsd-from-an-openbsd-user-perspective/">Looking at NetBSD from an OpenBSD user perspective</a></p>
28211
28212 <blockquote>
28213 <p>I use to use NetBSD quite a lot. From 2.0 to 6.99. But for some reasons, I stopped using it about 2012, in favor of OpenBSD. Reading on the new 8 release, I wanted to see if all the things I didn’t like on NetBSD were gone. Here is a personal Pros / Cons list. No Troll, hopefully. Just trying to be objective.</p>
28214 </blockquote>
28215
28216 <ul>
28217 <li>What I liked (pros)</li>
28218 <li>Things I didn’t like (cons)</li>
28219 <li>Conclusion</li>
28220 </ul>
28221
28222 <blockquote>
28223 <p>So that was it. I didn’t spend more than 30 minutes of it. But I didn’t want to spend more time on it. I did stop using NetBSD because of the need to compile each and every packages ; it was in the early days of pkgin. I also didn’t like the way system maintenance was to be done. OpenBSD’s 6-months release seemed far more easy to manage. I still think NetBSD is a great OS. But I believe you have to spent more time on it than you would have to do with OpenBSD.<br>
28224 That said, I’ll keep using my Puffy OS.</p>
28225 </blockquote>
28226
28227 <p><hr></p>
28228
28229 <p>##News Roundup<br>
28230 ###<a href="https://www.codesections.com/blog/vim-timestamped/">Using Vim to take time-stamped notes</a></p>
28231
28232 <blockquote>
28233 <p>I frequently find myself needing to take time-stamped notes. Specifically, I’ll be in a call, meeting, or interview and need to take notes that show how long it’s been since the meeting started.<br>
28234 My first thought was that there’s be a plugin to add time stamps, but a quick search didn’t turn anything up. However, I little digging did turn up the fact that vim has the built-in ability to tell time.<br>
28235 This means that writing a bit of vimscript to insert a time stamp is pretty easy. After a bit of fiddling, I came up with something that serves my needs, and I decided it might be useful enough to others to be worth sharing.</p>
28236 </blockquote>
28237
28238 <ul>
28239 <li><a href="https://github.com/bsdjhb/meetings">John Baldwin’s notes on bhyve meetings</a></li>
28240 </ul>
28241
28242 <p><hr></p>
28243
28244 <p>###<a href="https://www.undeadly.org/cgi?action=article;sid=20190228062751">OpenBSD 6.5-beta has been tagged</a></p>
28245
28246 <blockquote>
28247 <p>It’s that time of year again; Theo (deraadt@) has just tagged 6.5-beta. A good reminder for us all run an extra test install and see if your favorite port still works as you expect.</p>
28248 </blockquote>
28249
28250 <p><code>CVSROOT: /cvs</code><br>
28251 <code>Module name: src</code><br>
28252 <code>Changes by: deraadt@cvs.openbsd.org 2019/02/26 15:24:41</code><br>
28253 <code></code><br>
28254 <code>Modified files:</code><br>
28255 <code>etc/root : root.mail</code><br>
28256 <code>share/mk : sys.mk</code><br>
28257 <code>sys/conf : newvers.sh</code><br>
28258 <code>sys/sys : ktrace.h param.h</code><br>
28259 <code>usr.bin/signify: signify.1</code><br>
28260 <code>sys/arch/macppc/stand/tbxidata: bsd.tbxi</code><br>
28261 <code></code><br>
28262 <code>Log message:</code><br>
28263 <code>crank to 6.5-beta</code><br>
28264 <code></code></p>
28265
28266 <p><hr></p>
28267
28268 <p>###<a href="https://blog.netbsd.org/tnf/entry/the_netbsd_foundation_participating_in">The NetBSD Foundation participating in Google Summer of Code 2019</a></p>
28269
28270 <blockquote>
28271 <p>For the 4th year in a row and for the 13th time The NetBSD Foundation will participate in Google Summer of Code 2019!<br>
28272 If you are a student and would like to learn more about Google Summer of Code please go to the Google Summer of Code homepage.<br>
28273 You can find a list of projects in Google Summer of Code project proposals in the wiki.<br>
28274 Do not hesitate to get in touch with us via #netbsd-code IRC channel on Freenode and via NetBSD mailing lists!</p>
28275 </blockquote>
28276
28277 <p><hr></p>
28278
28279 <p>###<a href="https://discoverbsd.com/p/d83c2c66dc">SecBSD: an UNIX-like OS for Hackers</a></p>
28280
28281 <blockquote>
28282 <p>SecBSD is an UNIX-like operating system focused on computer security based on OpenBSD. Designed for security testing, hacking and vulnerability assessment, it uses full disk encryption and ProtonVPN + OpenVPN by default.<br>
28283 A security BSD enviroment for security researchers, penetration testers, bug hunters and cybersecurity experts. Developed by Dark Intelligence Team for private use and will be public release coming soon.</p>
28284 </blockquote>
28285
28286 <p><hr></p>
28287
28288 <p>##Beastie Bits</p>
28289
28290 <ul>
28291 <li><a href="https://why-openbsd.rocks/fact/">Why OpenBSD Rocks</a></li>
28292 <li><a href="http://www.etalabs.net/sh_tricks.html">Rich’s sh (POSIX shell) tricks</a></li>
28293 <li><a href="https://opensource.com/article/19/2/drinking-coffee-awk">Drinking coffee with AWK</a></li>
28294 <li><a href="https://github.com/AMEE/8XX-rfc">Civilisational HTTP Error Codes</a></li>
28295 <li><a href="https://www.midnightbsd.org/news/">MidnightBSD Roadmap</a></li>
28296 <li><a href="https://gist.github.com/murachue/531ed3ca201ab4155d22442272d92ed2#file-201902140007-txt">NetBSD on Nintendo64</a></li>
28297 <li><a href="https://nullprogram.com/blog/2018/09/20/">From Vimperator to Tridactyl</a></li>
28298 </ul>
28299
28300 <p><hr></p>
28301
28302 <p>##Feedback/Questions</p>
28303
28304 <ul>
28305 <li>Russell - <a href="http://dpaste.com/3QRYM70#wrap">BSD Now Question :: ZFS & FreeNAS</a></li>
28306 <li>Alan - <a href="http://dpaste.com/1KQZPN6">Tutorial, install ARM *BSD with no other BSD box pls</a></li>
28307 <li>Johnny - <a href="http://dpaste.com/2ZKRC2A">New section to add to the show</a></li>
28308 </ul>
28309
28310 <p><hr></p>
28311
28312 <ul>
28313 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
28314 </ul>
28315
28316 <p><hr></p>
28317
28318 <video controls preload="metadata" style=" width:426px; height:240px;">
28319 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0290.mp4" type="video/mp4">
28320 Your browser does not support the HTML5 video tag.
28321 </video>]]>
28322 </content:encoded>
28323 <itunes:summary>
28324 <![CDATA[<p>FreeBSD on Cavium ThunderX, looking at NetBSD as an OpenBSD user, taking time-stamped notes in vim, OpenBSD 6.5 has been tagged, FreeBSD and NetBSD in GSoC 2019, SecBSD: an UNIX-like OS for Hackers, and more.</p>
28325
28326 <p>##Headlines<br>
28327 ###<a href="https://eerielinux.wordpress.com/2019/02/25/armd-and-dangerous-freebsd-on-cavium-thunderx-aarch64/">ARM’d and dangerous: FreeBSD on Cavium ThunderX (aarch64)</a></p>
28328
28329 <blockquote>
28330 <p>While I don’t remember for how many years I’ve had an interest in CPU architectures that could be an alternative to AMD64, I know pretty well when I started proposing to test 64-bit ARM at work. It was shortly after the disaster named Spectre / Meltdown that I first dug out server-class ARM hardware and asked whether we should get one such server and run some tests with it.<br>
28331 While the answer wasn’t a clear “no” it also wasn’t exactly “yes”. I tried again a few times over the course of 2018 and each time I presented some more points why I thought it might be a good thing to test this. But still I wasn’t able to get a positive answer. Finally in January 2019 year I got a definitive answer – and it was “yes, go ahead”! The fact that Amazon had just presented their Graviton ARM Processor may have helped the decision.</p>
28332 </blockquote>
28333
28334 <p><hr></p>
28335
28336 <p>###<a href="https://www.tumfatig.net/20190301/looking-at-netbsd-from-an-openbsd-user-perspective/">Looking at NetBSD from an OpenBSD user perspective</a></p>
28337
28338 <blockquote>
28339 <p>I use to use NetBSD quite a lot. From 2.0 to 6.99. But for some reasons, I stopped using it about 2012, in favor of OpenBSD. Reading on the new 8 release, I wanted to see if all the things I didn’t like on NetBSD were gone. Here is a personal Pros / Cons list. No Troll, hopefully. Just trying to be objective.</p>
28340 </blockquote>
28341
28342 <ul>
28343 <li>What I liked (pros)</li>
28344 <li>Things I didn’t like (cons)</li>
28345 <li>Conclusion</li>
28346 </ul>
28347
28348 <blockquote>
28349 <p>So that was it. I didn’t spend more than 30 minutes of it. But I didn’t want to spend more time on it. I did stop using NetBSD because of the need to compile each and every packages ; it was in the early days of pkgin. I also didn’t like the way system maintenance was to be done. OpenBSD’s 6-months release seemed far more easy to manage. I still think NetBSD is a great OS. But I believe you have to spent more time on it than you would have to do with OpenBSD.<br>
28350 That said, I’ll keep using my Puffy OS.</p>
28351 </blockquote>
28352
28353 <p><hr></p>
28354
28355 <p>##News Roundup<br>
28356 ###<a href="https://www.codesections.com/blog/vim-timestamped/">Using Vim to take time-stamped notes</a></p>
28357
28358 <blockquote>
28359 <p>I frequently find myself needing to take time-stamped notes. Specifically, I’ll be in a call, meeting, or interview and need to take notes that show how long it’s been since the meeting started.<br>
28360 My first thought was that there’s be a plugin to add time stamps, but a quick search didn’t turn anything up. However, I little digging did turn up the fact that vim has the built-in ability to tell time.<br>
28361 This means that writing a bit of vimscript to insert a time stamp is pretty easy. After a bit of fiddling, I came up with something that serves my needs, and I decided it might be useful enough to others to be worth sharing.</p>
28362 </blockquote>
28363
28364 <ul>
28365 <li><a href="https://github.com/bsdjhb/meetings">John Baldwin’s notes on bhyve meetings</a></li>
28366 </ul>
28367
28368 <p><hr></p>
28369
28370 <p>###<a href="https://www.undeadly.org/cgi?action=article;sid=20190228062751">OpenBSD 6.5-beta has been tagged</a></p>
28371
28372 <blockquote>
28373 <p>It’s that time of year again; Theo (deraadt@) has just tagged 6.5-beta. A good reminder for us all run an extra test install and see if your favorite port still works as you expect.</p>
28374 </blockquote>
28375
28376 <p><code>CVSROOT: /cvs</code><br>
28377 <code>Module name: src</code><br>
28378 <code>Changes by: deraadt@cvs.openbsd.org 2019/02/26 15:24:41</code><br>
28379 <code></code><br>
28380 <code>Modified files:</code><br>
28381 <code>etc/root : root.mail</code><br>
28382 <code>share/mk : sys.mk</code><br>
28383 <code>sys/conf : newvers.sh</code><br>
28384 <code>sys/sys : ktrace.h param.h</code><br>
28385 <code>usr.bin/signify: signify.1</code><br>
28386 <code>sys/arch/macppc/stand/tbxidata: bsd.tbxi</code><br>
28387 <code></code><br>
28388 <code>Log message:</code><br>
28389 <code>crank to 6.5-beta</code><br>
28390 <code></code></p>
28391
28392 <p><hr></p>
28393
28394 <p>###<a href="https://blog.netbsd.org/tnf/entry/the_netbsd_foundation_participating_in">The NetBSD Foundation participating in Google Summer of Code 2019</a></p>
28395
28396 <blockquote>
28397 <p>For the 4th year in a row and for the 13th time The NetBSD Foundation will participate in Google Summer of Code 2019!<br>
28398 If you are a student and would like to learn more about Google Summer of Code please go to the Google Summer of Code homepage.<br>
28399 You can find a list of projects in Google Summer of Code project proposals in the wiki.<br>
28400 Do not hesitate to get in touch with us via #netbsd-code IRC channel on Freenode and via NetBSD mailing lists!</p>
28401 </blockquote>
28402
28403 <p><hr></p>
28404
28405 <p>###<a href="https://discoverbsd.com/p/d83c2c66dc">SecBSD: an UNIX-like OS for Hackers</a></p>
28406
28407 <blockquote>
28408 <p>SecBSD is an UNIX-like operating system focused on computer security based on OpenBSD. Designed for security testing, hacking and vulnerability assessment, it uses full disk encryption and ProtonVPN + OpenVPN by default.<br>
28409 A security BSD enviroment for security researchers, penetration testers, bug hunters and cybersecurity experts. Developed by Dark Intelligence Team for private use and will be public release coming soon.</p>
28410 </blockquote>
28411
28412 <p><hr></p>
28413
28414 <p>##Beastie Bits</p>
28415
28416 <ul>
28417 <li><a href="https://why-openbsd.rocks/fact/">Why OpenBSD Rocks</a></li>
28418 <li><a href="http://www.etalabs.net/sh_tricks.html">Rich’s sh (POSIX shell) tricks</a></li>
28419 <li><a href="https://opensource.com/article/19/2/drinking-coffee-awk">Drinking coffee with AWK</a></li>
28420 <li><a href="https://github.com/AMEE/8XX-rfc">Civilisational HTTP Error Codes</a></li>
28421 <li><a href="https://www.midnightbsd.org/news/">MidnightBSD Roadmap</a></li>
28422 <li><a href="https://gist.github.com/murachue/531ed3ca201ab4155d22442272d92ed2#file-201902140007-txt">NetBSD on Nintendo64</a></li>
28423 <li><a href="https://nullprogram.com/blog/2018/09/20/">From Vimperator to Tridactyl</a></li>
28424 </ul>
28425
28426 <p><hr></p>
28427
28428 <p>##Feedback/Questions</p>
28429
28430 <ul>
28431 <li>Russell - <a href="http://dpaste.com/3QRYM70#wrap">BSD Now Question :: ZFS & FreeNAS</a></li>
28432 <li>Alan - <a href="http://dpaste.com/1KQZPN6">Tutorial, install ARM *BSD with no other BSD box pls</a></li>
28433 <li>Johnny - <a href="http://dpaste.com/2ZKRC2A">New section to add to the show</a></li>
28434 </ul>
28435
28436 <p><hr></p>
28437
28438 <ul>
28439 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
28440 </ul>
28441
28442 <p><hr></p>
28443
28444 <video controls preload="metadata" style=" width:426px; height:240px;">
28445 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0290.mp4" type="video/mp4">
28446 Your browser does not support the HTML5 video tag.
28447 </video>]]>
28448 </itunes:summary>
28449 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+niMeApJM</fireside:playerURL>
28450 <fireside:playerEmbedCode>
28451 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+niMeApJM" width="740" height="200" frameborder="0" scrolling="no">]]>
28452 </fireside:playerEmbedCode>
28453 </item>
28454 <item>
28455 <title>289: Microkernel Failure</title>
28456 <link>https://www.bsdnow.tv/289</link>
28457 <guid isPermaLink="false">eb6d59df-4b39-453b-93ca-18a6934e4e16</guid>
28458 <pubDate>Thu, 14 Mar 2019 16:00:00 -0700</pubDate>
28459 <author>Allan Jude</author>
28460 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/eb6d59df-4b39-453b-93ca-18a6934e4e16.mp3" length="36815600" type="audio/mp3"/>
28461 <itunes:episodeType>full</itunes:episodeType>
28462 <itunes:author>Allan Jude</itunes:author>
28463 <itunes:subtitle>A kernel of failure, IPv6 fragmentation vulnerability in OpenBSD’s pf, a guide to the terminal, using a Yubikey for SSH public key authentication, FreeBSD desktop series, and more. </itunes:subtitle>
28464 <itunes:duration>1:01:03</itunes:duration>
28465 <itunes:explicit>no</itunes:explicit>
28466 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
28467 <description>A kernel of failure, IPv6 fragmentation vulnerability in OpenBSD’s pf, a guide to the terminal, using a Yubikey for SSH public key authentication, FreeBSD desktop series, and more.
28468 <p>##Headlines</p>
28469 <p>###<a href="https://tedium.co/2019/02/28/ibm-workplace-os-taligent-history/">A Kernel Of Failure -<br>
28470 How IBM bet big on the microkernel being the next big thing in operating systems back in the ’90s—and spent billions with little to show for it.</a></p>
28471 <blockquote>
28472 <p>Today in Tedium: In the early 1990s, we had no idea where the computer industry was going, what the next generation would look like, or even what the driving factor would be. All the developers back then knew is that the operating systems available in server rooms or on desktop computers simply weren’t good enough, and that the next generation needed to be better—a lot better. This was easier said than done, but this problem for some reason seemed to rack the brains of one company more than any other: IBM. Throughout the decade, the company was associated with more overwrought thinking about operating systems than any other, with little to show for it in the end. The problem? It might have gotten caught up in kernel madness. Today’s Tedium explains IBM’s odd operating system fixation, and the belly flops it created.</p>
28473 </blockquote>
28474 <hr>
28475 <p>###<a href="https://www.synacktiv.com/ressources/Synacktiv_OpenBSD_PacketFilter_CVE-2019-5597_ipv6_frag.pdf">CVE-2019-5597IPv6 fragmentation vulnerability in OpenBSD Packet Filter</a></p>
28476 <blockquote>
28477 <p>Packet Filter is OpenBSD’s service for filtering network traffic and performing Network Address Translation. Packet Filter is also capable of normalizing and conditioning TCP/IP traffic, as well as providing bandwidth control and packet prioritization.<br>
28478 Packet Filter has been a part of the GENERIC kernel since OpenBSD 5.0.Because other BSD variants import part of OpenBSD code, Packet Filter is also shipped with at least the following distributions that are affected in a lesser extent: FreeBSD, pfSense, OPNSense, Solaris.</p>
28479 </blockquote>
28480 <blockquote>
28481 <p>Note that other distributions may also contain Packet Filter but due to the imported version they might not be vulnerable. This advisory covers the latest OpenBSD’s Packet Filter. For specific details about other distributions, please refer to the advisory of the affected product.</p>
28482 </blockquote>
28483 <ul>
28484 <li>Kristof Provost, who maintains the port of pf in FreeBSD added a <a href="https://svnweb.freebsd.org/base?view=revision&amp;revision=344793">test for the vulnerability in FreeBSD head</a>.</li>
28485 </ul>
28486 <hr>
28487 <p>##News Roundup<br>
28488 <a href="https://www.lucasfcosta.com/2019/02/10/terminal-guide-2019.html">How I’m still not using GUIs in 2019: A guide to the terminal</a></p>
28489 <blockquote>
28490 <p>TL;DR: Here are my dotfiles. Use them and have fun.</p>
28491 </blockquote>
28492 <blockquote>
28493 <p>GUIs are bloatware. I’ve said it before. However, rather than just complaining about IDEs I’d like to provide an understandable guide to a much better alternative: the terminal.<br>
28494 IDE stands for Integrated Development Environment. This might be an accurate term, but when it comes to a real integrated development environment, the terminal is a lot better.<br>
28495 In this post, I’ll walk you through everything you need to start making your terminal a complete development environment: how to edit text efficiently, configure its appearance, run and combine a myriad of programs, and dynamically create, resize and close tabs and windows.</p>
28496 </blockquote>
28497 <ul>
28498 <li>Don’t forget rule number one.</li>
28499 </ul>
28500 <blockquote>
28501 <p>Whenever in doubt, read the manual.</p>
28502 </blockquote>
28503 <hr>
28504 <p>###<a href="https://undeadly.org/cgi?action=article;sid=20190302235509">Using a Yubikey as smartcard for SSH public key authentication</a></p>
28505 <blockquote>
28506 <p>SSH is an awesome tool. Logging into other machines securely is so pervasive to us sysadmins nowadays that few of us think about what’s going on underneath. Even more so once you start using the more advanced features such as the ssh-agent, agent-forwarding and ProxyJump. When doing so, care must be taken in order to not compromise one’s logins or ssh keys.<br>
28507 You might have heard of Yubikeys.<br>
28508 These are USB authentication devices that support several different modes: they can be used for OTP (One Time Password) authentication, they can store OpenPGP keys, be a 2-factor authentication token and they can act as a SmartCard.<br>
28509 In OpenBSD, you can use them for Login (with loginyubikey(8)) with OTP since 2012, and there are many descriptions available(1) how to set this up.</p>
28510 </blockquote>
28511 <hr>
28512 <p>###The 18 Part FreeBSD Desktop Series by Vermaden</p>
28513 <ul>
28514 <li><a href="https://vermaden.wordpress.com/2018/03/29/freebsd-desktop-part-1-simplified-boot/">FreeBSD Desktop – Part 1 – Simplified Boot</a></li>
28515 <li><a href="https://vermaden.wordpress.com/2018/04/11/freebsd-desktop-part-2-install/">FreeBSD Desktop – Part 2 – Install (FreeBSD 11)</a></li>
28516 <li><a href="https://vermaden.wordpress.com/2018/11/20/freebsd-desktop-part-2-1-install-freebsd-12/">FreeBSD Desktop – Part 2.1 – Install FreeBSD 12</a></li>
28517 <li><a href="https://vermaden.wordpress.com/2018/05/22/freebsd-desktop-part-3-x11-window-system/">FreeBSD Desktop – Part 3 – X11 Window System</a></li>
28518 <li><a href="https://vermaden.wordpress.com/2018/06/15/freebsd-desktop-part-4-key-components-window-manager/">FreeBSD Desktop – Part 4 – Key Components – Window Manager</a></li>
28519 <li><a href="https://vermaden.wordpress.com/2018/06/16/freebsd-desktop-part-5-key-components-status-bar/">FreeBSD Desktop – Part 5 – Key Components – Status Bar</a></li>
28520 <li><a href="https://vermaden.wordpress.com/2018/06/21/freebsd-desktop-part-6-key-components-task-bar/">FreeBSD Desktop – Part 6 – Key Components – Task Bar</a></li>
28521 <li><a href="https://vermaden.wordpress.com/2018/06/21/freebsd-desktop-part-7-key-components-wallpaper-handling/">FreeBSD Desktop – Part 7 – Key Components – Wallpaper Handling</a></li>
28522 <li><a href="https://vermaden.wordpress.com/2018/06/21/freebsd-desktop-part-8-key-components-application-launcher/">FreeBSD Desktop – Part 8 – Key Components – Application Launcher</a></li>
28523 <li><a href="https://vermaden.wordpress.com/2018/06/22/freebsd-desktop-part-9-key-components-keyboard-mouse-shortcuts/">FreeBSD Desktop – Part 9 – Key Components – Keyboard/Mouse Shortcuts</a></li>
28524 <li><a href="https://vermaden.wordpress.com/2018/06/23/freebsd-desktop-part-10-key-components-locking-solution/">FreeBSD Desktop – Part 10 – Key Components – Locking Solution</a></li>
28525 <li><a href="https://vermaden.wordpress.com/2018/06/28/freebsd-desktop-part-11-key-components-blue-light-spectrum-suppress/">FreeBSD Desktop – Part 11 – Key Components – Blue Light Spectrum Suppress</a></li>
28526 <li><a href="https://vermaden.wordpress.com/2018/07/01/freebsd-desktop-part-12-configuration-openbox/">FreeBSD Desktop – Part 12 – Configuration – Openbox</a></li>
28527 <li><a href="https://vermaden.wordpress.com/2018/07/05/freebsd-desktop-part-13-configuration-dzen2/">FreeBSD Desktop – Part 13 – Configuration – Dzen2</a></li>
28528 <li><a href="https://vermaden.wordpress.com/2018/07/11/freebsd-desktop-part-14-configuration-tint2/">FreeBSD Desktop – Part 14 – Configuration – Tint2</a></li>
28529 <li><a href="https://vermaden.wordpress.com/2018/08/18/freebsd-desktop-part-15-configuration-fonts-frameworks/">FreeBSD Desktop – Part 15 – Configuration – Fonts &amp; Frameworks</a></li>
28530 <li><a href="https://vermaden.wordpress.com/2018/09/19/freebsd-desktop-part-16-configuration-pause-any-application/">FreeBSD Desktop – Part 16 – Configuration – Pause Any Application</a></li>
28531 <li><a href="https://vermaden.wordpress.com/2018/10/11/freebsd-desktop-part-17-automount-removable-media/">FreeBSD Desktop – Part 17 – Automount Removable Media</a></li>
28532 </ul>
28533 <hr>
28534 <p>##Beastie Bits</p>
28535 <ul>
28536 <li><a href="https://dataswamp.org/~solene/2019-02-18-drist-1.04.html">Drist with persistent SSH</a></li>
28537 <li><a href="https://meetings.aaas.org/arpanet-livestream/">ARPANET: Celebrating 50 Years Since “LO”</a></li>
28538 <li><a href="http://nuclear.mutantstargoat.com/sw/termtris/">Termtris - a tetris game for ANSI/VT220 terminals</a></li>
28539 <li><a href="https://github.com/billziss-gh/pmci">Poor Man’s CI - Hosted CI for BSD with shell scripting and duct tape</a></li>
28540 <li><a href="http://yeokhengmeng.com/2018/07/why-i-use-the-ibm-model-m-keyboard-that-is-older-than-me/">Why I use the IBM Model M keyboard that is older than me?</a></li>
28541 <li><a href="https://www.openbsd.org/papers/florianslaacd_bsdcan2018.pdf">A privilege separated and sandboxed IPv6 Stateless Address AutoConfiguration Daemon</a></li>
28542 <li><a href="https://niftylettuce.com/posts/google-free-android-setup/#google-free-android-setup">Google-free Android Setup</a></li>
28543 <li><a href="https://www.meetup.com/BSD-Users-Stockholm/events/259528492/">BSD Users Stockholm Meetup #6</a></li>
28544 </ul>
28545 <hr>
28546 <p>##Feedback/Questions</p>
28547 <ul>
28548 <li>Sijmen - <a href="http://dpaste.com/1K3ZXB2#wrap">Hi, and a Sunday afternoon toy project</a></li>
28549 <li>Clint - <a href="http://dpaste.com/24QF6J1">Tuning ZFS for NVME</a></li>
28550 <li>James - <a href="http://dpaste.com/04SDXH9">Show question</a></li>
28551 </ul>
28552 <hr>
28553 <ul>
28554 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
28555 </ul>
28556 <hr>
28557 <video controls preload="metadata" style=" width:426px; height:240px;">
28558 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0289.mp4" type="video/mp4">
28559 Your browser does not support the HTML5 video tag.
28560 </video>
28561 </description>
28562 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview</itunes:keywords>
28563 <content:encoded>
28564 <![CDATA[<p>A kernel of failure, IPv6 fragmentation vulnerability in OpenBSD’s pf, a guide to the terminal, using a Yubikey for SSH public key authentication, FreeBSD desktop series, and more. </p>
28565
28566 <p>##Headlines</p>
28567
28568 <p>###<a href="https://tedium.co/2019/02/28/ibm-workplace-os-taligent-history/">A Kernel Of Failure -<br>
28569 How IBM bet big on the microkernel being the next big thing in operating systems back in the ’90s—and spent billions with little to show for it.</a></p>
28570
28571 <blockquote>
28572 <p>Today in Tedium: In the early 1990s, we had no idea where the computer industry was going, what the next generation would look like, or even what the driving factor would be. All the developers back then knew is that the operating systems available in server rooms or on desktop computers simply weren’t good enough, and that the next generation needed to be better—a lot better. This was easier said than done, but this problem for some reason seemed to rack the brains of one company more than any other: IBM. Throughout the decade, the company was associated with more overwrought thinking about operating systems than any other, with little to show for it in the end. The problem? It might have gotten caught up in kernel madness. Today’s Tedium explains IBM’s odd operating system fixation, and the belly flops it created.</p>
28573 </blockquote>
28574
28575 <p><hr></p>
28576
28577 <p>###<a href="https://www.synacktiv.com/ressources/Synacktiv_OpenBSD_PacketFilter_CVE-2019-5597_ipv6_frag.pdf">CVE-2019-5597IPv6 fragmentation vulnerability in OpenBSD Packet Filter</a></p>
28578
28579 <blockquote>
28580 <p>Packet Filter is OpenBSD’s service for filtering network traffic and performing Network Address Translation. Packet Filter is also capable of normalizing and conditioning TCP/IP traffic, as well as providing bandwidth control and packet prioritization.<br>
28581 Packet Filter has been a part of the GENERIC kernel since OpenBSD 5.0.Because other BSD variants import part of OpenBSD code, Packet Filter is also shipped with at least the following distributions that are affected in a lesser extent: FreeBSD, pfSense, OPNSense, Solaris.</p>
28582 </blockquote>
28583
28584 <blockquote>
28585 <p>Note that other distributions may also contain Packet Filter but due to the imported version they might not be vulnerable. This advisory covers the latest OpenBSD’s Packet Filter. For specific details about other distributions, please refer to the advisory of the affected product.</p>
28586 </blockquote>
28587
28588 <ul>
28589 <li>Kristof Provost, who maintains the port of pf in FreeBSD added a <a href="https://svnweb.freebsd.org/base?view=revision&revision=344793">test for the vulnerability in FreeBSD head</a>.</li>
28590 </ul>
28591
28592 <p><hr></p>
28593
28594 <p>##News Roundup<br>
28595 ###<a href="https://www.lucasfcosta.com/2019/02/10/terminal-guide-2019.html">How I’m still not using GUIs in 2019: A guide to the terminal</a></p>
28596
28597 <blockquote>
28598 <p>TL;DR: Here are my dotfiles. Use them and have fun.</p>
28599 </blockquote>
28600
28601 <blockquote>
28602 <p>GUIs are bloatware. I’ve said it before. However, rather than just complaining about IDEs I’d like to provide an understandable guide to a much better alternative: the terminal.<br>
28603 IDE stands for Integrated Development Environment. This might be an accurate term, but when it comes to a real integrated development environment, the terminal is a lot better.<br>
28604 In this post, I’ll walk you through everything you need to start making your terminal a complete development environment: how to edit text efficiently, configure its appearance, run and combine a myriad of programs, and dynamically create, resize and close tabs and windows.</p>
28605 </blockquote>
28606
28607 <ul>
28608 <li>Don’t forget rule number one.</li>
28609 </ul>
28610
28611 <blockquote>
28612 <p>Whenever in doubt, read the manual.</p>
28613 </blockquote>
28614
28615 <p><hr></p>
28616
28617 <p>###<a href="https://undeadly.org/cgi?action=article;sid=20190302235509">Using a Yubikey as smartcard for SSH public key authentication</a></p>
28618
28619 <blockquote>
28620 <p>SSH is an awesome tool. Logging into other machines securely is so pervasive to us sysadmins nowadays that few of us think about what’s going on underneath. Even more so once you start using the more advanced features such as the ssh-agent, agent-forwarding and ProxyJump. When doing so, care must be taken in order to not compromise one’s logins or ssh keys.<br>
28621 You might have heard of Yubikeys.<br>
28622 These are USB authentication devices that support several different modes: they can be used for OTP (One Time Password) authentication, they can store OpenPGP keys, be a 2-factor authentication token and they can act as a SmartCard.<br>
28623 In OpenBSD, you can use them for Login (with login_yubikey(8)) with OTP since 2012, and there are many descriptions available(1) how to set this up.</p>
28624 </blockquote>
28625
28626 <p><hr></p>
28627
28628 <p>###The 18 Part FreeBSD Desktop Series by Vermaden</p>
28629
28630 <ul>
28631 <li><a href="https://vermaden.wordpress.com/2018/03/29/freebsd-desktop-part-1-simplified-boot/">FreeBSD Desktop – Part 1 – Simplified Boot</a></li>
28632 <li><a href="https://vermaden.wordpress.com/2018/04/11/freebsd-desktop-part-2-install/">FreeBSD Desktop – Part 2 – Install (FreeBSD 11)</a></li>
28633 <li><a href="https://vermaden.wordpress.com/2018/11/20/freebsd-desktop-part-2-1-install-freebsd-12/">FreeBSD Desktop – Part 2.1 – Install FreeBSD 12</a></li>
28634 <li><a href="https://vermaden.wordpress.com/2018/05/22/freebsd-desktop-part-3-x11-window-system/">FreeBSD Desktop – Part 3 – X11 Window System</a></li>
28635 <li><a href="https://vermaden.wordpress.com/2018/06/15/freebsd-desktop-part-4-key-components-window-manager/">FreeBSD Desktop – Part 4 – Key Components – Window Manager</a></li>
28636 <li><a href="https://vermaden.wordpress.com/2018/06/16/freebsd-desktop-part-5-key-components-status-bar/">FreeBSD Desktop – Part 5 – Key Components – Status Bar</a></li>
28637 <li><a href="https://vermaden.wordpress.com/2018/06/21/freebsd-desktop-part-6-key-components-task-bar/">FreeBSD Desktop – Part 6 – Key Components – Task Bar</a></li>
28638 <li><a href="https://vermaden.wordpress.com/2018/06/21/freebsd-desktop-part-7-key-components-wallpaper-handling/">FreeBSD Desktop – Part 7 – Key Components – Wallpaper Handling</a></li>
28639 <li><a href="https://vermaden.wordpress.com/2018/06/21/freebsd-desktop-part-8-key-components-application-launcher/">FreeBSD Desktop – Part 8 – Key Components – Application Launcher</a></li>
28640 <li><a href="https://vermaden.wordpress.com/2018/06/22/freebsd-desktop-part-9-key-components-keyboard-mouse-shortcuts/">FreeBSD Desktop – Part 9 – Key Components – Keyboard/Mouse Shortcuts</a></li>
28641 <li><a href="https://vermaden.wordpress.com/2018/06/23/freebsd-desktop-part-10-key-components-locking-solution/">FreeBSD Desktop – Part 10 – Key Components – Locking Solution</a></li>
28642 <li><a href="https://vermaden.wordpress.com/2018/06/28/freebsd-desktop-part-11-key-components-blue-light-spectrum-suppress/">FreeBSD Desktop – Part 11 – Key Components – Blue Light Spectrum Suppress</a></li>
28643 <li><a href="https://vermaden.wordpress.com/2018/07/01/freebsd-desktop-part-12-configuration-openbox/">FreeBSD Desktop – Part 12 – Configuration – Openbox</a></li>
28644 <li><a href="https://vermaden.wordpress.com/2018/07/05/freebsd-desktop-part-13-configuration-dzen2/">FreeBSD Desktop – Part 13 – Configuration – Dzen2</a></li>
28645 <li><a href="https://vermaden.wordpress.com/2018/07/11/freebsd-desktop-part-14-configuration-tint2/">FreeBSD Desktop – Part 14 – Configuration – Tint2</a></li>
28646 <li><a href="https://vermaden.wordpress.com/2018/08/18/freebsd-desktop-part-15-configuration-fonts-frameworks/">FreeBSD Desktop – Part 15 – Configuration – Fonts & Frameworks</a></li>
28647 <li><a href="https://vermaden.wordpress.com/2018/09/19/freebsd-desktop-part-16-configuration-pause-any-application/">FreeBSD Desktop – Part 16 – Configuration – Pause Any Application</a></li>
28648 <li><a href="https://vermaden.wordpress.com/2018/10/11/freebsd-desktop-part-17-automount-removable-media/">FreeBSD Desktop – Part 17 – Automount Removable Media</a></li>
28649 </ul>
28650
28651 <p><hr></p>
28652
28653 <p>##Beastie Bits</p>
28654
28655 <ul>
28656 <li><a href="https://dataswamp.org/~solene/2019-02-18-drist-1.04.html">Drist with persistent SSH</a></li>
28657 <li><a href="https://meetings.aaas.org/arpanet-livestream/">ARPANET: Celebrating 50 Years Since “LO”</a></li>
28658 <li><a href="http://nuclear.mutantstargoat.com/sw/termtris/">Termtris - a tetris game for ANSI/VT220 terminals</a></li>
28659 <li><a href="https://github.com/billziss-gh/pmci">Poor Man’s CI - Hosted CI for BSD with shell scripting and duct tape</a></li>
28660 <li><a href="http://yeokhengmeng.com/2018/07/why-i-use-the-ibm-model-m-keyboard-that-is-older-than-me/">Why I use the IBM Model M keyboard that is older than me?</a></li>
28661 <li><a href="https://www.openbsd.org/papers/florian_slaacd_bsdcan2018.pdf">A privilege separated and sandboxed IPv6 Stateless Address AutoConfiguration Daemon</a></li>
28662 <li><a href="https://niftylettuce.com/posts/google-free-android-setup/#google-free-android-setup">Google-free Android Setup</a></li>
28663 <li><a href="https://www.meetup.com/BSD-Users-Stockholm/events/259528492/">BSD Users Stockholm Meetup #6</a></li>
28664 </ul>
28665
28666 <p><hr></p>
28667
28668 <p>##Feedback/Questions</p>
28669
28670 <ul>
28671 <li>Sijmen - <a href="http://dpaste.com/1K3ZXB2#wrap">Hi, and a Sunday afternoon toy project</a></li>
28672 <li>Clint - <a href="http://dpaste.com/24QF6J1">Tuning ZFS for NVME</a></li>
28673 <li>James - <a href="http://dpaste.com/04SDXH9">Show question</a></li>
28674 </ul>
28675
28676 <p><hr></p>
28677
28678 <ul>
28679 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
28680 </ul>
28681
28682 <p><hr></p>
28683
28684 <video controls preload="metadata" style=" width:426px; height:240px;">
28685 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0289.mp4" type="video/mp4">
28686 Your browser does not support the HTML5 video tag.
28687 </video>]]>
28688 </content:encoded>
28689 <itunes:summary>
28690 <![CDATA[<p>A kernel of failure, IPv6 fragmentation vulnerability in OpenBSD’s pf, a guide to the terminal, using a Yubikey for SSH public key authentication, FreeBSD desktop series, and more. </p>
28691
28692 <p>##Headlines</p>
28693
28694 <p>###<a href="https://tedium.co/2019/02/28/ibm-workplace-os-taligent-history/">A Kernel Of Failure -<br>
28695 How IBM bet big on the microkernel being the next big thing in operating systems back in the ’90s—and spent billions with little to show for it.</a></p>
28696
28697 <blockquote>
28698 <p>Today in Tedium: In the early 1990s, we had no idea where the computer industry was going, what the next generation would look like, or even what the driving factor would be. All the developers back then knew is that the operating systems available in server rooms or on desktop computers simply weren’t good enough, and that the next generation needed to be better—a lot better. This was easier said than done, but this problem for some reason seemed to rack the brains of one company more than any other: IBM. Throughout the decade, the company was associated with more overwrought thinking about operating systems than any other, with little to show for it in the end. The problem? It might have gotten caught up in kernel madness. Today’s Tedium explains IBM’s odd operating system fixation, and the belly flops it created.</p>
28699 </blockquote>
28700
28701 <p><hr></p>
28702
28703 <p>###<a href="https://www.synacktiv.com/ressources/Synacktiv_OpenBSD_PacketFilter_CVE-2019-5597_ipv6_frag.pdf">CVE-2019-5597IPv6 fragmentation vulnerability in OpenBSD Packet Filter</a></p>
28704
28705 <blockquote>
28706 <p>Packet Filter is OpenBSD’s service for filtering network traffic and performing Network Address Translation. Packet Filter is also capable of normalizing and conditioning TCP/IP traffic, as well as providing bandwidth control and packet prioritization.<br>
28707 Packet Filter has been a part of the GENERIC kernel since OpenBSD 5.0.Because other BSD variants import part of OpenBSD code, Packet Filter is also shipped with at least the following distributions that are affected in a lesser extent: FreeBSD, pfSense, OPNSense, Solaris.</p>
28708 </blockquote>
28709
28710 <blockquote>
28711 <p>Note that other distributions may also contain Packet Filter but due to the imported version they might not be vulnerable. This advisory covers the latest OpenBSD’s Packet Filter. For specific details about other distributions, please refer to the advisory of the affected product.</p>
28712 </blockquote>
28713
28714 <ul>
28715 <li>Kristof Provost, who maintains the port of pf in FreeBSD added a <a href="https://svnweb.freebsd.org/base?view=revision&revision=344793">test for the vulnerability in FreeBSD head</a>.</li>
28716 </ul>
28717
28718 <p><hr></p>
28719
28720 <p>##News Roundup<br>
28721 ###<a href="https://www.lucasfcosta.com/2019/02/10/terminal-guide-2019.html">How I’m still not using GUIs in 2019: A guide to the terminal</a></p>
28722
28723 <blockquote>
28724 <p>TL;DR: Here are my dotfiles. Use them and have fun.</p>
28725 </blockquote>
28726
28727 <blockquote>
28728 <p>GUIs are bloatware. I’ve said it before. However, rather than just complaining about IDEs I’d like to provide an understandable guide to a much better alternative: the terminal.<br>
28729 IDE stands for Integrated Development Environment. This might be an accurate term, but when it comes to a real integrated development environment, the terminal is a lot better.<br>
28730 In this post, I’ll walk you through everything you need to start making your terminal a complete development environment: how to edit text efficiently, configure its appearance, run and combine a myriad of programs, and dynamically create, resize and close tabs and windows.</p>
28731 </blockquote>
28732
28733 <ul>
28734 <li>Don’t forget rule number one.</li>
28735 </ul>
28736
28737 <blockquote>
28738 <p>Whenever in doubt, read the manual.</p>
28739 </blockquote>
28740
28741 <p><hr></p>
28742
28743 <p>###<a href="https://undeadly.org/cgi?action=article;sid=20190302235509">Using a Yubikey as smartcard for SSH public key authentication</a></p>
28744
28745 <blockquote>
28746 <p>SSH is an awesome tool. Logging into other machines securely is so pervasive to us sysadmins nowadays that few of us think about what’s going on underneath. Even more so once you start using the more advanced features such as the ssh-agent, agent-forwarding and ProxyJump. When doing so, care must be taken in order to not compromise one’s logins or ssh keys.<br>
28747 You might have heard of Yubikeys.<br>
28748 These are USB authentication devices that support several different modes: they can be used for OTP (One Time Password) authentication, they can store OpenPGP keys, be a 2-factor authentication token and they can act as a SmartCard.<br>
28749 In OpenBSD, you can use them for Login (with login_yubikey(8)) with OTP since 2012, and there are many descriptions available(1) how to set this up.</p>
28750 </blockquote>
28751
28752 <p><hr></p>
28753
28754 <p>###The 18 Part FreeBSD Desktop Series by Vermaden</p>
28755
28756 <ul>
28757 <li><a href="https://vermaden.wordpress.com/2018/03/29/freebsd-desktop-part-1-simplified-boot/">FreeBSD Desktop – Part 1 – Simplified Boot</a></li>
28758 <li><a href="https://vermaden.wordpress.com/2018/04/11/freebsd-desktop-part-2-install/">FreeBSD Desktop – Part 2 – Install (FreeBSD 11)</a></li>
28759 <li><a href="https://vermaden.wordpress.com/2018/11/20/freebsd-desktop-part-2-1-install-freebsd-12/">FreeBSD Desktop – Part 2.1 – Install FreeBSD 12</a></li>
28760 <li><a href="https://vermaden.wordpress.com/2018/05/22/freebsd-desktop-part-3-x11-window-system/">FreeBSD Desktop – Part 3 – X11 Window System</a></li>
28761 <li><a href="https://vermaden.wordpress.com/2018/06/15/freebsd-desktop-part-4-key-components-window-manager/">FreeBSD Desktop – Part 4 – Key Components – Window Manager</a></li>
28762 <li><a href="https://vermaden.wordpress.com/2018/06/16/freebsd-desktop-part-5-key-components-status-bar/">FreeBSD Desktop – Part 5 – Key Components – Status Bar</a></li>
28763 <li><a href="https://vermaden.wordpress.com/2018/06/21/freebsd-desktop-part-6-key-components-task-bar/">FreeBSD Desktop – Part 6 – Key Components – Task Bar</a></li>
28764 <li><a href="https://vermaden.wordpress.com/2018/06/21/freebsd-desktop-part-7-key-components-wallpaper-handling/">FreeBSD Desktop – Part 7 – Key Components – Wallpaper Handling</a></li>
28765 <li><a href="https://vermaden.wordpress.com/2018/06/21/freebsd-desktop-part-8-key-components-application-launcher/">FreeBSD Desktop – Part 8 – Key Components – Application Launcher</a></li>
28766 <li><a href="https://vermaden.wordpress.com/2018/06/22/freebsd-desktop-part-9-key-components-keyboard-mouse-shortcuts/">FreeBSD Desktop – Part 9 – Key Components – Keyboard/Mouse Shortcuts</a></li>
28767 <li><a href="https://vermaden.wordpress.com/2018/06/23/freebsd-desktop-part-10-key-components-locking-solution/">FreeBSD Desktop – Part 10 – Key Components – Locking Solution</a></li>
28768 <li><a href="https://vermaden.wordpress.com/2018/06/28/freebsd-desktop-part-11-key-components-blue-light-spectrum-suppress/">FreeBSD Desktop – Part 11 – Key Components – Blue Light Spectrum Suppress</a></li>
28769 <li><a href="https://vermaden.wordpress.com/2018/07/01/freebsd-desktop-part-12-configuration-openbox/">FreeBSD Desktop – Part 12 – Configuration – Openbox</a></li>
28770 <li><a href="https://vermaden.wordpress.com/2018/07/05/freebsd-desktop-part-13-configuration-dzen2/">FreeBSD Desktop – Part 13 – Configuration – Dzen2</a></li>
28771 <li><a href="https://vermaden.wordpress.com/2018/07/11/freebsd-desktop-part-14-configuration-tint2/">FreeBSD Desktop – Part 14 – Configuration – Tint2</a></li>
28772 <li><a href="https://vermaden.wordpress.com/2018/08/18/freebsd-desktop-part-15-configuration-fonts-frameworks/">FreeBSD Desktop – Part 15 – Configuration – Fonts & Frameworks</a></li>
28773 <li><a href="https://vermaden.wordpress.com/2018/09/19/freebsd-desktop-part-16-configuration-pause-any-application/">FreeBSD Desktop – Part 16 – Configuration – Pause Any Application</a></li>
28774 <li><a href="https://vermaden.wordpress.com/2018/10/11/freebsd-desktop-part-17-automount-removable-media/">FreeBSD Desktop – Part 17 – Automount Removable Media</a></li>
28775 </ul>
28776
28777 <p><hr></p>
28778
28779 <p>##Beastie Bits</p>
28780
28781 <ul>
28782 <li><a href="https://dataswamp.org/~solene/2019-02-18-drist-1.04.html">Drist with persistent SSH</a></li>
28783 <li><a href="https://meetings.aaas.org/arpanet-livestream/">ARPANET: Celebrating 50 Years Since “LO”</a></li>
28784 <li><a href="http://nuclear.mutantstargoat.com/sw/termtris/">Termtris - a tetris game for ANSI/VT220 terminals</a></li>
28785 <li><a href="https://github.com/billziss-gh/pmci">Poor Man’s CI - Hosted CI for BSD with shell scripting and duct tape</a></li>
28786 <li><a href="http://yeokhengmeng.com/2018/07/why-i-use-the-ibm-model-m-keyboard-that-is-older-than-me/">Why I use the IBM Model M keyboard that is older than me?</a></li>
28787 <li><a href="https://www.openbsd.org/papers/florian_slaacd_bsdcan2018.pdf">A privilege separated and sandboxed IPv6 Stateless Address AutoConfiguration Daemon</a></li>
28788 <li><a href="https://niftylettuce.com/posts/google-free-android-setup/#google-free-android-setup">Google-free Android Setup</a></li>
28789 <li><a href="https://www.meetup.com/BSD-Users-Stockholm/events/259528492/">BSD Users Stockholm Meetup #6</a></li>
28790 </ul>
28791
28792 <p><hr></p>
28793
28794 <p>##Feedback/Questions</p>
28795
28796 <ul>
28797 <li>Sijmen - <a href="http://dpaste.com/1K3ZXB2#wrap">Hi, and a Sunday afternoon toy project</a></li>
28798 <li>Clint - <a href="http://dpaste.com/24QF6J1">Tuning ZFS for NVME</a></li>
28799 <li>James - <a href="http://dpaste.com/04SDXH9">Show question</a></li>
28800 </ul>
28801
28802 <p><hr></p>
28803
28804 <ul>
28805 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
28806 </ul>
28807
28808 <p><hr></p>
28809
28810 <video controls preload="metadata" style=" width:426px; height:240px;">
28811 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0289.mp4" type="video/mp4">
28812 Your browser does not support the HTML5 video tag.
28813 </video>]]>
28814 </itunes:summary>
28815 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+v-nmfAOp</fireside:playerURL>
28816 <fireside:playerEmbedCode>
28817 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+v-nmfAOp" width="740" height="200" frameborder="0" scrolling="no">]]>
28818 </fireside:playerEmbedCode>
28819 </item>
28820 <item>
28821 <title>288: Turing Complete Sed</title>
28822 <link>https://www.bsdnow.tv/288</link>
28823 <guid isPermaLink="false">be2ff33e-e797-4fb6-9448-c715d7068e66</guid>
28824 <pubDate>Thu, 07 Mar 2019 07:00:00 -0800</pubDate>
28825 <author>Allan Jude</author>
28826 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/be2ff33e-e797-4fb6-9448-c715d7068e66.mp3" length="35693457" type="audio/mp3"/>
28827 <itunes:episodeType>full</itunes:episodeType>
28828 <itunes:author>Allan Jude</itunes:author>
28829 <itunes:subtitle>Software will never fix Spectre-type bugs, a proof that sed is Turing complete, managed jails using Bastille, new version of netdata, using grep with /dev/null, using GMail with mutt, and more.</itunes:subtitle>
28830 <itunes:duration>59:10</itunes:duration>
28831 <itunes:explicit>no</itunes:explicit>
28832 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
28833 <description>Software will never fix Spectre-type bugs, a proof that sed is Turing complete, managed jails using Bastille, new version of netdata, using grep with /dev/null, using GMail with mutt, and more.
28834 <p>##Headlines<br>
28835 ###<a href="https://arstechnica.com/gadgets/2019/02/google-software-is-never-going-to-be-able-to-fix-spectre-type-bugs/">Google: Software is never going to be able to fix Spectre-type bugs</a></p>
28836 <ul>
28837 <li><a href="https://arxiv.org/pdf/1902.05178.pdf">Spectre is here to stay: An analysis of side-channels and speculative execution</a></li>
28838 </ul>
28839 <blockquote>
28840 <p>Researchers from Google investigating the scope and impact of the Spectre attack have published a paper asserting that Spectre-like vulnerabilities are likely to be a continued feature of processors and, further, that software-based techniques for protecting against them will impose a high performance cost. And whatever the cost, the researchers continue, the software will be inadequate—some Spectre flaws don’t appear to have any effective software-based defense. As such, Spectre is going to be a continued feature of the computing landscape, with no straightforward resolution.<br>
28841 The discovery and development of the Meltdown and Spectre attacks was undoubtedly the big security story of 2018. First revealed last January, new variants and related discoveries were made throughout the rest of the year. Both attacks rely on discrepancies between the theoretical architectural behavior of a processor—the documented behavior that programmers depend on and write their programs against—and the real behavior of implementations.<br>
28842 Specifically, modern processors all perform speculative execution; they make assumptions about, for example, a value being read from memory or whether an if condition is true or false, and they allow their execution to run ahead based on these assumptions. If the assumptions are correct, the speculated results are kept; if it isn’t, the speculated results are discarded and the processor redoes the calculation. Speculative execution is not an architectural feature of the processor; it’s a feature of implementations, and so it’s supposed to be entirely invisible to running programs. When the processor discards the bad speculation, it should be as if the speculation never even happened.</p>
28843 </blockquote>
28844 <hr>
28845 <p>###<a href="https://catonmat.net/proof-that-sed-is-turing-complete">A proof that Unix utility sed is Turing complete</a></p>
28846 <blockquote>
28847 <p>Many people are surprised when they hear that sed is Turing complete. How come a text filtering program is Turing complete, they wonder. Turns out sed is a tiny assembly language that has a comparison operation, a branching operation and a temporary buffer. These operations make sed Turing complete.<br>
28848 I first learned about this from Christophe Blaess. His proof is by construction – he wrote a Turing machine in sed (download turing.sed). As any programming language that can implement a Turing machine is Turing complete we must conclude that sed is also Turing complete.<br>
28849 Christophe offers his own introduction to Turing machines and a description of how his sed implementation works in his article Implementation of a Turing Machine as a sed Script.</p>
28850 </blockquote>
28851 <blockquote>
28852 <p>Christophe isn’t the first person to realize that sed is almost a general purpose programming language. People have written tetris, sokoban and many other programs in sed. Take a look at these:</p>
28853 </blockquote>
28854 <ul>
28855 <li><a href="https://catonmat.net/ftp/sed/sedtris.sed">Tetris</a></li>
28856 <li><a href="https://catonmat.net/ftp/sed/sokoban.sed">Sokoban (game)</a></li>
28857 <li><a href="https://catonmat.net/ftp/sed/dc.sed">Calculator</a></li>
28858 </ul>
28859 <hr>
28860 <p>##News Roundup<br>
28861 <a href="https://bastillebsd.org/">Bastille helps you quickly create and manage FreeBSD Jails.</a></p>
28862 <blockquote>
28863 <p>Bastille helps you quickly create and manage FreeBSD Jails.<br>
28864 Jails are extremely lightweight containers that provide a full-featured UNIX-like operating system inside. These containers can be used for software development, rapid testing, and secure production Internet services.<br>
28865 Bastille provides an interface to create, manage and destroy these secure virtualized environments.</p>
28866 </blockquote>
28867 <ul>
28868 <li>Current version: 0.3.20190204-beta.</li>
28869 <li>Shell Script Source here: <a href="https://github.com/BastilleBSD/bastille/blob/master/usr/local/bin/bastille">https://github.com/BastilleBSD/bastille/blob/master/usr/local/bin/bastille</a></li>
28870 </ul>
28871 <hr>
28872 <p>###<a href="https://github.com/netdata/netdata/releases">netdata v1.12 released</a></p>
28873 <blockquote>
28874 <p>Netdata is distributed, real-time, performance and health monitoring for systems and applications. It is a highly optimized monitoring agent you install on all your systems and containers.<br>
28875 Netdata provides unparalleled insights, in real-time, of everything happening on the systems it runs (including web servers, databases, applications), using highly interactive web dashboards. It can run autonomously, without any third party components, or it can be integrated to existing monitoring tool chains (Prometheus, Graphite, OpenTSDB, Kafka, Grafana, etc).<br>
28876 Netdata is fast and efficient, designed to permanently run on all systems (physical &amp; virtual servers, containers, IoT devices), without disrupting their core function.</p>
28877 </blockquote>
28878 <ul>
28879 <li>Patch release 1.12.1 contains 22 bug fixes and 8 improvements.</li>
28880 </ul>
28881 <hr>
28882 <p>###<a href="https://utcc.utoronto.ca/~cks/space/blog/unix/GrepDevNull">Using grep with /dev/null, an old Unix trick</a></p>
28883 <blockquote>
28884 <p>Every so often I will find myself writing a grep invocation like this:</p>
28885 </blockquote>
28886 <p><code>find .... -exec grep &lt;something&gt; /dev/null '{}' '+'</code></p>
28887 <blockquote>
28888 <p>The peculiar presence of /dev/null here is an old Unix trick that is designed to force grep to always print out file names, even if your find only matches one file, by always insuring that grep has at least two files as arguments. You can wind up wanting to do the same thing with a direct use of grep if you’re not certain how many files your wildcard may match.</p>
28889 </blockquote>
28890 <hr>
28891 <p>###<a href="https://smalldata.tech/blog/2016/09/10/gmail-with-mutt">USING GMAIL WITH MUTT</a></p>
28892 <blockquote>
28893 <p>I recently switched to using mutt for email and while setting up mutt to use imap is pretty straightforward, this tutorial will also document some advanced concepts such as encrypting your account password and sending emails from a different From address.<br>
28894 This tutorial assumes that you have some familiarity with using mutt and have installed it with sidebar support (sudo apt-get install mutt-patched for the ubuntu folks) and are comfortable with editing your muttrc.<br>
28895 If you would just like to skip to the end, my mutt configuration file can be found <a href="https://github.com/wheresvic/vic-config/blob/master/mutt/muttrc">here</a>.</p>
28896 </blockquote>
28897 <hr>
28898 <p>##Beastie Bits</p>
28899 <ul>
28900 <li><a href="https://www.levenez.com/unix/">An Extensive UNIX Timeline</a></li>
28901 <li><a href="https://garbage.fm/episodes/47">Garbage.fm - OEF</a></li>
28902 <li><a href="https://www.dragonflydigest.com/2019/02/22/22586.html">brk() to sbrk()</a></li>
28903 <li><a href="https://www.dragonflydigest.com/2019/02/20/22566.html">Fred models, found again</a></li>
28904 <li><a href="https://ieeexplore.ieee.org/document/8541105">Kafe: Can OS Kernels Forward Packets Fast Enough for Software Routers?</a></li>
28905 <li><a href="https://meetings.aaas.org/arpanet-livestream/">ARPANET: Celebrating 50 Years Since “LO”</a></li>
28906 </ul>
28907 <hr>
28908 <p>##Feedback/Questions</p>
28909 <ul>
28910 <li>Pablo - <a href="http://dpaste.com/2BXMP7M">Topic suggestion: FreeBSD on a Laptop as daily driver</a></li>
28911 <li>Ron - <a href="http://dpaste.com/16Y2HSR#wrap">ZFS on the fly compression and seek</a></li>
28912 <li>Dave - <a href="http://dpaste.com/123AANV#wrap">two zpool, or not two zpool, that is the question</a></li>
28913 </ul>
28914 <hr>
28915 <ul>
28916 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
28917 </ul>
28918 <hr>
28919 <video controls preload="metadata" style=" width:426px; height:240px;">
28920 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0288.mp4" type="video/mp4">
28921 Your browser does not support the HTML5 video tag.
28922 </video>
28923 </description>
28924 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview</itunes:keywords>
28925 <content:encoded>
28926 <![CDATA[<p>Software will never fix Spectre-type bugs, a proof that sed is Turing complete, managed jails using Bastille, new version of netdata, using grep with /dev/null, using GMail with mutt, and more.</p>
28927
28928 <p>##Headlines<br>
28929 ###<a href="https://arstechnica.com/gadgets/2019/02/google-software-is-never-going-to-be-able-to-fix-spectre-type-bugs/">Google: Software is never going to be able to fix Spectre-type bugs</a></p>
28930
28931 <ul>
28932 <li><a href="https://arxiv.org/pdf/1902.05178.pdf">Spectre is here to stay: An analysis of side-channels and speculative execution</a></li>
28933 </ul>
28934
28935 <blockquote>
28936 <p>Researchers from Google investigating the scope and impact of the Spectre attack have published a paper asserting that Spectre-like vulnerabilities are likely to be a continued feature of processors and, further, that software-based techniques for protecting against them will impose a high performance cost. And whatever the cost, the researchers continue, the software will be inadequate—some Spectre flaws don’t appear to have any effective software-based defense. As such, Spectre is going to be a continued feature of the computing landscape, with no straightforward resolution.<br>
28937 The discovery and development of the Meltdown and Spectre attacks was undoubtedly the big security story of 2018. First revealed last January, new variants and related discoveries were made throughout the rest of the year. Both attacks rely on discrepancies between the theoretical architectural behavior of a processor—the documented behavior that programmers depend on and write their programs against—and the real behavior of implementations.<br>
28938 Specifically, modern processors all perform speculative execution; they make assumptions about, for example, a value being read from memory or whether an if condition is true or false, and they allow their execution to run ahead based on these assumptions. If the assumptions are correct, the speculated results are kept; if it isn’t, the speculated results are discarded and the processor redoes the calculation. Speculative execution is not an architectural feature of the processor; it’s a feature of implementations, and so it’s supposed to be entirely invisible to running programs. When the processor discards the bad speculation, it should be as if the speculation never even happened.</p>
28939 </blockquote>
28940
28941 <p><hr></p>
28942
28943 <p>###<a href="https://catonmat.net/proof-that-sed-is-turing-complete">A proof that Unix utility sed is Turing complete</a></p>
28944
28945 <blockquote>
28946 <p>Many people are surprised when they hear that sed is Turing complete. How come a text filtering program is Turing complete, they wonder. Turns out sed is a tiny assembly language that has a comparison operation, a branching operation and a temporary buffer. These operations make sed Turing complete.<br>
28947 I first learned about this from Christophe Blaess. His proof is by construction – he wrote a Turing machine in sed (download turing.sed). As any programming language that can implement a Turing machine is Turing complete we must conclude that sed is also Turing complete.<br>
28948 Christophe offers his own introduction to Turing machines and a description of how his sed implementation works in his article Implementation of a Turing Machine as a sed Script.</p>
28949 </blockquote>
28950
28951 <blockquote>
28952 <p>Christophe isn’t the first person to realize that sed is almost a general purpose programming language. People have written tetris, sokoban and many other programs in sed. Take a look at these:</p>
28953 </blockquote>
28954
28955 <ul>
28956 <li><a href="https://catonmat.net/ftp/sed/sedtris.sed">Tetris</a></li>
28957 <li><a href="https://catonmat.net/ftp/sed/sokoban.sed">Sokoban (game)</a></li>
28958 <li><a href="https://catonmat.net/ftp/sed/dc.sed">Calculator</a></li>
28959 </ul>
28960
28961 <p><hr></p>
28962
28963 <p>##News Roundup<br>
28964 ###<a href="https://bastillebsd.org/">Bastille helps you quickly create and manage FreeBSD Jails.</a></p>
28965
28966 <blockquote>
28967 <p>Bastille helps you quickly create and manage FreeBSD Jails.<br>
28968 Jails are extremely lightweight containers that provide a full-featured UNIX-like operating system inside. These containers can be used for software development, rapid testing, and secure production Internet services.<br>
28969 Bastille provides an interface to create, manage and destroy these secure virtualized environments.</p>
28970 </blockquote>
28971
28972 <ul>
28973 <li>Current version: 0.3.20190204-beta.</li>
28974 <li>Shell Script Source here: <a href="https://github.com/BastilleBSD/bastille/blob/master/usr/local/bin/bastille">https://github.com/BastilleBSD/bastille/blob/master/usr/local/bin/bastille</a></li>
28975 </ul>
28976
28977 <p><hr></p>
28978
28979 <p>###<a href="https://github.com/netdata/netdata/releases">netdata v1.12 released</a></p>
28980
28981 <blockquote>
28982 <p>Netdata is distributed, real-time, performance and health monitoring for systems and applications. It is a highly optimized monitoring agent you install on all your systems and containers.<br>
28983 Netdata provides unparalleled insights, in real-time, of everything happening on the systems it runs (including web servers, databases, applications), using highly interactive web dashboards. It can run autonomously, without any third party components, or it can be integrated to existing monitoring tool chains (Prometheus, Graphite, OpenTSDB, Kafka, Grafana, etc).<br>
28984 Netdata is fast and efficient, designed to permanently run on all systems (physical & virtual servers, containers, IoT devices), without disrupting their core function.</p>
28985 </blockquote>
28986
28987 <ul>
28988 <li>Patch release 1.12.1 contains 22 bug fixes and 8 improvements.</li>
28989 </ul>
28990
28991 <p><hr></p>
28992
28993 <p>###<a href="https://utcc.utoronto.ca/~cks/space/blog/unix/GrepDevNull">Using grep with /dev/null, an old Unix trick</a></p>
28994
28995 <blockquote>
28996 <p>Every so often I will find myself writing a grep invocation like this:</p>
28997 </blockquote>
28998
28999 <p><code>find .... -exec grep <something> /dev/null '{}' '+'</code></p>
29000
29001 <blockquote>
29002 <p>The peculiar presence of /dev/null here is an old Unix trick that is designed to force grep to always print out file names, even if your find only matches one file, by always insuring that grep has at least two files as arguments. You can wind up wanting to do the same thing with a direct use of grep if you’re not certain how many files your wildcard may match.</p>
29003 </blockquote>
29004
29005 <p><hr></p>
29006
29007 <p>###<a href="https://smalldata.tech/blog/2016/09/10/gmail-with-mutt">USING GMAIL WITH MUTT</a></p>
29008
29009 <blockquote>
29010 <p>I recently switched to using mutt for email and while setting up mutt to use imap is pretty straightforward, this tutorial will also document some advanced concepts such as encrypting your account password and sending emails from a different From address.<br>
29011 This tutorial assumes that you have some familiarity with using mutt and have installed it with sidebar support (sudo apt-get install mutt-patched for the ubuntu folks) and are comfortable with editing your muttrc.<br>
29012 If you would just like to skip to the end, my mutt configuration file can be found <a href="https://github.com/wheresvic/vic-config/blob/master/mutt/muttrc">here</a>.</p>
29013 </blockquote>
29014
29015 <p><hr></p>
29016
29017 <p>##Beastie Bits</p>
29018
29019 <ul>
29020 <li><a href="https://www.levenez.com/unix/">An Extensive UNIX Timeline</a></li>
29021 <li><a href="https://garbage.fm/episodes/47">Garbage.fm - OEF</a></li>
29022 <li><a href="https://www.dragonflydigest.com/2019/02/22/22586.html">brk() to sbrk()</a></li>
29023 <li><a href="https://www.dragonflydigest.com/2019/02/20/22566.html">Fred models, found again</a></li>
29024 <li><a href="https://ieeexplore.ieee.org/document/8541105">Kafe: Can OS Kernels Forward Packets Fast Enough for Software Routers?</a></li>
29025 <li><a href="https://meetings.aaas.org/arpanet-livestream/">ARPANET: Celebrating 50 Years Since “LO”</a></li>
29026 </ul>
29027
29028 <p><hr></p>
29029
29030 <p>##Feedback/Questions</p>
29031
29032 <ul>
29033 <li>Pablo - <a href="http://dpaste.com/2BXMP7M">Topic suggestion: FreeBSD on a Laptop as daily driver</a></li>
29034 <li>Ron - <a href="http://dpaste.com/16Y2HSR#wrap">ZFS on the fly compression and seek</a></li>
29035 <li>Dave - <a href="http://dpaste.com/123AANV#wrap">two zpool, or not two zpool, that is the question</a></li>
29036 </ul>
29037
29038 <p><hr></p>
29039
29040 <ul>
29041 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
29042 </ul>
29043
29044 <p><hr></p>
29045
29046 <video controls preload="metadata" style=" width:426px; height:240px;">
29047 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0288.mp4" type="video/mp4">
29048 Your browser does not support the HTML5 video tag.
29049 </video>]]>
29050 </content:encoded>
29051 <itunes:summary>
29052 <![CDATA[<p>Software will never fix Spectre-type bugs, a proof that sed is Turing complete, managed jails using Bastille, new version of netdata, using grep with /dev/null, using GMail with mutt, and more.</p>
29053
29054 <p>##Headlines<br>
29055 ###<a href="https://arstechnica.com/gadgets/2019/02/google-software-is-never-going-to-be-able-to-fix-spectre-type-bugs/">Google: Software is never going to be able to fix Spectre-type bugs</a></p>
29056
29057 <ul>
29058 <li><a href="https://arxiv.org/pdf/1902.05178.pdf">Spectre is here to stay: An analysis of side-channels and speculative execution</a></li>
29059 </ul>
29060
29061 <blockquote>
29062 <p>Researchers from Google investigating the scope and impact of the Spectre attack have published a paper asserting that Spectre-like vulnerabilities are likely to be a continued feature of processors and, further, that software-based techniques for protecting against them will impose a high performance cost. And whatever the cost, the researchers continue, the software will be inadequate—some Spectre flaws don’t appear to have any effective software-based defense. As such, Spectre is going to be a continued feature of the computing landscape, with no straightforward resolution.<br>
29063 The discovery and development of the Meltdown and Spectre attacks was undoubtedly the big security story of 2018. First revealed last January, new variants and related discoveries were made throughout the rest of the year. Both attacks rely on discrepancies between the theoretical architectural behavior of a processor—the documented behavior that programmers depend on and write their programs against—and the real behavior of implementations.<br>
29064 Specifically, modern processors all perform speculative execution; they make assumptions about, for example, a value being read from memory or whether an if condition is true or false, and they allow their execution to run ahead based on these assumptions. If the assumptions are correct, the speculated results are kept; if it isn’t, the speculated results are discarded and the processor redoes the calculation. Speculative execution is not an architectural feature of the processor; it’s a feature of implementations, and so it’s supposed to be entirely invisible to running programs. When the processor discards the bad speculation, it should be as if the speculation never even happened.</p>
29065 </blockquote>
29066
29067 <p><hr></p>
29068
29069 <p>###<a href="https://catonmat.net/proof-that-sed-is-turing-complete">A proof that Unix utility sed is Turing complete</a></p>
29070
29071 <blockquote>
29072 <p>Many people are surprised when they hear that sed is Turing complete. How come a text filtering program is Turing complete, they wonder. Turns out sed is a tiny assembly language that has a comparison operation, a branching operation and a temporary buffer. These operations make sed Turing complete.<br>
29073 I first learned about this from Christophe Blaess. His proof is by construction – he wrote a Turing machine in sed (download turing.sed). As any programming language that can implement a Turing machine is Turing complete we must conclude that sed is also Turing complete.<br>
29074 Christophe offers his own introduction to Turing machines and a description of how his sed implementation works in his article Implementation of a Turing Machine as a sed Script.</p>
29075 </blockquote>
29076
29077 <blockquote>
29078 <p>Christophe isn’t the first person to realize that sed is almost a general purpose programming language. People have written tetris, sokoban and many other programs in sed. Take a look at these:</p>
29079 </blockquote>
29080
29081 <ul>
29082 <li><a href="https://catonmat.net/ftp/sed/sedtris.sed">Tetris</a></li>
29083 <li><a href="https://catonmat.net/ftp/sed/sokoban.sed">Sokoban (game)</a></li>
29084 <li><a href="https://catonmat.net/ftp/sed/dc.sed">Calculator</a></li>
29085 </ul>
29086
29087 <p><hr></p>
29088
29089 <p>##News Roundup<br>
29090 ###<a href="https://bastillebsd.org/">Bastille helps you quickly create and manage FreeBSD Jails.</a></p>
29091
29092 <blockquote>
29093 <p>Bastille helps you quickly create and manage FreeBSD Jails.<br>
29094 Jails are extremely lightweight containers that provide a full-featured UNIX-like operating system inside. These containers can be used for software development, rapid testing, and secure production Internet services.<br>
29095 Bastille provides an interface to create, manage and destroy these secure virtualized environments.</p>
29096 </blockquote>
29097
29098 <ul>
29099 <li>Current version: 0.3.20190204-beta.</li>
29100 <li>Shell Script Source here: <a href="https://github.com/BastilleBSD/bastille/blob/master/usr/local/bin/bastille">https://github.com/BastilleBSD/bastille/blob/master/usr/local/bin/bastille</a></li>
29101 </ul>
29102
29103 <p><hr></p>
29104
29105 <p>###<a href="https://github.com/netdata/netdata/releases">netdata v1.12 released</a></p>
29106
29107 <blockquote>
29108 <p>Netdata is distributed, real-time, performance and health monitoring for systems and applications. It is a highly optimized monitoring agent you install on all your systems and containers.<br>
29109 Netdata provides unparalleled insights, in real-time, of everything happening on the systems it runs (including web servers, databases, applications), using highly interactive web dashboards. It can run autonomously, without any third party components, or it can be integrated to existing monitoring tool chains (Prometheus, Graphite, OpenTSDB, Kafka, Grafana, etc).<br>
29110 Netdata is fast and efficient, designed to permanently run on all systems (physical & virtual servers, containers, IoT devices), without disrupting their core function.</p>
29111 </blockquote>
29112
29113 <ul>
29114 <li>Patch release 1.12.1 contains 22 bug fixes and 8 improvements.</li>
29115 </ul>
29116
29117 <p><hr></p>
29118
29119 <p>###<a href="https://utcc.utoronto.ca/~cks/space/blog/unix/GrepDevNull">Using grep with /dev/null, an old Unix trick</a></p>
29120
29121 <blockquote>
29122 <p>Every so often I will find myself writing a grep invocation like this:</p>
29123 </blockquote>
29124
29125 <p><code>find .... -exec grep <something> /dev/null '{}' '+'</code></p>
29126
29127 <blockquote>
29128 <p>The peculiar presence of /dev/null here is an old Unix trick that is designed to force grep to always print out file names, even if your find only matches one file, by always insuring that grep has at least two files as arguments. You can wind up wanting to do the same thing with a direct use of grep if you’re not certain how many files your wildcard may match.</p>
29129 </blockquote>
29130
29131 <p><hr></p>
29132
29133 <p>###<a href="https://smalldata.tech/blog/2016/09/10/gmail-with-mutt">USING GMAIL WITH MUTT</a></p>
29134
29135 <blockquote>
29136 <p>I recently switched to using mutt for email and while setting up mutt to use imap is pretty straightforward, this tutorial will also document some advanced concepts such as encrypting your account password and sending emails from a different From address.<br>
29137 This tutorial assumes that you have some familiarity with using mutt and have installed it with sidebar support (sudo apt-get install mutt-patched for the ubuntu folks) and are comfortable with editing your muttrc.<br>
29138 If you would just like to skip to the end, my mutt configuration file can be found <a href="https://github.com/wheresvic/vic-config/blob/master/mutt/muttrc">here</a>.</p>
29139 </blockquote>
29140
29141 <p><hr></p>
29142
29143 <p>##Beastie Bits</p>
29144
29145 <ul>
29146 <li><a href="https://www.levenez.com/unix/">An Extensive UNIX Timeline</a></li>
29147 <li><a href="https://garbage.fm/episodes/47">Garbage.fm - OEF</a></li>
29148 <li><a href="https://www.dragonflydigest.com/2019/02/22/22586.html">brk() to sbrk()</a></li>
29149 <li><a href="https://www.dragonflydigest.com/2019/02/20/22566.html">Fred models, found again</a></li>
29150 <li><a href="https://ieeexplore.ieee.org/document/8541105">Kafe: Can OS Kernels Forward Packets Fast Enough for Software Routers?</a></li>
29151 <li><a href="https://meetings.aaas.org/arpanet-livestream/">ARPANET: Celebrating 50 Years Since “LO”</a></li>
29152 </ul>
29153
29154 <p><hr></p>
29155
29156 <p>##Feedback/Questions</p>
29157
29158 <ul>
29159 <li>Pablo - <a href="http://dpaste.com/2BXMP7M">Topic suggestion: FreeBSD on a Laptop as daily driver</a></li>
29160 <li>Ron - <a href="http://dpaste.com/16Y2HSR#wrap">ZFS on the fly compression and seek</a></li>
29161 <li>Dave - <a href="http://dpaste.com/123AANV#wrap">two zpool, or not two zpool, that is the question</a></li>
29162 </ul>
29163
29164 <p><hr></p>
29165
29166 <ul>
29167 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
29168 </ul>
29169
29170 <p><hr></p>
29171
29172 <video controls preload="metadata" style=" width:426px; height:240px;">
29173 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0288.mp4" type="video/mp4">
29174 Your browser does not support the HTML5 video tag.
29175 </video>]]>
29176 </itunes:summary>
29177 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+ytWlgh4Z</fireside:playerURL>
29178 <fireside:playerEmbedCode>
29179 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+ytWlgh4Z" width="740" height="200" frameborder="0" scrolling="no">]]>
29180 </fireside:playerEmbedCode>
29181 </item>
29182 <item>
29183 <title>287: rc.d in NetBSD</title>
29184 <link>https://www.bsdnow.tv/287</link>
29185 <guid isPermaLink="false">e66ab35a-1745-4485-a2c3-142c6c471df0</guid>
29186 <pubDate>Thu, 28 Feb 2019 09:00:00 -0800</pubDate>
29187 <author>Allan Jude</author>
29188 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/e66ab35a-1745-4485-a2c3-142c6c471df0.mp3" length="36387926" type="audio/mp3"/>
29189 <itunes:episodeType>full</itunes:episodeType>
29190 <itunes:author>Allan Jude</itunes:author>
29191 <itunes:subtitle>Design and Implementation of NetBSD’s rc.d system, first impressions of Project Trident 18.12, PXE booting a FreeBSD disk image, middle mouse button pasting, NetBSD gains hardware accelerated virtualization, and more.</itunes:subtitle>
29192 <itunes:duration>1:00:20</itunes:duration>
29193 <itunes:explicit>no</itunes:explicit>
29194 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
29195 <description>Design and Implementation of NetBSD’s rc.d system, first impressions of Project Trident 18.12, PXE booting a FreeBSD disk image, middle mouse button pasting, NetBSD gains hardware accelerated virtualization, and more.
29196 <p>##Headlines<br>
29197 ###<a href="https://www.usenix.org/legacy/events/usenix01/freenix01/full_papers/mewburn/mewburn_html/index.html">The Design and Implementation of the NetBSD rc.d system</a></p>
29198 <ul>
29199 <li>Abstract</li>
29200 </ul>
29201 <blockquote>
29202 <p>In this paper I cover the design and implementation of the rc.d system start-up mechanism in NetBSD 1.5, which replaced the monolithic /etc/rc start-up file inherited from 4.4BSD. Topics covered include a history of various UNIX start-up mechanisms (including NetBSD prior to 1.5), design considerations that evolved over six years of discussions, implementation details, an examination of the human issues that occurred during the design and implementation, as well as future directions for the system.</p>
29203 </blockquote>
29204 <ul>
29205 <li>Introduction</li>
29206 </ul>
29207 <blockquote>
29208 <p>NetBSD recently converted from the traditional 4.4BSD monolithic /etc/rc start-up script to an /etc/rc.d mechanism, where there is a separate script to manage each service or daemon, and these scripts are executed in a specific order at system boot.<br>
29209 This paper covers the motivation, design and implementation of the rc.d system; from the history of what NetBSD had before to the system that NetBSD 1.5 shipped with in December 2000, as well as future directions.<br>
29210 The changes were contentious and generated some of the liveliest discussions about any feature change ever made in NetBSD. Parts of those discussions will be covered to provide insight into some of the design and implementation decisions.</p>
29211 </blockquote>
29212 <ul>
29213 <li>History</li>
29214 </ul>
29215 <blockquote>
29216 <p>There is great diversity in the system start-up mechanisms used by various UNIX variants. A few of the more pertinent schemes are detailed below. As NetBSD is derived from 4.4BSD, it follows that a description of the latter’s method is relevant. Solaris’ start-up method is also detailed, as it is the most common System V UNIX variant.</p>
29217 </blockquote>
29218 <hr>
29219 <p>###<a href="https://distrowatch.com/weekly.php?issue=20190211#trident">First impressions of Project Trident 18.12</a></p>
29220 <blockquote>
29221 <p>Project Trident (hereafter referred to as Trident) is a desktop operating system based on TrueOS. Trident takes the rolling base platform of TrueOS, which is in turn based on FreeBSD’s development branch, and combines it with the Lumina desktop environment.</p>
29222 </blockquote>
29223 <p>+Installing</p>
29224 <blockquote>
29225 <p>The debut release of Trident is available as a 4.1GB download that can be burned to a disc or transferred to a USB thumb drive. Booting from the Trident media brings up a graphical interface and automatically launches the project’s system installer. Down the left side of the display there are buttons we can click to show hardware information and configuration options. These buttons let us know if our wireless card and video card are compatible with Trident and give us a chance to change our preferred language and keyboard layout. At the bottom of the screen we find buttons that will open a terminal or shutdown the computer.</p>
29226 </blockquote>
29227 <ul>
29228 <li>Early impressions</li>
29229 </ul>
29230 <blockquote>
29231 <p>Trident boots to a graphical login screen where we can sign into the Lumina desktop or a minimal Fluxbox session. Lumina, by default, uses Fluxbox as its window manager. The Lumina desktop places its panel along the bottom of the screen and an application menu sits in the bottom-left corner. On the desktop we find icons for opening the software manager, launching the Falkon web browser, running the VLC media player, opening the Control Panel and adjusting the Lumina theme.<br>
29232 The application menu has an unusual and compact layout. The menu shows just a search box and buttons for browsing applications, opening a file manager, accessing desktop settings and signing out. To see what applications are available we can click the Browse Applications entry, which opens a window in the menu where we can scroll through installed programs. This is a bit awkward since the display window is small and only shows a few items at a time.<br>
29233 Early on I found it is possible to swap out the default “Start menu” with an alternative “Application menu” through the Panels configuration tool. This alternative menu offers a classic tree-style application menu. I found the latter menu easier to navigate as it expands to show all the applications in a selected category.</p>
29234 </blockquote>
29235 <ul>
29236 <li>Conclusions</li>
29237 </ul>
29238 <blockquote>
29239 <p>I have a lot of mixed feelings and impressions when it comes to Trident. On the one hand, the operating system has some great technology under the hook. It has cutting edge packages from the FreeBSD ecosystem, we have easy access to ZFS, boot environments, and lots of open source packages. Hardware support, at least on my physical workstation, was solid and the Lumina desktop is flexible.</p>
29240 </blockquote>
29241 <hr>
29242 <p>##News Roundup<br>
29243 <a href="https://blog.cochard.me/2019/02/pxe-booting-of-freebsd-disk-image.html">PXE booting of a FreeBSD disk image</a></p>
29244 <blockquote>
29245 <p>I had to set up a regression and network performance lab. This lab will be managed by a Jenkins, but the first step is to understand how to boot a FreeBSD disk by PXE. This article explains a simple way of doing it.<br>
29246 For information, all these steps were done using 2 PC Engines APU2 (upgraded with latest BIOS for iPXE support), so it’s a headless (serial port only, this can be IPMI SoL with different hardware) .</p>
29247 </blockquote>
29248 <ul>
29249 <li>THE BIG PICTURE</li>
29250 </ul>
29251 <blockquote>
29252 <p>Before explaining all steps and command line, here is the <a href="https://1.bp.blogspot.com/-SCUJAjowhYw/XG-b-qWGuXI/AAAAAAAAmXw/SVXHDC9hsMwZNB2P5glsZx0iFoCE9SAXQCLcBGAs/s1600/PXE%2Band%2BFreeBSD%2Bmfs%2Bimage.png">full big picture</a> of the final process.</p>
29253 </blockquote>
29254 <hr>
29255 <p>###<a href="https://utcc.utoronto.ca/~cks/space/blog/unix/MouseMovementAndPaste">Why I like middle mouse button paste in xterm so much</a></p>
29256 <blockquote>
29257 <p>In my entry about how touchpads are not mice, I mused that one of the things I should do on my laptop was insure that I had a keyboard binding for paste, since middle mouse button is one of the harder multi-finger gestures to land on a touchpad. Kurt Mosiejczuk recently left a comment there where they said:<br>
29258 Shift-Insert is a keyboard equivalent for paste that is in default xterm (at least OpenBSD xterm, and putty on Windows too). I use that most of the time now as it seems less… trigger-happy than right click paste.<br>
29259 This sparked some thoughts, because I can’t imagine giving up middle mouse paste if I have a real choice. I had earlier seen shift-insert mentioned in other commentary on my entry and so have tried a bit to use it on my laptop, and it hasn’t really felt great even there; on my desktops, it’s even less appealing (I tried shift-insert out there to confirm that it did work in my set of wacky X resources).<br>
29260 In thinking about why this is, I came to the obvious realization about why all of this is so. I like middle mouse button paste in normal usage because it’s so convenient, because almost all of the time my hand is already on the mouse. And the reason my hand is already on the mouse is because I’ve just used the mouse to shift focus to the window I want to paste into. Even on my laptop, my right hand is usually away from the keyboard as I move the mouse pointer on the touchpad, making shift-Insert at least somewhat awkward.</p>
29261 </blockquote>
29262 <hr>
29263 <p>###<a href="http://m00nbsd.net/4e0798b7f2620c965d0dd9d6a7a2f296.html">NetBSD Gains Hardware Accelerated Virtualization</a></p>
29264 <ul>
29265 <li>NetBSD Virtual Machine Monitor</li>
29266 </ul>
29267 <blockquote>
29268 <p>NVMM provides hardware-accelerated virtualization support for NetBSD. It is made of an ~MI frontend, to which MD backends can be plugged. A virtualization API is shipped via libnvmm, that allows to easily create and manage virtual machines via NVMM. Two additional components are shipped as demonstrators, toyvirt and smallkern: the former is a toy virtualizer, that executes in a VM the 64bit ELF binary given as argument, the latter is an example of such binary.</p>
29269 </blockquote>
29270 <hr>
29271 <p>##Beastie Bits</p>
29272 <ul>
29273 <li><a href="https://www.solobsd.org/index.php/2019/02/11/solobsd-19-02-stable/">SoloBSD 19.02-STABLE</a></li>
29274 <li><a href="https://project-trident.org/post/2019-02-20_18.12-u5_available/">Project Trident 18.12-U5 available</a></li>
29275 <li><a href="https://mwl.io/archives/4076">“Sudo Mastery, Second Edition” and Cover Art</a></li>
29276 <li><a href="https://blog.netbsd.org/tnf/entry/mksanitizer_bug_detector_software_integration">MKSANITIZER - bug detector software integration with the NetBSD userland</a></li>
29277 <li><a href="https://old.reddit.com/r/unix/comments/aplxjf/darn_kids_nowadays_back_in_my_day_we_drew_rude/">Darn kids nowadays… back in my day we drew rude symbols like normal people.</a> {{top two comments}}</li>
29278 <li><a href="https://www.shellcheck.net/">ShellCheck<br>
29279 finds bugs in your shell scripts.</a></li>
29280 <li><a href="https://www.youtube.com/watch?v=JuHpABL46a8">Old School Sean - A history of UNIX</a></li>
29281 </ul>
29282 <hr>
29283 <p>##Feedback/Questions</p>
29284 <ul>
29285 <li>Ales - <a href="http://dpaste.com/3T8VTDJ">OpenBSD, FreeNAS, OpenZFS questions</a></li>
29286 <li>Malcolm - <a href="http://dpaste.com/2X63H8Q">Thoughts on Pgsql + ZFS thread?</a></li>
29287 <li>Brad - <a href="http://dpaste.com/02DCADV#wrap">Boot Environments in FreeBSD</a></li>
29288 </ul>
29289 <hr>
29290 <ul>
29291 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
29292 </ul>
29293 <hr>
29294 <video controls preload="metadata" style=" width:426px; height:240px;">
29295 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0287.mp4" type="video/mp4">
29296 Your browser does not support the HTML5 video tag.
29297 </video>
29298 </description>
29299 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview</itunes:keywords>
29300 <content:encoded>
29301 <![CDATA[<p>Design and Implementation of NetBSD’s rc.d system, first impressions of Project Trident 18.12, PXE booting a FreeBSD disk image, middle mouse button pasting, NetBSD gains hardware accelerated virtualization, and more.</p>
29302
29303 <p>##Headlines<br>
29304 ###<a href="https://www.usenix.org/legacy/events/usenix01/freenix01/full_papers/mewburn/mewburn_html/index.html">The Design and Implementation of the NetBSD rc.d system</a></p>
29305
29306 <ul>
29307 <li>Abstract</li>
29308 </ul>
29309
29310 <blockquote>
29311 <p>In this paper I cover the design and implementation of the rc.d system start-up mechanism in NetBSD 1.5, which replaced the monolithic /etc/rc start-up file inherited from 4.4BSD. Topics covered include a history of various UNIX start-up mechanisms (including NetBSD prior to 1.5), design considerations that evolved over six years of discussions, implementation details, an examination of the human issues that occurred during the design and implementation, as well as future directions for the system.</p>
29312 </blockquote>
29313
29314 <ul>
29315 <li>Introduction</li>
29316 </ul>
29317
29318 <blockquote>
29319 <p>NetBSD recently converted from the traditional 4.4BSD monolithic /etc/rc start-up script to an /etc/rc.d mechanism, where there is a separate script to manage each service or daemon, and these scripts are executed in a specific order at system boot.<br>
29320 This paper covers the motivation, design and implementation of the rc.d system; from the history of what NetBSD had before to the system that NetBSD 1.5 shipped with in December 2000, as well as future directions.<br>
29321 The changes were contentious and generated some of the liveliest discussions about any feature change ever made in NetBSD. Parts of those discussions will be covered to provide insight into some of the design and implementation decisions.</p>
29322 </blockquote>
29323
29324 <ul>
29325 <li>History</li>
29326 </ul>
29327
29328 <blockquote>
29329 <p>There is great diversity in the system start-up mechanisms used by various UNIX variants. A few of the more pertinent schemes are detailed below. As NetBSD is derived from 4.4BSD, it follows that a description of the latter’s method is relevant. Solaris’ start-up method is also detailed, as it is the most common System V UNIX variant.</p>
29330 </blockquote>
29331
29332 <p><hr></p>
29333
29334 <p>###<a href="https://distrowatch.com/weekly.php?issue=20190211#trident">First impressions of Project Trident 18.12</a></p>
29335
29336 <blockquote>
29337 <p>Project Trident (hereafter referred to as Trident) is a desktop operating system based on TrueOS. Trident takes the rolling base platform of TrueOS, which is in turn based on FreeBSD’s development branch, and combines it with the Lumina desktop environment.</p>
29338 </blockquote>
29339
29340 <p>+Installing</p>
29341
29342 <blockquote>
29343 <p>The debut release of Trident is available as a 4.1GB download that can be burned to a disc or transferred to a USB thumb drive. Booting from the Trident media brings up a graphical interface and automatically launches the project’s system installer. Down the left side of the display there are buttons we can click to show hardware information and configuration options. These buttons let us know if our wireless card and video card are compatible with Trident and give us a chance to change our preferred language and keyboard layout. At the bottom of the screen we find buttons that will open a terminal or shutdown the computer.</p>
29344 </blockquote>
29345
29346 <ul>
29347 <li>Early impressions</li>
29348 </ul>
29349
29350 <blockquote>
29351 <p>Trident boots to a graphical login screen where we can sign into the Lumina desktop or a minimal Fluxbox session. Lumina, by default, uses Fluxbox as its window manager. The Lumina desktop places its panel along the bottom of the screen and an application menu sits in the bottom-left corner. On the desktop we find icons for opening the software manager, launching the Falkon web browser, running the VLC media player, opening the Control Panel and adjusting the Lumina theme.<br>
29352 The application menu has an unusual and compact layout. The menu shows just a search box and buttons for browsing applications, opening a file manager, accessing desktop settings and signing out. To see what applications are available we can click the Browse Applications entry, which opens a window in the menu where we can scroll through installed programs. This is a bit awkward since the display window is small and only shows a few items at a time.<br>
29353 Early on I found it is possible to swap out the default “Start menu” with an alternative “Application menu” through the Panels configuration tool. This alternative menu offers a classic tree-style application menu. I found the latter menu easier to navigate as it expands to show all the applications in a selected category.</p>
29354 </blockquote>
29355
29356 <ul>
29357 <li>Conclusions</li>
29358 </ul>
29359
29360 <blockquote>
29361 <p>I have a lot of mixed feelings and impressions when it comes to Trident. On the one hand, the operating system has some great technology under the hook. It has cutting edge packages from the FreeBSD ecosystem, we have easy access to ZFS, boot environments, and lots of open source packages. Hardware support, at least on my physical workstation, was solid and the Lumina desktop is flexible.</p>
29362 </blockquote>
29363
29364 <p><hr></p>
29365
29366 <p>##News Roundup<br>
29367 ###<a href="https://blog.cochard.me/2019/02/pxe-booting-of-freebsd-disk-image.html">PXE booting of a FreeBSD disk image</a></p>
29368
29369 <blockquote>
29370 <p>I had to set up a regression and network performance lab. This lab will be managed by a Jenkins, but the first step is to understand how to boot a FreeBSD disk by PXE. This article explains a simple way of doing it.<br>
29371 For information, all these steps were done using 2 PC Engines APU2 (upgraded with latest BIOS for iPXE support), so it’s a headless (serial port only, this can be IPMI SoL with different hardware) .</p>
29372 </blockquote>
29373
29374 <ul>
29375 <li>THE BIG PICTURE</li>
29376 </ul>
29377
29378 <blockquote>
29379 <p>Before explaining all steps and command line, here is the <a href="https://1.bp.blogspot.com/-SCUJAjowhYw/XG-b-qWGuXI/AAAAAAAAmXw/SVXHDC9hsMwZNB2P5glsZx0iFoCE9SAXQCLcBGAs/s1600/PXE%2Band%2BFreeBSD%2Bmfs%2Bimage.png">full big picture</a> of the final process.</p>
29380 </blockquote>
29381
29382 <p><hr></p>
29383
29384 <p>###<a href="https://utcc.utoronto.ca/~cks/space/blog/unix/MouseMovementAndPaste">Why I like middle mouse button paste in xterm so much</a></p>
29385
29386 <blockquote>
29387 <p>In my entry about how touchpads are not mice, I mused that one of the things I should do on my laptop was insure that I had a keyboard binding for paste, since middle mouse button is one of the harder multi-finger gestures to land on a touchpad. Kurt Mosiejczuk recently left a comment there where they said:<br>
29388 Shift-Insert is a keyboard equivalent for paste that is in default xterm (at least OpenBSD xterm, and putty on Windows too). I use that most of the time now as it seems less… trigger-happy than right click paste.<br>
29389 This sparked some thoughts, because I can’t imagine giving up middle mouse paste if I have a real choice. I had earlier seen shift-insert mentioned in other commentary on my entry and so have tried a bit to use it on my laptop, and it hasn’t really felt great even there; on my desktops, it’s even less appealing (I tried shift-insert out there to confirm that it did work in my set of wacky X resources).<br>
29390 In thinking about why this is, I came to the obvious realization about why all of this is so. I like middle mouse button paste in normal usage because it’s so convenient, because almost all of the time my hand is already on the mouse. And the reason my hand is already on the mouse is because I’ve just used the mouse to shift focus to the window I want to paste into. Even on my laptop, my right hand is usually away from the keyboard as I move the mouse pointer on the touchpad, making shift-Insert at least somewhat awkward.</p>
29391 </blockquote>
29392
29393 <p><hr></p>
29394
29395 <p>###<a href="http://m00nbsd.net/4e0798b7f2620c965d0dd9d6a7a2f296.html">NetBSD Gains Hardware Accelerated Virtualization</a></p>
29396
29397 <ul>
29398 <li>NetBSD Virtual Machine Monitor</li>
29399 </ul>
29400
29401 <blockquote>
29402 <p>NVMM provides hardware-accelerated virtualization support for NetBSD. It is made of an ~MI frontend, to which MD backends can be plugged. A virtualization API is shipped via libnvmm, that allows to easily create and manage virtual machines via NVMM. Two additional components are shipped as demonstrators, toyvirt and smallkern: the former is a toy virtualizer, that executes in a VM the 64bit ELF binary given as argument, the latter is an example of such binary.</p>
29403 </blockquote>
29404
29405 <p><hr></p>
29406
29407 <p>##Beastie Bits</p>
29408
29409 <ul>
29410 <li><a href="https://www.solobsd.org/index.php/2019/02/11/solobsd-19-02-stable/">SoloBSD 19.02-STABLE</a></li>
29411 <li><a href="https://project-trident.org/post/2019-02-20_18.12-u5_available/">Project Trident 18.12-U5 available</a></li>
29412 <li><a href="https://mwl.io/archives/4076">“Sudo Mastery, Second Edition” and Cover Art</a></li>
29413 <li><a href="https://blog.netbsd.org/tnf/entry/mksanitizer_bug_detector_software_integration">MKSANITIZER - bug detector software integration with the NetBSD userland</a></li>
29414 <li><a href="https://old.reddit.com/r/unix/comments/aplxjf/darn_kids_nowadays_back_in_my_day_we_drew_rude/">Darn kids nowadays… back in my day we drew rude symbols like normal people.</a> {{top two comments}}</li>
29415 <li><a href="https://www.shellcheck.net/">ShellCheck<br>
29416 finds bugs in your shell scripts.</a></li>
29417 <li><a href="https://www.youtube.com/watch?v=JuHpABL46a8">Old School Sean - A history of UNIX</a></li>
29418 </ul>
29419
29420 <p><hr></p>
29421
29422 <p>##Feedback/Questions</p>
29423
29424 <ul>
29425 <li>Ales - <a href="http://dpaste.com/3T8VTDJ">OpenBSD, FreeNAS, OpenZFS questions</a></li>
29426 <li>Malcolm - <a href="http://dpaste.com/2X63H8Q">Thoughts on Pgsql + ZFS thread?</a></li>
29427 <li>Brad - <a href="http://dpaste.com/02DCADV#wrap">Boot Environments in FreeBSD</a></li>
29428 </ul>
29429
29430 <p><hr></p>
29431
29432 <ul>
29433 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
29434 </ul>
29435
29436 <p><hr></p>
29437
29438 <video controls preload="metadata" style=" width:426px; height:240px;">
29439 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0287.mp4" type="video/mp4">
29440 Your browser does not support the HTML5 video tag.
29441 </video>]]>
29442 </content:encoded>
29443 <itunes:summary>
29444 <![CDATA[<p>Design and Implementation of NetBSD’s rc.d system, first impressions of Project Trident 18.12, PXE booting a FreeBSD disk image, middle mouse button pasting, NetBSD gains hardware accelerated virtualization, and more.</p>
29445
29446 <p>##Headlines<br>
29447 ###<a href="https://www.usenix.org/legacy/events/usenix01/freenix01/full_papers/mewburn/mewburn_html/index.html">The Design and Implementation of the NetBSD rc.d system</a></p>
29448
29449 <ul>
29450 <li>Abstract</li>
29451 </ul>
29452
29453 <blockquote>
29454 <p>In this paper I cover the design and implementation of the rc.d system start-up mechanism in NetBSD 1.5, which replaced the monolithic /etc/rc start-up file inherited from 4.4BSD. Topics covered include a history of various UNIX start-up mechanisms (including NetBSD prior to 1.5), design considerations that evolved over six years of discussions, implementation details, an examination of the human issues that occurred during the design and implementation, as well as future directions for the system.</p>
29455 </blockquote>
29456
29457 <ul>
29458 <li>Introduction</li>
29459 </ul>
29460
29461 <blockquote>
29462 <p>NetBSD recently converted from the traditional 4.4BSD monolithic /etc/rc start-up script to an /etc/rc.d mechanism, where there is a separate script to manage each service or daemon, and these scripts are executed in a specific order at system boot.<br>
29463 This paper covers the motivation, design and implementation of the rc.d system; from the history of what NetBSD had before to the system that NetBSD 1.5 shipped with in December 2000, as well as future directions.<br>
29464 The changes were contentious and generated some of the liveliest discussions about any feature change ever made in NetBSD. Parts of those discussions will be covered to provide insight into some of the design and implementation decisions.</p>
29465 </blockquote>
29466
29467 <ul>
29468 <li>History</li>
29469 </ul>
29470
29471 <blockquote>
29472 <p>There is great diversity in the system start-up mechanisms used by various UNIX variants. A few of the more pertinent schemes are detailed below. As NetBSD is derived from 4.4BSD, it follows that a description of the latter’s method is relevant. Solaris’ start-up method is also detailed, as it is the most common System V UNIX variant.</p>
29473 </blockquote>
29474
29475 <p><hr></p>
29476
29477 <p>###<a href="https://distrowatch.com/weekly.php?issue=20190211#trident">First impressions of Project Trident 18.12</a></p>
29478
29479 <blockquote>
29480 <p>Project Trident (hereafter referred to as Trident) is a desktop operating system based on TrueOS. Trident takes the rolling base platform of TrueOS, which is in turn based on FreeBSD’s development branch, and combines it with the Lumina desktop environment.</p>
29481 </blockquote>
29482
29483 <p>+Installing</p>
29484
29485 <blockquote>
29486 <p>The debut release of Trident is available as a 4.1GB download that can be burned to a disc or transferred to a USB thumb drive. Booting from the Trident media brings up a graphical interface and automatically launches the project’s system installer. Down the left side of the display there are buttons we can click to show hardware information and configuration options. These buttons let us know if our wireless card and video card are compatible with Trident and give us a chance to change our preferred language and keyboard layout. At the bottom of the screen we find buttons that will open a terminal or shutdown the computer.</p>
29487 </blockquote>
29488
29489 <ul>
29490 <li>Early impressions</li>
29491 </ul>
29492
29493 <blockquote>
29494 <p>Trident boots to a graphical login screen where we can sign into the Lumina desktop or a minimal Fluxbox session. Lumina, by default, uses Fluxbox as its window manager. The Lumina desktop places its panel along the bottom of the screen and an application menu sits in the bottom-left corner. On the desktop we find icons for opening the software manager, launching the Falkon web browser, running the VLC media player, opening the Control Panel and adjusting the Lumina theme.<br>
29495 The application menu has an unusual and compact layout. The menu shows just a search box and buttons for browsing applications, opening a file manager, accessing desktop settings and signing out. To see what applications are available we can click the Browse Applications entry, which opens a window in the menu where we can scroll through installed programs. This is a bit awkward since the display window is small and only shows a few items at a time.<br>
29496 Early on I found it is possible to swap out the default “Start menu” with an alternative “Application menu” through the Panels configuration tool. This alternative menu offers a classic tree-style application menu. I found the latter menu easier to navigate as it expands to show all the applications in a selected category.</p>
29497 </blockquote>
29498
29499 <ul>
29500 <li>Conclusions</li>
29501 </ul>
29502
29503 <blockquote>
29504 <p>I have a lot of mixed feelings and impressions when it comes to Trident. On the one hand, the operating system has some great technology under the hook. It has cutting edge packages from the FreeBSD ecosystem, we have easy access to ZFS, boot environments, and lots of open source packages. Hardware support, at least on my physical workstation, was solid and the Lumina desktop is flexible.</p>
29505 </blockquote>
29506
29507 <p><hr></p>
29508
29509 <p>##News Roundup<br>
29510 ###<a href="https://blog.cochard.me/2019/02/pxe-booting-of-freebsd-disk-image.html">PXE booting of a FreeBSD disk image</a></p>
29511
29512 <blockquote>
29513 <p>I had to set up a regression and network performance lab. This lab will be managed by a Jenkins, but the first step is to understand how to boot a FreeBSD disk by PXE. This article explains a simple way of doing it.<br>
29514 For information, all these steps were done using 2 PC Engines APU2 (upgraded with latest BIOS for iPXE support), so it’s a headless (serial port only, this can be IPMI SoL with different hardware) .</p>
29515 </blockquote>
29516
29517 <ul>
29518 <li>THE BIG PICTURE</li>
29519 </ul>
29520
29521 <blockquote>
29522 <p>Before explaining all steps and command line, here is the <a href="https://1.bp.blogspot.com/-SCUJAjowhYw/XG-b-qWGuXI/AAAAAAAAmXw/SVXHDC9hsMwZNB2P5glsZx0iFoCE9SAXQCLcBGAs/s1600/PXE%2Band%2BFreeBSD%2Bmfs%2Bimage.png">full big picture</a> of the final process.</p>
29523 </blockquote>
29524
29525 <p><hr></p>
29526
29527 <p>###<a href="https://utcc.utoronto.ca/~cks/space/blog/unix/MouseMovementAndPaste">Why I like middle mouse button paste in xterm so much</a></p>
29528
29529 <blockquote>
29530 <p>In my entry about how touchpads are not mice, I mused that one of the things I should do on my laptop was insure that I had a keyboard binding for paste, since middle mouse button is one of the harder multi-finger gestures to land on a touchpad. Kurt Mosiejczuk recently left a comment there where they said:<br>
29531 Shift-Insert is a keyboard equivalent for paste that is in default xterm (at least OpenBSD xterm, and putty on Windows too). I use that most of the time now as it seems less… trigger-happy than right click paste.<br>
29532 This sparked some thoughts, because I can’t imagine giving up middle mouse paste if I have a real choice. I had earlier seen shift-insert mentioned in other commentary on my entry and so have tried a bit to use it on my laptop, and it hasn’t really felt great even there; on my desktops, it’s even less appealing (I tried shift-insert out there to confirm that it did work in my set of wacky X resources).<br>
29533 In thinking about why this is, I came to the obvious realization about why all of this is so. I like middle mouse button paste in normal usage because it’s so convenient, because almost all of the time my hand is already on the mouse. And the reason my hand is already on the mouse is because I’ve just used the mouse to shift focus to the window I want to paste into. Even on my laptop, my right hand is usually away from the keyboard as I move the mouse pointer on the touchpad, making shift-Insert at least somewhat awkward.</p>
29534 </blockquote>
29535
29536 <p><hr></p>
29537
29538 <p>###<a href="http://m00nbsd.net/4e0798b7f2620c965d0dd9d6a7a2f296.html">NetBSD Gains Hardware Accelerated Virtualization</a></p>
29539
29540 <ul>
29541 <li>NetBSD Virtual Machine Monitor</li>
29542 </ul>
29543
29544 <blockquote>
29545 <p>NVMM provides hardware-accelerated virtualization support for NetBSD. It is made of an ~MI frontend, to which MD backends can be plugged. A virtualization API is shipped via libnvmm, that allows to easily create and manage virtual machines via NVMM. Two additional components are shipped as demonstrators, toyvirt and smallkern: the former is a toy virtualizer, that executes in a VM the 64bit ELF binary given as argument, the latter is an example of such binary.</p>
29546 </blockquote>
29547
29548 <p><hr></p>
29549
29550 <p>##Beastie Bits</p>
29551
29552 <ul>
29553 <li><a href="https://www.solobsd.org/index.php/2019/02/11/solobsd-19-02-stable/">SoloBSD 19.02-STABLE</a></li>
29554 <li><a href="https://project-trident.org/post/2019-02-20_18.12-u5_available/">Project Trident 18.12-U5 available</a></li>
29555 <li><a href="https://mwl.io/archives/4076">“Sudo Mastery, Second Edition” and Cover Art</a></li>
29556 <li><a href="https://blog.netbsd.org/tnf/entry/mksanitizer_bug_detector_software_integration">MKSANITIZER - bug detector software integration with the NetBSD userland</a></li>
29557 <li><a href="https://old.reddit.com/r/unix/comments/aplxjf/darn_kids_nowadays_back_in_my_day_we_drew_rude/">Darn kids nowadays… back in my day we drew rude symbols like normal people.</a> {{top two comments}}</li>
29558 <li><a href="https://www.shellcheck.net/">ShellCheck<br>
29559 finds bugs in your shell scripts.</a></li>
29560 <li><a href="https://www.youtube.com/watch?v=JuHpABL46a8">Old School Sean - A history of UNIX</a></li>
29561 </ul>
29562
29563 <p><hr></p>
29564
29565 <p>##Feedback/Questions</p>
29566
29567 <ul>
29568 <li>Ales - <a href="http://dpaste.com/3T8VTDJ">OpenBSD, FreeNAS, OpenZFS questions</a></li>
29569 <li>Malcolm - <a href="http://dpaste.com/2X63H8Q">Thoughts on Pgsql + ZFS thread?</a></li>
29570 <li>Brad - <a href="http://dpaste.com/02DCADV#wrap">Boot Environments in FreeBSD</a></li>
29571 </ul>
29572
29573 <p><hr></p>
29574
29575 <ul>
29576 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
29577 </ul>
29578
29579 <p><hr></p>
29580
29581 <video controls preload="metadata" style=" width:426px; height:240px;">
29582 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0287.mp4" type="video/mp4">
29583 Your browser does not support the HTML5 video tag.
29584 </video>]]>
29585 </itunes:summary>
29586 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+ru4x83lT</fireside:playerURL>
29587 <fireside:playerEmbedCode>
29588 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+ru4x83lT" width="740" height="200" frameborder="0" scrolling="no">]]>
29589 </fireside:playerEmbedCode>
29590 </item>
29591 <item>
29592 <title>286: Old Machine Revival</title>
29593 <link>https://www.bsdnow.tv/286</link>
29594 <guid isPermaLink="false">d6eb1003-7d6d-447e-bd77-68ae1e60c19d</guid>
29595 <pubDate>Thu, 21 Feb 2019 13:00:00 -0800</pubDate>
29596 <author>Allan Jude</author>
29597 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/d6eb1003-7d6d-447e-bd77-68ae1e60c19d.mp3" length="47545588" type="audio/mp3"/>
29598 <itunes:episodeType>full</itunes:episodeType>
29599 <itunes:author>Allan Jude</itunes:author>
29600 <itunes:subtitle>Adding glue to a desktop environment, flashing the BIOS on a PC Engine, revive a Cisco IDS into a capable OpenBSD computer, An OpenBSD WindowMaker desktop, RealTime data compression, the love for pipes, and more. </itunes:subtitle>
29601 <itunes:duration>1:18:56</itunes:duration>
29602 <itunes:explicit>no</itunes:explicit>
29603 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
29604 <description>Adding glue to a desktop environment, flashing the BIOS on a PC Engine, revive a Cisco IDS into a capable OpenBSD computer, An OpenBSD WindowMaker desktop, RealTime data compression, the love for pipes, and more.
29605 <p>##Headlines<br>
29606 ###<a href="https://venam.nixers.net/blog/unix/2019/01/07/win-automation.html">Adding Glue To a Desktop Environment</a></p>
29607 <blockquote>
29608 <p>In this article we will put some light on a lot of tools used in the world of Unix desktop environment customization, particularly regarding wmctrl, wmutils, xev, xtruss, xwininfo, xprop, xdotools, xdo, sxhkd, xbindkeys, speckeysd, xchainkeys, alttab, triggerhappy, gTile, gidmgr, keynav, and more. If those don’t make sense then this article will help. Let’s hope this can open your mind to new possibilities.<br>
29609 With that in mind we can wonder if what’s actually needed from a window manager, presentation and operation, can be split up and complemented with other tools. We can also start thinking laterally, the communication and interaction between the different components of the environment. We have the freedom to do so because the X protocol is transparent and components usually implement many standards for interfacing between windows. It’s like gluing parts together to create a desktop environment.</p>
29610 </blockquote>
29611 <ul>
29612 <li>The tools we’ll talk about fall into one of those categories:</li>
29613 <li>Debugging</li>
29614 <li>Window manipulation</li>
29615 <li>Simulation of interaction</li>
29616 <li>Extended manipulation</li>
29617 <li>Hotkey daemon</li>
29618 <li>Layout manager</li>
29619 </ul>
29620 <hr>
29621 <p>###<a href="https://github.com/lattera/articles/blob/master/hardware/apu/2019-02-05_flashing_bios/article.md">Flashing the BIOS on the PC Engines APU4c4</a></p>
29622 <blockquote>
29623 <p>I absolutely love the PC Engines APU devices. I use them for testing HardenedBSD experimental features in more constrained 64-bit environments and firewalls. Their USB and mSATA ports have a few quirks, and I bumped up against a major quirk that required flashing a different BIOS as a workaround. This article details the hacky way in which I went about doing that.<br>
29624 What prompted this article is that something in either the CAM or GEOM layer in FreeBSD 11.2 caused the mSATA to hang, preventing file writes. OPNsense 18.7 uses FreeBSD 11.1 whereas the recently-released OPNsense 19.1 uses HardenedBSD 11.2 (based on FreeBSD 11.2). I reached out to PC Engines directly, and they let me know that the issue is a known BIOS issue. Flashing the “legacy” BIOS series would provide me with a working system.<br>
29625 It also just so happens that a new “legacy” BIOS version was just released which turns on ECC mode for the RAM. So, I get a working OPNsense install AND ECC RAM! I’ll have one bird for dinner, the other for dessert.<br>
29626 Though I’m using an APU4, these instructions should work for the other APU devices. The BIOS ROM download URLs should be changed to reflect the device you’re targeting along with the BIOS version you wish to deploy.<br>
29627 SPECIAL NOTE: There be dragons! I’m primarily writing this article to document the procedure for my own purposes. My memory tends to be pretty faulty these days. So, if something goes wrong, please do not hold me responsible. You’re the one at the keyboard. ;)<br>
29628 VERY SPECIAL NOTE: We’ll use the mSATA drive for swap space, just in case. Should the swap space be used, it will destroy whatever is on the disk.</p>
29629 </blockquote>
29630 <hr>
29631 <p>##News Roundup<br>
29632 <a href="https://komlositech.wordpress.com/2018/12/30/revive-a-cisco-ids-into-a-capable-openbsd-firewall/">Revive a Cisco IDS into a capable OpenBSD computer!</a></p>
29633 <blockquote>
29634 <p>Even though Cisco equipment is very capable, it tends to become End-of-Life before you can say “planned obsolescence”. Websites become bigger, bandwidths increase, and as a side effect of those “improvements”, routers, firewalls, and in this case, intrusion prevention systems get old quicker and quicker.<br>
29635 Apparently, this was also the case for the Cisco IDS-4215 Intrusion Detection Sensor that I was given a few months ago.<br>
29636 I’m not too proud to admit that at first, I didn’t care about the machine itself, but rather about the add-on PCI network card with 4 Fast Ethernet interfaces. The sensor has obviously seen better days, as it had a broken front panel and needed some cleaning, but upon a closer inspection under the hood (which is held closed by the 4 screws on top), this IDS consists of an embedded Celeron PC with two onboard Ethernet cards, a 2.5″ IDE hard disk, a CF card, and 2 PCI expansion slots (more on them later). Oh, and don’t forget the nasty server-grade fan, which pushed very little air for the noise it was making.</p>
29637 </blockquote>
29638 <hr>
29639 <p>###<a href="https://www.tumfatig.net/20190215/an-openbsd-desktop-using-windowmaker/?utm_source=discoverbsd">An OpenBSD desktop using WindowMaker</a></p>
29640 <blockquote>
29641 <p>Since I started using N?X, I’ve regularly used WindowMaker. I’ve always liked the look and feel, the dock system and the dockapps. It may look a bit oldish nowadays. And that’s enough to try to change this. So here it is, a 2019 flavored WindowMaker Desktop, running on OpenBSD 6.4/amd64.<br>
29642 This configuration uses the Nord color-scheme, the Adapta-Nokto-Eta GTK theme and the Moblin Unofficial Icons icon set. I did remove applications icons. I just don’t need them on the bottom of the screen as I heavily use “F11” to pop-up the windows list. To be able to do that and keep the dockapps, I tweaked my ~/GNUstep/Defaults/WMWindowAttributes and created a ~/GNUstep/Library/WindowMaker/Themes/Nord.themed/style.<br>
29643 And here it is, the NeXT OpenBSD Desktop!</p>
29644 </blockquote>
29645 <hr>
29646 <p>###<a href="https://fastcompression.blogspot.com/2019/01/opaque-types-and-static-allocation.html">RealTime Data Compression</a></p>
29647 <blockquote>
29648 <p>In a previous episode, we’ve seen that it is possible to create opaque types. However, creation and destruction of such type must be delegated to some dedicated functions, which themselves rely on dynamic allocation mechanisms.<br>
29649 Sometimes, it can be convenient to bypass the heap, and all its malloc() / free() shenanigans. Pushing a structure onto the stack, or within thread-local storage, are natural capabilities offered by a normal struct. It can be desirable at times.<br>
29650 The previously described opaque type is so secret that it has no size, hence is not suitable for such scenario.<br>
29651 Fortunately, static opaque types are possible.<br>
29652 The main idea is to create a “shell type”, with a known size and an alignment, able to host the target (private) structure.<br>
29653 For safer maintenance, the shell type and the target structure must be kept in sync, by using typically a static assert. It will ensure that the shell type is always large enough to host the target structure. This check is important to automatically detect future evolution of the target structure.</p>
29654 </blockquote>
29655 <hr>
29656 <p>###<a href="https://blog.jessfraz.com/post/for-the-love-of-pipes/">For the Love of Pipes</a></p>
29657 <blockquote>
29658 <p>My top used shell command is |. This is called a pipe.<br>
29659 In brief, the | allows for the output of one program (on the left) to become the input of another program (on the right). It is a way of connecting two commands together.<br>
29660 According to <a href="http://doc.cat-v.org/unix/pipes/">doc.cat-v.org/unix/pipes/</a>, the origin of pipes came long before Unix. Pipes can be traced back to this note from Doug McIlroy in 1964</p>
29661 </blockquote>
29662 <hr>
29663 <p>##Beastie Bits</p>
29664 <ul>
29665 <li><a href="https://scontent-iad3-1.xx.fbcdn.net/v/t1.0-9/52532824_10216880223150142_5567720793346932736_n.jpg?_nc_cat=100&amp;_nc_ht=scontent-iad3-1.xx&amp;oh=f4de0999bd268725b39969435c1e2d82&amp;oe=5D23255E">Installation Notes for NetBSD/i386 0.9</a></li>
29666 <li><a href="http://coypu.sdf.org/porting-zig.html">Porting Zig to NetBSD - a fun, speedy port</a></li>
29667 <li><a href="https://github.com/jarun/nnn/blob/master/README.md">NNN - Tiny, lightning fast, feature-packed file manager Release v2.3</a></li>
29668 <li><a href="https://github.com/aioobe/eta">eta - A tool for monitoring progress and ETA of an arbitrary process<br>
29669 </a></li>
29670 <li><a href="https://www.youtube.com/watch?v=OxB70pg5Tsg&amp;feature=share">A FreeBSD User Tries Out…NetBSD 8.0</a></li>
29671 <li><a href="http://www.grenadille.net/post/2019/02/18/Faster-vlan%284%29-forwarding">Faster vlan(4) forwarding?</a></li>
29672 <li><a href="http://fuguita.org/">FuguIta - OpenBSD 6.4 Live System</a></li>
29673 <li><a href="https://chargen.one/steve/adding-name-based-hosting-to-nginx-on-openbsd-with-acme-client">Adding Name-based hosting To Nginx on OpenBSD with Acme-Client</a></li>
29674 <li><a href="http://polprog.net/blog/netbsd-hax/">HOWTO set up QEMU with HAXM acceleration on NetBSD</a></li>
29675 <li><a href="https://mail-index.netbsd.org/current-users/2019/02/07/msg035054.html">README: gcc 7 switch coming to a port near you!</a></li>
29676 </ul>
29677 <hr>
29678 <p>##BUG Calendar</p>
29679 <ul>
29680 <li>ChiBUG, Chicago, USA: <a href="https://chibug.org/">Tuesday, February 26th 18:00 at the Oak Park Library</a></li>
29681 <li>CharmBUG, Baltimore, USA: <a href="https://www.meetup.com/CharmBUG/">Wednesday, February 27, 2019<br>
29682 19:30 at Columbia Ale House</a></li>
29683 <li>NYCBUG, New York, USA: <a href="https://www.nycbug.org/index">Wednesday, March 6, 2019 18:45 at Suspenders</a></li>
29684 <li>KnoxBUG, Knoxville, USA: <a href="http://knoxbug.org">Monday, February 25, 2019 - 18:00 at iX Systems offices </a></li>
29685 <li>BSDPL, Warsaw, Poland: <a href="https://bsd-pl.org/en">February 28, 2019 18:15 - 21:00 at Wheel Systems Office</a></li>
29686 </ul>
29687 <hr>
29688 <p>##Feedback/Questions</p>
29689 <ul>
29690 <li>Sam - <a href="http://dpaste.com/2NP4VGE#wrap">Customizing OpenBSD ports source code</a></li>
29691 <li>Frank - <a href="http://dpaste.com/1EHYHQ1#wrap">Rivalry Linux &amp; BSD</a></li>
29692 <li>Zach - <a href="http://dpaste.com/13GGAED">mysql/mariadb tuning</a></li>
29693 </ul>
29694 <hr>
29695 <ul>
29696 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
29697 </ul>
29698 <hr>
29699 <video controls preload="metadata" style=" width:426px; height:240px;">
29700 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0286.mp4" type="video/mp4">
29701 Your browser does not support the HTML5 video tag.
29702 </video>
29703 </description>
29704 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview</itunes:keywords>
29705 <content:encoded>
29706 <![CDATA[<p>Adding glue to a desktop environment, flashing the BIOS on a PC Engine, revive a Cisco IDS into a capable OpenBSD computer, An OpenBSD WindowMaker desktop, RealTime data compression, the love for pipes, and more. </p>
29707
29708 <p>##Headlines<br>
29709 ###<a href="https://venam.nixers.net/blog/unix/2019/01/07/win-automation.html">Adding Glue To a Desktop Environment</a></p>
29710
29711 <blockquote>
29712 <p>In this article we will put some light on a lot of tools used in the world of Unix desktop environment customization, particularly regarding wmctrl, wmutils, xev, xtruss, xwininfo, xprop, xdotools, xdo, sxhkd, xbindkeys, speckeysd, xchainkeys, alttab, triggerhappy, gTile, gidmgr, keynav, and more. If those don’t make sense then this article will help. Let’s hope this can open your mind to new possibilities.<br>
29713 With that in mind we can wonder if what’s actually needed from a window manager, presentation and operation, can be split up and complemented with other tools. We can also start thinking laterally, the communication and interaction between the different components of the environment. We have the freedom to do so because the X protocol is transparent and components usually implement many standards for interfacing between windows. It’s like gluing parts together to create a desktop environment.</p>
29714 </blockquote>
29715
29716 <ul>
29717 <li>The tools we’ll talk about fall into one of those categories:</li>
29718 <li>Debugging</li>
29719 <li>Window manipulation</li>
29720 <li>Simulation of interaction</li>
29721 <li>Extended manipulation</li>
29722 <li>Hotkey daemon</li>
29723 <li>Layout manager</li>
29724 </ul>
29725
29726 <p><hr></p>
29727
29728 <p>###<a href="https://github.com/lattera/articles/blob/master/hardware/apu/2019-02-05_flashing_bios/article.md">Flashing the BIOS on the PC Engines APU4c4</a></p>
29729
29730 <blockquote>
29731 <p>I absolutely love the PC Engines APU devices. I use them for testing HardenedBSD experimental features in more constrained 64-bit environments and firewalls. Their USB and mSATA ports have a few quirks, and I bumped up against a major quirk that required flashing a different BIOS as a workaround. This article details the hacky way in which I went about doing that.<br>
29732 What prompted this article is that something in either the CAM or GEOM layer in FreeBSD 11.2 caused the mSATA to hang, preventing file writes. OPNsense 18.7 uses FreeBSD 11.1 whereas the recently-released OPNsense 19.1 uses HardenedBSD 11.2 (based on FreeBSD 11.2). I reached out to PC Engines directly, and they let me know that the issue is a known BIOS issue. Flashing the “legacy” BIOS series would provide me with a working system.<br>
29733 It also just so happens that a new “legacy” BIOS version was just released which turns on ECC mode for the RAM. So, I get a working OPNsense install AND ECC RAM! I’ll have one bird for dinner, the other for dessert.<br>
29734 Though I’m using an APU4, these instructions should work for the other APU devices. The BIOS ROM download URLs should be changed to reflect the device you’re targeting along with the BIOS version you wish to deploy.<br>
29735 SPECIAL NOTE: There be dragons! I’m primarily writing this article to document the procedure for my own purposes. My memory tends to be pretty faulty these days. So, if something goes wrong, please do not hold me responsible. You’re the one at the keyboard. ;)<br>
29736 VERY SPECIAL NOTE: We’ll use the mSATA drive for swap space, just in case. Should the swap space be used, it will destroy whatever is on the disk.</p>
29737 </blockquote>
29738
29739 <p><hr></p>
29740
29741 <p>##News Roundup<br>
29742 ###<a href="https://komlositech.wordpress.com/2018/12/30/revive-a-cisco-ids-into-a-capable-openbsd-firewall/">Revive a Cisco IDS into a capable OpenBSD computer!</a></p>
29743
29744 <blockquote>
29745 <p>Even though Cisco equipment is very capable, it tends to become End-of-Life before you can say “planned obsolescence”. Websites become bigger, bandwidths increase, and as a side effect of those “improvements”, routers, firewalls, and in this case, intrusion prevention systems get old quicker and quicker.<br>
29746 Apparently, this was also the case for the Cisco IDS-4215 Intrusion Detection Sensor that I was given a few months ago.<br>
29747 I’m not too proud to admit that at first, I didn’t care about the machine itself, but rather about the add-on PCI network card with 4 Fast Ethernet interfaces. The sensor has obviously seen better days, as it had a broken front panel and needed some cleaning, but upon a closer inspection under the hood (which is held closed by the 4 screws on top), this IDS consists of an embedded Celeron PC with two onboard Ethernet cards, a 2.5″ IDE hard disk, a CF card, and 2 PCI expansion slots (more on them later). Oh, and don’t forget the nasty server-grade fan, which pushed very little air for the noise it was making.</p>
29748 </blockquote>
29749
29750 <p><hr></p>
29751
29752 <p>###<a href="https://www.tumfatig.net/20190215/an-openbsd-desktop-using-windowmaker/?utm_source=discoverbsd">An OpenBSD desktop using WindowMaker</a></p>
29753
29754 <blockquote>
29755 <p>Since I started using *N?X, I’ve regularly used WindowMaker. I’ve always liked the look and feel, the dock system and the dockapps. It may look a bit oldish nowadays. And that’s enough to try to change this. So here it is, a 2019 flavored WindowMaker Desktop, running on OpenBSD 6.4/amd64.<br>
29756 This configuration uses the Nord color-scheme, the Adapta-Nokto-Eta GTK theme and the Moblin Unofficial Icons icon set. I did remove applications icons. I just don’t need them on the bottom of the screen as I heavily use “F11” to pop-up the windows list. To be able to do that and keep the dockapps, I tweaked my ~/GNUstep/Defaults/WMWindowAttributes and created a ~/GNUstep/Library/WindowMaker/Themes/Nord.themed/style.<br>
29757 And here it is, the NeXT OpenBSD Desktop!</p>
29758 </blockquote>
29759
29760 <p><hr></p>
29761
29762 <p>###<a href="https://fastcompression.blogspot.com/2019/01/opaque-types-and-static-allocation.html">RealTime Data Compression</a></p>
29763
29764 <blockquote>
29765 <p>In a previous episode, we’ve seen that it is possible to create opaque types. However, creation and destruction of such type must be delegated to some dedicated functions, which themselves rely on dynamic allocation mechanisms.<br>
29766 Sometimes, it can be convenient to bypass the heap, and all its malloc() / free() shenanigans. Pushing a structure onto the stack, or within thread-local storage, are natural capabilities offered by a normal struct. It can be desirable at times.<br>
29767 The previously described opaque type is so secret that it has no size, hence is not suitable for such scenario.<br>
29768 Fortunately, static opaque types are possible.<br>
29769 The main idea is to create a “shell type”, with a known size and an alignment, able to host the target (private) structure.<br>
29770 For safer maintenance, the shell type and the target structure must be kept in sync, by using typically a static assert. It will ensure that the shell type is always large enough to host the target structure. This check is important to automatically detect future evolution of the target structure.</p>
29771 </blockquote>
29772
29773 <p><hr></p>
29774
29775 <p>###<a href="https://blog.jessfraz.com/post/for-the-love-of-pipes/">For the Love of Pipes</a></p>
29776
29777 <blockquote>
29778 <p>My top used shell command is |. This is called a pipe.<br>
29779 In brief, the | allows for the output of one program (on the left) to become the input of another program (on the right). It is a way of connecting two commands together.<br>
29780 According to <a href="http://doc.cat-v.org/unix/pipes/">doc.cat-v.org/unix/pipes/</a>, the origin of pipes came long before Unix. Pipes can be traced back to this note from Doug McIlroy in 1964</p>
29781 </blockquote>
29782
29783 <p><hr></p>
29784
29785 <p>##Beastie Bits</p>
29786
29787 <ul>
29788 <li><a href="https://scontent-iad3-1.xx.fbcdn.net/v/t1.0-9/52532824_10216880223150142_5567720793346932736_n.jpg?_nc_cat=100&_nc_ht=scontent-iad3-1.xx&oh=f4de0999bd268725b39969435c1e2d82&oe=5D23255E">Installation Notes for NetBSD/i386 0.9</a></li>
29789 <li><a href="http://coypu.sdf.org/porting-zig.html">Porting Zig to NetBSD - a fun, speedy port</a></li>
29790 <li><a href="https://github.com/jarun/nnn/blob/master/README.md">NNN - Tiny, lightning fast, feature-packed file manager Release v2.3</a></li>
29791 <li><a href="https://github.com/aioobe/eta">eta - A tool for monitoring progress and ETA of an arbitrary process<br>
29792 </a></li>
29793 <li><a href="https://www.youtube.com/watch?v=OxB70pg5Tsg&feature=share">A FreeBSD User Tries Out…NetBSD 8.0</a></li>
29794 <li><a href="http://www.grenadille.net/post/2019/02/18/Faster-vlan%284%29-forwarding">Faster vlan(4) forwarding?</a></li>
29795 <li><a href="http://fuguita.org/">FuguIta - OpenBSD 6.4 Live System</a></li>
29796 <li><a href="https://chargen.one/steve/adding-name-based-hosting-to-nginx-on-openbsd-with-acme-client">Adding Name-based hosting To Nginx on OpenBSD with Acme-Client</a></li>
29797 <li><a href="http://polprog.net/blog/netbsd-hax/">HOWTO set up QEMU with HAXM acceleration on NetBSD</a></li>
29798 <li><a href="https://mail-index.netbsd.org/current-users/2019/02/07/msg035054.html">README: gcc 7 switch coming to a port near you!</a></li>
29799 </ul>
29800
29801 <p><hr></p>
29802
29803 <p>##BUG Calendar</p>
29804
29805 <ul>
29806 <li>ChiBUG, Chicago, USA: <a href="https://chibug.org/">Tuesday, February 26th 18:00 at the Oak Park Library</a></li>
29807 <li>CharmBUG, Baltimore, USA: <a href="https://www.meetup.com/CharmBUG/">Wednesday, February 27, 2019<br>
29808 19:30 at Columbia Ale House</a></li>
29809 <li>NYC*BUG, New York, USA: <a href="https://www.nycbug.org/index">Wednesday, March 6, 2019 18:45 at Suspenders</a></li>
29810 <li>KnoxBUG, Knoxville, USA: <a href="http://knoxbug.org">Monday, February 25, 2019 - 18:00 at iX Systems offices </a></li>
29811 <li>BSDPL, Warsaw, Poland: <a href="https://bsd-pl.org/en">February 28, 2019 18:15 - 21:00 at Wheel Systems Office</a></li>
29812 </ul>
29813
29814 <p><hr></p>
29815
29816 <p>##Feedback/Questions</p>
29817
29818 <ul>
29819 <li>Sam - <a href="http://dpaste.com/2NP4VGE#wrap">Customizing OpenBSD ports source code</a></li>
29820 <li>Frank - <a href="http://dpaste.com/1EHYHQ1#wrap">Rivalry Linux & BSD</a></li>
29821 <li>Zach - <a href="http://dpaste.com/13GGAED">mysql/mariadb tuning</a></li>
29822 </ul>
29823
29824 <p><hr></p>
29825
29826 <ul>
29827 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
29828 </ul>
29829
29830 <p><hr></p>
29831
29832 <video controls preload="metadata" style=" width:426px; height:240px;">
29833 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0286.mp4" type="video/mp4">
29834 Your browser does not support the HTML5 video tag.
29835 </video>]]>
29836 </content:encoded>
29837 <itunes:summary>
29838 <![CDATA[<p>Adding glue to a desktop environment, flashing the BIOS on a PC Engine, revive a Cisco IDS into a capable OpenBSD computer, An OpenBSD WindowMaker desktop, RealTime data compression, the love for pipes, and more. </p>
29839
29840 <p>##Headlines<br>
29841 ###<a href="https://venam.nixers.net/blog/unix/2019/01/07/win-automation.html">Adding Glue To a Desktop Environment</a></p>
29842
29843 <blockquote>
29844 <p>In this article we will put some light on a lot of tools used in the world of Unix desktop environment customization, particularly regarding wmctrl, wmutils, xev, xtruss, xwininfo, xprop, xdotools, xdo, sxhkd, xbindkeys, speckeysd, xchainkeys, alttab, triggerhappy, gTile, gidmgr, keynav, and more. If those don’t make sense then this article will help. Let’s hope this can open your mind to new possibilities.<br>
29845 With that in mind we can wonder if what’s actually needed from a window manager, presentation and operation, can be split up and complemented with other tools. We can also start thinking laterally, the communication and interaction between the different components of the environment. We have the freedom to do so because the X protocol is transparent and components usually implement many standards for interfacing between windows. It’s like gluing parts together to create a desktop environment.</p>
29846 </blockquote>
29847
29848 <ul>
29849 <li>The tools we’ll talk about fall into one of those categories:</li>
29850 <li>Debugging</li>
29851 <li>Window manipulation</li>
29852 <li>Simulation of interaction</li>
29853 <li>Extended manipulation</li>
29854 <li>Hotkey daemon</li>
29855 <li>Layout manager</li>
29856 </ul>
29857
29858 <p><hr></p>
29859
29860 <p>###<a href="https://github.com/lattera/articles/blob/master/hardware/apu/2019-02-05_flashing_bios/article.md">Flashing the BIOS on the PC Engines APU4c4</a></p>
29861
29862 <blockquote>
29863 <p>I absolutely love the PC Engines APU devices. I use them for testing HardenedBSD experimental features in more constrained 64-bit environments and firewalls. Their USB and mSATA ports have a few quirks, and I bumped up against a major quirk that required flashing a different BIOS as a workaround. This article details the hacky way in which I went about doing that.<br>
29864 What prompted this article is that something in either the CAM or GEOM layer in FreeBSD 11.2 caused the mSATA to hang, preventing file writes. OPNsense 18.7 uses FreeBSD 11.1 whereas the recently-released OPNsense 19.1 uses HardenedBSD 11.2 (based on FreeBSD 11.2). I reached out to PC Engines directly, and they let me know that the issue is a known BIOS issue. Flashing the “legacy” BIOS series would provide me with a working system.<br>
29865 It also just so happens that a new “legacy” BIOS version was just released which turns on ECC mode for the RAM. So, I get a working OPNsense install AND ECC RAM! I’ll have one bird for dinner, the other for dessert.<br>
29866 Though I’m using an APU4, these instructions should work for the other APU devices. The BIOS ROM download URLs should be changed to reflect the device you’re targeting along with the BIOS version you wish to deploy.<br>
29867 SPECIAL NOTE: There be dragons! I’m primarily writing this article to document the procedure for my own purposes. My memory tends to be pretty faulty these days. So, if something goes wrong, please do not hold me responsible. You’re the one at the keyboard. ;)<br>
29868 VERY SPECIAL NOTE: We’ll use the mSATA drive for swap space, just in case. Should the swap space be used, it will destroy whatever is on the disk.</p>
29869 </blockquote>
29870
29871 <p><hr></p>
29872
29873 <p>##News Roundup<br>
29874 ###<a href="https://komlositech.wordpress.com/2018/12/30/revive-a-cisco-ids-into-a-capable-openbsd-firewall/">Revive a Cisco IDS into a capable OpenBSD computer!</a></p>
29875
29876 <blockquote>
29877 <p>Even though Cisco equipment is very capable, it tends to become End-of-Life before you can say “planned obsolescence”. Websites become bigger, bandwidths increase, and as a side effect of those “improvements”, routers, firewalls, and in this case, intrusion prevention systems get old quicker and quicker.<br>
29878 Apparently, this was also the case for the Cisco IDS-4215 Intrusion Detection Sensor that I was given a few months ago.<br>
29879 I’m not too proud to admit that at first, I didn’t care about the machine itself, but rather about the add-on PCI network card with 4 Fast Ethernet interfaces. The sensor has obviously seen better days, as it had a broken front panel and needed some cleaning, but upon a closer inspection under the hood (which is held closed by the 4 screws on top), this IDS consists of an embedded Celeron PC with two onboard Ethernet cards, a 2.5″ IDE hard disk, a CF card, and 2 PCI expansion slots (more on them later). Oh, and don’t forget the nasty server-grade fan, which pushed very little air for the noise it was making.</p>
29880 </blockquote>
29881
29882 <p><hr></p>
29883
29884 <p>###<a href="https://www.tumfatig.net/20190215/an-openbsd-desktop-using-windowmaker/?utm_source=discoverbsd">An OpenBSD desktop using WindowMaker</a></p>
29885
29886 <blockquote>
29887 <p>Since I started using *N?X, I’ve regularly used WindowMaker. I’ve always liked the look and feel, the dock system and the dockapps. It may look a bit oldish nowadays. And that’s enough to try to change this. So here it is, a 2019 flavored WindowMaker Desktop, running on OpenBSD 6.4/amd64.<br>
29888 This configuration uses the Nord color-scheme, the Adapta-Nokto-Eta GTK theme and the Moblin Unofficial Icons icon set. I did remove applications icons. I just don’t need them on the bottom of the screen as I heavily use “F11” to pop-up the windows list. To be able to do that and keep the dockapps, I tweaked my ~/GNUstep/Defaults/WMWindowAttributes and created a ~/GNUstep/Library/WindowMaker/Themes/Nord.themed/style.<br>
29889 And here it is, the NeXT OpenBSD Desktop!</p>
29890 </blockquote>
29891
29892 <p><hr></p>
29893
29894 <p>###<a href="https://fastcompression.blogspot.com/2019/01/opaque-types-and-static-allocation.html">RealTime Data Compression</a></p>
29895
29896 <blockquote>
29897 <p>In a previous episode, we’ve seen that it is possible to create opaque types. However, creation and destruction of such type must be delegated to some dedicated functions, which themselves rely on dynamic allocation mechanisms.<br>
29898 Sometimes, it can be convenient to bypass the heap, and all its malloc() / free() shenanigans. Pushing a structure onto the stack, or within thread-local storage, are natural capabilities offered by a normal struct. It can be desirable at times.<br>
29899 The previously described opaque type is so secret that it has no size, hence is not suitable for such scenario.<br>
29900 Fortunately, static opaque types are possible.<br>
29901 The main idea is to create a “shell type”, with a known size and an alignment, able to host the target (private) structure.<br>
29902 For safer maintenance, the shell type and the target structure must be kept in sync, by using typically a static assert. It will ensure that the shell type is always large enough to host the target structure. This check is important to automatically detect future evolution of the target structure.</p>
29903 </blockquote>
29904
29905 <p><hr></p>
29906
29907 <p>###<a href="https://blog.jessfraz.com/post/for-the-love-of-pipes/">For the Love of Pipes</a></p>
29908
29909 <blockquote>
29910 <p>My top used shell command is |. This is called a pipe.<br>
29911 In brief, the | allows for the output of one program (on the left) to become the input of another program (on the right). It is a way of connecting two commands together.<br>
29912 According to <a href="http://doc.cat-v.org/unix/pipes/">doc.cat-v.org/unix/pipes/</a>, the origin of pipes came long before Unix. Pipes can be traced back to this note from Doug McIlroy in 1964</p>
29913 </blockquote>
29914
29915 <p><hr></p>
29916
29917 <p>##Beastie Bits</p>
29918
29919 <ul>
29920 <li><a href="https://scontent-iad3-1.xx.fbcdn.net/v/t1.0-9/52532824_10216880223150142_5567720793346932736_n.jpg?_nc_cat=100&_nc_ht=scontent-iad3-1.xx&oh=f4de0999bd268725b39969435c1e2d82&oe=5D23255E">Installation Notes for NetBSD/i386 0.9</a></li>
29921 <li><a href="http://coypu.sdf.org/porting-zig.html">Porting Zig to NetBSD - a fun, speedy port</a></li>
29922 <li><a href="https://github.com/jarun/nnn/blob/master/README.md">NNN - Tiny, lightning fast, feature-packed file manager Release v2.3</a></li>
29923 <li><a href="https://github.com/aioobe/eta">eta - A tool for monitoring progress and ETA of an arbitrary process<br>
29924 </a></li>
29925 <li><a href="https://www.youtube.com/watch?v=OxB70pg5Tsg&feature=share">A FreeBSD User Tries Out…NetBSD 8.0</a></li>
29926 <li><a href="http://www.grenadille.net/post/2019/02/18/Faster-vlan%284%29-forwarding">Faster vlan(4) forwarding?</a></li>
29927 <li><a href="http://fuguita.org/">FuguIta - OpenBSD 6.4 Live System</a></li>
29928 <li><a href="https://chargen.one/steve/adding-name-based-hosting-to-nginx-on-openbsd-with-acme-client">Adding Name-based hosting To Nginx on OpenBSD with Acme-Client</a></li>
29929 <li><a href="http://polprog.net/blog/netbsd-hax/">HOWTO set up QEMU with HAXM acceleration on NetBSD</a></li>
29930 <li><a href="https://mail-index.netbsd.org/current-users/2019/02/07/msg035054.html">README: gcc 7 switch coming to a port near you!</a></li>
29931 </ul>
29932
29933 <p><hr></p>
29934
29935 <p>##BUG Calendar</p>
29936
29937 <ul>
29938 <li>ChiBUG, Chicago, USA: <a href="https://chibug.org/">Tuesday, February 26th 18:00 at the Oak Park Library</a></li>
29939 <li>CharmBUG, Baltimore, USA: <a href="https://www.meetup.com/CharmBUG/">Wednesday, February 27, 2019<br>
29940 19:30 at Columbia Ale House</a></li>
29941 <li>NYC*BUG, New York, USA: <a href="https://www.nycbug.org/index">Wednesday, March 6, 2019 18:45 at Suspenders</a></li>
29942 <li>KnoxBUG, Knoxville, USA: <a href="http://knoxbug.org">Monday, February 25, 2019 - 18:00 at iX Systems offices </a></li>
29943 <li>BSDPL, Warsaw, Poland: <a href="https://bsd-pl.org/en">February 28, 2019 18:15 - 21:00 at Wheel Systems Office</a></li>
29944 </ul>
29945
29946 <p><hr></p>
29947
29948 <p>##Feedback/Questions</p>
29949
29950 <ul>
29951 <li>Sam - <a href="http://dpaste.com/2NP4VGE#wrap">Customizing OpenBSD ports source code</a></li>
29952 <li>Frank - <a href="http://dpaste.com/1EHYHQ1#wrap">Rivalry Linux & BSD</a></li>
29953 <li>Zach - <a href="http://dpaste.com/13GGAED">mysql/mariadb tuning</a></li>
29954 </ul>
29955
29956 <p><hr></p>
29957
29958 <ul>
29959 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
29960 </ul>
29961
29962 <p><hr></p>
29963
29964 <video controls preload="metadata" style=" width:426px; height:240px;">
29965 <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0286.mp4" type="video/mp4">
29966 Your browser does not support the HTML5 video tag.
29967 </video>]]>
29968 </itunes:summary>
29969 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+hzVm3TDA</fireside:playerURL>
29970 <fireside:playerEmbedCode>
29971 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+hzVm3TDA" width="740" height="200" frameborder="0" scrolling="no">]]>
29972 </fireside:playerEmbedCode>
29973 </item>
29974 <item>
29975 <title>285: BSD Strategy</title>
29976 <link>https://www.bsdnow.tv/285</link>
29977 <guid isPermaLink="false">b54701c7-6556-42b3-804d-79a1bf9c6bbe</guid>
29978 <pubDate>Thu, 14 Feb 2019 07:00:00 -0800</pubDate>
29979 <author>Allan Jude</author>
29980 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/b54701c7-6556-42b3-804d-79a1bf9c6bbe.mp3" length="41912862" type="audio/mp3"/>
29981 <itunes:episodeType>full</itunes:episodeType>
29982 <itunes:author>Allan Jude</itunes:author>
29983 <itunes:subtitle>Strategic thinking to keep FreeBSD relevant, reflecting on the soul of a new machine, 10GbE Benchmarks On Nine Linux Distros and FreeBSD, NetBSD integrating LLVM sanitizers in base, FreeNAS 11.2 distrowatch review, and more.</itunes:subtitle>
29984 <itunes:duration>1:09:32</itunes:duration>
29985 <itunes:explicit>no</itunes:explicit>
29986 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
29987 <description>Strategic thinking to keep FreeBSD relevant, reflecting on the soul of a new machine, 10GbE Benchmarks On Nine Linux Distros and FreeBSD, NetBSD integrating LLVM sanitizers in base, FreeNAS 11.2 distrowatch review, and more.
29988 <p>##Headlines<br>
29989 ###<a href="http://www.leidinger.net/blog/2019/01/27/strategic-thinking-or-what-i-think-what-we-need-to-do-to-keep-freebsd-relevant/">Strategic thinking, or what I think what we need to do to keep FreeBSD relevant</a></p>
29990 <blockquote>
29991 <p>Since I participate in the FreeBSD project there are from time to time some voices which say FreeBSD is dead, Linux is the way to go. Most of the time those voices are trolls, or people which do not really know what FreeBSD has to offer. Sometimes those voices wear blinders, they only see their own little world (were Linux just works fine) and do not see the big picture (like e.g. competition stimulates business, …) or even dare to look what FreeBSD has to offer.<br>
29992 Sometimes those voices raise a valid concern, and it is up to the FreeBSD project to filter out what would be beneficial. Recently there were some mails on the FreeBSD lists in the sense of “What about going into direction X?”. Some people just had the opinion that we should stay where we are. In my opinion this is similarly bad to blindly saying FreeBSD is dead and following the masses. It would mean stagnation. We should not hold people back in exploring new / different directions. Someone wants to write a kernel module in (a subset of) C++ or in Rust… well, go ahead, give it a try, we can put it into the Ports Collection and let people get experience with it.<br>
29993 This discussion on the mailinglists also triggered some kind of “where do we see us in the next years” / strategic thinking reflection. What I present here, is my very own opinion about things we in the FreeBSD project should look at, to stay relevant in the long term. To be able to put that into scope, I need to clarify what “relevant” means in this case.<br>
29994 FreeBSD is currently used by companies like Netflix, NetApp, Cisco, Juniper, and many others as a base for products or services. It is also used by end‐users as a work‐horse (e.g. mailservers, webservers, …). Staying relevant means in this context, to provide something which the user base is interested in to use and which makes it more easy / fast for the user base to deliver whatever they want or need to deliver than with another kind of system. And this in terms of time to market of a solution (time to deliver a service like a web‐/mail‐/whatever‐server or product), and in terms of performance (which not only means speed, but also security and reliability and …) of the solution.<br>
29995 I have categorized the list of items I think are important into (new) code/features, docs, polishing and project infrastructure. Links in the following usually point to documentation/HOWTOs/experiences for/with FreeBSD, and not to the canonical entry points of the projects or technologies. In a few cases the links point to an explanation in the wikipedia or to the website of the topic in question.</p>
29996 </blockquote>
29997 <hr>
29998 <p>###<a href="http://dtrace.org/blogs/bmc/2019/02/10/reflecting-on-the-soul-of-a-new-machine/">Reflecting on The Soul of a New Machine</a></p>
29999 <blockquote>
30000 <p>Long ago as an undergraduate, I found myself back home on a break from school, bored and with eyes wandering idly across a family bookshelf. At school, I had started to find a calling in computing systems, and now in the den, an old book suddenly caught my eye: Tracy Kidder’s The Soul of a New Machine. Taking it off the shelf, the book grabbed me from its first descriptions of Tom West, captivating me with the epic tale of the development of the Eagle at Data General. I — like so many before and after me — found the book to be life changing: by telling the stories of the people behind the machine, the book showed the creative passion among engineers that might otherwise appear anodyne, inspiring me to chart a course that might one day allow me to make a similar mark.<br>
30001 Since reading it over two decades ago, I have recommended The Soul of a Machine at essentially every opportunity, believing that it is a part of computing’s literary foundation — that it should be considered our Odyssey. Recently, I suggested it as beach reading to Jess Frazelle, and apparently with perfect timing: when I saw the book at the top of her vacation pile, I knew a fuse had been lit. I was delighted (though not at all surprised) to see Jess livetweet her admiration of the book, starting with the compelling prose, the lucid technical explanations and the visceral anecdotes — but then moving on to the deeper technical inspiration she found in the book. And as she reached the book’s crescendo, Jess felt its full power, causing her to reflect on the nature of engineering motivation.<br>
30002 Excited to see the effect of the book on Jess, I experienced a kind of reflected recommendation: I was inspired to (re-)read my own recommendation! Shortly after I started reading, I began to realize that (contrary to what I had been telling myself over the years!) I had not re-read the book in full since that first reading so many years ago. Rather, over the years I had merely revisited those sections that I remembered fondly. On the one hand, these sections are singular: the saga of engineers debugging a nasty I-cache data corruption issue; the young engineer who implements the simulator in an impossibly short amount of time because no one wanted to tell him that he was being impossibly ambitious; the engineer who, frustrated with a nanosecond-scale timing problem in the ALU that he designed, moved to a commune in Vermont, claiming a desire to deal with “no unit of time shorter than a season”. But by limiting myself to these passages, I was succumbing to the selection bias of my much younger self; re-reading the book now from start to finish has given new parts depth and meaning. Aspects that were more abstract to me as an undergraduate — from the organizational rivalries and absurdities of the industry to the complexities of West’s character and the tribulations of the team down the stretch — are now deeply evocative of concrete episodes of my own career.</p>
30003 </blockquote>
30004 <ul>
30005 <li>See Article for rest…</li>
30006 </ul>
30007 <hr>
30008 <p>##News Roundup</p>
30009 <p>###<a href="https://www.phoronix.com/scan.php?page=article&amp;item=10gbe-linux-freebsd12&amp;num=1">Out-Of-The-Box 10GbE Network Benchmarks On Nine Linux Distributions Plus FreeBSD 12</a></p>
30010 <blockquote>
30011 <p>Last week I started running some fresh 10GbE Linux networking performance benchmarks across a few different Linux distributions. That testing has now been extended to cover nine Linux distributions plus FreeBSD 12.0 to compare the out-of-the-box networking performance.<br>
30012 Tested this round alongside FreeBSD 12.0 was Antergos 19.1, CentOS 7, Clear Linux, Debian 9.6, Fedora Server 29, openSUSE Leap 15.0, openSUSE Tumbleweed, Ubuntu 18.04.1 LTS, and Ubuntu 18.10.<br>
30013 All of the tests were done with a Tyan S7106 1U server featuring two Intel Xeon Gold 6138 CPUs, 96GB of DDR4 system memory, and Samsung 970 EVO SSD. For the 10GbE connectivity on this server was an add-in HP NC523SFP PCIe adapter providing two 10Gb SPF+ ports using a QLogic 8214 controller.<br>
30014 Originally the plan as well was to include Windows Server 2016/2019. Unfortunately the QLogic driver download site was malfunctioning since Cavium’s acquisition of the company and the other Windows Server 2016 driver options not panning out and there not being a Windows Server 2019 option. So sadly that Windows testing was thwarted so I since started testing over with a Mellanox Connectx-2 10GbE NIC, which is well supported on Windows Server and so that testing is ongoing for the next article of Windows vs. Linux 10 Gigabit network performance plus some “tuned” Linux networking results too.</p>
30015 </blockquote>
30016 <hr>
30017 <p>###<a href="https://blog.netbsd.org/tnf/entry/integration_of_the_llvm_sanitziers">Integration of the LLVM sanitizers with the NetBSD base system</a></p>
30018 <blockquote>
30019 <p>Over the past month I’ve merged the LLVM compiler-rt sanitizers (LLVM svn r350590) with the base system. I’ve also managed to get a functional set of Makefile rules to build all of them, namely:<br>
30020 ASan, UBSan, TSan, MSan, libFuzzer, SafeStack, XRay.<br>
30021 In all supported variations and modes that are supported by the original LLVM compiler-rt package.</p>
30022 </blockquote>
30023 <hr>
30024 <p>###<a href="https://distrowatch.com/weekly.php?issue=20190204#freenas">Distrowatch FreeNAS 11.2 review</a></p>
30025 <blockquote>
30026 <p>The project’s latest release is FreeNAS 11.2 and, at first, I nearly overlooked the new version because it appeared to be a minor point release. However, a lot of work went into the new version and 11.2 offers a lot of changes when compared next to 11.1, “including a major revamp of the web interface, support for self-encrypting drives, and new, backwards-compatible REST and WebSocket APIs. This update also introduces iocage for improved plugins and jails management and simplified plugin development.”</p>
30027 </blockquote>
30028 <hr>
30029 <p>##Beastie Bits</p>
30030 <ul>
30031 <li><a href="https://gist.github.com/zeising/5d2402d92b4cf421c7402d663b2d9e41">Instructions for installing rEFInd to dual boot a computer with FreeBSD and windows (and possibly other OSes as well).</a></li>
30032 <li><a href="https://www.unitedbsd.com/d/12-netbsd-desktop-pt-6-vi1-editor-tmux-and-unicode-term">NetBSD desktop pt.6: “vi(1) editor, tmux and unicode $TERM”</a></li>
30033 <li><a href="https://www.geekrant.org/2005/04/01/unix-flowers/">Unix flowers</a></li>
30034 <li><a href="https://oshogbo.vexillium.org/blog/62/">FreeBSD upgrade procedure using GPT</a></li>
30035 <li><a href="https://chargen.one/steve/backups-on-chargen-one">Pull-based Backups using OpenBSD base*</a></li>
30036 <li><a href="https://github.com/ozaki-r/netbsd-src/tree/wireguard">Developing WireGuard for NetBSD</a></li>
30037 <li><a href="https://zfs.datto.com/">OpenZFS User Conference, April 18-19, Norwalk CT</a></li>
30038 <li><a href="http://knoxbug.org/2019-02-25">KnoxBug Feb 25th</a></li>
30039 </ul>
30040 <hr>
30041 <p>##Feedback/Questions</p>
30042 <ul>
30043 <li>Jake - <a href="http://dpaste.com/3X7KVVX#wrap">C Programming</a></li>
30044 <li>Farhan - <a href="http://dpaste.com/067WW0P">Explanation of rtadvd</a></li>
30045 <li>Nelson - <a href="http://dpaste.com/2BYGFSV">Bug Bounties on Open-Source Software</a></li>
30046 </ul>
30047 <hr>
30048 <ul>
30049 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
30050 </ul>
30051 <hr>
30052 </description>
30053 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview</itunes:keywords>
30054 <content:encoded>
30055 <![CDATA[<p>Strategic thinking to keep FreeBSD relevant, reflecting on the soul of a new machine, 10GbE Benchmarks On Nine Linux Distros and FreeBSD, NetBSD integrating LLVM sanitizers in base, FreeNAS 11.2 distrowatch review, and more.</p>
30056
30057 <p>##Headlines<br>
30058 ###<a href="http://www.leidinger.net/blog/2019/01/27/strategic-thinking-or-what-i-think-what-we-need-to-do-to-keep-freebsd-relevant/">Strategic thinking, or what I think what we need to do to keep FreeBSD relevant</a></p>
30059
30060 <blockquote>
30061 <p>Since I participate in the FreeBSD project there are from time to time some voices which say FreeBSD is dead, Linux is the way to go. Most of the time those voices are trolls, or people which do not really know what FreeBSD has to offer. Sometimes those voices wear blinders, they only see their own little world (were Linux just works fine) and do not see the big picture (like e.g. competition stimulates business, …) or even dare to look what FreeBSD has to offer.<br>
30062 Sometimes those voices raise a valid concern, and it is up to the FreeBSD project to filter out what would be beneficial. Recently there were some mails on the FreeBSD lists in the sense of “What about going into direction X?”. Some people just had the opinion that we should stay where we are. In my opinion this is similarly bad to blindly saying FreeBSD is dead and following the masses. It would mean stagnation. We should not hold people back in exploring new / different directions. Someone wants to write a kernel module in (a subset of) C++ or in Rust… well, go ahead, give it a try, we can put it into the Ports Collection and let people get experience with it.<br>
30063 This discussion on the mailinglists also triggered some kind of “where do we see us in the next years” / strategic thinking reflection. What I present here, is my very own opinion about things we in the FreeBSD project should look at, to stay relevant in the long term. To be able to put that into scope, I need to clarify what “relevant” means in this case.<br>
30064 FreeBSD is currently used by companies like Netflix, NetApp, Cisco, Juniper, and many others as a base for products or services. It is also used by end‐users as a work‐horse (e.g. mailservers, webservers, …). Staying relevant means in this context, to provide something which the user base is interested in to use and which makes it more easy / fast for the user base to deliver whatever they want or need to deliver than with another kind of system. And this in terms of time to market of a solution (time to deliver a service like a web‐/mail‐/whatever‐server or product), and in terms of performance (which not only means speed, but also security and reliability and …) of the solution.<br>
30065 I have categorized the list of items I think are important into (new) code/features, docs, polishing and project infrastructure. Links in the following usually point to documentation/HOWTOs/experiences for/with FreeBSD, and not to the canonical entry points of the projects or technologies. In a few cases the links point to an explanation in the wikipedia or to the website of the topic in question.</p>
30066 </blockquote>
30067
30068 <p><hr></p>
30069
30070 <p>###<a href="http://dtrace.org/blogs/bmc/2019/02/10/reflecting-on-the-soul-of-a-new-machine/">Reflecting on The Soul of a New Machine</a></p>
30071
30072 <blockquote>
30073 <p>Long ago as an undergraduate, I found myself back home on a break from school, bored and with eyes wandering idly across a family bookshelf. At school, I had started to find a calling in computing systems, and now in the den, an old book suddenly caught my eye: Tracy Kidder’s The Soul of a New Machine. Taking it off the shelf, the book grabbed me from its first descriptions of Tom West, captivating me with the epic tale of the development of the Eagle at Data General. I — like so many before and after me — found the book to be life changing: by telling the stories of the people behind the machine, the book showed the creative passion among engineers that might otherwise appear anodyne, inspiring me to chart a course that might one day allow me to make a similar mark.<br>
30074 Since reading it over two decades ago, I have recommended The Soul of a Machine at essentially every opportunity, believing that it is a part of computing’s literary foundation — that it should be considered our Odyssey. Recently, I suggested it as beach reading to Jess Frazelle, and apparently with perfect timing: when I saw the book at the top of her vacation pile, I knew a fuse had been lit. I was delighted (though not at all surprised) to see Jess livetweet her admiration of the book, starting with the compelling prose, the lucid technical explanations and the visceral anecdotes — but then moving on to the deeper technical inspiration she found in the book. And as she reached the book’s crescendo, Jess felt its full power, causing her to reflect on the nature of engineering motivation.<br>
30075 Excited to see the effect of the book on Jess, I experienced a kind of reflected recommendation: I was inspired to (re-)read my own recommendation! Shortly after I started reading, I began to realize that (contrary to what I had been telling myself over the years!) I had not re-read the book in full since that first reading so many years ago. Rather, over the years I had merely revisited those sections that I remembered fondly. On the one hand, these sections are singular: the saga of engineers debugging a nasty I-cache data corruption issue; the young engineer who implements the simulator in an impossibly short amount of time because no one wanted to tell him that he was being impossibly ambitious; the engineer who, frustrated with a nanosecond-scale timing problem in the ALU that he designed, moved to a commune in Vermont, claiming a desire to deal with “no unit of time shorter than a season”. But by limiting myself to these passages, I was succumbing to the selection bias of my much younger self; re-reading the book now from start to finish has given new parts depth and meaning. Aspects that were more abstract to me as an undergraduate — from the organizational rivalries and absurdities of the industry to the complexities of West’s character and the tribulations of the team down the stretch — are now deeply evocative of concrete episodes of my own career.</p>
30076 </blockquote>
30077
30078 <ul>
30079 <li>See Article for rest…</li>
30080 </ul>
30081
30082 <p><hr></p>
30083
30084 <p>##News Roundup</p>
30085
30086 <p>###<a href="https://www.phoronix.com/scan.php?page=article&item=10gbe-linux-freebsd12&num=1">Out-Of-The-Box 10GbE Network Benchmarks On Nine Linux Distributions Plus FreeBSD 12</a></p>
30087
30088 <blockquote>
30089 <p>Last week I started running some fresh 10GbE Linux networking performance benchmarks across a few different Linux distributions. That testing has now been extended to cover nine Linux distributions plus FreeBSD 12.0 to compare the out-of-the-box networking performance.<br>
30090 Tested this round alongside FreeBSD 12.0 was Antergos 19.1, CentOS 7, Clear Linux, Debian 9.6, Fedora Server 29, openSUSE Leap 15.0, openSUSE Tumbleweed, Ubuntu 18.04.1 LTS, and Ubuntu 18.10.<br>
30091 All of the tests were done with a Tyan S7106 1U server featuring two Intel Xeon Gold 6138 CPUs, 96GB of DDR4 system memory, and Samsung 970 EVO SSD. For the 10GbE connectivity on this server was an add-in HP NC523SFP PCIe adapter providing two 10Gb SPF+ ports using a QLogic 8214 controller.<br>
30092 Originally the plan as well was to include Windows Server 2016/2019. Unfortunately the QLogic driver download site was malfunctioning since Cavium’s acquisition of the company and the other Windows Server 2016 driver options not panning out and there not being a Windows Server 2019 option. So sadly that Windows testing was thwarted so I since started testing over with a Mellanox Connectx-2 10GbE NIC, which is well supported on Windows Server and so that testing is ongoing for the next article of Windows vs. Linux 10 Gigabit network performance plus some “tuned” Linux networking results too.</p>
30093 </blockquote>
30094
30095 <p><hr></p>
30096
30097 <p>###<a href="https://blog.netbsd.org/tnf/entry/integration_of_the_llvm_sanitziers">Integration of the LLVM sanitizers with the NetBSD base system</a></p>
30098
30099 <blockquote>
30100 <p>Over the past month I’ve merged the LLVM compiler-rt sanitizers (LLVM svn r350590) with the base system. I’ve also managed to get a functional set of Makefile rules to build all of them, namely:<br>
30101 ASan, UBSan, TSan, MSan, libFuzzer, SafeStack, XRay.<br>
30102 In all supported variations and modes that are supported by the original LLVM compiler-rt package.</p>
30103 </blockquote>
30104
30105 <p><hr></p>
30106
30107 <p>###<a href="https://distrowatch.com/weekly.php?issue=20190204#freenas">Distrowatch FreeNAS 11.2 review</a></p>
30108
30109 <blockquote>
30110 <p>The project’s latest release is FreeNAS 11.2 and, at first, I nearly overlooked the new version because it appeared to be a minor point release. However, a lot of work went into the new version and 11.2 offers a lot of changes when compared next to 11.1, “including a major revamp of the web interface, support for self-encrypting drives, and new, backwards-compatible REST and WebSocket APIs. This update also introduces iocage for improved plugins and jails management and simplified plugin development.”</p>
30111 </blockquote>
30112
30113 <p><hr></p>
30114
30115 <p>##Beastie Bits</p>
30116
30117 <ul>
30118 <li><a href="https://gist.github.com/zeising/5d2402d92b4cf421c7402d663b2d9e41">Instructions for installing rEFInd to dual boot a computer with FreeBSD and windows (and possibly other OSes as well).</a></li>
30119 <li><a href="https://www.unitedbsd.com/d/12-netbsd-desktop-pt-6-vi1-editor-tmux-and-unicode-term">NetBSD desktop pt.6: “vi(1) editor, tmux and unicode $TERM”</a></li>
30120 <li><a href="https://www.geekrant.org/2005/04/01/unix-flowers/">Unix flowers</a></li>
30121 <li><a href="https://oshogbo.vexillium.org/blog/62/">FreeBSD upgrade procedure using GPT</a></li>
30122 <li><a href="https://chargen.one/steve/backups-on-chargen-one">Pull-based Backups using OpenBSD base*</a></li>
30123 <li><a href="https://github.com/ozaki-r/netbsd-src/tree/wireguard">Developing WireGuard for NetBSD</a></li>
30124 <li><a href="https://zfs.datto.com/">OpenZFS User Conference, April 18-19, Norwalk CT</a></li>
30125 <li><a href="http://knoxbug.org/2019-02-25">KnoxBug Feb 25th</a></li>
30126 </ul>
30127
30128 <p><hr></p>
30129
30130 <p>##Feedback/Questions</p>
30131
30132 <ul>
30133 <li>Jake - <a href="http://dpaste.com/3X7KVVX#wrap">C Programming</a></li>
30134 <li>Farhan - <a href="http://dpaste.com/067WW0P">Explanation of rtadvd</a></li>
30135 <li>Nelson - <a href="http://dpaste.com/2BYGFSV">Bug Bounties on Open-Source Software</a></li>
30136 </ul>
30137
30138 <p><hr></p>
30139
30140 <ul>
30141 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
30142 </ul>
30143
30144 <p><hr></p>]]>
30145 </content:encoded>
30146 <itunes:summary>
30147 <![CDATA[<p>Strategic thinking to keep FreeBSD relevant, reflecting on the soul of a new machine, 10GbE Benchmarks On Nine Linux Distros and FreeBSD, NetBSD integrating LLVM sanitizers in base, FreeNAS 11.2 distrowatch review, and more.</p>
30148
30149 <p>##Headlines<br>
30150 ###<a href="http://www.leidinger.net/blog/2019/01/27/strategic-thinking-or-what-i-think-what-we-need-to-do-to-keep-freebsd-relevant/">Strategic thinking, or what I think what we need to do to keep FreeBSD relevant</a></p>
30151
30152 <blockquote>
30153 <p>Since I participate in the FreeBSD project there are from time to time some voices which say FreeBSD is dead, Linux is the way to go. Most of the time those voices are trolls, or people which do not really know what FreeBSD has to offer. Sometimes those voices wear blinders, they only see their own little world (were Linux just works fine) and do not see the big picture (like e.g. competition stimulates business, …) or even dare to look what FreeBSD has to offer.<br>
30154 Sometimes those voices raise a valid concern, and it is up to the FreeBSD project to filter out what would be beneficial. Recently there were some mails on the FreeBSD lists in the sense of “What about going into direction X?”. Some people just had the opinion that we should stay where we are. In my opinion this is similarly bad to blindly saying FreeBSD is dead and following the masses. It would mean stagnation. We should not hold people back in exploring new / different directions. Someone wants to write a kernel module in (a subset of) C++ or in Rust… well, go ahead, give it a try, we can put it into the Ports Collection and let people get experience with it.<br>
30155 This discussion on the mailinglists also triggered some kind of “where do we see us in the next years” / strategic thinking reflection. What I present here, is my very own opinion about things we in the FreeBSD project should look at, to stay relevant in the long term. To be able to put that into scope, I need to clarify what “relevant” means in this case.<br>
30156 FreeBSD is currently used by companies like Netflix, NetApp, Cisco, Juniper, and many others as a base for products or services. It is also used by end‐users as a work‐horse (e.g. mailservers, webservers, …). Staying relevant means in this context, to provide something which the user base is interested in to use and which makes it more easy / fast for the user base to deliver whatever they want or need to deliver than with another kind of system. And this in terms of time to market of a solution (time to deliver a service like a web‐/mail‐/whatever‐server or product), and in terms of performance (which not only means speed, but also security and reliability and …) of the solution.<br>
30157 I have categorized the list of items I think are important into (new) code/features, docs, polishing and project infrastructure. Links in the following usually point to documentation/HOWTOs/experiences for/with FreeBSD, and not to the canonical entry points of the projects or technologies. In a few cases the links point to an explanation in the wikipedia or to the website of the topic in question.</p>
30158 </blockquote>
30159
30160 <p><hr></p>
30161
30162 <p>###<a href="http://dtrace.org/blogs/bmc/2019/02/10/reflecting-on-the-soul-of-a-new-machine/">Reflecting on The Soul of a New Machine</a></p>
30163
30164 <blockquote>
30165 <p>Long ago as an undergraduate, I found myself back home on a break from school, bored and with eyes wandering idly across a family bookshelf. At school, I had started to find a calling in computing systems, and now in the den, an old book suddenly caught my eye: Tracy Kidder’s The Soul of a New Machine. Taking it off the shelf, the book grabbed me from its first descriptions of Tom West, captivating me with the epic tale of the development of the Eagle at Data General. I — like so many before and after me — found the book to be life changing: by telling the stories of the people behind the machine, the book showed the creative passion among engineers that might otherwise appear anodyne, inspiring me to chart a course that might one day allow me to make a similar mark.<br>
30166 Since reading it over two decades ago, I have recommended The Soul of a Machine at essentially every opportunity, believing that it is a part of computing’s literary foundation — that it should be considered our Odyssey. Recently, I suggested it as beach reading to Jess Frazelle, and apparently with perfect timing: when I saw the book at the top of her vacation pile, I knew a fuse had been lit. I was delighted (though not at all surprised) to see Jess livetweet her admiration of the book, starting with the compelling prose, the lucid technical explanations and the visceral anecdotes — but then moving on to the deeper technical inspiration she found in the book. And as she reached the book’s crescendo, Jess felt its full power, causing her to reflect on the nature of engineering motivation.<br>
30167 Excited to see the effect of the book on Jess, I experienced a kind of reflected recommendation: I was inspired to (re-)read my own recommendation! Shortly after I started reading, I began to realize that (contrary to what I had been telling myself over the years!) I had not re-read the book in full since that first reading so many years ago. Rather, over the years I had merely revisited those sections that I remembered fondly. On the one hand, these sections are singular: the saga of engineers debugging a nasty I-cache data corruption issue; the young engineer who implements the simulator in an impossibly short amount of time because no one wanted to tell him that he was being impossibly ambitious; the engineer who, frustrated with a nanosecond-scale timing problem in the ALU that he designed, moved to a commune in Vermont, claiming a desire to deal with “no unit of time shorter than a season”. But by limiting myself to these passages, I was succumbing to the selection bias of my much younger self; re-reading the book now from start to finish has given new parts depth and meaning. Aspects that were more abstract to me as an undergraduate — from the organizational rivalries and absurdities of the industry to the complexities of West’s character and the tribulations of the team down the stretch — are now deeply evocative of concrete episodes of my own career.</p>
30168 </blockquote>
30169
30170 <ul>
30171 <li>See Article for rest…</li>
30172 </ul>
30173
30174 <p><hr></p>
30175
30176 <p>##News Roundup</p>
30177
30178 <p>###<a href="https://www.phoronix.com/scan.php?page=article&item=10gbe-linux-freebsd12&num=1">Out-Of-The-Box 10GbE Network Benchmarks On Nine Linux Distributions Plus FreeBSD 12</a></p>
30179
30180 <blockquote>
30181 <p>Last week I started running some fresh 10GbE Linux networking performance benchmarks across a few different Linux distributions. That testing has now been extended to cover nine Linux distributions plus FreeBSD 12.0 to compare the out-of-the-box networking performance.<br>
30182 Tested this round alongside FreeBSD 12.0 was Antergos 19.1, CentOS 7, Clear Linux, Debian 9.6, Fedora Server 29, openSUSE Leap 15.0, openSUSE Tumbleweed, Ubuntu 18.04.1 LTS, and Ubuntu 18.10.<br>
30183 All of the tests were done with a Tyan S7106 1U server featuring two Intel Xeon Gold 6138 CPUs, 96GB of DDR4 system memory, and Samsung 970 EVO SSD. For the 10GbE connectivity on this server was an add-in HP NC523SFP PCIe adapter providing two 10Gb SPF+ ports using a QLogic 8214 controller.<br>
30184 Originally the plan as well was to include Windows Server 2016/2019. Unfortunately the QLogic driver download site was malfunctioning since Cavium’s acquisition of the company and the other Windows Server 2016 driver options not panning out and there not being a Windows Server 2019 option. So sadly that Windows testing was thwarted so I since started testing over with a Mellanox Connectx-2 10GbE NIC, which is well supported on Windows Server and so that testing is ongoing for the next article of Windows vs. Linux 10 Gigabit network performance plus some “tuned” Linux networking results too.</p>
30185 </blockquote>
30186
30187 <p><hr></p>
30188
30189 <p>###<a href="https://blog.netbsd.org/tnf/entry/integration_of_the_llvm_sanitziers">Integration of the LLVM sanitizers with the NetBSD base system</a></p>
30190
30191 <blockquote>
30192 <p>Over the past month I’ve merged the LLVM compiler-rt sanitizers (LLVM svn r350590) with the base system. I’ve also managed to get a functional set of Makefile rules to build all of them, namely:<br>
30193 ASan, UBSan, TSan, MSan, libFuzzer, SafeStack, XRay.<br>
30194 In all supported variations and modes that are supported by the original LLVM compiler-rt package.</p>
30195 </blockquote>
30196
30197 <p><hr></p>
30198
30199 <p>###<a href="https://distrowatch.com/weekly.php?issue=20190204#freenas">Distrowatch FreeNAS 11.2 review</a></p>
30200
30201 <blockquote>
30202 <p>The project’s latest release is FreeNAS 11.2 and, at first, I nearly overlooked the new version because it appeared to be a minor point release. However, a lot of work went into the new version and 11.2 offers a lot of changes when compared next to 11.1, “including a major revamp of the web interface, support for self-encrypting drives, and new, backwards-compatible REST and WebSocket APIs. This update also introduces iocage for improved plugins and jails management and simplified plugin development.”</p>
30203 </blockquote>
30204
30205 <p><hr></p>
30206
30207 <p>##Beastie Bits</p>
30208
30209 <ul>
30210 <li><a href="https://gist.github.com/zeising/5d2402d92b4cf421c7402d663b2d9e41">Instructions for installing rEFInd to dual boot a computer with FreeBSD and windows (and possibly other OSes as well).</a></li>
30211 <li><a href="https://www.unitedbsd.com/d/12-netbsd-desktop-pt-6-vi1-editor-tmux-and-unicode-term">NetBSD desktop pt.6: “vi(1) editor, tmux and unicode $TERM”</a></li>
30212 <li><a href="https://www.geekrant.org/2005/04/01/unix-flowers/">Unix flowers</a></li>
30213 <li><a href="https://oshogbo.vexillium.org/blog/62/">FreeBSD upgrade procedure using GPT</a></li>
30214 <li><a href="https://chargen.one/steve/backups-on-chargen-one">Pull-based Backups using OpenBSD base*</a></li>
30215 <li><a href="https://github.com/ozaki-r/netbsd-src/tree/wireguard">Developing WireGuard for NetBSD</a></li>
30216 <li><a href="https://zfs.datto.com/">OpenZFS User Conference, April 18-19, Norwalk CT</a></li>
30217 <li><a href="http://knoxbug.org/2019-02-25">KnoxBug Feb 25th</a></li>
30218 </ul>
30219
30220 <p><hr></p>
30221
30222 <p>##Feedback/Questions</p>
30223
30224 <ul>
30225 <li>Jake - <a href="http://dpaste.com/3X7KVVX#wrap">C Programming</a></li>
30226 <li>Farhan - <a href="http://dpaste.com/067WW0P">Explanation of rtadvd</a></li>
30227 <li>Nelson - <a href="http://dpaste.com/2BYGFSV">Bug Bounties on Open-Source Software</a></li>
30228 </ul>
30229
30230 <p><hr></p>
30231
30232 <ul>
30233 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
30234 </ul>
30235
30236 <p><hr></p>]]>
30237 </itunes:summary>
30238 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+0i5VL086</fireside:playerURL>
30239 <fireside:playerEmbedCode>
30240 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+0i5VL086" width="740" height="200" frameborder="0" scrolling="no">]]>
30241 </fireside:playerEmbedCode>
30242 </item>
30243 <item>
30244 <title>284: FOSDEM 2019</title>
30245 <link>https://www.bsdnow.tv/284</link>
30246 <guid isPermaLink="false">9e51096d-3e53-490c-8603-827a76d73758</guid>
30247 <pubDate>Thu, 07 Feb 2019 08:00:00 -0800</pubDate>
30248 <author>Allan Jude</author>
30249 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/9e51096d-3e53-490c-8603-827a76d73758.mp3" length="35850359" type="audio/mp3"/>
30250 <itunes:episodeType>full</itunes:episodeType>
30251 <itunes:author>Allan Jude</itunes:author>
30252 <itunes:subtitle>We recap FOSDEM 2019, FreeBSD Foundation January update, OPNsense 19.1 released, the hardware-assisted virtualization challenge, ZFS and GPL terror, ClonOS 19.01-RELEASE, and more.</itunes:subtitle>
30253 <itunes:duration>59:26</itunes:duration>
30254 <itunes:explicit>no</itunes:explicit>
30255 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
30256 <description>We recap FOSDEM 2019, FreeBSD Foundation January update, OPNsense 19.1 released, the hardware-assisted virtualization challenge, ZFS and GPL terror, ClonOS 19.01-RELEASE, and more.
30257 <h1>Headlines</h1>
30258 <h3><a href="https://fosdem.org/2019/schedule/">FOSDEM 2019 Recap</a></h3>
30259 <ul>
30260 <li>Allan and I were at FOSDEM 2019 in Brussels, Belgium over the weekend.</li>
30261 <li>On the Friday before, we held a FreeBSD Devsummit in a hotel conference room, with 25 people attending. We talked about various topics of interest to the project. You can find the <a href="https://wiki.freebsd.org/Devsummit/201902">notes on the wiki page</a>.</li>
30262 <li>Saturday was the first day of FOSDEM. The FreeBSD Project had a table next to the Illumos Project again. A lot of people visited our table, asked questions, or just said “Hi, I watch <a href="http://BSDNow.tv">BSDNow.tv</a> every week”. We handed out a lot of stickers, pens, swag, and flyers. There was also a full day <a href="https://twitter.com/fosdembsd">BSD devroom</a>, with a <a href="https://fosdem.org/2019/schedule/track/bsd/">variety of talks</a> that were well attended.</li>
30263 <li>In the main conference track, Allan held a <a href="https://fosdem.org/2019/schedule/event/zfs_caching/">talk explaining how the ZFS ARC works</a>. A lot of people attended the talk and had more questions afterwards. Another well attended talk was by Jonathan Looney about <a href="https://fosdem.org/2019/schedule/event/netflix_freebsd/">Netflix and FreeBSD</a>.</li>
30264 <li>Sunday was another day in the same format, but no bsd devroom. A lot of people visited our table, developers and users alike. A lot of meeting and greeting went on.</li>
30265 <li>Overall, FOSDEM was a great success with FreeBSD showing a lot of presence. Thanks to all the people who attended and talked to us. Special thanks to the people who helped out at the FreeBSD table and Rodrigo Osorio for running the BSD devroom again.</li>
30266 </ul>
30267 <h3><a href="https://www.freebsdfoundation.org/news-and-events/newsletter/freebsd-foundation-update-january-2019/">FreeBSD Foundation Update, January 2019</a></h3>
30268 <blockquote>
30269 <p>Dear FreeBSD Community Member,<br>
30270 Happy New Year! It’s always exciting starting the new year with ambitious plans to support FreeBSD in new and existing areas. We achieved our fundraising goal for 2018, so we plan on funding a lot of work this year! Though it’s the new year, this newsletter highlights some of the work we accomplished in December. We also put together a list of technologies and features we are considering supporting, and are looking for feedback on what users want to help inform our 2019 development plans. Our advocacy and education efforts are in full swing as we prepare for upcoming conferences including FOSDEM, SANOG33, and SCaLE.<br>
30271 Finally, we created a year-end video to talk about the work we did in 2018. That in itself was an endeavor, so please take a few minutes to watch it! We’re working on improving the methods we use to inform the community on the work we are doing to support the Project, and are always open to feedback. Now, sit back, grab a refreshing beverage, and enjoy our newsletter!<br>
30272 Happy reading!!<br>
30273 Deb</p>
30274 </blockquote>
30275 <hr>
30276 <h3><a href="https://forum.opnsense.org/index.php?topic=11398.0">OPNsense 19.1 released</a></h3>
30277 <blockquote>
30278 <p>For more than four years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.<br>
30279 The 19.1 release, nicknamed “Inspiring Iguana”, consists of a total of 620 individual changes since 18.7 came out 6 months ago, spread out over 12 intermediate releases including the recent release candidates. That is the average of 2 stable releases per month, security updates and important bug fixes included! If we had to pick a few highlights it would be: The firewall alias API is finally in place. The migration to HardenedBSD 11.2 has been completed. 2FA now works with a remote LDAP / local TOTP combination. And the OpenVPN client export was rewritten for full API support as well.</p>
30280 </blockquote>
30281 <ul>
30282 <li>
30283 <p>These are the most prominent changes since version 18.7:</p>
30284 </li>
30285 <li>
30286 <p>fully functional firewall alias API</p>
30287 </li>
30288 <li>
30289 <p>PIE firewall shaper support</p>
30290 </li>
30291 <li>
30292 <p>firewall NAT rule logging support</p>
30293 </li>
30294 <li>
30295 <p>2FA via LDAP-TOTP combination</p>
30296 </li>
30297 <li>
30298 <p>WPAD / PAC and parent proxy support in the web proxy</p>
30299 </li>
30300 <li>
30301 <p>P12 certificate export with custom passwords</p>
30302 </li>
30303 <li>
30304 <p>Dpinger is now the default gateway monitor</p>
30305 </li>
30306 <li>
30307 <p>ET Pro Telemetry edition plugin[2]</p>
30308 </li>
30309 <li>
30310 <p>extended IPv6 DUID support</p>
30311 </li>
30312 <li>
30313 <p>Dnsmasq DNSSEC support</p>
30314 </li>
30315 <li>
30316 <p>OpenVPN client export API</p>
30317 </li>
30318 <li>
30319 <p>Realtek NIC driver version 1.95</p>
30320 </li>
30321 <li>
30322 <p>HardenedBSD 11.2, LibreSSL 2.7</p>
30323 </li>
30324 <li>
30325 <p>Unbound 1.8, Suricata 4.1</p>
30326 </li>
30327 <li>
30328 <p>Phalcon 3.4, Perl 5.28</p>
30329 </li>
30330 <li>
30331 <p>firmware health check extended to cover all OS files, HTTPS mirror default</p>
30332 </li>
30333 <li>
30334 <p>updates are browser cache-safe regarding CSS and JavaScript assets</p>
30335 </li>
30336 <li>
30337 <p>collapsible side bar menu in the default theme</p>
30338 </li>
30339 <li>
30340 <p>language updates for Chinese, Czech, French, German, Japanese, Portuguese and Russian</p>
30341 </li>
30342 <li>
30343 <p>API backup export, Bind, Hardware widget, Nginx, Ntopng, VnStat and Dnscrypt-proxy plugins</p>
30344 </li>
30345 <li>
30346 <p>Here are the full changes against version 19.1-RC2:</p>
30347 </li>
30348 <li>
30349 <p>ipsec: add firewall interface as soon as phase 1 is enabled</p>
30350 </li>
30351 <li>
30352 <p>ipsec: phase 1 selection GUI JavaScript compatibility fix</p>
30353 </li>
30354 <li>
30355 <p>monit: widget improvements and bug fix (contributed by Frank Brendel)</p>
30356 </li>
30357 <li>
30358 <p>ui: fix regression in single host or network subnet select in static pages</p>
30359 </li>
30360 <li>
30361 <p>plugins: os-frr 1.7 updates OSFP outbound rules (contributed by Fabian Franz)</p>
30362 </li>
30363 <li>
30364 <p>plugins: os-telegraf 1.7.4 fixes packet filter input</p>
30365 </li>
30366 <li>
30367 <p>plugins: os-theme-rebellion 1.8.2 adds image colour invert</p>
30368 </li>
30369 <li>
30370 <p>plugins: os-vnstat 1.1[3]</p>
30371 </li>
30372 <li>
30373 <p>plugins: os-zabbix-agent now uses Zabbix version 4.0</p>
30374 </li>
30375 <li>
30376 <p>src: revert mmccalculateclock() as HS200/HS400 support breaks legacy support</p>
30377 </li>
30378 <li>
30379 <p>src: update sqlite3-3.20.0 to sqlite3-3.26.0[4]</p>
30380 </li>
30381 <li>
30382 <p>src: import tzdata 2018h, 2018i[5]</p>
30383 </li>
30384 <li>
30385 <p>src: avoid unsynchronized updates to knstatus[6]</p>
30386 </li>
30387 <li>
30388 <p>ports: carootnss 3.42</p>
30389 </li>
30390 <li>
30391 <p>ports: dhcp6c 20190128 prevent rawops double-free (contributed by Team Rebellion)</p>
30392 </li>
30393 <li>
30394 <p>ports: sudo patch to fix listpw=never[7]</p>
30395 </li>
30396 </ul>
30397 <hr>
30398 <h2>News Roundup</h2>
30399 <h3><a href="https://blog.netbsd.org/tnf/entry/thehardwareassistedvirtualizationchallenge">The hardware-assisted virtualization challenge</a></h3>
30400 <blockquote>
30401 <p>Over two years ago, I made a pledge to use NetBSD as my sole OS and only operating system, and to resist booting into any other OS until I had implemented hardware-accelerated virtualization in the NetBSD kernel (the equivalent of Linux’ KVM, or Hyper-V).<br>
30402 Today, I am here to report: Mission Accomplished!<br>
30403 It’s been a long road, but we now have hardware-accelerated virtualization in the kernel! And while I had only initially planned to get Oracle VirtualBox working, I have with the help of the Intel HAXM engine (the same backend used for virtualization in Android Studio) and a qemu frontend, successfully managed to boot a range of mainstream operating systems.</p>
30404 </blockquote>
30405 <hr>
30406 <h3><a href="https://eerielinux.wordpress.com/2019/01/28/zfs-and-gpl-terror-how-much-freedom-is-there-in-linux/">ZFS and GPL terror: How much freedom is there in Linux?</a></h3>
30407 <ul>
30408 <li>ZFS – the undesirable guest</li>
30409 </ul>
30410 <blockquote>
30411 <p>ZFS is todays most advanced filesystem. It originated on the Solaris operating system and thanks to Sun’s decision to open it up, we have it available on quite a number of Unix-like operating systems. That’s just great! Great for everyone.<br>
30412 For everyone? Nope. There are people out there who don’t like ZFS. Which is totally fine, they don’t need to use it after all. But worse: There are people who actively hate ZFS and think that others should not use it. Ok, it’s nothing new that some random guys on the net are acting like assholes, trying to tell you what you must not do, right? Whoever has been online for more than a couple of days probably already got used to it. Unfortunately its still worse: One such spoilsport is Greg Kroah-Hartman, Linux guru and informal second-in-command after Linus Torvalds.<br>
30413 There have been some attempts to defend the stance of this kernel developer. One was to point at the fact that the “ZFS on Linux” (ZoL) port uses two kernel functions, _kernelfpubegin() and _kernelfpuend(), which have been deprecated for a very long time and that it makes sense to finally get rid of them since nothing in-kernel uses it anymore. Nobody is going to argue against that. The problem becomes clear by looking at the bigger picture, though:<br>
30414 The need for functions doing just what the old ones did has of course not vanished. The functions have been replaced with other ones. And those ones are deliberately made GPL-only. Yes, that’s right: There’s no technical reason whatsoever! It’s purely ideology – and it’s a terrible one.</p>
30415 </blockquote>
30416 <hr>
30417 <h3><a href="https://clonos.tekroutine.com/">ClonOS 19.01-RELEASE</a></h3>
30418 <blockquote>
30419 <p>ClonOS is a turnkey Open Source platform based on FreeBSD and the CBSD framework. ClonOS offers a complete web UI for easily controlling, deploying and managing FreeBSD jails containers and Bhyve/Xen hyperviser virtual environments.<br>
30420 ClonOS is currently the only platform available which allow both Xen and Bhyve hypervisor to coexist on the same host. Being a FreeBSD base platform, ClonOS ability to create and manage jails allows you to run FreeBSD applications without losing performance.</p>
30421 </blockquote>
30422 <ul>
30423 <li>
30424 <p>Features:</p>
30425 </li>
30426 <li>
30427 <p>easy management via web UI interface</p>
30428 </li>
30429 <li>
30430 <p>live Bhyve migration [coming soon, roadmap]</p>
30431 </li>
30432 <li>
30433 <p>Bhyve management (create, delete VM)</p>
30434 </li>
30435 <li>
30436 <p>Xen management (create, delete VM) [coming soon, roadmap]</p>
30437 </li>
30438 <li>
30439 <p>connection to the “physical” guest console via VNC from the browser or directly</p>
30440 </li>
30441 <li>
30442 <p>Real time system monitoring</p>
30443 </li>
30444 <li>
30445 <p>access to load statistics through SQLite3 and beanstalkd</p>
30446 </li>
30447 <li>
30448 <p>support for ZFS features (cloning, snapshots)</p>
30449 </li>
30450 <li>
30451 <p>import/export of virtual environments</p>
30452 </li>
30453 <li>
30454 <p>public repository with virtual machine templates</p>
30455 </li>
30456 <li>
30457 <p>puppet-based helpers for configuring popular services</p>
30458 </li>
30459 <li>
30460 <p>ClonOS is a free open-source FreeBSD-based platform for virtual environments creation and management. In the core:</p>
30461 </li>
30462 <li>
30463 <p>FreeBSD OS as hoster platform</p>
30464 </li>
30465 <li>
30466 <p>bhyve(8) as hypervisor engine</p>
30467 </li>
30468 <li>
30469 <p>Xen as hypervisor engine</p>
30470 </li>
30471 <li>
30472 <p>vale(4) as Virtual Ethernet Switch</p>
30473 </li>
30474 <li>
30475 <p>jail(8) as container engine</p>
30476 </li>
30477 <li>
30478 <p>CBSD Project as management tools</p>
30479 </li>
30480 <li>
30481 <p>Puppet as configuration management</p>
30482 </li>
30483 </ul>
30484 <hr>
30485 <h2>Beastie Bits</h2>
30486 <ul>
30487 <li><a href="https://www.undeadly.org/cgi?action=article;sid=20190128061321">Florian Obser on unwind(8)</a></li>
30488 <li><a href="https://www.reddit.com/r/commandline/comments/amq947/alowtechsmsgatewayforfunandnoprofit/">A low tech SMS gateway for fun and no profit</a></li>
30489 <li><a href="https://fosdem.org/2019/schedule/event/netflix_freebsd/attachments/slides/3103/export/events/attachments/netflix_freebsd/slides/3103/FOSDEM_2019_Netflix_and_FreeBSD.pdf">Netflix and FreeBSD : Using Open Source to Deliver Streaming Video</a></li>
30490 <li><a href="https://github.com/lonkamikaze/powerdxx/releases/tag/0.4.0">powerd++ 0.4.0 release</a></li>
30491 <li><a href="https://www.infoq.com/presentations/os-rust">Is it time to rewrite the operating system in Rust?</a></li>
30492 <li><a href="https://svnweb.freebsd.org/changeset/base/343673">Small change, big effect</a></li>
30493 <li><a href="https://www.meetup.com/BSD-Users-Stockholm/events/257281738/">Swedish BSD Meetup, Feb 19, 2019</a></li>
30494 <li><a href="https://www.meetup.com/en-US/Polish-BSD-User-Group/events/zkhlnqyzdbsb/">Polish BSD User Group Meetup, Feb 21, 2019</a></li>
30495 </ul>
30496 <hr>
30497 <h2>Feedback/Questions</h2>
30498 <ul>
30499 <li>Casey - <a href="http://dpaste.com/2MA7HRV#wrap">Cool new Digital Ocean Feature</a></li>
30500 <li>Morgan - <a href="http://dpaste.com/1QDAMYJ#wrap">Jail w/differnet version of FreeBSD</a></li>
30501 <li>Brad - <a href="http://dpaste.com/2XG5KXN#wrap">FreeBSD Installer</a></li>
30502 </ul>
30503 <hr>
30504 <ul>
30505 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
30506 </ul>
30507 <hr>
30508 </description>
30509 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview</itunes:keywords>
30510 <content:encoded>
30511 <![CDATA[<p>We recap FOSDEM 2019, FreeBSD Foundation January update, OPNsense 19.1 released, the hardware-assisted virtualization challenge, ZFS and GPL terror, ClonOS 19.01-RELEASE, and more.</p>
30512
30513 <h1>Headlines</h1>
30514
30515 <h3><a href="https://fosdem.org/2019/schedule/">FOSDEM 2019 Recap</a></h3>
30516
30517 <ul>
30518 <li>Allan and I were at FOSDEM 2019 in Brussels, Belgium over the weekend.</li>
30519 <li>On the Friday before, we held a FreeBSD Devsummit in a hotel conference room, with 25 people attending. We talked about various topics of interest to the project. You can find the <a href="https://wiki.freebsd.org/Devsummit/201902">notes on the wiki page</a>.</li>
30520 <li>Saturday was the first day of FOSDEM. The FreeBSD Project had a table next to the Illumos Project again. A lot of people visited our table, asked questions, or just said “Hi, I watch <a href="http://BSDNow.tv">BSDNow.tv</a> every week”. We handed out a lot of stickers, pens, swag, and flyers. There was also a full day <a href="https://twitter.com/fosdembsd">BSD devroom</a>, with a <a href="https://fosdem.org/2019/schedule/track/bsd/">variety of talks</a> that were well attended.</li>
30521 <li>In the main conference track, Allan held a <a href="https://fosdem.org/2019/schedule/event/zfs_caching/">talk explaining how the ZFS ARC works</a>. A lot of people attended the talk and had more questions afterwards. Another well attended talk was by Jonathan Looney about <a href="https://fosdem.org/2019/schedule/event/netflix_freebsd/">Netflix and FreeBSD</a>.</li>
30522 <li>Sunday was another day in the same format, but no bsd devroom. A lot of people visited our table, developers and users alike. A lot of meeting and greeting went on.</li>
30523 <li>Overall, FOSDEM was a great success with FreeBSD showing a lot of presence. Thanks to all the people who attended and talked to us. Special thanks to the people who helped out at the FreeBSD table and Rodrigo Osorio for running the BSD devroom again.</li>
30524 </ul>
30525
30526 <h3><a href="https://www.freebsdfoundation.org/news-and-events/newsletter/freebsd-foundation-update-january-2019/">FreeBSD Foundation Update, January 2019</a></h3>
30527
30528 <blockquote>
30529 <p>Dear FreeBSD Community Member,<br>
30530 Happy New Year! It’s always exciting starting the new year with ambitious plans to support FreeBSD in new and existing areas. We achieved our fundraising goal for 2018, so we plan on funding a lot of work this year! Though it’s the new year, this newsletter highlights some of the work we accomplished in December. We also put together a list of technologies and features we are considering supporting, and are looking for feedback on what users want to help inform our 2019 development plans. Our advocacy and education efforts are in full swing as we prepare for upcoming conferences including FOSDEM, SANOG33, and SCaLE.<br>
30531 Finally, we created a year-end video to talk about the work we did in 2018. That in itself was an endeavor, so please take a few minutes to watch it! We’re working on improving the methods we use to inform the community on the work we are doing to support the Project, and are always open to feedback. Now, sit back, grab a refreshing beverage, and enjoy our newsletter!<br>
30532 Happy reading!!<br>
30533 Deb</p>
30534 </blockquote>
30535
30536 <p><hr></p>
30537
30538 <h3><a href="https://forum.opnsense.org/index.php?topic=11398.0">OPNsense 19.1 released</a></h3>
30539
30540 <blockquote>
30541 <p>For more than four years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.<br>
30542 The 19.1 release, nicknamed “Inspiring Iguana”, consists of a total of 620 individual changes since 18.7 came out 6 months ago, spread out over 12 intermediate releases including the recent release candidates. That is the average of 2 stable releases per month, security updates and important bug fixes included! If we had to pick a few highlights it would be: The firewall alias API is finally in place. The migration to HardenedBSD 11.2 has been completed. 2FA now works with a remote LDAP / local TOTP combination. And the OpenVPN client export was rewritten for full API support as well.</p>
30543 </blockquote>
30544
30545 <ul>
30546 <li>
30547 <p>These are the most prominent changes since version 18.7:</p>
30548 </li>
30549 <li>
30550 <p>fully functional firewall alias API</p>
30551 </li>
30552 <li>
30553 <p>PIE firewall shaper support</p>
30554 </li>
30555 <li>
30556 <p>firewall NAT rule logging support</p>
30557 </li>
30558 <li>
30559 <p>2FA via LDAP-TOTP combination</p>
30560 </li>
30561 <li>
30562 <p>WPAD / PAC and parent proxy support in the web proxy</p>
30563 </li>
30564 <li>
30565 <p>P12 certificate export with custom passwords</p>
30566 </li>
30567 <li>
30568 <p>Dpinger is now the default gateway monitor</p>
30569 </li>
30570 <li>
30571 <p>ET Pro Telemetry edition plugin[2]</p>
30572 </li>
30573 <li>
30574 <p>extended IPv6 DUID support</p>
30575 </li>
30576 <li>
30577 <p>Dnsmasq DNSSEC support</p>
30578 </li>
30579 <li>
30580 <p>OpenVPN client export API</p>
30581 </li>
30582 <li>
30583 <p>Realtek NIC driver version 1.95</p>
30584 </li>
30585 <li>
30586 <p>HardenedBSD 11.2, LibreSSL 2.7</p>
30587 </li>
30588 <li>
30589 <p>Unbound 1.8, Suricata 4.1</p>
30590 </li>
30591 <li>
30592 <p>Phalcon 3.4, Perl 5.28</p>
30593 </li>
30594 <li>
30595 <p>firmware health check extended to cover all OS files, HTTPS mirror default</p>
30596 </li>
30597 <li>
30598 <p>updates are browser cache-safe regarding CSS and JavaScript assets</p>
30599 </li>
30600 <li>
30601 <p>collapsible side bar menu in the default theme</p>
30602 </li>
30603 <li>
30604 <p>language updates for Chinese, Czech, French, German, Japanese, Portuguese and Russian</p>
30605 </li>
30606 <li>
30607 <p>API backup export, Bind, Hardware widget, Nginx, Ntopng, VnStat and Dnscrypt-proxy plugins</p>
30608 </li>
30609 <li>
30610 <p>Here are the full changes against version 19.1-RC2:</p>
30611 </li>
30612 <li>
30613 <p>ipsec: add firewall interface as soon as phase 1 is enabled</p>
30614 </li>
30615 <li>
30616 <p>ipsec: phase 1 selection GUI JavaScript compatibility fix</p>
30617 </li>
30618 <li>
30619 <p>monit: widget improvements and bug fix (contributed by Frank Brendel)</p>
30620 </li>
30621 <li>
30622 <p>ui: fix regression in single host or network subnet select in static pages</p>
30623 </li>
30624 <li>
30625 <p>plugins: os-frr 1.7 updates OSFP outbound rules (contributed by Fabian Franz)</p>
30626 </li>
30627 <li>
30628 <p>plugins: os-telegraf 1.7.4 fixes packet filter input</p>
30629 </li>
30630 <li>
30631 <p>plugins: os-theme-rebellion 1.8.2 adds image colour invert</p>
30632 </li>
30633 <li>
30634 <p>plugins: os-vnstat 1.1[3]</p>
30635 </li>
30636 <li>
30637 <p>plugins: os-zabbix-agent now uses Zabbix version 4.0</p>
30638 </li>
30639 <li>
30640 <p>src: revert mmc_calculate_clock() as HS200/HS400 support breaks legacy support</p>
30641 </li>
30642 <li>
30643 <p>src: update sqlite3-3.20.0 to sqlite3-3.26.0[4]</p>
30644 </li>
30645 <li>
30646 <p>src: import tzdata 2018h, 2018i[5]</p>
30647 </li>
30648 <li>
30649 <p>src: avoid unsynchronized updates to kn_status[6]</p>
30650 </li>
30651 <li>
30652 <p>ports: ca_root_nss 3.42</p>
30653 </li>
30654 <li>
30655 <p>ports: dhcp6c 20190128 prevent rawops double-free (contributed by Team Rebellion)</p>
30656 </li>
30657 <li>
30658 <p>ports: sudo patch to fix listpw=never[7]</p>
30659 </li>
30660 </ul>
30661
30662 <p><hr></p>
30663
30664 <h2>News Roundup</h2>
30665
30666 <h3><a href="https://blog.netbsd.org/tnf/entry/the_hardware_assisted_virtualization_challenge">The hardware-assisted virtualization challenge</a></h3>
30667
30668 <blockquote>
30669 <p>Over two years ago, I made a pledge to use NetBSD as my sole OS and only operating system, and to resist booting into any other OS until I had implemented hardware-accelerated virtualization in the NetBSD kernel (the equivalent of Linux’ KVM, or Hyper-V).<br>
30670 Today, I am here to report: Mission Accomplished!<br>
30671 It’s been a long road, but we now have hardware-accelerated virtualization in the kernel! And while I had only initially planned to get Oracle VirtualBox working, I have with the help of the Intel HAXM engine (the same backend used for virtualization in Android Studio) and a qemu frontend, successfully managed to boot a range of mainstream operating systems.</p>
30672 </blockquote>
30673
30674 <p><hr></p>
30675
30676 <h3><a href="https://eerielinux.wordpress.com/2019/01/28/zfs-and-gpl-terror-how-much-freedom-is-there-in-linux/">ZFS and GPL terror: How much freedom is there in Linux?</a></h3>
30677
30678 <ul>
30679 <li>ZFS – the undesirable guest</li>
30680 </ul>
30681
30682 <blockquote>
30683 <p>ZFS is todays most advanced filesystem. It originated on the Solaris operating system and thanks to Sun’s decision to open it up, we have it available on quite a number of Unix-like operating systems. That’s just great! Great for everyone.<br>
30684 For everyone? Nope. There are people out there who don’t like ZFS. Which is totally fine, they don’t need to use it after all. But worse: There are people who actively hate ZFS and think that others should not use it. Ok, it’s nothing new that some random guys on the net are acting like assholes, trying to tell you what you must not do, right? Whoever has been online for more than a couple of days probably already got used to it. Unfortunately its still worse: One such spoilsport is Greg Kroah-Hartman, Linux guru and informal second-in-command after Linus Torvalds.<br>
30685 There have been some attempts to defend the stance of this kernel developer. One was to point at the fact that the “ZFS on Linux” (ZoL) port uses two kernel functions, __kernel_fpu_begin() and __kernel_fpu_end(), which have been deprecated for a very long time and that it makes sense to finally get rid of them since nothing in-kernel uses it anymore. Nobody is going to argue against that. The problem becomes clear by looking at the bigger picture, though:<br>
30686 The need for functions doing just what the old ones did has of course not vanished. The functions have been replaced with other ones. And those ones are deliberately made GPL-only. Yes, that’s right: There’s no technical reason whatsoever! It’s purely ideology – and it’s a terrible one.</p>
30687 </blockquote>
30688
30689 <p><hr></p>
30690
30691 <h3><a href="https://clonos.tekroutine.com/">ClonOS 19.01-RELEASE</a></h3>
30692
30693 <blockquote>
30694 <p>ClonOS is a turnkey Open Source platform based on FreeBSD and the CBSD framework. ClonOS offers a complete web UI for easily controlling, deploying and managing FreeBSD jails containers and Bhyve/Xen hyperviser virtual environments.<br>
30695 ClonOS is currently the only platform available which allow both Xen and Bhyve hypervisor to coexist on the same host. Being a FreeBSD base platform, ClonOS ability to create and manage jails allows you to run FreeBSD applications without losing performance.</p>
30696 </blockquote>
30697
30698 <ul>
30699 <li>
30700 <p>Features:</p>
30701 </li>
30702 <li>
30703 <p>easy management via web UI interface</p>
30704 </li>
30705 <li>
30706 <p>live Bhyve migration [coming soon, roadmap]</p>
30707 </li>
30708 <li>
30709 <p>Bhyve management (create, delete VM)</p>
30710 </li>
30711 <li>
30712 <p>Xen management (create, delete VM) [coming soon, roadmap]</p>
30713 </li>
30714 <li>
30715 <p>connection to the “physical” guest console via VNC from the browser or directly</p>
30716 </li>
30717 <li>
30718 <p>Real time system monitoring</p>
30719 </li>
30720 <li>
30721 <p>access to load statistics through SQLite3 and beanstalkd</p>
30722 </li>
30723 <li>
30724 <p>support for ZFS features (cloning, snapshots)</p>
30725 </li>
30726 <li>
30727 <p>import/export of virtual environments</p>
30728 </li>
30729 <li>
30730 <p>public repository with virtual machine templates</p>
30731 </li>
30732 <li>
30733 <p>puppet-based helpers for configuring popular services</p>
30734 </li>
30735 <li>
30736 <p>ClonOS is a free open-source FreeBSD-based platform for virtual environments creation and management. In the core:</p>
30737 </li>
30738 <li>
30739 <p>FreeBSD OS as hoster platform</p>
30740 </li>
30741 <li>
30742 <p>bhyve(8) as hypervisor engine</p>
30743 </li>
30744 <li>
30745 <p>Xen as hypervisor engine</p>
30746 </li>
30747 <li>
30748 <p>vale(4) as Virtual Ethernet Switch</p>
30749 </li>
30750 <li>
30751 <p>jail(8) as container engine</p>
30752 </li>
30753 <li>
30754 <p>CBSD Project as management tools</p>
30755 </li>
30756 <li>
30757 <p>Puppet as configuration management</p>
30758 </li>
30759 </ul>
30760
30761 <p><hr></p>
30762
30763 <h2>Beastie Bits</h2>
30764
30765 <ul>
30766 <li><a href="https://www.undeadly.org/cgi?action=article;sid=20190128061321">Florian Obser on unwind(8)</a></li>
30767 <li><a href="https://www.reddit.com/r/commandline/comments/amq947/a_low_tech_sms_gateway_for_fun_and_no_profit/">A low tech SMS gateway for fun and no profit</a></li>
30768 <li><a href="https://fosdem.org/2019/schedule/event/netflix_freebsd/attachments/slides/3103/export/events/attachments/netflix_freebsd/slides/3103/FOSDEM_2019_Netflix_and_FreeBSD.pdf">Netflix and FreeBSD : Using Open Source to Deliver Streaming Video</a></li>
30769 <li><a href="https://github.com/lonkamikaze/powerdxx/releases/tag/0.4.0">powerd++ 0.4.0 release</a></li>
30770 <li><a href="https://www.infoq.com/presentations/os-rust">Is it time to rewrite the operating system in Rust?</a></li>
30771 <li><a href="https://svnweb.freebsd.org/changeset/base/343673">Small change, big effect</a></li>
30772 <li><a href="https://www.meetup.com/BSD-Users-Stockholm/events/257281738/">Swedish BSD Meetup, Feb 19, 2019</a></li>
30773 <li><a href="https://www.meetup.com/en-US/Polish-BSD-User-Group/events/zkhlnqyzdbsb/">Polish BSD User Group Meetup, Feb 21, 2019</a></li>
30774 </ul>
30775
30776 <p><hr></p>
30777
30778 <h2>Feedback/Questions</h2>
30779
30780 <ul>
30781 <li>Casey - <a href="http://dpaste.com/2MA7HRV#wrap">Cool new Digital Ocean Feature</a></li>
30782 <li>Morgan - <a href="http://dpaste.com/1QDAMYJ#wrap">Jail w/differnet version of FreeBSD</a></li>
30783 <li>Brad - <a href="http://dpaste.com/2XG5KXN#wrap">FreeBSD Installer</a></li>
30784 </ul>
30785
30786 <p><hr></p>
30787
30788 <ul>
30789 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
30790 </ul>
30791
30792 <p><hr></p>]]>
30793 </content:encoded>
30794 <itunes:summary>
30795 <![CDATA[<p>We recap FOSDEM 2019, FreeBSD Foundation January update, OPNsense 19.1 released, the hardware-assisted virtualization challenge, ZFS and GPL terror, ClonOS 19.01-RELEASE, and more.</p>
30796
30797 <h1>Headlines</h1>
30798
30799 <h3><a href="https://fosdem.org/2019/schedule/">FOSDEM 2019 Recap</a></h3>
30800
30801 <ul>
30802 <li>Allan and I were at FOSDEM 2019 in Brussels, Belgium over the weekend.</li>
30803 <li>On the Friday before, we held a FreeBSD Devsummit in a hotel conference room, with 25 people attending. We talked about various topics of interest to the project. You can find the <a href="https://wiki.freebsd.org/Devsummit/201902">notes on the wiki page</a>.</li>
30804 <li>Saturday was the first day of FOSDEM. The FreeBSD Project had a table next to the Illumos Project again. A lot of people visited our table, asked questions, or just said “Hi, I watch <a href="http://BSDNow.tv">BSDNow.tv</a> every week”. We handed out a lot of stickers, pens, swag, and flyers. There was also a full day <a href="https://twitter.com/fosdembsd">BSD devroom</a>, with a <a href="https://fosdem.org/2019/schedule/track/bsd/">variety of talks</a> that were well attended.</li>
30805 <li>In the main conference track, Allan held a <a href="https://fosdem.org/2019/schedule/event/zfs_caching/">talk explaining how the ZFS ARC works</a>. A lot of people attended the talk and had more questions afterwards. Another well attended talk was by Jonathan Looney about <a href="https://fosdem.org/2019/schedule/event/netflix_freebsd/">Netflix and FreeBSD</a>.</li>
30806 <li>Sunday was another day in the same format, but no bsd devroom. A lot of people visited our table, developers and users alike. A lot of meeting and greeting went on.</li>
30807 <li>Overall, FOSDEM was a great success with FreeBSD showing a lot of presence. Thanks to all the people who attended and talked to us. Special thanks to the people who helped out at the FreeBSD table and Rodrigo Osorio for running the BSD devroom again.</li>
30808 </ul>
30809
30810 <h3><a href="https://www.freebsdfoundation.org/news-and-events/newsletter/freebsd-foundation-update-january-2019/">FreeBSD Foundation Update, January 2019</a></h3>
30811
30812 <blockquote>
30813 <p>Dear FreeBSD Community Member,<br>
30814 Happy New Year! It’s always exciting starting the new year with ambitious plans to support FreeBSD in new and existing areas. We achieved our fundraising goal for 2018, so we plan on funding a lot of work this year! Though it’s the new year, this newsletter highlights some of the work we accomplished in December. We also put together a list of technologies and features we are considering supporting, and are looking for feedback on what users want to help inform our 2019 development plans. Our advocacy and education efforts are in full swing as we prepare for upcoming conferences including FOSDEM, SANOG33, and SCaLE.<br>
30815 Finally, we created a year-end video to talk about the work we did in 2018. That in itself was an endeavor, so please take a few minutes to watch it! We’re working on improving the methods we use to inform the community on the work we are doing to support the Project, and are always open to feedback. Now, sit back, grab a refreshing beverage, and enjoy our newsletter!<br>
30816 Happy reading!!<br>
30817 Deb</p>
30818 </blockquote>
30819
30820 <p><hr></p>
30821
30822 <h3><a href="https://forum.opnsense.org/index.php?topic=11398.0">OPNsense 19.1 released</a></h3>
30823
30824 <blockquote>
30825 <p>For more than four years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.<br>
30826 The 19.1 release, nicknamed “Inspiring Iguana”, consists of a total of 620 individual changes since 18.7 came out 6 months ago, spread out over 12 intermediate releases including the recent release candidates. That is the average of 2 stable releases per month, security updates and important bug fixes included! If we had to pick a few highlights it would be: The firewall alias API is finally in place. The migration to HardenedBSD 11.2 has been completed. 2FA now works with a remote LDAP / local TOTP combination. And the OpenVPN client export was rewritten for full API support as well.</p>
30827 </blockquote>
30828
30829 <ul>
30830 <li>
30831 <p>These are the most prominent changes since version 18.7:</p>
30832 </li>
30833 <li>
30834 <p>fully functional firewall alias API</p>
30835 </li>
30836 <li>
30837 <p>PIE firewall shaper support</p>
30838 </li>
30839 <li>
30840 <p>firewall NAT rule logging support</p>
30841 </li>
30842 <li>
30843 <p>2FA via LDAP-TOTP combination</p>
30844 </li>
30845 <li>
30846 <p>WPAD / PAC and parent proxy support in the web proxy</p>
30847 </li>
30848 <li>
30849 <p>P12 certificate export with custom passwords</p>
30850 </li>
30851 <li>
30852 <p>Dpinger is now the default gateway monitor</p>
30853 </li>
30854 <li>
30855 <p>ET Pro Telemetry edition plugin[2]</p>
30856 </li>
30857 <li>
30858 <p>extended IPv6 DUID support</p>
30859 </li>
30860 <li>
30861 <p>Dnsmasq DNSSEC support</p>
30862 </li>
30863 <li>
30864 <p>OpenVPN client export API</p>
30865 </li>
30866 <li>
30867 <p>Realtek NIC driver version 1.95</p>
30868 </li>
30869 <li>
30870 <p>HardenedBSD 11.2, LibreSSL 2.7</p>
30871 </li>
30872 <li>
30873 <p>Unbound 1.8, Suricata 4.1</p>
30874 </li>
30875 <li>
30876 <p>Phalcon 3.4, Perl 5.28</p>
30877 </li>
30878 <li>
30879 <p>firmware health check extended to cover all OS files, HTTPS mirror default</p>
30880 </li>
30881 <li>
30882 <p>updates are browser cache-safe regarding CSS and JavaScript assets</p>
30883 </li>
30884 <li>
30885 <p>collapsible side bar menu in the default theme</p>
30886 </li>
30887 <li>
30888 <p>language updates for Chinese, Czech, French, German, Japanese, Portuguese and Russian</p>
30889 </li>
30890 <li>
30891 <p>API backup export, Bind, Hardware widget, Nginx, Ntopng, VnStat and Dnscrypt-proxy plugins</p>
30892 </li>
30893 <li>
30894 <p>Here are the full changes against version 19.1-RC2:</p>
30895 </li>
30896 <li>
30897 <p>ipsec: add firewall interface as soon as phase 1 is enabled</p>
30898 </li>
30899 <li>
30900 <p>ipsec: phase 1 selection GUI JavaScript compatibility fix</p>
30901 </li>
30902 <li>
30903 <p>monit: widget improvements and bug fix (contributed by Frank Brendel)</p>
30904 </li>
30905 <li>
30906 <p>ui: fix regression in single host or network subnet select in static pages</p>
30907 </li>
30908 <li>
30909 <p>plugins: os-frr 1.7 updates OSFP outbound rules (contributed by Fabian Franz)</p>
30910 </li>
30911 <li>
30912 <p>plugins: os-telegraf 1.7.4 fixes packet filter input</p>
30913 </li>
30914 <li>
30915 <p>plugins: os-theme-rebellion 1.8.2 adds image colour invert</p>
30916 </li>
30917 <li>
30918 <p>plugins: os-vnstat 1.1[3]</p>
30919 </li>
30920 <li>
30921 <p>plugins: os-zabbix-agent now uses Zabbix version 4.0</p>
30922 </li>
30923 <li>
30924 <p>src: revert mmc_calculate_clock() as HS200/HS400 support breaks legacy support</p>
30925 </li>
30926 <li>
30927 <p>src: update sqlite3-3.20.0 to sqlite3-3.26.0[4]</p>
30928 </li>
30929 <li>
30930 <p>src: import tzdata 2018h, 2018i[5]</p>
30931 </li>
30932 <li>
30933 <p>src: avoid unsynchronized updates to kn_status[6]</p>
30934 </li>
30935 <li>
30936 <p>ports: ca_root_nss 3.42</p>
30937 </li>
30938 <li>
30939 <p>ports: dhcp6c 20190128 prevent rawops double-free (contributed by Team Rebellion)</p>
30940 </li>
30941 <li>
30942 <p>ports: sudo patch to fix listpw=never[7]</p>
30943 </li>
30944 </ul>
30945
30946 <p><hr></p>
30947
30948 <h2>News Roundup</h2>
30949
30950 <h3><a href="https://blog.netbsd.org/tnf/entry/the_hardware_assisted_virtualization_challenge">The hardware-assisted virtualization challenge</a></h3>
30951
30952 <blockquote>
30953 <p>Over two years ago, I made a pledge to use NetBSD as my sole OS and only operating system, and to resist booting into any other OS until I had implemented hardware-accelerated virtualization in the NetBSD kernel (the equivalent of Linux’ KVM, or Hyper-V).<br>
30954 Today, I am here to report: Mission Accomplished!<br>
30955 It’s been a long road, but we now have hardware-accelerated virtualization in the kernel! And while I had only initially planned to get Oracle VirtualBox working, I have with the help of the Intel HAXM engine (the same backend used for virtualization in Android Studio) and a qemu frontend, successfully managed to boot a range of mainstream operating systems.</p>
30956 </blockquote>
30957
30958 <p><hr></p>
30959
30960 <h3><a href="https://eerielinux.wordpress.com/2019/01/28/zfs-and-gpl-terror-how-much-freedom-is-there-in-linux/">ZFS and GPL terror: How much freedom is there in Linux?</a></h3>
30961
30962 <ul>
30963 <li>ZFS – the undesirable guest</li>
30964 </ul>
30965
30966 <blockquote>
30967 <p>ZFS is todays most advanced filesystem. It originated on the Solaris operating system and thanks to Sun’s decision to open it up, we have it available on quite a number of Unix-like operating systems. That’s just great! Great for everyone.<br>
30968 For everyone? Nope. There are people out there who don’t like ZFS. Which is totally fine, they don’t need to use it after all. But worse: There are people who actively hate ZFS and think that others should not use it. Ok, it’s nothing new that some random guys on the net are acting like assholes, trying to tell you what you must not do, right? Whoever has been online for more than a couple of days probably already got used to it. Unfortunately its still worse: One such spoilsport is Greg Kroah-Hartman, Linux guru and informal second-in-command after Linus Torvalds.<br>
30969 There have been some attempts to defend the stance of this kernel developer. One was to point at the fact that the “ZFS on Linux” (ZoL) port uses two kernel functions, __kernel_fpu_begin() and __kernel_fpu_end(), which have been deprecated for a very long time and that it makes sense to finally get rid of them since nothing in-kernel uses it anymore. Nobody is going to argue against that. The problem becomes clear by looking at the bigger picture, though:<br>
30970 The need for functions doing just what the old ones did has of course not vanished. The functions have been replaced with other ones. And those ones are deliberately made GPL-only. Yes, that’s right: There’s no technical reason whatsoever! It’s purely ideology – and it’s a terrible one.</p>
30971 </blockquote>
30972
30973 <p><hr></p>
30974
30975 <h3><a href="https://clonos.tekroutine.com/">ClonOS 19.01-RELEASE</a></h3>
30976
30977 <blockquote>
30978 <p>ClonOS is a turnkey Open Source platform based on FreeBSD and the CBSD framework. ClonOS offers a complete web UI for easily controlling, deploying and managing FreeBSD jails containers and Bhyve/Xen hyperviser virtual environments.<br>
30979 ClonOS is currently the only platform available which allow both Xen and Bhyve hypervisor to coexist on the same host. Being a FreeBSD base platform, ClonOS ability to create and manage jails allows you to run FreeBSD applications without losing performance.</p>
30980 </blockquote>
30981
30982 <ul>
30983 <li>
30984 <p>Features:</p>
30985 </li>
30986 <li>
30987 <p>easy management via web UI interface</p>
30988 </li>
30989 <li>
30990 <p>live Bhyve migration [coming soon, roadmap]</p>
30991 </li>
30992 <li>
30993 <p>Bhyve management (create, delete VM)</p>
30994 </li>
30995 <li>
30996 <p>Xen management (create, delete VM) [coming soon, roadmap]</p>
30997 </li>
30998 <li>
30999 <p>connection to the “physical” guest console via VNC from the browser or directly</p>
31000 </li>
31001 <li>
31002 <p>Real time system monitoring</p>
31003 </li>
31004 <li>
31005 <p>access to load statistics through SQLite3 and beanstalkd</p>
31006 </li>
31007 <li>
31008 <p>support for ZFS features (cloning, snapshots)</p>
31009 </li>
31010 <li>
31011 <p>import/export of virtual environments</p>
31012 </li>
31013 <li>
31014 <p>public repository with virtual machine templates</p>
31015 </li>
31016 <li>
31017 <p>puppet-based helpers for configuring popular services</p>
31018 </li>
31019 <li>
31020 <p>ClonOS is a free open-source FreeBSD-based platform for virtual environments creation and management. In the core:</p>
31021 </li>
31022 <li>
31023 <p>FreeBSD OS as hoster platform</p>
31024 </li>
31025 <li>
31026 <p>bhyve(8) as hypervisor engine</p>
31027 </li>
31028 <li>
31029 <p>Xen as hypervisor engine</p>
31030 </li>
31031 <li>
31032 <p>vale(4) as Virtual Ethernet Switch</p>
31033 </li>
31034 <li>
31035 <p>jail(8) as container engine</p>
31036 </li>
31037 <li>
31038 <p>CBSD Project as management tools</p>
31039 </li>
31040 <li>
31041 <p>Puppet as configuration management</p>
31042 </li>
31043 </ul>
31044
31045 <p><hr></p>
31046
31047 <h2>Beastie Bits</h2>
31048
31049 <ul>
31050 <li><a href="https://www.undeadly.org/cgi?action=article;sid=20190128061321">Florian Obser on unwind(8)</a></li>
31051 <li><a href="https://www.reddit.com/r/commandline/comments/amq947/a_low_tech_sms_gateway_for_fun_and_no_profit/">A low tech SMS gateway for fun and no profit</a></li>
31052 <li><a href="https://fosdem.org/2019/schedule/event/netflix_freebsd/attachments/slides/3103/export/events/attachments/netflix_freebsd/slides/3103/FOSDEM_2019_Netflix_and_FreeBSD.pdf">Netflix and FreeBSD : Using Open Source to Deliver Streaming Video</a></li>
31053 <li><a href="https://github.com/lonkamikaze/powerdxx/releases/tag/0.4.0">powerd++ 0.4.0 release</a></li>
31054 <li><a href="https://www.infoq.com/presentations/os-rust">Is it time to rewrite the operating system in Rust?</a></li>
31055 <li><a href="https://svnweb.freebsd.org/changeset/base/343673">Small change, big effect</a></li>
31056 <li><a href="https://www.meetup.com/BSD-Users-Stockholm/events/257281738/">Swedish BSD Meetup, Feb 19, 2019</a></li>
31057 <li><a href="https://www.meetup.com/en-US/Polish-BSD-User-Group/events/zkhlnqyzdbsb/">Polish BSD User Group Meetup, Feb 21, 2019</a></li>
31058 </ul>
31059
31060 <p><hr></p>
31061
31062 <h2>Feedback/Questions</h2>
31063
31064 <ul>
31065 <li>Casey - <a href="http://dpaste.com/2MA7HRV#wrap">Cool new Digital Ocean Feature</a></li>
31066 <li>Morgan - <a href="http://dpaste.com/1QDAMYJ#wrap">Jail w/differnet version of FreeBSD</a></li>
31067 <li>Brad - <a href="http://dpaste.com/2XG5KXN#wrap">FreeBSD Installer</a></li>
31068 </ul>
31069
31070 <p><hr></p>
31071
31072 <ul>
31073 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
31074 </ul>
31075
31076 <p><hr></p>]]>
31077 </itunes:summary>
31078 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+YZcPrD44</fireside:playerURL>
31079 <fireside:playerEmbedCode>
31080 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+YZcPrD44" width="740" height="200" frameborder="0" scrolling="no">]]>
31081 </fireside:playerEmbedCode>
31082 </item>
31083 <item>
31084 <title>283: Graphical Interface-View</title>
31085 <link>https://www.bsdnow.tv/283</link>
31086 <guid isPermaLink="false">e11d6e25-000c-4424-b4fa-cda93c336f73</guid>
31087 <pubDate>Thu, 31 Jan 2019 08:00:00 -0800</pubDate>
31088 <author>Allan Jude</author>
31089 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/e11d6e25-000c-4424-b4fa-cda93c336f73.mp3" length="28233037" type="audio/mp3"/>
31090 <itunes:episodeType>full</itunes:episodeType>
31091 <itunes:author>Allan Jude</itunes:author>
31092 <itunes:subtitle>We’re at FOSDEM 2019 this week having fun. We’d never leave you in a lurch, so we have recorded an interview with Niclas Zeising of the FreeBSD graphics team for you. Enjoy. </itunes:subtitle>
31093 <itunes:duration>46:44</itunes:duration>
31094 <itunes:explicit>no</itunes:explicit>
31095 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
31096 <description>We’re at FOSDEM 2019 this week having fun. We’d never leave you in a lurch, so we have recorded an interview with Niclas Zeising of the FreeBSD graphics team for you. Enjoy.
31097 <p>##Interview - Niclas Zeising - <a href="mailto:zeising@FreeBSD.org">zeising@FreeBSD.org</a> / <a href="https://twitter.com/niclaszeising">@niclaszeising</a><br>
31098 Interview topic: FreeBSD Graphics Stack</p>
31099 <ul>
31100 <li>BR: Welcome Niclas. Since this is your first time on BSDNow, can you tell us a bit about yourself and how you started with Unix/BSD?</li>
31101 <li>AJ: What made you start working in the FreeBSD graphics stack?</li>
31102 <li>BR: What is the current status with the FreeBSD graphics stack?</li>
31103 <li>AJ: What challenges do you face in the FreeBSD graphics stack?</li>
31104 <li>BR: How many people are working in the graphics team and what kind of help do you need there?</li>
31105 <li>AJ: You’re also involved in FreeBSD ports and held a poudriere tutorial at last years EuroBSDcon. What kind of feedback did you get and will you give that tutorial again?</li>
31106 <li>BR: You’ve been organizing the Stockholm BSD user group meeting. Can you tell us a bit about that, what’s involved, how is it structured?</li>
31107 <li>AJ: What conferences do you go to where people could talk to you?</li>
31108 <li>BR: Is there anything else you’d like to mention before we let you go?</li>
31109 </ul>
31110 <hr>
31111 <p>##Feedback/Questions</p>
31112 <ul>
31113 <li>Casey - <a href="http://dpaste.com/33XCN5X#wrap">TrueOS</a></li>
31114 <li>Troels - <a href="http://dpaste.com/31M2SN6">zfs send vs zfs send -R</a></li>
31115 <li>matclarke - <a href="http://dpaste.com/16WDCW0">Orphaned packages</a></li>
31116 </ul>
31117 <hr>
31118 <ul>
31119 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
31120 </ul>
31121 <hr>
31122 </description>
31123 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview</itunes:keywords>
31124 <content:encoded>
31125 <![CDATA[<p>We’re at FOSDEM 2019 this week having fun. We’d never leave you in a lurch, so we have recorded an interview with Niclas Zeising of the FreeBSD graphics team for you. Enjoy. </p>
31126
31127 <p>##Interview - Niclas Zeising - <a href="mailto:zeising@FreeBSD.org">zeising@FreeBSD.org</a> / <a href="https://twitter.com/niclaszeising">@niclaszeising</a><br>
31128 Interview topic: FreeBSD Graphics Stack</p>
31129
31130 <ul>
31131 <li>BR: Welcome Niclas. Since this is your first time on BSDNow, can you tell us a bit about yourself and how you started with Unix/BSD?</li>
31132 <li>AJ: What made you start working in the FreeBSD graphics stack?</li>
31133 <li>BR: What is the current status with the FreeBSD graphics stack?</li>
31134 <li>AJ: What challenges do you face in the FreeBSD graphics stack?</li>
31135 <li>BR: How many people are working in the graphics team and what kind of help do you need there?</li>
31136 <li>AJ: You’re also involved in FreeBSD ports and held a poudriere tutorial at last years EuroBSDcon. What kind of feedback did you get and will you give that tutorial again?</li>
31137 <li>BR: You’ve been organizing the Stockholm BSD user group meeting. Can you tell us a bit about that, what’s involved, how is it structured?</li>
31138 <li>AJ: What conferences do you go to where people could talk to you?</li>
31139 <li>BR: Is there anything else you’d like to mention before we let you go?</li>
31140 </ul>
31141
31142 <p><hr></p>
31143
31144 <p>##Feedback/Questions</p>
31145
31146 <ul>
31147 <li>Casey - <a href="http://dpaste.com/33XCN5X#wrap">TrueOS</a></li>
31148 <li>Troels - <a href="http://dpaste.com/31M2SN6">zfs send vs zfs send -R</a></li>
31149 <li>matclarke - <a href="http://dpaste.com/16WDCW0">Orphaned packages</a></li>
31150 </ul>
31151
31152 <p><hr></p>
31153
31154 <ul>
31155 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
31156 </ul>
31157
31158 <p><hr></p>]]>
31159 </content:encoded>
31160 <itunes:summary>
31161 <![CDATA[<p>We’re at FOSDEM 2019 this week having fun. We’d never leave you in a lurch, so we have recorded an interview with Niclas Zeising of the FreeBSD graphics team for you. Enjoy. </p>
31162
31163 <p>##Interview - Niclas Zeising - <a href="mailto:zeising@FreeBSD.org">zeising@FreeBSD.org</a> / <a href="https://twitter.com/niclaszeising">@niclaszeising</a><br>
31164 Interview topic: FreeBSD Graphics Stack</p>
31165
31166 <ul>
31167 <li>BR: Welcome Niclas. Since this is your first time on BSDNow, can you tell us a bit about yourself and how you started with Unix/BSD?</li>
31168 <li>AJ: What made you start working in the FreeBSD graphics stack?</li>
31169 <li>BR: What is the current status with the FreeBSD graphics stack?</li>
31170 <li>AJ: What challenges do you face in the FreeBSD graphics stack?</li>
31171 <li>BR: How many people are working in the graphics team and what kind of help do you need there?</li>
31172 <li>AJ: You’re also involved in FreeBSD ports and held a poudriere tutorial at last years EuroBSDcon. What kind of feedback did you get and will you give that tutorial again?</li>
31173 <li>BR: You’ve been organizing the Stockholm BSD user group meeting. Can you tell us a bit about that, what’s involved, how is it structured?</li>
31174 <li>AJ: What conferences do you go to where people could talk to you?</li>
31175 <li>BR: Is there anything else you’d like to mention before we let you go?</li>
31176 </ul>
31177
31178 <p><hr></p>
31179
31180 <p>##Feedback/Questions</p>
31181
31182 <ul>
31183 <li>Casey - <a href="http://dpaste.com/33XCN5X#wrap">TrueOS</a></li>
31184 <li>Troels - <a href="http://dpaste.com/31M2SN6">zfs send vs zfs send -R</a></li>
31185 <li>matclarke - <a href="http://dpaste.com/16WDCW0">Orphaned packages</a></li>
31186 </ul>
31187
31188 <p><hr></p>
31189
31190 <ul>
31191 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
31192 </ul>
31193
31194 <p><hr></p>]]>
31195 </itunes:summary>
31196 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+E3ab2i-f</fireside:playerURL>
31197 <fireside:playerEmbedCode>
31198 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+E3ab2i-f" width="740" height="200" frameborder="0" scrolling="no">]]>
31199 </fireside:playerEmbedCode>
31200 </item>
31201 <item>
31202 <title>282: Open the Rsync</title>
31203 <link>https://www.bsdnow.tv/282</link>
31204 <guid isPermaLink="false">081a14d7-ba00-43d2-9be7-ea1a189ed2e2</guid>
31205 <pubDate>Thu, 24 Jan 2019 08:00:00 -0800</pubDate>
31206 <author>Allan Jude</author>
31207 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/081a14d7-ba00-43d2-9be7-ea1a189ed2e2.mp3" length="36986923" type="audio/mp3"/>
31208 <itunes:episodeType>full</itunes:episodeType>
31209 <itunes:author>Allan Jude</itunes:author>
31210 <itunes:subtitle>Project Trident 18.12 released, Spotifyd on NetBSD, OPNsense 18.7.10 is available, Ultra EPYC AMD Powered Sun Ultra 24 Workstation, OpenRsync, LLD porting to NetBSD, and more.</itunes:subtitle>
31211 <itunes:duration>1:01:20</itunes:duration>
31212 <itunes:explicit>no</itunes:explicit>
31213 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
31214 <description>Project Trident 18.12 released, Spotifyd on NetBSD, OPNsense 18.7.10 is available, Ultra EPYC AMD Powered Sun Ultra 24 Workstation, OpenRsync, LLD porting to NetBSD, and more.
31215 <p>##Headlines</p>
31216 <p>###<a href="https://2019.asiabsdcon.org/cfp.html.en">AsiaBSDCon 2019 Call for Papers</a></p>
31217 <ul>
31218 <li>You have until Jan 30th to submit</li>
31219 <li>Full paper requirement is relaxed a bit this year (this year ONLY!) due to the short submission window. You don’t need all 10-12 pages, but it is still preferred.</li>
31220 <li>Send a message to <a href="mailto:secretary@asiabsdcon.org">secretary@asiabsdcon.org</a> with your proposal. Could be either for a talk or a tutorial.</li>
31221 <li>Two days of tutorials/devsummit and two days of conference during Sakura season in Tokyo, Japan</li>
31222 <li>The conference is also looking for sponsors</li>
31223 <li>If accepted, flight and hotel is paid for by the conference</li>
31224 </ul>
31225 <hr>
31226 <p>###<a href="http://project-trident.org/post/2019-01-15_18.12-release_available/">Project Trident 18.12 Released</a></p>
31227 <ul>
31228 <li><a href="https://twitter.com/tridentproject">Twitter account if you want to keep up on project news</a></li>
31229 <li><a href="https://twitter.com/TridentProject/status/1086010032662237185">Screenshots</a></li>
31230 <li><a href="https://t.me/ProjectTrident">Project Trident Community Telegram Channel</a></li>
31231 <li><a href="https://distrowatch.com/?newsid=10442">DistroWatch Page</a></li>
31232 <li><a href="https://linuxactionnews.com/89?t=395">LinuxActionNews Review</a></li>
31233 <li><a href="https://www.youtube.com/watch?v=QjiR1KiacrQ">RoboNuggie’s in depth review</a></li>
31234 </ul>
31235 <hr>
31236 <p>###<a href="https://atomicules.co.uk/2019/01/17/Building-Spotifyd-on-NetBSD.html">Building Spotifyd on NetBSD</a></p>
31237 <blockquote>
31238 <p>These are the steps I went through to build and run Spotifyd (this commit at the time of writing) on NetBSD AMD64. It’s a Spotify Connect client so it means I still need to control Spotify from another device (typically my phone), but the audio is played through my desktop… which is where my speakers and headphones are plugged in - it means I don’t have to unplug stuff and re-plug into my phone, work laptop, etc. This is 100% a “good enough for now solution” for me; I have had a quick play with the Go based microcontroller from spotcontrol and that allows a completely NetBSD only experience (although it is just an example application so doesn’t provide many features - great as a basis to build on though).</p>
31239 </blockquote>
31240 <hr>
31241 <p>##News Roundup</p>
31242 <p>###<a href="https://opnsense.org/opnsense-18-7-10-released/">OPNsense 18.7.10 released</a></p>
31243 <blockquote>
31244 <p>2019 means 19.1 is almost here. In the meantime accept this small<br>
31245 incremental update with goodies such as Suricata 4.1, custom passwords<br>
31246 for P12 certificate export as well as fresh fixes in the FreeBSD base.<br>
31247 A lot of cleanups went into this update to make sure there will be a<br>
31248 smooth transition to 19.1-RC for you early birds. We expect RC1 in 1-2<br>
31249 weeks and the final 19.1 on January 29.</p>
31250 </blockquote>
31251 <hr>
31252 <p>###<a href="https://www.servethehome.com/introducing-the-ultra-epyc-amd-powered-sun-ultra-24-workstation/">Introducing the Ultra EPYC AMD Powered Sun Ultra 24 Workstation</a></p>
31253 <blockquote>
31254 <p>A few weeks ago, I got an itch to build a workstation with AMD EPYC. There are a few constraints. First, I needed a higher-clock part. Second, I knew the whole build would be focused more on being an ultra high-end workstation rather than simply utilizing gaming components. With that, I decided it was time to hit on a bit of nostalgia for our readers. Mainly, I wanted to do an homage to Sun Microsystems. Sun made the server gear that the industry ran on for years, and as a fun fact, if you go behind the 1 Hacker Way sign at Facebook’s campus, they left the Sun Microsystems logo. Seeing that made me wonder if we could do an ultimate AMD EPYC build in a Sun Microsystems workstation.</p>
31255 </blockquote>
31256 <hr>
31257 <p>###<a href="https://github.com/kristapsdz/openrsync">OpenRsync</a></p>
31258 <blockquote>
31259 <p>This is a clean-room implementation of rsync with a BSD (ISC) license. It is designed to be compatible with a modern rsync (3.1.3 is used for testing). It currently compiles and runs only on OpenBSD.<br>
31260 This project is still very new and very fast-moving.<br>
31261 It’s not ready for wide-spread testing. Or even narrow-spread beyond getting all of the bits to work. It’s not ready for strong attention. Or really any attention but by careful programming.<br>
31262 Many have asked about portability. We’re just not there yet, folks. But don’t worry, the system is easily portable. The hard part for porters is matching OpenBSD’s pledge and unveil.</p>
31263 </blockquote>
31264 <hr>
31265 <p>###<a href="https://blog.netbsd.org/tnf/entry/the_first_report_on_lld">The first report on LLD porting</a></p>
31266 <blockquote>
31267 <p>LLD is the link editor (linker) component of Clang toolchain. Its main advantage over GNU ld is much lower memory footprint, and linking speed. It is of specific interest to me since currently 8 GiB of memory are insufficient to link LLVM statically (which is the upstream default).<br>
31268 The first goal of LLD porting is to ensure that LLD can produce working NetBSD executables, and be used to build LLVM itself. Then, it is desirable to look into trying to build additional NetBSD components, and eventually into replacing /usr/bin/ld entirely with lld.<br>
31269 In this report, I would like to shortly summarize the issues I have found so far trying to use LLD on NetBSD.</p>
31270 </blockquote>
31271 <hr>
31272 <p>###<a href="https://euroquis.nl/bobulate/?p=2044">Ring in the new</a></p>
31273 <blockquote>
31274 <p>It’s the second week of 2019 already, which means I’m curious what Nate is going to do with his series This week in usability … reset the numbering from week 1? That series is a great read, to keep up with all the little things that change in KDE source each week — aside from the release notes.<br>
31275 For the big ticket items of KDE on FreeBSD, you should read this blog instead.</p>
31276 </blockquote>
31277 <ul>
31278 <li>In ports this week (mostly KDE, some unrelated):</li>
31279 <li>KDE Plasma has been updated to the latest release, 5.14.5.</li>
31280 <li>KDE Applications 18.12.1 were released today, so we’re right on top of them.</li>
31281 <li>Marble was fixed for FreeBSD-running-on-Power9.</li>
31282 <li>Musescore caught up on 18 months of releases.</li>
31283 <li>Phonon updated to 4.10.1, along with its backends.</li>
31284 <li>And in development, Qt WebEngine 5.12 has been prepared in the incongruously-named plasma-5.13 branch in Area51; that does contain all the latest bits described above, as well.</li>
31285 </ul>
31286 <hr>
31287 <p>##Beastie Bits</p>
31288 <ul>
31289 <li><a href="http://nomadbsd.org/index.html">NomadBSD 1.2-RC1 Released</a></li>
31290 <li><a href="https://twitter.com/q5sys/status/1086443533681209350">ZFS - The First Enterprise Blockchain</a></li>
31291 <li><a href="https://www.dragonflybsd.org/docs/user/Powersave/?updated">Powersaving with DragonFly laptop</a></li>
31292 <li><a href="https://tests.reproducible-builds.org/netbsd/netbsd.html">NetBSD reaches 100% reproducable builds</a></li>
31293 <li><a href="https://old.reddit.com/r/freebsd/comments/ahs53y/bhyve_web_interface/">Potential Bhyve Web Interface?</a></li>
31294 <li><a href="https://www.reddit.com/r/openbsd_gaming/comments/adi9sm/libgdx_proof_of_concept_on_openbsd_slay_the_spire/">LibGDX proof of concept on OpenBSD</a> - <a href="https://youtu.be/F1loBeHKJt4">Video</a></li>
31295 <li><a href="https://www.pgcli.com/launching-litecli.html">LiteCLI is a user-friendly CommandLine client for SQLite database</a></li>
31296 <li><a href="https://www.youtube.com/playlist?list=PL94E35692EB9D36F3">In honor of Donald Knuth’s 81 birthday Stanford uploaded 111 lectures on Youtube</a></li>
31297 <li><a href="http://dpaste.com/3Q4F6C2">Portland BSD Pizza Night - 2018-01-31 19:00 - Sweet Heart Pizza</a></li>
31298 <li><a href="https://www.meetup.com/BSD-Users-Stockholm/events/257281738/">Stockholm BSD February meetup</a></li>
31299 <li><a href="https://bsd-pl.org/en">Polish BSD User Group: Jan 25 18:15 - 21:00</a></li>
31300 <li><a href="https://2019.asiabsdcon.org/cfp.html.en">AsiaBSDcon 2019 CfP</a></li>
31301 </ul>
31302 <hr>
31303 <p>##Feedback/Questions</p>
31304 <ul>
31305 <li>Greg - <a href="http://dpaste.com/3A6T4HN">VLANs and jails</a></li>
31306 <li>Tara - <a href="http://dpaste.com/1X1E3XS#wrap">ZFS on removable disks</a></li>
31307 <li>Casey - <a href="http://dpaste.com/08HZ6FP#wrap">Interview with Kirk McKusick</a></li>
31308 </ul>
31309 <hr>
31310 <ul>
31311 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
31312 </ul>
31313 <hr>
31314 </description>
31315 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, spotifyd, opnsense, kde, openrsync</itunes:keywords>
31316 <content:encoded>
31317 <![CDATA[<p>Project Trident 18.12 released, Spotifyd on NetBSD, OPNsense 18.7.10 is available, Ultra EPYC AMD Powered Sun Ultra 24 Workstation, OpenRsync, LLD porting to NetBSD, and more.</p>
31318
31319 <p>##Headlines</p>
31320
31321 <p>###<a href="https://2019.asiabsdcon.org/cfp.html.en">AsiaBSDCon 2019 Call for Papers</a></p>
31322
31323 <ul>
31324 <li>You have until Jan 30th to submit</li>
31325 <li>Full paper requirement is relaxed a bit this year (this year ONLY!) due to the short submission window. You don’t need all 10-12 pages, but it is still preferred.</li>
31326 <li>Send a message to <a href="mailto:secretary@asiabsdcon.org">secretary@asiabsdcon.org</a> with your proposal. Could be either for a talk or a tutorial.</li>
31327 <li>Two days of tutorials/devsummit and two days of conference during Sakura season in Tokyo, Japan</li>
31328 <li>The conference is also looking for sponsors</li>
31329 <li>If accepted, flight and hotel is paid for by the conference</li>
31330 </ul>
31331
31332 <p><hr></p>
31333
31334 <p>###<a href="http://project-trident.org/post/2019-01-15_18.12-release_available/">Project Trident 18.12 Released</a></p>
31335
31336 <ul>
31337 <li><a href="https://twitter.com/tridentproject">Twitter account if you want to keep up on project news</a></li>
31338 <li><a href="https://twitter.com/TridentProject/status/1086010032662237185">Screenshots</a></li>
31339 <li><a href="https://t.me/ProjectTrident">Project Trident Community Telegram Channel</a></li>
31340 <li><a href="https://distrowatch.com/?newsid=10442">DistroWatch Page</a></li>
31341 <li><a href="https://linuxactionnews.com/89?t=395">LinuxActionNews Review</a></li>
31342 <li><a href="https://www.youtube.com/watch?v=QjiR1KiacrQ">RoboNuggie’s in depth review</a></li>
31343 </ul>
31344
31345 <p><hr></p>
31346
31347 <p>###<a href="https://atomicules.co.uk/2019/01/17/Building-Spotifyd-on-NetBSD.html">Building Spotifyd on NetBSD</a></p>
31348
31349 <blockquote>
31350 <p>These are the steps I went through to build and run Spotifyd (this commit at the time of writing) on NetBSD AMD64. It’s a Spotify Connect client so it means I still need to control Spotify from another device (typically my phone), but the audio is played through my desktop… which is where my speakers and headphones are plugged in - it means I don’t have to unplug stuff and re-plug into my phone, work laptop, etc. This is 100% a “good enough for now solution” for me; I have had a quick play with the Go based microcontroller from spotcontrol and that allows a completely NetBSD only experience (although it is just an example application so doesn’t provide many features - great as a basis to build on though).</p>
31351 </blockquote>
31352
31353 <p><hr></p>
31354
31355 <p>##News Roundup</p>
31356
31357 <p>###<a href="https://opnsense.org/opnsense-18-7-10-released/">OPNsense 18.7.10 released</a></p>
31358
31359 <blockquote>
31360 <p>2019 means 19.1 is almost here. In the meantime accept this small<br>
31361 incremental update with goodies such as Suricata 4.1, custom passwords<br>
31362 for P12 certificate export as well as fresh fixes in the FreeBSD base.<br>
31363 A lot of cleanups went into this update to make sure there will be a<br>
31364 smooth transition to 19.1-RC for you early birds. We expect RC1 in 1-2<br>
31365 weeks and the final 19.1 on January 29.</p>
31366 </blockquote>
31367
31368 <p><hr></p>
31369
31370 <p>###<a href="https://www.servethehome.com/introducing-the-ultra-epyc-amd-powered-sun-ultra-24-workstation/">Introducing the Ultra EPYC AMD Powered Sun Ultra 24 Workstation</a></p>
31371
31372 <blockquote>
31373 <p>A few weeks ago, I got an itch to build a workstation with AMD EPYC. There are a few constraints. First, I needed a higher-clock part. Second, I knew the whole build would be focused more on being an ultra high-end workstation rather than simply utilizing gaming components. With that, I decided it was time to hit on a bit of nostalgia for our readers. Mainly, I wanted to do an homage to Sun Microsystems. Sun made the server gear that the industry ran on for years, and as a fun fact, if you go behind the 1 Hacker Way sign at Facebook’s campus, they left the Sun Microsystems logo. Seeing that made me wonder if we could do an ultimate AMD EPYC build in a Sun Microsystems workstation.</p>
31374 </blockquote>
31375
31376 <p><hr></p>
31377
31378 <p>###<a href="https://github.com/kristapsdz/openrsync">OpenRsync</a></p>
31379
31380 <blockquote>
31381 <p>This is a clean-room implementation of rsync with a BSD (ISC) license. It is designed to be compatible with a modern rsync (3.1.3 is used for testing). It currently compiles and runs only on OpenBSD.<br>
31382 This project is still very new and very fast-moving.<br>
31383 It’s not ready for wide-spread testing. Or even narrow-spread beyond getting all of the bits to work. It’s not ready for strong attention. Or really any attention but by careful programming.<br>
31384 Many have asked about portability. We’re just not there yet, folks. But don’t worry, the system is easily portable. The hard part for porters is matching OpenBSD’s pledge and unveil.</p>
31385 </blockquote>
31386
31387 <p><hr></p>
31388
31389 <p>###<a href="https://blog.netbsd.org/tnf/entry/the_first_report_on_lld">The first report on LLD porting</a></p>
31390
31391 <blockquote>
31392 <p>LLD is the link editor (linker) component of Clang toolchain. Its main advantage over GNU ld is much lower memory footprint, and linking speed. It is of specific interest to me since currently 8 GiB of memory are insufficient to link LLVM statically (which is the upstream default).<br>
31393 The first goal of LLD porting is to ensure that LLD can produce working NetBSD executables, and be used to build LLVM itself. Then, it is desirable to look into trying to build additional NetBSD components, and eventually into replacing /usr/bin/ld entirely with lld.<br>
31394 In this report, I would like to shortly summarize the issues I have found so far trying to use LLD on NetBSD.</p>
31395 </blockquote>
31396
31397 <p><hr></p>
31398
31399 <p>###<a href="https://euroquis.nl/bobulate/?p=2044">Ring in the new</a></p>
31400
31401 <blockquote>
31402 <p>It’s the second week of 2019 already, which means I’m curious what Nate is going to do with his series This week in usability … reset the numbering from week 1? That series is a great read, to keep up with all the little things that change in KDE source each week — aside from the release notes.<br>
31403 For the big ticket items of KDE on FreeBSD, you should read this blog instead.</p>
31404 </blockquote>
31405
31406 <ul>
31407 <li>In ports this week (mostly KDE, some unrelated):</li>
31408 <li>KDE Plasma has been updated to the latest release, 5.14.5.</li>
31409 <li>KDE Applications 18.12.1 were released today, so we’re right on top of them.</li>
31410 <li>Marble was fixed for FreeBSD-running-on-Power9.</li>
31411 <li>Musescore caught up on 18 months of releases.</li>
31412 <li>Phonon updated to 4.10.1, along with its backends.</li>
31413 <li>And in development, Qt WebEngine 5.12 has been prepared in the incongruously-named plasma-5.13 branch in Area51; that does contain all the latest bits described above, as well.</li>
31414 </ul>
31415
31416 <p><hr></p>
31417
31418 <p>##Beastie Bits</p>
31419
31420 <ul>
31421 <li><a href="http://nomadbsd.org/index.html">NomadBSD 1.2-RC1 Released</a></li>
31422 <li><a href="https://twitter.com/q5sys/status/1086443533681209350">ZFS - The First Enterprise Blockchain</a></li>
31423 <li><a href="https://www.dragonflybsd.org/docs/user/Powersave/?updated">Powersaving with DragonFly laptop</a></li>
31424 <li><a href="https://tests.reproducible-builds.org/netbsd/netbsd.html">NetBSD reaches 100% reproducable builds</a></li>
31425 <li><a href="https://old.reddit.com/r/freebsd/comments/ahs53y/bhyve_web_interface/">Potential Bhyve Web Interface?</a></li>
31426 <li><a href="https://www.reddit.com/r/openbsd_gaming/comments/adi9sm/libgdx_proof_of_concept_on_openbsd_slay_the_spire/">LibGDX proof of concept on OpenBSD</a> - <a href="https://youtu.be/F1loBeHKJt4">Video</a></li>
31427 <li><a href="https://www.pgcli.com/launching-litecli.html">LiteCLI is a user-friendly CommandLine client for SQLite database</a></li>
31428 <li><a href="https://www.youtube.com/playlist?list=PL94E35692EB9D36F3">In honor of Donald Knuth’s 81 birthday Stanford uploaded 111 lectures on Youtube</a></li>
31429 <li><a href="http://dpaste.com/3Q4F6C2">Portland BSD Pizza Night - 2018-01-31 19:00 - Sweet Heart Pizza</a></li>
31430 <li><a href="https://www.meetup.com/BSD-Users-Stockholm/events/257281738/">Stockholm BSD February meetup</a></li>
31431 <li><a href="https://bsd-pl.org/en">Polish BSD User Group: Jan 25 18:15 - 21:00</a></li>
31432 <li><a href="https://2019.asiabsdcon.org/cfp.html.en">AsiaBSDcon 2019 CfP</a></li>
31433 </ul>
31434
31435 <p><hr></p>
31436
31437 <p>##Feedback/Questions</p>
31438
31439 <ul>
31440 <li>Greg - <a href="http://dpaste.com/3A6T4HN">VLANs and jails</a></li>
31441 <li>Tara - <a href="http://dpaste.com/1X1E3XS#wrap">ZFS on removable disks</a></li>
31442 <li>Casey - <a href="http://dpaste.com/08HZ6FP#wrap">Interview with Kirk McKusick</a></li>
31443 </ul>
31444
31445 <p><hr></p>
31446
31447 <ul>
31448 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
31449 </ul>
31450
31451 <p><hr></p>]]>
31452 </content:encoded>
31453 <itunes:summary>
31454 <![CDATA[<p>Project Trident 18.12 released, Spotifyd on NetBSD, OPNsense 18.7.10 is available, Ultra EPYC AMD Powered Sun Ultra 24 Workstation, OpenRsync, LLD porting to NetBSD, and more.</p>
31455
31456 <p>##Headlines</p>
31457
31458 <p>###<a href="https://2019.asiabsdcon.org/cfp.html.en">AsiaBSDCon 2019 Call for Papers</a></p>
31459
31460 <ul>
31461 <li>You have until Jan 30th to submit</li>
31462 <li>Full paper requirement is relaxed a bit this year (this year ONLY!) due to the short submission window. You don’t need all 10-12 pages, but it is still preferred.</li>
31463 <li>Send a message to <a href="mailto:secretary@asiabsdcon.org">secretary@asiabsdcon.org</a> with your proposal. Could be either for a talk or a tutorial.</li>
31464 <li>Two days of tutorials/devsummit and two days of conference during Sakura season in Tokyo, Japan</li>
31465 <li>The conference is also looking for sponsors</li>
31466 <li>If accepted, flight and hotel is paid for by the conference</li>
31467 </ul>
31468
31469 <p><hr></p>
31470
31471 <p>###<a href="http://project-trident.org/post/2019-01-15_18.12-release_available/">Project Trident 18.12 Released</a></p>
31472
31473 <ul>
31474 <li><a href="https://twitter.com/tridentproject">Twitter account if you want to keep up on project news</a></li>
31475 <li><a href="https://twitter.com/TridentProject/status/1086010032662237185">Screenshots</a></li>
31476 <li><a href="https://t.me/ProjectTrident">Project Trident Community Telegram Channel</a></li>
31477 <li><a href="https://distrowatch.com/?newsid=10442">DistroWatch Page</a></li>
31478 <li><a href="https://linuxactionnews.com/89?t=395">LinuxActionNews Review</a></li>
31479 <li><a href="https://www.youtube.com/watch?v=QjiR1KiacrQ">RoboNuggie’s in depth review</a></li>
31480 </ul>
31481
31482 <p><hr></p>
31483
31484 <p>###<a href="https://atomicules.co.uk/2019/01/17/Building-Spotifyd-on-NetBSD.html">Building Spotifyd on NetBSD</a></p>
31485
31486 <blockquote>
31487 <p>These are the steps I went through to build and run Spotifyd (this commit at the time of writing) on NetBSD AMD64. It’s a Spotify Connect client so it means I still need to control Spotify from another device (typically my phone), but the audio is played through my desktop… which is where my speakers and headphones are plugged in - it means I don’t have to unplug stuff and re-plug into my phone, work laptop, etc. This is 100% a “good enough for now solution” for me; I have had a quick play with the Go based microcontroller from spotcontrol and that allows a completely NetBSD only experience (although it is just an example application so doesn’t provide many features - great as a basis to build on though).</p>
31488 </blockquote>
31489
31490 <p><hr></p>
31491
31492 <p>##News Roundup</p>
31493
31494 <p>###<a href="https://opnsense.org/opnsense-18-7-10-released/">OPNsense 18.7.10 released</a></p>
31495
31496 <blockquote>
31497 <p>2019 means 19.1 is almost here. In the meantime accept this small<br>
31498 incremental update with goodies such as Suricata 4.1, custom passwords<br>
31499 for P12 certificate export as well as fresh fixes in the FreeBSD base.<br>
31500 A lot of cleanups went into this update to make sure there will be a<br>
31501 smooth transition to 19.1-RC for you early birds. We expect RC1 in 1-2<br>
31502 weeks and the final 19.1 on January 29.</p>
31503 </blockquote>
31504
31505 <p><hr></p>
31506
31507 <p>###<a href="https://www.servethehome.com/introducing-the-ultra-epyc-amd-powered-sun-ultra-24-workstation/">Introducing the Ultra EPYC AMD Powered Sun Ultra 24 Workstation</a></p>
31508
31509 <blockquote>
31510 <p>A few weeks ago, I got an itch to build a workstation with AMD EPYC. There are a few constraints. First, I needed a higher-clock part. Second, I knew the whole build would be focused more on being an ultra high-end workstation rather than simply utilizing gaming components. With that, I decided it was time to hit on a bit of nostalgia for our readers. Mainly, I wanted to do an homage to Sun Microsystems. Sun made the server gear that the industry ran on for years, and as a fun fact, if you go behind the 1 Hacker Way sign at Facebook’s campus, they left the Sun Microsystems logo. Seeing that made me wonder if we could do an ultimate AMD EPYC build in a Sun Microsystems workstation.</p>
31511 </blockquote>
31512
31513 <p><hr></p>
31514
31515 <p>###<a href="https://github.com/kristapsdz/openrsync">OpenRsync</a></p>
31516
31517 <blockquote>
31518 <p>This is a clean-room implementation of rsync with a BSD (ISC) license. It is designed to be compatible with a modern rsync (3.1.3 is used for testing). It currently compiles and runs only on OpenBSD.<br>
31519 This project is still very new and very fast-moving.<br>
31520 It’s not ready for wide-spread testing. Or even narrow-spread beyond getting all of the bits to work. It’s not ready for strong attention. Or really any attention but by careful programming.<br>
31521 Many have asked about portability. We’re just not there yet, folks. But don’t worry, the system is easily portable. The hard part for porters is matching OpenBSD’s pledge and unveil.</p>
31522 </blockquote>
31523
31524 <p><hr></p>
31525
31526 <p>###<a href="https://blog.netbsd.org/tnf/entry/the_first_report_on_lld">The first report on LLD porting</a></p>
31527
31528 <blockquote>
31529 <p>LLD is the link editor (linker) component of Clang toolchain. Its main advantage over GNU ld is much lower memory footprint, and linking speed. It is of specific interest to me since currently 8 GiB of memory are insufficient to link LLVM statically (which is the upstream default).<br>
31530 The first goal of LLD porting is to ensure that LLD can produce working NetBSD executables, and be used to build LLVM itself. Then, it is desirable to look into trying to build additional NetBSD components, and eventually into replacing /usr/bin/ld entirely with lld.<br>
31531 In this report, I would like to shortly summarize the issues I have found so far trying to use LLD on NetBSD.</p>
31532 </blockquote>
31533
31534 <p><hr></p>
31535
31536 <p>###<a href="https://euroquis.nl/bobulate/?p=2044">Ring in the new</a></p>
31537
31538 <blockquote>
31539 <p>It’s the second week of 2019 already, which means I’m curious what Nate is going to do with his series This week in usability … reset the numbering from week 1? That series is a great read, to keep up with all the little things that change in KDE source each week — aside from the release notes.<br>
31540 For the big ticket items of KDE on FreeBSD, you should read this blog instead.</p>
31541 </blockquote>
31542
31543 <ul>
31544 <li>In ports this week (mostly KDE, some unrelated):</li>
31545 <li>KDE Plasma has been updated to the latest release, 5.14.5.</li>
31546 <li>KDE Applications 18.12.1 were released today, so we’re right on top of them.</li>
31547 <li>Marble was fixed for FreeBSD-running-on-Power9.</li>
31548 <li>Musescore caught up on 18 months of releases.</li>
31549 <li>Phonon updated to 4.10.1, along with its backends.</li>
31550 <li>And in development, Qt WebEngine 5.12 has been prepared in the incongruously-named plasma-5.13 branch in Area51; that does contain all the latest bits described above, as well.</li>
31551 </ul>
31552
31553 <p><hr></p>
31554
31555 <p>##Beastie Bits</p>
31556
31557 <ul>
31558 <li><a href="http://nomadbsd.org/index.html">NomadBSD 1.2-RC1 Released</a></li>
31559 <li><a href="https://twitter.com/q5sys/status/1086443533681209350">ZFS - The First Enterprise Blockchain</a></li>
31560 <li><a href="https://www.dragonflybsd.org/docs/user/Powersave/?updated">Powersaving with DragonFly laptop</a></li>
31561 <li><a href="https://tests.reproducible-builds.org/netbsd/netbsd.html">NetBSD reaches 100% reproducable builds</a></li>
31562 <li><a href="https://old.reddit.com/r/freebsd/comments/ahs53y/bhyve_web_interface/">Potential Bhyve Web Interface?</a></li>
31563 <li><a href="https://www.reddit.com/r/openbsd_gaming/comments/adi9sm/libgdx_proof_of_concept_on_openbsd_slay_the_spire/">LibGDX proof of concept on OpenBSD</a> - <a href="https://youtu.be/F1loBeHKJt4">Video</a></li>
31564 <li><a href="https://www.pgcli.com/launching-litecli.html">LiteCLI is a user-friendly CommandLine client for SQLite database</a></li>
31565 <li><a href="https://www.youtube.com/playlist?list=PL94E35692EB9D36F3">In honor of Donald Knuth’s 81 birthday Stanford uploaded 111 lectures on Youtube</a></li>
31566 <li><a href="http://dpaste.com/3Q4F6C2">Portland BSD Pizza Night - 2018-01-31 19:00 - Sweet Heart Pizza</a></li>
31567 <li><a href="https://www.meetup.com/BSD-Users-Stockholm/events/257281738/">Stockholm BSD February meetup</a></li>
31568 <li><a href="https://bsd-pl.org/en">Polish BSD User Group: Jan 25 18:15 - 21:00</a></li>
31569 <li><a href="https://2019.asiabsdcon.org/cfp.html.en">AsiaBSDcon 2019 CfP</a></li>
31570 </ul>
31571
31572 <p><hr></p>
31573
31574 <p>##Feedback/Questions</p>
31575
31576 <ul>
31577 <li>Greg - <a href="http://dpaste.com/3A6T4HN">VLANs and jails</a></li>
31578 <li>Tara - <a href="http://dpaste.com/1X1E3XS#wrap">ZFS on removable disks</a></li>
31579 <li>Casey - <a href="http://dpaste.com/08HZ6FP#wrap">Interview with Kirk McKusick</a></li>
31580 </ul>
31581
31582 <p><hr></p>
31583
31584 <ul>
31585 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
31586 </ul>
31587
31588 <p><hr></p>]]>
31589 </itunes:summary>
31590 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+Q3FMYQ6c</fireside:playerURL>
31591 <fireside:playerEmbedCode>
31592 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+Q3FMYQ6c" width="740" height="200" frameborder="0" scrolling="no">]]>
31593 </fireside:playerEmbedCode>
31594 </item>
31595 <item>
31596 <title>281: EPYC Server Battle</title>
31597 <link>https://www.bsdnow.tv/281</link>
31598 <guid isPermaLink="false">62f301ee-57b8-4f10-8736-3660f78074a8</guid>
31599 <pubDate>Thu, 17 Jan 2019 07:00:00 -0800</pubDate>
31600 <author>Allan Jude</author>
31601 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/62f301ee-57b8-4f10-8736-3660f78074a8.mp3" length="50507863" type="audio/mp3"/>
31602 <itunes:episodeType>full</itunes:episodeType>
31603 <itunes:author>Allan Jude</itunes:author>
31604 <itunes:subtitle>SCP client vulnerabilities, BSDs vs Linux benchmarks on a Tyan EPYC Server, fame for the Unix inventors, Die IPv4, GhostBSD 18.12 released, Unix in pictures, and more.</itunes:subtitle>
31605 <itunes:duration>1:23:52</itunes:duration>
31606 <itunes:explicit>no</itunes:explicit>
31607 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
31608 <description>SCP client vulnerabilities, BSDs vs Linux benchmarks on a Tyan EPYC Server, fame for the Unix inventors, Die IPv4, GhostBSD 18.12 released, Unix in pictures, and more.
31609 <p>##Headlines<br>
31610 ###<a href="https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt">scp client multiple vulnerabilities</a></p>
31611 <ul>
31612 <li>Overview</li>
31613 <li>SCP clients from multiple vendors are susceptible to a malicious scp server performing<br>
31614 unauthorized changes to target directory and/or client output manipulation.</li>
31615 <li>Description</li>
31616 <li>Many scp clients fail to verify if the objects returned by the scp server match those<br>
31617 it asked for. This issue dates back to 1983 and rcp, on which scp is based. A separate<br>
31618 flaw in the client allows the target directory attributes to be changed arbitrarily.<br>
31619 Finally, two vulnerabilities in clients may allow server to spoof the client output.</li>
31620 <li>Impact</li>
31621 <li>Malicious scp server can write arbitrary files to scp target directory, change the<br>
31622 target directory permissions and to spoof the client output.</li>
31623 <li>Details</li>
31624 </ul>
31625 <blockquote>
31626 <p>The discovered vulnerabilities, described in more detail below, enables the attack<br>
31627 described here in brief.</p>
31628 </blockquote>
31629 <ul>
31630 <li>
31631 <ol>
31632 <li>The attacker controlled server or Man-in-the-Middle(*) attack drops .bash_aliases file to victim’s home directory when the victim performs scp operation from the server. The transfer of extra files is hidden by sending ANSI control sequences via stderr. For example:</li>
31633 </ol>
31634 </li>
31635 </ul>
31636 <p><code>user@local:~$ scp user@remote:readme.txt .</code><br>
31637 <code>readme.txt 100% 494 1.6KB/s 00:00</code><br>
31638 <code>user@local:~$</code></p>
31639 <ul>
31640 <li>
31641 <ol start="2">
31642 <li>Once the victim launches a new shell, the malicious commands in .bash_aliases get executed.</li>
31643 </ol>
31644 </li>
31645 <li>*) Man-in-the-Middle attack does require the victim to accept the wrong host fingerprint.</li>
31646 </ul>
31647 <hr>
31648 <p>###<a href="https://www.phoronix.com/scan.php?page=article&amp;item=dfly-freebsd-tyanamd&amp;num=1">FreeBSD 12.0 vs. DragonFlyBSD 5.4 vs. TrueOS 18.12 vs. Linux On A Tyan EPYC Server</a></p>
31649 <blockquote>
31650 <p>Last month when running FreeBSD 12.0 benchmarks on a 2P EPYC server I wasn’t able to run any side-by-side benchmarks with the new DragonFlyBSD 5.4 as this BSD was crashing during the boot process on that board. But fortunately on another AMD EPYC server available, the EPYC 1P TYAN Transport SX TN70A-B8026, DragonFlyBSD 5.4.1 runs fine. So for this first round of BSD benchmarking in 2019 are tests of FreeBSD 11.2, FreeBSD 12.0, DragonFlyBSD 5.4.1, the new TrueOS 18.12, and a few Linux distributions (CentOS 7, Ubuntu 18.04.1 LTS, and Clear Linux) on this EPYC 7601 server in a variety of workloads.</p>
31651 </blockquote>
31652 <blockquote>
31653 <p>DragonFlyBSD 5.4.1 ran fine on this Tyan server and could boot fine unlike the issue encountered on the Dell PowerEdge R7425 for this particular BSD. But on the Tyan server, DragonFlyBSD 5.2.2 wouldn’t boot so only this latest DragonFlyBSD release series was used as part of the comparison.</p>
31654 </blockquote>
31655 <ul>
31656 <li>
31657 <p>A summary of the operating systems tested for this EPYC 7601 OS benchmark comparison included:</p>
31658 </li>
31659 <li>
31660 <p>DragonFlyBSD 5.4.1 - The latest release of Matthew Dillon’s operating system while using the HAMMER2 file-system and GCC 8.1 compiler that is now the default system compiler for this BSD.</p>
31661 </li>
31662 <li>
31663 <p>FreeBSD 11.2 - The previous stable release of FreeBSD. Installed with a ZFS file-system.</p>
31664 </li>
31665 <li>
31666 <p>FreeBSD 12.0 - The latest stable release of FreeBSD and installed with its ZFS option.</p>
31667 </li>
31668 <li>
31669 <p>TrueOS 18.12 - The latest release of the iX systems’ FreeBSD derivative. TrueOS 18.12 is based on FreeBSD 13.0-CURRENT and uses ZFS by default and was using the Clang 7.0.1 compiler compared to Clang 6.0.1 on FreeBSD 12.0.</p>
31670 </li>
31671 <li>
31672 <p>CentOS Linux 7 - The latest EL7 operating system performance.</p>
31673 </li>
31674 <li>
31675 <p>Ubuntu 18.04.1 LTS - The latest Ubuntu Long Term Support release.</p>
31676 </li>
31677 <li>
31678 <p>Clear Linux 27120 - The latest rolling release as of testing out of Intel’s Open-Source Technology Center. Clear Linux often reflects as close to the gold standard for performance as possible with its insanely tuned software stack for offering optimal performance on x86_64 performance for generally showing best what the hardware is capable of.</p>
31679 </li>
31680 </ul>
31681 <blockquote>
31682 <p>Throughout all of this testing, the Tyan 2U server was kept to its same configuration of an AMD EPYC 7601 (32 cores / 64 threads) at stock speeds, 8 x 16GB DDR4-2666 ECC memory, and 280GB Intel Optane 900p SSD benchmarks.</p>
31683 </blockquote>
31684 <hr>
31685 <p>##News Roundup<br>
31686 <a href="https://www.engadget.com/2019/01/08/national-inventors-hall-of-fame-class-of-2019/">National Inventors Hall of Fame honors creators of Unix</a></p>
31687 <blockquote>
31688 <p>Dennis Ritchie (Posthumous) and Ken Thompson: UNIX Operating System<br>
31689 Thompson and Ritchie’s creation of the UNIX operating system and the C programming language were pivotal developments in the progress of computer science. Today, 50 years after its beginnings, UNIX and UNIX-like systems continue to run machinery from supercomputers to smartphones. The UNIX operating system remains the basis of much of the world’s computing infrastructure, and C language – written to simplify the development of UNIX – is one of the most widely used languages today.</p>
31690 </blockquote>
31691 <hr>
31692 <p>###<a href="https://ungleich.ch/en-us/cms/blog/2019/01/09/die-ipv4-die/">Die IPV4, Die</a></p>
31693 <blockquote>
31694 <p>Imagine, it is 2019. Easy, ha? Imagine, it is 2019 and you want to turn off IPv4. Like, off off. Really off. Not disabling IPv6, but disabling IPv4.</p>
31695 </blockquote>
31696 <ul>
31697 <li>Two steps back</li>
31698 </ul>
31699 <blockquote>
31700 <p>You might be coming here wondering, why would anybody want to do what we are asking to be done. Well, it is dead simple: We are running data centers (like Data Center Light) with a lot of IPv6 only equipment. There simply is no need for IPv4. So why would we want to have it enabled?<br>
31701 Also, here at ungleich, we defined 2019 as the year to move away from IPv4.</p>
31702 </blockquote>
31703 <ul>
31704 <li>The challenge</li>
31705 </ul>
31706 <blockquote>
31707 <p>Do you like puzzles? Competitions? Challenges? Hacking? Well. If ANY of this is of your interest, here is a real challenge for you:<br>
31708 We offer a 100 CHF (roughly 100 USD) for anyone who can give us a detailed description of how to turn IPv4 completely off in an operating system and allowing it to communicate with IPv6 only. This should obviously include a tiny proof that your operating system is really unable to use IPv4 at all. Just flushing IPv4 addresses and keeping the IPv4 stack loaded, does not count.</p>
31709 </blockquote>
31710 <hr>
31711 <p>###<a href="http://www.ghostbsd.org/18.12_release_announcement">GhostBSD 18.12 released</a></p>
31712 <blockquote>
31713 <p>GhostBSD 18.12 is an updated iso of GhostBSD 18.10 with some little changes to the live DVD/USB and with updated packages.</p>
31714 </blockquote>
31715 <ul>
31716 <li>What has changed since 18.10</li>
31717 <li>removed default call of kernel modules for AMD and Intel</li>
31718 <li>replaced octopkg by software-station</li>
31719 <li>added back gop hacks to the live system</li>
31720 <li>added ghostbsd-drivers and ghostbsd-utils</li>
31721 <li>we updated the packages to the latest build</li>
31722 </ul>
31723 <hr>
31724 <p>###<a href="https://threader.app/thread/1083054050315243521">And Now for a laugh : #unixinpictures</a></p>
31725 <hr>
31726 <p>##Beastie Bits</p>
31727 <ul>
31728 <li><a href="https://www.jwz.org/blog/2019/01/we-are-now-closer-to-the-y2038-bug-than-the-y2k-bug/">We are now closer to the Y2038 bug than the Y2K bug</a></li>
31729 <li><a href="https://old.reddit.com/r/openbsd/comments/ae6b77/openbsd_enterprise_use/">OpenBSD Enterprise use</a></li>
31730 <li><a href="https://old.reddit.com/r/unix/comments/af0kij/note_the_whole_book_series_in_the_background/">AT&amp;T Unix Books</a></li>
31731 <li><a href="https://oshogbo.vexillium.org/blog/54/">Process title and missing memory space</a></li>
31732 <li><a href="http://www.os2museum.com/wp/the-history-of-a-security-hole/">The History of a Security Hole</a></li>
31733 <li><a href="https://www.geoghegan.ca/unbound-adblock.html">unbound-adblock: The ultimate network adblocker!</a></li>
31734 <li><a href="https://github.com/wheelsystems/nvlist">FreeBSD’s name/value pairs library</a></li>
31735 <li><a href="https://utcc.utoronto.ca/~cks/space/blog/unix/PidRollover">Pid Rollover</a></li>
31736 <li><a href="https://www.cambus.net/booting-openbsd-kernels-in-efi-mode-with-qemu/">Booting OpenBSD kernels in EFI mode with QEMU</a></li>
31737 <li><a href="https://marc.info/?l=openbsd-cvs&amp;m=154715734504845&amp;w=2">OpenBSD CVS commit: Make mincore lie</a></li>
31738 <li><a href="http://www.bsdcan.org/2019/papers.php">BSDCan 2019 CfP ending January 19 - Submit!</a></li>
31739 <li><a href="https://www.eventbrite.com/e/zfs-user-conference-2019-tickets-54530403906">OpenZFS User Conference - April 18-19</a></li>
31740 <li><a href="https://www.freebsdfoundation.org/journal/">FreeBSD Journal is a free publication now</a></li>
31741 </ul>
31742 <hr>
31743 <p>##Feedback/Questions</p>
31744 <ul>
31745 <li>Chris - <a href="http://dpaste.com/101P5HA">Boot environments and SSDs</a></li>
31746 <li>Jonathan - <a href="http://dpaste.com/0YTPYV4">Bytes issued during a zpool scrub</a></li>
31747 <li>Bostjan - <a href="http://dpaste.com/0Q97J7H#wrap">ZFS Record Size and my mistakes</a></li>
31748 </ul>
31749 <hr>
31750 <ul>
31751 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
31752 </ul>
31753 <hr>
31754 </description>
31755 <content:encoded>
31756 <![CDATA[<p>SCP client vulnerabilities, BSDs vs Linux benchmarks on a Tyan EPYC Server, fame for the Unix inventors, Die IPv4, GhostBSD 18.12 released, Unix in pictures, and more.</p>
31757
31758 <p>##Headlines<br>
31759 ###<a href="https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt">scp client multiple vulnerabilities</a></p>
31760
31761 <ul>
31762 <li>Overview</li>
31763 <li>SCP clients from multiple vendors are susceptible to a malicious scp server performing<br>
31764 unauthorized changes to target directory and/or client output manipulation.</li>
31765 <li>Description</li>
31766 <li>Many scp clients fail to verify if the objects returned by the scp server match those<br>
31767 it asked for. This issue dates back to 1983 and rcp, on which scp is based. A separate<br>
31768 flaw in the client allows the target directory attributes to be changed arbitrarily.<br>
31769 Finally, two vulnerabilities in clients may allow server to spoof the client output.</li>
31770 <li>Impact</li>
31771 <li>Malicious scp server can write arbitrary files to scp target directory, change the<br>
31772 target directory permissions and to spoof the client output.</li>
31773 <li>Details</li>
31774 </ul>
31775
31776 <blockquote>
31777 <p>The discovered vulnerabilities, described in more detail below, enables the attack<br>
31778 described here in brief.</p>
31779 </blockquote>
31780
31781 <ul>
31782 <li>
31783 <ol>
31784 <li>The attacker controlled server or Man-in-the-Middle(*) attack drops .bash_aliases file to victim’s home directory when the victim performs scp operation from the server. The transfer of extra files is hidden by sending ANSI control sequences via stderr. For example:</li>
31785 </ol>
31786 </li>
31787 </ul>
31788
31789 <p><code>user@local:~$ scp user@remote:readme.txt .</code><br>
31790 <code>readme.txt 100% 494 1.6KB/s 00:00</code><br>
31791 <code>user@local:~$</code></p>
31792
31793 <ul>
31794 <li>
31795 <ol start="2">
31796 <li>Once the victim launches a new shell, the malicious commands in .bash_aliases get executed.</li>
31797 </ol>
31798 </li>
31799 <li>*) Man-in-the-Middle attack does require the victim to accept the wrong host fingerprint.</li>
31800 </ul>
31801
31802 <p><hr></p>
31803
31804 <p>###<a href="https://www.phoronix.com/scan.php?page=article&item=dfly-freebsd-tyanamd&num=1">FreeBSD 12.0 vs. DragonFlyBSD 5.4 vs. TrueOS 18.12 vs. Linux On A Tyan EPYC Server</a></p>
31805
31806 <blockquote>
31807 <p>Last month when running FreeBSD 12.0 benchmarks on a 2P EPYC server I wasn’t able to run any side-by-side benchmarks with the new DragonFlyBSD 5.4 as this BSD was crashing during the boot process on that board. But fortunately on another AMD EPYC server available, the EPYC 1P TYAN Transport SX TN70A-B8026, DragonFlyBSD 5.4.1 runs fine. So for this first round of BSD benchmarking in 2019 are tests of FreeBSD 11.2, FreeBSD 12.0, DragonFlyBSD 5.4.1, the new TrueOS 18.12, and a few Linux distributions (CentOS 7, Ubuntu 18.04.1 LTS, and Clear Linux) on this EPYC 7601 server in a variety of workloads.</p>
31808 </blockquote>
31809
31810 <blockquote>
31811 <p>DragonFlyBSD 5.4.1 ran fine on this Tyan server and could boot fine unlike the issue encountered on the Dell PowerEdge R7425 for this particular BSD. But on the Tyan server, DragonFlyBSD 5.2.2 wouldn’t boot so only this latest DragonFlyBSD release series was used as part of the comparison.</p>
31812 </blockquote>
31813
31814 <ul>
31815 <li>
31816 <p>A summary of the operating systems tested for this EPYC 7601 OS benchmark comparison included:</p>
31817 </li>
31818 <li>
31819 <p>DragonFlyBSD 5.4.1 - The latest release of Matthew Dillon’s operating system while using the HAMMER2 file-system and GCC 8.1 compiler that is now the default system compiler for this BSD.</p>
31820 </li>
31821 <li>
31822 <p>FreeBSD 11.2 - The previous stable release of FreeBSD. Installed with a ZFS file-system.</p>
31823 </li>
31824 <li>
31825 <p>FreeBSD 12.0 - The latest stable release of FreeBSD and installed with its ZFS option.</p>
31826 </li>
31827 <li>
31828 <p>TrueOS 18.12 - The latest release of the iX systems’ FreeBSD derivative. TrueOS 18.12 is based on FreeBSD 13.0-CURRENT and uses ZFS by default and was using the Clang 7.0.1 compiler compared to Clang 6.0.1 on FreeBSD 12.0.</p>
31829 </li>
31830 <li>
31831 <p>CentOS Linux 7 - The latest EL7 operating system performance.</p>
31832 </li>
31833 <li>
31834 <p>Ubuntu 18.04.1 LTS - The latest Ubuntu Long Term Support release.</p>
31835 </li>
31836 <li>
31837 <p>Clear Linux 27120 - The latest rolling release as of testing out of Intel’s Open-Source Technology Center. Clear Linux often reflects as close to the gold standard for performance as possible with its insanely tuned software stack for offering optimal performance on x86_64 performance for generally showing best what the hardware is capable of.</p>
31838 </li>
31839 </ul>
31840
31841 <blockquote>
31842 <p>Throughout all of this testing, the Tyan 2U server was kept to its same configuration of an AMD EPYC 7601 (32 cores / 64 threads) at stock speeds, 8 x 16GB DDR4-2666 ECC memory, and 280GB Intel Optane 900p SSD benchmarks.</p>
31843 </blockquote>
31844
31845 <p><hr></p>
31846
31847 <p>##News Roundup<br>
31848 ###<a href="https://www.engadget.com/2019/01/08/national-inventors-hall-of-fame-class-of-2019/">National Inventors Hall of Fame honors creators of Unix</a></p>
31849
31850 <blockquote>
31851 <p>Dennis Ritchie (Posthumous) and Ken Thompson: UNIX Operating System<br>
31852 Thompson and Ritchie’s creation of the UNIX operating system and the C programming language were pivotal developments in the progress of computer science. Today, 50 years after its beginnings, UNIX and UNIX-like systems continue to run machinery from supercomputers to smartphones. The UNIX operating system remains the basis of much of the world’s computing infrastructure, and C language – written to simplify the development of UNIX – is one of the most widely used languages today.</p>
31853 </blockquote>
31854
31855 <p><hr></p>
31856
31857 <p>###<a href="https://ungleich.ch/en-us/cms/blog/2019/01/09/die-ipv4-die/">Die IPV4, Die</a></p>
31858
31859 <blockquote>
31860 <p>Imagine, it is 2019. Easy, ha? Imagine, it is 2019 and you want to turn off IPv4. Like, off off. Really off. Not disabling IPv6, but disabling IPv4.</p>
31861 </blockquote>
31862
31863 <ul>
31864 <li>Two steps back</li>
31865 </ul>
31866
31867 <blockquote>
31868 <p>You might be coming here wondering, why would anybody want to do what we are asking to be done. Well, it is dead simple: We are running data centers (like Data Center Light) with a lot of IPv6 only equipment. There simply is no need for IPv4. So why would we want to have it enabled?<br>
31869 Also, here at ungleich, we defined 2019 as the year to move away from IPv4.</p>
31870 </blockquote>
31871
31872 <ul>
31873 <li>The challenge</li>
31874 </ul>
31875
31876 <blockquote>
31877 <p>Do you like puzzles? Competitions? Challenges? Hacking? Well. If ANY of this is of your interest, here is a real challenge for you:<br>
31878 We offer a 100 CHF (roughly 100 USD) for anyone who can give us a detailed description of how to turn IPv4 completely off in an operating system and allowing it to communicate with IPv6 only. This should obviously include a tiny proof that your operating system is really unable to use IPv4 at all. Just flushing IPv4 addresses and keeping the IPv4 stack loaded, does not count.</p>
31879 </blockquote>
31880
31881 <p><hr></p>
31882
31883 <p>###<a href="http://www.ghostbsd.org/18.12_release_announcement">GhostBSD 18.12 released</a></p>
31884
31885 <blockquote>
31886 <p>GhostBSD 18.12 is an updated iso of GhostBSD 18.10 with some little changes to the live DVD/USB and with updated packages.</p>
31887 </blockquote>
31888
31889 <ul>
31890 <li>What has changed since 18.10</li>
31891 <li>removed default call of kernel modules for AMD and Intel</li>
31892 <li>replaced octopkg by software-station</li>
31893 <li>added back gop hacks to the live system</li>
31894 <li>added ghostbsd-drivers and ghostbsd-utils</li>
31895 <li>we updated the packages to the latest build</li>
31896 </ul>
31897
31898 <p><hr></p>
31899
31900 <p>###<a href="https://threader.app/thread/1083054050315243521">And Now for a laugh : #unixinpictures</a></p>
31901
31902 <p><hr></p>
31903
31904 <p>##Beastie Bits</p>
31905
31906 <ul>
31907 <li><a href="https://www.jwz.org/blog/2019/01/we-are-now-closer-to-the-y2038-bug-than-the-y2k-bug/">We are now closer to the Y2038 bug than the Y2K bug</a></li>
31908 <li><a href="https://old.reddit.com/r/openbsd/comments/ae6b77/openbsd_enterprise_use/">OpenBSD Enterprise use</a></li>
31909 <li><a href="https://old.reddit.com/r/unix/comments/af0kij/note_the_whole_book_series_in_the_background/">AT&T Unix Books</a></li>
31910 <li><a href="https://oshogbo.vexillium.org/blog/54/">Process title and missing memory space</a></li>
31911 <li><a href="http://www.os2museum.com/wp/the-history-of-a-security-hole/">The History of a Security Hole</a></li>
31912 <li><a href="https://www.geoghegan.ca/unbound-adblock.html">unbound-adblock: The ultimate network adblocker!</a></li>
31913 <li><a href="https://github.com/wheelsystems/nvlist">FreeBSD’s name/value pairs library</a></li>
31914 <li><a href="https://utcc.utoronto.ca/~cks/space/blog/unix/PidRollover">Pid Rollover</a></li>
31915 <li><a href="https://www.cambus.net/booting-openbsd-kernels-in-efi-mode-with-qemu/">Booting OpenBSD kernels in EFI mode with QEMU</a></li>
31916 <li><a href="https://marc.info/?l=openbsd-cvs&m=154715734504845&w=2">OpenBSD CVS commit: Make mincore lie</a></li>
31917 <li><a href="http://www.bsdcan.org/2019/papers.php">BSDCan 2019 CfP ending January 19 - Submit!</a></li>
31918 <li><a href="https://www.eventbrite.com/e/zfs-user-conference-2019-tickets-54530403906">OpenZFS User Conference - April 18-19</a></li>
31919 <li><a href="https://www.freebsdfoundation.org/journal/">FreeBSD Journal is a free publication now</a></li>
31920 </ul>
31921
31922 <p><hr></p>
31923
31924 <p>##Feedback/Questions</p>
31925
31926 <ul>
31927 <li>Chris - <a href="http://dpaste.com/101P5HA">Boot environments and SSDs</a></li>
31928 <li>Jonathan - <a href="http://dpaste.com/0YTPYV4">Bytes issued during a zpool scrub</a></li>
31929 <li>Bostjan - <a href="http://dpaste.com/0Q97J7H#wrap">ZFS Record Size and my mistakes</a></li>
31930 </ul>
31931
31932 <p><hr></p>
31933
31934 <ul>
31935 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
31936 </ul>
31937
31938 <p><hr></p>]]>
31939 </content:encoded>
31940 <itunes:summary>
31941 <![CDATA[<p>SCP client vulnerabilities, BSDs vs Linux benchmarks on a Tyan EPYC Server, fame for the Unix inventors, Die IPv4, GhostBSD 18.12 released, Unix in pictures, and more.</p>
31942
31943 <p>##Headlines<br>
31944 ###<a href="https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt">scp client multiple vulnerabilities</a></p>
31945
31946 <ul>
31947 <li>Overview</li>
31948 <li>SCP clients from multiple vendors are susceptible to a malicious scp server performing<br>
31949 unauthorized changes to target directory and/or client output manipulation.</li>
31950 <li>Description</li>
31951 <li>Many scp clients fail to verify if the objects returned by the scp server match those<br>
31952 it asked for. This issue dates back to 1983 and rcp, on which scp is based. A separate<br>
31953 flaw in the client allows the target directory attributes to be changed arbitrarily.<br>
31954 Finally, two vulnerabilities in clients may allow server to spoof the client output.</li>
31955 <li>Impact</li>
31956 <li>Malicious scp server can write arbitrary files to scp target directory, change the<br>
31957 target directory permissions and to spoof the client output.</li>
31958 <li>Details</li>
31959 </ul>
31960
31961 <blockquote>
31962 <p>The discovered vulnerabilities, described in more detail below, enables the attack<br>
31963 described here in brief.</p>
31964 </blockquote>
31965
31966 <ul>
31967 <li>
31968 <ol>
31969 <li>The attacker controlled server or Man-in-the-Middle(*) attack drops .bash_aliases file to victim’s home directory when the victim performs scp operation from the server. The transfer of extra files is hidden by sending ANSI control sequences via stderr. For example:</li>
31970 </ol>
31971 </li>
31972 </ul>
31973
31974 <p><code>user@local:~$ scp user@remote:readme.txt .</code><br>
31975 <code>readme.txt 100% 494 1.6KB/s 00:00</code><br>
31976 <code>user@local:~$</code></p>
31977
31978 <ul>
31979 <li>
31980 <ol start="2">
31981 <li>Once the victim launches a new shell, the malicious commands in .bash_aliases get executed.</li>
31982 </ol>
31983 </li>
31984 <li>*) Man-in-the-Middle attack does require the victim to accept the wrong host fingerprint.</li>
31985 </ul>
31986
31987 <p><hr></p>
31988
31989 <p>###<a href="https://www.phoronix.com/scan.php?page=article&item=dfly-freebsd-tyanamd&num=1">FreeBSD 12.0 vs. DragonFlyBSD 5.4 vs. TrueOS 18.12 vs. Linux On A Tyan EPYC Server</a></p>
31990
31991 <blockquote>
31992 <p>Last month when running FreeBSD 12.0 benchmarks on a 2P EPYC server I wasn’t able to run any side-by-side benchmarks with the new DragonFlyBSD 5.4 as this BSD was crashing during the boot process on that board. But fortunately on another AMD EPYC server available, the EPYC 1P TYAN Transport SX TN70A-B8026, DragonFlyBSD 5.4.1 runs fine. So for this first round of BSD benchmarking in 2019 are tests of FreeBSD 11.2, FreeBSD 12.0, DragonFlyBSD 5.4.1, the new TrueOS 18.12, and a few Linux distributions (CentOS 7, Ubuntu 18.04.1 LTS, and Clear Linux) on this EPYC 7601 server in a variety of workloads.</p>
31993 </blockquote>
31994
31995 <blockquote>
31996 <p>DragonFlyBSD 5.4.1 ran fine on this Tyan server and could boot fine unlike the issue encountered on the Dell PowerEdge R7425 for this particular BSD. But on the Tyan server, DragonFlyBSD 5.2.2 wouldn’t boot so only this latest DragonFlyBSD release series was used as part of the comparison.</p>
31997 </blockquote>
31998
31999 <ul>
32000 <li>
32001 <p>A summary of the operating systems tested for this EPYC 7601 OS benchmark comparison included:</p>
32002 </li>
32003 <li>
32004 <p>DragonFlyBSD 5.4.1 - The latest release of Matthew Dillon’s operating system while using the HAMMER2 file-system and GCC 8.1 compiler that is now the default system compiler for this BSD.</p>
32005 </li>
32006 <li>
32007 <p>FreeBSD 11.2 - The previous stable release of FreeBSD. Installed with a ZFS file-system.</p>
32008 </li>
32009 <li>
32010 <p>FreeBSD 12.0 - The latest stable release of FreeBSD and installed with its ZFS option.</p>
32011 </li>
32012 <li>
32013 <p>TrueOS 18.12 - The latest release of the iX systems’ FreeBSD derivative. TrueOS 18.12 is based on FreeBSD 13.0-CURRENT and uses ZFS by default and was using the Clang 7.0.1 compiler compared to Clang 6.0.1 on FreeBSD 12.0.</p>
32014 </li>
32015 <li>
32016 <p>CentOS Linux 7 - The latest EL7 operating system performance.</p>
32017 </li>
32018 <li>
32019 <p>Ubuntu 18.04.1 LTS - The latest Ubuntu Long Term Support release.</p>
32020 </li>
32021 <li>
32022 <p>Clear Linux 27120 - The latest rolling release as of testing out of Intel’s Open-Source Technology Center. Clear Linux often reflects as close to the gold standard for performance as possible with its insanely tuned software stack for offering optimal performance on x86_64 performance for generally showing best what the hardware is capable of.</p>
32023 </li>
32024 </ul>
32025
32026 <blockquote>
32027 <p>Throughout all of this testing, the Tyan 2U server was kept to its same configuration of an AMD EPYC 7601 (32 cores / 64 threads) at stock speeds, 8 x 16GB DDR4-2666 ECC memory, and 280GB Intel Optane 900p SSD benchmarks.</p>
32028 </blockquote>
32029
32030 <p><hr></p>
32031
32032 <p>##News Roundup<br>
32033 ###<a href="https://www.engadget.com/2019/01/08/national-inventors-hall-of-fame-class-of-2019/">National Inventors Hall of Fame honors creators of Unix</a></p>
32034
32035 <blockquote>
32036 <p>Dennis Ritchie (Posthumous) and Ken Thompson: UNIX Operating System<br>
32037 Thompson and Ritchie’s creation of the UNIX operating system and the C programming language were pivotal developments in the progress of computer science. Today, 50 years after its beginnings, UNIX and UNIX-like systems continue to run machinery from supercomputers to smartphones. The UNIX operating system remains the basis of much of the world’s computing infrastructure, and C language – written to simplify the development of UNIX – is one of the most widely used languages today.</p>
32038 </blockquote>
32039
32040 <p><hr></p>
32041
32042 <p>###<a href="https://ungleich.ch/en-us/cms/blog/2019/01/09/die-ipv4-die/">Die IPV4, Die</a></p>
32043
32044 <blockquote>
32045 <p>Imagine, it is 2019. Easy, ha? Imagine, it is 2019 and you want to turn off IPv4. Like, off off. Really off. Not disabling IPv6, but disabling IPv4.</p>
32046 </blockquote>
32047
32048 <ul>
32049 <li>Two steps back</li>
32050 </ul>
32051
32052 <blockquote>
32053 <p>You might be coming here wondering, why would anybody want to do what we are asking to be done. Well, it is dead simple: We are running data centers (like Data Center Light) with a lot of IPv6 only equipment. There simply is no need for IPv4. So why would we want to have it enabled?<br>
32054 Also, here at ungleich, we defined 2019 as the year to move away from IPv4.</p>
32055 </blockquote>
32056
32057 <ul>
32058 <li>The challenge</li>
32059 </ul>
32060
32061 <blockquote>
32062 <p>Do you like puzzles? Competitions? Challenges? Hacking? Well. If ANY of this is of your interest, here is a real challenge for you:<br>
32063 We offer a 100 CHF (roughly 100 USD) for anyone who can give us a detailed description of how to turn IPv4 completely off in an operating system and allowing it to communicate with IPv6 only. This should obviously include a tiny proof that your operating system is really unable to use IPv4 at all. Just flushing IPv4 addresses and keeping the IPv4 stack loaded, does not count.</p>
32064 </blockquote>
32065
32066 <p><hr></p>
32067
32068 <p>###<a href="http://www.ghostbsd.org/18.12_release_announcement">GhostBSD 18.12 released</a></p>
32069
32070 <blockquote>
32071 <p>GhostBSD 18.12 is an updated iso of GhostBSD 18.10 with some little changes to the live DVD/USB and with updated packages.</p>
32072 </blockquote>
32073
32074 <ul>
32075 <li>What has changed since 18.10</li>
32076 <li>removed default call of kernel modules for AMD and Intel</li>
32077 <li>replaced octopkg by software-station</li>
32078 <li>added back gop hacks to the live system</li>
32079 <li>added ghostbsd-drivers and ghostbsd-utils</li>
32080 <li>we updated the packages to the latest build</li>
32081 </ul>
32082
32083 <p><hr></p>
32084
32085 <p>###<a href="https://threader.app/thread/1083054050315243521">And Now for a laugh : #unixinpictures</a></p>
32086
32087 <p><hr></p>
32088
32089 <p>##Beastie Bits</p>
32090
32091 <ul>
32092 <li><a href="https://www.jwz.org/blog/2019/01/we-are-now-closer-to-the-y2038-bug-than-the-y2k-bug/">We are now closer to the Y2038 bug than the Y2K bug</a></li>
32093 <li><a href="https://old.reddit.com/r/openbsd/comments/ae6b77/openbsd_enterprise_use/">OpenBSD Enterprise use</a></li>
32094 <li><a href="https://old.reddit.com/r/unix/comments/af0kij/note_the_whole_book_series_in_the_background/">AT&T Unix Books</a></li>
32095 <li><a href="https://oshogbo.vexillium.org/blog/54/">Process title and missing memory space</a></li>
32096 <li><a href="http://www.os2museum.com/wp/the-history-of-a-security-hole/">The History of a Security Hole</a></li>
32097 <li><a href="https://www.geoghegan.ca/unbound-adblock.html">unbound-adblock: The ultimate network adblocker!</a></li>
32098 <li><a href="https://github.com/wheelsystems/nvlist">FreeBSD’s name/value pairs library</a></li>
32099 <li><a href="https://utcc.utoronto.ca/~cks/space/blog/unix/PidRollover">Pid Rollover</a></li>
32100 <li><a href="https://www.cambus.net/booting-openbsd-kernels-in-efi-mode-with-qemu/">Booting OpenBSD kernels in EFI mode with QEMU</a></li>
32101 <li><a href="https://marc.info/?l=openbsd-cvs&m=154715734504845&w=2">OpenBSD CVS commit: Make mincore lie</a></li>
32102 <li><a href="http://www.bsdcan.org/2019/papers.php">BSDCan 2019 CfP ending January 19 - Submit!</a></li>
32103 <li><a href="https://www.eventbrite.com/e/zfs-user-conference-2019-tickets-54530403906">OpenZFS User Conference - April 18-19</a></li>
32104 <li><a href="https://www.freebsdfoundation.org/journal/">FreeBSD Journal is a free publication now</a></li>
32105 </ul>
32106
32107 <p><hr></p>
32108
32109 <p>##Feedback/Questions</p>
32110
32111 <ul>
32112 <li>Chris - <a href="http://dpaste.com/101P5HA">Boot environments and SSDs</a></li>
32113 <li>Jonathan - <a href="http://dpaste.com/0YTPYV4">Bytes issued during a zpool scrub</a></li>
32114 <li>Bostjan - <a href="http://dpaste.com/0Q97J7H#wrap">ZFS Record Size and my mistakes</a></li>
32115 </ul>
32116
32117 <p><hr></p>
32118
32119 <ul>
32120 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
32121 </ul>
32122
32123 <p><hr></p>]]>
32124 </itunes:summary>
32125 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+r3TeMuvM</fireside:playerURL>
32126 <fireside:playerEmbedCode>
32127 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+r3TeMuvM" width="740" height="200" frameborder="0" scrolling="no">]]>
32128 </fireside:playerEmbedCode>
32129 </item>
32130 <item>
32131 <title>Episode 280: FOSS Clothing | BSD Now 280</title>
32132 <link>https://www.bsdnow.tv/280</link>
32133 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-3132</guid>
32134 <pubDate>Thu, 10 Jan 2019 00:00:00 -0800</pubDate>
32135 <author>Allan Jude</author>
32136 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/bad2a854-7f51-4ff6-84a9-7c324c5cf277.mp3" length="31619268" type="audio/mp3"/>
32137 <itunes:episodeType>full</itunes:episodeType>
32138 <itunes:author>Allan Jude</itunes:author>
32139 <itunes:subtitle>A EULA in FOSS clothing, NetBSD with more LLVM support, Thoughts on FreeBSD 12.0, FreeBSD Performance against Windows and Linux on Xeon, Microsoft shipping NetBSD, and more.</itunes:subtitle>
32140 <itunes:duration>52:23</itunes:duration>
32141 <itunes:explicit>no</itunes:explicit>
32142 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
32143 <description>A EULA in FOSS clothing, NetBSD with more LLVM support, Thoughts on FreeBSD 12.0, FreeBSD Performance against Windows and Linux on Xeon, Microsoft shipping NetBSD, and more.
32144 Headlines
32145 <a href="http://dtrace.org/blogs/bmc/2018/12/16/a-eula-in-foss-clothing/">A EULA in FOSS clothing?</a>
32146 <blockquote>There was a tremendous amount of reaction to and discussion about <a href="http://dtrace.org/blogs/bmc/2018/12/14/open-source-confronts-its-midlife-crisis/">my blog entry on the midlife crisis in open source</a>. As part of this discussion on HN, Jay Kreps of Confluent took the time to write a <a href="https://news.ycombinator.com/item?id=18687498#18689179">detailed response</a> — which he shortly thereafter elevated into a <a href="https://medium.com/@jaykreps/a-quick-comment-on-bryan-cantrills-blog-on-licensing-8dccee41d9e6">blog entry</a>.</blockquote>
32147 <blockquote>Let me be clear that I hold Jay in high regard, as both a software engineer and an entrepreneur — and I appreciate the time he took to write a thoughtful response. That said, there are aspects of his response that I found troubling enough to closely re-read the Confluent Community License — and that in turn has led me to a deeply disturbing realization about what is potentially going on here.</blockquote>
32148 <blockquote>To GitHub: Assuming that this is in fact a EULA, I think it is perilous to allow EULAs to sit in public repositories. It’s one thing to have one click through to accept a license (though again, that itself is dubious), but to say that a git clone is an implicit acceptance of a contract that happens to be sitting somewhere in the repository beggars belief. With efforts like <a href="http://choosealicense.com">choosealicense.com</a>, GitHub has been a model in guiding projects with respect to licensing; it would be helpful for GitHub’s counsel to weigh in on their view of this new strain of source-available proprietary software and the degree to which it comes into conflict with GitHub’s own terms of service.</blockquote>
32149 <blockquote>To foundations concerned with software liberties, including the Apache Foundation, the Linux Foundation, the Free Software Foundation, the Electronic Frontier Foundation, the Open Source Initiative, and the Software Freedom Conservancy: the open source community needs your legal review on this! I don’t think I’m being too alarmist when I say that this is potentially a dangerous new precedent being set; it would be very helpful to have your lawyers offer their perspectives on this, even if they disagree with one another. We seem to be in some terrible new era of frankenlicenses, where the worst of proprietary licenses are bolted on to the goodwill created by open source licenses; we need your legal voices before these creatures destroy the village!</blockquote>
32150
32151 <hr />
32152 NetBSD and LLVM
32153 <a href="https://blog.netbsd.org/tnf/entry/netbsd_entering_2019_with_more">NetBSD entering 2019 with more complete LLVM support</a>
32154 <blockquote>I’m recently helping the NetBSD developers to improve the support for this operating system in various LLVM components. As you can read in my previous report, I’ve been focusing on fixing build and test failures for the purpose of improving the buildbot coverage.
32155 Previously, I’ve resolved test failures in LLVM, Clang, LLD, libunwind, openmp and partially libc++. During the remainder of the month, I’ve been working on the remaining libc++ test failures, improving the NetBSD clang driver and helping Kamil Rytarowski with compiler-rt.</blockquote>
32156 <a href="https://blog.netbsd.org/tnf/entry/the_process_of_upstreaming_support">The process of upstreaming support to LLVM sanitizers has been finalized</a>
32157 <blockquote>I’ve finished the process of upstreaming patches to LLVM sanitizers (almost 2000LOC of local code) and submitted to upstream new improvements for the NetBSD support. Today out of the box (in unpatched version) we have support for a variety of compiler-rt LLVM features: ASan (finds unauthorized memory access), UBSan (finds unspecified code semantics), TSan (finds threading bugs), MSan (finds uninitialized memory use), SafeStack (double stack hardening), Profile (code coverage), XRay (dynamic code tracing); while other ones such as Scudo (hardened allocator) or DFSan (generic data flow sanitizer) are not far away from completeness.
32158 The NetBSD support is no longer visibly lacking behind Linux in sanitizers, although there are still failing tests on NetBSD that are not observed on Linux. On the other hand there are features working on NetBSD that are not functional on Linux, like sanitizing programs during early initialization process of OS (this is caused by /proc dependency on Linux that is mounted by startup programs, while NetBSD relies on sysctl(3) interfaces that is always available).</blockquote>
32159 <hr />
32160 News Roundup
32161 <a href="https://distrowatch.com/weekly.php?issue=20190107#freebsd">Thoughts on FreeBSD 12.0</a>
32162 <blockquote>Playing with FreeBSD with past week I don’t feel as though there were any big surprises or changes in this release compared to FreeBSD 11. In typical FreeBSD fashion, progress tends to be evolutionary rather than revolutionary, and this release feels like a polished and improved incremental step forward. I like that the installer handles both UFS and ZFS guided partitioning now and in a friendly manner. In the past I had trouble getting FreeBSD’s boot menu to work with boot environments, but that has been fixed for this release.
32163 I like the security options in the installer too. These are not new, but I think worth mentioning. FreeBSD, unlike most Linux distributions, offers several low-level security options (like hiding other users’ processes and randomizing PIDs) and I like having these presented at install time. It’s harder for people to attack what they cannot see, or predict, and FreeBSD optionally makes these little adjustment for us.
32164 Something which stands out about FreeBSD, compared to most Linux distributions I run, is that FreeBSD rarely holds the user’s hand, but also rarely surprises the user. This means there is more reading to do up front and new users may struggle to get used to editing configuration files in a text editor. But FreeBSD rarely does anything unless told to do it. Updates rarely change the system’s behaviour, working technology rarely gets swapped out for something new, the system and its applications never crashed during my trial. Everything was rock solid. The operating system may seem like a minimal, blank slate to new users, but it’s wonderfully dependable and predictable in my experience.
32165 I probably wouldn’t recommend FreeBSD for desktop use. It’s close relative, GhostBSD, ships with a friendly desktop and does special work to make end user applications run smoothly. But for people who want to run servers, possible for years without change or issues, FreeBSD is a great option. It’s also an attractive choice, in my opinion, for people who like to build their system from the ground up, like you would with Debian’s server install or Arch Linux. Apart from the base tools and documentation, there is nothing on a FreeBSD system apart from what we put on it.</blockquote>
32166
32167 <hr />
32168 <a href="https://www.phoronix.com/scan.php?page=article&amp;item=freebsd-12-windows&amp;num=1">FreeBSD 12.0 Performance Against Windows &amp; Linux On An Intel Xeon Server</a>
32169 <blockquote>Last week I posted benchmarks of Windows Server 2019 against various Linux distributions using a Tyan dual socket Intel Xeon server. In this article are some complementary results when adding in the performance of FreeBSD 11.2 against the new FreeBSD 12.0 stable release for this leading BSD operating system. As some fun benchmarks to end out 2018, here are the results of FreeBSD 11.2/12.0 (including an additional run when using GCC rather than Clang) up against Windows Server and several enterprise-ready Linux distributions.
32170 While FreeBSD 12.0 had picked up just one win of the Windows/Linux comparisons run, the FreeBSD performance is moving in the right direction. FreeBSD 12.0 was certainly faster than FreeBSD 11.2 on this dual Intel Xeon Scalable server based on a Tyan 1U platform. Meanwhile, to no surprise given the data last week, Clear Linux was by far the fastest out-of-the-box operating system tested.
32171 I did run some extra benchmarks on FreeBSD 11.2/12.0 with this hardware: in total I ran 120 benchmarks for these BSD tests. Of the 120 tests, there were just 15 cases where FreeBSD 11.2 was faster than 12.0. Seeing FreeBSD 12.0 faster than 11.2 nearly 90% of the time is an accomplishment and usually with other operating systems we see more of a mixed bag on new releases with not such solidly better performance. It was also great seeing the competitive performance out of FreeBSD when using the Clang compiler for the source-based tests compared to the GCC8 performance. Additional data available via this <a href="http://OpenBenchmarking.org">OpenBenchmarking.org</a> result file.</blockquote>
32172
32173 <hr />
32174 <a href="http://fogey.com/contemplating/?p=1023">How NetBSD came to be shipped by Microsoft</a>
32175 <a href="https://webcache.googleusercontent.com/search?q=cache:5XwAm5tvJ4AJ:fogey.com/contemplating/%3Fp%3D1023+&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us">Google cache in case the site is down</a>
32176 <blockquote>In 2000, Joe Britt, Matt Hershenson and Andy Rubin formed Danger Incorporated. Danger developed the world’s first recognizable smartphone, the Danger HipTop. T-Mobile sold the first HipTop under the brand name Sidekick in October of 2002.
32177 Danger had a well developed kernel that had been designed and built in house. The kernel came to be viewed as not a core intellectual property and Danger started a search for a replacement. For business reasons, mostly to do with legal concerns over the Gnu Public License, Danger rejected Linux and began to consider BSD Unix as a replacement for the kernel.
32178 In 2006 I was hired by Mike Chen, the manager of the kernel development group to investigate the feasibility of replacing the Danger kernel with a BSD kernel, to select the version of BSD to use, to develop a prototype and to develop the plan for adapting BSD to Danger’s requirements.
32179 NetBSD was easily the best choice among the BSD variations at the time because it had well developed cross development tools. It was easy to use a NetBSD desktop running an Intel release to cross compile a NetBSD kernel and runtime for a device running an ARM processor. (Those interested in mailing list archaeology might be amused to investigate NetBSD technical mailing list for mail from picovex, particularly from Bucky Katz at picovex.)
32180 We began product development on the specific prototype of the phone that would become the Sidekick LX2009 in 2007 and contracts for the phone were written with T-Mobile. We were about half way through the two year development cycle when Microsoft purchased Danger in 2008.
32181 Microsoft would have preferred to ship the Sidekick running Windows/CE rather than NetBSD, but a schedule analysis performed by me, and another by an independent outside contractor, indicated that doing so would result in unacceptable delay.</blockquote>
32182 <hr />
32183 Beastie Bits
32184 <ul>
32185 <li><a href="http://lists.31bits.net/archives/devel/2018-December/000033.html">Unleashed 1.2 Released</a></li>
32186 <li><a href="https://media.ccc.de/v/35c3-9647-taming_the_chaos_can_we_build_systems_that_actually_work">35th CCC - Taming the Chaos: Can we build systems that actually work? </a></li>
32187 <li><a href="https://rachelbythebay.com/w/2018/12/30/v6/">Potholes to avoid when migrating to IPv6</a></li>
32188 <li><a href="https://www.jwz.org/blog/2018/12/xscreensaver-5-41/">XScreenSaver 5.42</a></li>
32189 <li><a href="https://hackertarget.com/ssh-examples-tunnels/">SSH Examples and Tunnels</a></li>
32190 <li><a href="https://old.reddit.com/r/freebsd/comments/abevqa/mbuf9_request_for_comment/">Help request - mbuf(9) - request for comment</a></li>
32191 <li><a href="https://www.zdnet.com/article/nsa-to-release-a-free-reverse-engineering-tool/">NSA to release free Reverse Engineering Tool</a></li>
32192 <li><a href="https://blog.grem.de/sysadmin/FreeBSD-On-rpi3-With-crochet-2018-10-27-18-00.html">Running FreeBSD on a Raspberry Pi3 using a custom image created with crochet and poudriere</a></li>
32193 </ul>
32194
32195 <hr />
32196 Feedback/Questions
32197 <ul>
32198 <li>Dries - <a href="http://dpaste.com/2DCEJD6#wrap">Lets talk a bit about VIMAGE jails</a></li>
32199 <li>ohb - <a href="http://dpaste.com/1EGDSKQ#wrap">Question About ZFS Root Dataset</a></li>
32200 <li>Micah - <a href="http://dpaste.com/3TK2JWF#wrap">Active-Active NAS Sync recommendations</a></li>
32201 </ul>
32202
32203 <hr />
32204 <ul>
32205 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
32206 </ul>
32207
32208 <hr />
32209 </description>
32210 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, EULA, github, llvm, microsoft, sidekick, danger, CCC, xscreensaver, ssh, nsa</itunes:keywords>
32211 <content:encoded>
32212 <![CDATA[<p>A EULA in FOSS clothing, NetBSD with more LLVM support, Thoughts on FreeBSD 12.0, FreeBSD Performance against Windows and Linux on Xeon, Microsoft shipping NetBSD, and more.</p>
32213
32214 <h2>Headlines</h2>
32215
32216 <h3><a href="http://dtrace.org/blogs/bmc/2018/12/16/a-eula-in-foss-clothing/">A EULA in FOSS clothing?</a></h3>
32217
32218 <blockquote>There was a tremendous amount of reaction to and discussion about <a href="http://dtrace.org/blogs/bmc/2018/12/14/open-source-confronts-its-midlife-crisis/">my blog entry on the midlife crisis in open source</a>. As part of this discussion on HN, Jay Kreps of Confluent took the time to write a <a href="https://news.ycombinator.com/item?id=18687498#18689179">detailed response</a> — which he shortly thereafter elevated into a <a href="https://medium.com/@jaykreps/a-quick-comment-on-bryan-cantrills-blog-on-licensing-8dccee41d9e6">blog entry</a>.</blockquote>
32219
32220 <blockquote>Let me be clear that I hold Jay in high regard, as both a software engineer and an entrepreneur — and I appreciate the time he took to write a thoughtful response. That said, there are aspects of his response that I found troubling enough to closely re-read the Confluent Community License — and that in turn has led me to a deeply disturbing realization about what is potentially going on here.</blockquote>
32221
32222 <blockquote>To GitHub: Assuming that this is in fact a EULA, I think it is perilous to allow EULAs to sit in public repositories. It’s one thing to have one click through to accept a license (though again, that itself is dubious), but to say that a git clone is an implicit acceptance of a contract that happens to be sitting somewhere in the repository beggars belief. With efforts like <a href="http://choosealicense.com">choosealicense.com</a>, GitHub has been a model in guiding projects with respect to licensing; it would be helpful for GitHub’s counsel to weigh in on their view of this new strain of source-available proprietary software and the degree to which it comes into conflict with GitHub’s own terms of service.</blockquote>
32223
32224 <blockquote>To foundations concerned with software liberties, including the Apache Foundation, the Linux Foundation, the Free Software Foundation, the Electronic Frontier Foundation, the Open Source Initiative, and the Software Freedom Conservancy: the open source community needs your legal review on this! I don’t think I’m being too alarmist when I say that this is potentially a dangerous new precedent being set; it would be very helpful to have your lawyers offer their perspectives on this, even if they disagree with one another. We seem to be in some terrible new era of frankenlicenses, where the worst of proprietary licenses are bolted on to the goodwill created by open source licenses; we need your legal voices before these creatures destroy the village!</blockquote>
32225
32226 <p><hr /></p>
32227
32228 <h3>NetBSD and LLVM</h3>
32229
32230 <p><a href="https://blog.netbsd.org/tnf/entry/netbsd_entering_2019_with_more">NetBSD entering 2019 with more complete LLVM support</a></p>
32231
32232 <blockquote>I’m recently helping the NetBSD developers to improve the support for this operating system in various LLVM components. As you can read in my previous report, I’ve been focusing on fixing build and test failures for the purpose of improving the buildbot coverage.
32233 Previously, I’ve resolved test failures in LLVM, Clang, LLD, libunwind, openmp and partially libc++. During the remainder of the month, I’ve been working on the remaining libc++ test failures, improving the NetBSD clang driver and helping Kamil Rytarowski with compiler-rt.</blockquote>
32234
32235 <p><a href="https://blog.netbsd.org/tnf/entry/the_process_of_upstreaming_support">The process of upstreaming support to LLVM sanitizers has been finalized</a></p>
32236
32237 <blockquote>I’ve finished the process of upstreaming patches to LLVM sanitizers (almost 2000LOC of local code) and submitted to upstream new improvements for the NetBSD support. Today out of the box (in unpatched version) we have support for a variety of compiler-rt LLVM features: ASan (finds unauthorized memory access), UBSan (finds unspecified code semantics), TSan (finds threading bugs), MSan (finds uninitialized memory use), SafeStack (double stack hardening), Profile (code coverage), XRay (dynamic code tracing); while other ones such as Scudo (hardened allocator) or DFSan (generic data flow sanitizer) are not far away from completeness.
32238 The NetBSD support is no longer visibly lacking behind Linux in sanitizers, although there are still failing tests on NetBSD that are not observed on Linux. On the other hand there are features working on NetBSD that are not functional on Linux, like sanitizing programs during early initialization process of OS (this is caused by /proc dependency on Linux that is mounted by startup programs, while NetBSD relies on sysctl(3) interfaces that is always available).</blockquote>
32239
32240 <p><hr /></p>
32241
32242 <h2>News Roundup</h2>
32243
32244 <h3><a href="https://distrowatch.com/weekly.php?issue=20190107#freebsd">Thoughts on FreeBSD 12.0</a></h3>
32245
32246 <blockquote>Playing with FreeBSD with past week I don’t feel as though there were any big surprises or changes in this release compared to FreeBSD 11. In typical FreeBSD fashion, progress tends to be evolutionary rather than revolutionary, and this release feels like a polished and improved incremental step forward. I like that the installer handles both UFS and ZFS guided partitioning now and in a friendly manner. In the past I had trouble getting FreeBSD’s boot menu to work with boot environments, but that has been fixed for this release.
32247 I like the security options in the installer too. These are not new, but I think worth mentioning. FreeBSD, unlike most Linux distributions, offers several low-level security options (like hiding other users’ processes and randomizing PIDs) and I like having these presented at install time. It’s harder for people to attack what they cannot see, or predict, and FreeBSD optionally makes these little adjustment for us.
32248 Something which stands out about FreeBSD, compared to most Linux distributions I run, is that FreeBSD rarely holds the user’s hand, but also rarely surprises the user. This means there is more reading to do up front and new users may struggle to get used to editing configuration files in a text editor. But FreeBSD rarely does anything unless told to do it. Updates rarely change the system’s behaviour, working technology rarely gets swapped out for something new, the system and its applications never crashed during my trial. Everything was rock solid. The operating system may seem like a minimal, blank slate to new users, but it’s wonderfully dependable and predictable in my experience.
32249 I probably wouldn’t recommend FreeBSD for desktop use. It’s close relative, GhostBSD, ships with a friendly desktop and does special work to make end user applications run smoothly. But for people who want to run servers, possible for years without change or issues, FreeBSD is a great option. It’s also an attractive choice, in my opinion, for people who like to build their system from the ground up, like you would with Debian’s server install or Arch Linux. Apart from the base tools and documentation, there is nothing on a FreeBSD system apart from what we put on it.</blockquote>
32250
32251 <p><hr /></p>
32252
32253 <h3><a href="https://www.phoronix.com/scan.php?page=article&item=freebsd-12-windows&num=1">FreeBSD 12.0 Performance Against Windows & Linux On An Intel Xeon Server</a></h3>
32254
32255 <blockquote>Last week I posted benchmarks of Windows Server 2019 against various Linux distributions using a Tyan dual socket Intel Xeon server. In this article are some complementary results when adding in the performance of FreeBSD 11.2 against the new FreeBSD 12.0 stable release for this leading BSD operating system. As some fun benchmarks to end out 2018, here are the results of FreeBSD 11.2/12.0 (including an additional run when using GCC rather than Clang) up against Windows Server and several enterprise-ready Linux distributions.
32256 While FreeBSD 12.0 had picked up just one win of the Windows/Linux comparisons run, the FreeBSD performance is moving in the right direction. FreeBSD 12.0 was certainly faster than FreeBSD 11.2 on this dual Intel Xeon Scalable server based on a Tyan 1U platform. Meanwhile, to no surprise given the data last week, Clear Linux was by far the fastest out-of-the-box operating system tested.
32257 I did run some extra benchmarks on FreeBSD 11.2/12.0 with this hardware: in total I ran 120 benchmarks for these BSD tests. Of the 120 tests, there were just 15 cases where FreeBSD 11.2 was faster than 12.0. Seeing FreeBSD 12.0 faster than 11.2 nearly 90% of the time is an accomplishment and usually with other operating systems we see more of a mixed bag on new releases with not such solidly better performance. It was also great seeing the competitive performance out of FreeBSD when using the Clang compiler for the source-based tests compared to the GCC8 performance. Additional data available via this <a href="http://OpenBenchmarking.org">OpenBenchmarking.org</a> result file.</blockquote>
32258
32259 <p><hr /></p>
32260
32261 <h3><a href="http://fogey.com/contemplating/?p=1023">How NetBSD came to be shipped by Microsoft</a></h3>
32262
32263 <p><a href="https://webcache.googleusercontent.com/search?q=cache:5XwAm5tvJ4AJ:fogey.com/contemplating/%3Fp%3D1023+&cd=1&hl=en&ct=clnk&gl=us">Google cache in case the site is down</a></p>
32264
32265 <blockquote>In 2000, Joe Britt, Matt Hershenson and Andy Rubin formed Danger Incorporated. Danger developed the world’s first recognizable smartphone, the Danger HipTop. T-Mobile sold the first HipTop under the brand name Sidekick in October of 2002.
32266 Danger had a well developed kernel that had been designed and built in house. The kernel came to be viewed as not a core intellectual property and Danger started a search for a replacement. For business reasons, mostly to do with legal concerns over the Gnu Public License, Danger rejected Linux and began to consider BSD Unix as a replacement for the kernel.
32267 In 2006 I was hired by Mike Chen, the manager of the kernel development group to investigate the feasibility of replacing the Danger kernel with a BSD kernel, to select the version of BSD to use, to develop a prototype and to develop the plan for adapting BSD to Danger’s requirements.
32268 NetBSD was easily the best choice among the BSD variations at the time because it had well developed cross development tools. It was easy to use a NetBSD desktop running an Intel release to cross compile a NetBSD kernel and runtime for a device running an ARM processor. (Those interested in mailing list archaeology might be amused to investigate NetBSD technical mailing list for mail from picovex, particularly from Bucky Katz at picovex.)
32269 We began product development on the specific prototype of the phone that would become the Sidekick LX2009 in 2007 and contracts for the phone were written with T-Mobile. We were about half way through the two year development cycle when Microsoft purchased Danger in 2008.
32270 Microsoft would have preferred to ship the Sidekick running Windows/CE rather than NetBSD, but a schedule analysis performed by me, and another by an independent outside contractor, indicated that doing so would result in unacceptable delay.</blockquote>
32271
32272 <p><hr /></p>
32273
32274 <h2>Beastie Bits</h2>
32275
32276 <ul>
32277 <li><a href="http://lists.31bits.net/archives/devel/2018-December/000033.html">Unleashed 1.2 Released</a></li>
32278 <li><a href="https://media.ccc.de/v/35c3-9647-taming_the_chaos_can_we_build_systems_that_actually_work">35th CCC - Taming the Chaos: Can we build systems that actually work? </a></li>
32279 <li><a href="https://rachelbythebay.com/w/2018/12/30/v6/">Potholes to avoid when migrating to IPv6</a></li>
32280 <li><a href="https://www.jwz.org/blog/2018/12/xscreensaver-5-41/">XScreenSaver 5.42</a></li>
32281 <li><a href="https://hackertarget.com/ssh-examples-tunnels/">SSH Examples and Tunnels</a></li>
32282 <li><a href="https://old.reddit.com/r/freebsd/comments/abevqa/mbuf9_request_for_comment/">Help request - mbuf(9) - request for comment</a></li>
32283 <li><a href="https://www.zdnet.com/article/nsa-to-release-a-free-reverse-engineering-tool/">NSA to release free Reverse Engineering Tool</a></li>
32284 <li><a href="https://blog.grem.de/sysadmin/FreeBSD-On-rpi3-With-crochet-2018-10-27-18-00.html">Running FreeBSD on a Raspberry Pi3 using a custom image created with crochet and poudriere</a></li>
32285 </ul>
32286
32287 <p><hr /></p>
32288
32289 <h2>Feedback/Questions</h2>
32290
32291 <ul>
32292 <li>Dries - <a href="http://dpaste.com/2DCEJD6#wrap">Lets talk a bit about VIMAGE jails</a></li>
32293 <li>ohb - <a href="http://dpaste.com/1EGDSKQ#wrap">Question About ZFS Root Dataset</a></li>
32294 <li>Micah - <a href="http://dpaste.com/3TK2JWF#wrap">Active-Active NAS Sync recommendations</a></li>
32295 </ul>
32296
32297 <p><hr /></p>
32298
32299 <ul>
32300 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
32301 </ul>
32302
32303 <p><hr /></p>]]>
32304 </content:encoded>
32305 <itunes:summary>
32306 <![CDATA[<p>A EULA in FOSS clothing, NetBSD with more LLVM support, Thoughts on FreeBSD 12.0, FreeBSD Performance against Windows and Linux on Xeon, Microsoft shipping NetBSD, and more.</p>
32307
32308 <h2>Headlines</h2>
32309
32310 <h3><a href="http://dtrace.org/blogs/bmc/2018/12/16/a-eula-in-foss-clothing/">A EULA in FOSS clothing?</a></h3>
32311
32312 <blockquote>There was a tremendous amount of reaction to and discussion about <a href="http://dtrace.org/blogs/bmc/2018/12/14/open-source-confronts-its-midlife-crisis/">my blog entry on the midlife crisis in open source</a>. As part of this discussion on HN, Jay Kreps of Confluent took the time to write a <a href="https://news.ycombinator.com/item?id=18687498#18689179">detailed response</a> — which he shortly thereafter elevated into a <a href="https://medium.com/@jaykreps/a-quick-comment-on-bryan-cantrills-blog-on-licensing-8dccee41d9e6">blog entry</a>.</blockquote>
32313
32314 <blockquote>Let me be clear that I hold Jay in high regard, as both a software engineer and an entrepreneur — and I appreciate the time he took to write a thoughtful response. That said, there are aspects of his response that I found troubling enough to closely re-read the Confluent Community License — and that in turn has led me to a deeply disturbing realization about what is potentially going on here.</blockquote>
32315
32316 <blockquote>To GitHub: Assuming that this is in fact a EULA, I think it is perilous to allow EULAs to sit in public repositories. It’s one thing to have one click through to accept a license (though again, that itself is dubious), but to say that a git clone is an implicit acceptance of a contract that happens to be sitting somewhere in the repository beggars belief. With efforts like <a href="http://choosealicense.com">choosealicense.com</a>, GitHub has been a model in guiding projects with respect to licensing; it would be helpful for GitHub’s counsel to weigh in on their view of this new strain of source-available proprietary software and the degree to which it comes into conflict with GitHub’s own terms of service.</blockquote>
32317
32318 <blockquote>To foundations concerned with software liberties, including the Apache Foundation, the Linux Foundation, the Free Software Foundation, the Electronic Frontier Foundation, the Open Source Initiative, and the Software Freedom Conservancy: the open source community needs your legal review on this! I don’t think I’m being too alarmist when I say that this is potentially a dangerous new precedent being set; it would be very helpful to have your lawyers offer their perspectives on this, even if they disagree with one another. We seem to be in some terrible new era of frankenlicenses, where the worst of proprietary licenses are bolted on to the goodwill created by open source licenses; we need your legal voices before these creatures destroy the village!</blockquote>
32319
32320 <p><hr /></p>
32321
32322 <h3>NetBSD and LLVM</h3>
32323
32324 <p><a href="https://blog.netbsd.org/tnf/entry/netbsd_entering_2019_with_more">NetBSD entering 2019 with more complete LLVM support</a></p>
32325
32326 <blockquote>I’m recently helping the NetBSD developers to improve the support for this operating system in various LLVM components. As you can read in my previous report, I’ve been focusing on fixing build and test failures for the purpose of improving the buildbot coverage.
32327 Previously, I’ve resolved test failures in LLVM, Clang, LLD, libunwind, openmp and partially libc++. During the remainder of the month, I’ve been working on the remaining libc++ test failures, improving the NetBSD clang driver and helping Kamil Rytarowski with compiler-rt.</blockquote>
32328
32329 <p><a href="https://blog.netbsd.org/tnf/entry/the_process_of_upstreaming_support">The process of upstreaming support to LLVM sanitizers has been finalized</a></p>
32330
32331 <blockquote>I’ve finished the process of upstreaming patches to LLVM sanitizers (almost 2000LOC of local code) and submitted to upstream new improvements for the NetBSD support. Today out of the box (in unpatched version) we have support for a variety of compiler-rt LLVM features: ASan (finds unauthorized memory access), UBSan (finds unspecified code semantics), TSan (finds threading bugs), MSan (finds uninitialized memory use), SafeStack (double stack hardening), Profile (code coverage), XRay (dynamic code tracing); while other ones such as Scudo (hardened allocator) or DFSan (generic data flow sanitizer) are not far away from completeness.
32332 The NetBSD support is no longer visibly lacking behind Linux in sanitizers, although there are still failing tests on NetBSD that are not observed on Linux. On the other hand there are features working on NetBSD that are not functional on Linux, like sanitizing programs during early initialization process of OS (this is caused by /proc dependency on Linux that is mounted by startup programs, while NetBSD relies on sysctl(3) interfaces that is always available).</blockquote>
32333
32334 <p><hr /></p>
32335
32336 <h2>News Roundup</h2>
32337
32338 <h3><a href="https://distrowatch.com/weekly.php?issue=20190107#freebsd">Thoughts on FreeBSD 12.0</a></h3>
32339
32340 <blockquote>Playing with FreeBSD with past week I don’t feel as though there were any big surprises or changes in this release compared to FreeBSD 11. In typical FreeBSD fashion, progress tends to be evolutionary rather than revolutionary, and this release feels like a polished and improved incremental step forward. I like that the installer handles both UFS and ZFS guided partitioning now and in a friendly manner. In the past I had trouble getting FreeBSD’s boot menu to work with boot environments, but that has been fixed for this release.
32341 I like the security options in the installer too. These are not new, but I think worth mentioning. FreeBSD, unlike most Linux distributions, offers several low-level security options (like hiding other users’ processes and randomizing PIDs) and I like having these presented at install time. It’s harder for people to attack what they cannot see, or predict, and FreeBSD optionally makes these little adjustment for us.
32342 Something which stands out about FreeBSD, compared to most Linux distributions I run, is that FreeBSD rarely holds the user’s hand, but also rarely surprises the user. This means there is more reading to do up front and new users may struggle to get used to editing configuration files in a text editor. But FreeBSD rarely does anything unless told to do it. Updates rarely change the system’s behaviour, working technology rarely gets swapped out for something new, the system and its applications never crashed during my trial. Everything was rock solid. The operating system may seem like a minimal, blank slate to new users, but it’s wonderfully dependable and predictable in my experience.
32343 I probably wouldn’t recommend FreeBSD for desktop use. It’s close relative, GhostBSD, ships with a friendly desktop and does special work to make end user applications run smoothly. But for people who want to run servers, possible for years without change or issues, FreeBSD is a great option. It’s also an attractive choice, in my opinion, for people who like to build their system from the ground up, like you would with Debian’s server install or Arch Linux. Apart from the base tools and documentation, there is nothing on a FreeBSD system apart from what we put on it.</blockquote>
32344
32345 <p><hr /></p>
32346
32347 <h3><a href="https://www.phoronix.com/scan.php?page=article&item=freebsd-12-windows&num=1">FreeBSD 12.0 Performance Against Windows & Linux On An Intel Xeon Server</a></h3>
32348
32349 <blockquote>Last week I posted benchmarks of Windows Server 2019 against various Linux distributions using a Tyan dual socket Intel Xeon server. In this article are some complementary results when adding in the performance of FreeBSD 11.2 against the new FreeBSD 12.0 stable release for this leading BSD operating system. As some fun benchmarks to end out 2018, here are the results of FreeBSD 11.2/12.0 (including an additional run when using GCC rather than Clang) up against Windows Server and several enterprise-ready Linux distributions.
32350 While FreeBSD 12.0 had picked up just one win of the Windows/Linux comparisons run, the FreeBSD performance is moving in the right direction. FreeBSD 12.0 was certainly faster than FreeBSD 11.2 on this dual Intel Xeon Scalable server based on a Tyan 1U platform. Meanwhile, to no surprise given the data last week, Clear Linux was by far the fastest out-of-the-box operating system tested.
32351 I did run some extra benchmarks on FreeBSD 11.2/12.0 with this hardware: in total I ran 120 benchmarks for these BSD tests. Of the 120 tests, there were just 15 cases where FreeBSD 11.2 was faster than 12.0. Seeing FreeBSD 12.0 faster than 11.2 nearly 90% of the time is an accomplishment and usually with other operating systems we see more of a mixed bag on new releases with not such solidly better performance. It was also great seeing the competitive performance out of FreeBSD when using the Clang compiler for the source-based tests compared to the GCC8 performance. Additional data available via this <a href="http://OpenBenchmarking.org">OpenBenchmarking.org</a> result file.</blockquote>
32352
32353 <p><hr /></p>
32354
32355 <h3><a href="http://fogey.com/contemplating/?p=1023">How NetBSD came to be shipped by Microsoft</a></h3>
32356
32357 <p><a href="https://webcache.googleusercontent.com/search?q=cache:5XwAm5tvJ4AJ:fogey.com/contemplating/%3Fp%3D1023+&cd=1&hl=en&ct=clnk&gl=us">Google cache in case the site is down</a></p>
32358
32359 <blockquote>In 2000, Joe Britt, Matt Hershenson and Andy Rubin formed Danger Incorporated. Danger developed the world’s first recognizable smartphone, the Danger HipTop. T-Mobile sold the first HipTop under the brand name Sidekick in October of 2002.
32360 Danger had a well developed kernel that had been designed and built in house. The kernel came to be viewed as not a core intellectual property and Danger started a search for a replacement. For business reasons, mostly to do with legal concerns over the Gnu Public License, Danger rejected Linux and began to consider BSD Unix as a replacement for the kernel.
32361 In 2006 I was hired by Mike Chen, the manager of the kernel development group to investigate the feasibility of replacing the Danger kernel with a BSD kernel, to select the version of BSD to use, to develop a prototype and to develop the plan for adapting BSD to Danger’s requirements.
32362 NetBSD was easily the best choice among the BSD variations at the time because it had well developed cross development tools. It was easy to use a NetBSD desktop running an Intel release to cross compile a NetBSD kernel and runtime for a device running an ARM processor. (Those interested in mailing list archaeology might be amused to investigate NetBSD technical mailing list for mail from picovex, particularly from Bucky Katz at picovex.)
32363 We began product development on the specific prototype of the phone that would become the Sidekick LX2009 in 2007 and contracts for the phone were written with T-Mobile. We were about half way through the two year development cycle when Microsoft purchased Danger in 2008.
32364 Microsoft would have preferred to ship the Sidekick running Windows/CE rather than NetBSD, but a schedule analysis performed by me, and another by an independent outside contractor, indicated that doing so would result in unacceptable delay.</blockquote>
32365
32366 <p><hr /></p>
32367
32368 <h2>Beastie Bits</h2>
32369
32370 <ul>
32371 <li><a href="http://lists.31bits.net/archives/devel/2018-December/000033.html">Unleashed 1.2 Released</a></li>
32372 <li><a href="https://media.ccc.de/v/35c3-9647-taming_the_chaos_can_we_build_systems_that_actually_work">35th CCC - Taming the Chaos: Can we build systems that actually work? </a></li>
32373 <li><a href="https://rachelbythebay.com/w/2018/12/30/v6/">Potholes to avoid when migrating to IPv6</a></li>
32374 <li><a href="https://www.jwz.org/blog/2018/12/xscreensaver-5-41/">XScreenSaver 5.42</a></li>
32375 <li><a href="https://hackertarget.com/ssh-examples-tunnels/">SSH Examples and Tunnels</a></li>
32376 <li><a href="https://old.reddit.com/r/freebsd/comments/abevqa/mbuf9_request_for_comment/">Help request - mbuf(9) - request for comment</a></li>
32377 <li><a href="https://www.zdnet.com/article/nsa-to-release-a-free-reverse-engineering-tool/">NSA to release free Reverse Engineering Tool</a></li>
32378 <li><a href="https://blog.grem.de/sysadmin/FreeBSD-On-rpi3-With-crochet-2018-10-27-18-00.html">Running FreeBSD on a Raspberry Pi3 using a custom image created with crochet and poudriere</a></li>
32379 </ul>
32380
32381 <p><hr /></p>
32382
32383 <h2>Feedback/Questions</h2>
32384
32385 <ul>
32386 <li>Dries - <a href="http://dpaste.com/2DCEJD6#wrap">Lets talk a bit about VIMAGE jails</a></li>
32387 <li>ohb - <a href="http://dpaste.com/1EGDSKQ#wrap">Question About ZFS Root Dataset</a></li>
32388 <li>Micah - <a href="http://dpaste.com/3TK2JWF#wrap">Active-Active NAS Sync recommendations</a></li>
32389 </ul>
32390
32391 <p><hr /></p>
32392
32393 <ul>
32394 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
32395 </ul>
32396
32397 <p><hr /></p>]]>
32398 </itunes:summary>
32399 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+rQbew48J</fireside:playerURL>
32400 <fireside:playerEmbedCode>
32401 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+rQbew48J" width="740" height="200" frameborder="0" scrolling="no">]]>
32402 </fireside:playerEmbedCode>
32403 </item>
32404 <item>
32405 <title>Episode 279: Future of ZFS | BSD Now 279</title>
32406 <link>https://www.bsdnow.tv/279</link>
32407 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-3093</guid>
32408 <pubDate>Thu, 03 Jan 2019 08:00:00 -0800</pubDate>
32409 <author>Allan Jude</author>
32410 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/c90e3b38-be68-44fd-97cf-211579e33682.mp3" length="56197307" type="audio/mp3"/>
32411 <itunes:episodeType>full</itunes:episodeType>
32412 <itunes:author>Allan Jude</itunes:author>
32413 <itunes:subtitle><span style="font-weight: 400;">The future of ZFS in FreeBSD, we pick highlights from the FreeBSD quarterly status report, flying with the raven, modern KDE on FreeBSD, many ways to launch FreeBSD in EC2, GOG installers on NetBSD, and more.</span></itunes:subtitle>
32414 <itunes:duration>1:33:21</itunes:duration>
32415 <itunes:explicit>no</itunes:explicit>
32416 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
32417 <description><span style="font-weight: 400;">The future of ZFS in FreeBSD, we pick highlights from the FreeBSD quarterly status report, flying with the raven, modern KDE on FreeBSD, many ways to launch FreeBSD in EC2, GOG installers on NetBSD, and more.</span>
32418 Headlines
32419 <a href="https://lists.freebsd.org/pipermail/freebsd-current/2018-December/072422.html">The future of ZFS in FreeBSD</a>
32420 <blockquote>The sources for FreeBSD’s ZFS support are currently taken directly from Illumos with local ifdefs to support the peculiarities of FreeBSD where the Solaris Portability Layer (SPL) shims fall short. FreeBSD has regularly pulled changes from Illumos and tried to push back any bug fixes and new features done in the context of FreeBSD. In the past few years the vast majority of new development in ZFS has taken place in DelphixOS and zfsonlinux (ZoL). Earlier this year Delphix announced that they will be moving to ZoL: <a href="https://www.delphix.com/blog/kickoff-future-eko-2018">https://www.delphix.com/blog/kickoff-future-eko-2018</a> This shift means that there will be little to no net new development of Illumos. While working through the git history of ZoL I have also discovered that many races and locking bugs have been fixed in ZoL and never made it back to Illumos and thus FreeBSD. This state of affairs has led to a general agreement among the stakeholders that I have spoken to that it makes sense to rebase FreeBSD’s ZFS on ZoL. Brian Behlendorf has graciously encouraged me to add FreeBSD support directly to ZoL <a href="https://github.com/zfsonfreebsd/ZoF">https://github.com/zfsonfreebsd/ZoF</a> so that we might all have a single shared code base.
32421 A port for ZoF can be found at <a href="https://github.com/miwi-fbsd/zof-port">https://github.com/miwi-fbsd/zof-port</a> Before it can be committed some additional functionality needs to be added to the FreeBSD opencrypto framework. These can be found at <a href="https://reviews.freebsd.org/D18520">https://reviews.freebsd.org/D18520</a>
32422 This port will provide FreeBSD users with multi modifier protection, project quotas, encrypted datasets, allocation classes, vectorized raidz, vectorized checksums, and various command line improvements.</blockquote>
32423
32424 <hr />
32425 <a href="https://www.freebsd.org/news/status/report-2018-01-2018-09.html">FreeBSD Quarterly Status Update</a>
32426 <blockquote>With FreeBSD having gone all the way to 12, it is perhaps useful to take a look back at all the things that have been accomplished, in terms of many visible changes, as well as all the things that happen behind the scenes to ensure that FreeBSD continues to offer an alternative in both design, implementation, and execution.
32427 The things you can look forward to reading about are too numerous to summarize, but cover just about everything from finalizing releases, administrative work, optimizations and depessimizations, features added and fixed, and many areas of improvement that might just surprise you a little.
32428 Please have a cup of coffee, tea, hot cocoa, or other beverage of choice, and enjoy this culmulative set of reports covering everything that’s been done since October, 2017.
32429 —Daniel Ebdrup</blockquote>
32430
32431 <hr />
32432 News Roundup
32433 <a href="https://eerielinux.wordpress.com/2018/11/30/one-year-of-flying-with-the-raven-ready-for-the-desktop/">One year of flying with the Raven: Ready for the Desktop?</a>
32434 <blockquote>It has been a little over one year now that I’m with the Ravenports project. Time to reflect my involvement, my expectations and hopes.</blockquote>
32435 <ul>
32436 <li>Ravenports</li>
32437 </ul>
32438 <blockquote>Ravenports is a universal packaging framework for *nix operating systems. For the user it provides easy access to binary packages of common software for multiple platforms. It has been the long-lasting champion on Repology’s top 10 repositories regarding package freshness (rarely dropping below 96 percent while all other projects keep below 90!).</blockquote>
32439 <blockquote>For the porter it offers a well-designed and elegant means of writing cross-platform buildsheets that allow building the same version of the software with (completely or mostly) the same compile-time configuration on different operating systems or distributions.</blockquote>
32440 <blockquote>And for the developer it means a real-world project that’s written in modern Ada (ravenadm) and C (pkg) – as well as some Perl for support scripts and make. Things feel very optimized and fast. Not being a programmer though, I cannot really say anything about the actual code and thus leave it to the interested reader’s judgement.</blockquote>
32441
32442 <hr />
32443 <a href="https://euroquis.nl/bobulate/?p=2040">Modern KDE on FreeBSD</a>
32444 <blockquote>New stuff in the official FreeBSD repositories! The X11 team has landed a newer version of libinput, opening up the way for KDE Plasma 5.14 in ports. That’s a pretty big update and it may frighten people with a new wallpaper.
32445 What this means is that the graphical stack is once again on-par with what Plasma upstream expects, and we can get back to chasing releases as soon as they happen, rather than gnashing our teeth at missing dependencies. The KDE-FreeBSD CI servers are in the process of being upgraded to 12-STABLE, and we’re integrating with the new experimental CI systems as well. This means we are chasing sensibly-modern systems (13-CURRENT is out of scope).</blockquote>
32446
32447 <hr />
32448 <a href="http://www.daemonology.net/blog/2018-12-26-the-many-ways-to-launch-FreeBSD-in-EC2.html">The many ways to launch FreeBSD in EC2</a>
32449 <blockquote>Talking to FreeBSD users recently, I became aware that while I’ve created a lot of tools, I haven’t done a very good job of explaining how, and more importantly when to use them. So for all of the EC2-curious FreeBSD users out there: Here are the many ways to launch and configure FreeBSD in EC2 — ranging from the simplest to the most complicated (but most powerful):</blockquote>
32450 <ul>
32451 <li>Launch FreeBSD and SSH in</li>
32452 <li>Launch FreeBSD and provide user-data</li>
32453 <li>Use the AMI Builder to create a customized FreeBSD AMI</li>
32454 <li>Build a FreeBSD AMI from a modified FreeBSD source tree</li>
32455 <li>Build your own disk image</li>
32456 </ul>
32457 <blockquote>I hope I’ve provided tools which help you to run FreeBSD in EC2, no matter how common or unusual your needs are. If you find my work useful, please consider supporting my work in this area; while this is both something I enjoy working on and something which is useful for my day job (Tarsnap, my online backup service), having support would make it easier for me to prioritize FreeBSD/EC2 issues over other projects.</blockquote>
32458
32459 <hr />
32460 <a href="https://dressupgeekout.blogspot.com/2018/12/using-gogcom-installers-for-linux-on.html">Using the GOG.com installers for Linux, on NetBSD</a>
32461 <blockquote><a href="http://GOG.com">GOG.com</a> prefers that you use their GOG Galaxy desktop app to download, install and manage all of your GOG games. But customers always have the option to install the game on their own terms, with a platform-specific installer.
32462 GOG offers these installers for Mac, Windows and/or Linux, depending on which platforms the game is available for.</blockquote>
32463 <ul>
32464 <li>The installers truly are platform-specific:</li>
32465 <li>macOS games are distributed in a standard .pkg</li>
32466 <li>Windows games are distributed in a setup wizard .exe</li>
32467 <li>Linux games are distributed in a goofy shell archive</li>
32468 </ul>
32469 <blockquote>Of course, none of those are NetBSD. So, if I wanted to even attempt to play a game distributed by <a href="http://GOG.com">GOG.com</a> on NetBSD, which one should I pick? The obvious choice is the Linux installer, since Linux is the most similar to NetBSD, right? Au contraire! In practice, I found that it is easier to download the Windows installer.</blockquote>
32470 <blockquote>Here’s what I mean. For example, I ported the open source version of Aquaria to pkgsrc, but that package is only the game’s engine, not the multimedia data. The multimedia data is still copyrighted. Therefore, you need to get it from somewhere else. GOG is usually a good choice, because they distribute their games without DRM. And as mentioned earlier, picking the Linux installer seemed like a natural choice.</blockquote>
32471 <blockquote>Now, actually PLAYING the games on NetBSD is a separate matter entirely. The game I’ve got here, though, my current obsession Pyre, is built with MonoGame and therefore could theoretically work on NetBSD, too, with the help of a library called FNA and a script for OpenBSD called fnaify. I do hope to create a pkgsrc package for FNA and port the fnaify script to NetBSD at some point.</blockquote>
32472
32473 <hr />
32474 Beastie Bits
32475 <ul>
32476 <li><a href="https://corecursive.com/024-software-as-a-reflection-of-values-with-bryan-cantrill/">Software as a Reflection of Values With Bryan Cantrill</a></li>
32477 <li><a href="http://dtrace.org/blogs/bmc/2018/02/03/talks/">Collection of bmc talks, updated 2018</a></li>
32478 <li><a href="https://marc.info/?l=openbsd-bugs&amp;m=154529364730319&amp;w=2">wump: incorrect wumpus movement probability</a></li>
32479 <li><a href="https://venshare.com/debugging-rust-with-vscode-on-freebsd/">Debugging Rust with VSCode on FreeBSD</a></li>
32480 <li><a href="https://vermaden.wordpress.com/2018/12/27/smb-cifs-on-freebsd/">SMB/CIFS on FreeBSD</a></li>
32481 <li><a href="https://old.reddit.com/r/freebsd/comments/aaihdk/bsd_tattoo/">BSD Tattoo</a></li>
32482 <li><a href="https://mail-index.netbsd.org/pkgsrc-users/2018/12/30/msg027871.html">pkgsrc-2018Q4 branch announcement</a></li>
32483 <li><a href="https://https.www.google.com.tedunangst.com/flak/post/toying-with-wireguard-on-openbsd">toying with wireguard on openbsd</a></li>
32484 <li><a href="https://marc.info/?l=openbsd-tech&amp;m=154627230907954&amp;w=2">new USB audio class v2.0 driver</a></li>
32485 <li><a href="https://www.youtube.com/watch?v=ZvSSHtRv5Mg">Todd Mortimer Removing ROP Gadgets from OpenBSD EuroBSDCon 2018</a></li>
32486 <li><a href="https://www.openbsd.org/65.html">OpenBSD 6.5 release page is online</a></li>
32487 <li><a href="https://twitter.com/jschauma/status/1071069217968013313?s=03">shell access to historical Unix versions in your browser</a></li>
32488 </ul>
32489
32490 <hr />
32491 Feedback/Questions
32492 <ul>
32493 <li>Brad - <a href="http://dpaste.com/2CVAF1E#wrap">ZFS Features and Upgrades</a></li>
32494 <li>Andre - <a href="http://dpaste.com/1XXFPHN#wrap">Splitting ZFS array</a></li>
32495 <li>Michael - <a href="http://dpaste.com/2S8GFD0#wrap">Priority/nice value for Jails?</a></li>
32496 </ul>
32497
32498 <hr />
32499 <ul>
32500 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
32501 </ul>
32502
32503 <hr />
32504 </description>
32505 <itunes:keywords>Bryan Cantrill,BSD,DragonflyBSD,EC2,freebsd,GOG,guide,hardenedbsd,howto,Interview,kde,NetBSD,OpenBSD,raven,ravenports,ROP Gadgets,Trident,trueos,tutorial</itunes:keywords>
32506 <content:encoded>
32507 <![CDATA[<p><span style="font-weight: 400;">The future of ZFS in FreeBSD, we pick highlights from the FreeBSD quarterly status report, flying with the raven, modern KDE on FreeBSD, many ways to launch FreeBSD in EC2, GOG installers on NetBSD, and more.</span></p>
32508
32509 <h2>Headlines</h2>
32510
32511 <h3><a href="https://lists.freebsd.org/pipermail/freebsd-current/2018-December/072422.html">The future of ZFS in FreeBSD</a></h3>
32512
32513 <blockquote>The sources for FreeBSD’s ZFS support are currently taken directly from Illumos with local ifdefs to support the peculiarities of FreeBSD where the Solaris Portability Layer (SPL) shims fall short. FreeBSD has regularly pulled changes from Illumos and tried to push back any bug fixes and new features done in the context of FreeBSD. In the past few years the vast majority of new development in ZFS has taken place in DelphixOS and zfsonlinux (ZoL). Earlier this year Delphix announced that they will be moving to ZoL: <a href="https://www.delphix.com/blog/kickoff-future-eko-2018">https://www.delphix.com/blog/kickoff-future-eko-2018</a> This shift means that there will be little to no net new development of Illumos. While working through the git history of ZoL I have also discovered that many races and locking bugs have been fixed in ZoL and never made it back to Illumos and thus FreeBSD. This state of affairs has led to a general agreement among the stakeholders that I have spoken to that it makes sense to rebase FreeBSD’s ZFS on ZoL. Brian Behlendorf has graciously encouraged me to add FreeBSD support directly to ZoL <a href="https://github.com/zfsonfreebsd/ZoF">https://github.com/zfsonfreebsd/ZoF</a> so that we might all have a single shared code base.
32514 A port for ZoF can be found at <a href="https://github.com/miwi-fbsd/zof-port">https://github.com/miwi-fbsd/zof-port</a> Before it can be committed some additional functionality needs to be added to the FreeBSD opencrypto framework. These can be found at <a href="https://reviews.freebsd.org/D18520">https://reviews.freebsd.org/D18520</a>
32515 This port will provide FreeBSD users with multi modifier protection, project quotas, encrypted datasets, allocation classes, vectorized raidz, vectorized checksums, and various command line improvements.</blockquote>
32516
32517 <p><hr /></p>
32518
32519 <h3><a href="https://www.freebsd.org/news/status/report-2018-01-2018-09.html">FreeBSD Quarterly Status Update</a></h3>
32520
32521 <blockquote>With FreeBSD having gone all the way to 12, it is perhaps useful to take a look back at all the things that have been accomplished, in terms of many visible changes, as well as all the things that happen behind the scenes to ensure that FreeBSD continues to offer an alternative in both design, implementation, and execution.
32522 The things you can look forward to reading about are too numerous to summarize, but cover just about everything from finalizing releases, administrative work, optimizations and depessimizations, features added and fixed, and many areas of improvement that might just surprise you a little.
32523 Please have a cup of coffee, tea, hot cocoa, or other beverage of choice, and enjoy this culmulative set of reports covering everything that’s been done since October, 2017.
32524 —Daniel Ebdrup</blockquote>
32525
32526 <p><hr /></p>
32527
32528 <h2>News Roundup</h2>
32529
32530 <h3><a href="https://eerielinux.wordpress.com/2018/11/30/one-year-of-flying-with-the-raven-ready-for-the-desktop/">One year of flying with the Raven: Ready for the Desktop?</a></h3>
32531
32532 <blockquote>It has been a little over one year now that I’m with the Ravenports project. Time to reflect my involvement, my expectations and hopes.</blockquote>
32533
32534 <ul>
32535 <li>Ravenports</li>
32536 </ul>
32537
32538 <blockquote>Ravenports is a universal packaging framework for *nix operating systems. For the user it provides easy access to binary packages of common software for multiple platforms. It has been the long-lasting champion on Repology’s top 10 repositories regarding package freshness (rarely dropping below 96 percent while all other projects keep below 90!).</blockquote>
32539
32540 <blockquote>For the porter it offers a well-designed and elegant means of writing cross-platform buildsheets that allow building the same version of the software with (completely or mostly) the same compile-time configuration on different operating systems or distributions.</blockquote>
32541
32542 <blockquote>And for the developer it means a real-world project that’s written in modern Ada (ravenadm) and C (pkg) – as well as some Perl for support scripts and make. Things feel very optimized and fast. Not being a programmer though, I cannot really say anything about the actual code and thus leave it to the interested reader’s judgement.</blockquote>
32543
32544 <p><hr /></p>
32545
32546 <h3><a href="https://euroquis.nl/bobulate/?p=2040">Modern KDE on FreeBSD</a></h3>
32547
32548 <blockquote>New stuff in the official FreeBSD repositories! The X11 team has landed a newer version of libinput, opening up the way for KDE Plasma 5.14 in ports. That’s a pretty big update and it may frighten people with a new wallpaper.
32549 What this means is that the graphical stack is once again on-par with what Plasma upstream expects, and we can get back to chasing releases as soon as they happen, rather than gnashing our teeth at missing dependencies. The KDE-FreeBSD CI servers are in the process of being upgraded to 12-STABLE, and we’re integrating with the new experimental CI systems as well. This means we are chasing sensibly-modern systems (13-CURRENT is out of scope).</blockquote>
32550
32551 <p><hr /></p>
32552
32553 <h3><a href="http://www.daemonology.net/blog/2018-12-26-the-many-ways-to-launch-FreeBSD-in-EC2.html">The many ways to launch FreeBSD in EC2</a></h3>
32554
32555 <blockquote>Talking to FreeBSD users recently, I became aware that while I’ve created a lot of tools, I haven’t done a very good job of explaining how, and more importantly when to use them. So for all of the EC2-curious FreeBSD users out there: Here are the many ways to launch and configure FreeBSD in EC2 — ranging from the simplest to the most complicated (but most powerful):</blockquote>
32556
32557 <ul>
32558 <li>Launch FreeBSD and SSH in</li>
32559 <li>Launch FreeBSD and provide user-data</li>
32560 <li>Use the AMI Builder to create a customized FreeBSD AMI</li>
32561 <li>Build a FreeBSD AMI from a modified FreeBSD source tree</li>
32562 <li>Build your own disk image</li>
32563 </ul>
32564
32565 <blockquote>I hope I’ve provided tools which help you to run FreeBSD in EC2, no matter how common or unusual your needs are. If you find my work useful, please consider supporting my work in this area; while this is both something I enjoy working on and something which is useful for my day job (Tarsnap, my online backup service), having support would make it easier for me to prioritize FreeBSD/EC2 issues over other projects.</blockquote>
32566
32567 <p><hr /></p>
32568
32569 <h3><a href="https://dressupgeekout.blogspot.com/2018/12/using-gogcom-installers-for-linux-on.html">Using the GOG.com installers for Linux, on NetBSD</a></h3>
32570
32571 <blockquote><a href="http://GOG.com">GOG.com</a> prefers that you use their GOG Galaxy desktop app to download, install and manage all of your GOG games. But customers always have the option to install the game on their own terms, with a platform-specific installer.
32572 GOG offers these installers for Mac, Windows and/or Linux, depending on which platforms the game is available for.</blockquote>
32573
32574 <ul>
32575 <li>The installers truly are platform-specific:</li>
32576 <li>macOS games are distributed in a standard .pkg</li>
32577 <li>Windows games are distributed in a setup wizard .exe</li>
32578 <li>Linux games are distributed in a goofy shell archive</li>
32579 </ul>
32580
32581 <blockquote>Of course, none of those are NetBSD. So, if I wanted to even attempt to play a game distributed by <a href="http://GOG.com">GOG.com</a> on NetBSD, which one should I pick? The obvious choice is the Linux installer, since Linux is the most similar to NetBSD, right? Au contraire! In practice, I found that it is easier to download the Windows installer.</blockquote>
32582
32583 <blockquote>Here’s what I mean. For example, I ported the open source version of Aquaria to pkgsrc, but that package is only the game’s engine, not the multimedia data. The multimedia data is still copyrighted. Therefore, you need to get it from somewhere else. GOG is usually a good choice, because they distribute their games without DRM. And as mentioned earlier, picking the Linux installer seemed like a natural choice.</blockquote>
32584
32585 <blockquote>Now, actually PLAYING the games on NetBSD is a separate matter entirely. The game I’ve got here, though, my current obsession Pyre, is built with MonoGame and therefore could theoretically work on NetBSD, too, with the help of a library called FNA and a script for OpenBSD called fnaify. I do hope to create a pkgsrc package for FNA and port the fnaify script to NetBSD at some point.</blockquote>
32586
32587 <p><hr /></p>
32588
32589 <h2>Beastie Bits</h2>
32590
32591 <ul>
32592 <li><a href="https://corecursive.com/024-software-as-a-reflection-of-values-with-bryan-cantrill/">Software as a Reflection of Values With Bryan Cantrill</a></li>
32593 <li><a href="http://dtrace.org/blogs/bmc/2018/02/03/talks/">Collection of bmc talks, updated 2018</a></li>
32594 <li><a href="https://marc.info/?l=openbsd-bugs&m=154529364730319&w=2">wump: incorrect wumpus movement probability</a></li>
32595 <li><a href="https://venshare.com/debugging-rust-with-vscode-on-freebsd/">Debugging Rust with VSCode on FreeBSD</a></li>
32596 <li><a href="https://vermaden.wordpress.com/2018/12/27/smb-cifs-on-freebsd/">SMB/CIFS on FreeBSD</a></li>
32597 <li><a href="https://old.reddit.com/r/freebsd/comments/aaihdk/bsd_tattoo/">BSD Tattoo</a></li>
32598 <li><a href="https://mail-index.netbsd.org/pkgsrc-users/2018/12/30/msg027871.html">pkgsrc-2018Q4 branch announcement</a></li>
32599 <li><a href="https://https.www.google.com.tedunangst.com/flak/post/toying-with-wireguard-on-openbsd">toying with wireguard on openbsd</a></li>
32600 <li><a href="https://marc.info/?l=openbsd-tech&m=154627230907954&w=2">new USB audio class v2.0 driver</a></li>
32601 <li><a href="https://www.youtube.com/watch?v=ZvSSHtRv5Mg">Todd Mortimer Removing ROP Gadgets from OpenBSD EuroBSDCon 2018</a></li>
32602 <li><a href="https://www.openbsd.org/65.html">OpenBSD 6.5 release page is online</a></li>
32603 <li><a href="https://twitter.com/jschauma/status/1071069217968013313?s=03">shell access to historical Unix versions in your browser</a></li>
32604 </ul>
32605
32606 <p><hr /></p>
32607
32608 <h2>Feedback/Questions</h2>
32609
32610 <ul>
32611 <li>Brad - <a href="http://dpaste.com/2CVAF1E#wrap">ZFS Features and Upgrades</a></li>
32612 <li>Andre - <a href="http://dpaste.com/1XXFPHN#wrap">Splitting ZFS array</a></li>
32613 <li>Michael - <a href="http://dpaste.com/2S8GFD0#wrap">Priority/nice value for Jails?</a></li>
32614 </ul>
32615
32616 <p><hr /></p>
32617
32618 <ul>
32619 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
32620 </ul>
32621
32622 <p><hr /></p>]]>
32623 </content:encoded>
32624 <itunes:summary>
32625 <![CDATA[<p><span style="font-weight: 400;">The future of ZFS in FreeBSD, we pick highlights from the FreeBSD quarterly status report, flying with the raven, modern KDE on FreeBSD, many ways to launch FreeBSD in EC2, GOG installers on NetBSD, and more.</span></p>
32626
32627 <h2>Headlines</h2>
32628
32629 <h3><a href="https://lists.freebsd.org/pipermail/freebsd-current/2018-December/072422.html">The future of ZFS in FreeBSD</a></h3>
32630
32631 <blockquote>The sources for FreeBSD’s ZFS support are currently taken directly from Illumos with local ifdefs to support the peculiarities of FreeBSD where the Solaris Portability Layer (SPL) shims fall short. FreeBSD has regularly pulled changes from Illumos and tried to push back any bug fixes and new features done in the context of FreeBSD. In the past few years the vast majority of new development in ZFS has taken place in DelphixOS and zfsonlinux (ZoL). Earlier this year Delphix announced that they will be moving to ZoL: <a href="https://www.delphix.com/blog/kickoff-future-eko-2018">https://www.delphix.com/blog/kickoff-future-eko-2018</a> This shift means that there will be little to no net new development of Illumos. While working through the git history of ZoL I have also discovered that many races and locking bugs have been fixed in ZoL and never made it back to Illumos and thus FreeBSD. This state of affairs has led to a general agreement among the stakeholders that I have spoken to that it makes sense to rebase FreeBSD’s ZFS on ZoL. Brian Behlendorf has graciously encouraged me to add FreeBSD support directly to ZoL <a href="https://github.com/zfsonfreebsd/ZoF">https://github.com/zfsonfreebsd/ZoF</a> so that we might all have a single shared code base.
32632 A port for ZoF can be found at <a href="https://github.com/miwi-fbsd/zof-port">https://github.com/miwi-fbsd/zof-port</a> Before it can be committed some additional functionality needs to be added to the FreeBSD opencrypto framework. These can be found at <a href="https://reviews.freebsd.org/D18520">https://reviews.freebsd.org/D18520</a>
32633 This port will provide FreeBSD users with multi modifier protection, project quotas, encrypted datasets, allocation classes, vectorized raidz, vectorized checksums, and various command line improvements.</blockquote>
32634
32635 <p><hr /></p>
32636
32637 <h3><a href="https://www.freebsd.org/news/status/report-2018-01-2018-09.html">FreeBSD Quarterly Status Update</a></h3>
32638
32639 <blockquote>With FreeBSD having gone all the way to 12, it is perhaps useful to take a look back at all the things that have been accomplished, in terms of many visible changes, as well as all the things that happen behind the scenes to ensure that FreeBSD continues to offer an alternative in both design, implementation, and execution.
32640 The things you can look forward to reading about are too numerous to summarize, but cover just about everything from finalizing releases, administrative work, optimizations and depessimizations, features added and fixed, and many areas of improvement that might just surprise you a little.
32641 Please have a cup of coffee, tea, hot cocoa, or other beverage of choice, and enjoy this culmulative set of reports covering everything that’s been done since October, 2017.
32642 —Daniel Ebdrup</blockquote>
32643
32644 <p><hr /></p>
32645
32646 <h2>News Roundup</h2>
32647
32648 <h3><a href="https://eerielinux.wordpress.com/2018/11/30/one-year-of-flying-with-the-raven-ready-for-the-desktop/">One year of flying with the Raven: Ready for the Desktop?</a></h3>
32649
32650 <blockquote>It has been a little over one year now that I’m with the Ravenports project. Time to reflect my involvement, my expectations and hopes.</blockquote>
32651
32652 <ul>
32653 <li>Ravenports</li>
32654 </ul>
32655
32656 <blockquote>Ravenports is a universal packaging framework for *nix operating systems. For the user it provides easy access to binary packages of common software for multiple platforms. It has been the long-lasting champion on Repology’s top 10 repositories regarding package freshness (rarely dropping below 96 percent while all other projects keep below 90!).</blockquote>
32657
32658 <blockquote>For the porter it offers a well-designed and elegant means of writing cross-platform buildsheets that allow building the same version of the software with (completely or mostly) the same compile-time configuration on different operating systems or distributions.</blockquote>
32659
32660 <blockquote>And for the developer it means a real-world project that’s written in modern Ada (ravenadm) and C (pkg) – as well as some Perl for support scripts and make. Things feel very optimized and fast. Not being a programmer though, I cannot really say anything about the actual code and thus leave it to the interested reader’s judgement.</blockquote>
32661
32662 <p><hr /></p>
32663
32664 <h3><a href="https://euroquis.nl/bobulate/?p=2040">Modern KDE on FreeBSD</a></h3>
32665
32666 <blockquote>New stuff in the official FreeBSD repositories! The X11 team has landed a newer version of libinput, opening up the way for KDE Plasma 5.14 in ports. That’s a pretty big update and it may frighten people with a new wallpaper.
32667 What this means is that the graphical stack is once again on-par with what Plasma upstream expects, and we can get back to chasing releases as soon as they happen, rather than gnashing our teeth at missing dependencies. The KDE-FreeBSD CI servers are in the process of being upgraded to 12-STABLE, and we’re integrating with the new experimental CI systems as well. This means we are chasing sensibly-modern systems (13-CURRENT is out of scope).</blockquote>
32668
32669 <p><hr /></p>
32670
32671 <h3><a href="http://www.daemonology.net/blog/2018-12-26-the-many-ways-to-launch-FreeBSD-in-EC2.html">The many ways to launch FreeBSD in EC2</a></h3>
32672
32673 <blockquote>Talking to FreeBSD users recently, I became aware that while I’ve created a lot of tools, I haven’t done a very good job of explaining how, and more importantly when to use them. So for all of the EC2-curious FreeBSD users out there: Here are the many ways to launch and configure FreeBSD in EC2 — ranging from the simplest to the most complicated (but most powerful):</blockquote>
32674
32675 <ul>
32676 <li>Launch FreeBSD and SSH in</li>
32677 <li>Launch FreeBSD and provide user-data</li>
32678 <li>Use the AMI Builder to create a customized FreeBSD AMI</li>
32679 <li>Build a FreeBSD AMI from a modified FreeBSD source tree</li>
32680 <li>Build your own disk image</li>
32681 </ul>
32682
32683 <blockquote>I hope I’ve provided tools which help you to run FreeBSD in EC2, no matter how common or unusual your needs are. If you find my work useful, please consider supporting my work in this area; while this is both something I enjoy working on and something which is useful for my day job (Tarsnap, my online backup service), having support would make it easier for me to prioritize FreeBSD/EC2 issues over other projects.</blockquote>
32684
32685 <p><hr /></p>
32686
32687 <h3><a href="https://dressupgeekout.blogspot.com/2018/12/using-gogcom-installers-for-linux-on.html">Using the GOG.com installers for Linux, on NetBSD</a></h3>
32688
32689 <blockquote><a href="http://GOG.com">GOG.com</a> prefers that you use their GOG Galaxy desktop app to download, install and manage all of your GOG games. But customers always have the option to install the game on their own terms, with a platform-specific installer.
32690 GOG offers these installers for Mac, Windows and/or Linux, depending on which platforms the game is available for.</blockquote>
32691
32692 <ul>
32693 <li>The installers truly are platform-specific:</li>
32694 <li>macOS games are distributed in a standard .pkg</li>
32695 <li>Windows games are distributed in a setup wizard .exe</li>
32696 <li>Linux games are distributed in a goofy shell archive</li>
32697 </ul>
32698
32699 <blockquote>Of course, none of those are NetBSD. So, if I wanted to even attempt to play a game distributed by <a href="http://GOG.com">GOG.com</a> on NetBSD, which one should I pick? The obvious choice is the Linux installer, since Linux is the most similar to NetBSD, right? Au contraire! In practice, I found that it is easier to download the Windows installer.</blockquote>
32700
32701 <blockquote>Here’s what I mean. For example, I ported the open source version of Aquaria to pkgsrc, but that package is only the game’s engine, not the multimedia data. The multimedia data is still copyrighted. Therefore, you need to get it from somewhere else. GOG is usually a good choice, because they distribute their games without DRM. And as mentioned earlier, picking the Linux installer seemed like a natural choice.</blockquote>
32702
32703 <blockquote>Now, actually PLAYING the games on NetBSD is a separate matter entirely. The game I’ve got here, though, my current obsession Pyre, is built with MonoGame and therefore could theoretically work on NetBSD, too, with the help of a library called FNA and a script for OpenBSD called fnaify. I do hope to create a pkgsrc package for FNA and port the fnaify script to NetBSD at some point.</blockquote>
32704
32705 <p><hr /></p>
32706
32707 <h2>Beastie Bits</h2>
32708
32709 <ul>
32710 <li><a href="https://corecursive.com/024-software-as-a-reflection-of-values-with-bryan-cantrill/">Software as a Reflection of Values With Bryan Cantrill</a></li>
32711 <li><a href="http://dtrace.org/blogs/bmc/2018/02/03/talks/">Collection of bmc talks, updated 2018</a></li>
32712 <li><a href="https://marc.info/?l=openbsd-bugs&m=154529364730319&w=2">wump: incorrect wumpus movement probability</a></li>
32713 <li><a href="https://venshare.com/debugging-rust-with-vscode-on-freebsd/">Debugging Rust with VSCode on FreeBSD</a></li>
32714 <li><a href="https://vermaden.wordpress.com/2018/12/27/smb-cifs-on-freebsd/">SMB/CIFS on FreeBSD</a></li>
32715 <li><a href="https://old.reddit.com/r/freebsd/comments/aaihdk/bsd_tattoo/">BSD Tattoo</a></li>
32716 <li><a href="https://mail-index.netbsd.org/pkgsrc-users/2018/12/30/msg027871.html">pkgsrc-2018Q4 branch announcement</a></li>
32717 <li><a href="https://https.www.google.com.tedunangst.com/flak/post/toying-with-wireguard-on-openbsd">toying with wireguard on openbsd</a></li>
32718 <li><a href="https://marc.info/?l=openbsd-tech&m=154627230907954&w=2">new USB audio class v2.0 driver</a></li>
32719 <li><a href="https://www.youtube.com/watch?v=ZvSSHtRv5Mg">Todd Mortimer Removing ROP Gadgets from OpenBSD EuroBSDCon 2018</a></li>
32720 <li><a href="https://www.openbsd.org/65.html">OpenBSD 6.5 release page is online</a></li>
32721 <li><a href="https://twitter.com/jschauma/status/1071069217968013313?s=03">shell access to historical Unix versions in your browser</a></li>
32722 </ul>
32723
32724 <p><hr /></p>
32725
32726 <h2>Feedback/Questions</h2>
32727
32728 <ul>
32729 <li>Brad - <a href="http://dpaste.com/2CVAF1E#wrap">ZFS Features and Upgrades</a></li>
32730 <li>Andre - <a href="http://dpaste.com/1XXFPHN#wrap">Splitting ZFS array</a></li>
32731 <li>Michael - <a href="http://dpaste.com/2S8GFD0#wrap">Priority/nice value for Jails?</a></li>
32732 </ul>
32733
32734 <p><hr /></p>
32735
32736 <ul>
32737 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
32738 </ul>
32739
32740 <p><hr /></p>]]>
32741 </itunes:summary>
32742 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+_eIACcz6</fireside:playerURL>
32743 <fireside:playerEmbedCode>
32744 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+_eIACcz6" width="740" height="200" frameborder="0" scrolling="no">]]>
32745 </fireside:playerEmbedCode>
32746 </item>
32747 <item>
32748 <title>Episode 278: The Real McCoy | BSD Now 278</title>
32749 <link>https://www.bsdnow.tv/278</link>
32750 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-3070</guid>
32751 <pubDate>Thu, 27 Dec 2018 01:00:00 -0800</pubDate>
32752 <author>Allan Jude</author>
32753 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/20a1a3d9-9553-4eb3-a462-eb6f41b4fa5c.mp3" length="29982521" type="audio/mp3"/>
32754 <itunes:episodeType>full</itunes:episodeType>
32755 <itunes:author>Allan Jude</itunes:author>
32756 <itunes:subtitle>We sat down at BSDCan 2018 to interview Kirk McKusick about various topics ranging about the early years of Berkeley Unix, his continuing work on UFS, the governance of FreeBSD, and more.</itunes:subtitle>
32757 <itunes:duration>49:39</itunes:duration>
32758 <itunes:explicit>no</itunes:explicit>
32759 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
32760 <description>We sat down at BSDCan 2018 to interview Kirk McKusick about various topics ranging about the early years of Berkeley Unix, his continuing work on UFS, the governance of FreeBSD, and more.
32761 <p>##Interview - Kirk McKusick - <a href="mailto:mckusick@mckusick.com">mckusick@mckusick.com</a><br>
32762 25 years of FreeBSD</p>
32763 <ul>
32764 <li>How Kirk got started in BSD, at the very beginning</li>
32765 <li>Predicting the Future</li>
32766 <li>How the code and community grew</li>
32767 <li>The leadership of the project, and how it changed over time</li>
32768 <li>UFS over the years (reading disks from 1982 in 2018)</li>
32769 <li>Conferences</li>
32770 <li>The rise and fall of Linux</li>
32771 <li>The resurgence of FreeBSD</li>
32772 </ul>
32773 <hr>
32774 <p>We want to extend a big thank you to the entire BSD community for making this show possible, and to all of our viewers for watching and providing the feedback that makes this show successful. We wish you all a happy and prosperous new year, and we’ll see you next week.</p>
32775 <ul>
32776 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
32777 </ul>
32778 <hr>
32779 </description>
32780 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview</itunes:keywords>
32781 <content:encoded>
32782 <![CDATA[<p>We sat down at BSDCan 2018 to interview Kirk McKusick about various topics ranging about the early years of Berkeley Unix, his continuing work on UFS, the governance of FreeBSD, and more.</p>
32783
32784 <p>##Interview - Kirk McKusick - <a href="mailto:mckusick@mckusick.com">mckusick@mckusick.com</a><br>
32785 25 years of FreeBSD</p>
32786
32787 <ul>
32788 <li>How Kirk got started in BSD, at the very beginning</li>
32789 <li>Predicting the Future</li>
32790 <li>How the code and community grew</li>
32791 <li>The leadership of the project, and how it changed over time</li>
32792 <li>UFS over the years (reading disks from 1982 in 2018)</li>
32793 <li>Conferences</li>
32794 <li>The rise and fall of Linux</li>
32795 <li>The resurgence of FreeBSD</li>
32796 </ul>
32797
32798 <p><hr></p>
32799
32800 <p>We want to extend a big thank you to the entire BSD community for making this show possible, and to all of our viewers for watching and providing the feedback that makes this show successful. We wish you all a happy and prosperous new year, and we’ll see you next week.</p>
32801
32802 <ul>
32803 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
32804 </ul>
32805
32806 <p><hr></p>]]>
32807 </content:encoded>
32808 <itunes:summary>
32809 <![CDATA[<p>We sat down at BSDCan 2018 to interview Kirk McKusick about various topics ranging about the early years of Berkeley Unix, his continuing work on UFS, the governance of FreeBSD, and more.</p>
32810
32811 <p>##Interview - Kirk McKusick - <a href="mailto:mckusick@mckusick.com">mckusick@mckusick.com</a><br>
32812 25 years of FreeBSD</p>
32813
32814 <ul>
32815 <li>How Kirk got started in BSD, at the very beginning</li>
32816 <li>Predicting the Future</li>
32817 <li>How the code and community grew</li>
32818 <li>The leadership of the project, and how it changed over time</li>
32819 <li>UFS over the years (reading disks from 1982 in 2018)</li>
32820 <li>Conferences</li>
32821 <li>The rise and fall of Linux</li>
32822 <li>The resurgence of FreeBSD</li>
32823 </ul>
32824
32825 <p><hr></p>
32826
32827 <p>We want to extend a big thank you to the entire BSD community for making this show possible, and to all of our viewers for watching and providing the feedback that makes this show successful. We wish you all a happy and prosperous new year, and we’ll see you next week.</p>
32828
32829 <ul>
32830 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
32831 </ul>
32832
32833 <p><hr></p>]]>
32834 </itunes:summary>
32835 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+XnTpyPyj</fireside:playerURL>
32836 <fireside:playerEmbedCode>
32837 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+XnTpyPyj" width="740" height="200" frameborder="0" scrolling="no">]]>
32838 </fireside:playerEmbedCode>
32839 </item>
32840 <item>
32841 <title>Episode 277: Nmap Level Up | BSD Now 277</title>
32842 <link>https://www.bsdnow.tv/277</link>
32843 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-3058</guid>
32844 <pubDate>Mon, 24 Dec 2018 08:00:00 -0800</pubDate>
32845 <author>Allan Jude</author>
32846 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/d08b7671-6fa3-4a12-864e-9a65603b79ee.mp3" length="46042591" type="audio/mp3"/>
32847 <itunes:episodeType>full</itunes:episodeType>
32848 <itunes:author>Allan Jude</itunes:author>
32849 <itunes:subtitle>The Open Source midlife crisis, Donald Knuth The Yoda of Silicon Valley, Certbot For OpenBSD's httpd, how to upgrade FreeBSD from 11 to 12, level up your nmap game, NetBSD desktop, and more.</itunes:subtitle>
32850 <itunes:duration>1:16:25</itunes:duration>
32851 <itunes:explicit>no</itunes:explicit>
32852 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
32853 <description>The Open Source midlife crisis, Donald Knuth The Yoda of Silicon Valley, Certbot For OpenBSD's httpd, how to upgrade FreeBSD from 11 to 12, level up your nmap game, NetBSD desktop, and more.
32854 <p>##Headlines<br>
32855 <a href="http://dtrace.org/blogs/bmc/2018/12/14/open-source-confronts-its-midlife-crisis/">Open Source Confronts its midlife crisis</a></p>
32856 <blockquote>
32857 <p>Midlife is tough: the idealism of youth has faded, as has inevitably some of its fitness and vigor. At the same time, the responsibilities of adulthood have grown. Making things more challenging, while you are navigating the turbulence of teenagers, your own parents are likely entering life’s twilight, needing help in new ways from their adult children. By midlife, in addition to the singular joys of life, you have also likely experienced its terrible sorrows: death, heartbreak, betrayal. Taken together, the fading of youth, the growth in responsibility and the endurance of misfortune can lead to cynicism or (worse) drastic and poorly thought-out choices. Add in a little fear of mortality and some existential dread, and you have the stuff of which midlife crises are made…<br>
32858 I raise this not because of my own adventures at midlife, but because it is clear to me that open source — now several decades old and fully adult — is going through its own midlife crisis. This has long been in the making: for years, I (and others) have been critical of service providers’ parasitic relationship with open source, as cloud service providers turn open source software into a service offering without giving back to the communities upon which they implicitly depend. At the same time, open source has been (rightfully) entirely unsympathetic to the proprietary software models that have been burned to the ground — but also seemingly oblivious as to the larger economic waves that have buoyed them.<br>
32859 So it seemed like only a matter of time before the companies built around open source software would have to confront their own crisis of confidence: open source business models are really tough, selling software-as-a-service is one of the most natural of them, the cloud service providers are really good at it — and their commercial appetites seem boundless. And, like a new cherry red two-seater sports car next to a minivan in a suburban driveway, some open source companies are dealing with this crisis exceptionally poorly: they are trying to restrict the way that their open source software can be used. These companies want it both ways: they want the advantages of open source — the community, the positivity, the energy, the adoption, the downloads — but they also want to enjoy the fruits of proprietary software companies in software lock-in and its monopolistic rents. If this were entirely transparent (that is, if some bits were merely being made explicitly proprietary), it would be fine: we could accept these companies as essentially proprietary software companies, albeit with an open source loss-leader. But instead, these companies are trying to license their way into this self-contradictory world: continuing to claim to be entirely open source, but perverting the license under which portions of that source are available. Most gallingly, they are doing this by hijacking open source nomenclature. Of these, the laughably named commons clause is the worst offender (it is plainly designed to be confused with the purely virtuous creative commons), but others (including CockroachDB’s Community License, MongoDB’s Server Side Public License, and Confluent’s Community License) are little better. And in particular, as it apparently needs to be said: no, “community” is not the opposite of “open source” — please stop sullying its good name by attaching it to licenses that are deliberately not open source! But even if they were more aptly named (e.g. “the restricted clause” or “the controlled use license” or — perhaps most honest of all — “the please-don’t-put-me-out-of-business-during-the-next-reInvent-keynote clause”), these licenses suffer from a serious problem: they are almost certainly asserting rights that the copyright holder doesn’t in fact have.<br>
32860 If I sell you a book that I wrote, I can restrict your right to read it aloud for an audience, or sell a translation, or write a sequel; these restrictions are rights afforded the copyright holder. I cannot, however, tell you that you can’t put the book on the same bookshelf as that of my rival, or that you can’t read the book while flying a particular airline I dislike, or that you aren’t allowed to read the book and also work for a company that competes with mine. (Lest you think that last example absurd, that’s almost verbatim the language in the new Confluent Community (sic) License.) I personally think that none of these licenses would withstand a court challenge, but I also don’t think it will come to that: because the vendors behind these licenses will surely fear that they wouldn’t survive litigation, they will deliberately avoid inviting such challenges. In some ways, this netherworld is even worse, as the license becomes a vessel for unverifiable fear of arbitrary liability.<br>
32861 let me put this to you as directly as possible: cloud services providers are emphatically not going to license your proprietary software. I mean, you knew that, right? The whole premise with your proprietary license is that you are finding that there is no way to compete with the operational dominance of the cloud services providers; did you really believe that those same dominant cloud services providers can’t simply reimplement your LDAP integration or whatever? The cloud services providers are currently reproprietarizing all of computing — they are making their own CPUs for crying out loud! — reimplementing the bits of your software that they need in the name of the service that their customers want (and will pay for!) won’t even move the needle in terms of their effort.<br>
32862 Worse than all of this (and the reason why this madness needs to stop): licenses that are vague with respect to permitted use are corporate toxin. Any company that has been through an acquisition can speak of the peril of the due diligence license audit: the acquiring entity is almost always deep pocketed and (not unrelatedly) risk averse; the last thing that any company wants is for a deal to go sideways because of concern over unbounded liability to some third-party knuckle-head. So companies that engage in license tomfoolery are doing worse than merely not solving their own problem: they are potentially poisoning the wellspring of their own community.<br>
32863 in the end, open source will survive its midlife questioning just as people in midlife get through theirs: by returning to its core values and by finding rejuvenation in its communities. Indeed, we can all find solace in the fact that while life is finite, our values and our communities survive us — and that our engagement with them is our most important legacy.</p>
32864 </blockquote>
32865 <ul>
32866 <li>See the article for the rest</li>
32867 </ul>
32868 <hr>
32869 <p>###<a href="https://www.nytimes.com/2018/12/17/science/donald-knuth-computers-algorithms-programming.html">Donald Knuth - The Yoda of Silicon Valley</a></p>
32870 <blockquote>
32871 <p>For half a century, the Stanford computer scientist Donald Knuth, who bears a slight resemblance to Yoda — albeit standing 6-foot-4 and wearing glasses — has reigned as the spirit-guide of the algorithmic realm.<br>
32872 He is the author of “The Art of Computer Programming,” a continuing four-volume opus that is his life’s work. The first volume debuted in 1968, and the collected volumes (sold as a boxed set for about $250) were included by American Scientist in 2013 on its list of books that shaped the last century of science — alongside a special edition of “The Autobiography of Charles Darwin,” Tom Wolfe’s “The Right Stuff,” Rachel Carson’s “Silent Spring” and monographs by Albert Einstein, John von Neumann and Richard Feynman.<br>
32873 With more than one million copies in print, “The Art of Computer Programming” is the Bible of its field. “Like an actual bible, it is long and comprehensive; no other book is as comprehensive,” said Peter Norvig, a director of research at Google. After 652 pages, volume one closes with a blurb on the back cover from Bill Gates: “You should definitely send me a résumé if you can read the whole thing.”<br>
32874 The volume opens with an excerpt from “McCall’s Cookbook”:</p>
32875 </blockquote>
32876 <p><code>Here is your book, the one your thousands of letters have asked us to publish. It has taken us years to do, checking and rechecking countless recipes to bring you only the best, only the interesting, only the perfect.</code></p>
32877 <blockquote>
32878 <p>Inside are algorithms, the recipes that feed the digital age — although, as Dr. Knuth likes to point out, algorithms can also be found on Babylonian tablets from 3,800 years ago. He is an esteemed algorithmist; his name is attached to some of the field’s most important specimens, such as the Knuth-Morris-Pratt string-searching algorithm. Devised in 1970, it finds all occurrences of a given word or pattern of letters in a text — for instance, when you hit Command+F to search for a keyword in a document.<br>
32879 Now 80, Dr. Knuth usually dresses like the youthful geek he was when he embarked on this odyssey: long-sleeved T-shirt under a short-sleeved T-shirt, with jeans, at least at this time of year. In those early days, he worked close to the machine, writing “in the raw,” tinkering with the zeros and ones.</p>
32880 </blockquote>
32881 <ul>
32882 <li>See the article for the rest</li>
32883 </ul>
32884 <hr>
32885 <p>##News Roundup<br>
32886 <a href="https://dev.to/nabbisen/lets-encrypt-certbot-for-openbsds-httpd-3ofd">Let’s Encrypt: Certbot For OpenBSD’s httpd</a></p>
32887 <ul>
32888 <li>Intro</li>
32889 </ul>
32890 <blockquote>
32891 <p>Let’s Encrypt is “a free, automated, and open Certificate Authority”.<br>
32892 Certbot is “an easy-to-use automatic client that fetches and deploys SSL/TLS certificates for your web server”, well known as “the official Let’s Encrypt client”.<br>
32893 I remember well how excited I felt when I read Let’s Encrypt’s “Our First Certificate Is Now Live” in 2015.<br>
32894 How wonderful the goal of them is; it’s to “give people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, for free” “to create a more secure and privacy-respecting Web”!<br>
32895 Since this year, they have begun to support even ACME v2 and Wildcard Certificate!<br>
32896 Well, in OpenBSD as well as other operating systems, it’s easy and comfortable to have their big help &#x1f60a;</p>
32897 </blockquote>
32898 <ul>
32899 <li>Environment</li>
32900 <li>OS: OpenBSD 6.4 amd64</li>
32901 <li>Web Server: OpenBSD’s httpd</li>
32902 <li>Certification: Let’s Encrypt with Certbot 0.27</li>
32903 <li>Reference: OpenBSD’s httpd</li>
32904 </ul>
32905 <hr>
32906 <p>###<a href="https://www.cyberciti.biz/open-source/freebsd-12-released-here-is-how-to-upgrade-freebsd/">FreeBSD 12 released: Here is how to upgrade FreeBSD 11 to 12</a></p>
32907 <blockquote>
32908 <p>The FreeBSD project announces the availability of FreeBSD 12.0-RELEASE. It is the first release of the stable/12 branch. The new version comes with updated software and features for a wild variety of architectures. The latest release provides performance improvements and better support for FreeBSD jails and more. One can benefit greatly using an upgraded version of FreeBSD.</p>
32909 </blockquote>
32910 <blockquote>
32911 <p>FreeBSD 12.0 supports amd64, i386, powerpc, powerpc64, powerpcspe, sparc64, armv6, armv7, and aarch64 architectures. One can run it on a standalone server or desktop system. Another option is to run it on Raspberry PI computer. FreeBSD 12 also runs on popular cloud service providers such as AWS EC2/Lightsail or Google compute VM.</p>
32912 </blockquote>
32913 <ul>
32914 <li>
32915 <p>New features and highlights:</p>
32916 </li>
32917 <li>
32918 <p>OpenSSL version 1.1.1a (LTS)</p>
32919 </li>
32920 <li>
32921 <p>OpenSSH server 7.8p1</p>
32922 </li>
32923 <li>
32924 <p>Unbound server 1.8.1</p>
32925 </li>
32926 <li>
32927 <p>Clang and co 6.0.1</p>
32928 </li>
32929 <li>
32930 <p>The FreeBSD installer supports EFI+GELI as an installation option</p>
32931 </li>
32932 <li>
32933 <p>VIMAGE FreeBSD kernel configuration option has been enabled by default. VIMAGE was the main reason I custom compiled FreeBSD for the last few years. No more custom compile for me.</p>
32934 </li>
32935 <li>
32936 <p>Graphics drivers for modern ATI/AMD and Intel graphics cards are now available in the FreeBSD ports collection</p>
32937 </li>
32938 <li>
32939 <p>ZFS has been updated to include new sysctl(s), vfs.zfs.arcminprefetchms and vfs.zfs.arcminprescientprefetchms, which improve performance of the zpool scrub subcommand</p>
32940 </li>
32941 <li>
32942 <p>The pf packet filter is now usable within a jail using vnet</p>
32943 </li>
32944 <li>
32945 <p>KDE updated to version 5.12.5</p>
32946 </li>
32947 <li>
32948 <p>The NFS version 4.1 includes pNFS server support</p>
32949 </li>
32950 <li>
32951 <p>Perl 5.26.2</p>
32952 </li>
32953 <li>
32954 <p>The default PAGER now defaults to less for most commands</p>
32955 </li>
32956 <li>
32957 <p>The dd utility has been updated to add the status=progress option to match GNU/Linux dd command to show progress bar while running dd</p>
32958 </li>
32959 <li>
32960 <p>FreeBSD now supports ext4 for read/write operation</p>
32961 </li>
32962 <li>
32963 <p>Python 2.7</p>
32964 </li>
32965 <li>
32966 <p>much more</p>
32967 </li>
32968 </ul>
32969 <hr>
32970 <p>###<a href="https://zwischenzugs.com/2018/11/25/six-ways-to-level-up-your-nmap-game/">Six Ways to Level Up Your nmap Game</a></p>
32971 <blockquote>
32972 <p>nmap is a network exploration tool and security / port scanner.<br>
32973 If you’ve heard of it, and you’re like me, you’ve most likely used it like this:<br>
32974 ie, you’ve pointed it at an IP address and observed the output which tells you the open ports on a host.<br>
32975 I used nmap like this for years, but only recently grokked the manual to see what else it could do. Here’s a quick look and some of the more useful things I found out.</p>
32976 </blockquote>
32977 <ul>
32978 <li>
32979 <ol>
32980 <li>Scan a Network</li>
32981 </ol>
32982 </li>
32983 <li>
32984 <ol start="2">
32985 <li>Scan All Ports</li>
32986 </ol>
32987 </li>
32988 <li>
32989 <ol start="3">
32990 <li>Get service versions</li>
32991 </ol>
32992 </li>
32993 <li>
32994 <ol start="4">
32995 <li>Use -A for more data</li>
32996 </ol>
32997 </li>
32998 <li>
32999 <ol start="5">
33000 <li>Find out what nmap is up to</li>
33001 </ol>
33002 </li>
33003 <li>
33004 <ol start="6">
33005 <li>Script your own scans with NSE</li>
33006 </ol>
33007 </li>
33008 </ul>
33009 <hr>
33010 <p>###[NetBSD Desktop]</p>
33011 <ul>
33012 <li><a href="https://unitedbsd.com/t/netbsd-desktop-part-1-manual-netbsd-installation-on-gpt-uefi/284">Part 1: Manual NetBSD installation on GPT/UEFI</a></li>
33013 <li><a href="https://unitedbsd.com/t/netbsd-desktop-pt-2-set-up-wireless-networking-on-netbsd-with-wpa-supplicant-and-dhcpcd/281">NetBSD desktop pt.2: Set up wireless networking on NetBSD with wpasupplicant and dhcpcd</a></li>
33014 <li><a href="https://unitedbsd.com/t/netbsd-desktop-pt-3-simple-stateful-firewall-with-npf/286">Part 3: Simple stateful firewall with NPF</a></li>
33015 <li><a href="https://unitedbsd.com/t/netbsd-desktop-pt-4-the-x-display-manager-xdm/292">Part 4: 4: The X Display Manager (XDM)</a></li>
33016 <li><a href="https://unitedbsd.com/t/netbsd-desktop-pt-5-automounting-with-berkeley-am-utils/294/3">Part 5: automounting with Berkeley am-utils</a></li>
33017 </ul>
33018 <hr>
33019 <p>##Beastie Bits</p>
33020 <ul>
33021 <li><a href="https://lists.freebsd.org/pipermail/freebsd-current/2018-December/072422.html">Call For Testing: ZFS on FreeBSD Project</a></li>
33022 <li><a href="https://www.dragonflydigest.com/2018/12/18/22223.html">DragonFlyBSD 5.4.1 release within a week</a></li>
33023 <li><a href="https://www.bunniestudios.com/blog/?p=5421">You Can’t Opt Out of the Patent System. That’s Why Patent Pandas Was Created!</a></li>
33024 <li><a href="https://yggdrasil-network.github.io/2018/12/12/announcing-v0-3.html">Announcing Yggdrasil Network v0.3</a></li>
33025 <li><a href="https://www.ziprecruiter.com/c/The-Good-Seed/Job/OpenBSD-Network-Engineer/-in-Los-Angeles,CA?jobid=35a52212-57d4d705">OpenBSD Network Engineer Job listing</a></li>
33026 <li><a href="https://itsfoss.com/freebsd-12-release/">FreeBSD 12.0 Stable Version Released!</a></li>
33027 <li><a href="http://bsdsec.net/articles/libressl-2-9-0-released">LibreSSL 2.9.0 released</a></li>
33028 <li><a href="https://www.youtube.com/watch?v=Nq8sLqtzCEQ">Live stream test: Sgi Octane light bar repair / soldering!</a></li>
33029 <li><a href="https://www.sophimail.com/configure-freebsd-email-server-using-postfix-dovecot-mysql-spamassassin/">Configure a FreeBSD Email Server Using Postfix, Dovecot, MySQL, DAVICAL and SpamAssassin</a></li>
33030 <li><a href="http://blog.obligd.com/posts/berkeley-smorgasbord.html">Berkeley smorgasbord</a></li>
33031 <li><a href="https://fosdem.org/2019/schedule/track/bsd/">FOSDEM BSD Devroom schedule</a></li>
33032 </ul>
33033 <hr>
33034 <p>##Feedback/Questions</p>
33035 <ul>
33036 <li>Warren - <a href="http://dpaste.com/1V1XS01#wrap">Ep.273: OpenZFS on OS X</a></li>
33037 <li>cogoman - <a href="http://dpaste.com/0P0MWFC#wrap">tarsnap security and using SSDs in raid</a></li>
33038 <li>Andrew - <a href="http://dpaste.com/3H9M5M0">Portland BSD Pizza Night</a></li>
33039 </ul>
33040 <hr>
33041 <ul>
33042 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
33043 </ul>
33044 <hr>
33045 </description>
33046 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, Donald Knuth, LetsEncrypt, Certbot, nmap, patent, yggdrasil, libressl</itunes:keywords>
33047 <content:encoded>
33048 <![CDATA[<p>The Open Source midlife crisis, Donald Knuth The Yoda of Silicon Valley, Certbot For OpenBSD's httpd, how to upgrade FreeBSD from 11 to 12, level up your nmap game, NetBSD desktop, and more.</p>
33049
33050 <p>##Headlines<br>
33051 ###<a href="http://dtrace.org/blogs/bmc/2018/12/14/open-source-confronts-its-midlife-crisis/">Open Source Confronts its midlife crisis</a></p>
33052
33053 <blockquote>
33054 <p>Midlife is tough: the idealism of youth has faded, as has inevitably some of its fitness and vigor. At the same time, the responsibilities of adulthood have grown. Making things more challenging, while you are navigating the turbulence of teenagers, your own parents are likely entering life’s twilight, needing help in new ways from their adult children. By midlife, in addition to the singular joys of life, you have also likely experienced its terrible sorrows: death, heartbreak, betrayal. Taken together, the fading of youth, the growth in responsibility and the endurance of misfortune can lead to cynicism or (worse) drastic and poorly thought-out choices. Add in a little fear of mortality and some existential dread, and you have the stuff of which midlife crises are made…<br>
33055 I raise this not because of my own adventures at midlife, but because it is clear to me that open source — now several decades old and fully adult — is going through its own midlife crisis. This has long been in the making: for years, I (and others) have been critical of service providers’ parasitic relationship with open source, as cloud service providers turn open source software into a service offering without giving back to the communities upon which they implicitly depend. At the same time, open source has been (rightfully) entirely unsympathetic to the proprietary software models that have been burned to the ground — but also seemingly oblivious as to the larger economic waves that have buoyed them.<br>
33056 So it seemed like only a matter of time before the companies built around open source software would have to confront their own crisis of confidence: open source business models are really tough, selling software-as-a-service is one of the most natural of them, the cloud service providers are really good at it — and their commercial appetites seem boundless. And, like a new cherry red two-seater sports car next to a minivan in a suburban driveway, some open source companies are dealing with this crisis exceptionally poorly: they are trying to restrict the way that their open source software can be used. These companies want it both ways: they want the advantages of open source — the community, the positivity, the energy, the adoption, the downloads — but they also want to enjoy the fruits of proprietary software companies in software lock-in and its monopolistic rents. If this were entirely transparent (that is, if some bits were merely being made explicitly proprietary), it would be fine: we could accept these companies as essentially proprietary software companies, albeit with an open source loss-leader. But instead, these companies are trying to license their way into this self-contradictory world: continuing to claim to be entirely open source, but perverting the license under which portions of that source are available. Most gallingly, they are doing this by hijacking open source nomenclature. Of these, the laughably named commons clause is the worst offender (it is plainly designed to be confused with the purely virtuous creative commons), but others (including CockroachDB’s Community License, MongoDB’s Server Side Public License, and Confluent’s Community License) are little better. And in particular, as it apparently needs to be said: no, “community” is not the opposite of “open source” — please stop sullying its good name by attaching it to licenses that are deliberately not open source! But even if they were more aptly named (e.g. “the restricted clause” or “the controlled use license” or — perhaps most honest of all — “the please-don’t-put-me-out-of-business-during-the-next-reInvent-keynote clause”), these licenses suffer from a serious problem: they are almost certainly asserting rights that the copyright holder doesn’t in fact have.<br>
33057 If I sell you a book that I wrote, I can restrict your right to read it aloud for an audience, or sell a translation, or write a sequel; these restrictions are rights afforded the copyright holder. I cannot, however, tell you that you can’t put the book on the same bookshelf as that of my rival, or that you can’t read the book while flying a particular airline I dislike, or that you aren’t allowed to read the book and also work for a company that competes with mine. (Lest you think that last example absurd, that’s almost verbatim the language in the new Confluent Community (sic) License.) I personally think that none of these licenses would withstand a court challenge, but I also don’t think it will come to that: because the vendors behind these licenses will surely fear that they wouldn’t survive litigation, they will deliberately avoid inviting such challenges. In some ways, this netherworld is even worse, as the license becomes a vessel for unverifiable fear of arbitrary liability.<br>
33058 let me put this to you as directly as possible: cloud services providers are emphatically not going to license your proprietary software. I mean, you knew that, right? The whole premise with your proprietary license is that you are finding that there is no way to compete with the operational dominance of the cloud services providers; did you really believe that those same dominant cloud services providers can’t simply reimplement your LDAP integration or whatever? The cloud services providers are currently reproprietarizing all of computing — they are making their own CPUs for crying out loud! — reimplementing the bits of your software that they need in the name of the service that their customers want (and will pay for!) won’t even move the needle in terms of their effort.<br>
33059 Worse than all of this (and the reason why this madness needs to stop): licenses that are vague with respect to permitted use are corporate toxin. Any company that has been through an acquisition can speak of the peril of the due diligence license audit: the acquiring entity is almost always deep pocketed and (not unrelatedly) risk averse; the last thing that any company wants is for a deal to go sideways because of concern over unbounded liability to some third-party knuckle-head. So companies that engage in license tomfoolery are doing worse than merely not solving their own problem: they are potentially poisoning the wellspring of their own community.<br>
33060 in the end, open source will survive its midlife questioning just as people in midlife get through theirs: by returning to its core values and by finding rejuvenation in its communities. Indeed, we can all find solace in the fact that while life is finite, our values and our communities survive us — and that our engagement with them is our most important legacy.</p>
33061 </blockquote>
33062
33063 <ul>
33064 <li>See the article for the rest</li>
33065 </ul>
33066
33067 <p><hr></p>
33068
33069 <p>###<a href="https://www.nytimes.com/2018/12/17/science/donald-knuth-computers-algorithms-programming.html">Donald Knuth - The Yoda of Silicon Valley</a></p>
33070
33071 <blockquote>
33072 <p>For half a century, the Stanford computer scientist Donald Knuth, who bears a slight resemblance to Yoda — albeit standing 6-foot-4 and wearing glasses — has reigned as the spirit-guide of the algorithmic realm.<br>
33073 He is the author of “The Art of Computer Programming,” a continuing four-volume opus that is his life’s work. The first volume debuted in 1968, and the collected volumes (sold as a boxed set for about $250) were included by American Scientist in 2013 on its list of books that shaped the last century of science — alongside a special edition of “The Autobiography of Charles Darwin,” Tom Wolfe’s “The Right Stuff,” Rachel Carson’s “Silent Spring” and monographs by Albert Einstein, John von Neumann and Richard Feynman.<br>
33074 With more than one million copies in print, “The Art of Computer Programming” is the Bible of its field. “Like an actual bible, it is long and comprehensive; no other book is as comprehensive,” said Peter Norvig, a director of research at Google. After 652 pages, volume one closes with a blurb on the back cover from Bill Gates: “You should definitely send me a résumé if you can read the whole thing.”<br>
33075 The volume opens with an excerpt from “McCall’s Cookbook”:</p>
33076 </blockquote>
33077
33078 <p><code>Here is your book, the one your thousands of letters have asked us to publish. It has taken us years to do, checking and rechecking countless recipes to bring you only the best, only the interesting, only the perfect.</code></p>
33079
33080 <blockquote>
33081 <p>Inside are algorithms, the recipes that feed the digital age — although, as Dr. Knuth likes to point out, algorithms can also be found on Babylonian tablets from 3,800 years ago. He is an esteemed algorithmist; his name is attached to some of the field’s most important specimens, such as the Knuth-Morris-Pratt string-searching algorithm. Devised in 1970, it finds all occurrences of a given word or pattern of letters in a text — for instance, when you hit Command+F to search for a keyword in a document.<br>
33082 Now 80, Dr. Knuth usually dresses like the youthful geek he was when he embarked on this odyssey: long-sleeved T-shirt under a short-sleeved T-shirt, with jeans, at least at this time of year. In those early days, he worked close to the machine, writing “in the raw,” tinkering with the zeros and ones.</p>
33083 </blockquote>
33084
33085 <ul>
33086 <li>See the article for the rest</li>
33087 </ul>
33088
33089 <p><hr></p>
33090
33091 <p>##News Roundup<br>
33092 ###<a href="https://dev.to/nabbisen/lets-encrypt-certbot-for-openbsds-httpd-3ofd">Let’s Encrypt: Certbot For OpenBSD’s httpd</a></p>
33093
33094 <ul>
33095 <li>Intro</li>
33096 </ul>
33097
33098 <blockquote>
33099 <p>Let’s Encrypt is “a free, automated, and open Certificate Authority”.<br>
33100 Certbot is “an easy-to-use automatic client that fetches and deploys SSL/TLS certificates for your web server”, well known as “the official Let’s Encrypt client”.<br>
33101 I remember well how excited I felt when I read Let’s Encrypt’s “Our First Certificate Is Now Live” in 2015.<br>
33102 How wonderful the goal of them is; it’s to “give people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, for free” “to create a more secure and privacy-respecting Web”!<br>
33103 Since this year, they have begun to support even ACME v2 and Wildcard Certificate!<br>
33104 Well, in OpenBSD as well as other operating systems, it’s easy and comfortable to have their big help 😊</p>
33105 </blockquote>
33106
33107 <ul>
33108 <li>Environment</li>
33109 <li>OS: OpenBSD 6.4 amd64</li>
33110 <li>Web Server: OpenBSD’s httpd</li>
33111 <li>Certification: Let’s Encrypt with Certbot 0.27</li>
33112 <li>Reference: OpenBSD’s httpd</li>
33113 </ul>
33114
33115 <p><hr></p>
33116
33117 <p>###<a href="https://www.cyberciti.biz/open-source/freebsd-12-released-here-is-how-to-upgrade-freebsd/">FreeBSD 12 released: Here is how to upgrade FreeBSD 11 to 12</a></p>
33118
33119 <blockquote>
33120 <p>The FreeBSD project announces the availability of FreeBSD 12.0-RELEASE. It is the first release of the stable/12 branch. The new version comes with updated software and features for a wild variety of architectures. The latest release provides performance improvements and better support for FreeBSD jails and more. One can benefit greatly using an upgraded version of FreeBSD.</p>
33121 </blockquote>
33122
33123 <blockquote>
33124 <p>FreeBSD 12.0 supports amd64, i386, powerpc, powerpc64, powerpcspe, sparc64, armv6, armv7, and aarch64 architectures. One can run it on a standalone server or desktop system. Another option is to run it on Raspberry PI computer. FreeBSD 12 also runs on popular cloud service providers such as AWS EC2/Lightsail or Google compute VM.</p>
33125 </blockquote>
33126
33127 <ul>
33128 <li>
33129 <p>New features and highlights:</p>
33130 </li>
33131 <li>
33132 <p>OpenSSL version 1.1.1a (LTS)</p>
33133 </li>
33134 <li>
33135 <p>OpenSSH server 7.8p1</p>
33136 </li>
33137 <li>
33138 <p>Unbound server 1.8.1</p>
33139 </li>
33140 <li>
33141 <p>Clang and co 6.0.1</p>
33142 </li>
33143 <li>
33144 <p>The FreeBSD installer supports EFI+GELI as an installation option</p>
33145 </li>
33146 <li>
33147 <p>VIMAGE FreeBSD kernel configuration option has been enabled by default. VIMAGE was the main reason I custom compiled FreeBSD for the last few years. No more custom compile for me.</p>
33148 </li>
33149 <li>
33150 <p>Graphics drivers for modern ATI/AMD and Intel graphics cards are now available in the FreeBSD ports collection</p>
33151 </li>
33152 <li>
33153 <p>ZFS has been updated to include new sysctl(s), vfs.zfs.arc_min_prefetch_ms and vfs.zfs.arc_min_prescient_prefetch_ms, which improve performance of the zpool scrub subcommand</p>
33154 </li>
33155 <li>
33156 <p>The pf packet filter is now usable within a jail using vnet</p>
33157 </li>
33158 <li>
33159 <p>KDE updated to version 5.12.5</p>
33160 </li>
33161 <li>
33162 <p>The NFS version 4.1 includes pNFS server support</p>
33163 </li>
33164 <li>
33165 <p>Perl 5.26.2</p>
33166 </li>
33167 <li>
33168 <p>The default PAGER now defaults to less for most commands</p>
33169 </li>
33170 <li>
33171 <p>The dd utility has been updated to add the status=progress option to match GNU/Linux dd command to show progress bar while running dd</p>
33172 </li>
33173 <li>
33174 <p>FreeBSD now supports ext4 for read/write operation</p>
33175 </li>
33176 <li>
33177 <p>Python 2.7</p>
33178 </li>
33179 <li>
33180 <p>much more</p>
33181 </li>
33182 </ul>
33183
33184 <p><hr></p>
33185
33186 <p>###<a href="https://zwischenzugs.com/2018/11/25/six-ways-to-level-up-your-nmap-game/">Six Ways to Level Up Your nmap Game</a></p>
33187
33188 <blockquote>
33189 <p>nmap is a network exploration tool and security / port scanner.<br>
33190 If you’ve heard of it, and you’re like me, you’ve most likely used it like this:<br>
33191 ie, you’ve pointed it at an IP address and observed the output which tells you the open ports on a host.<br>
33192 I used nmap like this for years, but only recently grokked the manual to see what else it could do. Here’s a quick look and some of the more useful things I found out.</p>
33193 </blockquote>
33194
33195 <ul>
33196 <li>
33197 <ol>
33198 <li>Scan a Network</li>
33199 </ol>
33200 </li>
33201 <li>
33202 <ol start="2">
33203 <li>Scan All Ports</li>
33204 </ol>
33205 </li>
33206 <li>
33207 <ol start="3">
33208 <li>Get service versions</li>
33209 </ol>
33210 </li>
33211 <li>
33212 <ol start="4">
33213 <li>Use -A for more data</li>
33214 </ol>
33215 </li>
33216 <li>
33217 <ol start="5">
33218 <li>Find out what nmap is up to</li>
33219 </ol>
33220 </li>
33221 <li>
33222 <ol start="6">
33223 <li>Script your own scans with NSE</li>
33224 </ol>
33225 </li>
33226 </ul>
33227
33228 <p><hr></p>
33229
33230 <p>###[NetBSD Desktop]</p>
33231
33232 <ul>
33233 <li><a href="https://unitedbsd.com/t/netbsd-desktop-part-1-manual-netbsd-installation-on-gpt-uefi/284">Part 1: Manual NetBSD installation on GPT/UEFI</a></li>
33234 <li><a href="https://unitedbsd.com/t/netbsd-desktop-pt-2-set-up-wireless-networking-on-netbsd-with-wpa-supplicant-and-dhcpcd/281">NetBSD desktop pt.2: Set up wireless networking on NetBSD with wpa_supplicant and dhcpcd</a></li>
33235 <li><a href="https://unitedbsd.com/t/netbsd-desktop-pt-3-simple-stateful-firewall-with-npf/286">Part 3: Simple stateful firewall with NPF</a></li>
33236 <li><a href="https://unitedbsd.com/t/netbsd-desktop-pt-4-the-x-display-manager-xdm/292">Part 4: 4: The X Display Manager (XDM)</a></li>
33237 <li><a href="https://unitedbsd.com/t/netbsd-desktop-pt-5-automounting-with-berkeley-am-utils/294/3">Part 5: automounting with Berkeley am-utils</a></li>
33238 </ul>
33239
33240 <p><hr></p>
33241
33242 <p>##Beastie Bits</p>
33243
33244 <ul>
33245 <li><a href="https://lists.freebsd.org/pipermail/freebsd-current/2018-December/072422.html">Call For Testing: ZFS on FreeBSD Project</a></li>
33246 <li><a href="https://www.dragonflydigest.com/2018/12/18/22223.html">DragonFlyBSD 5.4.1 release within a week</a></li>
33247 <li><a href="https://www.bunniestudios.com/blog/?p=5421">You Can’t Opt Out of the Patent System. That’s Why Patent Pandas Was Created!</a></li>
33248 <li><a href="https://yggdrasil-network.github.io/2018/12/12/announcing-v0-3.html">Announcing Yggdrasil Network v0.3</a></li>
33249 <li><a href="https://www.ziprecruiter.com/c/The-Good-Seed/Job/OpenBSD-Network-Engineer/-in-Los-Angeles,CA?jobid=35a52212-57d4d705">OpenBSD Network Engineer Job listing</a></li>
33250 <li><a href="https://itsfoss.com/freebsd-12-release/">FreeBSD 12.0 Stable Version Released!</a></li>
33251 <li><a href="http://bsdsec.net/articles/libressl-2-9-0-released">LibreSSL 2.9.0 released</a></li>
33252 <li><a href="https://www.youtube.com/watch?v=Nq8sLqtzCEQ">Live stream test: Sgi Octane light bar repair / soldering!</a></li>
33253 <li><a href="https://www.sophimail.com/configure-freebsd-email-server-using-postfix-dovecot-mysql-spamassassin/">Configure a FreeBSD Email Server Using Postfix, Dovecot, MySQL, DAVICAL and SpamAssassin</a></li>
33254 <li><a href="http://blog.obligd.com/posts/berkeley-smorgasbord.html">Berkeley smorgasbord</a></li>
33255 <li><a href="https://fosdem.org/2019/schedule/track/bsd/">FOSDEM BSD Devroom schedule</a></li>
33256 </ul>
33257
33258 <p><hr></p>
33259
33260 <p>##Feedback/Questions</p>
33261
33262 <ul>
33263 <li>Warren - <a href="http://dpaste.com/1V1XS01#wrap">Ep.273: OpenZFS on OS X</a></li>
33264 <li>cogoman - <a href="http://dpaste.com/0P0MWFC#wrap">tarsnap security and using SSDs in raid</a></li>
33265 <li>Andrew - <a href="http://dpaste.com/3H9M5M0">Portland BSD Pizza Night</a></li>
33266 </ul>
33267
33268 <p><hr></p>
33269
33270 <ul>
33271 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
33272 </ul>
33273
33274 <p><hr></p>]]>
33275 </content:encoded>
33276 <itunes:summary>
33277 <![CDATA[<p>The Open Source midlife crisis, Donald Knuth The Yoda of Silicon Valley, Certbot For OpenBSD's httpd, how to upgrade FreeBSD from 11 to 12, level up your nmap game, NetBSD desktop, and more.</p>
33278
33279 <p>##Headlines<br>
33280 ###<a href="http://dtrace.org/blogs/bmc/2018/12/14/open-source-confronts-its-midlife-crisis/">Open Source Confronts its midlife crisis</a></p>
33281
33282 <blockquote>
33283 <p>Midlife is tough: the idealism of youth has faded, as has inevitably some of its fitness and vigor. At the same time, the responsibilities of adulthood have grown. Making things more challenging, while you are navigating the turbulence of teenagers, your own parents are likely entering life’s twilight, needing help in new ways from their adult children. By midlife, in addition to the singular joys of life, you have also likely experienced its terrible sorrows: death, heartbreak, betrayal. Taken together, the fading of youth, the growth in responsibility and the endurance of misfortune can lead to cynicism or (worse) drastic and poorly thought-out choices. Add in a little fear of mortality and some existential dread, and you have the stuff of which midlife crises are made…<br>
33284 I raise this not because of my own adventures at midlife, but because it is clear to me that open source — now several decades old and fully adult — is going through its own midlife crisis. This has long been in the making: for years, I (and others) have been critical of service providers’ parasitic relationship with open source, as cloud service providers turn open source software into a service offering without giving back to the communities upon which they implicitly depend. At the same time, open source has been (rightfully) entirely unsympathetic to the proprietary software models that have been burned to the ground — but also seemingly oblivious as to the larger economic waves that have buoyed them.<br>
33285 So it seemed like only a matter of time before the companies built around open source software would have to confront their own crisis of confidence: open source business models are really tough, selling software-as-a-service is one of the most natural of them, the cloud service providers are really good at it — and their commercial appetites seem boundless. And, like a new cherry red two-seater sports car next to a minivan in a suburban driveway, some open source companies are dealing with this crisis exceptionally poorly: they are trying to restrict the way that their open source software can be used. These companies want it both ways: they want the advantages of open source — the community, the positivity, the energy, the adoption, the downloads — but they also want to enjoy the fruits of proprietary software companies in software lock-in and its monopolistic rents. If this were entirely transparent (that is, if some bits were merely being made explicitly proprietary), it would be fine: we could accept these companies as essentially proprietary software companies, albeit with an open source loss-leader. But instead, these companies are trying to license their way into this self-contradictory world: continuing to claim to be entirely open source, but perverting the license under which portions of that source are available. Most gallingly, they are doing this by hijacking open source nomenclature. Of these, the laughably named commons clause is the worst offender (it is plainly designed to be confused with the purely virtuous creative commons), but others (including CockroachDB’s Community License, MongoDB’s Server Side Public License, and Confluent’s Community License) are little better. And in particular, as it apparently needs to be said: no, “community” is not the opposite of “open source” — please stop sullying its good name by attaching it to licenses that are deliberately not open source! But even if they were more aptly named (e.g. “the restricted clause” or “the controlled use license” or — perhaps most honest of all — “the please-don’t-put-me-out-of-business-during-the-next-reInvent-keynote clause”), these licenses suffer from a serious problem: they are almost certainly asserting rights that the copyright holder doesn’t in fact have.<br>
33286 If I sell you a book that I wrote, I can restrict your right to read it aloud for an audience, or sell a translation, or write a sequel; these restrictions are rights afforded the copyright holder. I cannot, however, tell you that you can’t put the book on the same bookshelf as that of my rival, or that you can’t read the book while flying a particular airline I dislike, or that you aren’t allowed to read the book and also work for a company that competes with mine. (Lest you think that last example absurd, that’s almost verbatim the language in the new Confluent Community (sic) License.) I personally think that none of these licenses would withstand a court challenge, but I also don’t think it will come to that: because the vendors behind these licenses will surely fear that they wouldn’t survive litigation, they will deliberately avoid inviting such challenges. In some ways, this netherworld is even worse, as the license becomes a vessel for unverifiable fear of arbitrary liability.<br>
33287 let me put this to you as directly as possible: cloud services providers are emphatically not going to license your proprietary software. I mean, you knew that, right? The whole premise with your proprietary license is that you are finding that there is no way to compete with the operational dominance of the cloud services providers; did you really believe that those same dominant cloud services providers can’t simply reimplement your LDAP integration or whatever? The cloud services providers are currently reproprietarizing all of computing — they are making their own CPUs for crying out loud! — reimplementing the bits of your software that they need in the name of the service that their customers want (and will pay for!) won’t even move the needle in terms of their effort.<br>
33288 Worse than all of this (and the reason why this madness needs to stop): licenses that are vague with respect to permitted use are corporate toxin. Any company that has been through an acquisition can speak of the peril of the due diligence license audit: the acquiring entity is almost always deep pocketed and (not unrelatedly) risk averse; the last thing that any company wants is for a deal to go sideways because of concern over unbounded liability to some third-party knuckle-head. So companies that engage in license tomfoolery are doing worse than merely not solving their own problem: they are potentially poisoning the wellspring of their own community.<br>
33289 in the end, open source will survive its midlife questioning just as people in midlife get through theirs: by returning to its core values and by finding rejuvenation in its communities. Indeed, we can all find solace in the fact that while life is finite, our values and our communities survive us — and that our engagement with them is our most important legacy.</p>
33290 </blockquote>
33291
33292 <ul>
33293 <li>See the article for the rest</li>
33294 </ul>
33295
33296 <p><hr></p>
33297
33298 <p>###<a href="https://www.nytimes.com/2018/12/17/science/donald-knuth-computers-algorithms-programming.html">Donald Knuth - The Yoda of Silicon Valley</a></p>
33299
33300 <blockquote>
33301 <p>For half a century, the Stanford computer scientist Donald Knuth, who bears a slight resemblance to Yoda — albeit standing 6-foot-4 and wearing glasses — has reigned as the spirit-guide of the algorithmic realm.<br>
33302 He is the author of “The Art of Computer Programming,” a continuing four-volume opus that is his life’s work. The first volume debuted in 1968, and the collected volumes (sold as a boxed set for about $250) were included by American Scientist in 2013 on its list of books that shaped the last century of science — alongside a special edition of “The Autobiography of Charles Darwin,” Tom Wolfe’s “The Right Stuff,” Rachel Carson’s “Silent Spring” and monographs by Albert Einstein, John von Neumann and Richard Feynman.<br>
33303 With more than one million copies in print, “The Art of Computer Programming” is the Bible of its field. “Like an actual bible, it is long and comprehensive; no other book is as comprehensive,” said Peter Norvig, a director of research at Google. After 652 pages, volume one closes with a blurb on the back cover from Bill Gates: “You should definitely send me a résumé if you can read the whole thing.”<br>
33304 The volume opens with an excerpt from “McCall’s Cookbook”:</p>
33305 </blockquote>
33306
33307 <p><code>Here is your book, the one your thousands of letters have asked us to publish. It has taken us years to do, checking and rechecking countless recipes to bring you only the best, only the interesting, only the perfect.</code></p>
33308
33309 <blockquote>
33310 <p>Inside are algorithms, the recipes that feed the digital age — although, as Dr. Knuth likes to point out, algorithms can also be found on Babylonian tablets from 3,800 years ago. He is an esteemed algorithmist; his name is attached to some of the field’s most important specimens, such as the Knuth-Morris-Pratt string-searching algorithm. Devised in 1970, it finds all occurrences of a given word or pattern of letters in a text — for instance, when you hit Command+F to search for a keyword in a document.<br>
33311 Now 80, Dr. Knuth usually dresses like the youthful geek he was when he embarked on this odyssey: long-sleeved T-shirt under a short-sleeved T-shirt, with jeans, at least at this time of year. In those early days, he worked close to the machine, writing “in the raw,” tinkering with the zeros and ones.</p>
33312 </blockquote>
33313
33314 <ul>
33315 <li>See the article for the rest</li>
33316 </ul>
33317
33318 <p><hr></p>
33319
33320 <p>##News Roundup<br>
33321 ###<a href="https://dev.to/nabbisen/lets-encrypt-certbot-for-openbsds-httpd-3ofd">Let’s Encrypt: Certbot For OpenBSD’s httpd</a></p>
33322
33323 <ul>
33324 <li>Intro</li>
33325 </ul>
33326
33327 <blockquote>
33328 <p>Let’s Encrypt is “a free, automated, and open Certificate Authority”.<br>
33329 Certbot is “an easy-to-use automatic client that fetches and deploys SSL/TLS certificates for your web server”, well known as “the official Let’s Encrypt client”.<br>
33330 I remember well how excited I felt when I read Let’s Encrypt’s “Our First Certificate Is Now Live” in 2015.<br>
33331 How wonderful the goal of them is; it’s to “give people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, for free” “to create a more secure and privacy-respecting Web”!<br>
33332 Since this year, they have begun to support even ACME v2 and Wildcard Certificate!<br>
33333 Well, in OpenBSD as well as other operating systems, it’s easy and comfortable to have their big help 😊</p>
33334 </blockquote>
33335
33336 <ul>
33337 <li>Environment</li>
33338 <li>OS: OpenBSD 6.4 amd64</li>
33339 <li>Web Server: OpenBSD’s httpd</li>
33340 <li>Certification: Let’s Encrypt with Certbot 0.27</li>
33341 <li>Reference: OpenBSD’s httpd</li>
33342 </ul>
33343
33344 <p><hr></p>
33345
33346 <p>###<a href="https://www.cyberciti.biz/open-source/freebsd-12-released-here-is-how-to-upgrade-freebsd/">FreeBSD 12 released: Here is how to upgrade FreeBSD 11 to 12</a></p>
33347
33348 <blockquote>
33349 <p>The FreeBSD project announces the availability of FreeBSD 12.0-RELEASE. It is the first release of the stable/12 branch. The new version comes with updated software and features for a wild variety of architectures. The latest release provides performance improvements and better support for FreeBSD jails and more. One can benefit greatly using an upgraded version of FreeBSD.</p>
33350 </blockquote>
33351
33352 <blockquote>
33353 <p>FreeBSD 12.0 supports amd64, i386, powerpc, powerpc64, powerpcspe, sparc64, armv6, armv7, and aarch64 architectures. One can run it on a standalone server or desktop system. Another option is to run it on Raspberry PI computer. FreeBSD 12 also runs on popular cloud service providers such as AWS EC2/Lightsail or Google compute VM.</p>
33354 </blockquote>
33355
33356 <ul>
33357 <li>
33358 <p>New features and highlights:</p>
33359 </li>
33360 <li>
33361 <p>OpenSSL version 1.1.1a (LTS)</p>
33362 </li>
33363 <li>
33364 <p>OpenSSH server 7.8p1</p>
33365 </li>
33366 <li>
33367 <p>Unbound server 1.8.1</p>
33368 </li>
33369 <li>
33370 <p>Clang and co 6.0.1</p>
33371 </li>
33372 <li>
33373 <p>The FreeBSD installer supports EFI+GELI as an installation option</p>
33374 </li>
33375 <li>
33376 <p>VIMAGE FreeBSD kernel configuration option has been enabled by default. VIMAGE was the main reason I custom compiled FreeBSD for the last few years. No more custom compile for me.</p>
33377 </li>
33378 <li>
33379 <p>Graphics drivers for modern ATI/AMD and Intel graphics cards are now available in the FreeBSD ports collection</p>
33380 </li>
33381 <li>
33382 <p>ZFS has been updated to include new sysctl(s), vfs.zfs.arc_min_prefetch_ms and vfs.zfs.arc_min_prescient_prefetch_ms, which improve performance of the zpool scrub subcommand</p>
33383 </li>
33384 <li>
33385 <p>The pf packet filter is now usable within a jail using vnet</p>
33386 </li>
33387 <li>
33388 <p>KDE updated to version 5.12.5</p>
33389 </li>
33390 <li>
33391 <p>The NFS version 4.1 includes pNFS server support</p>
33392 </li>
33393 <li>
33394 <p>Perl 5.26.2</p>
33395 </li>
33396 <li>
33397 <p>The default PAGER now defaults to less for most commands</p>
33398 </li>
33399 <li>
33400 <p>The dd utility has been updated to add the status=progress option to match GNU/Linux dd command to show progress bar while running dd</p>
33401 </li>
33402 <li>
33403 <p>FreeBSD now supports ext4 for read/write operation</p>
33404 </li>
33405 <li>
33406 <p>Python 2.7</p>
33407 </li>
33408 <li>
33409 <p>much more</p>
33410 </li>
33411 </ul>
33412
33413 <p><hr></p>
33414
33415 <p>###<a href="https://zwischenzugs.com/2018/11/25/six-ways-to-level-up-your-nmap-game/">Six Ways to Level Up Your nmap Game</a></p>
33416
33417 <blockquote>
33418 <p>nmap is a network exploration tool and security / port scanner.<br>
33419 If you’ve heard of it, and you’re like me, you’ve most likely used it like this:<br>
33420 ie, you’ve pointed it at an IP address and observed the output which tells you the open ports on a host.<br>
33421 I used nmap like this for years, but only recently grokked the manual to see what else it could do. Here’s a quick look and some of the more useful things I found out.</p>
33422 </blockquote>
33423
33424 <ul>
33425 <li>
33426 <ol>
33427 <li>Scan a Network</li>
33428 </ol>
33429 </li>
33430 <li>
33431 <ol start="2">
33432 <li>Scan All Ports</li>
33433 </ol>
33434 </li>
33435 <li>
33436 <ol start="3">
33437 <li>Get service versions</li>
33438 </ol>
33439 </li>
33440 <li>
33441 <ol start="4">
33442 <li>Use -A for more data</li>
33443 </ol>
33444 </li>
33445 <li>
33446 <ol start="5">
33447 <li>Find out what nmap is up to</li>
33448 </ol>
33449 </li>
33450 <li>
33451 <ol start="6">
33452 <li>Script your own scans with NSE</li>
33453 </ol>
33454 </li>
33455 </ul>
33456
33457 <p><hr></p>
33458
33459 <p>###[NetBSD Desktop]</p>
33460
33461 <ul>
33462 <li><a href="https://unitedbsd.com/t/netbsd-desktop-part-1-manual-netbsd-installation-on-gpt-uefi/284">Part 1: Manual NetBSD installation on GPT/UEFI</a></li>
33463 <li><a href="https://unitedbsd.com/t/netbsd-desktop-pt-2-set-up-wireless-networking-on-netbsd-with-wpa-supplicant-and-dhcpcd/281">NetBSD desktop pt.2: Set up wireless networking on NetBSD with wpa_supplicant and dhcpcd</a></li>
33464 <li><a href="https://unitedbsd.com/t/netbsd-desktop-pt-3-simple-stateful-firewall-with-npf/286">Part 3: Simple stateful firewall with NPF</a></li>
33465 <li><a href="https://unitedbsd.com/t/netbsd-desktop-pt-4-the-x-display-manager-xdm/292">Part 4: 4: The X Display Manager (XDM)</a></li>
33466 <li><a href="https://unitedbsd.com/t/netbsd-desktop-pt-5-automounting-with-berkeley-am-utils/294/3">Part 5: automounting with Berkeley am-utils</a></li>
33467 </ul>
33468
33469 <p><hr></p>
33470
33471 <p>##Beastie Bits</p>
33472
33473 <ul>
33474 <li><a href="https://lists.freebsd.org/pipermail/freebsd-current/2018-December/072422.html">Call For Testing: ZFS on FreeBSD Project</a></li>
33475 <li><a href="https://www.dragonflydigest.com/2018/12/18/22223.html">DragonFlyBSD 5.4.1 release within a week</a></li>
33476 <li><a href="https://www.bunniestudios.com/blog/?p=5421">You Can’t Opt Out of the Patent System. That’s Why Patent Pandas Was Created!</a></li>
33477 <li><a href="https://yggdrasil-network.github.io/2018/12/12/announcing-v0-3.html">Announcing Yggdrasil Network v0.3</a></li>
33478 <li><a href="https://www.ziprecruiter.com/c/The-Good-Seed/Job/OpenBSD-Network-Engineer/-in-Los-Angeles,CA?jobid=35a52212-57d4d705">OpenBSD Network Engineer Job listing</a></li>
33479 <li><a href="https://itsfoss.com/freebsd-12-release/">FreeBSD 12.0 Stable Version Released!</a></li>
33480 <li><a href="http://bsdsec.net/articles/libressl-2-9-0-released">LibreSSL 2.9.0 released</a></li>
33481 <li><a href="https://www.youtube.com/watch?v=Nq8sLqtzCEQ">Live stream test: Sgi Octane light bar repair / soldering!</a></li>
33482 <li><a href="https://www.sophimail.com/configure-freebsd-email-server-using-postfix-dovecot-mysql-spamassassin/">Configure a FreeBSD Email Server Using Postfix, Dovecot, MySQL, DAVICAL and SpamAssassin</a></li>
33483 <li><a href="http://blog.obligd.com/posts/berkeley-smorgasbord.html">Berkeley smorgasbord</a></li>
33484 <li><a href="https://fosdem.org/2019/schedule/track/bsd/">FOSDEM BSD Devroom schedule</a></li>
33485 </ul>
33486
33487 <p><hr></p>
33488
33489 <p>##Feedback/Questions</p>
33490
33491 <ul>
33492 <li>Warren - <a href="http://dpaste.com/1V1XS01#wrap">Ep.273: OpenZFS on OS X</a></li>
33493 <li>cogoman - <a href="http://dpaste.com/0P0MWFC#wrap">tarsnap security and using SSDs in raid</a></li>
33494 <li>Andrew - <a href="http://dpaste.com/3H9M5M0">Portland BSD Pizza Night</a></li>
33495 </ul>
33496
33497 <p><hr></p>
33498
33499 <ul>
33500 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
33501 </ul>
33502
33503 <p><hr></p>]]>
33504 </itunes:summary>
33505 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+dzMYMCix</fireside:playerURL>
33506 <fireside:playerEmbedCode>
33507 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+dzMYMCix" width="740" height="200" frameborder="0" scrolling="no">]]>
33508 </fireside:playerEmbedCode>
33509 </item>
33510 <item>
33511 <title>Episode 276: Ho, Ho, Ho - 12.0 | BSD Now 276</title>
33512 <link>https://www.bsdnow.tv/276</link>
33513 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-3028</guid>
33514 <pubDate>Thu, 13 Dec 2018 01:15:00 -0800</pubDate>
33515 <author>Allan Jude</author>
33516 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/9e174552-285e-4d49-9120-830715479ac5.mp3" length="42596758" type="audio/mp3"/>
33517 <itunes:episodeType>full</itunes:episodeType>
33518 <itunes:author>Allan Jude</itunes:author>
33519 <itunes:subtitle>FreeBSD 12.0 is finally here, partly-cloudy IPsec VPN, KLEAK with NetBSD, How to create synth repos, GhostBSD author interview, and more.</itunes:subtitle>
33520 <itunes:duration>1:10:41</itunes:duration>
33521 <itunes:explicit>no</itunes:explicit>
33522 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
33523 <description>FreeBSD 12.0 is finally here, partly-cloudy IPsec VPN, KLEAK with NetBSD, How to create synth repos, GhostBSD author interview, and more.
33524 <p>##Headlines<br>
33525 <a href="https://www.freebsd.org/releases/12.0R/relnotes.html">FreeBSD 12.0 is available</a></p>
33526 <ul>
33527 <li>After a long release cycle, the wait is over: FreeBSD 12.0 is now officially available.</li>
33528 <li>We’ve picked a few interesting things to cover in the show, make sure to read the full <a href="https://www.freebsd.org/releases/12.0R/relnotes.html">Release Notes</a></li>
33529 </ul>
33530 <blockquote>
33531 <p>Userland:<br>
33532 Group permissions on /dev/acpi have been changed to allow users in the operator GID to invoke acpiconf(8) to suspend the system.<br>
33533 The default devfs.rules(5) configuration has been updated to allow mount_fusefs(8) with jail(8).<br>
33534 The default PAGER now defaults to less(1) for most commands.<br>
33535 The newsyslog(8) utility has been updated to reject configuration entries that specify setuid(2) or executable log files.<br>
33536 The WITH_REPRODUCIBLE_BUILD src.conf(5) knob has been enabled by default.<br>
33537 A new src.conf(5) knob, WITH_RETPOLINE, has been added to enable the retpoline mitigation for userland builds.<br>
33538 Userland applications:<br>
33539 The dtrace(1) utility has been updated to support if and else statements.<br>
33540 The legacy gdb(1) utility included in the base system is now installed to /usr/libexec for use with crashinfo(8). The gdbserver and gdbtui utilities are no longer installed. For interactive debugging, lldb(1) or a modern version of gdb(1) from devel/gdb should be used. A new src.conf(5) knob, WITHOUT_GDB_LIBEXEC has been added to disable building gdb(1). The gdb(1) utility is still installed in /usr/bin on sparc64.<br>
33541 The setfacl(1) utility has been updated to include a new flag, -R, used to operate recursively on directories.<br>
33542 The geli(8) utility has been updated to provide support for initializing multiple providers at once when they use the same passphrase and/or key.<br>
33543 The dd(1) utility has been updated to add the status=progress option, which prints the status of its operation on a single line once per second, similar to GNU dd(1).<br>
33544 The date(1) utility has been updated to include a new flag, -I, which prints its output in ISO 8601 formatting.<br>
33545 The bectl(8) utility has been added, providing an administrative interface for managing ZFS boot environments, similar to sysutils/beadm.<br>
33546 The bhyve(8) utility has been updated to add a new subcommand to the -l and -s flags, help, which when used, prints a list of supported LPC and PCI devices, respectively.<br>
33547 The tftp(1) utility has been updated to change the default transfer mode from ASCII to binary.<br>
33548 The chown(8) utility has been updated to prevent overflow of UID or GID arguments where the argument exceeded UID_MAX or GID_MAX, respectively.<br>
33549 Kernel:<br>
33550 The ACPI subsystem has been updated to implement Device object types for ACPI 6.0 support, required for some Dell, Inc. Poweredge™ AMD® Epyc™ systems.<br>
33551 The amdsmn(4) and amdtemp(4) drivers have been updated to attach to AMD® Ryzen 2™ host bridges.<br>
33552 The amdtemp(4) driver has been updated to fix temperature reporting for AMD® 2990WX CPUs.<br>
33553 Kernel Configuration:<br>
33554 The VIMAGE kernel configuration option has been enabled by default.<br>
33555 The dumpon(8) utility has been updated to add support for compressed kernel crash dumps when the kernel configuration file includes the GZIO option. See rc.conf(5) and dumpon(8) for additional information.<br>
33556 The NUMA option has been enabled by default in the amd64 GENERIC and MINIMAL kernel configurations.<br>
33557 Device Drivers:<br>
33558 The random(4) driver has been updated to remove the Yarrow algorithm. The Fortuna algorithm remains the default, and now only, available algorithm.<br>
33559 The vt(4) driver has been updated with performance improvements, drawing text at rates ranging from 2- to 6-times faster.<br>
33560 Deprecated Drivers:<br>
33561 The lmc(4) driver has been removed.<br>
33562 The ixgb(4) driver has been removed.<br>
33563 The nxge(4) driver has been removed.<br>
33564 The vxge(4) driver has been removed.<br>
33565 The jedec_ts(4) driver has been removed in 12.0-RELEASE, and its functionality replaced by jedec_dimm(4).<br>
33566 The DRM driver for modern graphics chipsets has been marked deprecated and marked for removal in FreeBSD 13. The DRM kernel modules are available from graphics/drm-stable-kmod or graphics/drm-legacy-kmod in the Ports Collection as well as via pkg(8). Additionally, the kernel modules have been added to the lua loader.conf(5) module_blacklist, as installation from the Ports Collection or pkg(8) is strongly recommended.<br>
33567 The following drivers have been deprecated in FreeBSD 12.0, and not present in FreeBSD 13.0: ae(4), de(4), ed(4), ep(4), ex(4), fe(4), pcn(4), sf(4), sn(4), tl(4), tx(4), txp(4), vx(4), wb(4), xe(4)<br>
33568 Storage:<br>
33569 The UFS/FFS filesystem has been updated to support check hashes to cylinder-group maps. Support for check hashes is available only for UFS2.<br>
33570 The UFS/FFS filesystem has been updated to consolidate TRIM/BIO_DELETE commands, reducing read/write requests due to fewer TRIM messages being sent simultaneously.<br>
33571 TRIM consolidation support has been enabled by default in the UFS/FFS filesystem. TRIM consolidation can be disabled by setting the vfs.ffs.dotrimcons sysctl(8) to 0, or adding vfs.ffs.dotrimcons=0 to sysctl.conf(5).<br>
33572 NFS:<br>
33573 The NFS version 4.1 server has been updated to include pNFS server support.<br>
33574 ZFS:<br>
33575 ZFS has been updated to include new sysctl(8)s, vfs.zfs.arc_min_prefetch_ms and vfs.zfs.arc_min_prescient_prefetch_ms, which improve performance of the zpool(8) scrub subcommand.<br>
33576 The new spacemap_v2 zpool feature has been added. This provides more efficient encoding of spacemaps, especially for full vdev spacemaps.<br>
33577 The large_dnode zpool feature been imported, allowing better compatibility with pools created under ZFS-on-Linux 0.7.x<br>
33578 Many bug fixes have been applied to the device removal feature. This feature allows you to remove a non-redundant or mirror vdev from a pool by relocating its data to other vdevs.<br>
33579 Includes the fix for PR 229614 that could cause processes to hang in zil_commit()<br>
33580 Boot Loader Changes:<br>
33581 The lua loader(8) has been updated to detect a list of installed kernels to boot.<br>
33582 The loader(8) has been updated to support geli(8) for all architectures and all disk-like devices.<br>
33583 The loader(8) has been updated to add support for loading Intel® microcode updates early during the boot process.</p>
33584 <p>Networking:<br>
33585 The pf(4) packet filter is now usable within a jail(8) using vnet(9).<br>
33586 The pf(4) packet filter has been updated to use rmlock(9) instead of rwlock(9), resulting in significant performance improvements.<br>
33587 The SO_REUSEPORT_LB option has been added to the network stack, allowing multiple programs or threads to bind to the same port, and incoming connections load balanced using a hash function.</p>
33588 </blockquote>
33589 <ul>
33590 <li>Again, read the release notes for a full list, check out the <a href="https://www.freebsd.org/releases/12.0R/errata.html">errata notices</a>. A big THANKS to the entire release engineering team and all developers involved in the release, much appreciated!</li>
33591 </ul>
33592 <hr>
33593 <p>###<a href="https://www.adminbyaccident.com/politics/abandon-linux-move-freebsd-illumos/">Abandon Linux. Move to FreeBSD or Illumos</a></p>
33594 <blockquote>
33595 <p>If you use GNU/Linux and you are only on opensource, you may be doing it wrong. Here’s why.<br>
33596 Is your company based on opensource based software only? Do you have a bunch of developers hitting some kind of server you have installed for them to “do their thing”? Being it for economical reasons (remember to donate), being it for philosophycal ones, you may have skipped good alternatives. The BSD’s and Illumos.<br>
33597 I bet you are running some sort of Debian, openSuSE or CentOS. It’s very discouraging having entered into the IT field recently and discover many of the people you meet do not even recognise the name BSD. Naming Solaris seems like naming the evil itself. The problem being many do not know why. They can’t point anything specific other than it’s fading out. This has recently shown strong when Oracle officials have stated development for new features has ceased and almost 90 % of developers for Solaris have been layed off. AIX seems alien to almost everybody unless you have a white beard. And all this is silly.<br>
33598 And here’s why. You are certainly missing two important features that FreeBSD and Illumos derivatives are enjoying. A full virtualization technology, much better and fully developed compared to the LXC containers in the Linux world, such as Jails on BSD, Zones in Solaris/Illumos, and the great ZFS file system which both share.<br>
33599 You have probably heard of a new Linux filesystem named Btrfs, which by the way, development has been dropped from the Red Hat side. Trying to emulate ZFS, Oracle started developing Btrfs file system before they acquired Sun (the original developer of ZFS), and SuSE joined the effort as well as Red Hat. It is not as well developed as ZFS and it hasn’t been tested in production environments as extensively as the former has. That leaves some uncertainty on using it or not. Red Hat leaving it aside does add some more. Although some organizations have used it with various grades of success.<br>
33600 But why is this anyhow interesting for a sysadmin or any organization? Well… FreeBSD (descendant of Berkeley UNIX) and SmartOS (based on Illumos) aglutinate some features that make administration easier, safer, faster and more reliable. The dream of any systems administrator.<br>
33601 To start, the ZFS filesystem combines the typical filesystem with a volume manager. It includes protection against corruption, snapshots and copy-on-write clones, as well as volume manager.<br>
33602 Jails is another interesting piece of technology. Linux folks usually associate this as a sort of chroot. It isn’t. It is somehow inspired by it but as you may know you can escape from a chroot environment with a blink of an eye. Jails are not called jails casually. The name has a purpose. Contain processes and programs within a defined and totally controlled environment. Jails appeared first in FreeBSD in the year 2000. Solaris Zones debuted on 2005 (now called containers) are the now proprietary version of those.<br>
33603 There are some other technologies on Linux such as Btrfs or Docker. But they have some caveats. Btrfs hasn’t been fully developed yet and it’s hasn’t been proved as much in production environments as ZFS has. And some problems have arisen recently although the developers are pushing the envelope. At some time they will match ZFS capabilities for sure. Docker is growing exponentially and it’s one of the cool technologies of modern times. The caveat is, as before, the development of this technology hasn’t been fully developed. Unlike other virtualization technologies this is not a kernel playing on top of another kernel. This is virtualization at the OS level, meaning differentiated environments can coexist on a single host, “hitting” the same unique kernel which controls and shares the resources. The problem comes when you put Docker on top of any other virtualization technology such as KVM or Xen. It breaks the purpose of it and has a performance penalty.<br>
33604 I have arrived into the IT field with very little knowledge, that is true. But what I see strikes me. Working in a bank has allowed me to see a big production environment that needs the highest of the availability and reliability. This is, sometimes, achieved by bruteforce. And it’s legitime and adequate. Redundancy has a reason and a purpose for example. But some other times it looks, it feels, like killing flies with cannons. More hardware, more virtual machines, more people, more of this, more of that. They can afford it, so they try to maintain the cost low but at the end of the day there is a chunky budget to back operations.<br>
33605 But here comes reality. You’re not a bank and you need to squeeze your investment as much as possible. By using FreeBSD jails you can avoid the performance penalty of KVM or Xen virtualization. Do you use VMWare or Hyper-V? You can avoid both and gain in performance. Not only that, control and manageability are equal as before, and sometimes easier to administer. There are four ways to operate them which can be divided in two categories. Hardcore and Human Being. For the Hardcore use the FreeBSD handbook and investigate as much as you can. For the Human Being way there are three options to use. Ezjail, Iocage and CBSD which are frameworks or programs as you may call to manage jails. I personally use Iocage but I have also used Ezjail.<br>
33606 How can you use jails on your benefit? Ever tried to configure some new software and failed miserably? You can have three different jails running at the same time with different configurations. Want to try a new configuration in a production piece of hardware without applying it on the final users? You can do that with a small jail while the production environment is on in another bigger, chunkier jail.<br>
33607 Want to divide the hardware as a replica of the division of the team/s you are working with? Want to sell virtual machines with bare metal performance? Do you want to isolate some piece of critical software or even data in a more controlled environment? Do you have different clients and you want to use the same hardware but you want to avoid them seeing each other at the same time you maintain performance and reliability?<br>
33608 Are you a developer and you have to have reliable and portable snapshots of your work? Do you want to try new options-designs without breaking your previous work, in a timeless fashion? You can work on something, clone the jail and apply the new ideas on the project in a matter of seconds. You can stop there, export the filesystem snapshot containing all the environment and all your work and place it on a thumbdrive to later import it on a big production system. Want to change that image properties such as the network stack interface and ip? This is just one command away from you.<br>
33609 But what properties can you assign to a jail and how can I manage them you may be wondering. Hostname, disk quota, i/o, memory, cpu limits, network isolation, network virtualization, snapshots and the manage of those, migration and root privilege isolation to name a few. You can also clone them and import and export them between different systems. Some of these things because of ZFS. Iocage is a python program to manage jails and it takes profit from ZFS advantages.<br>
33610 But FreeBSD is not Linux you may say. No it is not. There are no run levels. The systemd factor is out of this equation. This is so since the begginning. Ever wondered where did vi come from? The TCP/IP stack? Your beloved macOS from Apple? All this is coming from the FreeBSD project. If you are used to Linux your adaptation period with any BSD will be short, very short. You will almost feel at home. Used to packaged software using yum or apt-get? No worries. With pkgng, the package management tool used in FreeBSD has almost 27.000 compiled packages for you to use. Almost all software found on any of the important GNU/Linux distros can be found here. Java, Python, C, C++, Clang, GCC, Javascript frameworks, Ruby, PHP, MySQL and the major forks, etc. All this opensource software, and much more, is available at your fingertips.<br>
33611 I am a developer and… frankly my time is money and I appreciate both much more than dealing with systems configuration, etc. You can set a VM using VMWare or VirtualBox and play with barebones FreeBSD or you can use TrueOS (a derivative) which comes in a server version and a desktop oriented one. The latter will be easier for you to play with. You may be doing this already with Linux. There is a third and very sensible option. FreeNAS, developed by iXSystems. It is FreeBSD based and offers all these technologies with a GUI. VMWare, Hyper-V? Nowadays you can get your hands off the CLI and get a decent, usable, nice GUI.<br>
33612 You say you play on the cloud. The major players already include FreeBSD in their offerings. You can find it in Amazon AWS or Azure (with official Microsoft support contracts too!). You can also find it in DigitalOcean and other hosting providers. There is no excuse. You can use it at home, at the office, with old or new hardware and in the cloud as well. You can even pay for a support contract to use it. Joyent, the developers of SmartOS have their own cloud with different locations around the globe. Have a look on them too.<br>
33613 If you want the original of ZFS and zones you may think of Solaris. But it’s fading away. But it really isn’t. When Oracle bouth Sun many people ran away in an stampide fashion. Some of the good folks working at Sun founded new projects. One of these is Illumos. Joyent is a company formed by people who developed these technologies. They are a cloud operator, have been recently bought by Samsung and have a very competent team of people providing great tech solutions. They have developed an OS, called SmartOS (based on Illumos) with all these features. The source from this goes back to the early days of UNIX. Do you remember the days of OpenSolaris when Sun opensourced the crown jewels? There you have it. A modern opensource UNIX operating system with the roots in their original place and the head planted on today’s needs.<br>
33614 In conclusion. If you are on GNU/Linux and you only use opensource software you may be doing it wrong. And missing goodies you may need and like. Once you put your hands on them, trust me, you won’t look back. And if you have some “old fashioned” admins who know Solaris, you can bring them to a new profitable and exciting life with both systems.<br>
33615 Still not convinced? Would you have ever imagined Microsoft supporting Linux? Even loving it? They do love now FreeBSD. And not only that, they provide their own image in the Azure Cloud and you can get Microsoft support, payed support if you want to use the platform on Azure. Ain’t it… surprising? Convincing at all?<br>
33616 PS: I haven’t mentioned both softwares, FreeBSD and SmartOS do have a Linux translation layer. This means you can run Linux binaries on them and the program won’t cough at all. Since the ABI stays stable the only thing you need to run a Linux binary is a translation between the different system calls and the libraries. Remember POSIX? Choose your poison and enjoy it.</p>
33617 </blockquote>
33618 <hr>
33619 <p>###<a href="https://bradackerman.com/posts/2018-12-05-bsd-cloudy-vpn/">A partly-cloudy IPsec VPN</a></p>
33620 <ul>
33621 <li>Audience</li>
33622 </ul>
33623 <blockquote>
33624 <p>I’m assuming that readers have at least a basic knowledge of TCP/IP networking and some UNIX or UNIX-like systems, but not necessarily OpenBSD or FreeBSD. This post will therefore be light on details that aren’t OS specific and are likely to be encountered in normal use (e.g., how to use vi or another text editor.) For more information on these topics, read Absolute FreeBSD (3ed.) by Michael W. Lucas.</p>
33625 </blockquote>
33626 <ul>
33627 <li>Overview</li>
33628 </ul>
33629 <blockquote>
33630 <p>I’m redoing my DigitalOcean virtual machines (which they call droplets). My requirements are:</p>
33631 </blockquote>
33632 <ul>
33633 <li>VPN</li>
33634 <li>Road-warrior access, so I can use private network resources from anywhere.</li>
33635 <li>A site-to-site VPN, extending my home network to my VPSes.</li>
33636 <li>Hosting for public and private network services.</li>
33637 <li>A proxy service to provide a public IP address to services hosted at home.</li>
33638 </ul>
33639 <blockquote>
33640 <p>The last item is on the list because I don’t actually have a public IP address at home; my firewall’s external address is in the RFC 1918 space, and the entire apartment building shares a single public IPv4 address.1 (IPv6? Don’t I wish.) The end-state network will include one OpenBSD droplet providing firewall, router, and VPN services; and one FreeBSD droplet hosting multiple jailed services.<br>
33641 I’ll be providing access via these droplets to a NextCloud instance at home. A simple NAT on the DO router droplet isn’t going to work, because packets going from home to the internet would exit through the apartment building’s connection and not through the VPN. It’s possible that I could do work around this issue with packet tagging using the pf firewall, but HAProxy is simple to configure and unlikely to result in hard-to-debug problems. relayd is also an option, but doesn’t have the TLS parsing abilities of HAProxy, which I’ll be using later on.<br>
33642 Since this system includes jails running on a VPS, and they’ve got RFC 1918 addresses, I want them reachable from my home network. Once that’s done, I can access the private address space from anywhere through a VPN connection to the cloudy router.<br>
33643 The VPN itself will be of the IPsec variety. IPsec is the traditional enterprise VPN standard, and is even used for classified applications, but has a (somewhat-deserved) reputation for complexity, but recent versions of OpenBSD turn down the difficulty by quite a bit.</p>
33644 </blockquote>
33645 <ul>
33646 <li>The end-state network should look like: <a href="https://d33wubrfki0l68.cloudfront.net/0ccf46fb057e0d50923209bb2e2af0122637e72d/e714e/201812-cloudy/endstate.svg">https://d33wubrfki0l68.cloudfront.net/0ccf46fb057e0d50923209bb2e2af0122637e72d/e714e/201812-cloudy/endstate.svg</a></li>
33647 </ul>
33648 <blockquote>
33649 <p>This VPN both separates internal network traffic from public traffic and uses encryption to prevent interception or tampering.<br>
33650 Once traffic has been encrypted, decrypting it without the key would, as Bruce Schneier once put it, require a computer built from something other than matter that occupies something other than space. Dyson spheres and a frakton of causality violation would possibly work, as would mathemagical technology that alters the local calendar such that P=NP.2 Black-bag jobs and/or suborning cloud provider employees doesn’t quite have that guarantee of impossibility, however. If you have serious security requirements, you’ll need to do better than a random blog entry.</p>
33651 </blockquote>
33652 <hr>
33653 <p>##News Roundup<br>
33654 <a href="https://netbsd.org/gallery/presentations/maxv/kleak.pdf">KLEAK: Practical Kernel Memory Disclosure Detection</a></p>
33655 <blockquote>
33656 <p>Modern operating systems such as NetBSD, macOS, and Windows isolate their kernel from userspace programs to increase fault tolerance and to protect against malicious manipulations [10]. User space programs have to call into the kernel to request resources, via system calls or ioctls. This communication between user space and kernel space crosses a security boundary. Kernel memory disclosures - also known as kernel information leaks - denote the inadvertent copying of uninitialized bytes from kernel space to user space. Such disclosed memory may contain cryptographic keys, information about the kernel memory layout, or other forms of secret data. Even though kernel memory disclosures do not allow direct exploitation of a system, they lay the ground for it.<br>
33657 We introduce KLEAK, a simple approach to dynamically detect kernel information leaks. Simply said, KLEAK utilizes a rudimentary form of taint tracking: it taints kernel memory with marker values, lets the data travel through the kernel and scans the buffers exchanged between the kernel and the user space for these marker values. By using compiler instrumentation and rotating the markers at regular intervals, KLEAK significantly reduces the number of false positives, and is able to yield relevant results with little effort.<br>
33658 Our approach is practically feasible as we prove with an implementation for the NetBSD kernel. A small performance penalty is introduced, but the system remains usable. In addition to implementing KLEAK in the NetBSD kernel, we applied our approach to FreeBSD 11.2. In total, we detected 21 previously unknown kernel memory disclosures in NetBSD-current and FreeBSD 11.2, which were fixed subsequently. As a follow-up, the projects’ developers manually audited related kernel areas and identified dozens of other kernel memory disclosures.<br>
33659 The remainder of this paper is structured as follows. Section II discusses the bug class of kernel memory disclosures. Section III presents KLEAK to dynamically detect instances of this bug class. Section IV discusses the results of applying KLEAK to NetBSD-current and FreeBSD 11.2. Section V reviews prior research. Finally, Section VI concludes this paper.</p>
33660 </blockquote>
33661 <hr>
33662 <p>###<a href="https://www.dragonflybsd.org/docs/howtos/How_To_Create_Official_Synth_Repo/">How To Create Official Synth Repo</a></p>
33663 <ul>
33664 <li>
33665 <p>System Environment</p>
33666 </li>
33667 <li>
33668 <p>Make sure /usr/dports is updated and that it contains no cruft (git pull; git status). Remove any cruft.</p>
33669 </li>
33670 <li>
33671 <p>Make sure your ‘synth’ is up-to-date ‘pkg upgrade synth’. If you already updated your system you may have to build synth from scratch, from /usr/dports/ports-mgmt/synth.</p>
33672 </li>
33673 <li>
33674 <p>Make sure /etc/make.conf is clean.</p>
33675 </li>
33676 <li>
33677 <p>Update /usr/src to the current master, make sure there is no cruft in it</p>
33678 </li>
33679 <li>
33680 <p>Do a full buildworld, buildkernel, installkernel and installworld</p>
33681 </li>
33682 <li>
33683 <p>Reboot</p>
33684 </li>
33685 <li>
33686 <p>After the reboot, before proceeding, run ‘uname -a’ and make sure you are now on the desired release or development kernel.</p>
33687 </li>
33688 <li>
33689 <p>Synth Environment</p>
33690 </li>
33691 <li>
33692 <p>/usr/local/etc/synth/ contains the synth configuration. It should contain a synth.ini file (you may have to rename the template), and you will have to create or edit a LiveSystem-make.conf file.</p>
33693 </li>
33694 <li>
33695 <p>System requirements are hefty. Just linking chromium alone eats at least 30GB, for example. Concurrent c++ compiles can eat up to 2GB per process. We recommend at least 100GB of SSD based swap space and 300GB of free space on the filesystem.</p>
33696 </li>
33697 <li>
33698 <p>synth.ini should contain this. Plus modify the builders and jobs to suit your system. With 128G of ram, 30/30 or 40/25 works well. If you have 32G of ram, maybe 8/8 or less.</p>
33699 </li>
33700 </ul>
33701 <p><code>; Take care when hand editing!</code><br>
33702 <code></code><br>
33703 <code>[Global Configuration]</code><br>
33704 <code>profileselected= LiveSystem</code><br>
33705 <code></code><br>
33706 <code>[LiveSystem]</code><br>
33707 <code>Operatingsystem= DragonFly</code><br>
33708 <code>Directorypackages= /build/synth/livepackages</code><br>
33709 <code>Directoryrepository= /build/synth/livepackages/All</code><br>
33710 <code>Directoryportsdir= /build/synth/dports</code><br>
33711 <code>Directoryoptions= /build/synth/options</code><br>
33712 <code>Directorydistfiles= /usr/distfiles</code><br>
33713 <code>Directorybuildbase= /build/synth/build</code><br>
33714 <code>Directorylogs= /build/synth/logs</code><br>
33715 <code>Directoryccache= disabled</code><br>
33716 <code>Directorysystem= /</code><br>
33717 <code>Numberofbuilders= 30</code><br>
33718 <code>Maxjobsperbuilder= 30</code><br>
33719 <code>Tmpfsworkdir= true</code><br>
33720 <code>Tmpfslocalbase= true</code><br>
33721 <code>Displaywithncurses= true</code><br>
33722 <code>leverageprebuilt= false</code></p>
33723 <ul>
33724 <li>LiveSystem-make.conf should contain one line to restrict licensing to only what is allowed to be built as a binary package:</li>
33725 </ul>
33726 <p><code>LICENSESACCEPTED= NONE</code></p>
33727 <ul>
33728 <li>
33729 <p>Make sure there is no other cruft in /usr/local/etc/synth/</p>
33730 </li>
33731 <li>
33732 <p>In the example above, the synth working dirs are in “/build/synth”. Make sure the base directories exist. Clean out any cruft for a fresh build from-scratch:</p>
33733 </li>
33734 </ul>
33735 <p><code>rm -rf /build/synth/livepackages/*</code><br>
33736 <code>rm -rf /build/synth/logs</code><br>
33737 <code>mkdir /build/synth/logs</code></p>
33738 <ul>
33739 <li>Run synth everything. I recommend doing this in a ‘screen’ session in case you lose your ssh session (assuming you are ssh’d into the build machine).</li>
33740 </ul>
33741 <p><code>(optionally start a screen session)</code><br>
33742 <code>synth everything</code></p>
33743 <ul>
33744 <li>A full synth build takes over 24 hours to run on a 48-core box, around 12 hours to run on a 64-core box. On a 4-core/8-thread box it will take at least 3 days. There will be times when swap space is heavily used. If you have not run synth before, monitor your memory and swap loads to make sure you have configured the jobs properly. If you are overloading the system, you may have to ^C the synth run, reduce the jobs, and start it again. It will pick up where it left off.</li>
33745 <li>When synth finishes, let it rebuild the database. You then have a working binary repo.</li>
33746 <li>It is usually a good idea to run synth several times to pick up any stuff it couldn’t build the first time. Each of these incremental runs may take a few hours, depending on what it tries to build.</li>
33747 </ul>
33748 <hr>
33749 <p>###<a href="https://www.freebsdbytes.com/2018/11/interview-eric-turgeon-founder-maintainer-ghostbsd/">Interview with founder and maintainer of GhostBSD, Eric Turgeon</a></p>
33750 <ul>
33751 <li>Thanks you Eric for taking part. To start off, could you tell us a little about yourself, just a bit of background?</li>
33752 <li>How did you become interested in open source?</li>
33753 <li>When and how did you get interested in the BSD operating systems?</li>
33754 <li>On your Twitter profile, you state that you are an automation engineer at iXsystems. Can you share what you do in your day-to-day job?</li>
33755 <li>You are the founder and project lead of GhostBSD. Could you describe GhostBSD to those who have never used it or never heard of it?</li>
33756 <li>Developing an operating system is not a small thing. What made you decide to start the GhostBSD project and not join another “desktop FreeBSD” related project, such as PC-BSD and DesktopBSD at the time?</li>
33757 <li>How did you get to the name GhostBSD? Did you consider any other names?</li>
33758 <li>You recently released GhostBSD 18.10? What’s new in that version and what are the key features? What has changed since GhostBSD 11.1?</li>
33759 <li>The current version is 18.10. Will the next version be 19.04 (like Ubuntu’s version numbering), or is a new version released after the next stable TrueOS release</li>
33760 <li>Can you tell us something about the development team? Is it yourself, or are there other core team members? I think I saw two other developers on your Github project page.</li>
33761 <li>How about the relationship with the community? Is it possible for a community member to contribute, and how are those contributions handled?</li>
33762 <li>What was the biggest challenge during development?</li>
33763 <li>If you had to pick one feature readers should check out in GhostBSD, what is it and why?</li>
33764 <li>What is the relationship between iXsystems and the GhostBSD project? Or is GhostBSD a hobby project that you run separately from your work at iXsystems?</li>
33765 <li>What is the relationship between GhostBSD and TrueOS? Is GhostBSD TrueOS with the MATE desktop on top, or are there other modifications, additions, and differences?</li>
33766 <li>Where does GhostBSD go from here? What are your plans for 2019?</li>
33767 <li>Is there anything else that wasn’t asked or that you want to share?</li>
33768 </ul>
33769 <hr>
33770 <p>##Beastie Bits</p>
33771 <ul>
33772 <li><a href="https://twitter.com/gonzoua/status/1071252700023508993">dialog(1) script to select audio output on FreeBSD</a></li>
33773 <li><a href="http://blog.obligd.com/posts/erlang-otp-on-openbsd.html">Erlang otp on OpenBSD</a></li>
33774 <li><a href="https://oshogbo.vexillium.org/blog/57/">Capsicum</a></li>
33775 <li><a href="https://blog.grem.de/sysadmin/FreeBSD-On-rpi3-With-crochet-2018-10-27-18-00.html">https://blog.grem.de/sysadmin/FreeBSD-On-rpi3-With-crochet-2018-10-27-18-00.html</a></li>
33776 <li><a href="https://blog.netbsd.org/tnf/entry/introductionto%C2%B5ubsana_clean">Introduction to µUBSan - a clean-room reimplementation of the Undefined Behavior Sanitizer runtime</a></li>
33777 <li><a href="https://pkgsrc.org/pkgsrcCon/2018/talks.html">pkgsrcCon 2018 in Berlin - Videos</a></li>
33778 <li><a href="https://freebsddesktop.github.io/2018/12/08/drm-kmod-primer.html">Getting started with drm-kmod</a></li>
33779 </ul>
33780 <hr>
33781 <p>##Feedback/Questions</p>
33782 <ul>
33783 <li>Malcolm - <a href="http://dpaste.com/28PYSGK">Show segment idea</a></li>
33784 <li>Fraser - <a href="http://dpaste.com/38W3PRB">Question: FreeBSD official binary package options</a></li>
33785 <li>Harri - <a href="http://dpaste.com/3SENZ7H#wrap">BSD Magazine</a></li>
33786 </ul>
33787 <hr>
33788 <ul>
33789 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
33790 </ul>
33791 <hr>
33792 </description>
33793 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, Illumos, IPSec, VPN, OpenBGPD, KLEAK, Synth</itunes:keywords>
33794 <content:encoded>
33795 <![CDATA[<p>FreeBSD 12.0 is finally here, partly-cloudy IPsec VPN, KLEAK with NetBSD, How to create synth repos, GhostBSD author interview, and more.</p>
33796
33797 <p>##Headlines<br>
33798 ###<a href="https://www.freebsd.org/releases/12.0R/relnotes.html">FreeBSD 12.0 is available</a></p>
33799
33800 <ul>
33801 <li>After a long release cycle, the wait is over: FreeBSD 12.0 is now officially available.</li>
33802 <li>We’ve picked a few interesting things to cover in the show, make sure to read the full <a href="https://www.freebsd.org/releases/12.0R/relnotes.html">Release Notes</a></li>
33803 </ul>
33804
33805 <blockquote>
33806 <p>Userland:<br>
33807 Group permissions on /dev/acpi have been changed to allow users in the operator GID to invoke acpiconf(8) to suspend the system.<br>
33808 The default devfs.rules(5) configuration has been updated to allow mount_fusefs(8) with jail(8).<br>
33809 The default PAGER now defaults to less(1) for most commands.<br>
33810 The newsyslog(8) utility has been updated to reject configuration entries that specify setuid(2) or executable log files.<br>
33811 The WITH_REPRODUCIBLE_BUILD src.conf(5) knob has been enabled by default.<br>
33812 A new src.conf(5) knob, WITH_RETPOLINE, has been added to enable the retpoline mitigation for userland builds.<br>
33813 Userland applications:<br>
33814 The dtrace(1) utility has been updated to support if and else statements.<br>
33815 The legacy gdb(1) utility included in the base system is now installed to /usr/libexec for use with crashinfo(8). The gdbserver and gdbtui utilities are no longer installed. For interactive debugging, lldb(1) or a modern version of gdb(1) from devel/gdb should be used. A new src.conf(5) knob, WITHOUT_GDB_LIBEXEC has been added to disable building gdb(1). The gdb(1) utility is still installed in /usr/bin on sparc64.<br>
33816 The setfacl(1) utility has been updated to include a new flag, -R, used to operate recursively on directories.<br>
33817 The geli(8) utility has been updated to provide support for initializing multiple providers at once when they use the same passphrase and/or key.<br>
33818 The dd(1) utility has been updated to add the status=progress option, which prints the status of its operation on a single line once per second, similar to GNU dd(1).<br>
33819 The date(1) utility has been updated to include a new flag, -I, which prints its output in ISO 8601 formatting.<br>
33820 The bectl(8) utility has been added, providing an administrative interface for managing ZFS boot environments, similar to sysutils/beadm.<br>
33821 The bhyve(8) utility has been updated to add a new subcommand to the -l and -s flags, help, which when used, prints a list of supported LPC and PCI devices, respectively.<br>
33822 The tftp(1) utility has been updated to change the default transfer mode from ASCII to binary.<br>
33823 The chown(8) utility has been updated to prevent overflow of UID or GID arguments where the argument exceeded UID_MAX or GID_MAX, respectively.<br>
33824 Kernel:<br>
33825 The ACPI subsystem has been updated to implement Device object types for ACPI 6.0 support, required for some Dell, Inc. Poweredge™ AMD® Epyc™ systems.<br>
33826 The amdsmn(4) and amdtemp(4) drivers have been updated to attach to AMD® Ryzen 2™ host bridges.<br>
33827 The amdtemp(4) driver has been updated to fix temperature reporting for AMD® 2990WX CPUs.<br>
33828 Kernel Configuration:<br>
33829 The VIMAGE kernel configuration option has been enabled by default.<br>
33830 The dumpon(8) utility has been updated to add support for compressed kernel crash dumps when the kernel configuration file includes the GZIO option. See rc.conf(5) and dumpon(8) for additional information.<br>
33831 The NUMA option has been enabled by default in the amd64 GENERIC and MINIMAL kernel configurations.<br>
33832 Device Drivers:<br>
33833 The random(4) driver has been updated to remove the Yarrow algorithm. The Fortuna algorithm remains the default, and now only, available algorithm.<br>
33834 The vt(4) driver has been updated with performance improvements, drawing text at rates ranging from 2- to 6-times faster.<br>
33835 Deprecated Drivers:<br>
33836 The lmc(4) driver has been removed.<br>
33837 The ixgb(4) driver has been removed.<br>
33838 The nxge(4) driver has been removed.<br>
33839 The vxge(4) driver has been removed.<br>
33840 The jedec_ts(4) driver has been removed in 12.0-RELEASE, and its functionality replaced by jedec_dimm(4).<br>
33841 The DRM driver for modern graphics chipsets has been marked deprecated and marked for removal in FreeBSD 13. The DRM kernel modules are available from graphics/drm-stable-kmod or graphics/drm-legacy-kmod in the Ports Collection as well as via pkg(8). Additionally, the kernel modules have been added to the lua loader.conf(5) module_blacklist, as installation from the Ports Collection or pkg(8) is strongly recommended.<br>
33842 The following drivers have been deprecated in FreeBSD 12.0, and not present in FreeBSD 13.0: ae(4), de(4), ed(4), ep(4), ex(4), fe(4), pcn(4), sf(4), sn(4), tl(4), tx(4), txp(4), vx(4), wb(4), xe(4)<br>
33843 Storage:<br>
33844 The UFS/FFS filesystem has been updated to support check hashes to cylinder-group maps. Support for check hashes is available only for UFS2.<br>
33845 The UFS/FFS filesystem has been updated to consolidate TRIM/BIO_DELETE commands, reducing read/write requests due to fewer TRIM messages being sent simultaneously.<br>
33846 TRIM consolidation support has been enabled by default in the UFS/FFS filesystem. TRIM consolidation can be disabled by setting the vfs.ffs.dotrimcons sysctl(8) to 0, or adding vfs.ffs.dotrimcons=0 to sysctl.conf(5).<br>
33847 NFS:<br>
33848 The NFS version 4.1 server has been updated to include pNFS server support.<br>
33849 ZFS:<br>
33850 ZFS has been updated to include new sysctl(8)s, vfs.zfs.arc_min_prefetch_ms and vfs.zfs.arc_min_prescient_prefetch_ms, which improve performance of the zpool(8) scrub subcommand.<br>
33851 The new spacemap_v2 zpool feature has been added. This provides more efficient encoding of spacemaps, especially for full vdev spacemaps.<br>
33852 The large_dnode zpool feature been imported, allowing better compatibility with pools created under ZFS-on-Linux 0.7.x<br>
33853 Many bug fixes have been applied to the device removal feature. This feature allows you to remove a non-redundant or mirror vdev from a pool by relocating its data to other vdevs.<br>
33854 Includes the fix for PR 229614 that could cause processes to hang in zil_commit()<br>
33855 Boot Loader Changes:<br>
33856 The lua loader(8) has been updated to detect a list of installed kernels to boot.<br>
33857 The loader(8) has been updated to support geli(8) for all architectures and all disk-like devices.<br>
33858 The loader(8) has been updated to add support for loading Intel® microcode updates early during the boot process.</p>
33859 <p>Networking:<br>
33860 The pf(4) packet filter is now usable within a jail(8) using vnet(9).<br>
33861 The pf(4) packet filter has been updated to use rmlock(9) instead of rwlock(9), resulting in significant performance improvements.<br>
33862 The SO_REUSEPORT_LB option has been added to the network stack, allowing multiple programs or threads to bind to the same port, and incoming connections load balanced using a hash function.</p>
33863 </blockquote>
33864
33865 <ul>
33866 <li>Again, read the release notes for a full list, check out the <a href="https://www.freebsd.org/releases/12.0R/errata.html">errata notices</a>. A big THANKS to the entire release engineering team and all developers involved in the release, much appreciated!</li>
33867 </ul>
33868
33869 <p><hr></p>
33870
33871 <p>###<a href="https://www.adminbyaccident.com/politics/abandon-linux-move-freebsd-illumos/">Abandon Linux. Move to FreeBSD or Illumos</a></p>
33872
33873 <blockquote>
33874 <p>If you use GNU/Linux and you are only on opensource, you may be doing it wrong. Here’s why.<br>
33875 Is your company based on opensource based software only? Do you have a bunch of developers hitting some kind of server you have installed for them to “do their thing”? Being it for economical reasons (remember to donate), being it for philosophycal ones, you may have skipped good alternatives. The BSD’s and Illumos.<br>
33876 I bet you are running some sort of Debian, openSuSE or CentOS. It’s very discouraging having entered into the IT field recently and discover many of the people you meet do not even recognise the name BSD. Naming Solaris seems like naming the evil itself. The problem being many do not know why. They can’t point anything specific other than it’s fading out. This has recently shown strong when Oracle officials have stated development for new features has ceased and almost 90 % of developers for Solaris have been layed off. AIX seems alien to almost everybody unless you have a white beard. And all this is silly.<br>
33877 And here’s why. You are certainly missing two important features that FreeBSD and Illumos derivatives are enjoying. A full virtualization technology, much better and fully developed compared to the LXC containers in the Linux world, such as Jails on BSD, Zones in Solaris/Illumos, and the great ZFS file system which both share.<br>
33878 You have probably heard of a new Linux filesystem named Btrfs, which by the way, development has been dropped from the Red Hat side. Trying to emulate ZFS, Oracle started developing Btrfs file system before they acquired Sun (the original developer of ZFS), and SuSE joined the effort as well as Red Hat. It is not as well developed as ZFS and it hasn’t been tested in production environments as extensively as the former has. That leaves some uncertainty on using it or not. Red Hat leaving it aside does add some more. Although some organizations have used it with various grades of success.<br>
33879 But why is this anyhow interesting for a sysadmin or any organization? Well… FreeBSD (descendant of Berkeley UNIX) and SmartOS (based on Illumos) aglutinate some features that make administration easier, safer, faster and more reliable. The dream of any systems administrator.<br>
33880 To start, the ZFS filesystem combines the typical filesystem with a volume manager. It includes protection against corruption, snapshots and copy-on-write clones, as well as volume manager.<br>
33881 Jails is another interesting piece of technology. Linux folks usually associate this as a sort of chroot. It isn’t. It is somehow inspired by it but as you may know you can escape from a chroot environment with a blink of an eye. Jails are not called jails casually. The name has a purpose. Contain processes and programs within a defined and totally controlled environment. Jails appeared first in FreeBSD in the year 2000. Solaris Zones debuted on 2005 (now called containers) are the now proprietary version of those.<br>
33882 There are some other technologies on Linux such as Btrfs or Docker. But they have some caveats. Btrfs hasn’t been fully developed yet and it’s hasn’t been proved as much in production environments as ZFS has. And some problems have arisen recently although the developers are pushing the envelope. At some time they will match ZFS capabilities for sure. Docker is growing exponentially and it’s one of the cool technologies of modern times. The caveat is, as before, the development of this technology hasn’t been fully developed. Unlike other virtualization technologies this is not a kernel playing on top of another kernel. This is virtualization at the OS level, meaning differentiated environments can coexist on a single host, “hitting” the same unique kernel which controls and shares the resources. The problem comes when you put Docker on top of any other virtualization technology such as KVM or Xen. It breaks the purpose of it and has a performance penalty.<br>
33883 I have arrived into the IT field with very little knowledge, that is true. But what I see strikes me. Working in a bank has allowed me to see a big production environment that needs the highest of the availability and reliability. This is, sometimes, achieved by bruteforce. And it’s legitime and adequate. Redundancy has a reason and a purpose for example. But some other times it looks, it feels, like killing flies with cannons. More hardware, more virtual machines, more people, more of this, more of that. They can afford it, so they try to maintain the cost low but at the end of the day there is a chunky budget to back operations.<br>
33884 But here comes reality. You’re not a bank and you need to squeeze your investment as much as possible. By using FreeBSD jails you can avoid the performance penalty of KVM or Xen virtualization. Do you use VMWare or Hyper-V? You can avoid both and gain in performance. Not only that, control and manageability are equal as before, and sometimes easier to administer. There are four ways to operate them which can be divided in two categories. Hardcore and Human Being. For the Hardcore use the FreeBSD handbook and investigate as much as you can. For the Human Being way there are three options to use. Ezjail, Iocage and CBSD which are frameworks or programs as you may call to manage jails. I personally use Iocage but I have also used Ezjail.<br>
33885 How can you use jails on your benefit? Ever tried to configure some new software and failed miserably? You can have three different jails running at the same time with different configurations. Want to try a new configuration in a production piece of hardware without applying it on the final users? You can do that with a small jail while the production environment is on in another bigger, chunkier jail.<br>
33886 Want to divide the hardware as a replica of the division of the team/s you are working with? Want to sell virtual machines with bare metal performance? Do you want to isolate some piece of critical software or even data in a more controlled environment? Do you have different clients and you want to use the same hardware but you want to avoid them seeing each other at the same time you maintain performance and reliability?<br>
33887 Are you a developer and you have to have reliable and portable snapshots of your work? Do you want to try new options-designs without breaking your previous work, in a timeless fashion? You can work on something, clone the jail and apply the new ideas on the project in a matter of seconds. You can stop there, export the filesystem snapshot containing all the environment and all your work and place it on a thumbdrive to later import it on a big production system. Want to change that image properties such as the network stack interface and ip? This is just one command away from you.<br>
33888 But what properties can you assign to a jail and how can I manage them you may be wondering. Hostname, disk quota, i/o, memory, cpu limits, network isolation, network virtualization, snapshots and the manage of those, migration and root privilege isolation to name a few. You can also clone them and import and export them between different systems. Some of these things because of ZFS. Iocage is a python program to manage jails and it takes profit from ZFS advantages.<br>
33889 But FreeBSD is not Linux you may say. No it is not. There are no run levels. The systemd factor is out of this equation. This is so since the begginning. Ever wondered where did vi come from? The TCP/IP stack? Your beloved macOS from Apple? All this is coming from the FreeBSD project. If you are used to Linux your adaptation period with any BSD will be short, very short. You will almost feel at home. Used to packaged software using yum or apt-get? No worries. With pkgng, the package management tool used in FreeBSD has almost 27.000 compiled packages for you to use. Almost all software found on any of the important GNU/Linux distros can be found here. Java, Python, C, C++, Clang, GCC, Javascript frameworks, Ruby, PHP, MySQL and the major forks, etc. All this opensource software, and much more, is available at your fingertips.<br>
33890 I am a developer and… frankly my time is money and I appreciate both much more than dealing with systems configuration, etc. You can set a VM using VMWare or VirtualBox and play with barebones FreeBSD or you can use TrueOS (a derivative) which comes in a server version and a desktop oriented one. The latter will be easier for you to play with. You may be doing this already with Linux. There is a third and very sensible option. FreeNAS, developed by iXSystems. It is FreeBSD based and offers all these technologies with a GUI. VMWare, Hyper-V? Nowadays you can get your hands off the CLI and get a decent, usable, nice GUI.<br>
33891 You say you play on the cloud. The major players already include FreeBSD in their offerings. You can find it in Amazon AWS or Azure (with official Microsoft support contracts too!). You can also find it in DigitalOcean and other hosting providers. There is no excuse. You can use it at home, at the office, with old or new hardware and in the cloud as well. You can even pay for a support contract to use it. Joyent, the developers of SmartOS have their own cloud with different locations around the globe. Have a look on them too.<br>
33892 If you want the original of ZFS and zones you may think of Solaris. But it’s fading away. But it really isn’t. When Oracle bouth Sun many people ran away in an stampide fashion. Some of the good folks working at Sun founded new projects. One of these is Illumos. Joyent is a company formed by people who developed these technologies. They are a cloud operator, have been recently bought by Samsung and have a very competent team of people providing great tech solutions. They have developed an OS, called SmartOS (based on Illumos) with all these features. The source from this goes back to the early days of UNIX. Do you remember the days of OpenSolaris when Sun opensourced the crown jewels? There you have it. A modern opensource UNIX operating system with the roots in their original place and the head planted on today’s needs.<br>
33893 In conclusion. If you are on GNU/Linux and you only use opensource software you may be doing it wrong. And missing goodies you may need and like. Once you put your hands on them, trust me, you won’t look back. And if you have some “old fashioned” admins who know Solaris, you can bring them to a new profitable and exciting life with both systems.<br>
33894 Still not convinced? Would you have ever imagined Microsoft supporting Linux? Even loving it? They do love now FreeBSD. And not only that, they provide their own image in the Azure Cloud and you can get Microsoft support, payed support if you want to use the platform on Azure. Ain’t it… surprising? Convincing at all?<br>
33895 PS: I haven’t mentioned both softwares, FreeBSD and SmartOS do have a Linux translation layer. This means you can run Linux binaries on them and the program won’t cough at all. Since the ABI stays stable the only thing you need to run a Linux binary is a translation between the different system calls and the libraries. Remember POSIX? Choose your poison and enjoy it.</p>
33896 </blockquote>
33897
33898 <p><hr></p>
33899
33900 <p>###<a href="https://bradackerman.com/posts/2018-12-05-bsd-cloudy-vpn/">A partly-cloudy IPsec VPN</a></p>
33901
33902 <ul>
33903 <li>Audience</li>
33904 </ul>
33905
33906 <blockquote>
33907 <p>I’m assuming that readers have at least a basic knowledge of TCP/IP networking and some UNIX or UNIX-like systems, but not necessarily OpenBSD or FreeBSD. This post will therefore be light on details that aren’t OS specific and are likely to be encountered in normal use (e.g., how to use vi or another text editor.) For more information on these topics, read Absolute FreeBSD (3ed.) by Michael W. Lucas.</p>
33908 </blockquote>
33909
33910 <ul>
33911 <li>Overview</li>
33912 </ul>
33913
33914 <blockquote>
33915 <p>I’m redoing my DigitalOcean virtual machines (which they call droplets). My requirements are:</p>
33916 </blockquote>
33917
33918 <ul>
33919 <li>VPN</li>
33920 <li>Road-warrior access, so I can use private network resources from anywhere.</li>
33921 <li>A site-to-site VPN, extending my home network to my VPSes.</li>
33922 <li>Hosting for public and private network services.</li>
33923 <li>A proxy service to provide a public IP address to services hosted at home.</li>
33924 </ul>
33925
33926 <blockquote>
33927 <p>The last item is on the list because I don’t actually have a public IP address at home; my firewall’s external address is in the RFC 1918 space, and the entire apartment building shares a single public IPv4 address.1 (IPv6? Don’t I wish.) The end-state network will include one OpenBSD droplet providing firewall, router, and VPN services; and one FreeBSD droplet hosting multiple jailed services.<br>
33928 I’ll be providing access via these droplets to a NextCloud instance at home. A simple NAT on the DO router droplet isn’t going to work, because packets going from home to the internet would exit through the apartment building’s connection and not through the VPN. It’s possible that I could do work around this issue with packet tagging using the pf firewall, but HAProxy is simple to configure and unlikely to result in hard-to-debug problems. relayd is also an option, but doesn’t have the TLS parsing abilities of HAProxy, which I’ll be using later on.<br>
33929 Since this system includes jails running on a VPS, and they’ve got RFC 1918 addresses, I want them reachable from my home network. Once that’s done, I can access the private address space from anywhere through a VPN connection to the cloudy router.<br>
33930 The VPN itself will be of the IPsec variety. IPsec is the traditional enterprise VPN standard, and is even used for classified applications, but has a (somewhat-deserved) reputation for complexity, but recent versions of OpenBSD turn down the difficulty by quite a bit.</p>
33931 </blockquote>
33932
33933 <ul>
33934 <li>The end-state network should look like: <a href="https://d33wubrfki0l68.cloudfront.net/0ccf46fb057e0d50923209bb2e2af0122637e72d/e714e/201812-cloudy/endstate.svg">https://d33wubrfki0l68.cloudfront.net/0ccf46fb057e0d50923209bb2e2af0122637e72d/e714e/201812-cloudy/endstate.svg</a></li>
33935 </ul>
33936
33937 <blockquote>
33938 <p>This VPN both separates internal network traffic from public traffic and uses encryption to prevent interception or tampering.<br>
33939 Once traffic has been encrypted, decrypting it without the key would, as Bruce Schneier once put it, require a computer built from something other than matter that occupies something other than space. Dyson spheres and a frakton of causality violation would possibly work, as would mathemagical technology that alters the local calendar such that P=NP.2 Black-bag jobs and/or suborning cloud provider employees doesn’t quite have that guarantee of impossibility, however. If you have serious security requirements, you’ll need to do better than a random blog entry.</p>
33940 </blockquote>
33941
33942 <p><hr></p>
33943
33944 <p>##News Roundup<br>
33945 ###<a href="https://netbsd.org/gallery/presentations/maxv/kleak.pdf">KLEAK: Practical Kernel Memory Disclosure Detection</a></p>
33946
33947 <blockquote>
33948 <p>Modern operating systems such as NetBSD, macOS, and Windows isolate their kernel from userspace programs to increase fault tolerance and to protect against malicious manipulations [10]. User space programs have to call into the kernel to request resources, via system calls or ioctls. This communication between user space and kernel space crosses a security boundary. Kernel memory disclosures - also known as kernel information leaks - denote the inadvertent copying of uninitialized bytes from kernel space to user space. Such disclosed memory may contain cryptographic keys, information about the kernel memory layout, or other forms of secret data. Even though kernel memory disclosures do not allow direct exploitation of a system, they lay the ground for it.<br>
33949 We introduce KLEAK, a simple approach to dynamically detect kernel information leaks. Simply said, KLEAK utilizes a rudimentary form of taint tracking: it taints kernel memory with marker values, lets the data travel through the kernel and scans the buffers exchanged between the kernel and the user space for these marker values. By using compiler instrumentation and rotating the markers at regular intervals, KLEAK significantly reduces the number of false positives, and is able to yield relevant results with little effort.<br>
33950 Our approach is practically feasible as we prove with an implementation for the NetBSD kernel. A small performance penalty is introduced, but the system remains usable. In addition to implementing KLEAK in the NetBSD kernel, we applied our approach to FreeBSD 11.2. In total, we detected 21 previously unknown kernel memory disclosures in NetBSD-current and FreeBSD 11.2, which were fixed subsequently. As a follow-up, the projects’ developers manually audited related kernel areas and identified dozens of other kernel memory disclosures.<br>
33951 The remainder of this paper is structured as follows. Section II discusses the bug class of kernel memory disclosures. Section III presents KLEAK to dynamically detect instances of this bug class. Section IV discusses the results of applying KLEAK to NetBSD-current and FreeBSD 11.2. Section V reviews prior research. Finally, Section VI concludes this paper.</p>
33952 </blockquote>
33953
33954 <p><hr></p>
33955
33956 <p>###<a href="https://www.dragonflybsd.org/docs/howtos/How_To_Create_Official_Synth_Repo/">How To Create Official Synth Repo</a></p>
33957
33958 <ul>
33959 <li>
33960 <p>System Environment</p>
33961 </li>
33962 <li>
33963 <p>Make sure /usr/dports is updated and that it contains no cruft (git pull; git status). Remove any cruft.</p>
33964 </li>
33965 <li>
33966 <p>Make sure your ‘synth’ is up-to-date ‘pkg upgrade synth’. If you already updated your system you may have to build synth from scratch, from /usr/dports/ports-mgmt/synth.</p>
33967 </li>
33968 <li>
33969 <p>Make sure /etc/make.conf is clean.</p>
33970 </li>
33971 <li>
33972 <p>Update /usr/src to the current master, make sure there is no cruft in it</p>
33973 </li>
33974 <li>
33975 <p>Do a full buildworld, buildkernel, installkernel and installworld</p>
33976 </li>
33977 <li>
33978 <p>Reboot</p>
33979 </li>
33980 <li>
33981 <p>After the reboot, before proceeding, run ‘uname -a’ and make sure you are now on the desired release or development kernel.</p>
33982 </li>
33983 <li>
33984 <p>Synth Environment</p>
33985 </li>
33986 <li>
33987 <p>/usr/local/etc/synth/ contains the synth configuration. It should contain a synth.ini file (you may have to rename the template), and you will have to create or edit a LiveSystem-make.conf file.</p>
33988 </li>
33989 <li>
33990 <p>System requirements are hefty. Just linking chromium alone eats at least 30GB, for example. Concurrent c++ compiles can eat up to 2GB per process. We recommend at least 100GB of SSD based swap space and 300GB of free space on the filesystem.</p>
33991 </li>
33992 <li>
33993 <p>synth.ini should contain this. Plus modify the builders and jobs to suit your system. With 128G of ram, 30/30 or 40/25 works well. If you have 32G of ram, maybe 8/8 or less.</p>
33994 </li>
33995 </ul>
33996
33997 <p><code>; Take care when hand editing!</code><br>
33998 <code></code><br>
33999 <code>[Global Configuration]</code><br>
34000 <code>profile_selected= LiveSystem</code><br>
34001 <code></code><br>
34002 <code>[LiveSystem]</code><br>
34003 <code>Operating_system= DragonFly</code><br>
34004 <code>Directory_packages= /build/synth/live_packages</code><br>
34005 <code>Directory_repository= /build/synth/live_packages/All</code><br>
34006 <code>Directory_portsdir= /build/synth/dports</code><br>
34007 <code>Directory_options= /build/synth/options</code><br>
34008 <code>Directory_distfiles= /usr/distfiles</code><br>
34009 <code>Directory_buildbase= /build/synth/build</code><br>
34010 <code>Directory_logs= /build/synth/logs</code><br>
34011 <code>Directory_ccache= disabled</code><br>
34012 <code>Directory_system= /</code><br>
34013 <code>Number_of_builders= 30</code><br>
34014 <code>Max_jobs_per_builder= 30</code><br>
34015 <code>Tmpfs_workdir= true</code><br>
34016 <code>Tmpfs_localbase= true</code><br>
34017 <code>Display_with_ncurses= true</code><br>
34018 <code>leverage_prebuilt= false</code></p>
34019
34020 <ul>
34021 <li>LiveSystem-make.conf should contain one line to restrict licensing to only what is allowed to be built as a binary package:</li>
34022 </ul>
34023
34024 <p><code>LICENSES_ACCEPTED= NONE</code></p>
34025
34026 <ul>
34027 <li>
34028 <p>Make sure there is no other cruft in /usr/local/etc/synth/</p>
34029 </li>
34030 <li>
34031 <p>In the example above, the synth working dirs are in “/build/synth”. Make sure the base directories exist. Clean out any cruft for a fresh build from-scratch:</p>
34032 </li>
34033 </ul>
34034
34035 <p><code>rm -rf /build/synth/live_packages/*</code><br>
34036 <code>rm -rf /build/synth/logs</code><br>
34037 <code>mkdir /build/synth/logs</code></p>
34038
34039 <ul>
34040 <li>Run synth everything. I recommend doing this in a ‘screen’ session in case you lose your ssh session (assuming you are ssh’d into the build machine).</li>
34041 </ul>
34042
34043 <p><code>(optionally start a screen session)</code><br>
34044 <code>synth everything</code></p>
34045
34046 <ul>
34047 <li>A full synth build takes over 24 hours to run on a 48-core box, around 12 hours to run on a 64-core box. On a 4-core/8-thread box it will take at least 3 days. There will be times when swap space is heavily used. If you have not run synth before, monitor your memory and swap loads to make sure you have configured the jobs properly. If you are overloading the system, you may have to ^C the synth run, reduce the jobs, and start it again. It will pick up where it left off.</li>
34048 <li>When synth finishes, let it rebuild the database. You then have a working binary repo.</li>
34049 <li>It is usually a good idea to run synth several times to pick up any stuff it couldn’t build the first time. Each of these incremental runs may take a few hours, depending on what it tries to build.</li>
34050 </ul>
34051
34052 <p><hr></p>
34053
34054 <p>###<a href="https://www.freebsdbytes.com/2018/11/interview-eric-turgeon-founder-maintainer-ghostbsd/">Interview with founder and maintainer of GhostBSD, Eric Turgeon</a></p>
34055
34056 <ul>
34057 <li>Thanks you Eric for taking part. To start off, could you tell us a little about yourself, just a bit of background?</li>
34058 <li>How did you become interested in open source?</li>
34059 <li>When and how did you get interested in the BSD operating systems?</li>
34060 <li>On your Twitter profile, you state that you are an automation engineer at iXsystems. Can you share what you do in your day-to-day job?</li>
34061 <li>You are the founder and project lead of GhostBSD. Could you describe GhostBSD to those who have never used it or never heard of it?</li>
34062 <li>Developing an operating system is not a small thing. What made you decide to start the GhostBSD project and not join another “desktop FreeBSD” related project, such as PC-BSD and DesktopBSD at the time?</li>
34063 <li>How did you get to the name GhostBSD? Did you consider any other names?</li>
34064 <li>You recently released GhostBSD 18.10? What’s new in that version and what are the key features? What has changed since GhostBSD 11.1?</li>
34065 <li>The current version is 18.10. Will the next version be 19.04 (like Ubuntu’s version numbering), or is a new version released after the next stable TrueOS release</li>
34066 <li>Can you tell us something about the development team? Is it yourself, or are there other core team members? I think I saw two other developers on your Github project page.</li>
34067 <li>How about the relationship with the community? Is it possible for a community member to contribute, and how are those contributions handled?</li>
34068 <li>What was the biggest challenge during development?</li>
34069 <li>If you had to pick one feature readers should check out in GhostBSD, what is it and why?</li>
34070 <li>What is the relationship between iXsystems and the GhostBSD project? Or is GhostBSD a hobby project that you run separately from your work at iXsystems?</li>
34071 <li>What is the relationship between GhostBSD and TrueOS? Is GhostBSD TrueOS with the MATE desktop on top, or are there other modifications, additions, and differences?</li>
34072 <li>Where does GhostBSD go from here? What are your plans for 2019?</li>
34073 <li>Is there anything else that wasn’t asked or that you want to share?</li>
34074 </ul>
34075
34076 <p><hr></p>
34077
34078 <p>##Beastie Bits</p>
34079
34080 <ul>
34081 <li><a href="https://twitter.com/gonzoua/status/1071252700023508993">dialog(1) script to select audio output on FreeBSD</a></li>
34082 <li><a href="http://blog.obligd.com/posts/erlang-otp-on-openbsd.html">Erlang otp on OpenBSD</a></li>
34083 <li><a href="https://oshogbo.vexillium.org/blog/57/">Capsicum</a></li>
34084 <li><a href="https://blog.grem.de/sysadmin/FreeBSD-On-rpi3-With-crochet-2018-10-27-18-00.html">https://blog.grem.de/sysadmin/FreeBSD-On-rpi3-With-crochet-2018-10-27-18-00.html</a></li>
34085 <li><a href="https://blog.netbsd.org/tnf/entry/introduction_to_%C2%B5ubsan_a_clean">Introduction to µUBSan - a clean-room reimplementation of the Undefined Behavior Sanitizer runtime</a></li>
34086 <li><a href="https://pkgsrc.org/pkgsrcCon/2018/talks.html">pkgsrcCon 2018 in Berlin - Videos</a></li>
34087 <li><a href="https://freebsddesktop.github.io/2018/12/08/drm-kmod-primer.html">Getting started with drm-kmod</a></li>
34088 </ul>
34089
34090 <p><hr></p>
34091
34092 <p>##Feedback/Questions</p>
34093
34094 <ul>
34095 <li>Malcolm - <a href="http://dpaste.com/28PYSGK">Show segment idea</a></li>
34096 <li>Fraser - <a href="http://dpaste.com/38W3PRB">Question: FreeBSD official binary package options</a></li>
34097 <li>Harri - <a href="http://dpaste.com/3SENZ7H#wrap">BSD Magazine</a></li>
34098 </ul>
34099
34100 <p><hr></p>
34101
34102 <ul>
34103 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
34104 </ul>
34105
34106 <p><hr></p>]]>
34107 </content:encoded>
34108 <itunes:summary>
34109 <![CDATA[<p>FreeBSD 12.0 is finally here, partly-cloudy IPsec VPN, KLEAK with NetBSD, How to create synth repos, GhostBSD author interview, and more.</p>
34110
34111 <p>##Headlines<br>
34112 ###<a href="https://www.freebsd.org/releases/12.0R/relnotes.html">FreeBSD 12.0 is available</a></p>
34113
34114 <ul>
34115 <li>After a long release cycle, the wait is over: FreeBSD 12.0 is now officially available.</li>
34116 <li>We’ve picked a few interesting things to cover in the show, make sure to read the full <a href="https://www.freebsd.org/releases/12.0R/relnotes.html">Release Notes</a></li>
34117 </ul>
34118
34119 <blockquote>
34120 <p>Userland:<br>
34121 Group permissions on /dev/acpi have been changed to allow users in the operator GID to invoke acpiconf(8) to suspend the system.<br>
34122 The default devfs.rules(5) configuration has been updated to allow mount_fusefs(8) with jail(8).<br>
34123 The default PAGER now defaults to less(1) for most commands.<br>
34124 The newsyslog(8) utility has been updated to reject configuration entries that specify setuid(2) or executable log files.<br>
34125 The WITH_REPRODUCIBLE_BUILD src.conf(5) knob has been enabled by default.<br>
34126 A new src.conf(5) knob, WITH_RETPOLINE, has been added to enable the retpoline mitigation for userland builds.<br>
34127 Userland applications:<br>
34128 The dtrace(1) utility has been updated to support if and else statements.<br>
34129 The legacy gdb(1) utility included in the base system is now installed to /usr/libexec for use with crashinfo(8). The gdbserver and gdbtui utilities are no longer installed. For interactive debugging, lldb(1) or a modern version of gdb(1) from devel/gdb should be used. A new src.conf(5) knob, WITHOUT_GDB_LIBEXEC has been added to disable building gdb(1). The gdb(1) utility is still installed in /usr/bin on sparc64.<br>
34130 The setfacl(1) utility has been updated to include a new flag, -R, used to operate recursively on directories.<br>
34131 The geli(8) utility has been updated to provide support for initializing multiple providers at once when they use the same passphrase and/or key.<br>
34132 The dd(1) utility has been updated to add the status=progress option, which prints the status of its operation on a single line once per second, similar to GNU dd(1).<br>
34133 The date(1) utility has been updated to include a new flag, -I, which prints its output in ISO 8601 formatting.<br>
34134 The bectl(8) utility has been added, providing an administrative interface for managing ZFS boot environments, similar to sysutils/beadm.<br>
34135 The bhyve(8) utility has been updated to add a new subcommand to the -l and -s flags, help, which when used, prints a list of supported LPC and PCI devices, respectively.<br>
34136 The tftp(1) utility has been updated to change the default transfer mode from ASCII to binary.<br>
34137 The chown(8) utility has been updated to prevent overflow of UID or GID arguments where the argument exceeded UID_MAX or GID_MAX, respectively.<br>
34138 Kernel:<br>
34139 The ACPI subsystem has been updated to implement Device object types for ACPI 6.0 support, required for some Dell, Inc. Poweredge™ AMD® Epyc™ systems.<br>
34140 The amdsmn(4) and amdtemp(4) drivers have been updated to attach to AMD® Ryzen 2™ host bridges.<br>
34141 The amdtemp(4) driver has been updated to fix temperature reporting for AMD® 2990WX CPUs.<br>
34142 Kernel Configuration:<br>
34143 The VIMAGE kernel configuration option has been enabled by default.<br>
34144 The dumpon(8) utility has been updated to add support for compressed kernel crash dumps when the kernel configuration file includes the GZIO option. See rc.conf(5) and dumpon(8) for additional information.<br>
34145 The NUMA option has been enabled by default in the amd64 GENERIC and MINIMAL kernel configurations.<br>
34146 Device Drivers:<br>
34147 The random(4) driver has been updated to remove the Yarrow algorithm. The Fortuna algorithm remains the default, and now only, available algorithm.<br>
34148 The vt(4) driver has been updated with performance improvements, drawing text at rates ranging from 2- to 6-times faster.<br>
34149 Deprecated Drivers:<br>
34150 The lmc(4) driver has been removed.<br>
34151 The ixgb(4) driver has been removed.<br>
34152 The nxge(4) driver has been removed.<br>
34153 The vxge(4) driver has been removed.<br>
34154 The jedec_ts(4) driver has been removed in 12.0-RELEASE, and its functionality replaced by jedec_dimm(4).<br>
34155 The DRM driver for modern graphics chipsets has been marked deprecated and marked for removal in FreeBSD 13. The DRM kernel modules are available from graphics/drm-stable-kmod or graphics/drm-legacy-kmod in the Ports Collection as well as via pkg(8). Additionally, the kernel modules have been added to the lua loader.conf(5) module_blacklist, as installation from the Ports Collection or pkg(8) is strongly recommended.<br>
34156 The following drivers have been deprecated in FreeBSD 12.0, and not present in FreeBSD 13.0: ae(4), de(4), ed(4), ep(4), ex(4), fe(4), pcn(4), sf(4), sn(4), tl(4), tx(4), txp(4), vx(4), wb(4), xe(4)<br>
34157 Storage:<br>
34158 The UFS/FFS filesystem has been updated to support check hashes to cylinder-group maps. Support for check hashes is available only for UFS2.<br>
34159 The UFS/FFS filesystem has been updated to consolidate TRIM/BIO_DELETE commands, reducing read/write requests due to fewer TRIM messages being sent simultaneously.<br>
34160 TRIM consolidation support has been enabled by default in the UFS/FFS filesystem. TRIM consolidation can be disabled by setting the vfs.ffs.dotrimcons sysctl(8) to 0, or adding vfs.ffs.dotrimcons=0 to sysctl.conf(5).<br>
34161 NFS:<br>
34162 The NFS version 4.1 server has been updated to include pNFS server support.<br>
34163 ZFS:<br>
34164 ZFS has been updated to include new sysctl(8)s, vfs.zfs.arc_min_prefetch_ms and vfs.zfs.arc_min_prescient_prefetch_ms, which improve performance of the zpool(8) scrub subcommand.<br>
34165 The new spacemap_v2 zpool feature has been added. This provides more efficient encoding of spacemaps, especially for full vdev spacemaps.<br>
34166 The large_dnode zpool feature been imported, allowing better compatibility with pools created under ZFS-on-Linux 0.7.x<br>
34167 Many bug fixes have been applied to the device removal feature. This feature allows you to remove a non-redundant or mirror vdev from a pool by relocating its data to other vdevs.<br>
34168 Includes the fix for PR 229614 that could cause processes to hang in zil_commit()<br>
34169 Boot Loader Changes:<br>
34170 The lua loader(8) has been updated to detect a list of installed kernels to boot.<br>
34171 The loader(8) has been updated to support geli(8) for all architectures and all disk-like devices.<br>
34172 The loader(8) has been updated to add support for loading Intel® microcode updates early during the boot process.</p>
34173 <p>Networking:<br>
34174 The pf(4) packet filter is now usable within a jail(8) using vnet(9).<br>
34175 The pf(4) packet filter has been updated to use rmlock(9) instead of rwlock(9), resulting in significant performance improvements.<br>
34176 The SO_REUSEPORT_LB option has been added to the network stack, allowing multiple programs or threads to bind to the same port, and incoming connections load balanced using a hash function.</p>
34177 </blockquote>
34178
34179 <ul>
34180 <li>Again, read the release notes for a full list, check out the <a href="https://www.freebsd.org/releases/12.0R/errata.html">errata notices</a>. A big THANKS to the entire release engineering team and all developers involved in the release, much appreciated!</li>
34181 </ul>
34182
34183 <p><hr></p>
34184
34185 <p>###<a href="https://www.adminbyaccident.com/politics/abandon-linux-move-freebsd-illumos/">Abandon Linux. Move to FreeBSD or Illumos</a></p>
34186
34187 <blockquote>
34188 <p>If you use GNU/Linux and you are only on opensource, you may be doing it wrong. Here’s why.<br>
34189 Is your company based on opensource based software only? Do you have a bunch of developers hitting some kind of server you have installed for them to “do their thing”? Being it for economical reasons (remember to donate), being it for philosophycal ones, you may have skipped good alternatives. The BSD’s and Illumos.<br>
34190 I bet you are running some sort of Debian, openSuSE or CentOS. It’s very discouraging having entered into the IT field recently and discover many of the people you meet do not even recognise the name BSD. Naming Solaris seems like naming the evil itself. The problem being many do not know why. They can’t point anything specific other than it’s fading out. This has recently shown strong when Oracle officials have stated development for new features has ceased and almost 90 % of developers for Solaris have been layed off. AIX seems alien to almost everybody unless you have a white beard. And all this is silly.<br>
34191 And here’s why. You are certainly missing two important features that FreeBSD and Illumos derivatives are enjoying. A full virtualization technology, much better and fully developed compared to the LXC containers in the Linux world, such as Jails on BSD, Zones in Solaris/Illumos, and the great ZFS file system which both share.<br>
34192 You have probably heard of a new Linux filesystem named Btrfs, which by the way, development has been dropped from the Red Hat side. Trying to emulate ZFS, Oracle started developing Btrfs file system before they acquired Sun (the original developer of ZFS), and SuSE joined the effort as well as Red Hat. It is not as well developed as ZFS and it hasn’t been tested in production environments as extensively as the former has. That leaves some uncertainty on using it or not. Red Hat leaving it aside does add some more. Although some organizations have used it with various grades of success.<br>
34193 But why is this anyhow interesting for a sysadmin or any organization? Well… FreeBSD (descendant of Berkeley UNIX) and SmartOS (based on Illumos) aglutinate some features that make administration easier, safer, faster and more reliable. The dream of any systems administrator.<br>
34194 To start, the ZFS filesystem combines the typical filesystem with a volume manager. It includes protection against corruption, snapshots and copy-on-write clones, as well as volume manager.<br>
34195 Jails is another interesting piece of technology. Linux folks usually associate this as a sort of chroot. It isn’t. It is somehow inspired by it but as you may know you can escape from a chroot environment with a blink of an eye. Jails are not called jails casually. The name has a purpose. Contain processes and programs within a defined and totally controlled environment. Jails appeared first in FreeBSD in the year 2000. Solaris Zones debuted on 2005 (now called containers) are the now proprietary version of those.<br>
34196 There are some other technologies on Linux such as Btrfs or Docker. But they have some caveats. Btrfs hasn’t been fully developed yet and it’s hasn’t been proved as much in production environments as ZFS has. And some problems have arisen recently although the developers are pushing the envelope. At some time they will match ZFS capabilities for sure. Docker is growing exponentially and it’s one of the cool technologies of modern times. The caveat is, as before, the development of this technology hasn’t been fully developed. Unlike other virtualization technologies this is not a kernel playing on top of another kernel. This is virtualization at the OS level, meaning differentiated environments can coexist on a single host, “hitting” the same unique kernel which controls and shares the resources. The problem comes when you put Docker on top of any other virtualization technology such as KVM or Xen. It breaks the purpose of it and has a performance penalty.<br>
34197 I have arrived into the IT field with very little knowledge, that is true. But what I see strikes me. Working in a bank has allowed me to see a big production environment that needs the highest of the availability and reliability. This is, sometimes, achieved by bruteforce. And it’s legitime and adequate. Redundancy has a reason and a purpose for example. But some other times it looks, it feels, like killing flies with cannons. More hardware, more virtual machines, more people, more of this, more of that. They can afford it, so they try to maintain the cost low but at the end of the day there is a chunky budget to back operations.<br>
34198 But here comes reality. You’re not a bank and you need to squeeze your investment as much as possible. By using FreeBSD jails you can avoid the performance penalty of KVM or Xen virtualization. Do you use VMWare or Hyper-V? You can avoid both and gain in performance. Not only that, control and manageability are equal as before, and sometimes easier to administer. There are four ways to operate them which can be divided in two categories. Hardcore and Human Being. For the Hardcore use the FreeBSD handbook and investigate as much as you can. For the Human Being way there are three options to use. Ezjail, Iocage and CBSD which are frameworks or programs as you may call to manage jails. I personally use Iocage but I have also used Ezjail.<br>
34199 How can you use jails on your benefit? Ever tried to configure some new software and failed miserably? You can have three different jails running at the same time with different configurations. Want to try a new configuration in a production piece of hardware without applying it on the final users? You can do that with a small jail while the production environment is on in another bigger, chunkier jail.<br>
34200 Want to divide the hardware as a replica of the division of the team/s you are working with? Want to sell virtual machines with bare metal performance? Do you want to isolate some piece of critical software or even data in a more controlled environment? Do you have different clients and you want to use the same hardware but you want to avoid them seeing each other at the same time you maintain performance and reliability?<br>
34201 Are you a developer and you have to have reliable and portable snapshots of your work? Do you want to try new options-designs without breaking your previous work, in a timeless fashion? You can work on something, clone the jail and apply the new ideas on the project in a matter of seconds. You can stop there, export the filesystem snapshot containing all the environment and all your work and place it on a thumbdrive to later import it on a big production system. Want to change that image properties such as the network stack interface and ip? This is just one command away from you.<br>
34202 But what properties can you assign to a jail and how can I manage them you may be wondering. Hostname, disk quota, i/o, memory, cpu limits, network isolation, network virtualization, snapshots and the manage of those, migration and root privilege isolation to name a few. You can also clone them and import and export them between different systems. Some of these things because of ZFS. Iocage is a python program to manage jails and it takes profit from ZFS advantages.<br>
34203 But FreeBSD is not Linux you may say. No it is not. There are no run levels. The systemd factor is out of this equation. This is so since the begginning. Ever wondered where did vi come from? The TCP/IP stack? Your beloved macOS from Apple? All this is coming from the FreeBSD project. If you are used to Linux your adaptation period with any BSD will be short, very short. You will almost feel at home. Used to packaged software using yum or apt-get? No worries. With pkgng, the package management tool used in FreeBSD has almost 27.000 compiled packages for you to use. Almost all software found on any of the important GNU/Linux distros can be found here. Java, Python, C, C++, Clang, GCC, Javascript frameworks, Ruby, PHP, MySQL and the major forks, etc. All this opensource software, and much more, is available at your fingertips.<br>
34204 I am a developer and… frankly my time is money and I appreciate both much more than dealing with systems configuration, etc. You can set a VM using VMWare or VirtualBox and play with barebones FreeBSD or you can use TrueOS (a derivative) which comes in a server version and a desktop oriented one. The latter will be easier for you to play with. You may be doing this already with Linux. There is a third and very sensible option. FreeNAS, developed by iXSystems. It is FreeBSD based and offers all these technologies with a GUI. VMWare, Hyper-V? Nowadays you can get your hands off the CLI and get a decent, usable, nice GUI.<br>
34205 You say you play on the cloud. The major players already include FreeBSD in their offerings. You can find it in Amazon AWS or Azure (with official Microsoft support contracts too!). You can also find it in DigitalOcean and other hosting providers. There is no excuse. You can use it at home, at the office, with old or new hardware and in the cloud as well. You can even pay for a support contract to use it. Joyent, the developers of SmartOS have their own cloud with different locations around the globe. Have a look on them too.<br>
34206 If you want the original of ZFS and zones you may think of Solaris. But it’s fading away. But it really isn’t. When Oracle bouth Sun many people ran away in an stampide fashion. Some of the good folks working at Sun founded new projects. One of these is Illumos. Joyent is a company formed by people who developed these technologies. They are a cloud operator, have been recently bought by Samsung and have a very competent team of people providing great tech solutions. They have developed an OS, called SmartOS (based on Illumos) with all these features. The source from this goes back to the early days of UNIX. Do you remember the days of OpenSolaris when Sun opensourced the crown jewels? There you have it. A modern opensource UNIX operating system with the roots in their original place and the head planted on today’s needs.<br>
34207 In conclusion. If you are on GNU/Linux and you only use opensource software you may be doing it wrong. And missing goodies you may need and like. Once you put your hands on them, trust me, you won’t look back. And if you have some “old fashioned” admins who know Solaris, you can bring them to a new profitable and exciting life with both systems.<br>
34208 Still not convinced? Would you have ever imagined Microsoft supporting Linux? Even loving it? They do love now FreeBSD. And not only that, they provide their own image in the Azure Cloud and you can get Microsoft support, payed support if you want to use the platform on Azure. Ain’t it… surprising? Convincing at all?<br>
34209 PS: I haven’t mentioned both softwares, FreeBSD and SmartOS do have a Linux translation layer. This means you can run Linux binaries on them and the program won’t cough at all. Since the ABI stays stable the only thing you need to run a Linux binary is a translation between the different system calls and the libraries. Remember POSIX? Choose your poison and enjoy it.</p>
34210 </blockquote>
34211
34212 <p><hr></p>
34213
34214 <p>###<a href="https://bradackerman.com/posts/2018-12-05-bsd-cloudy-vpn/">A partly-cloudy IPsec VPN</a></p>
34215
34216 <ul>
34217 <li>Audience</li>
34218 </ul>
34219
34220 <blockquote>
34221 <p>I’m assuming that readers have at least a basic knowledge of TCP/IP networking and some UNIX or UNIX-like systems, but not necessarily OpenBSD or FreeBSD. This post will therefore be light on details that aren’t OS specific and are likely to be encountered in normal use (e.g., how to use vi or another text editor.) For more information on these topics, read Absolute FreeBSD (3ed.) by Michael W. Lucas.</p>
34222 </blockquote>
34223
34224 <ul>
34225 <li>Overview</li>
34226 </ul>
34227
34228 <blockquote>
34229 <p>I’m redoing my DigitalOcean virtual machines (which they call droplets). My requirements are:</p>
34230 </blockquote>
34231
34232 <ul>
34233 <li>VPN</li>
34234 <li>Road-warrior access, so I can use private network resources from anywhere.</li>
34235 <li>A site-to-site VPN, extending my home network to my VPSes.</li>
34236 <li>Hosting for public and private network services.</li>
34237 <li>A proxy service to provide a public IP address to services hosted at home.</li>
34238 </ul>
34239
34240 <blockquote>
34241 <p>The last item is on the list because I don’t actually have a public IP address at home; my firewall’s external address is in the RFC 1918 space, and the entire apartment building shares a single public IPv4 address.1 (IPv6? Don’t I wish.) The end-state network will include one OpenBSD droplet providing firewall, router, and VPN services; and one FreeBSD droplet hosting multiple jailed services.<br>
34242 I’ll be providing access via these droplets to a NextCloud instance at home. A simple NAT on the DO router droplet isn’t going to work, because packets going from home to the internet would exit through the apartment building’s connection and not through the VPN. It’s possible that I could do work around this issue with packet tagging using the pf firewall, but HAProxy is simple to configure and unlikely to result in hard-to-debug problems. relayd is also an option, but doesn’t have the TLS parsing abilities of HAProxy, which I’ll be using later on.<br>
34243 Since this system includes jails running on a VPS, and they’ve got RFC 1918 addresses, I want them reachable from my home network. Once that’s done, I can access the private address space from anywhere through a VPN connection to the cloudy router.<br>
34244 The VPN itself will be of the IPsec variety. IPsec is the traditional enterprise VPN standard, and is even used for classified applications, but has a (somewhat-deserved) reputation for complexity, but recent versions of OpenBSD turn down the difficulty by quite a bit.</p>
34245 </blockquote>
34246
34247 <ul>
34248 <li>The end-state network should look like: <a href="https://d33wubrfki0l68.cloudfront.net/0ccf46fb057e0d50923209bb2e2af0122637e72d/e714e/201812-cloudy/endstate.svg">https://d33wubrfki0l68.cloudfront.net/0ccf46fb057e0d50923209bb2e2af0122637e72d/e714e/201812-cloudy/endstate.svg</a></li>
34249 </ul>
34250
34251 <blockquote>
34252 <p>This VPN both separates internal network traffic from public traffic and uses encryption to prevent interception or tampering.<br>
34253 Once traffic has been encrypted, decrypting it without the key would, as Bruce Schneier once put it, require a computer built from something other than matter that occupies something other than space. Dyson spheres and a frakton of causality violation would possibly work, as would mathemagical technology that alters the local calendar such that P=NP.2 Black-bag jobs and/or suborning cloud provider employees doesn’t quite have that guarantee of impossibility, however. If you have serious security requirements, you’ll need to do better than a random blog entry.</p>
34254 </blockquote>
34255
34256 <p><hr></p>
34257
34258 <p>##News Roundup<br>
34259 ###<a href="https://netbsd.org/gallery/presentations/maxv/kleak.pdf">KLEAK: Practical Kernel Memory Disclosure Detection</a></p>
34260
34261 <blockquote>
34262 <p>Modern operating systems such as NetBSD, macOS, and Windows isolate their kernel from userspace programs to increase fault tolerance and to protect against malicious manipulations [10]. User space programs have to call into the kernel to request resources, via system calls or ioctls. This communication between user space and kernel space crosses a security boundary. Kernel memory disclosures - also known as kernel information leaks - denote the inadvertent copying of uninitialized bytes from kernel space to user space. Such disclosed memory may contain cryptographic keys, information about the kernel memory layout, or other forms of secret data. Even though kernel memory disclosures do not allow direct exploitation of a system, they lay the ground for it.<br>
34263 We introduce KLEAK, a simple approach to dynamically detect kernel information leaks. Simply said, KLEAK utilizes a rudimentary form of taint tracking: it taints kernel memory with marker values, lets the data travel through the kernel and scans the buffers exchanged between the kernel and the user space for these marker values. By using compiler instrumentation and rotating the markers at regular intervals, KLEAK significantly reduces the number of false positives, and is able to yield relevant results with little effort.<br>
34264 Our approach is practically feasible as we prove with an implementation for the NetBSD kernel. A small performance penalty is introduced, but the system remains usable. In addition to implementing KLEAK in the NetBSD kernel, we applied our approach to FreeBSD 11.2. In total, we detected 21 previously unknown kernel memory disclosures in NetBSD-current and FreeBSD 11.2, which were fixed subsequently. As a follow-up, the projects’ developers manually audited related kernel areas and identified dozens of other kernel memory disclosures.<br>
34265 The remainder of this paper is structured as follows. Section II discusses the bug class of kernel memory disclosures. Section III presents KLEAK to dynamically detect instances of this bug class. Section IV discusses the results of applying KLEAK to NetBSD-current and FreeBSD 11.2. Section V reviews prior research. Finally, Section VI concludes this paper.</p>
34266 </blockquote>
34267
34268 <p><hr></p>
34269
34270 <p>###<a href="https://www.dragonflybsd.org/docs/howtos/How_To_Create_Official_Synth_Repo/">How To Create Official Synth Repo</a></p>
34271
34272 <ul>
34273 <li>
34274 <p>System Environment</p>
34275 </li>
34276 <li>
34277 <p>Make sure /usr/dports is updated and that it contains no cruft (git pull; git status). Remove any cruft.</p>
34278 </li>
34279 <li>
34280 <p>Make sure your ‘synth’ is up-to-date ‘pkg upgrade synth’. If you already updated your system you may have to build synth from scratch, from /usr/dports/ports-mgmt/synth.</p>
34281 </li>
34282 <li>
34283 <p>Make sure /etc/make.conf is clean.</p>
34284 </li>
34285 <li>
34286 <p>Update /usr/src to the current master, make sure there is no cruft in it</p>
34287 </li>
34288 <li>
34289 <p>Do a full buildworld, buildkernel, installkernel and installworld</p>
34290 </li>
34291 <li>
34292 <p>Reboot</p>
34293 </li>
34294 <li>
34295 <p>After the reboot, before proceeding, run ‘uname -a’ and make sure you are now on the desired release or development kernel.</p>
34296 </li>
34297 <li>
34298 <p>Synth Environment</p>
34299 </li>
34300 <li>
34301 <p>/usr/local/etc/synth/ contains the synth configuration. It should contain a synth.ini file (you may have to rename the template), and you will have to create or edit a LiveSystem-make.conf file.</p>
34302 </li>
34303 <li>
34304 <p>System requirements are hefty. Just linking chromium alone eats at least 30GB, for example. Concurrent c++ compiles can eat up to 2GB per process. We recommend at least 100GB of SSD based swap space and 300GB of free space on the filesystem.</p>
34305 </li>
34306 <li>
34307 <p>synth.ini should contain this. Plus modify the builders and jobs to suit your system. With 128G of ram, 30/30 or 40/25 works well. If you have 32G of ram, maybe 8/8 or less.</p>
34308 </li>
34309 </ul>
34310
34311 <p><code>; Take care when hand editing!</code><br>
34312 <code></code><br>
34313 <code>[Global Configuration]</code><br>
34314 <code>profile_selected= LiveSystem</code><br>
34315 <code></code><br>
34316 <code>[LiveSystem]</code><br>
34317 <code>Operating_system= DragonFly</code><br>
34318 <code>Directory_packages= /build/synth/live_packages</code><br>
34319 <code>Directory_repository= /build/synth/live_packages/All</code><br>
34320 <code>Directory_portsdir= /build/synth/dports</code><br>
34321 <code>Directory_options= /build/synth/options</code><br>
34322 <code>Directory_distfiles= /usr/distfiles</code><br>
34323 <code>Directory_buildbase= /build/synth/build</code><br>
34324 <code>Directory_logs= /build/synth/logs</code><br>
34325 <code>Directory_ccache= disabled</code><br>
34326 <code>Directory_system= /</code><br>
34327 <code>Number_of_builders= 30</code><br>
34328 <code>Max_jobs_per_builder= 30</code><br>
34329 <code>Tmpfs_workdir= true</code><br>
34330 <code>Tmpfs_localbase= true</code><br>
34331 <code>Display_with_ncurses= true</code><br>
34332 <code>leverage_prebuilt= false</code></p>
34333
34334 <ul>
34335 <li>LiveSystem-make.conf should contain one line to restrict licensing to only what is allowed to be built as a binary package:</li>
34336 </ul>
34337
34338 <p><code>LICENSES_ACCEPTED= NONE</code></p>
34339
34340 <ul>
34341 <li>
34342 <p>Make sure there is no other cruft in /usr/local/etc/synth/</p>
34343 </li>
34344 <li>
34345 <p>In the example above, the synth working dirs are in “/build/synth”. Make sure the base directories exist. Clean out any cruft for a fresh build from-scratch:</p>
34346 </li>
34347 </ul>
34348
34349 <p><code>rm -rf /build/synth/live_packages/*</code><br>
34350 <code>rm -rf /build/synth/logs</code><br>
34351 <code>mkdir /build/synth/logs</code></p>
34352
34353 <ul>
34354 <li>Run synth everything. I recommend doing this in a ‘screen’ session in case you lose your ssh session (assuming you are ssh’d into the build machine).</li>
34355 </ul>
34356
34357 <p><code>(optionally start a screen session)</code><br>
34358 <code>synth everything</code></p>
34359
34360 <ul>
34361 <li>A full synth build takes over 24 hours to run on a 48-core box, around 12 hours to run on a 64-core box. On a 4-core/8-thread box it will take at least 3 days. There will be times when swap space is heavily used. If you have not run synth before, monitor your memory and swap loads to make sure you have configured the jobs properly. If you are overloading the system, you may have to ^C the synth run, reduce the jobs, and start it again. It will pick up where it left off.</li>
34362 <li>When synth finishes, let it rebuild the database. You then have a working binary repo.</li>
34363 <li>It is usually a good idea to run synth several times to pick up any stuff it couldn’t build the first time. Each of these incremental runs may take a few hours, depending on what it tries to build.</li>
34364 </ul>
34365
34366 <p><hr></p>
34367
34368 <p>###<a href="https://www.freebsdbytes.com/2018/11/interview-eric-turgeon-founder-maintainer-ghostbsd/">Interview with founder and maintainer of GhostBSD, Eric Turgeon</a></p>
34369
34370 <ul>
34371 <li>Thanks you Eric for taking part. To start off, could you tell us a little about yourself, just a bit of background?</li>
34372 <li>How did you become interested in open source?</li>
34373 <li>When and how did you get interested in the BSD operating systems?</li>
34374 <li>On your Twitter profile, you state that you are an automation engineer at iXsystems. Can you share what you do in your day-to-day job?</li>
34375 <li>You are the founder and project lead of GhostBSD. Could you describe GhostBSD to those who have never used it or never heard of it?</li>
34376 <li>Developing an operating system is not a small thing. What made you decide to start the GhostBSD project and not join another “desktop FreeBSD” related project, such as PC-BSD and DesktopBSD at the time?</li>
34377 <li>How did you get to the name GhostBSD? Did you consider any other names?</li>
34378 <li>You recently released GhostBSD 18.10? What’s new in that version and what are the key features? What has changed since GhostBSD 11.1?</li>
34379 <li>The current version is 18.10. Will the next version be 19.04 (like Ubuntu’s version numbering), or is a new version released after the next stable TrueOS release</li>
34380 <li>Can you tell us something about the development team? Is it yourself, or are there other core team members? I think I saw two other developers on your Github project page.</li>
34381 <li>How about the relationship with the community? Is it possible for a community member to contribute, and how are those contributions handled?</li>
34382 <li>What was the biggest challenge during development?</li>
34383 <li>If you had to pick one feature readers should check out in GhostBSD, what is it and why?</li>
34384 <li>What is the relationship between iXsystems and the GhostBSD project? Or is GhostBSD a hobby project that you run separately from your work at iXsystems?</li>
34385 <li>What is the relationship between GhostBSD and TrueOS? Is GhostBSD TrueOS with the MATE desktop on top, or are there other modifications, additions, and differences?</li>
34386 <li>Where does GhostBSD go from here? What are your plans for 2019?</li>
34387 <li>Is there anything else that wasn’t asked or that you want to share?</li>
34388 </ul>
34389
34390 <p><hr></p>
34391
34392 <p>##Beastie Bits</p>
34393
34394 <ul>
34395 <li><a href="https://twitter.com/gonzoua/status/1071252700023508993">dialog(1) script to select audio output on FreeBSD</a></li>
34396 <li><a href="http://blog.obligd.com/posts/erlang-otp-on-openbsd.html">Erlang otp on OpenBSD</a></li>
34397 <li><a href="https://oshogbo.vexillium.org/blog/57/">Capsicum</a></li>
34398 <li><a href="https://blog.grem.de/sysadmin/FreeBSD-On-rpi3-With-crochet-2018-10-27-18-00.html">https://blog.grem.de/sysadmin/FreeBSD-On-rpi3-With-crochet-2018-10-27-18-00.html</a></li>
34399 <li><a href="https://blog.netbsd.org/tnf/entry/introduction_to_%C2%B5ubsan_a_clean">Introduction to µUBSan - a clean-room reimplementation of the Undefined Behavior Sanitizer runtime</a></li>
34400 <li><a href="https://pkgsrc.org/pkgsrcCon/2018/talks.html">pkgsrcCon 2018 in Berlin - Videos</a></li>
34401 <li><a href="https://freebsddesktop.github.io/2018/12/08/drm-kmod-primer.html">Getting started with drm-kmod</a></li>
34402 </ul>
34403
34404 <p><hr></p>
34405
34406 <p>##Feedback/Questions</p>
34407
34408 <ul>
34409 <li>Malcolm - <a href="http://dpaste.com/28PYSGK">Show segment idea</a></li>
34410 <li>Fraser - <a href="http://dpaste.com/38W3PRB">Question: FreeBSD official binary package options</a></li>
34411 <li>Harri - <a href="http://dpaste.com/3SENZ7H#wrap">BSD Magazine</a></li>
34412 </ul>
34413
34414 <p><hr></p>
34415
34416 <ul>
34417 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
34418 </ul>
34419
34420 <p><hr></p>]]>
34421 </itunes:summary>
34422 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+N-pZoQL5</fireside:playerURL>
34423 <fireside:playerEmbedCode>
34424 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+N-pZoQL5" width="740" height="200" frameborder="0" scrolling="no">]]>
34425 </fireside:playerEmbedCode>
34426 </item>
34427 <item>
34428 <title>Episode 275: OpenBSD in Stereo | BSD Now 275</title>
34429 <link>https://www.bsdnow.tv/275</link>
34430 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-2997</guid>
34431 <pubDate>Sun, 09 Dec 2018 01:00:00 -0800</pubDate>
34432 <author>Allan Jude</author>
34433 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/233f4bf5-4bc3-453e-9e99-c78b18a453e0.mp3" length="51110355" type="audio/mp3"/>
34434 <itunes:episodeType>full</itunes:episodeType>
34435 <itunes:author>Allan Jude</itunes:author>
34436 <itunes:subtitle>DragonflyBSD 5.4 has been released, down the Gopher hole with OpenBSD, OpenBSD in stereo with VFIO, BSD/OS the best candidate for legally tested open source Unix, OpenBGPD adds diversity to the routing server landscape, and more.</itunes:subtitle>
34437 <itunes:duration>1:24:52</itunes:duration>
34438 <itunes:explicit>no</itunes:explicit>
34439 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
34440 <description>DragonflyBSD 5.4 has been released, down the Gopher hole with OpenBSD, OpenBSD in stereo with VFIO, BSD/OS the best candidate for legally tested open source Unix, OpenBGPD adds diversity to the routing server landscape, and more.
34441 Headlines
34442 <a href="https://www.dragonflybsd.org/release54/">DragonflyBSD 5.4 released</a>
34443 <blockquote>DragonFly version 5.4 brings a new system compiler in GCC 8, improved NUMA support, a large of number network and virtual machine driver updates, and updates to video support. This release is 64-bit only, as with previous releases.
34444 The details of all commits between the 5.2 and 5.4 branches are available in the associated commit messages for 5.4.0rc and 5.4.0.</blockquote>
34445 <ul>
34446 <li>Big-ticket items</li>
34447 <li>Much better support for asymmetric NUMA (Non-Uniform Memory Access) configurations. In particular, both the memory subsystem and the scheduler now understand the Threadripper 2990WX’s architecture. The scheduler will prioritize CPU nodes with direct-attached memory and the memory subsystem will normalize memory queues for CPU nodes without direct-attached memory (which improves cache locality on those CPUs).</li>
34448 <li>Incremental performance work. DragonFly as a whole is very SMP friendly. The type of performance work we are doing now mostly revolves around improving fairness for shared-vs-exclusive lock clashes, reducing cache ping-ponging due to non-contending SMP locks (i.e. massive use of shared locks on shared resources), and so forth.</li>
34449 <li>Major updates to dports brings us to within a week or two of FreeBSD’s ports as of this writing, in particular major updates to chromium, and making the whole mess work with gcc-8.</li>
34450 <li>Major rewriting of the tty clist code and the tty locking code, significantly improving concurrency across multiple ttys and ptys.</li>
34451 <li>GCC 8</li>
34452 <li>DragonFly now ships with GCC 8.0, and runs as the default compiler. It is also now used for building dports.</li>
34453 <li>GCC 4.7.4 and GCC 5.4.1 are still installed. 4.7.4 is our backup compiler, and 5.4.1 is still there to ensure a smooth transition, but should generally not be used. buildworld builds all three by default to ensure maximum compatibility.</li>
34454 <li>Many passes through world sources were made to address various warnings and errors the new GCC brought with it.</li>
34455 <li>HAMMER2</li>
34456 <li>HAMMER2 is recommended as the default root filesystem in non-clustered mode.</li>
34457 <li>Clustered support is not yet available.</li>
34458 <li>Increased bulkfree cache to reduce the number of iterations required.</li>
34459 <li>Fixed numerous bugs.</li>
34460 <li>Improved support on low-memory machines.</li>
34461 <li>Significant pre-work on the XOP API to help support future networked operations.</li>
34462 <li>Details</li>
34463 <li>Checksums
34464 <code>MD5 (dfly-x86_64-5.4.0_REL.img) = 7277d7cffc92837c7d1c5dd11a11b98f</code>
34465 <code>MD5 (dfly-x86_64-5.4.0_REL.iso) = 6da7abf036fe9267479837b3c3078408</code>
34466 <code>MD5 (dfly-x86_64-5.4.0_REL.img.bz2) = a77a072c864f4b72fd56b4250c983ff1</code>
34467 <code>MD5 (dfly-x86_64-5.4.0_REL.iso.bz2) = 4dbfec6ccfc1d59c5049455db914d499</code></li>
34468 <li>Downloads Links</li>
34469 </ul>
34470 <blockquote>DragonFly BSD is 64-bit only, as announced during the 3.8 release.</blockquote>
34471 <ul>
34472 <li>USB: dfly-x86_64-5.4.0_REL.img as bzip2 file</li>
34473 <li>ISO: dfly-x86_64-5.4.0_REL.iso as bzip2 file</li>
34474 <li>Uncompressed ISO: dfly-x86_64-5.4.0_REL.iso (For use with VPS providers as an install image.)</li>
34475 </ul>
34476
34477 <hr />
34478 <a href="https://cryogenix.net/gophernicus.html">Down the Gopher hole with OpenBSD, Gophernicus, and TLS</a>
34479 <blockquote>In the early 2000s I thought I had seen the worst of the web - Java applets, Macromedia (&gt;Adobe) Flash, animated GIFs, javascript snow that kept you warm in the winter by burning out your CPU, and so on. For a time we learned from these mistakes, and started putting the burden on the server-side - then with improvements in javascript engines we started abusing it again with JSON/AJAX and it all went down hill from there.</blockquote>
34480 <blockquote>Like cloud computing, blockchains, machine learning and a tonne of other a la mode technologies around today - most users and service providers don’t need websites that consume 1GB of memory processing JS and downloading 50MB of compressed data just to read Alice’s one-page travel blog or Bob’s notes on porting NetBSD to his blood-pressure monitor.</blockquote>
34481 <blockquote>Before the HTTP web we relied on Prestel/Minitel style systems, BBS systems, and arguably the most accessible of all - Gopher! Gopher was similar to the locally accessed AmigaGuide format, in that it allowed users to search and retrieve documents interactively, with links and cross-references. Its efficiency and distraction-free nature make it attractive to those who are tired of the invasive, clickbait, ad-filled, javascript-laden web2/3.x. But enough complaining and evangelism - here’s how to get your own Gopher Hole!</blockquote>
34482 <blockquote>Gophernicus is a modern gopher daemon which aims to be secure (although it still uses inetd -_-); it’s even in OpenBSD ports so at least we can rely on it to be reasonably audited.</blockquote>
34483 <blockquote>If you need a starting point with Gopher, SDF-EU’s wiki has a good article here.</blockquote>
34484 <ul>
34485 <li><a href="https://sdfeu.org/w/tutorials:gopher">https://sdfeu.org/w/tutorials:gopher</a></li>
34486 </ul>
34487 <blockquote>Finally, if you don’t like gopher(1) - there’s always lynx(1) or NCSA Mosaic!</blockquote>
34488 <ul>
34489 <li><a href="https://cryogenix.net/NCSA_Mosaic_OpenBSD.html">https://cryogenix.net/NCSA_Mosaic_OpenBSD.html</a></li>
34490 </ul>
34491 <blockquote>I’ve added TLS support to Gophernicus so you don’t need to use stunnel anymore. The code is ugly and unpolished though so I wouldn’t recommend for production use.</blockquote>
34492 <ul>
34493 <li><a href="https://github.com/0x16h/gophernicus">https://github.com/0x16h/gophernicus</a></li>
34494 <li><a href="https://github.com/0x16h/gophernicus/blob/master/INSTALL.openbsd">https://github.com/0x16h/gophernicus/blob/master/INSTALL.openbsd</a></li>
34495 </ul>
34496
34497 <hr />
34498 News Roundup
34499 <a href="https://jcs.org/2018/11/12/vfio">OpenBSD in Stereo with Linux VFIO</a>
34500 <blockquote>I use a Huawei Matebook X as my primary OpenBSD laptop and one aspect of its hardware support has always been lacking: audio never played out of the right-side speaker. The speaker did actually work, but only in Windows and only after the Realtek Dolby Atmos audio driver from Huawei was installed. Under OpenBSD and Linux, and even Windows with the default Intel sound driver, audio only ever played out of the left speaker.
34501 Now, after some extensive reverse engineering and debugging with the help of VFIO on Linux, I finally have audio playing out of both speakers on OpenBSD.</blockquote>
34502 <ul>
34503 <li>VFIO</li>
34504 </ul>
34505 <blockquote>The Linux kernel has functionality called VFIO which enables direct access to a physical device (like a PCI card) from userspace, usually passing it to an emulator like QEMU.
34506 To my surprise, these days, it seems to be primarily by gamers who boot Linux, then use QEMU to run a game in Windows and use VFIO to pass the computer’s GPU device through to Windows.
34507 By using Linux and VFIO, I was able to boot Windows 10 inside of QEMU and pass my laptop’s PCI audio device through to Windows, allowing the Realtek audio drivers to natively control the audio device. Combined with QEMU’s tracing functionality, I was able to get a log of all PCI I/O between Windows and the PCI audio device.</blockquote>
34508 <ul>
34509 <li>Using VFIO</li>
34510 </ul>
34511 <blockquote>To use VFIO to pass-through a PCI device, it first needs to be stubbed out so the Linux kernel’s default drivers don’t attach to it. GRUB can be configured to instruct the kernel to ignore the PCI audio device (8086:9d71) and explicitly enable the Intel IOMMU driver by adding the following to /etc/default/grub and running update-grub
34512 With the audio device stubbed out, a new VFIO device can be created from it
34513 Then the VFIO device (00:1f.3) can be passed to QEMU
34514 I was using my own build of QEMU for this, due to some custom logging I needed (more on that later), but the default QEMU package should work fine. The events.txt was a file of all VFIO events I wanted logged (which was all of them).
34515 Since I was frequently killing QEMU and restarting it, Windows 10 wanted to go through its unexpected shutdown routine each time (and would sometimes just fail to boot again). To avoid this and to get a consistent set of logs each time, I used qemu-img to take a snapshot of a base image first, then boot QEMU with that snapshot. The snapshot just gets thrown away the next time qemu-img is run and Windows always starts from a consistent state.
34516 QEMU will now log each VFIO event which gets saved to a debug-output file.
34517 With a full log of all PCI I/O activity from Windows, I compared it to the output from OpenBSD and tried to find the magic register writes that enabled the second speaker. After days of combing through the logs and annotating them by looking up hex values in the documentation, diffing runtime register values, and even brute-forcing it by mechanically duplicating all PCI I/O activity in the OpenBSD driver, nothing would activate the right speaker.
34518 One strange thing that I noticed was if I booted Windows 10 in QEMU and it activated the speaker, then booted OpenBSD in QEMU without resetting the PCI device’s power in-between (as a normal system reboot would do), both speakers worked in OpenBSD and the configuration that the HDA controller presented was different, even without any changes in OpenBSD.</blockquote>
34519 <blockquote>A Primer on Intel HDA
34520 Most modern computers with integrated sound chips use an Intel High Definition Audio (HDA) Controller device, with one or more codecs (like the Realtek ALC269) hanging off of it. These codecs do the actual audio processing and communicate with DACs and ADCs to send digital audio to the connected speakers, or read analog audio from a microphone and convert it to a digital input stream. In my Huawei Matebook X, this is done through a Realtek ALC298 codec.
34521 On OpenBSD, these HDA controllers are supported by the azalia(4) driver, with all of the per-codec details in the lengthy azalia_codec.c file. This file has grown quite large with lots of codec- and machine-specific quirks to route things properly, toggle various GPIO pins, and unmute speakers that are for some reason muted by default.
34522 The azalia driver talks to the HDA controller and sets up various buffers and then walks the list of codecs. Each codec supports a number of widget nodes which can be interconnected in various ways. Some of these nodes can be reconfigured on the fly to do things like turning a microphone port into a headphone port.
34523 The newer Huawei Matebook X Pro released a few months ago is also plagued with this speaker problem, although it has four speakers and only two work by default. A fix is being proposed for the Linux kernel which just reconfigures those widget pins in the Intel HDA driver. Unfortunately no pin reconfiguration is enough to fix my Matebook X with its two speakers.
34524 While reading more documentation on the HDA, I realized there was a lot more activity going on than I was able to see through the PCI tracing.
34525 For speed and efficiency, HDA controllers use a DMA engine to transfer audio streams as well as the commands from the OS driver to the codecs. In the output above, the CORBWP=0; size=256 and RIRBRP=0, size=256 indicate the setup of the CORB (Command Output Ring Buffer) and RIRB (Response Input Ring Buffer) each with 256 entries. The HDA driver allocates a DMA address and then writes it to the two CORBLBASE and CORBUBASE registers, and again for the RIRB.
34526 When the driver wants to send a command to a codec, such as CORB_GET_PARAMETER with a parameter of COP_VOLUME_KNOB_CAPABILITIES, it encodes the codec address, the node index, the command verb, and the parameter, and then writes that value to the CORB ring at the address it set up with the controller at initialization time (CORBLBASE/CORBUBASE) plus the offset of the ring index. Once the command is on the ring, it does a PCI write to the CORBWP register, advancing it by one. This lets the controller know a new command is queued, which it then acts on and writes the response value on the RIRB ring at the same position as the command (but at the RIRB’s DMA address). It then generates an interrupt, telling the driver to read the new RIRBWP value and process the new results.
34527 Since the actual command contents and responses are handled through DMA writes and reads, these important values weren’t showing up in the VFIO PCI trace output that I had gathered. Time to hack QEMU.</blockquote>
34528 <ul>
34529 <li>Logging DMA Memory Values in QEMU</li>
34530 </ul>
34531 <blockquote>Since DMA activity wouldn’t show up through QEMU’s VFIO tracing and I obviously couldn’t get Windows to dump these values like I could in OpenBSD, I could make QEMU recognize the PCI write to the CORBWP register as an indication that a command has just been written to the CORB ring.
34532 My custom hack in QEMU adds some HDA awareness to remember the CORB and RIRB DMA addresses as they get programmed in the controller. Then any time a PCI write to the CORBWP register is done, QEMU fetches the new CORB command from DMA memory, decodes it into the codec address, node address, command, and parameter, and prints it out. When a PCI read of the RIRBWP register is requested, QEMU reads the response and prints the corresponding CORB command that it stored earlier.
34533 With this hack in place, I now had a full log of all CORB commands and RIRB responses sent to and read from the codec:
34534 An early version of this patch left me stumped for a few days because, even after submitting all of the same CORB commands in OpenBSD, the second speaker still didn’t work. It wasn’t until re-reading the HDA spec that I realized the Windows driver was submitting more than one command at a time, writing multiple CORB entries and writing a CORBWP value that was advanced by two. This required turning my CORB/RIRB reading into a for loop, reading each new command and response between the new CORBWP/RIRBWP value and the one previously seen.
34535 Sure enough, the magic commands to enable the second speaker were sent in these periods where it submitted more than one command at a time.</blockquote>
34536 <ul>
34537 <li>Minimizing the Magic</li>
34538 </ul>
34539 <blockquote>The full log of VFIO PCI activity from the Windows driver was over 65,000 lines and contained 3,150 CORB commands, which is a lot to sort through. It took me a couple more days to reduce that down to a small subset that was actually required to activate the second speaker, and that could only be done through trial and error:</blockquote>
34540 <ul>
34541 <li>Boot OpenBSD with the full list of CORB commands in the azalia driver</li>
34542 <li>Comment out a group of them</li>
34543 <li>Compile kernel and install it, halt the QEMU guest</li>
34544 <li>Suspend and wake the laptop, resetting PCI power to the audio device to reset the speaker/Dolby initialization and ensure the previous run isn’t influencing the current test (I’m guessing there is an easier to way to reset PCI power than suspending the laptop, but oh well)</li>
34545 <li>Start QEMU, boot OpenBSD with the new kernel</li>
34546 <li>Play an MP3 with mpg123 which has alternating left- and right-channel audio and listen for both channels to play</li>
34547 </ul>
34548 <blockquote>This required a dozen or so iterations because sometimes I’d comment out too many commands and the right speaker would stop working. Other times the combination of commands would hang the controller and it wouldn’t process any further commands. At one point the combination of commands actually flipped the channels around so the right channel audio was playing through the left speaker.</blockquote>
34549 <ul>
34550 <li>The Result</li>
34551 </ul>
34552 <blockquote>After about a week of this routine, I ended up with a list of 662 CORB commands that are needed to get the second speaker working. Based on the number of repeated-but-slightly-different values written with the 0x500 and 0x400 commands, I’m guessing this is some kind of training data and that this is doing the full Dolby/Atmos system initialization, not just turning on the second speaker, but I could be completely wrong.
34553 In any case, the stereo sound from OpenBSD is wonderful now and I can finally stop downmixing everything to mono to play from the left speaker. In case you ever need to do this, sndiod can be run with -c 0:0 to reduce the channels to one.
34554 Due to the massive size of the code needed for this quirk, I’m not sure if I’ll be committing it upstream in OpenBSD or just saving it for my own tree. But at least now the hardware support chart for my Matebook is all yeses for the things I care about.
34555 I’ve also updated the Linux bug report that I opened before venturing down this path, hoping one of the maintainers of that HDA code that works at Intel or Realtek knew of a solution I could just port to OpenBSD. I’m curious to see what they’ll do with it.</blockquote>
34556
34557 <hr />
34558 <a href="https://virtuallyfun.com/wordpress/2018/11/26/why-bsd-os-is-the-best-candidate-for-being-the-only-tested-legally-open-unix/">Why BSD/OS is the best candidate for being the only tested legally open UNIX</a>
34559 <ul>
34560 <li>Introduction</li>
34561 </ul>
34562 <blockquote>The UNIX® system is an old operating system, possibly older than many of the readers of this post. However, despite its age, it still has not been open sourced completely. In this post, I will try to detail which parts of which UNIX systems have not yet been open sourced. I will focus on the legal situation in Germany in particular, taking it representative of European law in general – albeit that is a stretch, knowing the diversity of European jurisdictions. Please note that familiarity with basic terms of copyright law is assumed.</blockquote>
34563 <ul>
34564 <li>Ancient UNIX</li>
34565 </ul>
34566 <blockquote>The term “Ancient UNIX” refers to the versions of UNIX up to and including Seventh Edition UNIX (1979) including the 32V port to the VAX. Ancient UNIX was created at Bell Laboratories, a subsidiary of AT&amp;T at the time. It was later transferred of the AT&amp;T UNIX Support Group, then AT&amp;T Information Systems and finally the AT&amp;T subsidiary UNIX System Laboratories, Inc. (USL). The legal situation differs between the United States of America and Germany.
34567 In a ruling as part of the UNIX System Laboratories, Inc. v. Berkeley Software Design, Inc. (USL v. BSDi) case, a U.S. court found that USL had no copyright to the Seventh Edition UNIX system and 32V – arguably, by extension, all earlier versions of Ancient UNIX as well – because USL/AT&amp;T had failed to affix copyright notices and could not demonstrate a trade secret. Due to the obsessive tendency of U.S. courts to consider themselves bound to precedents (cf. the infamous Pierson v. Post case), it can be reasonably expected that this ruling would be honored and applied in subsequent cases. Thus under U.S. law, Ancient UNIX can be safely assumed to belong in the public domain.
34568 The situation differs in Germany. Unlike the U.S., copyright never needed registration in order to exist. Computer programs are works in the sense of the German 1965 Act on Copyright and Related Rights (Copyright Act, henceforth CopyA) as per CopyA § 2(1) no. 1. Even prior to the amendment of CopyA § 2(1) to include computer programs, computer programs have been recognized as copyrightable works by the German Supreme Court (BGHZ 112, 264 Betriebssystem, no. 19); CopyA § 137d(1) rightly clarifies that. The copyright holder at 1979 would still have been USL via Bell Labs and AT&amp;T. Copyright of computer programs is transferred to the employer upon creation under CopyA § 69(1).
34569 Note that this does not affect expiry (Daniel Kaboth/Benjamin Spies, commentary on CopyA §§ 69a‒69g, in: Hartwig Ahlberg/Horst-Peter Götting (eds.), Urheberrecht: UrhG, KUG, VerlG, VGG, Kommentar, 4th ed., C. H. Beck, 2018, no. 16 ad CopyA § 69b; cf. Bundestag-Drucksache [BT-Drs.] 12/4022, p. 10). Expiry occurs 70 years after the death of the (co-)author that died most recently as per CopyA § 65(1) and 64; this has been the case since at least the 1960s, meaning there is no way for copyright to have expired already (old version, as per Bundesgesetzblatt Part I No. 51 of September 16, 1965, pp. 1273‒1294).
34570 In Germany, private international law applies the so-called “Territorialitätsprinzip” for intellectual property rights. This means that the effect of an intellectual property right is limited to the territory of a state (Anne Lauber-Rönsberg, KollisionsR, in: Hartwig Ahlberg/Horst-Peter Götting (eds.), ibid., pp. 2241 et seqq., no. 4). Additionally, the “Schutzlandprinzip” applies; this means that protection of intellectual property follows the lex loci protectionis, i.e. the law of the country for which protection is sought (BGH GRUR 2015, 264 HiHotel II, no. 25; BGH GRUR 2003, 328 Sender Felsberg, no. 24), albeit this is criticized in parts of doctrine (Lauber-Rönsberg, ibid., no. 10). The “Schutzlandprinzip” requires that the existence of an intellectual property right be verified as well (BGH ZUM 2016, 522 Wagenfeld-Leuchte II, no. 19).
34571 Thus, in Germany, copyright on Ancient UNIX is still alive and well. Who has it, though? A ruling by the U.S. Court of Appeals, Tenth Circuit, in the case of The SCO Group, Inc. v. Novell, Inc. (SCO v. Novell) in the U.S. made clear that Novell owns the rights to System V – thus presumably UNIX System III as well – and Ancient UNIX, though SCO acquired enough rights to develop UnixWare/OpenServer (Ruling 10-4122 [D.C. No. 2:04-CV-00139-TS], pp. 19 et seq.). Novell itself was purchased by the Attachmate Group, which was in turn acquired by the COBOL vendor Micro Focus. Therefore, the rights to SVRX and – outside the U.S. – are with Micro Focus right now. If all you care about is the U.S., you can stop reading about Ancient UNIX here.
34572 So how does the Caldera license factor into all of this? For some context, the license was issued January 23, 2002 and covers Ancient UNIX (V1 through V7 including 32V), specifically excluding System III and System V. Caldera, Inc. was founded in 1994. The Santa Cruz Operation, Inc. sold its rights to UNIX to Caldera in 2001, renamed itself to Tarantella Inc. and Caldera renamed itself The SCO Group. Nemo plus iuris ad alium transferre potest quam ipse habet; no one can transfer more rights than he has. The question now becomes whether Caldera had the rights to issue the Caldera license.
34573 I’ve noted it above but it needs restating: Foreign decisions are not necessarily accepted in Germany due to the “Territorialitätsprinzip” and “Schutzlandprinzip” – however, I will be citing a U.S. ruling for its assessment of the facts for the sake of simplicity. As per ruling 10-4122, “The district court found the parties intended for SCO to serve as Novell’s agent with respect to the old SVRX licenses and the only portion of the UNIX business transferred outright under the APA [asset purchase agreement] was the ability to exploit and further develop the newer UnixWare system. SCO was able to protect that business because it was able to copyright its own improvements to the system. The only reason to protect the earlier UNIX code would be to protect the existing SVRX licenses, and the court concluded Novell retained ultimate control over that portion of the business under the APA.” The relevant agreements consist of multiple pieces:
34574 the base Asset Purchase Agreement “APA” (Part I)
34575 the base Asset Purchase Agreement “APA” (Part II)
34576 the Operating Agremeent and Amendment 1 to the APA
34577 the Amendment 2 to the APA
34578 The APA dates September 19, 1995, from before the Caldera license. Caldera cannot possibly have acquired rights that The Santa Cruz Operation, Inc. itself never had. Furthermore, I’ve failed to find any mention of Ancient UNIX; all that is transferred is rights to SVRX. Overall, I believe that the U.S. courts’ assesment of the facts represents the situation accurately. Thus for all intents and purposes, UNIX up to and including System V remained with Novell/Attachmate/Micro Focus. Caldera therefore never had any rights to Ancient UNIX, which means it never had the rights to issue the Caldera license. The Caldera license is null and void – in the U.S. because the copyright has been lost due to formalities, everywhere else because Caldera never had the rights to issue it.
34579 The first step to truly freeing UNIX would this be to get Micro Focus to re-issue the Caldera license for Ancient UNIX, ideally it would now also include System III and System V.</blockquote>
34580 <ul>
34581 <li>BSD/OS</li>
34582 </ul>
34583 <blockquote>Another operating system near UNIX is of interest. The USL v. BSDi lawsuit includes two parties: USL, which we have seen above, and Berkeley Software Design, Inc. BSDi sold BSD/386 (later BSD/OS), which was a derivative of 4.4BSD. The software parts of the BSDi company were acquired by Wind River Systems, whereas the hardware parts went to iXsystems. Copyright is not disputed there, though Wind River Systems ceased selling BSD/OS products 15 years ago, in 2003. In addition, Wind River System let their trademark on BSD expire, though this is without consequence for copyright.
34584 BSD/OS is notable in the sense that it powered much of early internet infrastructure. Traces of its legacy can still be found on Richard Stevens’ FAQ.
34585 To truly make UNIX history free, BSD/OS would arguably also need to see a source code release. BSD/OS at least in its earliest releases under BSDi would ship with source code, though under a non-free license, far from BSD or even GPL licensing.</blockquote>
34586 <ul>
34587 <li>System V</li>
34588 </ul>
34589 <blockquote>The fate of System V as a whole is difficult to determine. Various licenses have been granted to a number of vendors (Dell UNIX comes to mind; HP for HP-UX, IBM for AIX, SGI UNIX, etc.). Sun released OpenSolaris – notoriously, Oracle closed the source to Solaris again after its release –, which is a System V Release 4 descendant. However, this means nothing for the copyright or licensing status of System V itself. Presumably, the rights with System V still remain with Novell (now Micro Focus): SCO managed to sublicense rights to develop and sell UnixWare/OpenServer, themselves System V/III descendants, to unXis, Inc. (now known as Xinuos, Inc.), which implies that Xinuos is not the copyright holder of System V.
34590 Obviously, to free UNIX, System V and its entire family of descendants would also need to be open sourced. However, I expect tremendous resistance on part of all the companies mentioned. As noted in the “Ancient UNIX” section, Micro Focus alone would probably be sufficient to release System V, though this would mean nothing for the other commercial System V derivatives.</blockquote>
34591 <ul>
34592 <li>Newer Research UNIX</li>
34593 </ul>
34594 <blockquote>The fate of Bell Labs would be a different one; it would go on to be purchased by Lucent, now part of Nokia. After commercial UNIX got separated out to USL, Research UNIX would continue to exist inside of Bell Labs. Research UNIX V8, V9 and V10 were not quite released by Alcatel-Lucent USA Inc. and Nokia in 2017.
34595 However, this is merely a notice that the companies involved will not assert their copyrights only with respect to any non-commercial usage of the code. It is still not possible, over 30 years later, to freely use the V8 code.</blockquote>
34596 <ul>
34597 <li>Conclusion
34598 In the U.S., Ancient UNIX is freely available. People located everywhere else, however, are unable to legally obtain UNIX code for any of the systems mentioned above. The exception being BSD/OS, assuming a purchase of a legitimate copy of the source code CD. This is deeply unsatisfying and I implore all involved companies to consider open sourcing (preferably under a BSD-style license) their code older than a decade, if nothing else, then at least for the sake of historical purposes. I would like to encourage everybody reading this to consider reaching out to Micro Focus and Wind River Systems about System V and BSD/OS, respectively. Perhaps the masses can change their minds.</li>
34599 </ul>
34600 <blockquote>A small note about patents: Some technologies used in newer iterations of the UNIX system (in particular the System V derivatives) may be encumbered with software patents. An open source license will not help against patent infringement claims. However, the patents on anything used in the historical operating systems will certainly have expired by now. In addition, European readers can ignore this entirely – software patents just aren’t a thing.</blockquote>
34601
34602 <hr />
34603 <a href="https://labs.ripe.net/Members/claudio_jeker/openbgpd-adding-diversity-to-route-server-landscape">OpenBGPD - Adding Diversity to the Route Server Landscape</a>
34604 <ul>
34605 <li>Introduction</li>
34606 </ul>
34607 <blockquote>As of last year, there was effectively only a single solution in the Route Server vendor market: the BIRD Internet routing daemon. <a href="http://NIC.CZ">NIC.CZ</a> (the organisation developing BIRD) has done fantastic work on maintaining their BGP-4 implementation, however, it’s not healthy to have virtually every Internet Exchange Point (IXP) in the RIPE NCC service region depend on a single open source project. The current situation can be compared to the state of the DNS root nameservers back in 2002 - their dependence on the BIND nameserver daemon and the resulting development of NSD as an alternative by NLnet, in cooperation with the RIPE NCC.
34608 OpenBGPD used to be one of the most popular Route Server implementations until the early 2010s. OpenBGPD’s main problem was that its performance couldn’t keep up with the Internet’s growth, so it lost market share. An analysis by Job Snijders suggested that a modernised OpenBGPD distribution would be a most viable option to regain diversity on the Route Server level.</blockquote>
34609 <ul>
34610 <li>Missing features in OpenBGPD</li>
34611 </ul>
34612 <blockquote>The following main missing features were identified in OpenBGPD:</blockquote>
34613 <ul>
34614 <li>Performance</li>
34615 </ul>
34616 <blockquote>In previous versions of OpenBGPD, the filtering performance didn’t allow proper filtering of all EBGP sessions. Current best practice at IXP Route Servers is to carefully evaluate and validate of all routes learned from EBGP peers. The OpenBGPD ruleset required to do correct filtering (in many deployment scenarios) was simply too lengthy - and negatively impacted service performance during configuration reloads. While filtering performance is the biggest bottleneck, general improvements to the Routing Information Base were also made to improve scalability. IXP Route Servers with a few hundred peering sessions are commonplace and adding new sessions shouldn’t impact the Route Servers’ service to other peers. We found that performance was the most pressing issue that needed to be tackled.</blockquote>
34617 <ul>
34618 <li>Lack of RPKI Origin Validation</li>
34619 </ul>
34620 <blockquote>As we’ve seen, Internet operators are moving to adopt RPKI based BGP Origin Validation. While it was theoretically possible to emulate RFC 6811-style Origin Validation in previous versions of OpenBGPD, the required configuration wasn’t optimised for performance and wasn’t user friendly. We believe that BGP Origin Validation should be as easy as possible - this requires BGP-4 vendors to implement native, optimised routines for Origin Validation. Of course, enabling Origin Validation shouldn’t have an impact on performance either when processing BGP updates or when updating the Route Origin Authorisation (ROA) table itself.</blockquote>
34621 <ul>
34622 <li>Portability</li>
34623 </ul>
34624 <blockquote>OpenBGPD is an integral part of OpenBSD, but IXPs may prefer to run their services infrastructure on an operating system of their choice. Making sure that there’s a portable OpenBGPD version which follows the OpenBSD project release cycle will give IXPs this option.</blockquote>
34625 <ul>
34626 <li>Development steps</li>
34627 </ul>
34628 <blockquote>By addressing the issues mentioned above, we could bring back OpenBGPD as a viable Route Server implementation.
34629 Since I was one of the core OpenBGPD developers, I was asked if I wanted to pick up this project again. Thanks to the funding from the RIPE NCC Project Fund, this was possible. Starting in June 2018, I worked full time on this important community project. Over the last few months, many of the problems are already addressed and are now part of the OpenBSD 6.4 release. So far, 154 commits were made to OpenBGPD during the 6.4 development cycle - around 8% of all commits ever to OpenBGPD! This shows that due to funding and dedicated resources, a lot of work could be pushed into the latest release of OpenBGPD.</blockquote>
34630 <ul>
34631 <li>OpenBGPD 6.4</li>
34632 </ul>
34633 <blockquote>The OpenBGPD version, as part of OpenBSD 6.4 release, demonstrates great progress. Even though there have been many changes to the core of OpenBGPD, the released version is as solid and reliable as previous releases and the many bug fixes and improvements make this the best OpenBGPD release so far. The changes in the filter language allow users to write more efficient rulesets while the introduction of RPKI origination validation fixes an important missing feature. For IXPs, OpenBGPD now is an alternative again. There are still open issues, but the gap is closing!</blockquote>
34634 <ul>
34635 <li>Feature highlights</li>
34636 </ul>
34637 <blockquote>The following changes should be highlighted:</blockquote>
34638 <ul>
34639 <li>Introduction of background soft-reconfiguration on config reload. Running the soft-reconfiguration task in the background allows for new updates and withdraws to be processed at the same time. This improves convergence time - one of the key metrics for Route Servers.</li>
34640 <li>BGP Origin Validation when a roa-set is configured Every EBGP route announcement is validated against the locally configured VRP table entries. Depending on the validation process’s outcome, the validation state is set to valid, invalid or not found. The filter language has been extended to allow checking for the origin validation state, and thanks to this, it is possible to deny invalid prefixes or regard valid prefixes different to the ones that aren’t found. The roa-set table is read from the configuration file and updated during configuration reloads. On production systems reloading the roa-set and applying it to all prefixes is done in a couple of seconds.</li>
34641 <li>Fast prefix-set lookups In OpenBSD 6.3 prefix-sets got introduced in OpenBGPD. A prefix-set combines many prefix lookups into a single filter rule. The original implementation wasn’t optimised but now a fast trie lookup is used. Thanks to this, large IRR DB prefix tables can now be implemented efficiently.</li>
34642 <li>Introduction of as-sets Similar to prefix-sets, as-sets help group many AS numbers into a single lookup. Thanks to this, large IRR DB origin AS tables can be implemented efficiently.
34643 Introduction of origin-sets</li>
34644 <li>Looking at the configurations of Route Servers doing full filtering, it was noticed that a common lookup was binding a prefix to an origin AS - similar to how a roa-set is used for RPKI. These origin-set tables are used to extend the IRR prefix lookup and generated from alternative sources.</li>
34645 <li>Improving third party tools</li>
34646 </ul>
34647 <blockquote>Users can only benefit from the changes introduced in OpenBGPD 6.4 when the surrounding 3rd party tools are adjusted accordingly. Two opensource projects such as bgpq3 and arouteserver are frequently used by network operators and IXPs to generate BGP configurations. Thanks to our contributions to those projects, we were able to get them ready for all the new features in OpenBGPD.</blockquote>
34648 <ul>
34649 <li>bgpq3 was extended to create as-set and prefix-set tables based on IRR DB entries. This is replacing the old way of doing the same with a large amount of filter rules. Thanks to the quick response from the bgpq3 maintainer, it was possible to ship OpenBSD 6.4 with a bgpq3 package that includes all the new features.</li>
34650 <li>arouteserver was adjusted to implement RPKI roa-set, as-set, prefix-set, and origin-set to generate a much better-performing configurations for the 6.4 version. With the v0.20.0 release of arouteserver, IXPs are able to generate an OpenBGPD configuration which is a ton faster but also implements the new functionalities. Looking at YYCIX (the resident IXP in Calgary, Canada) the ruleset generated by arouteserver was reduced from 370,000 rules to well under 6,000 rules. This resulted in the initial convergence time dropping from over 1 hour to less than 2 minutes, and subsequent configuration reloads are hitless and no longer noticeable.</li>
34651 <li>What still needs to be done</li>
34652 </ul>
34653 <blockquote>A sizeable chunk of work still left on the table is the rework of the RIB data structures in OpenBGPD - these haven’t been changed since the initial design of OpenBGPD in 2003. There’s currently ongoing work (in small steps, to avoid jeopardising the stability of OpenBGPD) to modernise these data-structures. The goal is to provide better decoupling of the filter step from storing RIB database changes, to pave the way to multi-threaded operations at a later point.</blockquote>
34654 <ul>
34655 <li>Looking forward</li>
34656 <li>Job Snijders oversaw this year’s fundraising and project management, he adds:</li>
34657 </ul>
34658 <blockquote>It’s been incredibly productive to create an environment where a core developer is allowed to work full time on the OpenBGPD code base. However, it’s important to note there still is room for a number of new features to help improve its operational capabilities (such as BMP, RFC 7313, ADD_PATH, etc). It’d be beneficial to the Internet community at large if we can extend Claudio Jeker’s involvement for another year. Open source software doesn’t grow on trees! Strategic investments are the only way to keep OpenBGPD’s roadmap aligned with Internet growth and operator requirements.</blockquote>
34659
34660 <hr />
34661 Beastie Bits
34662 <ul>
34663 <li><a href="http://lists.dragonflybsd.org/pipermail/commits/2018-November/718130.html">DragonFly - git: annotated tag v5.5.0 created</a></li>
34664 <li><a href="https://www.youtube.com/watch?v=Qvj7Mkr13d8">Torchlight 2 on NetBSD</a></li>
34665 <li><a href="https://www.usenix.org/system/files/login/articles/login_dec14_03_dawidek.pdf">Older, but still good USENIX Login Article on Capsicum</a></li>
34666 <li><a href="https://github.com/myfreeweb/capsicumizer">The Super Capsicumizer 9000</a></li>
34667 <li><a href="https://www.noc-ps.com/">Dedicated and Virtual Server PXE provisioning tool</a></li>
34668 <li><a href="https://cirrus-ci.org/guide/FreeBSD/">Cirrus CI have announced FreeBSD support</a></li>
34669 <li><a href="https://twitter.com/astr0baby/status/1065353771952336897">NetBSD PineBook Gameplay</a></li>
34670 <li><a href="http://www.bsdcan.org/2019/papers.php">BSDCan 2019 CfP is out</a></li>
34671 <li>Allan’s first ZFS array, Zulu, turned 7 years old on Nov 29th</li>
34672 </ul>
34673
34674 <hr />
34675 Feedback/Questions
34676 <ul>
34677 <li>Malcom - <a href="http://dpaste.com/35TNNX4">Installing Drivers in Development</a></li>
34678 <li>Samir - <a href="http://dpaste.com/2RCB37Y#wrap">Introduction to ZFS</a></li>
34679 <li>Newnix - <a href="http://dpaste.com/01YJ4EB#wrap">Drive Failures</a></li>
34680 </ul>
34681
34682 <hr />
34683 <ul>
34684 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
34685 </ul>
34686
34687 <hr />
34688 </description>
34689 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, Gopher, Linux VFIO, OpenBGPD, Capsicum, Pinebook</itunes:keywords>
34690 <content:encoded>
34691 <![CDATA[<p>DragonflyBSD 5.4 has been released, down the Gopher hole with OpenBSD, OpenBSD in stereo with VFIO, BSD/OS the best candidate for legally tested open source Unix, OpenBGPD adds diversity to the routing server landscape, and more.</p>
34692
34693 <h2>Headlines</h2>
34694
34695 <h3><a href="https://www.dragonflybsd.org/release54/">DragonflyBSD 5.4 released</a></h3>
34696
34697 <blockquote>DragonFly version 5.4 brings a new system compiler in GCC 8, improved NUMA support, a large of number network and virtual machine driver updates, and updates to video support. This release is 64-bit only, as with previous releases.
34698 The details of all commits between the 5.2 and 5.4 branches are available in the associated commit messages for 5.4.0rc and 5.4.0.</blockquote>
34699
34700 <ul>
34701 <li>Big-ticket items</li>
34702 <li>Much better support for asymmetric NUMA (Non-Uniform Memory Access) configurations. In particular, both the memory subsystem and the scheduler now understand the Threadripper 2990WX’s architecture. The scheduler will prioritize CPU nodes with direct-attached memory and the memory subsystem will normalize memory queues for CPU nodes without direct-attached memory (which improves cache locality on those CPUs).</li>
34703 <li>Incremental performance work. DragonFly as a whole is very SMP friendly. The type of performance work we are doing now mostly revolves around improving fairness for shared-vs-exclusive lock clashes, reducing cache ping-ponging due to non-contending SMP locks (i.e. massive use of shared locks on shared resources), and so forth.</li>
34704 <li>Major updates to dports brings us to within a week or two of FreeBSD’s ports as of this writing, in particular major updates to chromium, and making the whole mess work with gcc-8.</li>
34705 <li>Major rewriting of the tty clist code and the tty locking code, significantly improving concurrency across multiple ttys and ptys.</li>
34706 <li>GCC 8</li>
34707 <li>DragonFly now ships with GCC 8.0, and runs as the default compiler. It is also now used for building dports.</li>
34708 <li>GCC 4.7.4 and GCC 5.4.1 are still installed. 4.7.4 is our backup compiler, and 5.4.1 is still there to ensure a smooth transition, but should generally not be used. buildworld builds all three by default to ensure maximum compatibility.</li>
34709 <li>Many passes through world sources were made to address various warnings and errors the new GCC brought with it.</li>
34710 <li>HAMMER2</li>
34711 <li>HAMMER2 is recommended as the default root filesystem in non-clustered mode.</li>
34712 <li>Clustered support is not yet available.</li>
34713 <li>Increased bulkfree cache to reduce the number of iterations required.</li>
34714 <li>Fixed numerous bugs.</li>
34715 <li>Improved support on low-memory machines.</li>
34716 <li>Significant pre-work on the XOP API to help support future networked operations.</li>
34717 <li>Details</li>
34718 <li>Checksums
34719 <code>MD5 (dfly-x86_64-5.4.0_REL.img) = 7277d7cffc92837c7d1c5dd11a11b98f</code>
34720 <code>MD5 (dfly-x86_64-5.4.0_REL.iso) = 6da7abf036fe9267479837b3c3078408</code>
34721 <code>MD5 (dfly-x86_64-5.4.0_REL.img.bz2) = a77a072c864f4b72fd56b4250c983ff1</code>
34722 <code>MD5 (dfly-x86_64-5.4.0_REL.iso.bz2) = 4dbfec6ccfc1d59c5049455db914d499</code></li>
34723 <li>Downloads Links</li>
34724 </ul>
34725
34726 <blockquote>DragonFly BSD is 64-bit only, as announced during the 3.8 release.</blockquote>
34727
34728 <ul>
34729 <li>USB: dfly-x86_64-5.4.0_REL.img as bzip2 file</li>
34730 <li>ISO: dfly-x86_64-5.4.0_REL.iso as bzip2 file</li>
34731 <li>Uncompressed ISO: dfly-x86_64-5.4.0_REL.iso (For use with VPS providers as an install image.)</li>
34732 </ul>
34733
34734 <p><hr /></p>
34735
34736 <h3><a href="https://cryogenix.net/gophernicus.html">Down the Gopher hole with OpenBSD, Gophernicus, and TLS</a></h3>
34737
34738 <blockquote>In the early 2000s I thought I had seen the worst of the web - Java applets, Macromedia (>Adobe) Flash, animated GIFs, javascript snow that kept you warm in the winter by burning out your CPU, and so on. For a time we learned from these mistakes, and started putting the burden on the server-side - then with improvements in javascript engines we started abusing it again with JSON/AJAX and it all went down hill from there.</blockquote>
34739
34740 <blockquote>Like cloud computing, blockchains, machine learning and a tonne of other a la mode technologies around today - most users and service providers don’t need websites that consume 1GB of memory processing JS and downloading 50MB of compressed data just to read Alice’s one-page travel blog or Bob’s notes on porting NetBSD to his blood-pressure monitor.</blockquote>
34741
34742 <blockquote>Before the HTTP web we relied on Prestel/Minitel style systems, BBS systems, and arguably the most accessible of all - Gopher! Gopher was similar to the locally accessed AmigaGuide format, in that it allowed users to search and retrieve documents interactively, with links and cross-references. Its efficiency and distraction-free nature make it attractive to those who are tired of the invasive, clickbait, ad-filled, javascript-laden web2/3.x. But enough complaining and evangelism - here’s how to get your own Gopher Hole!</blockquote>
34743
34744 <blockquote>Gophernicus is a modern gopher daemon which aims to be secure (although it still uses inetd -_-); it’s even in OpenBSD ports so at least we can rely on it to be reasonably audited.</blockquote>
34745
34746 <blockquote>If you need a starting point with Gopher, SDF-EU’s wiki has a good article here.</blockquote>
34747
34748 <ul>
34749 <li><a href="https://sdfeu.org/w/tutorials:gopher">https://sdfeu.org/w/tutorials:gopher</a></li>
34750 </ul>
34751
34752 <blockquote>Finally, if you don’t like gopher(1) - there’s always lynx(1) or NCSA Mosaic!</blockquote>
34753
34754 <ul>
34755 <li><a href="https://cryogenix.net/NCSA_Mosaic_OpenBSD.html">https://cryogenix.net/NCSA_Mosaic_OpenBSD.html</a></li>
34756 </ul>
34757
34758 <blockquote>I’ve added TLS support to Gophernicus so you don’t need to use stunnel anymore. The code is ugly and unpolished though so I wouldn’t recommend for production use.</blockquote>
34759
34760 <ul>
34761 <li><a href="https://github.com/0x16h/gophernicus">https://github.com/0x16h/gophernicus</a></li>
34762 <li><a href="https://github.com/0x16h/gophernicus/blob/master/INSTALL.openbsd">https://github.com/0x16h/gophernicus/blob/master/INSTALL.openbsd</a></li>
34763 </ul>
34764
34765 <p><hr /></p>
34766
34767 <h2>News Roundup</h2>
34768
34769 <h3><a href="https://jcs.org/2018/11/12/vfio">OpenBSD in Stereo with Linux VFIO</a></h3>
34770
34771 <blockquote>I use a Huawei Matebook X as my primary OpenBSD laptop and one aspect of its hardware support has always been lacking: audio never played out of the right-side speaker. The speaker did actually work, but only in Windows and only after the Realtek Dolby Atmos audio driver from Huawei was installed. Under OpenBSD and Linux, and even Windows with the default Intel sound driver, audio only ever played out of the left speaker.
34772 Now, after some extensive reverse engineering and debugging with the help of VFIO on Linux, I finally have audio playing out of both speakers on OpenBSD.</blockquote>
34773
34774 <ul>
34775 <li>VFIO</li>
34776 </ul>
34777
34778 <blockquote>The Linux kernel has functionality called VFIO which enables direct access to a physical device (like a PCI card) from userspace, usually passing it to an emulator like QEMU.
34779 To my surprise, these days, it seems to be primarily by gamers who boot Linux, then use QEMU to run a game in Windows and use VFIO to pass the computer’s GPU device through to Windows.
34780 By using Linux and VFIO, I was able to boot Windows 10 inside of QEMU and pass my laptop’s PCI audio device through to Windows, allowing the Realtek audio drivers to natively control the audio device. Combined with QEMU’s tracing functionality, I was able to get a log of all PCI I/O between Windows and the PCI audio device.</blockquote>
34781
34782 <ul>
34783 <li>Using VFIO</li>
34784 </ul>
34785
34786 <blockquote>To use VFIO to pass-through a PCI device, it first needs to be stubbed out so the Linux kernel’s default drivers don’t attach to it. GRUB can be configured to instruct the kernel to ignore the PCI audio device (8086:9d71) and explicitly enable the Intel IOMMU driver by adding the following to /etc/default/grub and running update-grub
34787 With the audio device stubbed out, a new VFIO device can be created from it
34788 Then the VFIO device (00:1f.3) can be passed to QEMU
34789 I was using my own build of QEMU for this, due to some custom logging I needed (more on that later), but the default QEMU package should work fine. The events.txt was a file of all VFIO events I wanted logged (which was all of them).
34790 Since I was frequently killing QEMU and restarting it, Windows 10 wanted to go through its unexpected shutdown routine each time (and would sometimes just fail to boot again). To avoid this and to get a consistent set of logs each time, I used qemu-img to take a snapshot of a base image first, then boot QEMU with that snapshot. The snapshot just gets thrown away the next time qemu-img is run and Windows always starts from a consistent state.
34791 QEMU will now log each VFIO event which gets saved to a debug-output file.
34792 With a full log of all PCI I/O activity from Windows, I compared it to the output from OpenBSD and tried to find the magic register writes that enabled the second speaker. After days of combing through the logs and annotating them by looking up hex values in the documentation, diffing runtime register values, and even brute-forcing it by mechanically duplicating all PCI I/O activity in the OpenBSD driver, nothing would activate the right speaker.
34793 One strange thing that I noticed was if I booted Windows 10 in QEMU and it activated the speaker, then booted OpenBSD in QEMU without resetting the PCI device’s power in-between (as a normal system reboot would do), both speakers worked in OpenBSD and the configuration that the HDA controller presented was different, even without any changes in OpenBSD.</blockquote>
34794
34795 <blockquote>A Primer on Intel HDA
34796 Most modern computers with integrated sound chips use an Intel High Definition Audio (HDA) Controller device, with one or more codecs (like the Realtek ALC269) hanging off of it. These codecs do the actual audio processing and communicate with DACs and ADCs to send digital audio to the connected speakers, or read analog audio from a microphone and convert it to a digital input stream. In my Huawei Matebook X, this is done through a Realtek ALC298 codec.
34797 On OpenBSD, these HDA controllers are supported by the azalia(4) driver, with all of the per-codec details in the lengthy azalia_codec.c file. This file has grown quite large with lots of codec- and machine-specific quirks to route things properly, toggle various GPIO pins, and unmute speakers that are for some reason muted by default.
34798 The azalia driver talks to the HDA controller and sets up various buffers and then walks the list of codecs. Each codec supports a number of widget nodes which can be interconnected in various ways. Some of these nodes can be reconfigured on the fly to do things like turning a microphone port into a headphone port.
34799 The newer Huawei Matebook X Pro released a few months ago is also plagued with this speaker problem, although it has four speakers and only two work by default. A fix is being proposed for the Linux kernel which just reconfigures those widget pins in the Intel HDA driver. Unfortunately no pin reconfiguration is enough to fix my Matebook X with its two speakers.
34800 While reading more documentation on the HDA, I realized there was a lot more activity going on than I was able to see through the PCI tracing.
34801 For speed and efficiency, HDA controllers use a DMA engine to transfer audio streams as well as the commands from the OS driver to the codecs. In the output above, the CORBWP=0; size=256 and RIRBRP=0, size=256 indicate the setup of the CORB (Command Output Ring Buffer) and RIRB (Response Input Ring Buffer) each with 256 entries. The HDA driver allocates a DMA address and then writes it to the two CORBLBASE and CORBUBASE registers, and again for the RIRB.
34802 When the driver wants to send a command to a codec, such as CORB_GET_PARAMETER with a parameter of COP_VOLUME_KNOB_CAPABILITIES, it encodes the codec address, the node index, the command verb, and the parameter, and then writes that value to the CORB ring at the address it set up with the controller at initialization time (CORBLBASE/CORBUBASE) plus the offset of the ring index. Once the command is on the ring, it does a PCI write to the CORBWP register, advancing it by one. This lets the controller know a new command is queued, which it then acts on and writes the response value on the RIRB ring at the same position as the command (but at the RIRB’s DMA address). It then generates an interrupt, telling the driver to read the new RIRBWP value and process the new results.
34803 Since the actual command contents and responses are handled through DMA writes and reads, these important values weren’t showing up in the VFIO PCI trace output that I had gathered. Time to hack QEMU.</blockquote>
34804
34805 <ul>
34806 <li>Logging DMA Memory Values in QEMU</li>
34807 </ul>
34808
34809 <blockquote>Since DMA activity wouldn’t show up through QEMU’s VFIO tracing and I obviously couldn’t get Windows to dump these values like I could in OpenBSD, I could make QEMU recognize the PCI write to the CORBWP register as an indication that a command has just been written to the CORB ring.
34810 My custom hack in QEMU adds some HDA awareness to remember the CORB and RIRB DMA addresses as they get programmed in the controller. Then any time a PCI write to the CORBWP register is done, QEMU fetches the new CORB command from DMA memory, decodes it into the codec address, node address, command, and parameter, and prints it out. When a PCI read of the RIRBWP register is requested, QEMU reads the response and prints the corresponding CORB command that it stored earlier.
34811 With this hack in place, I now had a full log of all CORB commands and RIRB responses sent to and read from the codec:
34812 An early version of this patch left me stumped for a few days because, even after submitting all of the same CORB commands in OpenBSD, the second speaker still didn’t work. It wasn’t until re-reading the HDA spec that I realized the Windows driver was submitting more than one command at a time, writing multiple CORB entries and writing a CORBWP value that was advanced by two. This required turning my CORB/RIRB reading into a for loop, reading each new command and response between the new CORBWP/RIRBWP value and the one previously seen.
34813 Sure enough, the magic commands to enable the second speaker were sent in these periods where it submitted more than one command at a time.</blockquote>
34814
34815 <ul>
34816 <li>Minimizing the Magic</li>
34817 </ul>
34818
34819 <blockquote>The full log of VFIO PCI activity from the Windows driver was over 65,000 lines and contained 3,150 CORB commands, which is a lot to sort through. It took me a couple more days to reduce that down to a small subset that was actually required to activate the second speaker, and that could only be done through trial and error:</blockquote>
34820
34821 <ul>
34822 <li>Boot OpenBSD with the full list of CORB commands in the azalia driver</li>
34823 <li>Comment out a group of them</li>
34824 <li>Compile kernel and install it, halt the QEMU guest</li>
34825 <li>Suspend and wake the laptop, resetting PCI power to the audio device to reset the speaker/Dolby initialization and ensure the previous run isn’t influencing the current test (I’m guessing there is an easier to way to reset PCI power than suspending the laptop, but oh well)</li>
34826 <li>Start QEMU, boot OpenBSD with the new kernel</li>
34827 <li>Play an MP3 with mpg123 which has alternating left- and right-channel audio and listen for both channels to play</li>
34828 </ul>
34829
34830 <blockquote>This required a dozen or so iterations because sometimes I’d comment out too many commands and the right speaker would stop working. Other times the combination of commands would hang the controller and it wouldn’t process any further commands. At one point the combination of commands actually flipped the channels around so the right channel audio was playing through the left speaker.</blockquote>
34831
34832 <ul>
34833 <li>The Result</li>
34834 </ul>
34835
34836 <blockquote>After about a week of this routine, I ended up with a list of 662 CORB commands that are needed to get the second speaker working. Based on the number of repeated-but-slightly-different values written with the 0x500 and 0x400 commands, I’m guessing this is some kind of training data and that this is doing the full Dolby/Atmos system initialization, not just turning on the second speaker, but I could be completely wrong.
34837 In any case, the stereo sound from OpenBSD is wonderful now and I can finally stop downmixing everything to mono to play from the left speaker. In case you ever need to do this, sndiod can be run with -c 0:0 to reduce the channels to one.
34838 Due to the massive size of the code needed for this quirk, I’m not sure if I’ll be committing it upstream in OpenBSD or just saving it for my own tree. But at least now the hardware support chart for my Matebook is all yeses for the things I care about.
34839 I’ve also updated the Linux bug report that I opened before venturing down this path, hoping one of the maintainers of that HDA code that works at Intel or Realtek knew of a solution I could just port to OpenBSD. I’m curious to see what they’ll do with it.</blockquote>
34840
34841 <p><hr /></p>
34842
34843 <h3><a href="https://virtuallyfun.com/wordpress/2018/11/26/why-bsd-os-is-the-best-candidate-for-being-the-only-tested-legally-open-unix/">Why BSD/OS is the best candidate for being the only tested legally open UNIX</a></h3>
34844
34845 <ul>
34846 <li>Introduction</li>
34847 </ul>
34848
34849 <blockquote>The UNIX® system is an old operating system, possibly older than many of the readers of this post. However, despite its age, it still has not been open sourced completely. In this post, I will try to detail which parts of which UNIX systems have not yet been open sourced. I will focus on the legal situation in Germany in particular, taking it representative of European law in general – albeit that is a stretch, knowing the diversity of European jurisdictions. Please note that familiarity with basic terms of copyright law is assumed.</blockquote>
34850
34851 <ul>
34852 <li>Ancient UNIX</li>
34853 </ul>
34854
34855 <blockquote>The term “Ancient UNIX” refers to the versions of UNIX up to and including Seventh Edition UNIX (1979) including the 32V port to the VAX. Ancient UNIX was created at Bell Laboratories, a subsidiary of AT&T at the time. It was later transferred of the AT&T UNIX Support Group, then AT&T Information Systems and finally the AT&T subsidiary UNIX System Laboratories, Inc. (USL). The legal situation differs between the United States of America and Germany.
34856 In a ruling as part of the UNIX System Laboratories, Inc. v. Berkeley Software Design, Inc. (USL v. BSDi) case, a U.S. court found that USL had no copyright to the Seventh Edition UNIX system and 32V – arguably, by extension, all earlier versions of Ancient UNIX as well – because USL/AT&T had failed to affix copyright notices and could not demonstrate a trade secret. Due to the obsessive tendency of U.S. courts to consider themselves bound to precedents (cf. the infamous Pierson v. Post case), it can be reasonably expected that this ruling would be honored and applied in subsequent cases. Thus under U.S. law, Ancient UNIX can be safely assumed to belong in the public domain.
34857 The situation differs in Germany. Unlike the U.S., copyright never needed registration in order to exist. Computer programs are works in the sense of the German 1965 Act on Copyright and Related Rights (Copyright Act, henceforth CopyA) as per CopyA § 2(1) no. 1. Even prior to the amendment of CopyA § 2(1) to include computer programs, computer programs have been recognized as copyrightable works by the German Supreme Court (BGHZ 112, 264 Betriebssystem, no. 19); CopyA § 137d(1) rightly clarifies that. The copyright holder at 1979 would still have been USL via Bell Labs and AT&T. Copyright of computer programs is transferred to the employer upon creation under CopyA § 69(1).
34858 Note that this does not affect expiry (Daniel Kaboth/Benjamin Spies, commentary on CopyA §§ 69a‒69g, in: Hartwig Ahlberg/Horst-Peter Götting (eds.), Urheberrecht: UrhG, KUG, VerlG, VGG, Kommentar, 4th ed., C. H. Beck, 2018, no. 16 ad CopyA § 69b; cf. Bundestag-Drucksache [BT-Drs.] 12/4022, p. 10). Expiry occurs 70 years after the death of the (co-)author that died most recently as per CopyA § 65(1) and 64; this has been the case since at least the 1960s, meaning there is no way for copyright to have expired already (old version, as per Bundesgesetzblatt Part I No. 51 of September 16, 1965, pp. 1273‒1294).
34859 In Germany, private international law applies the so-called “Territorialitätsprinzip” for intellectual property rights. This means that the effect of an intellectual property right is limited to the territory of a state (Anne Lauber-Rönsberg, KollisionsR, in: Hartwig Ahlberg/Horst-Peter Götting (eds.), ibid., pp. 2241 et seqq., no. 4). Additionally, the “Schutzlandprinzip” applies; this means that protection of intellectual property follows the lex loci protectionis, i.e. the law of the country for which protection is sought (BGH GRUR 2015, 264 HiHotel II, no. 25; BGH GRUR 2003, 328 Sender Felsberg, no. 24), albeit this is criticized in parts of doctrine (Lauber-Rönsberg, ibid., no. 10). The “Schutzlandprinzip” requires that the existence of an intellectual property right be verified as well (BGH ZUM 2016, 522 Wagenfeld-Leuchte II, no. 19).
34860 Thus, in Germany, copyright on Ancient UNIX is still alive and well. Who has it, though? A ruling by the U.S. Court of Appeals, Tenth Circuit, in the case of The SCO Group, Inc. v. Novell, Inc. (SCO v. Novell) in the U.S. made clear that Novell owns the rights to System V – thus presumably UNIX System III as well – and Ancient UNIX, though SCO acquired enough rights to develop UnixWare/OpenServer (Ruling 10-4122 [D.C. No. 2:04-CV-00139-TS], pp. 19 et seq.). Novell itself was purchased by the Attachmate Group, which was in turn acquired by the COBOL vendor Micro Focus. Therefore, the rights to SVRX and – outside the U.S. – are with Micro Focus right now. If all you care about is the U.S., you can stop reading about Ancient UNIX here.
34861 So how does the Caldera license factor into all of this? For some context, the license was issued January 23, 2002 and covers Ancient UNIX (V1 through V7 including 32V), specifically excluding System III and System V. Caldera, Inc. was founded in 1994. The Santa Cruz Operation, Inc. sold its rights to UNIX to Caldera in 2001, renamed itself to Tarantella Inc. and Caldera renamed itself The SCO Group. Nemo plus iuris ad alium transferre potest quam ipse habet; no one can transfer more rights than he has. The question now becomes whether Caldera had the rights to issue the Caldera license.
34862 I’ve noted it above but it needs restating: Foreign decisions are not necessarily accepted in Germany due to the “Territorialitätsprinzip” and “Schutzlandprinzip” – however, I will be citing a U.S. ruling for its assessment of the facts for the sake of simplicity. As per ruling 10-4122, “The district court found the parties intended for SCO to serve as Novell’s agent with respect to the old SVRX licenses and the only portion of the UNIX business transferred outright under the APA [asset purchase agreement] was the ability to exploit and further develop the newer UnixWare system. SCO was able to protect that business because it was able to copyright its own improvements to the system. The only reason to protect the earlier UNIX code would be to protect the existing SVRX licenses, and the court concluded Novell retained ultimate control over that portion of the business under the APA.” The relevant agreements consist of multiple pieces:
34863 the base Asset Purchase Agreement “APA” (Part I)
34864 the base Asset Purchase Agreement “APA” (Part II)
34865 the Operating Agremeent and Amendment 1 to the APA
34866 the Amendment 2 to the APA
34867 The APA dates September 19, 1995, from before the Caldera license. Caldera cannot possibly have acquired rights that The Santa Cruz Operation, Inc. itself never had. Furthermore, I’ve failed to find any mention of Ancient UNIX; all that is transferred is rights to SVRX. Overall, I believe that the U.S. courts’ assesment of the facts represents the situation accurately. Thus for all intents and purposes, UNIX up to and including System V remained with Novell/Attachmate/Micro Focus. Caldera therefore never had any rights to Ancient UNIX, which means it never had the rights to issue the Caldera license. The Caldera license is null and void – in the U.S. because the copyright has been lost due to formalities, everywhere else because Caldera never had the rights to issue it.
34868 The first step to truly freeing UNIX would this be to get Micro Focus to re-issue the Caldera license for Ancient UNIX, ideally it would now also include System III and System V.</blockquote>
34869
34870 <ul>
34871 <li>BSD/OS</li>
34872 </ul>
34873
34874 <blockquote>Another operating system near UNIX is of interest. The USL v. BSDi lawsuit includes two parties: USL, which we have seen above, and Berkeley Software Design, Inc. BSDi sold BSD/386 (later BSD/OS), which was a derivative of 4.4BSD. The software parts of the BSDi company were acquired by Wind River Systems, whereas the hardware parts went to iXsystems. Copyright is not disputed there, though Wind River Systems ceased selling BSD/OS products 15 years ago, in 2003. In addition, Wind River System let their trademark on BSD expire, though this is without consequence for copyright.
34875 BSD/OS is notable in the sense that it powered much of early internet infrastructure. Traces of its legacy can still be found on Richard Stevens’ FAQ.
34876 To truly make UNIX history free, BSD/OS would arguably also need to see a source code release. BSD/OS at least in its earliest releases under BSDi would ship with source code, though under a non-free license, far from BSD or even GPL licensing.</blockquote>
34877
34878 <ul>
34879 <li>System V</li>
34880 </ul>
34881
34882 <blockquote>The fate of System V as a whole is difficult to determine. Various licenses have been granted to a number of vendors (Dell UNIX comes to mind; HP for HP-UX, IBM for AIX, SGI UNIX, etc.). Sun released OpenSolaris – notoriously, Oracle closed the source to Solaris again after its release –, which is a System V Release 4 descendant. However, this means nothing for the copyright or licensing status of System V itself. Presumably, the rights with System V still remain with Novell (now Micro Focus): SCO managed to sublicense rights to develop and sell UnixWare/OpenServer, themselves System V/III descendants, to unXis, Inc. (now known as Xinuos, Inc.), which implies that Xinuos is not the copyright holder of System V.
34883 Obviously, to free UNIX, System V and its entire family of descendants would also need to be open sourced. However, I expect tremendous resistance on part of all the companies mentioned. As noted in the “Ancient UNIX” section, Micro Focus alone would probably be sufficient to release System V, though this would mean nothing for the other commercial System V derivatives.</blockquote>
34884
34885 <ul>
34886 <li>Newer Research UNIX</li>
34887 </ul>
34888
34889 <blockquote>The fate of Bell Labs would be a different one; it would go on to be purchased by Lucent, now part of Nokia. After commercial UNIX got separated out to USL, Research UNIX would continue to exist inside of Bell Labs. Research UNIX V8, V9 and V10 were not quite released by Alcatel-Lucent USA Inc. and Nokia in 2017.
34890 However, this is merely a notice that the companies involved will not assert their copyrights only with respect to any non-commercial usage of the code. It is still not possible, over 30 years later, to freely use the V8 code.</blockquote>
34891
34892 <ul>
34893 <li>Conclusion
34894 In the U.S., Ancient UNIX is freely available. People located everywhere else, however, are unable to legally obtain UNIX code for any of the systems mentioned above. The exception being BSD/OS, assuming a purchase of a legitimate copy of the source code CD. This is deeply unsatisfying and I implore all involved companies to consider open sourcing (preferably under a BSD-style license) their code older than a decade, if nothing else, then at least for the sake of historical purposes. I would like to encourage everybody reading this to consider reaching out to Micro Focus and Wind River Systems about System V and BSD/OS, respectively. Perhaps the masses can change their minds.</li>
34895 </ul>
34896
34897 <blockquote>A small note about patents: Some technologies used in newer iterations of the UNIX system (in particular the System V derivatives) may be encumbered with software patents. An open source license will not help against patent infringement claims. However, the patents on anything used in the historical operating systems will certainly have expired by now. In addition, European readers can ignore this entirely – software patents just aren’t a thing.</blockquote>
34898
34899 <p><hr /></p>
34900
34901 <h3><a href="https://labs.ripe.net/Members/claudio_jeker/openbgpd-adding-diversity-to-route-server-landscape">OpenBGPD - Adding Diversity to the Route Server Landscape</a></h3>
34902
34903 <ul>
34904 <li>Introduction</li>
34905 </ul>
34906
34907 <blockquote>As of last year, there was effectively only a single solution in the Route Server vendor market: the BIRD Internet routing daemon. <a href="http://NIC.CZ">NIC.CZ</a> (the organisation developing BIRD) has done fantastic work on maintaining their BGP-4 implementation, however, it’s not healthy to have virtually every Internet Exchange Point (IXP) in the RIPE NCC service region depend on a single open source project. The current situation can be compared to the state of the DNS root nameservers back in 2002 - their dependence on the BIND nameserver daemon and the resulting development of NSD as an alternative by NLnet, in cooperation with the RIPE NCC.
34908 OpenBGPD used to be one of the most popular Route Server implementations until the early 2010s. OpenBGPD’s main problem was that its performance couldn’t keep up with the Internet’s growth, so it lost market share. An analysis by Job Snijders suggested that a modernised OpenBGPD distribution would be a most viable option to regain diversity on the Route Server level.</blockquote>
34909
34910 <ul>
34911 <li>Missing features in OpenBGPD</li>
34912 </ul>
34913
34914 <blockquote>The following main missing features were identified in OpenBGPD:</blockquote>
34915
34916 <ul>
34917 <li>Performance</li>
34918 </ul>
34919
34920 <blockquote>In previous versions of OpenBGPD, the filtering performance didn’t allow proper filtering of all EBGP sessions. Current best practice at IXP Route Servers is to carefully evaluate and validate of all routes learned from EBGP peers. The OpenBGPD ruleset required to do correct filtering (in many deployment scenarios) was simply too lengthy - and negatively impacted service performance during configuration reloads. While filtering performance is the biggest bottleneck, general improvements to the Routing Information Base were also made to improve scalability. IXP Route Servers with a few hundred peering sessions are commonplace and adding new sessions shouldn’t impact the Route Servers’ service to other peers. We found that performance was the most pressing issue that needed to be tackled.</blockquote>
34921
34922 <ul>
34923 <li>Lack of RPKI Origin Validation</li>
34924 </ul>
34925
34926 <blockquote>As we’ve seen, Internet operators are moving to adopt RPKI based BGP Origin Validation. While it was theoretically possible to emulate RFC 6811-style Origin Validation in previous versions of OpenBGPD, the required configuration wasn’t optimised for performance and wasn’t user friendly. We believe that BGP Origin Validation should be as easy as possible - this requires BGP-4 vendors to implement native, optimised routines for Origin Validation. Of course, enabling Origin Validation shouldn’t have an impact on performance either when processing BGP updates or when updating the Route Origin Authorisation (ROA) table itself.</blockquote>
34927
34928 <ul>
34929 <li>Portability</li>
34930 </ul>
34931
34932 <blockquote>OpenBGPD is an integral part of OpenBSD, but IXPs may prefer to run their services infrastructure on an operating system of their choice. Making sure that there’s a portable OpenBGPD version which follows the OpenBSD project release cycle will give IXPs this option.</blockquote>
34933
34934 <ul>
34935 <li>Development steps</li>
34936 </ul>
34937
34938 <blockquote>By addressing the issues mentioned above, we could bring back OpenBGPD as a viable Route Server implementation.
34939 Since I was one of the core OpenBGPD developers, I was asked if I wanted to pick up this project again. Thanks to the funding from the RIPE NCC Project Fund, this was possible. Starting in June 2018, I worked full time on this important community project. Over the last few months, many of the problems are already addressed and are now part of the OpenBSD 6.4 release. So far, 154 commits were made to OpenBGPD during the 6.4 development cycle - around 8% of all commits ever to OpenBGPD! This shows that due to funding and dedicated resources, a lot of work could be pushed into the latest release of OpenBGPD.</blockquote>
34940
34941 <ul>
34942 <li>OpenBGPD 6.4</li>
34943 </ul>
34944
34945 <blockquote>The OpenBGPD version, as part of OpenBSD 6.4 release, demonstrates great progress. Even though there have been many changes to the core of OpenBGPD, the released version is as solid and reliable as previous releases and the many bug fixes and improvements make this the best OpenBGPD release so far. The changes in the filter language allow users to write more efficient rulesets while the introduction of RPKI origination validation fixes an important missing feature. For IXPs, OpenBGPD now is an alternative again. There are still open issues, but the gap is closing!</blockquote>
34946
34947 <ul>
34948 <li>Feature highlights</li>
34949 </ul>
34950
34951 <blockquote>The following changes should be highlighted:</blockquote>
34952
34953 <ul>
34954 <li>Introduction of background soft-reconfiguration on config reload. Running the soft-reconfiguration task in the background allows for new updates and withdraws to be processed at the same time. This improves convergence time - one of the key metrics for Route Servers.</li>
34955 <li>BGP Origin Validation when a roa-set is configured Every EBGP route announcement is validated against the locally configured VRP table entries. Depending on the validation process’s outcome, the validation state is set to valid, invalid or not found. The filter language has been extended to allow checking for the origin validation state, and thanks to this, it is possible to deny invalid prefixes or regard valid prefixes different to the ones that aren’t found. The roa-set table is read from the configuration file and updated during configuration reloads. On production systems reloading the roa-set and applying it to all prefixes is done in a couple of seconds.</li>
34956 <li>Fast prefix-set lookups In OpenBSD 6.3 prefix-sets got introduced in OpenBGPD. A prefix-set combines many prefix lookups into a single filter rule. The original implementation wasn’t optimised but now a fast trie lookup is used. Thanks to this, large IRR DB prefix tables can now be implemented efficiently.</li>
34957 <li>Introduction of as-sets Similar to prefix-sets, as-sets help group many AS numbers into a single lookup. Thanks to this, large IRR DB origin AS tables can be implemented efficiently.
34958 Introduction of origin-sets</li>
34959 <li>Looking at the configurations of Route Servers doing full filtering, it was noticed that a common lookup was binding a prefix to an origin AS - similar to how a roa-set is used for RPKI. These origin-set tables are used to extend the IRR prefix lookup and generated from alternative sources.</li>
34960 <li>Improving third party tools</li>
34961 </ul>
34962
34963 <blockquote>Users can only benefit from the changes introduced in OpenBGPD 6.4 when the surrounding 3rd party tools are adjusted accordingly. Two opensource projects such as bgpq3 and arouteserver are frequently used by network operators and IXPs to generate BGP configurations. Thanks to our contributions to those projects, we were able to get them ready for all the new features in OpenBGPD.</blockquote>
34964
34965 <ul>
34966 <li>bgpq3 was extended to create as-set and prefix-set tables based on IRR DB entries. This is replacing the old way of doing the same with a large amount of filter rules. Thanks to the quick response from the bgpq3 maintainer, it was possible to ship OpenBSD 6.4 with a bgpq3 package that includes all the new features.</li>
34967 <li>arouteserver was adjusted to implement RPKI roa-set, as-set, prefix-set, and origin-set to generate a much better-performing configurations for the 6.4 version. With the v0.20.0 release of arouteserver, IXPs are able to generate an OpenBGPD configuration which is a ton faster but also implements the new functionalities. Looking at YYCIX (the resident IXP in Calgary, Canada) the ruleset generated by arouteserver was reduced from 370,000 rules to well under 6,000 rules. This resulted in the initial convergence time dropping from over 1 hour to less than 2 minutes, and subsequent configuration reloads are hitless and no longer noticeable.</li>
34968 <li>What still needs to be done</li>
34969 </ul>
34970
34971 <blockquote>A sizeable chunk of work still left on the table is the rework of the RIB data structures in OpenBGPD - these haven’t been changed since the initial design of OpenBGPD in 2003. There’s currently ongoing work (in small steps, to avoid jeopardising the stability of OpenBGPD) to modernise these data-structures. The goal is to provide better decoupling of the filter step from storing RIB database changes, to pave the way to multi-threaded operations at a later point.</blockquote>
34972
34973 <ul>
34974 <li>Looking forward</li>
34975 <li>Job Snijders oversaw this year’s fundraising and project management, he adds:</li>
34976 </ul>
34977
34978 <blockquote>It’s been incredibly productive to create an environment where a core developer is allowed to work full time on the OpenBGPD code base. However, it’s important to note there still is room for a number of new features to help improve its operational capabilities (such as BMP, RFC 7313, ADD_PATH, etc). It’d be beneficial to the Internet community at large if we can extend Claudio Jeker’s involvement for another year. Open source software doesn’t grow on trees! Strategic investments are the only way to keep OpenBGPD’s roadmap aligned with Internet growth and operator requirements.</blockquote>
34979
34980 <p><hr /></p>
34981
34982 <h2>Beastie Bits</h2>
34983
34984 <ul>
34985 <li><a href="http://lists.dragonflybsd.org/pipermail/commits/2018-November/718130.html">DragonFly - git: annotated tag v5.5.0 created</a></li>
34986 <li><a href="https://www.youtube.com/watch?v=Qvj7Mkr13d8">Torchlight 2 on NetBSD</a></li>
34987 <li><a href="https://www.usenix.org/system/files/login/articles/login_dec14_03_dawidek.pdf">Older, but still good USENIX Login Article on Capsicum</a></li>
34988 <li><a href="https://github.com/myfreeweb/capsicumizer">The Super Capsicumizer 9000</a></li>
34989 <li><a href="https://www.noc-ps.com/">Dedicated and Virtual Server PXE provisioning tool</a></li>
34990 <li><a href="https://cirrus-ci.org/guide/FreeBSD/">Cirrus CI have announced FreeBSD support</a></li>
34991 <li><a href="https://twitter.com/astr0baby/status/1065353771952336897">NetBSD PineBook Gameplay</a></li>
34992 <li><a href="http://www.bsdcan.org/2019/papers.php">BSDCan 2019 CfP is out</a></li>
34993 <li>Allan’s first ZFS array, Zulu, turned 7 years old on Nov 29th</li>
34994 </ul>
34995
34996 <p><hr /></p>
34997
34998 <h2>Feedback/Questions</h2>
34999
35000 <ul>
35001 <li>Malcom - <a href="http://dpaste.com/35TNNX4">Installing Drivers in Development</a></li>
35002 <li>Samir - <a href="http://dpaste.com/2RCB37Y#wrap">Introduction to ZFS</a></li>
35003 <li>Newnix - <a href="http://dpaste.com/01YJ4EB#wrap">Drive Failures</a></li>
35004 </ul>
35005
35006 <p><hr /></p>
35007
35008 <ul>
35009 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
35010 </ul>
35011
35012 <p><hr /></p>]]>
35013 </content:encoded>
35014 <itunes:summary>
35015 <![CDATA[<p>DragonflyBSD 5.4 has been released, down the Gopher hole with OpenBSD, OpenBSD in stereo with VFIO, BSD/OS the best candidate for legally tested open source Unix, OpenBGPD adds diversity to the routing server landscape, and more.</p>
35016
35017 <h2>Headlines</h2>
35018
35019 <h3><a href="https://www.dragonflybsd.org/release54/">DragonflyBSD 5.4 released</a></h3>
35020
35021 <blockquote>DragonFly version 5.4 brings a new system compiler in GCC 8, improved NUMA support, a large of number network and virtual machine driver updates, and updates to video support. This release is 64-bit only, as with previous releases.
35022 The details of all commits between the 5.2 and 5.4 branches are available in the associated commit messages for 5.4.0rc and 5.4.0.</blockquote>
35023
35024 <ul>
35025 <li>Big-ticket items</li>
35026 <li>Much better support for asymmetric NUMA (Non-Uniform Memory Access) configurations. In particular, both the memory subsystem and the scheduler now understand the Threadripper 2990WX’s architecture. The scheduler will prioritize CPU nodes with direct-attached memory and the memory subsystem will normalize memory queues for CPU nodes without direct-attached memory (which improves cache locality on those CPUs).</li>
35027 <li>Incremental performance work. DragonFly as a whole is very SMP friendly. The type of performance work we are doing now mostly revolves around improving fairness for shared-vs-exclusive lock clashes, reducing cache ping-ponging due to non-contending SMP locks (i.e. massive use of shared locks on shared resources), and so forth.</li>
35028 <li>Major updates to dports brings us to within a week or two of FreeBSD’s ports as of this writing, in particular major updates to chromium, and making the whole mess work with gcc-8.</li>
35029 <li>Major rewriting of the tty clist code and the tty locking code, significantly improving concurrency across multiple ttys and ptys.</li>
35030 <li>GCC 8</li>
35031 <li>DragonFly now ships with GCC 8.0, and runs as the default compiler. It is also now used for building dports.</li>
35032 <li>GCC 4.7.4 and GCC 5.4.1 are still installed. 4.7.4 is our backup compiler, and 5.4.1 is still there to ensure a smooth transition, but should generally not be used. buildworld builds all three by default to ensure maximum compatibility.</li>
35033 <li>Many passes through world sources were made to address various warnings and errors the new GCC brought with it.</li>
35034 <li>HAMMER2</li>
35035 <li>HAMMER2 is recommended as the default root filesystem in non-clustered mode.</li>
35036 <li>Clustered support is not yet available.</li>
35037 <li>Increased bulkfree cache to reduce the number of iterations required.</li>
35038 <li>Fixed numerous bugs.</li>
35039 <li>Improved support on low-memory machines.</li>
35040 <li>Significant pre-work on the XOP API to help support future networked operations.</li>
35041 <li>Details</li>
35042 <li>Checksums
35043 <code>MD5 (dfly-x86_64-5.4.0_REL.img) = 7277d7cffc92837c7d1c5dd11a11b98f</code>
35044 <code>MD5 (dfly-x86_64-5.4.0_REL.iso) = 6da7abf036fe9267479837b3c3078408</code>
35045 <code>MD5 (dfly-x86_64-5.4.0_REL.img.bz2) = a77a072c864f4b72fd56b4250c983ff1</code>
35046 <code>MD5 (dfly-x86_64-5.4.0_REL.iso.bz2) = 4dbfec6ccfc1d59c5049455db914d499</code></li>
35047 <li>Downloads Links</li>
35048 </ul>
35049
35050 <blockquote>DragonFly BSD is 64-bit only, as announced during the 3.8 release.</blockquote>
35051
35052 <ul>
35053 <li>USB: dfly-x86_64-5.4.0_REL.img as bzip2 file</li>
35054 <li>ISO: dfly-x86_64-5.4.0_REL.iso as bzip2 file</li>
35055 <li>Uncompressed ISO: dfly-x86_64-5.4.0_REL.iso (For use with VPS providers as an install image.)</li>
35056 </ul>
35057
35058 <p><hr /></p>
35059
35060 <h3><a href="https://cryogenix.net/gophernicus.html">Down the Gopher hole with OpenBSD, Gophernicus, and TLS</a></h3>
35061
35062 <blockquote>In the early 2000s I thought I had seen the worst of the web - Java applets, Macromedia (>Adobe) Flash, animated GIFs, javascript snow that kept you warm in the winter by burning out your CPU, and so on. For a time we learned from these mistakes, and started putting the burden on the server-side - then with improvements in javascript engines we started abusing it again with JSON/AJAX and it all went down hill from there.</blockquote>
35063
35064 <blockquote>Like cloud computing, blockchains, machine learning and a tonne of other a la mode technologies around today - most users and service providers don’t need websites that consume 1GB of memory processing JS and downloading 50MB of compressed data just to read Alice’s one-page travel blog or Bob’s notes on porting NetBSD to his blood-pressure monitor.</blockquote>
35065
35066 <blockquote>Before the HTTP web we relied on Prestel/Minitel style systems, BBS systems, and arguably the most accessible of all - Gopher! Gopher was similar to the locally accessed AmigaGuide format, in that it allowed users to search and retrieve documents interactively, with links and cross-references. Its efficiency and distraction-free nature make it attractive to those who are tired of the invasive, clickbait, ad-filled, javascript-laden web2/3.x. But enough complaining and evangelism - here’s how to get your own Gopher Hole!</blockquote>
35067
35068 <blockquote>Gophernicus is a modern gopher daemon which aims to be secure (although it still uses inetd -_-); it’s even in OpenBSD ports so at least we can rely on it to be reasonably audited.</blockquote>
35069
35070 <blockquote>If you need a starting point with Gopher, SDF-EU’s wiki has a good article here.</blockquote>
35071
35072 <ul>
35073 <li><a href="https://sdfeu.org/w/tutorials:gopher">https://sdfeu.org/w/tutorials:gopher</a></li>
35074 </ul>
35075
35076 <blockquote>Finally, if you don’t like gopher(1) - there’s always lynx(1) or NCSA Mosaic!</blockquote>
35077
35078 <ul>
35079 <li><a href="https://cryogenix.net/NCSA_Mosaic_OpenBSD.html">https://cryogenix.net/NCSA_Mosaic_OpenBSD.html</a></li>
35080 </ul>
35081
35082 <blockquote>I’ve added TLS support to Gophernicus so you don’t need to use stunnel anymore. The code is ugly and unpolished though so I wouldn’t recommend for production use.</blockquote>
35083
35084 <ul>
35085 <li><a href="https://github.com/0x16h/gophernicus">https://github.com/0x16h/gophernicus</a></li>
35086 <li><a href="https://github.com/0x16h/gophernicus/blob/master/INSTALL.openbsd">https://github.com/0x16h/gophernicus/blob/master/INSTALL.openbsd</a></li>
35087 </ul>
35088
35089 <p><hr /></p>
35090
35091 <h2>News Roundup</h2>
35092
35093 <h3><a href="https://jcs.org/2018/11/12/vfio">OpenBSD in Stereo with Linux VFIO</a></h3>
35094
35095 <blockquote>I use a Huawei Matebook X as my primary OpenBSD laptop and one aspect of its hardware support has always been lacking: audio never played out of the right-side speaker. The speaker did actually work, but only in Windows and only after the Realtek Dolby Atmos audio driver from Huawei was installed. Under OpenBSD and Linux, and even Windows with the default Intel sound driver, audio only ever played out of the left speaker.
35096 Now, after some extensive reverse engineering and debugging with the help of VFIO on Linux, I finally have audio playing out of both speakers on OpenBSD.</blockquote>
35097
35098 <ul>
35099 <li>VFIO</li>
35100 </ul>
35101
35102 <blockquote>The Linux kernel has functionality called VFIO which enables direct access to a physical device (like a PCI card) from userspace, usually passing it to an emulator like QEMU.
35103 To my surprise, these days, it seems to be primarily by gamers who boot Linux, then use QEMU to run a game in Windows and use VFIO to pass the computer’s GPU device through to Windows.
35104 By using Linux and VFIO, I was able to boot Windows 10 inside of QEMU and pass my laptop’s PCI audio device through to Windows, allowing the Realtek audio drivers to natively control the audio device. Combined with QEMU’s tracing functionality, I was able to get a log of all PCI I/O between Windows and the PCI audio device.</blockquote>
35105
35106 <ul>
35107 <li>Using VFIO</li>
35108 </ul>
35109
35110 <blockquote>To use VFIO to pass-through a PCI device, it first needs to be stubbed out so the Linux kernel’s default drivers don’t attach to it. GRUB can be configured to instruct the kernel to ignore the PCI audio device (8086:9d71) and explicitly enable the Intel IOMMU driver by adding the following to /etc/default/grub and running update-grub
35111 With the audio device stubbed out, a new VFIO device can be created from it
35112 Then the VFIO device (00:1f.3) can be passed to QEMU
35113 I was using my own build of QEMU for this, due to some custom logging I needed (more on that later), but the default QEMU package should work fine. The events.txt was a file of all VFIO events I wanted logged (which was all of them).
35114 Since I was frequently killing QEMU and restarting it, Windows 10 wanted to go through its unexpected shutdown routine each time (and would sometimes just fail to boot again). To avoid this and to get a consistent set of logs each time, I used qemu-img to take a snapshot of a base image first, then boot QEMU with that snapshot. The snapshot just gets thrown away the next time qemu-img is run and Windows always starts from a consistent state.
35115 QEMU will now log each VFIO event which gets saved to a debug-output file.
35116 With a full log of all PCI I/O activity from Windows, I compared it to the output from OpenBSD and tried to find the magic register writes that enabled the second speaker. After days of combing through the logs and annotating them by looking up hex values in the documentation, diffing runtime register values, and even brute-forcing it by mechanically duplicating all PCI I/O activity in the OpenBSD driver, nothing would activate the right speaker.
35117 One strange thing that I noticed was if I booted Windows 10 in QEMU and it activated the speaker, then booted OpenBSD in QEMU without resetting the PCI device’s power in-between (as a normal system reboot would do), both speakers worked in OpenBSD and the configuration that the HDA controller presented was different, even without any changes in OpenBSD.</blockquote>
35118
35119 <blockquote>A Primer on Intel HDA
35120 Most modern computers with integrated sound chips use an Intel High Definition Audio (HDA) Controller device, with one or more codecs (like the Realtek ALC269) hanging off of it. These codecs do the actual audio processing and communicate with DACs and ADCs to send digital audio to the connected speakers, or read analog audio from a microphone and convert it to a digital input stream. In my Huawei Matebook X, this is done through a Realtek ALC298 codec.
35121 On OpenBSD, these HDA controllers are supported by the azalia(4) driver, with all of the per-codec details in the lengthy azalia_codec.c file. This file has grown quite large with lots of codec- and machine-specific quirks to route things properly, toggle various GPIO pins, and unmute speakers that are for some reason muted by default.
35122 The azalia driver talks to the HDA controller and sets up various buffers and then walks the list of codecs. Each codec supports a number of widget nodes which can be interconnected in various ways. Some of these nodes can be reconfigured on the fly to do things like turning a microphone port into a headphone port.
35123 The newer Huawei Matebook X Pro released a few months ago is also plagued with this speaker problem, although it has four speakers and only two work by default. A fix is being proposed for the Linux kernel which just reconfigures those widget pins in the Intel HDA driver. Unfortunately no pin reconfiguration is enough to fix my Matebook X with its two speakers.
35124 While reading more documentation on the HDA, I realized there was a lot more activity going on than I was able to see through the PCI tracing.
35125 For speed and efficiency, HDA controllers use a DMA engine to transfer audio streams as well as the commands from the OS driver to the codecs. In the output above, the CORBWP=0; size=256 and RIRBRP=0, size=256 indicate the setup of the CORB (Command Output Ring Buffer) and RIRB (Response Input Ring Buffer) each with 256 entries. The HDA driver allocates a DMA address and then writes it to the two CORBLBASE and CORBUBASE registers, and again for the RIRB.
35126 When the driver wants to send a command to a codec, such as CORB_GET_PARAMETER with a parameter of COP_VOLUME_KNOB_CAPABILITIES, it encodes the codec address, the node index, the command verb, and the parameter, and then writes that value to the CORB ring at the address it set up with the controller at initialization time (CORBLBASE/CORBUBASE) plus the offset of the ring index. Once the command is on the ring, it does a PCI write to the CORBWP register, advancing it by one. This lets the controller know a new command is queued, which it then acts on and writes the response value on the RIRB ring at the same position as the command (but at the RIRB’s DMA address). It then generates an interrupt, telling the driver to read the new RIRBWP value and process the new results.
35127 Since the actual command contents and responses are handled through DMA writes and reads, these important values weren’t showing up in the VFIO PCI trace output that I had gathered. Time to hack QEMU.</blockquote>
35128
35129 <ul>
35130 <li>Logging DMA Memory Values in QEMU</li>
35131 </ul>
35132
35133 <blockquote>Since DMA activity wouldn’t show up through QEMU’s VFIO tracing and I obviously couldn’t get Windows to dump these values like I could in OpenBSD, I could make QEMU recognize the PCI write to the CORBWP register as an indication that a command has just been written to the CORB ring.
35134 My custom hack in QEMU adds some HDA awareness to remember the CORB and RIRB DMA addresses as they get programmed in the controller. Then any time a PCI write to the CORBWP register is done, QEMU fetches the new CORB command from DMA memory, decodes it into the codec address, node address, command, and parameter, and prints it out. When a PCI read of the RIRBWP register is requested, QEMU reads the response and prints the corresponding CORB command that it stored earlier.
35135 With this hack in place, I now had a full log of all CORB commands and RIRB responses sent to and read from the codec:
35136 An early version of this patch left me stumped for a few days because, even after submitting all of the same CORB commands in OpenBSD, the second speaker still didn’t work. It wasn’t until re-reading the HDA spec that I realized the Windows driver was submitting more than one command at a time, writing multiple CORB entries and writing a CORBWP value that was advanced by two. This required turning my CORB/RIRB reading into a for loop, reading each new command and response between the new CORBWP/RIRBWP value and the one previously seen.
35137 Sure enough, the magic commands to enable the second speaker were sent in these periods where it submitted more than one command at a time.</blockquote>
35138
35139 <ul>
35140 <li>Minimizing the Magic</li>
35141 </ul>
35142
35143 <blockquote>The full log of VFIO PCI activity from the Windows driver was over 65,000 lines and contained 3,150 CORB commands, which is a lot to sort through. It took me a couple more days to reduce that down to a small subset that was actually required to activate the second speaker, and that could only be done through trial and error:</blockquote>
35144
35145 <ul>
35146 <li>Boot OpenBSD with the full list of CORB commands in the azalia driver</li>
35147 <li>Comment out a group of them</li>
35148 <li>Compile kernel and install it, halt the QEMU guest</li>
35149 <li>Suspend and wake the laptop, resetting PCI power to the audio device to reset the speaker/Dolby initialization and ensure the previous run isn’t influencing the current test (I’m guessing there is an easier to way to reset PCI power than suspending the laptop, but oh well)</li>
35150 <li>Start QEMU, boot OpenBSD with the new kernel</li>
35151 <li>Play an MP3 with mpg123 which has alternating left- and right-channel audio and listen for both channels to play</li>
35152 </ul>
35153
35154 <blockquote>This required a dozen or so iterations because sometimes I’d comment out too many commands and the right speaker would stop working. Other times the combination of commands would hang the controller and it wouldn’t process any further commands. At one point the combination of commands actually flipped the channels around so the right channel audio was playing through the left speaker.</blockquote>
35155
35156 <ul>
35157 <li>The Result</li>
35158 </ul>
35159
35160 <blockquote>After about a week of this routine, I ended up with a list of 662 CORB commands that are needed to get the second speaker working. Based on the number of repeated-but-slightly-different values written with the 0x500 and 0x400 commands, I’m guessing this is some kind of training data and that this is doing the full Dolby/Atmos system initialization, not just turning on the second speaker, but I could be completely wrong.
35161 In any case, the stereo sound from OpenBSD is wonderful now and I can finally stop downmixing everything to mono to play from the left speaker. In case you ever need to do this, sndiod can be run with -c 0:0 to reduce the channels to one.
35162 Due to the massive size of the code needed for this quirk, I’m not sure if I’ll be committing it upstream in OpenBSD or just saving it for my own tree. But at least now the hardware support chart for my Matebook is all yeses for the things I care about.
35163 I’ve also updated the Linux bug report that I opened before venturing down this path, hoping one of the maintainers of that HDA code that works at Intel or Realtek knew of a solution I could just port to OpenBSD. I’m curious to see what they’ll do with it.</blockquote>
35164
35165 <p><hr /></p>
35166
35167 <h3><a href="https://virtuallyfun.com/wordpress/2018/11/26/why-bsd-os-is-the-best-candidate-for-being-the-only-tested-legally-open-unix/">Why BSD/OS is the best candidate for being the only tested legally open UNIX</a></h3>
35168
35169 <ul>
35170 <li>Introduction</li>
35171 </ul>
35172
35173 <blockquote>The UNIX® system is an old operating system, possibly older than many of the readers of this post. However, despite its age, it still has not been open sourced completely. In this post, I will try to detail which parts of which UNIX systems have not yet been open sourced. I will focus on the legal situation in Germany in particular, taking it representative of European law in general – albeit that is a stretch, knowing the diversity of European jurisdictions. Please note that familiarity with basic terms of copyright law is assumed.</blockquote>
35174
35175 <ul>
35176 <li>Ancient UNIX</li>
35177 </ul>
35178
35179 <blockquote>The term “Ancient UNIX” refers to the versions of UNIX up to and including Seventh Edition UNIX (1979) including the 32V port to the VAX. Ancient UNIX was created at Bell Laboratories, a subsidiary of AT&T at the time. It was later transferred of the AT&T UNIX Support Group, then AT&T Information Systems and finally the AT&T subsidiary UNIX System Laboratories, Inc. (USL). The legal situation differs between the United States of America and Germany.
35180 In a ruling as part of the UNIX System Laboratories, Inc. v. Berkeley Software Design, Inc. (USL v. BSDi) case, a U.S. court found that USL had no copyright to the Seventh Edition UNIX system and 32V – arguably, by extension, all earlier versions of Ancient UNIX as well – because USL/AT&T had failed to affix copyright notices and could not demonstrate a trade secret. Due to the obsessive tendency of U.S. courts to consider themselves bound to precedents (cf. the infamous Pierson v. Post case), it can be reasonably expected that this ruling would be honored and applied in subsequent cases. Thus under U.S. law, Ancient UNIX can be safely assumed to belong in the public domain.
35181 The situation differs in Germany. Unlike the U.S., copyright never needed registration in order to exist. Computer programs are works in the sense of the German 1965 Act on Copyright and Related Rights (Copyright Act, henceforth CopyA) as per CopyA § 2(1) no. 1. Even prior to the amendment of CopyA § 2(1) to include computer programs, computer programs have been recognized as copyrightable works by the German Supreme Court (BGHZ 112, 264 Betriebssystem, no. 19); CopyA § 137d(1) rightly clarifies that. The copyright holder at 1979 would still have been USL via Bell Labs and AT&T. Copyright of computer programs is transferred to the employer upon creation under CopyA § 69(1).
35182 Note that this does not affect expiry (Daniel Kaboth/Benjamin Spies, commentary on CopyA §§ 69a‒69g, in: Hartwig Ahlberg/Horst-Peter Götting (eds.), Urheberrecht: UrhG, KUG, VerlG, VGG, Kommentar, 4th ed., C. H. Beck, 2018, no. 16 ad CopyA § 69b; cf. Bundestag-Drucksache [BT-Drs.] 12/4022, p. 10). Expiry occurs 70 years after the death of the (co-)author that died most recently as per CopyA § 65(1) and 64; this has been the case since at least the 1960s, meaning there is no way for copyright to have expired already (old version, as per Bundesgesetzblatt Part I No. 51 of September 16, 1965, pp. 1273‒1294).
35183 In Germany, private international law applies the so-called “Territorialitätsprinzip” for intellectual property rights. This means that the effect of an intellectual property right is limited to the territory of a state (Anne Lauber-Rönsberg, KollisionsR, in: Hartwig Ahlberg/Horst-Peter Götting (eds.), ibid., pp. 2241 et seqq., no. 4). Additionally, the “Schutzlandprinzip” applies; this means that protection of intellectual property follows the lex loci protectionis, i.e. the law of the country for which protection is sought (BGH GRUR 2015, 264 HiHotel II, no. 25; BGH GRUR 2003, 328 Sender Felsberg, no. 24), albeit this is criticized in parts of doctrine (Lauber-Rönsberg, ibid., no. 10). The “Schutzlandprinzip” requires that the existence of an intellectual property right be verified as well (BGH ZUM 2016, 522 Wagenfeld-Leuchte II, no. 19).
35184 Thus, in Germany, copyright on Ancient UNIX is still alive and well. Who has it, though? A ruling by the U.S. Court of Appeals, Tenth Circuit, in the case of The SCO Group, Inc. v. Novell, Inc. (SCO v. Novell) in the U.S. made clear that Novell owns the rights to System V – thus presumably UNIX System III as well – and Ancient UNIX, though SCO acquired enough rights to develop UnixWare/OpenServer (Ruling 10-4122 [D.C. No. 2:04-CV-00139-TS], pp. 19 et seq.). Novell itself was purchased by the Attachmate Group, which was in turn acquired by the COBOL vendor Micro Focus. Therefore, the rights to SVRX and – outside the U.S. – are with Micro Focus right now. If all you care about is the U.S., you can stop reading about Ancient UNIX here.
35185 So how does the Caldera license factor into all of this? For some context, the license was issued January 23, 2002 and covers Ancient UNIX (V1 through V7 including 32V), specifically excluding System III and System V. Caldera, Inc. was founded in 1994. The Santa Cruz Operation, Inc. sold its rights to UNIX to Caldera in 2001, renamed itself to Tarantella Inc. and Caldera renamed itself The SCO Group. Nemo plus iuris ad alium transferre potest quam ipse habet; no one can transfer more rights than he has. The question now becomes whether Caldera had the rights to issue the Caldera license.
35186 I’ve noted it above but it needs restating: Foreign decisions are not necessarily accepted in Germany due to the “Territorialitätsprinzip” and “Schutzlandprinzip” – however, I will be citing a U.S. ruling for its assessment of the facts for the sake of simplicity. As per ruling 10-4122, “The district court found the parties intended for SCO to serve as Novell’s agent with respect to the old SVRX licenses and the only portion of the UNIX business transferred outright under the APA [asset purchase agreement] was the ability to exploit and further develop the newer UnixWare system. SCO was able to protect that business because it was able to copyright its own improvements to the system. The only reason to protect the earlier UNIX code would be to protect the existing SVRX licenses, and the court concluded Novell retained ultimate control over that portion of the business under the APA.” The relevant agreements consist of multiple pieces:
35187 the base Asset Purchase Agreement “APA” (Part I)
35188 the base Asset Purchase Agreement “APA” (Part II)
35189 the Operating Agremeent and Amendment 1 to the APA
35190 the Amendment 2 to the APA
35191 The APA dates September 19, 1995, from before the Caldera license. Caldera cannot possibly have acquired rights that The Santa Cruz Operation, Inc. itself never had. Furthermore, I’ve failed to find any mention of Ancient UNIX; all that is transferred is rights to SVRX. Overall, I believe that the U.S. courts’ assesment of the facts represents the situation accurately. Thus for all intents and purposes, UNIX up to and including System V remained with Novell/Attachmate/Micro Focus. Caldera therefore never had any rights to Ancient UNIX, which means it never had the rights to issue the Caldera license. The Caldera license is null and void – in the U.S. because the copyright has been lost due to formalities, everywhere else because Caldera never had the rights to issue it.
35192 The first step to truly freeing UNIX would this be to get Micro Focus to re-issue the Caldera license for Ancient UNIX, ideally it would now also include System III and System V.</blockquote>
35193
35194 <ul>
35195 <li>BSD/OS</li>
35196 </ul>
35197
35198 <blockquote>Another operating system near UNIX is of interest. The USL v. BSDi lawsuit includes two parties: USL, which we have seen above, and Berkeley Software Design, Inc. BSDi sold BSD/386 (later BSD/OS), which was a derivative of 4.4BSD. The software parts of the BSDi company were acquired by Wind River Systems, whereas the hardware parts went to iXsystems. Copyright is not disputed there, though Wind River Systems ceased selling BSD/OS products 15 years ago, in 2003. In addition, Wind River System let their trademark on BSD expire, though this is without consequence for copyright.
35199 BSD/OS is notable in the sense that it powered much of early internet infrastructure. Traces of its legacy can still be found on Richard Stevens’ FAQ.
35200 To truly make UNIX history free, BSD/OS would arguably also need to see a source code release. BSD/OS at least in its earliest releases under BSDi would ship with source code, though under a non-free license, far from BSD or even GPL licensing.</blockquote>
35201
35202 <ul>
35203 <li>System V</li>
35204 </ul>
35205
35206 <blockquote>The fate of System V as a whole is difficult to determine. Various licenses have been granted to a number of vendors (Dell UNIX comes to mind; HP for HP-UX, IBM for AIX, SGI UNIX, etc.). Sun released OpenSolaris – notoriously, Oracle closed the source to Solaris again after its release –, which is a System V Release 4 descendant. However, this means nothing for the copyright or licensing status of System V itself. Presumably, the rights with System V still remain with Novell (now Micro Focus): SCO managed to sublicense rights to develop and sell UnixWare/OpenServer, themselves System V/III descendants, to unXis, Inc. (now known as Xinuos, Inc.), which implies that Xinuos is not the copyright holder of System V.
35207 Obviously, to free UNIX, System V and its entire family of descendants would also need to be open sourced. However, I expect tremendous resistance on part of all the companies mentioned. As noted in the “Ancient UNIX” section, Micro Focus alone would probably be sufficient to release System V, though this would mean nothing for the other commercial System V derivatives.</blockquote>
35208
35209 <ul>
35210 <li>Newer Research UNIX</li>
35211 </ul>
35212
35213 <blockquote>The fate of Bell Labs would be a different one; it would go on to be purchased by Lucent, now part of Nokia. After commercial UNIX got separated out to USL, Research UNIX would continue to exist inside of Bell Labs. Research UNIX V8, V9 and V10 were not quite released by Alcatel-Lucent USA Inc. and Nokia in 2017.
35214 However, this is merely a notice that the companies involved will not assert their copyrights only with respect to any non-commercial usage of the code. It is still not possible, over 30 years later, to freely use the V8 code.</blockquote>
35215
35216 <ul>
35217 <li>Conclusion
35218 In the U.S., Ancient UNIX is freely available. People located everywhere else, however, are unable to legally obtain UNIX code for any of the systems mentioned above. The exception being BSD/OS, assuming a purchase of a legitimate copy of the source code CD. This is deeply unsatisfying and I implore all involved companies to consider open sourcing (preferably under a BSD-style license) their code older than a decade, if nothing else, then at least for the sake of historical purposes. I would like to encourage everybody reading this to consider reaching out to Micro Focus and Wind River Systems about System V and BSD/OS, respectively. Perhaps the masses can change their minds.</li>
35219 </ul>
35220
35221 <blockquote>A small note about patents: Some technologies used in newer iterations of the UNIX system (in particular the System V derivatives) may be encumbered with software patents. An open source license will not help against patent infringement claims. However, the patents on anything used in the historical operating systems will certainly have expired by now. In addition, European readers can ignore this entirely – software patents just aren’t a thing.</blockquote>
35222
35223 <p><hr /></p>
35224
35225 <h3><a href="https://labs.ripe.net/Members/claudio_jeker/openbgpd-adding-diversity-to-route-server-landscape">OpenBGPD - Adding Diversity to the Route Server Landscape</a></h3>
35226
35227 <ul>
35228 <li>Introduction</li>
35229 </ul>
35230
35231 <blockquote>As of last year, there was effectively only a single solution in the Route Server vendor market: the BIRD Internet routing daemon. <a href="http://NIC.CZ">NIC.CZ</a> (the organisation developing BIRD) has done fantastic work on maintaining their BGP-4 implementation, however, it’s not healthy to have virtually every Internet Exchange Point (IXP) in the RIPE NCC service region depend on a single open source project. The current situation can be compared to the state of the DNS root nameservers back in 2002 - their dependence on the BIND nameserver daemon and the resulting development of NSD as an alternative by NLnet, in cooperation with the RIPE NCC.
35232 OpenBGPD used to be one of the most popular Route Server implementations until the early 2010s. OpenBGPD’s main problem was that its performance couldn’t keep up with the Internet’s growth, so it lost market share. An analysis by Job Snijders suggested that a modernised OpenBGPD distribution would be a most viable option to regain diversity on the Route Server level.</blockquote>
35233
35234 <ul>
35235 <li>Missing features in OpenBGPD</li>
35236 </ul>
35237
35238 <blockquote>The following main missing features were identified in OpenBGPD:</blockquote>
35239
35240 <ul>
35241 <li>Performance</li>
35242 </ul>
35243
35244 <blockquote>In previous versions of OpenBGPD, the filtering performance didn’t allow proper filtering of all EBGP sessions. Current best practice at IXP Route Servers is to carefully evaluate and validate of all routes learned from EBGP peers. The OpenBGPD ruleset required to do correct filtering (in many deployment scenarios) was simply too lengthy - and negatively impacted service performance during configuration reloads. While filtering performance is the biggest bottleneck, general improvements to the Routing Information Base were also made to improve scalability. IXP Route Servers with a few hundred peering sessions are commonplace and adding new sessions shouldn’t impact the Route Servers’ service to other peers. We found that performance was the most pressing issue that needed to be tackled.</blockquote>
35245
35246 <ul>
35247 <li>Lack of RPKI Origin Validation</li>
35248 </ul>
35249
35250 <blockquote>As we’ve seen, Internet operators are moving to adopt RPKI based BGP Origin Validation. While it was theoretically possible to emulate RFC 6811-style Origin Validation in previous versions of OpenBGPD, the required configuration wasn’t optimised for performance and wasn’t user friendly. We believe that BGP Origin Validation should be as easy as possible - this requires BGP-4 vendors to implement native, optimised routines for Origin Validation. Of course, enabling Origin Validation shouldn’t have an impact on performance either when processing BGP updates or when updating the Route Origin Authorisation (ROA) table itself.</blockquote>
35251
35252 <ul>
35253 <li>Portability</li>
35254 </ul>
35255
35256 <blockquote>OpenBGPD is an integral part of OpenBSD, but IXPs may prefer to run their services infrastructure on an operating system of their choice. Making sure that there’s a portable OpenBGPD version which follows the OpenBSD project release cycle will give IXPs this option.</blockquote>
35257
35258 <ul>
35259 <li>Development steps</li>
35260 </ul>
35261
35262 <blockquote>By addressing the issues mentioned above, we could bring back OpenBGPD as a viable Route Server implementation.
35263 Since I was one of the core OpenBGPD developers, I was asked if I wanted to pick up this project again. Thanks to the funding from the RIPE NCC Project Fund, this was possible. Starting in June 2018, I worked full time on this important community project. Over the last few months, many of the problems are already addressed and are now part of the OpenBSD 6.4 release. So far, 154 commits were made to OpenBGPD during the 6.4 development cycle - around 8% of all commits ever to OpenBGPD! This shows that due to funding and dedicated resources, a lot of work could be pushed into the latest release of OpenBGPD.</blockquote>
35264
35265 <ul>
35266 <li>OpenBGPD 6.4</li>
35267 </ul>
35268
35269 <blockquote>The OpenBGPD version, as part of OpenBSD 6.4 release, demonstrates great progress. Even though there have been many changes to the core of OpenBGPD, the released version is as solid and reliable as previous releases and the many bug fixes and improvements make this the best OpenBGPD release so far. The changes in the filter language allow users to write more efficient rulesets while the introduction of RPKI origination validation fixes an important missing feature. For IXPs, OpenBGPD now is an alternative again. There are still open issues, but the gap is closing!</blockquote>
35270
35271 <ul>
35272 <li>Feature highlights</li>
35273 </ul>
35274
35275 <blockquote>The following changes should be highlighted:</blockquote>
35276
35277 <ul>
35278 <li>Introduction of background soft-reconfiguration on config reload. Running the soft-reconfiguration task in the background allows for new updates and withdraws to be processed at the same time. This improves convergence time - one of the key metrics for Route Servers.</li>
35279 <li>BGP Origin Validation when a roa-set is configured Every EBGP route announcement is validated against the locally configured VRP table entries. Depending on the validation process’s outcome, the validation state is set to valid, invalid or not found. The filter language has been extended to allow checking for the origin validation state, and thanks to this, it is possible to deny invalid prefixes or regard valid prefixes different to the ones that aren’t found. The roa-set table is read from the configuration file and updated during configuration reloads. On production systems reloading the roa-set and applying it to all prefixes is done in a couple of seconds.</li>
35280 <li>Fast prefix-set lookups In OpenBSD 6.3 prefix-sets got introduced in OpenBGPD. A prefix-set combines many prefix lookups into a single filter rule. The original implementation wasn’t optimised but now a fast trie lookup is used. Thanks to this, large IRR DB prefix tables can now be implemented efficiently.</li>
35281 <li>Introduction of as-sets Similar to prefix-sets, as-sets help group many AS numbers into a single lookup. Thanks to this, large IRR DB origin AS tables can be implemented efficiently.
35282 Introduction of origin-sets</li>
35283 <li>Looking at the configurations of Route Servers doing full filtering, it was noticed that a common lookup was binding a prefix to an origin AS - similar to how a roa-set is used for RPKI. These origin-set tables are used to extend the IRR prefix lookup and generated from alternative sources.</li>
35284 <li>Improving third party tools</li>
35285 </ul>
35286
35287 <blockquote>Users can only benefit from the changes introduced in OpenBGPD 6.4 when the surrounding 3rd party tools are adjusted accordingly. Two opensource projects such as bgpq3 and arouteserver are frequently used by network operators and IXPs to generate BGP configurations. Thanks to our contributions to those projects, we were able to get them ready for all the new features in OpenBGPD.</blockquote>
35288
35289 <ul>
35290 <li>bgpq3 was extended to create as-set and prefix-set tables based on IRR DB entries. This is replacing the old way of doing the same with a large amount of filter rules. Thanks to the quick response from the bgpq3 maintainer, it was possible to ship OpenBSD 6.4 with a bgpq3 package that includes all the new features.</li>
35291 <li>arouteserver was adjusted to implement RPKI roa-set, as-set, prefix-set, and origin-set to generate a much better-performing configurations for the 6.4 version. With the v0.20.0 release of arouteserver, IXPs are able to generate an OpenBGPD configuration which is a ton faster but also implements the new functionalities. Looking at YYCIX (the resident IXP in Calgary, Canada) the ruleset generated by arouteserver was reduced from 370,000 rules to well under 6,000 rules. This resulted in the initial convergence time dropping from over 1 hour to less than 2 minutes, and subsequent configuration reloads are hitless and no longer noticeable.</li>
35292 <li>What still needs to be done</li>
35293 </ul>
35294
35295 <blockquote>A sizeable chunk of work still left on the table is the rework of the RIB data structures in OpenBGPD - these haven’t been changed since the initial design of OpenBGPD in 2003. There’s currently ongoing work (in small steps, to avoid jeopardising the stability of OpenBGPD) to modernise these data-structures. The goal is to provide better decoupling of the filter step from storing RIB database changes, to pave the way to multi-threaded operations at a later point.</blockquote>
35296
35297 <ul>
35298 <li>Looking forward</li>
35299 <li>Job Snijders oversaw this year’s fundraising and project management, he adds:</li>
35300 </ul>
35301
35302 <blockquote>It’s been incredibly productive to create an environment where a core developer is allowed to work full time on the OpenBGPD code base. However, it’s important to note there still is room for a number of new features to help improve its operational capabilities (such as BMP, RFC 7313, ADD_PATH, etc). It’d be beneficial to the Internet community at large if we can extend Claudio Jeker’s involvement for another year. Open source software doesn’t grow on trees! Strategic investments are the only way to keep OpenBGPD’s roadmap aligned with Internet growth and operator requirements.</blockquote>
35303
35304 <p><hr /></p>
35305
35306 <h2>Beastie Bits</h2>
35307
35308 <ul>
35309 <li><a href="http://lists.dragonflybsd.org/pipermail/commits/2018-November/718130.html">DragonFly - git: annotated tag v5.5.0 created</a></li>
35310 <li><a href="https://www.youtube.com/watch?v=Qvj7Mkr13d8">Torchlight 2 on NetBSD</a></li>
35311 <li><a href="https://www.usenix.org/system/files/login/articles/login_dec14_03_dawidek.pdf">Older, but still good USENIX Login Article on Capsicum</a></li>
35312 <li><a href="https://github.com/myfreeweb/capsicumizer">The Super Capsicumizer 9000</a></li>
35313 <li><a href="https://www.noc-ps.com/">Dedicated and Virtual Server PXE provisioning tool</a></li>
35314 <li><a href="https://cirrus-ci.org/guide/FreeBSD/">Cirrus CI have announced FreeBSD support</a></li>
35315 <li><a href="https://twitter.com/astr0baby/status/1065353771952336897">NetBSD PineBook Gameplay</a></li>
35316 <li><a href="http://www.bsdcan.org/2019/papers.php">BSDCan 2019 CfP is out</a></li>
35317 <li>Allan’s first ZFS array, Zulu, turned 7 years old on Nov 29th</li>
35318 </ul>
35319
35320 <p><hr /></p>
35321
35322 <h2>Feedback/Questions</h2>
35323
35324 <ul>
35325 <li>Malcom - <a href="http://dpaste.com/35TNNX4">Installing Drivers in Development</a></li>
35326 <li>Samir - <a href="http://dpaste.com/2RCB37Y#wrap">Introduction to ZFS</a></li>
35327 <li>Newnix - <a href="http://dpaste.com/01YJ4EB#wrap">Drive Failures</a></li>
35328 </ul>
35329
35330 <p><hr /></p>
35331
35332 <ul>
35333 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
35334 </ul>
35335
35336 <p><hr /></p>]]>
35337 </itunes:summary>
35338 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+hdeyaiAl</fireside:playerURL>
35339 <fireside:playerEmbedCode>
35340 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+hdeyaiAl" width="740" height="200" frameborder="0" scrolling="no">]]>
35341 </fireside:playerEmbedCode>
35342 </item>
35343 <item>
35344 <title>Episode 274: Language: Assembly | BSD Now 274</title>
35345 <link>https://www.bsdnow.tv/274</link>
35346 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-2962</guid>
35347 <pubDate>Wed, 28 Nov 2018 23:00:00 -0800</pubDate>
35348 <author>Allan Jude</author>
35349 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/64460b53-258b-484d-be91-f4b60eac299f.mp3" length="38828711" type="audio/mp3"/>
35350 <itunes:episodeType>full</itunes:episodeType>
35351 <itunes:author>Allan Jude</itunes:author>
35352 <itunes:subtitle>Assembly language on OpenBSD, using bhyve for FreeBSD development, FreeBSD Gaming, FreeBSD for Thanksgiving, no space left on Dragonfly’s hammer2, and more.</itunes:subtitle>
35353 <itunes:duration>1:04:24</itunes:duration>
35354 <itunes:explicit>no</itunes:explicit>
35355 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
35356 <description>Assembly language on OpenBSD, using bhyve for FreeBSD development, FreeBSD Gaming, FreeBSD for Thanksgiving, no space left on Dragonfly’s hammer2, and more.
35357 <p>##Headlines<br>
35358 <a href="https://cryogenix.net/OpenBSD_assembly.html">Assembly language on OpenBSD amd64+arm64</a></p>
35359 <blockquote>
35360 <p>This is a short introduction to assembly language programming on OpenBSD/amd64+arm64. Because of security features in the kernel, I have had to rethink a series of tutorials covering Aarch64 assembly language on OpenBSD, and therefore this will serve as a placeholder-cum-reminder.</p>
35361 </blockquote>
35362 <blockquote>
35363 <p>OpenBSD, like many UNIX and unix-like operating systems, now uses the Executable and Linkable Format (ELF) for its binary libraries and executables. Although the structure of this format is beyond the scope of this short introduction, it is necessary for me to explain part of one of the headers.</p>
35364 </blockquote>
35365 <blockquote>
35366 <p>Within the program header there are sections known as PT_NOTE that OpenBSD and other systems use to distinguish their ELF executables - OpenBSD looks for this section to check if it should attempt to execute the program or not.</p>
35367 </blockquote>
35368 <ul>
35369 <li>Our first program: in C!</li>
35370 </ul>
35371 <blockquote>
35372 <p>It’s often a good idea to prototype your assembly programs in a high level language such as C - it can then double up as both a set of notes and a working program that you can debug and compile into assembly language to compare with your own asm code.</p>
35373 </blockquote>
35374 <ul>
35375 <li>See the article for the rest on:</li>
35376 <li>Our first program: in x86-64 Asm (AT&amp;T/GAS syntax)</li>
35377 <li>Our first program: in inline x86-64 assembly</li>
35378 <li>Our first program: in x86-64 asm (NASM syntax)</li>
35379 <li>Our first program: in ARMv8 AArch64 assembly</li>
35380 </ul>
35381 <hr>
35382 <p>###<a href="https://bsdjhb.blogspot.com/2018/10/using-bhyve-for-freebsd-development.html">Using bhyve for FreeBSD Development</a></p>
35383 <ul>
35384 <li>The Hypervisor</li>
35385 </ul>
35386 <blockquote>
35387 <p>The bhyve hypervisor requires a 64-bit x86 processor with hardware support for virtualization. This requirement allows for a simple, clean hypervisor implementation, but it does require a fairly recent<br>
35388 processor. The current hypervisor requires an Intel processor, but there is an active development branch with support for AMD processors.<br>
35389 The hypervisor itself contains both user and kernel components. The kernel driver is contained in the vmm.ko module and can be loaded either at boot from the boot loader or at runtime. It must<br>
35390 be loaded before any guests can be created. When a guest is created, the kernel driver creates a device file in /dev/vmm which is used by the user programs to interact with the guest.<br>
35391 The primary user component is the bhyve(8) program. It constructs the emulated device tree in the guest and provides the implementation for most of the emulated devices. It also calls the kernel driver to execute the guest. Note that the guest always executes inside the driver itself, so guest execution time in the host is counted as system time in the bhyve process.<br>
35392 Currently, bhyve does not provide a system firmware interface to the guest (neither BIOS nor UEFI). Instead, a user program running on the host is used to perform boot time operations including loading the guest operating system kernel into the guest’s memory and setting the initial guest state so that the guest begins execution at the kernel’s entry point. For FreeBSD guests, the bhyveload(8) program can be used to load the kernel and prepare the guest for execution. Support for some other operating systems is available via the grub2-bhyve program which is available via the sysutils/grub2-bhyve port or as a prebuilt package.<br>
35393 The bhyveload(8) program in FreeBSD 10.0 only supports 64-bit guests. Support for 32-bit guests will be included in FreeBSD 10.1.</p>
35394 </blockquote>
35395 <ul>
35396 <li>
35397 <p>See the article for the very technical breakdown of the following:</p>
35398 </li>
35399 <li>
35400 <p>Network Setup</p>
35401 </li>
35402 <li>
35403 <p>Bridged Configuration</p>
35404 </li>
35405 <li>
35406 <p>Private Network with NAT</p>
35407 </li>
35408 <li>
35409 <p>Using dnsmasq with a Private Network</p>
35410 </li>
35411 <li>
35412 <p>Running Guests via <a href="http://vmrun.sh">vmrun.sh</a></p>
35413 </li>
35414 <li>
35415 <p>Configuring Guests</p>
35416 </li>
35417 <li>
35418 <p>Using a bhyve Guest as a Target</p>
35419 </li>
35420 <li>
35421 <p>Conclusion</p>
35422 </li>
35423 </ul>
35424 <blockquote>
35425 <p>The bhyve hypervisor is a nice addition to a FreeBSD developer’s toolbox. Guests can be used both to develop new features and to test merges to stable branches. The hypervisor has a wide variety of uses beyond developing FreeBSD as well.</p>
35426 </blockquote>
35427 <hr>
35428 <p>##News Roundup<br>
35429 <a href="https://oshogbo.vexillium.org/blog/58/">Games on FreeBSD</a></p>
35430 <blockquote>
35431 <p>What do all programmers like to do after work? Ok, what do most programers like to do after work? The answer is simple: play a good game! Recently at the Polish BSD User Group meetup mulander was telling us how you can play games on OpenBSD. Today let’s discuss how this looks in the FreeBSD world using the “server only” operating system.</p>
35432 </blockquote>
35433 <ul>
35434 <li>XNA based games</li>
35435 </ul>
35436 <blockquote>
35437 <p>One of the ways of playing natively is to play indie games which use XNA. XNA is a framework from Microsoft which uses .NET, for creating games. Fortunately, in the BSD world we have Mono, an open source implementation of Microsoft’s .NET Framework which you can use to run games. There is also FNA framework which is a reimplementation of XNA which allows you to run the games under Linux. Thomas Frohwein, from OpenBSD, prepared a script, fnaify. Fnaify translate all dependencies used by an FNA game to OpenBSD dependencies.<br>
35438 I decided to port the script to FreeBSD. The script is using /bin/sh which in the case of OpenBSD is a Korn Shell.</p>
35439 </blockquote>
35440 <blockquote>
35441 <p>I didn’t test it with many games, but I don’t see any reason why it shouldn’t work with all the games tested by the OpenBSD guys. For example, with:</p>
35442 </blockquote>
35443 <ul>
35444 <li>
35445 <p>Cryptark</p>
35446 </li>
35447 <li>
35448 <p>Rouge Legacy</p>
35449 </li>
35450 <li>
35451 <p>Apotheon</p>
35452 </li>
35453 <li>
35454 <p>Escape Goat</p>
35455 </li>
35456 <li>
35457 <p>Bastion</p>
35458 </li>
35459 <li>
35460 <p>CrossCode</p>
35461 </li>
35462 <li>
35463 <p>Atom Zombie Smasher</p>
35464 </li>
35465 <li>
35466 <p>Open-Source games</p>
35467 </li>
35468 </ul>
35469 <blockquote>
35470 <p>In FreeBSD and OpenBSD we also will find popular games which were open sourced. For example, I spend a lot of time playing in Quake 3 Arena on my FreeBSD machine. You can very simply install it using pkg: <code># pkg install ioquake3</code></p>
35471 </blockquote>
35472 <blockquote>
35473 <p>Then move the files for the skins and maps to the .ioquake3 directory from your copy of Quake. In the past I also played UrbanTerror which is a fully open source shooter based on the Quake 3 Arena engine. It’s is also very easy to install it from ports: <code># pkg install iourbanterror</code></p>
35474 </blockquote>
35475 <blockquote>
35476 <p>In the ports tree in the games directory you can find over 1000 directories, many of them with fully implemented games. I didn’t test many games in this category, but you can find some interesting titles like:</p>
35477 </blockquote>
35478 <ul>
35479 <li>openxcom (Open-source re-implementation of the original X-Com)</li>
35480 <li>openjazz (Free re-implementation of the Jazz Jackrabbit™ game engine)</li>
35481 <li>corsixth (Open source re-implementation of Theme Hospital)</li>
35482 <li>quake2</li>
35483 <li>openra (Red Alert)</li>
35484 <li>openrct2 (Open source re-implementation of RollerCoaster Tycoon 2)</li>
35485 <li>openmw (Open source engine reimplementation of the game Morrowind)</li>
35486 </ul>
35487 <blockquote>
35488 <p>All those titles are simply installed through the packages. In that case I don’t think FreeBSD has any difference from OpenBSD.</p>
35489 </blockquote>
35490 <ul>
35491 <li>Wine</li>
35492 </ul>
35493 <blockquote>
35494 <p>One of the big advantages of FreeBSD over OpenBSD is that FreeBSD supports wine. Wine allows you to run Windows applications under other operating systems (including mac). If you are a FreeBSD 11 user, you can simply fetch wine from packages: <code># pkg install i386-wine</code></p>
35495 </blockquote>
35496 <blockquote>
35497 <p>To run Windows games, you need to have a 32-bit wine because most of the games on Windows are built on 32-bits (maybe this has changed – I don’t play so much these days). In my case, because I run FreeBSD-CURRENT I needed to build wine from ports. It wasn’t nice, but it also wasn’t unpleasant. The whole step-by-step building process of a wine from ports can be found here.</p>
35498 </blockquote>
35499 <ul>
35500 <li>Summary</li>
35501 </ul>
35502 <blockquote>
35503 <p>As you can see there are many titles available for *BSDs. Thanks to the FNA and fnaify, OpenBSD and FreeBSD can work with indie games which use the XNA framework. There are many interesting games implemented using this framework. Open source is not only for big server machines, and there are many re-implementations of popular games like Theme Hospital or RollerCoaster Tycoon 2. The biggest market is still enabled through wine, although its creates a lot of problems to run the games. Also, if you are an OpenBSD user only this option is not available for you. Please also note that we didn’t discuss any other emulators besides wine. In OpenBSD and FreeBSD there are many of them for GameBoy, SNES, NeoGeo and other games consoles.</p>
35504 </blockquote>
35505 <hr>
35506 <p>###<a href="https://bwidawsk.net/blog/index.php/2018/11/freebsd-for-thanksgiving/">FreeBSD For Thanksgiving</a></p>
35507 <blockquote>
35508 <p>I’ve been working on FreeBSD for Intel for almost 6 months now. In the world of programmers, I am considered an old dog, and these 6 months have been all about learning new tricks. Luckily, I’ve found myself in a remarkably inclusive and receptive community whose patience seems plentiful. As I get ready to take some time off for the holidays, and move into that retrospective time of year, I thought I’d beat the rush a bit and update on the progress<br>
35509 Earlier this year, I decided to move from architect of the Linux graphics driver into a more nebulous role of FreeBSD enabling. I was excited, but also uncertain if I was making the right decision.<br>
35510 Earlier this half, I decided some general work in power management was highly important and began working there. I attended BSDCam (handsome guy on the right), and led a session on Power Management. I was honored to be able to lead this kind of effort.<br>
35511 Earlier this quarter, I put the first round of my patches up for review, implementing suspend-to-idle. I have some rougher patches to handle s0ix support when suspending-to-idle. I gave a talk MeetBSD about our team’s work.<br>
35512 Earlier this month, I noticed that FreeBSD doesn’t have an implementation for Intel Speed Shift (HWPstates), and I started working on that.<br>
35513 Earlier this week, I was promoted from a lowly mentee committer to a full src committer.<br>
35514 Earlier today, I decided to relegate my Linux laptop to the role of my backup machine, and I am writing this from my Dell XPS13 running FreeBSD</p>
35515 </blockquote>
35516 <p><code>vandamme 13.0-CURRENT FreeBSD 13.0-CURRENT #45 881fee072ff(hwp)-dirty: Mon Nov 19 16:19:32 PST 2018 bwidawsk@vandamme:/usr/home/bwidawsk/usr/obj/usr/home/bwidawsk/usr/src/amd64.amd64/sys/DEVMACHINE amd64</code></p>
35517 <blockquote>
35518 <p>6 months later, I feel a lot less uncertain about making the right decision. In fact, I think both opportunities would be great, and I’m thankful this Thanksgiving that this is my life and career. I have more plans and things I want to get done. I’m looking forward to being thankful again next year.</p>
35519 </blockquote>
35520 <hr>
35521 <p>###<a href="https://www.garyshood.com/hammer2-space/">hammer2: no space left on device on Dragonfly BSD</a></p>
35522 <ul>
35523 <li>The Issue</li>
35524 </ul>
35525 <blockquote>
35526 <p>hammer2 does not actually delete a file when you rm or unlink it. Since recovery of the file is possible (this is the design of hammer2), there will still be an entry taking up data. It’s similar to how git works.<br>
35527 Even with 75% usage listed here, the filesystem could still have filled up. If you are using it as your root filesystem, then attempts to clean up data may fail. If the kernel panics over this, you will see something like this.</p>
35528 </blockquote>
35529 <ul>
35530 <li>The Fix</li>
35531 </ul>
35532 <blockquote>
35533 <p>If you have a recent enough version of the rescue ramdisk installed, on bootup you can press ‘r’ and access the rescue ramdisk. Your provider will have to offer some sort of remote interface for interacting with the operating system before it boots, like VNC or IPMI. You can then mount your filesystem using:</p>
35534 </blockquote>
35535 <p><code>[root@ ~]# mkdir /tmp/fs</code><br>
35536 <code>[root@ ~]# mount_hammer2 -o local /dev/vbd0s1a /tmp/fs</code></p>
35537 <blockquote>
35538 <p>If you receive an error that /sbin/hammer2 is not found, then your rescue ramdisk is not up to date enough. In that scenario, download the latest 5.2 iso from <a href="http://dragonflybsd.org">dragonflybsd.org</a> and boot from the cd-rom on your virtual machine or physical device. Just login as root instead of installer.<br>
35539 If the mount does succeed, then all you have to do is run the following twice:</p>
35540 </blockquote>
35541 <p><code>[root@ ~]# /sbin/hammer2 bulkfree /tmp/fs</code></p>
35542 <blockquote>
35543 <p>If you do not have enough memory on your machine, you may need to mount swap. Add your swap partition to the /etc/fstab and then do:</p>
35544 </blockquote>
35545 <p><code>[root@ ~]# swapon -a</code></p>
35546 <blockquote>
35547 <p>Once you have ran the bulkfree command twice, the usage reported by df -h will be correct. However, there is a chance on reboot that a core dump will be placed in /var/crash/ so be prepared to have plenty of space free in case that happens. You should also delete any files you can and run the bulkfree operation twice afterwards to clear up additional space.</p>
35548 </blockquote>
35549 <hr>
35550 <p>##Beastie Bits</p>
35551 <ul>
35552 <li><a href="http://dpaste.com/1S9NMZA">BSD Pizza Night - Portland</a></li>
35553 <li><a href="http://dpaste.com/3T0AB7M">bsd@35c3: …the place for you…*NIX!</a></li>
35554 <li><a href="http://project-trident.org/download/">Project Trident PreRelease Image now available</a></li>
35555 <li><a href="https://dataswamp.org/~solene/2018-11-09-stardew-valley.html">Play Stardew Valley on OpenBSD</a></li>
35556 <li><a href="https://github.com/charlesdaniels/gmixerctl">GUI Wrapper for OpenBSD mixerctl</a></li>
35557 <li><a href="https://github.com/q5sys/qtv/">qtv - QuickTextViewer</a></li>
35558 </ul>
35559 <hr>
35560 <p>##Feedback/Questions</p>
35561 <ul>
35562 <li>Ron - <a href="http://dpaste.com/16XT6PQ#wrap">Ideas for feedback section</a></li>
35563 <li>Paulo - <a href="http://dpaste.com/0BEE730">SDIO Firmware</a></li>
35564 <li>Dan - <a href="http://dpaste.com/3Q7DERN#wrap">Some fun ZFS questions about labels</a></li>
35565 </ul>
35566 <hr>
35567 <ul>
35568 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
35569 </ul>
35570 <hr>
35571 </description>
35572 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, gaming, assembly language, hammer2</itunes:keywords>
35573 <content:encoded>
35574 <![CDATA[<p>Assembly language on OpenBSD, using bhyve for FreeBSD development, FreeBSD Gaming, FreeBSD for Thanksgiving, no space left on Dragonfly’s hammer2, and more.</p>
35575
35576 <p>##Headlines<br>
35577 ###<a href="https://cryogenix.net/OpenBSD_assembly.html">Assembly language on OpenBSD amd64+arm64</a></p>
35578
35579 <blockquote>
35580 <p>This is a short introduction to assembly language programming on OpenBSD/amd64+arm64. Because of security features in the kernel, I have had to rethink a series of tutorials covering Aarch64 assembly language on OpenBSD, and therefore this will serve as a placeholder-cum-reminder.</p>
35581 </blockquote>
35582
35583 <blockquote>
35584 <p>OpenBSD, like many UNIX and unix-like operating systems, now uses the Executable and Linkable Format (ELF) for its binary libraries and executables. Although the structure of this format is beyond the scope of this short introduction, it is necessary for me to explain part of one of the headers.</p>
35585 </blockquote>
35586
35587 <blockquote>
35588 <p>Within the program header there are sections known as PT_NOTE that OpenBSD and other systems use to distinguish their ELF executables - OpenBSD looks for this section to check if it should attempt to execute the program or not.</p>
35589 </blockquote>
35590
35591 <ul>
35592 <li>Our first program: in C!</li>
35593 </ul>
35594
35595 <blockquote>
35596 <p>It’s often a good idea to prototype your assembly programs in a high level language such as C - it can then double up as both a set of notes and a working program that you can debug and compile into assembly language to compare with your own asm code.</p>
35597 </blockquote>
35598
35599 <ul>
35600 <li>See the article for the rest on:</li>
35601 <li>Our first program: in x86-64 Asm (AT&T/GAS syntax)</li>
35602 <li>Our first program: in inline x86-64 assembly</li>
35603 <li>Our first program: in x86-64 asm (NASM syntax)</li>
35604 <li>Our first program: in ARMv8 AArch64 assembly</li>
35605 </ul>
35606
35607 <p><hr></p>
35608
35609 <p>###<a href="https://bsdjhb.blogspot.com/2018/10/using-bhyve-for-freebsd-development.html">Using bhyve for FreeBSD Development</a></p>
35610
35611 <ul>
35612 <li>The Hypervisor</li>
35613 </ul>
35614
35615 <blockquote>
35616 <p>The bhyve hypervisor requires a 64-bit x86 processor with hardware support for virtualization. This requirement allows for a simple, clean hypervisor implementation, but it does require a fairly recent<br>
35617 processor. The current hypervisor requires an Intel processor, but there is an active development branch with support for AMD processors.<br>
35618 The hypervisor itself contains both user and kernel components. The kernel driver is contained in the vmm.ko module and can be loaded either at boot from the boot loader or at runtime. It must<br>
35619 be loaded before any guests can be created. When a guest is created, the kernel driver creates a device file in /dev/vmm which is used by the user programs to interact with the guest.<br>
35620 The primary user component is the bhyve(8) program. It constructs the emulated device tree in the guest and provides the implementation for most of the emulated devices. It also calls the kernel driver to execute the guest. Note that the guest always executes inside the driver itself, so guest execution time in the host is counted as system time in the bhyve process.<br>
35621 Currently, bhyve does not provide a system firmware interface to the guest (neither BIOS nor UEFI). Instead, a user program running on the host is used to perform boot time operations including loading the guest operating system kernel into the guest’s memory and setting the initial guest state so that the guest begins execution at the kernel’s entry point. For FreeBSD guests, the bhyveload(8) program can be used to load the kernel and prepare the guest for execution. Support for some other operating systems is available via the grub2-bhyve program which is available via the sysutils/grub2-bhyve port or as a prebuilt package.<br>
35622 The bhyveload(8) program in FreeBSD 10.0 only supports 64-bit guests. Support for 32-bit guests will be included in FreeBSD 10.1.</p>
35623 </blockquote>
35624
35625 <ul>
35626 <li>
35627 <p>See the article for the very technical breakdown of the following:</p>
35628 </li>
35629 <li>
35630 <p>Network Setup</p>
35631 </li>
35632 <li>
35633 <p>Bridged Configuration</p>
35634 </li>
35635 <li>
35636 <p>Private Network with NAT</p>
35637 </li>
35638 <li>
35639 <p>Using dnsmasq with a Private Network</p>
35640 </li>
35641 <li>
35642 <p>Running Guests via <a href="http://vmrun.sh">vmrun.sh</a></p>
35643 </li>
35644 <li>
35645 <p>Configuring Guests</p>
35646 </li>
35647 <li>
35648 <p>Using a bhyve Guest as a Target</p>
35649 </li>
35650 <li>
35651 <p>Conclusion</p>
35652 </li>
35653 </ul>
35654
35655 <blockquote>
35656 <p>The bhyve hypervisor is a nice addition to a FreeBSD developer’s toolbox. Guests can be used both to develop new features and to test merges to stable branches. The hypervisor has a wide variety of uses beyond developing FreeBSD as well.</p>
35657 </blockquote>
35658
35659 <p><hr></p>
35660
35661 <p>##News Roundup<br>
35662 ###<a href="https://oshogbo.vexillium.org/blog/58/">Games on FreeBSD</a></p>
35663
35664 <blockquote>
35665 <p>What do all programmers like to do after work? Ok, what do most programers like to do after work? The answer is simple: play a good game! Recently at the Polish BSD User Group meetup mulander was telling us how you can play games on OpenBSD. Today let’s discuss how this looks in the FreeBSD world using the “server only” operating system.</p>
35666 </blockquote>
35667
35668 <ul>
35669 <li>XNA based games</li>
35670 </ul>
35671
35672 <blockquote>
35673 <p>One of the ways of playing natively is to play indie games which use XNA. XNA is a framework from Microsoft which uses .NET, for creating games. Fortunately, in the BSD world we have Mono, an open source implementation of Microsoft’s .NET Framework which you can use to run games. There is also FNA framework which is a reimplementation of XNA which allows you to run the games under Linux. Thomas Frohwein, from OpenBSD, prepared a script, fnaify. Fnaify translate all dependencies used by an FNA game to OpenBSD dependencies.<br>
35674 I decided to port the script to FreeBSD. The script is using /bin/sh which in the case of OpenBSD is a Korn Shell.</p>
35675 </blockquote>
35676
35677 <blockquote>
35678 <p>I didn’t test it with many games, but I don’t see any reason why it shouldn’t work with all the games tested by the OpenBSD guys. For example, with:</p>
35679 </blockquote>
35680
35681 <ul>
35682 <li>
35683 <p>Cryptark</p>
35684 </li>
35685 <li>
35686 <p>Rouge Legacy</p>
35687 </li>
35688 <li>
35689 <p>Apotheon</p>
35690 </li>
35691 <li>
35692 <p>Escape Goat</p>
35693 </li>
35694 <li>
35695 <p>Bastion</p>
35696 </li>
35697 <li>
35698 <p>CrossCode</p>
35699 </li>
35700 <li>
35701 <p>Atom Zombie Smasher</p>
35702 </li>
35703 <li>
35704 <p>Open-Source games</p>
35705 </li>
35706 </ul>
35707
35708 <blockquote>
35709 <p>In FreeBSD and OpenBSD we also will find popular games which were open sourced. For example, I spend a lot of time playing in Quake 3 Arena on my FreeBSD machine. You can very simply install it using pkg: <code># pkg install ioquake3</code></p>
35710 </blockquote>
35711
35712 <blockquote>
35713 <p>Then move the files for the skins and maps to the .ioquake3 directory from your copy of Quake. In the past I also played UrbanTerror which is a fully open source shooter based on the Quake 3 Arena engine. It’s is also very easy to install it from ports: <code># pkg install iourbanterror</code></p>
35714 </blockquote>
35715
35716 <blockquote>
35717 <p>In the ports tree in the games directory you can find over 1000 directories, many of them with fully implemented games. I didn’t test many games in this category, but you can find some interesting titles like:</p>
35718 </blockquote>
35719
35720 <ul>
35721 <li>openxcom (Open-source re-implementation of the original X-Com)</li>
35722 <li>openjazz (Free re-implementation of the Jazz Jackrabbit™ game engine)</li>
35723 <li>corsixth (Open source re-implementation of Theme Hospital)</li>
35724 <li>quake2</li>
35725 <li>openra (Red Alert)</li>
35726 <li>openrct2 (Open source re-implementation of RollerCoaster Tycoon 2)</li>
35727 <li>openmw (Open source engine reimplementation of the game Morrowind)</li>
35728 </ul>
35729
35730 <blockquote>
35731 <p>All those titles are simply installed through the packages. In that case I don’t think FreeBSD has any difference from OpenBSD.</p>
35732 </blockquote>
35733
35734 <ul>
35735 <li>Wine</li>
35736 </ul>
35737
35738 <blockquote>
35739 <p>One of the big advantages of FreeBSD over OpenBSD is that FreeBSD supports wine. Wine allows you to run Windows applications under other operating systems (including mac). If you are a FreeBSD 11 user, you can simply fetch wine from packages: <code># pkg install i386-wine</code></p>
35740 </blockquote>
35741
35742 <blockquote>
35743 <p>To run Windows games, you need to have a 32-bit wine because most of the games on Windows are built on 32-bits (maybe this has changed – I don’t play so much these days). In my case, because I run FreeBSD-CURRENT I needed to build wine from ports. It wasn’t nice, but it also wasn’t unpleasant. The whole step-by-step building process of a wine from ports can be found here.</p>
35744 </blockquote>
35745
35746 <ul>
35747 <li>Summary</li>
35748 </ul>
35749
35750 <blockquote>
35751 <p>As you can see there are many titles available for *BSDs. Thanks to the FNA and fnaify, OpenBSD and FreeBSD can work with indie games which use the XNA framework. There are many interesting games implemented using this framework. Open source is not only for big server machines, and there are many re-implementations of popular games like Theme Hospital or RollerCoaster Tycoon 2. The biggest market is still enabled through wine, although its creates a lot of problems to run the games. Also, if you are an OpenBSD user only this option is not available for you. Please also note that we didn’t discuss any other emulators besides wine. In OpenBSD and FreeBSD there are many of them for GameBoy, SNES, NeoGeo and other games consoles.</p>
35752 </blockquote>
35753
35754 <p><hr></p>
35755
35756 <p>###<a href="https://bwidawsk.net/blog/index.php/2018/11/freebsd-for-thanksgiving/">FreeBSD For Thanksgiving</a></p>
35757
35758 <blockquote>
35759 <p>I’ve been working on FreeBSD for Intel for almost 6 months now. In the world of programmers, I am considered an old dog, and these 6 months have been all about learning new tricks. Luckily, I’ve found myself in a remarkably inclusive and receptive community whose patience seems plentiful. As I get ready to take some time off for the holidays, and move into that retrospective time of year, I thought I’d beat the rush a bit and update on the progress<br>
35760 Earlier this year, I decided to move from architect of the Linux graphics driver into a more nebulous role of FreeBSD enabling. I was excited, but also uncertain if I was making the right decision.<br>
35761 Earlier this half, I decided some general work in power management was highly important and began working there. I attended BSDCam (handsome guy on the right), and led a session on Power Management. I was honored to be able to lead this kind of effort.<br>
35762 Earlier this quarter, I put the first round of my patches up for review, implementing suspend-to-idle. I have some rougher patches to handle s0ix support when suspending-to-idle. I gave a talk MeetBSD about our team’s work.<br>
35763 Earlier this month, I noticed that FreeBSD doesn’t have an implementation for Intel Speed Shift (HWPstates), and I started working on that.<br>
35764 Earlier this week, I was promoted from a lowly mentee committer to a full src committer.<br>
35765 Earlier today, I decided to relegate my Linux laptop to the role of my backup machine, and I am writing this from my Dell XPS13 running FreeBSD</p>
35766 </blockquote>
35767
35768 <p><code>vandamme 13.0-CURRENT FreeBSD 13.0-CURRENT #45 881fee072ff(hwp)-dirty: Mon Nov 19 16:19:32 PST 2018 bwidawsk@vandamme:/usr/home/bwidawsk/usr/obj/usr/home/bwidawsk/usr/src/amd64.amd64/sys/DEVMACHINE amd64</code></p>
35769
35770 <blockquote>
35771 <p>6 months later, I feel a lot less uncertain about making the right decision. In fact, I think both opportunities would be great, and I’m thankful this Thanksgiving that this is my life and career. I have more plans and things I want to get done. I’m looking forward to being thankful again next year.</p>
35772 </blockquote>
35773
35774 <p><hr></p>
35775
35776 <p>###<a href="https://www.garyshood.com/hammer2-space/">hammer2: no space left on device on Dragonfly BSD</a></p>
35777
35778 <ul>
35779 <li>The Issue</li>
35780 </ul>
35781
35782 <blockquote>
35783 <p>hammer2 does not actually delete a file when you rm or unlink it. Since recovery of the file is possible (this is the design of hammer2), there will still be an entry taking up data. It’s similar to how git works.<br>
35784 Even with 75% usage listed here, the filesystem could still have filled up. If you are using it as your root filesystem, then attempts to clean up data may fail. If the kernel panics over this, you will see something like this.</p>
35785 </blockquote>
35786
35787 <ul>
35788 <li>The Fix</li>
35789 </ul>
35790
35791 <blockquote>
35792 <p>If you have a recent enough version of the rescue ramdisk installed, on bootup you can press ‘r’ and access the rescue ramdisk. Your provider will have to offer some sort of remote interface for interacting with the operating system before it boots, like VNC or IPMI. You can then mount your filesystem using:</p>
35793 </blockquote>
35794
35795 <p><code>[root@ ~]# mkdir /tmp/fs</code><br>
35796 <code>[root@ ~]# mount_hammer2 -o local /dev/vbd0s1a /tmp/fs</code></p>
35797
35798 <blockquote>
35799 <p>If you receive an error that /sbin/hammer2 is not found, then your rescue ramdisk is not up to date enough. In that scenario, download the latest 5.2 iso from <a href="http://dragonflybsd.org">dragonflybsd.org</a> and boot from the cd-rom on your virtual machine or physical device. Just login as root instead of installer.<br>
35800 If the mount does succeed, then all you have to do is run the following twice:</p>
35801 </blockquote>
35802
35803 <p><code>[root@ ~]# /sbin/hammer2 bulkfree /tmp/fs</code></p>
35804
35805 <blockquote>
35806 <p>If you do not have enough memory on your machine, you may need to mount swap. Add your swap partition to the /etc/fstab and then do:</p>
35807 </blockquote>
35808
35809 <p><code>[root@ ~]# swapon -a</code></p>
35810
35811 <blockquote>
35812 <p>Once you have ran the bulkfree command twice, the usage reported by df -h will be correct. However, there is a chance on reboot that a core dump will be placed in /var/crash/ so be prepared to have plenty of space free in case that happens. You should also delete any files you can and run the bulkfree operation twice afterwards to clear up additional space.</p>
35813 </blockquote>
35814
35815 <p><hr></p>
35816
35817 <p>##Beastie Bits</p>
35818
35819 <ul>
35820 <li><a href="http://dpaste.com/1S9NMZA">BSD Pizza Night - Portland</a></li>
35821 <li><a href="http://dpaste.com/3T0AB7M">bsd@35c3: …the place for you…*NIX!</a></li>
35822 <li><a href="http://project-trident.org/download/">Project Trident PreRelease Image now available</a></li>
35823 <li><a href="https://dataswamp.org/~solene/2018-11-09-stardew-valley.html">Play Stardew Valley on OpenBSD</a></li>
35824 <li><a href="https://github.com/charlesdaniels/gmixerctl">GUI Wrapper for OpenBSD mixerctl</a></li>
35825 <li><a href="https://github.com/q5sys/qtv/">qtv - QuickTextViewer</a></li>
35826 </ul>
35827
35828 <p><hr></p>
35829
35830 <p>##Feedback/Questions</p>
35831
35832 <ul>
35833 <li>Ron - <a href="http://dpaste.com/16XT6PQ#wrap">Ideas for feedback section</a></li>
35834 <li>Paulo - <a href="http://dpaste.com/0BEE730">SDIO Firmware</a></li>
35835 <li>Dan - <a href="http://dpaste.com/3Q7DERN#wrap">Some fun ZFS questions about labels</a></li>
35836 </ul>
35837
35838 <p><hr></p>
35839
35840 <ul>
35841 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
35842 </ul>
35843
35844 <p><hr></p>]]>
35845 </content:encoded>
35846 <itunes:summary>
35847 <![CDATA[<p>Assembly language on OpenBSD, using bhyve for FreeBSD development, FreeBSD Gaming, FreeBSD for Thanksgiving, no space left on Dragonfly’s hammer2, and more.</p>
35848
35849 <p>##Headlines<br>
35850 ###<a href="https://cryogenix.net/OpenBSD_assembly.html">Assembly language on OpenBSD amd64+arm64</a></p>
35851
35852 <blockquote>
35853 <p>This is a short introduction to assembly language programming on OpenBSD/amd64+arm64. Because of security features in the kernel, I have had to rethink a series of tutorials covering Aarch64 assembly language on OpenBSD, and therefore this will serve as a placeholder-cum-reminder.</p>
35854 </blockquote>
35855
35856 <blockquote>
35857 <p>OpenBSD, like many UNIX and unix-like operating systems, now uses the Executable and Linkable Format (ELF) for its binary libraries and executables. Although the structure of this format is beyond the scope of this short introduction, it is necessary for me to explain part of one of the headers.</p>
35858 </blockquote>
35859
35860 <blockquote>
35861 <p>Within the program header there are sections known as PT_NOTE that OpenBSD and other systems use to distinguish their ELF executables - OpenBSD looks for this section to check if it should attempt to execute the program or not.</p>
35862 </blockquote>
35863
35864 <ul>
35865 <li>Our first program: in C!</li>
35866 </ul>
35867
35868 <blockquote>
35869 <p>It’s often a good idea to prototype your assembly programs in a high level language such as C - it can then double up as both a set of notes and a working program that you can debug and compile into assembly language to compare with your own asm code.</p>
35870 </blockquote>
35871
35872 <ul>
35873 <li>See the article for the rest on:</li>
35874 <li>Our first program: in x86-64 Asm (AT&T/GAS syntax)</li>
35875 <li>Our first program: in inline x86-64 assembly</li>
35876 <li>Our first program: in x86-64 asm (NASM syntax)</li>
35877 <li>Our first program: in ARMv8 AArch64 assembly</li>
35878 </ul>
35879
35880 <p><hr></p>
35881
35882 <p>###<a href="https://bsdjhb.blogspot.com/2018/10/using-bhyve-for-freebsd-development.html">Using bhyve for FreeBSD Development</a></p>
35883
35884 <ul>
35885 <li>The Hypervisor</li>
35886 </ul>
35887
35888 <blockquote>
35889 <p>The bhyve hypervisor requires a 64-bit x86 processor with hardware support for virtualization. This requirement allows for a simple, clean hypervisor implementation, but it does require a fairly recent<br>
35890 processor. The current hypervisor requires an Intel processor, but there is an active development branch with support for AMD processors.<br>
35891 The hypervisor itself contains both user and kernel components. The kernel driver is contained in the vmm.ko module and can be loaded either at boot from the boot loader or at runtime. It must<br>
35892 be loaded before any guests can be created. When a guest is created, the kernel driver creates a device file in /dev/vmm which is used by the user programs to interact with the guest.<br>
35893 The primary user component is the bhyve(8) program. It constructs the emulated device tree in the guest and provides the implementation for most of the emulated devices. It also calls the kernel driver to execute the guest. Note that the guest always executes inside the driver itself, so guest execution time in the host is counted as system time in the bhyve process.<br>
35894 Currently, bhyve does not provide a system firmware interface to the guest (neither BIOS nor UEFI). Instead, a user program running on the host is used to perform boot time operations including loading the guest operating system kernel into the guest’s memory and setting the initial guest state so that the guest begins execution at the kernel’s entry point. For FreeBSD guests, the bhyveload(8) program can be used to load the kernel and prepare the guest for execution. Support for some other operating systems is available via the grub2-bhyve program which is available via the sysutils/grub2-bhyve port or as a prebuilt package.<br>
35895 The bhyveload(8) program in FreeBSD 10.0 only supports 64-bit guests. Support for 32-bit guests will be included in FreeBSD 10.1.</p>
35896 </blockquote>
35897
35898 <ul>
35899 <li>
35900 <p>See the article for the very technical breakdown of the following:</p>
35901 </li>
35902 <li>
35903 <p>Network Setup</p>
35904 </li>
35905 <li>
35906 <p>Bridged Configuration</p>
35907 </li>
35908 <li>
35909 <p>Private Network with NAT</p>
35910 </li>
35911 <li>
35912 <p>Using dnsmasq with a Private Network</p>
35913 </li>
35914 <li>
35915 <p>Running Guests via <a href="http://vmrun.sh">vmrun.sh</a></p>
35916 </li>
35917 <li>
35918 <p>Configuring Guests</p>
35919 </li>
35920 <li>
35921 <p>Using a bhyve Guest as a Target</p>
35922 </li>
35923 <li>
35924 <p>Conclusion</p>
35925 </li>
35926 </ul>
35927
35928 <blockquote>
35929 <p>The bhyve hypervisor is a nice addition to a FreeBSD developer’s toolbox. Guests can be used both to develop new features and to test merges to stable branches. The hypervisor has a wide variety of uses beyond developing FreeBSD as well.</p>
35930 </blockquote>
35931
35932 <p><hr></p>
35933
35934 <p>##News Roundup<br>
35935 ###<a href="https://oshogbo.vexillium.org/blog/58/">Games on FreeBSD</a></p>
35936
35937 <blockquote>
35938 <p>What do all programmers like to do after work? Ok, what do most programers like to do after work? The answer is simple: play a good game! Recently at the Polish BSD User Group meetup mulander was telling us how you can play games on OpenBSD. Today let’s discuss how this looks in the FreeBSD world using the “server only” operating system.</p>
35939 </blockquote>
35940
35941 <ul>
35942 <li>XNA based games</li>
35943 </ul>
35944
35945 <blockquote>
35946 <p>One of the ways of playing natively is to play indie games which use XNA. XNA is a framework from Microsoft which uses .NET, for creating games. Fortunately, in the BSD world we have Mono, an open source implementation of Microsoft’s .NET Framework which you can use to run games. There is also FNA framework which is a reimplementation of XNA which allows you to run the games under Linux. Thomas Frohwein, from OpenBSD, prepared a script, fnaify. Fnaify translate all dependencies used by an FNA game to OpenBSD dependencies.<br>
35947 I decided to port the script to FreeBSD. The script is using /bin/sh which in the case of OpenBSD is a Korn Shell.</p>
35948 </blockquote>
35949
35950 <blockquote>
35951 <p>I didn’t test it with many games, but I don’t see any reason why it shouldn’t work with all the games tested by the OpenBSD guys. For example, with:</p>
35952 </blockquote>
35953
35954 <ul>
35955 <li>
35956 <p>Cryptark</p>
35957 </li>
35958 <li>
35959 <p>Rouge Legacy</p>
35960 </li>
35961 <li>
35962 <p>Apotheon</p>
35963 </li>
35964 <li>
35965 <p>Escape Goat</p>
35966 </li>
35967 <li>
35968 <p>Bastion</p>
35969 </li>
35970 <li>
35971 <p>CrossCode</p>
35972 </li>
35973 <li>
35974 <p>Atom Zombie Smasher</p>
35975 </li>
35976 <li>
35977 <p>Open-Source games</p>
35978 </li>
35979 </ul>
35980
35981 <blockquote>
35982 <p>In FreeBSD and OpenBSD we also will find popular games which were open sourced. For example, I spend a lot of time playing in Quake 3 Arena on my FreeBSD machine. You can very simply install it using pkg: <code># pkg install ioquake3</code></p>
35983 </blockquote>
35984
35985 <blockquote>
35986 <p>Then move the files for the skins and maps to the .ioquake3 directory from your copy of Quake. In the past I also played UrbanTerror which is a fully open source shooter based on the Quake 3 Arena engine. It’s is also very easy to install it from ports: <code># pkg install iourbanterror</code></p>
35987 </blockquote>
35988
35989 <blockquote>
35990 <p>In the ports tree in the games directory you can find over 1000 directories, many of them with fully implemented games. I didn’t test many games in this category, but you can find some interesting titles like:</p>
35991 </blockquote>
35992
35993 <ul>
35994 <li>openxcom (Open-source re-implementation of the original X-Com)</li>
35995 <li>openjazz (Free re-implementation of the Jazz Jackrabbit™ game engine)</li>
35996 <li>corsixth (Open source re-implementation of Theme Hospital)</li>
35997 <li>quake2</li>
35998 <li>openra (Red Alert)</li>
35999 <li>openrct2 (Open source re-implementation of RollerCoaster Tycoon 2)</li>
36000 <li>openmw (Open source engine reimplementation of the game Morrowind)</li>
36001 </ul>
36002
36003 <blockquote>
36004 <p>All those titles are simply installed through the packages. In that case I don’t think FreeBSD has any difference from OpenBSD.</p>
36005 </blockquote>
36006
36007 <ul>
36008 <li>Wine</li>
36009 </ul>
36010
36011 <blockquote>
36012 <p>One of the big advantages of FreeBSD over OpenBSD is that FreeBSD supports wine. Wine allows you to run Windows applications under other operating systems (including mac). If you are a FreeBSD 11 user, you can simply fetch wine from packages: <code># pkg install i386-wine</code></p>
36013 </blockquote>
36014
36015 <blockquote>
36016 <p>To run Windows games, you need to have a 32-bit wine because most of the games on Windows are built on 32-bits (maybe this has changed – I don’t play so much these days). In my case, because I run FreeBSD-CURRENT I needed to build wine from ports. It wasn’t nice, but it also wasn’t unpleasant. The whole step-by-step building process of a wine from ports can be found here.</p>
36017 </blockquote>
36018
36019 <ul>
36020 <li>Summary</li>
36021 </ul>
36022
36023 <blockquote>
36024 <p>As you can see there are many titles available for *BSDs. Thanks to the FNA and fnaify, OpenBSD and FreeBSD can work with indie games which use the XNA framework. There are many interesting games implemented using this framework. Open source is not only for big server machines, and there are many re-implementations of popular games like Theme Hospital or RollerCoaster Tycoon 2. The biggest market is still enabled through wine, although its creates a lot of problems to run the games. Also, if you are an OpenBSD user only this option is not available for you. Please also note that we didn’t discuss any other emulators besides wine. In OpenBSD and FreeBSD there are many of them for GameBoy, SNES, NeoGeo and other games consoles.</p>
36025 </blockquote>
36026
36027 <p><hr></p>
36028
36029 <p>###<a href="https://bwidawsk.net/blog/index.php/2018/11/freebsd-for-thanksgiving/">FreeBSD For Thanksgiving</a></p>
36030
36031 <blockquote>
36032 <p>I’ve been working on FreeBSD for Intel for almost 6 months now. In the world of programmers, I am considered an old dog, and these 6 months have been all about learning new tricks. Luckily, I’ve found myself in a remarkably inclusive and receptive community whose patience seems plentiful. As I get ready to take some time off for the holidays, and move into that retrospective time of year, I thought I’d beat the rush a bit and update on the progress<br>
36033 Earlier this year, I decided to move from architect of the Linux graphics driver into a more nebulous role of FreeBSD enabling. I was excited, but also uncertain if I was making the right decision.<br>
36034 Earlier this half, I decided some general work in power management was highly important and began working there. I attended BSDCam (handsome guy on the right), and led a session on Power Management. I was honored to be able to lead this kind of effort.<br>
36035 Earlier this quarter, I put the first round of my patches up for review, implementing suspend-to-idle. I have some rougher patches to handle s0ix support when suspending-to-idle. I gave a talk MeetBSD about our team’s work.<br>
36036 Earlier this month, I noticed that FreeBSD doesn’t have an implementation for Intel Speed Shift (HWPstates), and I started working on that.<br>
36037 Earlier this week, I was promoted from a lowly mentee committer to a full src committer.<br>
36038 Earlier today, I decided to relegate my Linux laptop to the role of my backup machine, and I am writing this from my Dell XPS13 running FreeBSD</p>
36039 </blockquote>
36040
36041 <p><code>vandamme 13.0-CURRENT FreeBSD 13.0-CURRENT #45 881fee072ff(hwp)-dirty: Mon Nov 19 16:19:32 PST 2018 bwidawsk@vandamme:/usr/home/bwidawsk/usr/obj/usr/home/bwidawsk/usr/src/amd64.amd64/sys/DEVMACHINE amd64</code></p>
36042
36043 <blockquote>
36044 <p>6 months later, I feel a lot less uncertain about making the right decision. In fact, I think both opportunities would be great, and I’m thankful this Thanksgiving that this is my life and career. I have more plans and things I want to get done. I’m looking forward to being thankful again next year.</p>
36045 </blockquote>
36046
36047 <p><hr></p>
36048
36049 <p>###<a href="https://www.garyshood.com/hammer2-space/">hammer2: no space left on device on Dragonfly BSD</a></p>
36050
36051 <ul>
36052 <li>The Issue</li>
36053 </ul>
36054
36055 <blockquote>
36056 <p>hammer2 does not actually delete a file when you rm or unlink it. Since recovery of the file is possible (this is the design of hammer2), there will still be an entry taking up data. It’s similar to how git works.<br>
36057 Even with 75% usage listed here, the filesystem could still have filled up. If you are using it as your root filesystem, then attempts to clean up data may fail. If the kernel panics over this, you will see something like this.</p>
36058 </blockquote>
36059
36060 <ul>
36061 <li>The Fix</li>
36062 </ul>
36063
36064 <blockquote>
36065 <p>If you have a recent enough version of the rescue ramdisk installed, on bootup you can press ‘r’ and access the rescue ramdisk. Your provider will have to offer some sort of remote interface for interacting with the operating system before it boots, like VNC or IPMI. You can then mount your filesystem using:</p>
36066 </blockquote>
36067
36068 <p><code>[root@ ~]# mkdir /tmp/fs</code><br>
36069 <code>[root@ ~]# mount_hammer2 -o local /dev/vbd0s1a /tmp/fs</code></p>
36070
36071 <blockquote>
36072 <p>If you receive an error that /sbin/hammer2 is not found, then your rescue ramdisk is not up to date enough. In that scenario, download the latest 5.2 iso from <a href="http://dragonflybsd.org">dragonflybsd.org</a> and boot from the cd-rom on your virtual machine or physical device. Just login as root instead of installer.<br>
36073 If the mount does succeed, then all you have to do is run the following twice:</p>
36074 </blockquote>
36075
36076 <p><code>[root@ ~]# /sbin/hammer2 bulkfree /tmp/fs</code></p>
36077
36078 <blockquote>
36079 <p>If you do not have enough memory on your machine, you may need to mount swap. Add your swap partition to the /etc/fstab and then do:</p>
36080 </blockquote>
36081
36082 <p><code>[root@ ~]# swapon -a</code></p>
36083
36084 <blockquote>
36085 <p>Once you have ran the bulkfree command twice, the usage reported by df -h will be correct. However, there is a chance on reboot that a core dump will be placed in /var/crash/ so be prepared to have plenty of space free in case that happens. You should also delete any files you can and run the bulkfree operation twice afterwards to clear up additional space.</p>
36086 </blockquote>
36087
36088 <p><hr></p>
36089
36090 <p>##Beastie Bits</p>
36091
36092 <ul>
36093 <li><a href="http://dpaste.com/1S9NMZA">BSD Pizza Night - Portland</a></li>
36094 <li><a href="http://dpaste.com/3T0AB7M">bsd@35c3: …the place for you…*NIX!</a></li>
36095 <li><a href="http://project-trident.org/download/">Project Trident PreRelease Image now available</a></li>
36096 <li><a href="https://dataswamp.org/~solene/2018-11-09-stardew-valley.html">Play Stardew Valley on OpenBSD</a></li>
36097 <li><a href="https://github.com/charlesdaniels/gmixerctl">GUI Wrapper for OpenBSD mixerctl</a></li>
36098 <li><a href="https://github.com/q5sys/qtv/">qtv - QuickTextViewer</a></li>
36099 </ul>
36100
36101 <p><hr></p>
36102
36103 <p>##Feedback/Questions</p>
36104
36105 <ul>
36106 <li>Ron - <a href="http://dpaste.com/16XT6PQ#wrap">Ideas for feedback section</a></li>
36107 <li>Paulo - <a href="http://dpaste.com/0BEE730">SDIO Firmware</a></li>
36108 <li>Dan - <a href="http://dpaste.com/3Q7DERN#wrap">Some fun ZFS questions about labels</a></li>
36109 </ul>
36110
36111 <p><hr></p>
36112
36113 <ul>
36114 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
36115 </ul>
36116
36117 <p><hr></p>]]>
36118 </itunes:summary>
36119 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+Xw6R0hoW</fireside:playerURL>
36120 <fireside:playerEmbedCode>
36121 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+Xw6R0hoW" width="740" height="200" frameborder="0" scrolling="no">]]>
36122 </fireside:playerEmbedCode>
36123 </item>
36124 <item>
36125 <title>Episode 273: A Thoughtful Episode | BSD Now 273</title>
36126 <link>https://www.bsdnow.tv/273</link>
36127 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-2927</guid>
36128 <pubDate>Thu, 22 Nov 2018 23:00:00 -0800</pubDate>
36129 <author>Allan Jude</author>
36130 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/19a116b3-098d-40a2-bf74-28c99f8023e1.mp3" length="44912747" type="audio/mp3"/>
36131 <itunes:episodeType>full</itunes:episodeType>
36132 <itunes:author>Allan Jude</itunes:author>
36133 <itunes:subtitle>Thoughts on NetBSD 8.0, Monitoring love for a GigaBit OpenBSD firewall, cat’s source history, X.org root permission bug, thoughts on OpenBSD as a desktop, and NomadBSD review.</itunes:subtitle>
36134 <itunes:duration>1:14:32</itunes:duration>
36135 <itunes:explicit>no</itunes:explicit>
36136 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
36137 <description>Thoughts on NetBSD 8.0, Monitoring love for a GigaBit OpenBSD firewall, cat’s source history, X.org root permission bug, thoughts on OpenBSD as a desktop, and NomadBSD review.
36138 <p>##Headlines<br>
36139 <a href="https://distrowatch.com/weekly.php?issue=20181119#netbsd">Some thoughts on NetBSD 8.0</a></p>
36140 <blockquote>
36141 <p>NetBSD is a highly portable operating system which can be run on dozens of different hardware architectures. The operating system’s clean and minimal design allow it to be run in all sorts of environments, ranging from embedded devices, to servers, to workstations. While the base operating system is minimal, NetBSD users have access to a large repository of binary packages and a ports tree which I will touch upon later.<br>
36142 I last tried NetBSD 7.0 about three years ago and decided it was time to test drive the operating system again. In the past three years NetBSD has introduced a few new features, many of them security enhancements. For example, NetBSD now supports write exclusive-or execute (W^X) protection and address space layout randomization (ASLR) to protect programs against common attacks. NetBSD 8.0 also includes USB3 support and the ability to work with ZFS storage volumes.</p>
36143 </blockquote>
36144 <ul>
36145 <li>Early impressions</li>
36146 </ul>
36147 <blockquote>
36148 <p>Since I had set up NetBSD with a Full install and enabled xdm during the setup process, the operating system booted to a graphical login screen. From here we can sign into our account. The login screen does not provide options to shut down or restart the computer. Logging into our account brings up the twm window manager and provides a virtual terminal, courtesy of xterm. There is a panel that provides a method for logging out of the window manager. The twm environment is sparse, fast and devoid of distractions.</p>
36149 </blockquote>
36150 <ul>
36151 <li>Software management</li>
36152 </ul>
36153 <blockquote>
36154 <p>NetBSD ships with a fairly standard collection of command line tools and manual pages, but otherwise it is a fairly minimal platform. If we want to run network services, have access to a web browser, or use a word processor we are going to need to install more software. There are two main approaches to installing new packages. The first, and easier approach, is to use the pkgin package manager. The pkgin utility works much the same way APT or DNF work in the Linux world, or as pkg works on FreeBSD. We can search for software by name, install or remove items. I found pkgin worked well, though its output can be terse. My only complaint with pkgin is that it does not handle “close enough” package names. For example, if I tried to run “pkgin install vlc” or “pkgin install firefox” I would quickly be told these items did not exist. But a more forgiving package manager will realize items like vlc2 or firefox45 are available and offer to install those.<br>
36155 The pkgin tool installs new programs in the /usr/pkg/bin directory. Depending on your configuration and shell, this location may not be in your user’s path, and it will be helpful to adjust your PATH variable accordingly.<br>
36156 The other common approach to acquiring new software is to use the pkgsrc framework. I have talked about using pkgsrc before and I will skip the details. Basically, we can download a collection of recipes for building popular open source software and run a command to download and install these items from their source code. Using pkgsrc basically gives us the same software as using pkgin would, but with some added flexibility on the options we use.<br>
36157 Once new software has been installed, it may need to be enabled and activated, particularly if it uses (or is) a background service. New items can be enabled in the /etc/rc.conf file and started or stopped using the service command. This works about the same as the service command on FreeBSD and most non-systemd Linux distributions.</p>
36158 </blockquote>
36159 <ul>
36160 <li>Hardware</li>
36161 </ul>
36162 <blockquote>
36163 <p>I found that, when logged into the twm environment, NetBSD used about 130MB of RAM. This included kernel memory and all active memory. A fresh, Full install used up 1.5GB of disk space. I generally found NetBSD ran well in both VirtualBox and on my desktop computer. The system was quick and stable. I did have trouble getting a higher screen resolution in both environments. NetBSD does not offer VirtualBox add-on modules. There are NetBSD patches for VirtualBox out there, but there is some manual work involved in getting them working. When running on my desktop computer I think the resolution issue was one of finding and dealing with the correct video driver. Screen resolution aside, NetBSD performed well and detected all my hardware.</p>
36164 </blockquote>
36165 <ul>
36166 <li>Personal projects</li>
36167 </ul>
36168 <blockquote>
36169 <p>Since NetBSD provides users with a small, core operating system without many utilities if we want to use NetBSD for something we need to have a project in mind. I had four mini projects in mind I wanted to try this week: install a desktop environment, enable file sharing for computers on the local network, test multimedia (video, audio and YouTube capabilities), and set up a ZFS volume for storage.<br>
36170 I began with the desktop. Specifically, I followed the same tutorial I used three years ago to try to set up the Xfce desktop. While Xfce and its supporting services installed, I was unable to get a working desktop out of the experience. I could get the Xfce window manager working, but not the entire session. This tutorial worked beautifully with NetBSD 7.0, but not with version 8.0. Undeterred, I switched gears and installed Fluxbox instead. This gave me a slightly more powerful graphical environment than what I had before with twm while maintaining performance. Fluxbox ran without any problems, though its application menu was automatically populated with many programs which were not actually installed.<br>
36171 Next, I tried installing a few multimedia applications to play audio and video files. Here I ran into a couple of interesting problems. I found the music players I installed would play audio files, but the audio was quite slow. It always sounded like a cassette tape dragging. When I tried to play a video, the entire graphical session would crash, taking me back to the login screen. When I installed Firefox, I found I could play YouTube videos, and the video played smoothly, but again the audio was unusually slow.<br>
36172 I set up two methods of sharing files on the local network: OpenSSH and FTP. NetBSD basically gives us OpenSSH for free at install time and I added an FTP server through the pkgin package manager which worked beautifully with its default configuration.<br>
36173 I experimented with ZFS support a little, just enough to confirm I could create and access ZFS volumes. ZFS seems to work on NetBSD just as well, and with the same basic features, as it does on FreeBSD and mainstream Linux distributions. I think this is a good feature for the portable operating system to have since it means we can stick NetBSD on nearly any networked computer and use it as a NAS.</p>
36174 </blockquote>
36175 <ul>
36176 <li>Conclusions</li>
36177 </ul>
36178 <blockquote>
36179 <p>NetBSD, like its close cousins (FreeBSD and OpenBSD) does not do a lot of hand holding or automation. It offers a foundation that will run on most CPUs and we can choose to build on that foundation. I mention this because, on its own, NetBSD does not do much. If we want to get something out of it, we need to be willing to build on its foundation - we need a project. This is important to keep in mind as I think going into NetBSD and thinking, “Oh I’ll just explore around and expand on this as I go,” will likely lead to disappointment. I recommend figuring out what you want to do before installing NetBSD and making sure the required tools are available in the operating system’s repositories.<br>
36180 Some of the projects I embarked on this week (using ZFS and setting up file sharing) worked well. Others, like getting multimedia support and a full-featured desktop, did not. Given more time, I’m sure I could find a suitable desktop to install (along with the required documentation to get it and its services running), or customize one based on one of the available window managers. However, any full featured desktop is going to require some manual work. Media support was not great. The right players and codecs were there, but I was not able to get audio to play smoothly.<br>
36181 My main complaint with NetBSD relates to my struggle to get some features working to my satisfaction: the documentation is scattered. There are four different sections of the project’s website for documentation (FAQs, The Guide, manual pages and the wiki). Whatever we are looking for is likely to be in one of those, but which one? Or, just as likely, the tutorial we want is not there, but is on a forum or blog somewhere. I found that the documentation provided was often thin, more of a quick reference to remind people how something works rather than a full explanation.<br>
36182 As an example, I found a couple of documents relating to setting up a firewall. One dealt with networking NetBSD on a LAN, another explored IPv6 support, but neither gave an overview on syntax or a basic guide to blocking all but one or two ports. It seemed like that information should already be known, or picked up elsewhere.<br>
36183 Newcomers are likely to be a bit confused by software management guides for the same reason. Some pages refer to using a tool called pkg_add, others use pkgsrc and its make utility, others mention pkgin. Ultimately, these tools each give approximately the same result, but work differently and yet are mentioned almost interchangeably. I have used NetBSD before a few times and could stumble through these guides, but new users are likely to come away confused.<br>
36184 One quirk of NetBSD, which may be a security feature or an inconvenience, depending on one’s point of view, is super user programs are not included in regular users’ paths. This means we need to change our path if we want to be able to run programs typically used by root. For example, shutdown and mount are not in regular users’ paths by default. This made checking some things tricky for me.<br>
36185 Ultimately though, NetBSD is not famous for its convenience or features so much as its flexibility. The operating system will run on virtually any processor and should work almost identically across multiple platforms. That gives NetBSD users a good deal of consistency across a range of hardware and the chance to experiment with a member of the Unix family on hardware that might not be compatible with Linux or the other BSDs.</p>
36186 </blockquote>
36187 <hr>
36188 <p>###<a href="https://tech.mangot.com/blog/2018/11/08/showing-a-gigabit-openbsd-firewall-some-monitoring-love/">Showing a Gigabit OpenBSD Firewall Some Monitoring Love</a></p>
36189 <blockquote>
36190 <p>I have a pretty long history of running my home servers or firewalls on “exotic” hardware. At first, it was Sun Microsystem hardware, then it moved to the excellent Soekris line, with some cool single board computers thrown in the mix. Recently I’ve been running OpenBSD Octeon on the Ubiquiti Edge Router Lite, an amazing little piece of kit at an amazing price point.</p>
36191 </blockquote>
36192 <ul>
36193 <li>Upgrade Time!</li>
36194 </ul>
36195 <blockquote>
36196 <p>This setup has served me for some time and I’ve been extremely happy with it. But, in the #firstworldproblems category, I recently upgraded the household to the amazing Gigabit fibre offering from Sonic. A great problem to have, but also too much of a problem for the little Edge Router Lite (ERL).<br>
36197 The way the OpenBSD PF firewall works, it’s only able to process packets on a single core. Not a problem for the dual-core 500 MHz ERL when you’re pushing under ~200 Mbps, but more of a problem when you’re trying to push 1000 Mbps.<br>
36198 I needed something that was faster on a per core basis but still satisfied my usual firewall requirements. Loosely:</p>
36199 </blockquote>
36200 <ul>
36201 <li>small form factor</li>
36202 <li>fan-less</li>
36203 <li>multiple Intel Ethernet ports (good driver support)</li>
36204 <li>low power consumption</li>
36205 <li>not your regular off-the-shelf kit</li>
36206 <li>relatively inexpensive</li>
36207 </ul>
36208 <blockquote>
36209 <p>After evaluating a LOT of different options I settled on the Protectli Vault FW2B. With the specs required for the firewall (2 GB RAM and 8 GB drive) it comes in at a mere $239 USD! Installation of OpenBSD 6.4 was pretty straight forward, with the only problem I had was Etcher did not want to recognize the ‘.fs’ extension on the install image as bootable image. I quickly fixed this with good old Unix dd(1) on the Mac. Everything else was incredibly smooth.<br>
36210 After loading the same rulesets on my new install, the results were fantastic!</p>
36211 </blockquote>
36212 <ul>
36213 <li>Monitoring</li>
36214 </ul>
36215 <blockquote>
36216 <p>Now that the machine was up and running (and fast!), I wanted to know what it was doing. Over the years, I’ve always relied on the venerable pfstat software to give me an overview of my traffic, blocked packets, etc. It looks like this:<br>
36217 As you can see it’s based on RRDtool, which was simply incredible in its time. Having worked on monitoring almost continuously for almost the past decade, I wanted to see if we could re-implement the same functionality using more modern tools as RRDtool and pfstat definitely have their limitations. This might be an opportunity to learn some new things as well.<br>
36218 I came across pf-graphite which seemed to be a great start! He had everything I needed and I added a few more stats from the detailed interface statistics and the ability for the code to exit for running from cron(8), which is a bit more OpenBSD style. I added code for sending to some SaaS metrics platforms but ultimately stuck with straight Graphite. One important thing to note was to use the Graphite pickle port (2004) instead of the default plaintext port for submission. Also you will need to set a loginterface in your ‘pf.conf’.<br>
36219 A bit of tweaking with Graphite and Grafana, and I had a pretty darn good recreation of my original PF stats dashboard!<br>
36220 As you can see it’s based on RRDtool, which was simply incredible in its time. Having worked on monitoring almost continuously for almost the past decade, I wanted to see if we could re-implement the same functionality using more modern tools as RRDtool and pfstat definitely have their limitations. This might be an opportunity to learn some new things as well.<br>
36221 I came across pf-graphite which seemed to be a great start! He had everything I needed and I added a few more stats from the detailed interface statistics and the ability for the code to exit for running from cron(8), which is a bit more OpenBSD style. I added code for sending to some SaaS metrics platforms but ultimately stuck with straight Graphite. One important thing to note was to use the Graphite pickle port (2004) instead of the default plaintext port for submission. Also you will need to set a loginterface in your ‘pf.conf’.<br>
36222 A bit of tweaking with Graphite and Grafana, and I had a pretty darn good recreation of my original PF stats dashboard!</p>
36223 </blockquote>
36224 <p>###<a href="https://twobithistory.org/2018/11/12/cat.html">The Source History of Cat</a></p>
36225 <blockquote>
36226 <p>I once had a debate with members of my extended family about whether a computer science degree is a degree worth pursuing. I was in college at the time and trying to decide whether I should major in computer science. My aunt and a cousin of mine believed that I shouldn’t. They conceded that knowing how to program is of course a useful and lucrative thing, but they argued that the field of computer science advances so quickly that everything I learned would almost immediately be outdated. Better to pick up programming on the side and instead major in a field like economics or physics where the basic principles would be applicable throughout my lifetime.<br>
36227 I knew that my aunt and cousin were wrong and decided to major in computer science. (Sorry, aunt and cousin!) It is easy to see why the average person might believe that a field like computer science, or a profession like software engineering, completely reinvents itself every few years. We had personal computers, then the web, then phones, then machine learning… technology is always changing, so surely all the underlying principles and techniques change too. Of course, the amazing thing is how little actually changes. Most people, I’m sure, would be stunned to know just how old some of the important software on their computer really is. I’m not talking about flashy application software, admittedly—my copy of Firefox, the program I probably use the most on my computer, is not even two weeks old. But, if you pull up the manual page for something like grep, you will see that it has not been updated since 2010 (at least on MacOS). And the original version of grep was written in 1974, which in the computing world was back when dinosaurs roamed Silicon Valley. People (and programs) still depend on grep every day.<br>
36228 My aunt and cousin thought of computer technology as a series of increasingly elaborate sand castles supplanting one another after each high tide clears the beach. The reality, at least in many areas, is that we steadily accumulate programs that have solved problems. We might have to occasionally modify these programs to avoid software rot, but otherwise they can be left alone. grep is a simple program that solves a still-relevant problem, so it survives. Most application programming is done at a very high level, atop a pyramid of much older code solving much older problems. The ideas and concepts of 30 or 40 years ago, far from being obsolete today, have in many cases been embodied in software that you can still find installed on your laptop.<br>
36229 I thought it would be interesting to take a look at one such old program and see how much it had changed since it was first written. cat is maybe the simplest of all the Unix utilities, so I’m going to use it as my example. Ken Thompson wrote the original implementation of cat in 1969. If I were to tell somebody that I have a program on my computer from 1969, would that be accurate? How much has cat really evolved over the decades? How old is the software on our computers?<br>
36230 Thanks to repositories like this one, we can see exactly how cat has evolved since 1969. I’m going to focus on implementations of cat that are ancestors of the implementation I have on my Macbook. You will see, as we trace cat from the first versions of Unix down to the cat in MacOS today, that the program has been rewritten more times than you might expect—but it ultimately works more or less the same way it did fifty years ago.</p>
36231 </blockquote>
36232 <ul>
36233 <li>Research Unix</li>
36234 </ul>
36235 <blockquote>
36236 <p>Ken Thompson and Dennis Ritchie began writing Unix on a PDP 7. This was in 1969, before C, so all of the early Unix software was written in PDP 7 assembly. The exact flavor of assembly they used was unique to Unix, since Ken Thompson wrote his own assembler that added some features on top of the assembler provided by DEC, the PDP 7’s manufacturer. Thompson’s changes are all documented in the original Unix Programmer’s Manual under the entry for as, the assembler.<br>
36237 The first implementation of cat is thus in PDP 7 assembly. I’ve added comments that try to explain what each instruction is doing, but the program is still difficult to follow unless you understand some of the extensions Thompson made while writing his assembler. There are two important ones. First, the ; character can be used to separate multiple statements on the same line. It appears that this was used most often to put system call arguments on the same line as the sys instruction. Second, Thompson added support for “temporary labels” using the digits 0 through 9. These are labels that can be reused throughout a program, thus being, according to the Unix Programmer’s Manual, “less taxing both on the imagination of the programmer and on the symbol space of the assembler.” From any given instruction, you can refer to the next or most recent temporary label n using nf and nb respectively. For example, if you have some code in a block labeled 1:, you can jump back to that block from further down by using the instruction jmp 1b. (But you cannot jump forward to that block from above without using jmp 1f instead.)<br>
36238 The most interesting thing about this first version of cat is that it contains two names we should recognize. There is a block of instructions labeled getc and a block of instructions labeled putc, demonstrating that these names are older than the C standard library. The first version of cat actually contained implementations of both functions. The implementations buffered input so that reads and writes were not done a character at a time.<br>
36239 The first version of cat did not last long. Ken Thompson and Dennis Ritchie were able to persuade Bell Labs to buy them a PDP 11 so that they could continue to expand and improve Unix. The PDP 11 had a different instruction set, so cat had to be rewritten. I’ve marked up this second version of cat with comments as well. It uses new assembler mnemonics for the new instruction set and takes advantage of the PDP 11’s various addressing modes. (If you are confused by the parentheses and dollar signs in the source code, those are used to indicate different addressing modes.) But it also leverages the ; character and temporary labels just like the first version of cat, meaning that these features must have been retained when as was adapted for the PDP 11.<br>
36240 The second version of cat is significantly simpler than the first. It is also more “Unix-y” in that it doesn’t just expect a list of filename arguments—it will, when given no arguments, read from stdin, which is what cat still does today. You can also give this version of cat an argument of - to indicate that it should read from stdin.<br>
36241 In 1973, in preparation for the release of the Fourth Edition of Unix, much of Unix was rewritten in C. But cat does not seem to have been rewritten in C until a while after that. The first C implementation of cat only shows up in the Seventh Edition of Unix. This implementation is really fun to look through because it is so simple. Of all the implementations to follow, this one most resembles the idealized cat used as a pedagogic demonstration in K&amp;R C. The heart of the program is the classic two-liner:</p>
36242 </blockquote>
36243 <p><code>while ((c = getc(fi)) != EOF)</code><br>
36244 <code>putchar(c);</code></p>
36245 <blockquote>
36246 <p>There is of course quite a bit more code than that, but the extra code is mostly there to ensure that you aren’t reading and writing to the same file. The other interesting thing to note is that this implementation of cat only recognized one flag, -u. The -u flag could be used to avoid buffering input and output, which cat would otherwise do in blocks of 512 bytes.</p>
36247 </blockquote>
36248 <ul>
36249 <li>BSD</li>
36250 </ul>
36251 <blockquote>
36252 <p>After the Seventh Edition, Unix spawned all sorts of derivatives and offshoots. MacOS is built on top of Darwin, which in turn is derived from the Berkeley Software Distribution (BSD), so BSD is the Unix offshoot we are most interested in. BSD was originally just a collection of useful programs and add-ons for Unix, but it eventually became a complete operating system. BSD seems to have relied on the original cat implementation up until the fourth BSD release, known as 4BSD, when support was added for a whole slew of new flags. The 4BSD implementation of cat is clearly derived from the original implementation, though it adds a new function to implement the behavior triggered by the new flags. The naming conventions already used in the file were adhered to—the fflg variable, used to mark whether input was being read from stdin or a file, was joined by nflg, bflg, vflg, sflg, eflg, and tflg, all there to record whether or not each new flag was supplied in the invocation of the program. These were the last command-line flags added to cat; the man page for cat today lists these flags and no others, at least on Mac OS. 4BSD was released in 1980, so this set of flags is 38 years old.<br>
36253 cat would be entirely rewritten a final time for BSD Net/2, which was, among other things, an attempt to avoid licensing issues by replacing all AT&amp;T Unix-derived code with new code. BSD Net/2 was released in 1991. This final rewrite of cat was done by Kevin Fall, who graduated from Berkeley in 1988 and spent the next year working as a staff member at the Computer Systems Research Group (CSRG). Fall told me that a list of Unix utilities still implemented using AT&amp;T code was put up on a wall at CSRG and staff were told to pick the utilities they wanted to reimplement. Fall picked cat and mknod. The cat implementation bundled with MacOS today is built from a source file that still bears his name at the very top. His version of cat, even though it is a relatively trivial program, is today used by millions.<br>
36254 Fall’s original implementation of cat is much longer than anything we have seen so far. Other than support for a -? help flag, it adds nothing in the way of new functionality. Conceptually, it is very similar to the 4BSD implementation. It is only longer because Fall separates the implementation into a “raw” mode and a “cooked” mode. The “raw” mode is cat classic; it prints a file character for character. The “cooked” mode is cat with all the 4BSD command-line options. The distinction makes sense but it also pads out the implementation so that it seems more complex at first glance than it actually is. There is also a fancy error handling function at the end of the file that further adds to its length.</p>
36255 </blockquote>
36256 <ul>
36257 <li>MacOS</li>
36258 </ul>
36259 <blockquote>
36260 <p>The very first release of Mac OS X thus includes an implementation of cat pulled from the NetBSD project. So the first Mac OS X implementation of cat is Kevin Fall’s cat. The only thing that had changed over the intervening decade was that Fall’s error-handling function err() was removed and the err() function made available by err.h was used in its place. err.h is a BSD extension to the C standard library.<br>
36261 The NetBSD implementation of cat was later swapped out for FreeBSD’s implementation of cat. According to Wikipedia, Apple began using FreeBSD instead of NetBSD in Mac OS X 10.3 (Panther). But the Mac OS X implementation of cat, according to Apple’s own open source releases, was not replaced until Mac OS X 10.5 (Leopard) was released in 2007. The FreeBSD implementation that Apple swapped in for the Leopard release is the same implementation on Apple computers today. As of 2018, the implementation has not been updated or changed at all since 2007.<br>
36262 So the Mac OS cat is old. As it happens, it is actually two years older than its 2007 appearance in MacOS X would suggest. This 2005 change, which is visible in FreeBSD’s Github mirror, was the last change made to FreeBSD’s cat before Apple pulled it into Mac OS X. So the Mac OS X cat implementation, which has not been kept in sync with FreeBSD’s cat implementation, is officially 13 years old. There’s a larger debate to be had about how much software can change before it really counts as the same software; in this case, the source file has not changed at all since 2005.<br>
36263 The cat implementation used by Mac OS today is not that different from the implementation that Fall wrote for the 1991 BSD Net/2 release. The biggest difference is that a whole new function was added to provide Unix domain socket support. At some point, a FreeBSD developer also seems to have decided that Fall’s rawargs() function and cookargs() should be combined into a single function called scanfiles(). Otherwise, the heart of the program is still Fall’s code.<br>
36264 I asked Fall how he felt about having written the cat implementation now used by millions of Apple users, either directly or indirectly through some program that relies on cat being present. Fall, who is now a consultant and a co-author of the most recent editions of TCP/IP Illustrated, says that he is surprised when people get such a thrill out of learning about his work on cat. Fall has had a long career in computing and has worked on many high-profile projects, but it seems that many people still get most excited about the six months of work he put into rewriting cat in 1989.</p>
36265 </blockquote>
36266 <ul>
36267 <li>The Hundred-Year-Old Program</li>
36268 </ul>
36269 <blockquote>
36270 <p>In the grand scheme of things, computers are not an old invention. We’re used to hundred-year-old photographs or even hundred-year-old camera footage. But computer programs are in a different category—they’re high-tech and new. At least, they are now. As the computing industry matures, will we someday find ourselves using programs that approach the hundred-year-old mark?<br>
36271 Computer hardware will presumably change enough that we won’t be able to take an executable compiled today and run it on hardware a century from now. Perhaps advances in programming language design will also mean that nobody will understand C in the future and cat will have long since been rewritten in another language. (Though C has already been around for fifty years, and it doesn’t look like it is about to be replaced any time soon.) But barring all that, why not just keep using the cat we have forever?<br>
36272 I think the history of cat shows that some ideas in computer science are in fact very durable. Indeed, with cat, both the idea and the program itself are old. It may not be accurate to say that the cat on my computer is from 1969. But I could make a case for saying that the cat on my computer is from 1989, when Fall wrote his implementation of cat. Lots of other software is just as ancient. So maybe we shouldn’t think of computer science and software development primarily as fields that disrupt the status quo and invent new things. Our computer systems are built out of historical artifacts. At some point, we may all spend more time trying to understand and maintain those historical artifacts than we spend writing new code.</p>
36273 </blockquote>
36274 <hr>
36275 <p>##News Roundup<br>
36276 <a href="https://www.bleepingcomputer.com/news/security/trivial-bug-in-xorg-gives-root-permission-on-linux-and-bsd-systems/">Trivial Bug in X.Org Gives Root Permission on Linux and BSD Systems</a></p>
36277 <blockquote>
36278 <p>A vulnerability that is trivial to exploit allows privilege escalation to root level on Linux and BSD distributions using <a href="http://X.Org">X.Org</a> server, the open source implementation of the X Window System that offers the graphical environment.<br>
36279 The flaw is now identified as CVE-2018-14665 (credited to security researcher Narendra Shinde). It has been present in xorg-server for two years, since version 1.19.0 and is exploitable by a limited user as long as the X server runs with elevated permissions.</p>
36280 </blockquote>
36281 <ul>
36282 <li>Privilege escalation and arbitrary file overwrite</li>
36283 </ul>
36284 <blockquote>
36285 <p>An advisory on Thursday describes the problem as an “incorrect command-line parameter validation” that also allows an attacker to overwrite arbitrary files.<br>
36286 Privilege escalation can be accomplished via the -modulepath argument by setting an insecure path to modules loaded by the <a href="http://X.org">X.org</a> server. Arbitrary file overwrite is possible through the -logfile argument, because of improper verification when parsing the option.</p>
36287 </blockquote>
36288 <ul>
36289 <li>Bug could have been avoided in OpenBSD 6.4</li>
36290 </ul>
36291 <blockquote>
36292 <p>OpenBSD, the free and open-source operating system with a strong focus on security, uses xorg. On October 18, the project released version 6.4 of the OS, affected by CVE-2018-14665. This could have been avoided, though.<br>
36293 Theo de Raadt, founder and leader of the OpenBSD project, says that X maintainer knew about the problem since at least October 11. For some reason, the OpenBSD developers received the message one hour before the public announcement this Thursday, a week after their new OS release.<br>
36294 “As yet we don’t have answers about why our X maintainer (on the X security team) and his team provided information to other projects (some who don’t even ship with this new X server) but chose to not give us a heads-up which could have saved all the new 6.4 users a lot of grief,” Raadt says.<br>
36295 Had OpenBSD developers known about the bug before the release, they could have taken steps to mitigate the problem or delay the launch for a week or two.<br>
36296 To remedy the problem, the OpenBSD project provides a source code patch, which requires compiling and rebuilding the X server.<br>
36297 As a temporary solution, users can disable the Xorg binary by running the following command:</p>
36298 </blockquote>
36299 <p><code>chmod u-s /usr/X11R6/bin/Xorg</code></p>
36300 <ul>
36301 <li>Trivial exploitation</li>
36302 </ul>
36303 <blockquote>
36304 <p>CVE-2018-14665 does not help compromise systems, but it is useful in the following stages of an attack.<br>
36305 Leveraging it after gaining access to a vulnerable machine is fairly easy. Matthew Hickey, co-founder, and head of Hacker House security outfit created and published an exploit, saying that it can be triggered from a remote SSH session.<br>
36306 Three hours after the public announcement of the security gap, Daemon Security CEO Michael Shirk replied with one line that overwrote shadow files on the system. Hickey did one better and fit the entire local privilege escalation exploit in one line.<br>
36307 Apart from OpenBSD, other operating systems affected by the bug include Debian and Ubuntu, Fedora and its downstream distro Red Hat Enterprise Linux along with its community-supported counterpart CentOS.</p>
36308 </blockquote>
36309 <hr>
36310 <p>###<a href="https://blog.gsora.xyz/openbsd-on-the-desktop-some-thoughts/">OpenBSD on the Desktop: some thoughts</a></p>
36311 <blockquote>
36312 <p>I’ve been using OpenBSD on my ThinkPad X230 for some weeks now, and the experience has been peculiar in some ways.<br>
36313 The OS itself in my opinion is not ready for widespread desktop usage, and the development team is not trying to push it in the throat of anybody who wants a Windows or macOS alternative.<br>
36314 You need to understand a little bit of how *NIX systems work, because you’ll use CLI more than UI.<br>
36315 That’s not necessarily bad, and I’m sure I learned a trick or two that could translate easily to Linux or macOS.<br>
36316 Their development process is purely based on developers that love to contribute and hack around, just because it’s fun.<br>
36317 Even the mailing list is a cool place to hang on!<br>
36318 Code correctness and security are a must, nothing gets committed if it doesn’t get reviewed thoroughly first - nowadays the first two properties should be enforced in every major operating system.<br>
36319 I like the idea of a platform that continually evolves.<br>
36320 pledge(2) and unveil(2) are the proof that with a little effort, you can secure existing software better than ever.<br>
36321 I like the “sensible defaults” approach, having an OS ready to be used - UI included if you selected it during the setup process - is great.<br>
36322 Just install a browser and you’re ready to go.<br>
36323 Manual pages on OpenBSD are real manuals, not an extension of the “–help” command found in most CLI softwares.<br>
36324 They help you understand inner workings of the operating system, no internet connection needed.<br>
36325 There are some trade-offs, too.<br>
36326 Performance is not first-class, mostly because of all the security mitigations and checks done at runtime3.<br>
36327 I write Go code in neovim, and sometimes you can feel a slight slowdown when you’re compiling and editing multiple files at the same time, but usually I can’t notice any meaningful difference.<br>
36328 Browsers are a different matter though, you can definitely feel something differs from the experience you can have on mainstream operating systems.<br>
36329 But again, trade-offs.<br>
36330 To use OpenBSD on the desktop you must be ready to sacrifice some of the goodies of mainstream OSes, but if you’re searching for a zen place to do your computing stuff, it’s the best you can get right now.</p>
36331 </blockquote>
36332 <hr>
36333 <p>###<a href="https://distrowatch.com/weekly.php?issue=20180813#nomadbsd">Review: NomadBSD 1.1</a></p>
36334 <blockquote>
36335 <p>One of the most recent additions to the DistroWatch database is NomadBSD. According to the NomadBSD website: “NomadBSD is a 64-bit live system for USB flash drives, based on FreeBSD. Together with automatic hardware detection and setup, it is configured to be used as a desktop system that works out of the box, but can also be used for data recovery.”<br>
36336 The latest release of NomadBSD (or simply “Nomad”, as I will refer to the project in this review) is version 1.1. It is based on FreeBSD 11.2 and is offered in two builds, one for generic personal computers and one for Macbooks. The release announcement mentions version 1.1 offers improved video driver support for Intel and AMD cards. The operating system ships with Octopkg for graphical package management and the system should automatically detect, and work with, VirtualBox environments.<br>
36337 Nomad 1.1 is available as a 2GB download, which we then decompress to produce a 4GB file which can be written to a USB thumb drive. There is no optical media build of Nomad as it is designed to be run entirely from the USB drive, and write data persistently to the drive, rather than simply being installed from the USB media.</p>
36338 </blockquote>
36339 <ul>
36340 <li>Initial setup</li>
36341 </ul>
36342 <blockquote>
36343 <p>Booting from the USB drive brings up a series of text-based menus which ask us to configure key parts of the operating system. We are asked to select our time zone, keyboard layout, keyboard model, keyboard mapping and our preferred language. While we can select options from a list, the options tend to be short and cryptic. Rather than “English (US)”, for example, we might be given “enUS”. We are also asked to create a password for the root user account and another one for a regular user which is called “nomad”. We can then select which shell nomad will use. The default is zsh, but there are plenty of other options, including csh and bash. We have the option of encrypting our user’s home directory.<br>
36344 I feel it is important to point out that these settings, and nomad’s home directory, are stored on the USB drive. The options and settings we select will not be saved to our local hard drive and our configuration choices will not affect other operating systems already installed on our computer. At the end, the configuration wizard asks if we want to run the BSDstats service. This option is not explained at all, but it contacts BSDstats to provide some basic statistics on BSD users.<br>
36345 The system then takes a few minutes to apply its changes to the USB drive and automatically reboots the computer. While running the initial setup wizard, I had nearly identical experiences when running Nomad on a physical computer and running the operating system in a VirtualBox virtual machine. However, after the initial setup process was over, I had quite different experiences depending on the environment so I want to divide my experiences into two different sections.</p>
36346 </blockquote>
36347 <ul>
36348 <li>Physical desktop computer</li>
36349 </ul>
36350 <blockquote>
36351 <p>At first, Nomad failed to boot on my desktop computer. From the operating system’s boot loader, I enabled Safe Mode which allowed Nomad to boot. At that point, Nomad was able to start up, but would only display a text console. The desktop environment failed to start when running in Safe Mode.<br>
36352 Networking was also disabled by default and I had to enable a network interface and DHCP address assignment to connect to the Internet. Instructions for enabling networking can be found in FreeBSD’s Handbook. Once we are on-line we can use the pkg command line package manager to install and update software. Had the desktop environment worked then the Octopkg graphical package manager would also be available to make browsing and installing software a point-n-click experience.<br>
36353 Had I been able to run the desktop for prolonged amounts of time I could have made use of such pre-installed items as the Firefox web browser, the VLC media player, LibreOffice and Thunderbird. Nomad offers a fairly small collection of desktop applications, but what is there is mostly popular, capable software.<br>
36354 When running the operating system I noted that, with one user logged in, Nomad only runs 15 processes with the default configuration. These processes require less than 100MB of RAM, and the whole system fits comfortably on a 4GB USB drive.</p>
36355 </blockquote>
36356 <ul>
36357 <li>Conclusions</li>
36358 </ul>
36359 <blockquote>
36360 <p>Ultimately using Nomad was not a practical option for me. The operating system did not work well with my hardware, or the virtual environment. In the virtual machine, Nomad crashed consistently after just a few minutes of uptime. On the desktop computer, I could not get a desktop environment to run. The command line tools worked well, and the system performed tasks very quickly, but a command line only environment is not well suited to my workflow.<br>
36361 I like the idea of what NomadBSD is offering. There are not many live desktop flavours of FreeBSD, apart from GhostBSD. It was nice to see developers trying to make a FreeBSD-based, plug-and-go operating system that would offer a desktop and persistent storage. I suspect the system would work and perform its stated functions on different hardware, but in my case my experiment was necessarily short lived.</p>
36362 </blockquote>
36363 <hr>
36364 <p>##Beastie Bits</p>
36365 <ul>
36366 <li><a href="https://oshogbo.vexillium.org/blog/50/">FreeBSD lockless algorithm - seq</a></li>
36367 <li><a href="https://github.com/bob-beck/libtls/blob/master/TUTORIAL.md">Happy Bob’s Libtls tutorial</a></li>
36368 <li><a href="https://chown.me/blog/locking-openbsd-when-sleeping.html">Locking OpenBSD when it’s sleeping</a></li>
36369 <li><a href="https://www.geoghegan.ca/serviio.html">iio - The OpenBSD Way</a></li>
36370 <li><a href="https://bsdboy.ml/blog/installing-hugo-and-hosting-on-openbsd.html">Installing Hugo and Hosting Website on OpenBSD Server</a></li>
36371 <li><a href="http://blog.osorio.me/post.php?idpost=1">Fosdem 2019 reminder: BSD devroom CfP</a></li>
36372 <li><a href="https://www.youtube.com/watch?v=4gOoPxGKKjA&amp;feature=youtu.be">OpenBGPD, gotta go fast! - Claudio Jeker</a></li>
36373 <li><a href="http://project-trident.org/post/2018-11-10rc3-available/">Project Trident RC3 available</a></li>
36374 <li><a href="https://lists.freebsd.org/pipermail/freebsd-announce/2018-November/001849.html">FreeBSD 10.4 EOL</a></li>
36375 <li><a href="https://bsd.network/@ephemeris/101073578346815313">Play “Crazy Train” through your APU2 speaker</a></li>
36376 </ul>
36377 <hr>
36378 <p>##Feedback/Questions</p>
36379 <ul>
36380 <li>Tobias - <a href="http://dpaste.com/174WGEY#wrap">Satisfying my storage hunger and wallet pains</a></li>
36381 <li>Lasse - <a href="http://dpaste.com/1QBMH73">Question regarding FreeBSD backups</a>
36382 <ul>
36383 <li><a href="https://twitter.com/dlangille">https://twitter.com/dlangille</a></li>
36384 <li><a href="https://dan.langille.org/">https://dan.langille.org/</a></li>
36385 </ul>
36386 </li>
36387 </ul>
36388 <hr>
36389 <ul>
36390 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
36391 </ul>
36392 <hr>
36393 </description>
36394 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, cat, Firewall, x.org, vulnerability, nomadbsd, OpenBGPD, Hugo, Fosdem, iio</itunes:keywords>
36395 <content:encoded>
36396 <![CDATA[<p>Thoughts on NetBSD 8.0, Monitoring love for a GigaBit OpenBSD firewall, cat’s source history, X.org root permission bug, thoughts on OpenBSD as a desktop, and NomadBSD review.</p>
36397
36398 <p>##Headlines<br>
36399 ###<a href="https://distrowatch.com/weekly.php?issue=20181119#netbsd">Some thoughts on NetBSD 8.0</a></p>
36400
36401 <blockquote>
36402 <p>NetBSD is a highly portable operating system which can be run on dozens of different hardware architectures. The operating system’s clean and minimal design allow it to be run in all sorts of environments, ranging from embedded devices, to servers, to workstations. While the base operating system is minimal, NetBSD users have access to a large repository of binary packages and a ports tree which I will touch upon later.<br>
36403 I last tried NetBSD 7.0 about three years ago and decided it was time to test drive the operating system again. In the past three years NetBSD has introduced a few new features, many of them security enhancements. For example, NetBSD now supports write exclusive-or execute (W^X) protection and address space layout randomization (ASLR) to protect programs against common attacks. NetBSD 8.0 also includes USB3 support and the ability to work with ZFS storage volumes.</p>
36404 </blockquote>
36405
36406 <ul>
36407 <li>Early impressions</li>
36408 </ul>
36409
36410 <blockquote>
36411 <p>Since I had set up NetBSD with a Full install and enabled xdm during the setup process, the operating system booted to a graphical login screen. From here we can sign into our account. The login screen does not provide options to shut down or restart the computer. Logging into our account brings up the twm window manager and provides a virtual terminal, courtesy of xterm. There is a panel that provides a method for logging out of the window manager. The twm environment is sparse, fast and devoid of distractions.</p>
36412 </blockquote>
36413
36414 <ul>
36415 <li>Software management</li>
36416 </ul>
36417
36418 <blockquote>
36419 <p>NetBSD ships with a fairly standard collection of command line tools and manual pages, but otherwise it is a fairly minimal platform. If we want to run network services, have access to a web browser, or use a word processor we are going to need to install more software. There are two main approaches to installing new packages. The first, and easier approach, is to use the pkgin package manager. The pkgin utility works much the same way APT or DNF work in the Linux world, or as pkg works on FreeBSD. We can search for software by name, install or remove items. I found pkgin worked well, though its output can be terse. My only complaint with pkgin is that it does not handle “close enough” package names. For example, if I tried to run “pkgin install vlc” or “pkgin install firefox” I would quickly be told these items did not exist. But a more forgiving package manager will realize items like vlc2 or firefox45 are available and offer to install those.<br>
36420 The pkgin tool installs new programs in the /usr/pkg/bin directory. Depending on your configuration and shell, this location may not be in your user’s path, and it will be helpful to adjust your PATH variable accordingly.<br>
36421 The other common approach to acquiring new software is to use the pkgsrc framework. I have talked about using pkgsrc before and I will skip the details. Basically, we can download a collection of recipes for building popular open source software and run a command to download and install these items from their source code. Using pkgsrc basically gives us the same software as using pkgin would, but with some added flexibility on the options we use.<br>
36422 Once new software has been installed, it may need to be enabled and activated, particularly if it uses (or is) a background service. New items can be enabled in the /etc/rc.conf file and started or stopped using the service command. This works about the same as the service command on FreeBSD and most non-systemd Linux distributions.</p>
36423 </blockquote>
36424
36425 <ul>
36426 <li>Hardware</li>
36427 </ul>
36428
36429 <blockquote>
36430 <p>I found that, when logged into the twm environment, NetBSD used about 130MB of RAM. This included kernel memory and all active memory. A fresh, Full install used up 1.5GB of disk space. I generally found NetBSD ran well in both VirtualBox and on my desktop computer. The system was quick and stable. I did have trouble getting a higher screen resolution in both environments. NetBSD does not offer VirtualBox add-on modules. There are NetBSD patches for VirtualBox out there, but there is some manual work involved in getting them working. When running on my desktop computer I think the resolution issue was one of finding and dealing with the correct video driver. Screen resolution aside, NetBSD performed well and detected all my hardware.</p>
36431 </blockquote>
36432
36433 <ul>
36434 <li>Personal projects</li>
36435 </ul>
36436
36437 <blockquote>
36438 <p>Since NetBSD provides users with a small, core operating system without many utilities if we want to use NetBSD for something we need to have a project in mind. I had four mini projects in mind I wanted to try this week: install a desktop environment, enable file sharing for computers on the local network, test multimedia (video, audio and YouTube capabilities), and set up a ZFS volume for storage.<br>
36439 I began with the desktop. Specifically, I followed the same tutorial I used three years ago to try to set up the Xfce desktop. While Xfce and its supporting services installed, I was unable to get a working desktop out of the experience. I could get the Xfce window manager working, but not the entire session. This tutorial worked beautifully with NetBSD 7.0, but not with version 8.0. Undeterred, I switched gears and installed Fluxbox instead. This gave me a slightly more powerful graphical environment than what I had before with twm while maintaining performance. Fluxbox ran without any problems, though its application menu was automatically populated with many programs which were not actually installed.<br>
36440 Next, I tried installing a few multimedia applications to play audio and video files. Here I ran into a couple of interesting problems. I found the music players I installed would play audio files, but the audio was quite slow. It always sounded like a cassette tape dragging. When I tried to play a video, the entire graphical session would crash, taking me back to the login screen. When I installed Firefox, I found I could play YouTube videos, and the video played smoothly, but again the audio was unusually slow.<br>
36441 I set up two methods of sharing files on the local network: OpenSSH and FTP. NetBSD basically gives us OpenSSH for free at install time and I added an FTP server through the pkgin package manager which worked beautifully with its default configuration.<br>
36442 I experimented with ZFS support a little, just enough to confirm I could create and access ZFS volumes. ZFS seems to work on NetBSD just as well, and with the same basic features, as it does on FreeBSD and mainstream Linux distributions. I think this is a good feature for the portable operating system to have since it means we can stick NetBSD on nearly any networked computer and use it as a NAS.</p>
36443 </blockquote>
36444
36445 <ul>
36446 <li>Conclusions</li>
36447 </ul>
36448
36449 <blockquote>
36450 <p>NetBSD, like its close cousins (FreeBSD and OpenBSD) does not do a lot of hand holding or automation. It offers a foundation that will run on most CPUs and we can choose to build on that foundation. I mention this because, on its own, NetBSD does not do much. If we want to get something out of it, we need to be willing to build on its foundation - we need a project. This is important to keep in mind as I think going into NetBSD and thinking, “Oh I’ll just explore around and expand on this as I go,” will likely lead to disappointment. I recommend figuring out what you want to do before installing NetBSD and making sure the required tools are available in the operating system’s repositories.<br>
36451 Some of the projects I embarked on this week (using ZFS and setting up file sharing) worked well. Others, like getting multimedia support and a full-featured desktop, did not. Given more time, I’m sure I could find a suitable desktop to install (along with the required documentation to get it and its services running), or customize one based on one of the available window managers. However, any full featured desktop is going to require some manual work. Media support was not great. The right players and codecs were there, but I was not able to get audio to play smoothly.<br>
36452 My main complaint with NetBSD relates to my struggle to get some features working to my satisfaction: the documentation is scattered. There are four different sections of the project’s website for documentation (FAQs, The Guide, manual pages and the wiki). Whatever we are looking for is likely to be in one of those, but which one? Or, just as likely, the tutorial we want is not there, but is on a forum or blog somewhere. I found that the documentation provided was often thin, more of a quick reference to remind people how something works rather than a full explanation.<br>
36453 As an example, I found a couple of documents relating to setting up a firewall. One dealt with networking NetBSD on a LAN, another explored IPv6 support, but neither gave an overview on syntax or a basic guide to blocking all but one or two ports. It seemed like that information should already be known, or picked up elsewhere.<br>
36454 Newcomers are likely to be a bit confused by software management guides for the same reason. Some pages refer to using a tool called pkg_add, others use pkgsrc and its make utility, others mention pkgin. Ultimately, these tools each give approximately the same result, but work differently and yet are mentioned almost interchangeably. I have used NetBSD before a few times and could stumble through these guides, but new users are likely to come away confused.<br>
36455 One quirk of NetBSD, which may be a security feature or an inconvenience, depending on one’s point of view, is super user programs are not included in regular users’ paths. This means we need to change our path if we want to be able to run programs typically used by root. For example, shutdown and mount are not in regular users’ paths by default. This made checking some things tricky for me.<br>
36456 Ultimately though, NetBSD is not famous for its convenience or features so much as its flexibility. The operating system will run on virtually any processor and should work almost identically across multiple platforms. That gives NetBSD users a good deal of consistency across a range of hardware and the chance to experiment with a member of the Unix family on hardware that might not be compatible with Linux or the other BSDs.</p>
36457 </blockquote>
36458
36459 <p><hr></p>
36460
36461 <p>###<a href="https://tech.mangot.com/blog/2018/11/08/showing-a-gigabit-openbsd-firewall-some-monitoring-love/">Showing a Gigabit OpenBSD Firewall Some Monitoring Love</a></p>
36462
36463 <blockquote>
36464 <p>I have a pretty long history of running my home servers or firewalls on “exotic” hardware. At first, it was Sun Microsystem hardware, then it moved to the excellent Soekris line, with some cool single board computers thrown in the mix. Recently I’ve been running OpenBSD Octeon on the Ubiquiti Edge Router Lite, an amazing little piece of kit at an amazing price point.</p>
36465 </blockquote>
36466
36467 <ul>
36468 <li>Upgrade Time!</li>
36469 </ul>
36470
36471 <blockquote>
36472 <p>This setup has served me for some time and I’ve been extremely happy with it. But, in the #firstworldproblems category, I recently upgraded the household to the amazing Gigabit fibre offering from Sonic. A great problem to have, but also too much of a problem for the little Edge Router Lite (ERL).<br>
36473 The way the OpenBSD PF firewall works, it’s only able to process packets on a single core. Not a problem for the dual-core 500 MHz ERL when you’re pushing under ~200 Mbps, but more of a problem when you’re trying to push 1000 Mbps.<br>
36474 I needed something that was faster on a per core basis but still satisfied my usual firewall requirements. Loosely:</p>
36475 </blockquote>
36476
36477 <ul>
36478 <li>small form factor</li>
36479 <li>fan-less</li>
36480 <li>multiple Intel Ethernet ports (good driver support)</li>
36481 <li>low power consumption</li>
36482 <li>not your regular off-the-shelf kit</li>
36483 <li>relatively inexpensive</li>
36484 </ul>
36485
36486 <blockquote>
36487 <p>After evaluating a LOT of different options I settled on the Protectli Vault FW2B. With the specs required for the firewall (2 GB RAM and 8 GB drive) it comes in at a mere $239 USD! Installation of OpenBSD 6.4 was pretty straight forward, with the only problem I had was Etcher did not want to recognize the ‘.fs’ extension on the install image as bootable image. I quickly fixed this with good old Unix dd(1) on the Mac. Everything else was incredibly smooth.<br>
36488 After loading the same rulesets on my new install, the results were fantastic!</p>
36489 </blockquote>
36490
36491 <ul>
36492 <li>Monitoring</li>
36493 </ul>
36494
36495 <blockquote>
36496 <p>Now that the machine was up and running (and fast!), I wanted to know what it was doing. Over the years, I’ve always relied on the venerable pfstat software to give me an overview of my traffic, blocked packets, etc. It looks like this:<br>
36497 As you can see it’s based on RRDtool, which was simply incredible in its time. Having worked on monitoring almost continuously for almost the past decade, I wanted to see if we could re-implement the same functionality using more modern tools as RRDtool and pfstat definitely have their limitations. This might be an opportunity to learn some new things as well.<br>
36498 I came across pf-graphite which seemed to be a great start! He had everything I needed and I added a few more stats from the detailed interface statistics and the ability for the code to exit for running from cron(8), which is a bit more OpenBSD style. I added code for sending to some SaaS metrics platforms but ultimately stuck with straight Graphite. One important thing to note was to use the Graphite pickle port (2004) instead of the default plaintext port for submission. Also you will need to set a loginterface in your ‘pf.conf’.<br>
36499 A bit of tweaking with Graphite and Grafana, and I had a pretty darn good recreation of my original PF stats dashboard!<br>
36500 As you can see it’s based on RRDtool, which was simply incredible in its time. Having worked on monitoring almost continuously for almost the past decade, I wanted to see if we could re-implement the same functionality using more modern tools as RRDtool and pfstat definitely have their limitations. This might be an opportunity to learn some new things as well.<br>
36501 I came across pf-graphite which seemed to be a great start! He had everything I needed and I added a few more stats from the detailed interface statistics and the ability for the code to exit for running from cron(8), which is a bit more OpenBSD style. I added code for sending to some SaaS metrics platforms but ultimately stuck with straight Graphite. One important thing to note was to use the Graphite pickle port (2004) instead of the default plaintext port for submission. Also you will need to set a loginterface in your ‘pf.conf’.<br>
36502 A bit of tweaking with Graphite and Grafana, and I had a pretty darn good recreation of my original PF stats dashboard!</p>
36503 </blockquote>
36504
36505 <p>###<a href="https://twobithistory.org/2018/11/12/cat.html">The Source History of Cat</a></p>
36506
36507 <blockquote>
36508 <p>I once had a debate with members of my extended family about whether a computer science degree is a degree worth pursuing. I was in college at the time and trying to decide whether I should major in computer science. My aunt and a cousin of mine believed that I shouldn’t. They conceded that knowing how to program is of course a useful and lucrative thing, but they argued that the field of computer science advances so quickly that everything I learned would almost immediately be outdated. Better to pick up programming on the side and instead major in a field like economics or physics where the basic principles would be applicable throughout my lifetime.<br>
36509 I knew that my aunt and cousin were wrong and decided to major in computer science. (Sorry, aunt and cousin!) It is easy to see why the average person might believe that a field like computer science, or a profession like software engineering, completely reinvents itself every few years. We had personal computers, then the web, then phones, then machine learning… technology is always changing, so surely all the underlying principles and techniques change too. Of course, the amazing thing is how little actually changes. Most people, I’m sure, would be stunned to know just how old some of the important software on their computer really is. I’m not talking about flashy application software, admittedly—my copy of Firefox, the program I probably use the most on my computer, is not even two weeks old. But, if you pull up the manual page for something like grep, you will see that it has not been updated since 2010 (at least on MacOS). And the original version of grep was written in 1974, which in the computing world was back when dinosaurs roamed Silicon Valley. People (and programs) still depend on grep every day.<br>
36510 My aunt and cousin thought of computer technology as a series of increasingly elaborate sand castles supplanting one another after each high tide clears the beach. The reality, at least in many areas, is that we steadily accumulate programs that have solved problems. We might have to occasionally modify these programs to avoid software rot, but otherwise they can be left alone. grep is a simple program that solves a still-relevant problem, so it survives. Most application programming is done at a very high level, atop a pyramid of much older code solving much older problems. The ideas and concepts of 30 or 40 years ago, far from being obsolete today, have in many cases been embodied in software that you can still find installed on your laptop.<br>
36511 I thought it would be interesting to take a look at one such old program and see how much it had changed since it was first written. cat is maybe the simplest of all the Unix utilities, so I’m going to use it as my example. Ken Thompson wrote the original implementation of cat in 1969. If I were to tell somebody that I have a program on my computer from 1969, would that be accurate? How much has cat really evolved over the decades? How old is the software on our computers?<br>
36512 Thanks to repositories like this one, we can see exactly how cat has evolved since 1969. I’m going to focus on implementations of cat that are ancestors of the implementation I have on my Macbook. You will see, as we trace cat from the first versions of Unix down to the cat in MacOS today, that the program has been rewritten more times than you might expect—but it ultimately works more or less the same way it did fifty years ago.</p>
36513 </blockquote>
36514
36515 <ul>
36516 <li>Research Unix</li>
36517 </ul>
36518
36519 <blockquote>
36520 <p>Ken Thompson and Dennis Ritchie began writing Unix on a PDP 7. This was in 1969, before C, so all of the early Unix software was written in PDP 7 assembly. The exact flavor of assembly they used was unique to Unix, since Ken Thompson wrote his own assembler that added some features on top of the assembler provided by DEC, the PDP 7’s manufacturer. Thompson’s changes are all documented in the original Unix Programmer’s Manual under the entry for as, the assembler.<br>
36521 The first implementation of cat is thus in PDP 7 assembly. I’ve added comments that try to explain what each instruction is doing, but the program is still difficult to follow unless you understand some of the extensions Thompson made while writing his assembler. There are two important ones. First, the ; character can be used to separate multiple statements on the same line. It appears that this was used most often to put system call arguments on the same line as the sys instruction. Second, Thompson added support for “temporary labels” using the digits 0 through 9. These are labels that can be reused throughout a program, thus being, according to the Unix Programmer’s Manual, “less taxing both on the imagination of the programmer and on the symbol space of the assembler.” From any given instruction, you can refer to the next or most recent temporary label n using nf and nb respectively. For example, if you have some code in a block labeled 1:, you can jump back to that block from further down by using the instruction jmp 1b. (But you cannot jump forward to that block from above without using jmp 1f instead.)<br>
36522 The most interesting thing about this first version of cat is that it contains two names we should recognize. There is a block of instructions labeled getc and a block of instructions labeled putc, demonstrating that these names are older than the C standard library. The first version of cat actually contained implementations of both functions. The implementations buffered input so that reads and writes were not done a character at a time.<br>
36523 The first version of cat did not last long. Ken Thompson and Dennis Ritchie were able to persuade Bell Labs to buy them a PDP 11 so that they could continue to expand and improve Unix. The PDP 11 had a different instruction set, so cat had to be rewritten. I’ve marked up this second version of cat with comments as well. It uses new assembler mnemonics for the new instruction set and takes advantage of the PDP 11’s various addressing modes. (If you are confused by the parentheses and dollar signs in the source code, those are used to indicate different addressing modes.) But it also leverages the ; character and temporary labels just like the first version of cat, meaning that these features must have been retained when as was adapted for the PDP 11.<br>
36524 The second version of cat is significantly simpler than the first. It is also more “Unix-y” in that it doesn’t just expect a list of filename arguments—it will, when given no arguments, read from stdin, which is what cat still does today. You can also give this version of cat an argument of - to indicate that it should read from stdin.<br>
36525 In 1973, in preparation for the release of the Fourth Edition of Unix, much of Unix was rewritten in C. But cat does not seem to have been rewritten in C until a while after that. The first C implementation of cat only shows up in the Seventh Edition of Unix. This implementation is really fun to look through because it is so simple. Of all the implementations to follow, this one most resembles the idealized cat used as a pedagogic demonstration in K&R C. The heart of the program is the classic two-liner:</p>
36526 </blockquote>
36527
36528 <p><code>while ((c = getc(fi)) != EOF)</code><br>
36529 <code>putchar(c);</code></p>
36530
36531 <blockquote>
36532 <p>There is of course quite a bit more code than that, but the extra code is mostly there to ensure that you aren’t reading and writing to the same file. The other interesting thing to note is that this implementation of cat only recognized one flag, -u. The -u flag could be used to avoid buffering input and output, which cat would otherwise do in blocks of 512 bytes.</p>
36533 </blockquote>
36534
36535 <ul>
36536 <li>BSD</li>
36537 </ul>
36538
36539 <blockquote>
36540 <p>After the Seventh Edition, Unix spawned all sorts of derivatives and offshoots. MacOS is built on top of Darwin, which in turn is derived from the Berkeley Software Distribution (BSD), so BSD is the Unix offshoot we are most interested in. BSD was originally just a collection of useful programs and add-ons for Unix, but it eventually became a complete operating system. BSD seems to have relied on the original cat implementation up until the fourth BSD release, known as 4BSD, when support was added for a whole slew of new flags. The 4BSD implementation of cat is clearly derived from the original implementation, though it adds a new function to implement the behavior triggered by the new flags. The naming conventions already used in the file were adhered to—the fflg variable, used to mark whether input was being read from stdin or a file, was joined by nflg, bflg, vflg, sflg, eflg, and tflg, all there to record whether or not each new flag was supplied in the invocation of the program. These were the last command-line flags added to cat; the man page for cat today lists these flags and no others, at least on Mac OS. 4BSD was released in 1980, so this set of flags is 38 years old.<br>
36541 cat would be entirely rewritten a final time for BSD Net/2, which was, among other things, an attempt to avoid licensing issues by replacing all AT&T Unix-derived code with new code. BSD Net/2 was released in 1991. This final rewrite of cat was done by Kevin Fall, who graduated from Berkeley in 1988 and spent the next year working as a staff member at the Computer Systems Research Group (CSRG). Fall told me that a list of Unix utilities still implemented using AT&T code was put up on a wall at CSRG and staff were told to pick the utilities they wanted to reimplement. Fall picked cat and mknod. The cat implementation bundled with MacOS today is built from a source file that still bears his name at the very top. His version of cat, even though it is a relatively trivial program, is today used by millions.<br>
36542 Fall’s original implementation of cat is much longer than anything we have seen so far. Other than support for a -? help flag, it adds nothing in the way of new functionality. Conceptually, it is very similar to the 4BSD implementation. It is only longer because Fall separates the implementation into a “raw” mode and a “cooked” mode. The “raw” mode is cat classic; it prints a file character for character. The “cooked” mode is cat with all the 4BSD command-line options. The distinction makes sense but it also pads out the implementation so that it seems more complex at first glance than it actually is. There is also a fancy error handling function at the end of the file that further adds to its length.</p>
36543 </blockquote>
36544
36545 <ul>
36546 <li>MacOS</li>
36547 </ul>
36548
36549 <blockquote>
36550 <p>The very first release of Mac OS X thus includes an implementation of cat pulled from the NetBSD project. So the first Mac OS X implementation of cat is Kevin Fall’s cat. The only thing that had changed over the intervening decade was that Fall’s error-handling function err() was removed and the err() function made available by err.h was used in its place. err.h is a BSD extension to the C standard library.<br>
36551 The NetBSD implementation of cat was later swapped out for FreeBSD’s implementation of cat. According to Wikipedia, Apple began using FreeBSD instead of NetBSD in Mac OS X 10.3 (Panther). But the Mac OS X implementation of cat, according to Apple’s own open source releases, was not replaced until Mac OS X 10.5 (Leopard) was released in 2007. The FreeBSD implementation that Apple swapped in for the Leopard release is the same implementation on Apple computers today. As of 2018, the implementation has not been updated or changed at all since 2007.<br>
36552 So the Mac OS cat is old. As it happens, it is actually two years older than its 2007 appearance in MacOS X would suggest. This 2005 change, which is visible in FreeBSD’s Github mirror, was the last change made to FreeBSD’s cat before Apple pulled it into Mac OS X. So the Mac OS X cat implementation, which has not been kept in sync with FreeBSD’s cat implementation, is officially 13 years old. There’s a larger debate to be had about how much software can change before it really counts as the same software; in this case, the source file has not changed at all since 2005.<br>
36553 The cat implementation used by Mac OS today is not that different from the implementation that Fall wrote for the 1991 BSD Net/2 release. The biggest difference is that a whole new function was added to provide Unix domain socket support. At some point, a FreeBSD developer also seems to have decided that Fall’s raw_args() function and cook_args() should be combined into a single function called scanfiles(). Otherwise, the heart of the program is still Fall’s code.<br>
36554 I asked Fall how he felt about having written the cat implementation now used by millions of Apple users, either directly or indirectly through some program that relies on cat being present. Fall, who is now a consultant and a co-author of the most recent editions of TCP/IP Illustrated, says that he is surprised when people get such a thrill out of learning about his work on cat. Fall has had a long career in computing and has worked on many high-profile projects, but it seems that many people still get most excited about the six months of work he put into rewriting cat in 1989.</p>
36555 </blockquote>
36556
36557 <ul>
36558 <li>The Hundred-Year-Old Program</li>
36559 </ul>
36560
36561 <blockquote>
36562 <p>In the grand scheme of things, computers are not an old invention. We’re used to hundred-year-old photographs or even hundred-year-old camera footage. But computer programs are in a different category—they’re high-tech and new. At least, they are now. As the computing industry matures, will we someday find ourselves using programs that approach the hundred-year-old mark?<br>
36563 Computer hardware will presumably change enough that we won’t be able to take an executable compiled today and run it on hardware a century from now. Perhaps advances in programming language design will also mean that nobody will understand C in the future and cat will have long since been rewritten in another language. (Though C has already been around for fifty years, and it doesn’t look like it is about to be replaced any time soon.) But barring all that, why not just keep using the cat we have forever?<br>
36564 I think the history of cat shows that some ideas in computer science are in fact very durable. Indeed, with cat, both the idea and the program itself are old. It may not be accurate to say that the cat on my computer is from 1969. But I could make a case for saying that the cat on my computer is from 1989, when Fall wrote his implementation of cat. Lots of other software is just as ancient. So maybe we shouldn’t think of computer science and software development primarily as fields that disrupt the status quo and invent new things. Our computer systems are built out of historical artifacts. At some point, we may all spend more time trying to understand and maintain those historical artifacts than we spend writing new code.</p>
36565 </blockquote>
36566
36567 <p><hr></p>
36568
36569 <p>##News Roundup<br>
36570 ###<a href="https://www.bleepingcomputer.com/news/security/trivial-bug-in-xorg-gives-root-permission-on-linux-and-bsd-systems/">Trivial Bug in X.Org Gives Root Permission on Linux and BSD Systems</a></p>
36571
36572 <blockquote>
36573 <p>A vulnerability that is trivial to exploit allows privilege escalation to root level on Linux and BSD distributions using <a href="http://X.Org">X.Org</a> server, the open source implementation of the X Window System that offers the graphical environment.<br>
36574 The flaw is now identified as CVE-2018-14665 (credited to security researcher Narendra Shinde). It has been present in xorg-server for two years, since version 1.19.0 and is exploitable by a limited user as long as the X server runs with elevated permissions.</p>
36575 </blockquote>
36576
36577 <ul>
36578 <li>Privilege escalation and arbitrary file overwrite</li>
36579 </ul>
36580
36581 <blockquote>
36582 <p>An advisory on Thursday describes the problem as an “incorrect command-line parameter validation” that also allows an attacker to overwrite arbitrary files.<br>
36583 Privilege escalation can be accomplished via the -modulepath argument by setting an insecure path to modules loaded by the <a href="http://X.org">X.org</a> server. Arbitrary file overwrite is possible through the -logfile argument, because of improper verification when parsing the option.</p>
36584 </blockquote>
36585
36586 <ul>
36587 <li>Bug could have been avoided in OpenBSD 6.4</li>
36588 </ul>
36589
36590 <blockquote>
36591 <p>OpenBSD, the free and open-source operating system with a strong focus on security, uses xorg. On October 18, the project released version 6.4 of the OS, affected by CVE-2018-14665. This could have been avoided, though.<br>
36592 Theo de Raadt, founder and leader of the OpenBSD project, says that X maintainer knew about the problem since at least October 11. For some reason, the OpenBSD developers received the message one hour before the public announcement this Thursday, a week after their new OS release.<br>
36593 “As yet we don’t have answers about why our X maintainer (on the X security team) and his team provided information to other projects (some who don’t even ship with this new X server) but chose to not give us a heads-up which could have saved all the new 6.4 users a lot of grief,” Raadt says.<br>
36594 Had OpenBSD developers known about the bug before the release, they could have taken steps to mitigate the problem or delay the launch for a week or two.<br>
36595 To remedy the problem, the OpenBSD project provides a source code patch, which requires compiling and rebuilding the X server.<br>
36596 As a temporary solution, users can disable the Xorg binary by running the following command:</p>
36597 </blockquote>
36598
36599 <p><code>chmod u-s /usr/X11R6/bin/Xorg</code></p>
36600
36601 <ul>
36602 <li>Trivial exploitation</li>
36603 </ul>
36604
36605 <blockquote>
36606 <p>CVE-2018-14665 does not help compromise systems, but it is useful in the following stages of an attack.<br>
36607 Leveraging it after gaining access to a vulnerable machine is fairly easy. Matthew Hickey, co-founder, and head of Hacker House security outfit created and published an exploit, saying that it can be triggered from a remote SSH session.<br>
36608 Three hours after the public announcement of the security gap, Daemon Security CEO Michael Shirk replied with one line that overwrote shadow files on the system. Hickey did one better and fit the entire local privilege escalation exploit in one line.<br>
36609 Apart from OpenBSD, other operating systems affected by the bug include Debian and Ubuntu, Fedora and its downstream distro Red Hat Enterprise Linux along with its community-supported counterpart CentOS.</p>
36610 </blockquote>
36611
36612 <p><hr></p>
36613
36614 <p>###<a href="https://blog.gsora.xyz/openbsd-on-the-desktop-some-thoughts/">OpenBSD on the Desktop: some thoughts</a></p>
36615
36616 <blockquote>
36617 <p>I’ve been using OpenBSD on my ThinkPad X230 for some weeks now, and the experience has been peculiar in some ways.<br>
36618 The OS itself in my opinion is not ready for widespread desktop usage, and the development team is not trying to push it in the throat of anybody who wants a Windows or macOS alternative.<br>
36619 You need to understand a little bit of how *NIX systems work, because you’ll use CLI more than UI.<br>
36620 That’s not necessarily bad, and I’m sure I learned a trick or two that could translate easily to Linux or macOS.<br>
36621 Their development process is purely based on developers that love to contribute and hack around, just because it’s fun.<br>
36622 Even the mailing list is a cool place to hang on!<br>
36623 Code correctness and security are a must, nothing gets committed if it doesn’t get reviewed thoroughly first - nowadays the first two properties should be enforced in every major operating system.<br>
36624 I like the idea of a platform that continually evolves.<br>
36625 pledge(2) and unveil(2) are the proof that with a little effort, you can secure existing software better than ever.<br>
36626 I like the “sensible defaults” approach, having an OS ready to be used - UI included if you selected it during the setup process - is great.<br>
36627 Just install a browser and you’re ready to go.<br>
36628 Manual pages on OpenBSD are real manuals, not an extension of the “–help” command found in most CLI softwares.<br>
36629 They help you understand inner workings of the operating system, no internet connection needed.<br>
36630 There are some trade-offs, too.<br>
36631 Performance is not first-class, mostly because of all the security mitigations and checks done at runtime3.<br>
36632 I write Go code in neovim, and sometimes you can feel a slight slowdown when you’re compiling and editing multiple files at the same time, but usually I can’t notice any meaningful difference.<br>
36633 Browsers are a different matter though, you can definitely feel something differs from the experience you can have on mainstream operating systems.<br>
36634 But again, trade-offs.<br>
36635 To use OpenBSD on the desktop you must be ready to sacrifice some of the goodies of mainstream OSes, but if you’re searching for a zen place to do your computing stuff, it’s the best you can get right now.</p>
36636 </blockquote>
36637
36638 <p><hr></p>
36639
36640 <p>###<a href="https://distrowatch.com/weekly.php?issue=20180813#nomadbsd">Review: NomadBSD 1.1</a></p>
36641
36642 <blockquote>
36643 <p>One of the most recent additions to the DistroWatch database is NomadBSD. According to the NomadBSD website: “NomadBSD is a 64-bit live system for USB flash drives, based on FreeBSD. Together with automatic hardware detection and setup, it is configured to be used as a desktop system that works out of the box, but can also be used for data recovery.”<br>
36644 The latest release of NomadBSD (or simply “Nomad”, as I will refer to the project in this review) is version 1.1. It is based on FreeBSD 11.2 and is offered in two builds, one for generic personal computers and one for Macbooks. The release announcement mentions version 1.1 offers improved video driver support for Intel and AMD cards. The operating system ships with Octopkg for graphical package management and the system should automatically detect, and work with, VirtualBox environments.<br>
36645 Nomad 1.1 is available as a 2GB download, which we then decompress to produce a 4GB file which can be written to a USB thumb drive. There is no optical media build of Nomad as it is designed to be run entirely from the USB drive, and write data persistently to the drive, rather than simply being installed from the USB media.</p>
36646 </blockquote>
36647
36648 <ul>
36649 <li>Initial setup</li>
36650 </ul>
36651
36652 <blockquote>
36653 <p>Booting from the USB drive brings up a series of text-based menus which ask us to configure key parts of the operating system. We are asked to select our time zone, keyboard layout, keyboard model, keyboard mapping and our preferred language. While we can select options from a list, the options tend to be short and cryptic. Rather than “English (US)”, for example, we might be given “en_US”. We are also asked to create a password for the root user account and another one for a regular user which is called “nomad”. We can then select which shell nomad will use. The default is zsh, but there are plenty of other options, including csh and bash. We have the option of encrypting our user’s home directory.<br>
36654 I feel it is important to point out that these settings, and nomad’s home directory, are stored on the USB drive. The options and settings we select will not be saved to our local hard drive and our configuration choices will not affect other operating systems already installed on our computer. At the end, the configuration wizard asks if we want to run the BSDstats service. This option is not explained at all, but it contacts BSDstats to provide some basic statistics on BSD users.<br>
36655 The system then takes a few minutes to apply its changes to the USB drive and automatically reboots the computer. While running the initial setup wizard, I had nearly identical experiences when running Nomad on a physical computer and running the operating system in a VirtualBox virtual machine. However, after the initial setup process was over, I had quite different experiences depending on the environment so I want to divide my experiences into two different sections.</p>
36656 </blockquote>
36657
36658 <ul>
36659 <li>Physical desktop computer</li>
36660 </ul>
36661
36662 <blockquote>
36663 <p>At first, Nomad failed to boot on my desktop computer. From the operating system’s boot loader, I enabled Safe Mode which allowed Nomad to boot. At that point, Nomad was able to start up, but would only display a text console. The desktop environment failed to start when running in Safe Mode.<br>
36664 Networking was also disabled by default and I had to enable a network interface and DHCP address assignment to connect to the Internet. Instructions for enabling networking can be found in FreeBSD’s Handbook. Once we are on-line we can use the pkg command line package manager to install and update software. Had the desktop environment worked then the Octopkg graphical package manager would also be available to make browsing and installing software a point-n-click experience.<br>
36665 Had I been able to run the desktop for prolonged amounts of time I could have made use of such pre-installed items as the Firefox web browser, the VLC media player, LibreOffice and Thunderbird. Nomad offers a fairly small collection of desktop applications, but what is there is mostly popular, capable software.<br>
36666 When running the operating system I noted that, with one user logged in, Nomad only runs 15 processes with the default configuration. These processes require less than 100MB of RAM, and the whole system fits comfortably on a 4GB USB drive.</p>
36667 </blockquote>
36668
36669 <ul>
36670 <li>Conclusions</li>
36671 </ul>
36672
36673 <blockquote>
36674 <p>Ultimately using Nomad was not a practical option for me. The operating system did not work well with my hardware, or the virtual environment. In the virtual machine, Nomad crashed consistently after just a few minutes of uptime. On the desktop computer, I could not get a desktop environment to run. The command line tools worked well, and the system performed tasks very quickly, but a command line only environment is not well suited to my workflow.<br>
36675 I like the idea of what NomadBSD is offering. There are not many live desktop flavours of FreeBSD, apart from GhostBSD. It was nice to see developers trying to make a FreeBSD-based, plug-and-go operating system that would offer a desktop and persistent storage. I suspect the system would work and perform its stated functions on different hardware, but in my case my experiment was necessarily short lived.</p>
36676 </blockquote>
36677
36678 <p><hr></p>
36679
36680 <p>##Beastie Bits</p>
36681
36682 <ul>
36683 <li><a href="https://oshogbo.vexillium.org/blog/50/">FreeBSD lockless algorithm - seq</a></li>
36684 <li><a href="https://github.com/bob-beck/libtls/blob/master/TUTORIAL.md">Happy Bob’s Libtls tutorial</a></li>
36685 <li><a href="https://chown.me/blog/locking-openbsd-when-sleeping.html">Locking OpenBSD when it’s sleeping</a></li>
36686 <li><a href="https://www.geoghegan.ca/serviio.html">iio - The OpenBSD Way</a></li>
36687 <li><a href="https://bsdboy.ml/blog/installing-hugo-and-hosting-on-openbsd.html">Installing Hugo and Hosting Website on OpenBSD Server</a></li>
36688 <li><a href="http://blog.osorio.me/post.php?idpost=1">Fosdem 2019 reminder: BSD devroom CfP</a></li>
36689 <li><a href="https://www.youtube.com/watch?v=4gOoPxGKKjA&feature=youtu.be">OpenBGPD, gotta go fast! - Claudio Jeker</a></li>
36690 <li><a href="http://project-trident.org/post/2018-11-10_rc3-available/">Project Trident RC3 available</a></li>
36691 <li><a href="https://lists.freebsd.org/pipermail/freebsd-announce/2018-November/001849.html">FreeBSD 10.4 EOL</a></li>
36692 <li><a href="https://bsd.network/@ephemeris/101073578346815313">Play “Crazy Train” through your APU2 speaker</a></li>
36693 </ul>
36694
36695 <p><hr></p>
36696
36697 <p>##Feedback/Questions</p>
36698
36699 <ul>
36700 <li>Tobias - <a href="http://dpaste.com/174WGEY#wrap">Satisfying my storage hunger and wallet pains</a></li>
36701 <li>Lasse - <a href="http://dpaste.com/1QBMH73">Question regarding FreeBSD backups</a>
36702 <ul>
36703 <li><a href="https://twitter.com/dlangille">https://twitter.com/dlangille</a></li>
36704 <li><a href="https://dan.langille.org/">https://dan.langille.org/</a></li>
36705 </ul>
36706
36707 <p></li><br>
36708 </ul><br>
36709 <hr></p>
36710
36711 <ul>
36712 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
36713 </ul>
36714
36715 <p><hr></p>]]>
36716 </content:encoded>
36717 <itunes:summary>
36718 <![CDATA[<p>Thoughts on NetBSD 8.0, Monitoring love for a GigaBit OpenBSD firewall, cat’s source history, X.org root permission bug, thoughts on OpenBSD as a desktop, and NomadBSD review.</p>
36719
36720 <p>##Headlines<br>
36721 ###<a href="https://distrowatch.com/weekly.php?issue=20181119#netbsd">Some thoughts on NetBSD 8.0</a></p>
36722
36723 <blockquote>
36724 <p>NetBSD is a highly portable operating system which can be run on dozens of different hardware architectures. The operating system’s clean and minimal design allow it to be run in all sorts of environments, ranging from embedded devices, to servers, to workstations. While the base operating system is minimal, NetBSD users have access to a large repository of binary packages and a ports tree which I will touch upon later.<br>
36725 I last tried NetBSD 7.0 about three years ago and decided it was time to test drive the operating system again. In the past three years NetBSD has introduced a few new features, many of them security enhancements. For example, NetBSD now supports write exclusive-or execute (W^X) protection and address space layout randomization (ASLR) to protect programs against common attacks. NetBSD 8.0 also includes USB3 support and the ability to work with ZFS storage volumes.</p>
36726 </blockquote>
36727
36728 <ul>
36729 <li>Early impressions</li>
36730 </ul>
36731
36732 <blockquote>
36733 <p>Since I had set up NetBSD with a Full install and enabled xdm during the setup process, the operating system booted to a graphical login screen. From here we can sign into our account. The login screen does not provide options to shut down or restart the computer. Logging into our account brings up the twm window manager and provides a virtual terminal, courtesy of xterm. There is a panel that provides a method for logging out of the window manager. The twm environment is sparse, fast and devoid of distractions.</p>
36734 </blockquote>
36735
36736 <ul>
36737 <li>Software management</li>
36738 </ul>
36739
36740 <blockquote>
36741 <p>NetBSD ships with a fairly standard collection of command line tools and manual pages, but otherwise it is a fairly minimal platform. If we want to run network services, have access to a web browser, or use a word processor we are going to need to install more software. There are two main approaches to installing new packages. The first, and easier approach, is to use the pkgin package manager. The pkgin utility works much the same way APT or DNF work in the Linux world, or as pkg works on FreeBSD. We can search for software by name, install or remove items. I found pkgin worked well, though its output can be terse. My only complaint with pkgin is that it does not handle “close enough” package names. For example, if I tried to run “pkgin install vlc” or “pkgin install firefox” I would quickly be told these items did not exist. But a more forgiving package manager will realize items like vlc2 or firefox45 are available and offer to install those.<br>
36742 The pkgin tool installs new programs in the /usr/pkg/bin directory. Depending on your configuration and shell, this location may not be in your user’s path, and it will be helpful to adjust your PATH variable accordingly.<br>
36743 The other common approach to acquiring new software is to use the pkgsrc framework. I have talked about using pkgsrc before and I will skip the details. Basically, we can download a collection of recipes for building popular open source software and run a command to download and install these items from their source code. Using pkgsrc basically gives us the same software as using pkgin would, but with some added flexibility on the options we use.<br>
36744 Once new software has been installed, it may need to be enabled and activated, particularly if it uses (or is) a background service. New items can be enabled in the /etc/rc.conf file and started or stopped using the service command. This works about the same as the service command on FreeBSD and most non-systemd Linux distributions.</p>
36745 </blockquote>
36746
36747 <ul>
36748 <li>Hardware</li>
36749 </ul>
36750
36751 <blockquote>
36752 <p>I found that, when logged into the twm environment, NetBSD used about 130MB of RAM. This included kernel memory and all active memory. A fresh, Full install used up 1.5GB of disk space. I generally found NetBSD ran well in both VirtualBox and on my desktop computer. The system was quick and stable. I did have trouble getting a higher screen resolution in both environments. NetBSD does not offer VirtualBox add-on modules. There are NetBSD patches for VirtualBox out there, but there is some manual work involved in getting them working. When running on my desktop computer I think the resolution issue was one of finding and dealing with the correct video driver. Screen resolution aside, NetBSD performed well and detected all my hardware.</p>
36753 </blockquote>
36754
36755 <ul>
36756 <li>Personal projects</li>
36757 </ul>
36758
36759 <blockquote>
36760 <p>Since NetBSD provides users with a small, core operating system without many utilities if we want to use NetBSD for something we need to have a project in mind. I had four mini projects in mind I wanted to try this week: install a desktop environment, enable file sharing for computers on the local network, test multimedia (video, audio and YouTube capabilities), and set up a ZFS volume for storage.<br>
36761 I began with the desktop. Specifically, I followed the same tutorial I used three years ago to try to set up the Xfce desktop. While Xfce and its supporting services installed, I was unable to get a working desktop out of the experience. I could get the Xfce window manager working, but not the entire session. This tutorial worked beautifully with NetBSD 7.0, but not with version 8.0. Undeterred, I switched gears and installed Fluxbox instead. This gave me a slightly more powerful graphical environment than what I had before with twm while maintaining performance. Fluxbox ran without any problems, though its application menu was automatically populated with many programs which were not actually installed.<br>
36762 Next, I tried installing a few multimedia applications to play audio and video files. Here I ran into a couple of interesting problems. I found the music players I installed would play audio files, but the audio was quite slow. It always sounded like a cassette tape dragging. When I tried to play a video, the entire graphical session would crash, taking me back to the login screen. When I installed Firefox, I found I could play YouTube videos, and the video played smoothly, but again the audio was unusually slow.<br>
36763 I set up two methods of sharing files on the local network: OpenSSH and FTP. NetBSD basically gives us OpenSSH for free at install time and I added an FTP server through the pkgin package manager which worked beautifully with its default configuration.<br>
36764 I experimented with ZFS support a little, just enough to confirm I could create and access ZFS volumes. ZFS seems to work on NetBSD just as well, and with the same basic features, as it does on FreeBSD and mainstream Linux distributions. I think this is a good feature for the portable operating system to have since it means we can stick NetBSD on nearly any networked computer and use it as a NAS.</p>
36765 </blockquote>
36766
36767 <ul>
36768 <li>Conclusions</li>
36769 </ul>
36770
36771 <blockquote>
36772 <p>NetBSD, like its close cousins (FreeBSD and OpenBSD) does not do a lot of hand holding or automation. It offers a foundation that will run on most CPUs and we can choose to build on that foundation. I mention this because, on its own, NetBSD does not do much. If we want to get something out of it, we need to be willing to build on its foundation - we need a project. This is important to keep in mind as I think going into NetBSD and thinking, “Oh I’ll just explore around and expand on this as I go,” will likely lead to disappointment. I recommend figuring out what you want to do before installing NetBSD and making sure the required tools are available in the operating system’s repositories.<br>
36773 Some of the projects I embarked on this week (using ZFS and setting up file sharing) worked well. Others, like getting multimedia support and a full-featured desktop, did not. Given more time, I’m sure I could find a suitable desktop to install (along with the required documentation to get it and its services running), or customize one based on one of the available window managers. However, any full featured desktop is going to require some manual work. Media support was not great. The right players and codecs were there, but I was not able to get audio to play smoothly.<br>
36774 My main complaint with NetBSD relates to my struggle to get some features working to my satisfaction: the documentation is scattered. There are four different sections of the project’s website for documentation (FAQs, The Guide, manual pages and the wiki). Whatever we are looking for is likely to be in one of those, but which one? Or, just as likely, the tutorial we want is not there, but is on a forum or blog somewhere. I found that the documentation provided was often thin, more of a quick reference to remind people how something works rather than a full explanation.<br>
36775 As an example, I found a couple of documents relating to setting up a firewall. One dealt with networking NetBSD on a LAN, another explored IPv6 support, but neither gave an overview on syntax or a basic guide to blocking all but one or two ports. It seemed like that information should already be known, or picked up elsewhere.<br>
36776 Newcomers are likely to be a bit confused by software management guides for the same reason. Some pages refer to using a tool called pkg_add, others use pkgsrc and its make utility, others mention pkgin. Ultimately, these tools each give approximately the same result, but work differently and yet are mentioned almost interchangeably. I have used NetBSD before a few times and could stumble through these guides, but new users are likely to come away confused.<br>
36777 One quirk of NetBSD, which may be a security feature or an inconvenience, depending on one’s point of view, is super user programs are not included in regular users’ paths. This means we need to change our path if we want to be able to run programs typically used by root. For example, shutdown and mount are not in regular users’ paths by default. This made checking some things tricky for me.<br>
36778 Ultimately though, NetBSD is not famous for its convenience or features so much as its flexibility. The operating system will run on virtually any processor and should work almost identically across multiple platforms. That gives NetBSD users a good deal of consistency across a range of hardware and the chance to experiment with a member of the Unix family on hardware that might not be compatible with Linux or the other BSDs.</p>
36779 </blockquote>
36780
36781 <p><hr></p>
36782
36783 <p>###<a href="https://tech.mangot.com/blog/2018/11/08/showing-a-gigabit-openbsd-firewall-some-monitoring-love/">Showing a Gigabit OpenBSD Firewall Some Monitoring Love</a></p>
36784
36785 <blockquote>
36786 <p>I have a pretty long history of running my home servers or firewalls on “exotic” hardware. At first, it was Sun Microsystem hardware, then it moved to the excellent Soekris line, with some cool single board computers thrown in the mix. Recently I’ve been running OpenBSD Octeon on the Ubiquiti Edge Router Lite, an amazing little piece of kit at an amazing price point.</p>
36787 </blockquote>
36788
36789 <ul>
36790 <li>Upgrade Time!</li>
36791 </ul>
36792
36793 <blockquote>
36794 <p>This setup has served me for some time and I’ve been extremely happy with it. But, in the #firstworldproblems category, I recently upgraded the household to the amazing Gigabit fibre offering from Sonic. A great problem to have, but also too much of a problem for the little Edge Router Lite (ERL).<br>
36795 The way the OpenBSD PF firewall works, it’s only able to process packets on a single core. Not a problem for the dual-core 500 MHz ERL when you’re pushing under ~200 Mbps, but more of a problem when you’re trying to push 1000 Mbps.<br>
36796 I needed something that was faster on a per core basis but still satisfied my usual firewall requirements. Loosely:</p>
36797 </blockquote>
36798
36799 <ul>
36800 <li>small form factor</li>
36801 <li>fan-less</li>
36802 <li>multiple Intel Ethernet ports (good driver support)</li>
36803 <li>low power consumption</li>
36804 <li>not your regular off-the-shelf kit</li>
36805 <li>relatively inexpensive</li>
36806 </ul>
36807
36808 <blockquote>
36809 <p>After evaluating a LOT of different options I settled on the Protectli Vault FW2B. With the specs required for the firewall (2 GB RAM and 8 GB drive) it comes in at a mere $239 USD! Installation of OpenBSD 6.4 was pretty straight forward, with the only problem I had was Etcher did not want to recognize the ‘.fs’ extension on the install image as bootable image. I quickly fixed this with good old Unix dd(1) on the Mac. Everything else was incredibly smooth.<br>
36810 After loading the same rulesets on my new install, the results were fantastic!</p>
36811 </blockquote>
36812
36813 <ul>
36814 <li>Monitoring</li>
36815 </ul>
36816
36817 <blockquote>
36818 <p>Now that the machine was up and running (and fast!), I wanted to know what it was doing. Over the years, I’ve always relied on the venerable pfstat software to give me an overview of my traffic, blocked packets, etc. It looks like this:<br>
36819 As you can see it’s based on RRDtool, which was simply incredible in its time. Having worked on monitoring almost continuously for almost the past decade, I wanted to see if we could re-implement the same functionality using more modern tools as RRDtool and pfstat definitely have their limitations. This might be an opportunity to learn some new things as well.<br>
36820 I came across pf-graphite which seemed to be a great start! He had everything I needed and I added a few more stats from the detailed interface statistics and the ability for the code to exit for running from cron(8), which is a bit more OpenBSD style. I added code for sending to some SaaS metrics platforms but ultimately stuck with straight Graphite. One important thing to note was to use the Graphite pickle port (2004) instead of the default plaintext port for submission. Also you will need to set a loginterface in your ‘pf.conf’.<br>
36821 A bit of tweaking with Graphite and Grafana, and I had a pretty darn good recreation of my original PF stats dashboard!<br>
36822 As you can see it’s based on RRDtool, which was simply incredible in its time. Having worked on monitoring almost continuously for almost the past decade, I wanted to see if we could re-implement the same functionality using more modern tools as RRDtool and pfstat definitely have their limitations. This might be an opportunity to learn some new things as well.<br>
36823 I came across pf-graphite which seemed to be a great start! He had everything I needed and I added a few more stats from the detailed interface statistics and the ability for the code to exit for running from cron(8), which is a bit more OpenBSD style. I added code for sending to some SaaS metrics platforms but ultimately stuck with straight Graphite. One important thing to note was to use the Graphite pickle port (2004) instead of the default plaintext port for submission. Also you will need to set a loginterface in your ‘pf.conf’.<br>
36824 A bit of tweaking with Graphite and Grafana, and I had a pretty darn good recreation of my original PF stats dashboard!</p>
36825 </blockquote>
36826
36827 <p>###<a href="https://twobithistory.org/2018/11/12/cat.html">The Source History of Cat</a></p>
36828
36829 <blockquote>
36830 <p>I once had a debate with members of my extended family about whether a computer science degree is a degree worth pursuing. I was in college at the time and trying to decide whether I should major in computer science. My aunt and a cousin of mine believed that I shouldn’t. They conceded that knowing how to program is of course a useful and lucrative thing, but they argued that the field of computer science advances so quickly that everything I learned would almost immediately be outdated. Better to pick up programming on the side and instead major in a field like economics or physics where the basic principles would be applicable throughout my lifetime.<br>
36831 I knew that my aunt and cousin were wrong and decided to major in computer science. (Sorry, aunt and cousin!) It is easy to see why the average person might believe that a field like computer science, or a profession like software engineering, completely reinvents itself every few years. We had personal computers, then the web, then phones, then machine learning… technology is always changing, so surely all the underlying principles and techniques change too. Of course, the amazing thing is how little actually changes. Most people, I’m sure, would be stunned to know just how old some of the important software on their computer really is. I’m not talking about flashy application software, admittedly—my copy of Firefox, the program I probably use the most on my computer, is not even two weeks old. But, if you pull up the manual page for something like grep, you will see that it has not been updated since 2010 (at least on MacOS). And the original version of grep was written in 1974, which in the computing world was back when dinosaurs roamed Silicon Valley. People (and programs) still depend on grep every day.<br>
36832 My aunt and cousin thought of computer technology as a series of increasingly elaborate sand castles supplanting one another after each high tide clears the beach. The reality, at least in many areas, is that we steadily accumulate programs that have solved problems. We might have to occasionally modify these programs to avoid software rot, but otherwise they can be left alone. grep is a simple program that solves a still-relevant problem, so it survives. Most application programming is done at a very high level, atop a pyramid of much older code solving much older problems. The ideas and concepts of 30 or 40 years ago, far from being obsolete today, have in many cases been embodied in software that you can still find installed on your laptop.<br>
36833 I thought it would be interesting to take a look at one such old program and see how much it had changed since it was first written. cat is maybe the simplest of all the Unix utilities, so I’m going to use it as my example. Ken Thompson wrote the original implementation of cat in 1969. If I were to tell somebody that I have a program on my computer from 1969, would that be accurate? How much has cat really evolved over the decades? How old is the software on our computers?<br>
36834 Thanks to repositories like this one, we can see exactly how cat has evolved since 1969. I’m going to focus on implementations of cat that are ancestors of the implementation I have on my Macbook. You will see, as we trace cat from the first versions of Unix down to the cat in MacOS today, that the program has been rewritten more times than you might expect—but it ultimately works more or less the same way it did fifty years ago.</p>
36835 </blockquote>
36836
36837 <ul>
36838 <li>Research Unix</li>
36839 </ul>
36840
36841 <blockquote>
36842 <p>Ken Thompson and Dennis Ritchie began writing Unix on a PDP 7. This was in 1969, before C, so all of the early Unix software was written in PDP 7 assembly. The exact flavor of assembly they used was unique to Unix, since Ken Thompson wrote his own assembler that added some features on top of the assembler provided by DEC, the PDP 7’s manufacturer. Thompson’s changes are all documented in the original Unix Programmer’s Manual under the entry for as, the assembler.<br>
36843 The first implementation of cat is thus in PDP 7 assembly. I’ve added comments that try to explain what each instruction is doing, but the program is still difficult to follow unless you understand some of the extensions Thompson made while writing his assembler. There are two important ones. First, the ; character can be used to separate multiple statements on the same line. It appears that this was used most often to put system call arguments on the same line as the sys instruction. Second, Thompson added support for “temporary labels” using the digits 0 through 9. These are labels that can be reused throughout a program, thus being, according to the Unix Programmer’s Manual, “less taxing both on the imagination of the programmer and on the symbol space of the assembler.” From any given instruction, you can refer to the next or most recent temporary label n using nf and nb respectively. For example, if you have some code in a block labeled 1:, you can jump back to that block from further down by using the instruction jmp 1b. (But you cannot jump forward to that block from above without using jmp 1f instead.)<br>
36844 The most interesting thing about this first version of cat is that it contains two names we should recognize. There is a block of instructions labeled getc and a block of instructions labeled putc, demonstrating that these names are older than the C standard library. The first version of cat actually contained implementations of both functions. The implementations buffered input so that reads and writes were not done a character at a time.<br>
36845 The first version of cat did not last long. Ken Thompson and Dennis Ritchie were able to persuade Bell Labs to buy them a PDP 11 so that they could continue to expand and improve Unix. The PDP 11 had a different instruction set, so cat had to be rewritten. I’ve marked up this second version of cat with comments as well. It uses new assembler mnemonics for the new instruction set and takes advantage of the PDP 11’s various addressing modes. (If you are confused by the parentheses and dollar signs in the source code, those are used to indicate different addressing modes.) But it also leverages the ; character and temporary labels just like the first version of cat, meaning that these features must have been retained when as was adapted for the PDP 11.<br>
36846 The second version of cat is significantly simpler than the first. It is also more “Unix-y” in that it doesn’t just expect a list of filename arguments—it will, when given no arguments, read from stdin, which is what cat still does today. You can also give this version of cat an argument of - to indicate that it should read from stdin.<br>
36847 In 1973, in preparation for the release of the Fourth Edition of Unix, much of Unix was rewritten in C. But cat does not seem to have been rewritten in C until a while after that. The first C implementation of cat only shows up in the Seventh Edition of Unix. This implementation is really fun to look through because it is so simple. Of all the implementations to follow, this one most resembles the idealized cat used as a pedagogic demonstration in K&R C. The heart of the program is the classic two-liner:</p>
36848 </blockquote>
36849
36850 <p><code>while ((c = getc(fi)) != EOF)</code><br>
36851 <code>putchar(c);</code></p>
36852
36853 <blockquote>
36854 <p>There is of course quite a bit more code than that, but the extra code is mostly there to ensure that you aren’t reading and writing to the same file. The other interesting thing to note is that this implementation of cat only recognized one flag, -u. The -u flag could be used to avoid buffering input and output, which cat would otherwise do in blocks of 512 bytes.</p>
36855 </blockquote>
36856
36857 <ul>
36858 <li>BSD</li>
36859 </ul>
36860
36861 <blockquote>
36862 <p>After the Seventh Edition, Unix spawned all sorts of derivatives and offshoots. MacOS is built on top of Darwin, which in turn is derived from the Berkeley Software Distribution (BSD), so BSD is the Unix offshoot we are most interested in. BSD was originally just a collection of useful programs and add-ons for Unix, but it eventually became a complete operating system. BSD seems to have relied on the original cat implementation up until the fourth BSD release, known as 4BSD, when support was added for a whole slew of new flags. The 4BSD implementation of cat is clearly derived from the original implementation, though it adds a new function to implement the behavior triggered by the new flags. The naming conventions already used in the file were adhered to—the fflg variable, used to mark whether input was being read from stdin or a file, was joined by nflg, bflg, vflg, sflg, eflg, and tflg, all there to record whether or not each new flag was supplied in the invocation of the program. These were the last command-line flags added to cat; the man page for cat today lists these flags and no others, at least on Mac OS. 4BSD was released in 1980, so this set of flags is 38 years old.<br>
36863 cat would be entirely rewritten a final time for BSD Net/2, which was, among other things, an attempt to avoid licensing issues by replacing all AT&T Unix-derived code with new code. BSD Net/2 was released in 1991. This final rewrite of cat was done by Kevin Fall, who graduated from Berkeley in 1988 and spent the next year working as a staff member at the Computer Systems Research Group (CSRG). Fall told me that a list of Unix utilities still implemented using AT&T code was put up on a wall at CSRG and staff were told to pick the utilities they wanted to reimplement. Fall picked cat and mknod. The cat implementation bundled with MacOS today is built from a source file that still bears his name at the very top. His version of cat, even though it is a relatively trivial program, is today used by millions.<br>
36864 Fall’s original implementation of cat is much longer than anything we have seen so far. Other than support for a -? help flag, it adds nothing in the way of new functionality. Conceptually, it is very similar to the 4BSD implementation. It is only longer because Fall separates the implementation into a “raw” mode and a “cooked” mode. The “raw” mode is cat classic; it prints a file character for character. The “cooked” mode is cat with all the 4BSD command-line options. The distinction makes sense but it also pads out the implementation so that it seems more complex at first glance than it actually is. There is also a fancy error handling function at the end of the file that further adds to its length.</p>
36865 </blockquote>
36866
36867 <ul>
36868 <li>MacOS</li>
36869 </ul>
36870
36871 <blockquote>
36872 <p>The very first release of Mac OS X thus includes an implementation of cat pulled from the NetBSD project. So the first Mac OS X implementation of cat is Kevin Fall’s cat. The only thing that had changed over the intervening decade was that Fall’s error-handling function err() was removed and the err() function made available by err.h was used in its place. err.h is a BSD extension to the C standard library.<br>
36873 The NetBSD implementation of cat was later swapped out for FreeBSD’s implementation of cat. According to Wikipedia, Apple began using FreeBSD instead of NetBSD in Mac OS X 10.3 (Panther). But the Mac OS X implementation of cat, according to Apple’s own open source releases, was not replaced until Mac OS X 10.5 (Leopard) was released in 2007. The FreeBSD implementation that Apple swapped in for the Leopard release is the same implementation on Apple computers today. As of 2018, the implementation has not been updated or changed at all since 2007.<br>
36874 So the Mac OS cat is old. As it happens, it is actually two years older than its 2007 appearance in MacOS X would suggest. This 2005 change, which is visible in FreeBSD’s Github mirror, was the last change made to FreeBSD’s cat before Apple pulled it into Mac OS X. So the Mac OS X cat implementation, which has not been kept in sync with FreeBSD’s cat implementation, is officially 13 years old. There’s a larger debate to be had about how much software can change before it really counts as the same software; in this case, the source file has not changed at all since 2005.<br>
36875 The cat implementation used by Mac OS today is not that different from the implementation that Fall wrote for the 1991 BSD Net/2 release. The biggest difference is that a whole new function was added to provide Unix domain socket support. At some point, a FreeBSD developer also seems to have decided that Fall’s raw_args() function and cook_args() should be combined into a single function called scanfiles(). Otherwise, the heart of the program is still Fall’s code.<br>
36876 I asked Fall how he felt about having written the cat implementation now used by millions of Apple users, either directly or indirectly through some program that relies on cat being present. Fall, who is now a consultant and a co-author of the most recent editions of TCP/IP Illustrated, says that he is surprised when people get such a thrill out of learning about his work on cat. Fall has had a long career in computing and has worked on many high-profile projects, but it seems that many people still get most excited about the six months of work he put into rewriting cat in 1989.</p>
36877 </blockquote>
36878
36879 <ul>
36880 <li>The Hundred-Year-Old Program</li>
36881 </ul>
36882
36883 <blockquote>
36884 <p>In the grand scheme of things, computers are not an old invention. We’re used to hundred-year-old photographs or even hundred-year-old camera footage. But computer programs are in a different category—they’re high-tech and new. At least, they are now. As the computing industry matures, will we someday find ourselves using programs that approach the hundred-year-old mark?<br>
36885 Computer hardware will presumably change enough that we won’t be able to take an executable compiled today and run it on hardware a century from now. Perhaps advances in programming language design will also mean that nobody will understand C in the future and cat will have long since been rewritten in another language. (Though C has already been around for fifty years, and it doesn’t look like it is about to be replaced any time soon.) But barring all that, why not just keep using the cat we have forever?<br>
36886 I think the history of cat shows that some ideas in computer science are in fact very durable. Indeed, with cat, both the idea and the program itself are old. It may not be accurate to say that the cat on my computer is from 1969. But I could make a case for saying that the cat on my computer is from 1989, when Fall wrote his implementation of cat. Lots of other software is just as ancient. So maybe we shouldn’t think of computer science and software development primarily as fields that disrupt the status quo and invent new things. Our computer systems are built out of historical artifacts. At some point, we may all spend more time trying to understand and maintain those historical artifacts than we spend writing new code.</p>
36887 </blockquote>
36888
36889 <p><hr></p>
36890
36891 <p>##News Roundup<br>
36892 ###<a href="https://www.bleepingcomputer.com/news/security/trivial-bug-in-xorg-gives-root-permission-on-linux-and-bsd-systems/">Trivial Bug in X.Org Gives Root Permission on Linux and BSD Systems</a></p>
36893
36894 <blockquote>
36895 <p>A vulnerability that is trivial to exploit allows privilege escalation to root level on Linux and BSD distributions using <a href="http://X.Org">X.Org</a> server, the open source implementation of the X Window System that offers the graphical environment.<br>
36896 The flaw is now identified as CVE-2018-14665 (credited to security researcher Narendra Shinde). It has been present in xorg-server for two years, since version 1.19.0 and is exploitable by a limited user as long as the X server runs with elevated permissions.</p>
36897 </blockquote>
36898
36899 <ul>
36900 <li>Privilege escalation and arbitrary file overwrite</li>
36901 </ul>
36902
36903 <blockquote>
36904 <p>An advisory on Thursday describes the problem as an “incorrect command-line parameter validation” that also allows an attacker to overwrite arbitrary files.<br>
36905 Privilege escalation can be accomplished via the -modulepath argument by setting an insecure path to modules loaded by the <a href="http://X.org">X.org</a> server. Arbitrary file overwrite is possible through the -logfile argument, because of improper verification when parsing the option.</p>
36906 </blockquote>
36907
36908 <ul>
36909 <li>Bug could have been avoided in OpenBSD 6.4</li>
36910 </ul>
36911
36912 <blockquote>
36913 <p>OpenBSD, the free and open-source operating system with a strong focus on security, uses xorg. On October 18, the project released version 6.4 of the OS, affected by CVE-2018-14665. This could have been avoided, though.<br>
36914 Theo de Raadt, founder and leader of the OpenBSD project, says that X maintainer knew about the problem since at least October 11. For some reason, the OpenBSD developers received the message one hour before the public announcement this Thursday, a week after their new OS release.<br>
36915 “As yet we don’t have answers about why our X maintainer (on the X security team) and his team provided information to other projects (some who don’t even ship with this new X server) but chose to not give us a heads-up which could have saved all the new 6.4 users a lot of grief,” Raadt says.<br>
36916 Had OpenBSD developers known about the bug before the release, they could have taken steps to mitigate the problem or delay the launch for a week or two.<br>
36917 To remedy the problem, the OpenBSD project provides a source code patch, which requires compiling and rebuilding the X server.<br>
36918 As a temporary solution, users can disable the Xorg binary by running the following command:</p>
36919 </blockquote>
36920
36921 <p><code>chmod u-s /usr/X11R6/bin/Xorg</code></p>
36922
36923 <ul>
36924 <li>Trivial exploitation</li>
36925 </ul>
36926
36927 <blockquote>
36928 <p>CVE-2018-14665 does not help compromise systems, but it is useful in the following stages of an attack.<br>
36929 Leveraging it after gaining access to a vulnerable machine is fairly easy. Matthew Hickey, co-founder, and head of Hacker House security outfit created and published an exploit, saying that it can be triggered from a remote SSH session.<br>
36930 Three hours after the public announcement of the security gap, Daemon Security CEO Michael Shirk replied with one line that overwrote shadow files on the system. Hickey did one better and fit the entire local privilege escalation exploit in one line.<br>
36931 Apart from OpenBSD, other operating systems affected by the bug include Debian and Ubuntu, Fedora and its downstream distro Red Hat Enterprise Linux along with its community-supported counterpart CentOS.</p>
36932 </blockquote>
36933
36934 <p><hr></p>
36935
36936 <p>###<a href="https://blog.gsora.xyz/openbsd-on-the-desktop-some-thoughts/">OpenBSD on the Desktop: some thoughts</a></p>
36937
36938 <blockquote>
36939 <p>I’ve been using OpenBSD on my ThinkPad X230 for some weeks now, and the experience has been peculiar in some ways.<br>
36940 The OS itself in my opinion is not ready for widespread desktop usage, and the development team is not trying to push it in the throat of anybody who wants a Windows or macOS alternative.<br>
36941 You need to understand a little bit of how *NIX systems work, because you’ll use CLI more than UI.<br>
36942 That’s not necessarily bad, and I’m sure I learned a trick or two that could translate easily to Linux or macOS.<br>
36943 Their development process is purely based on developers that love to contribute and hack around, just because it’s fun.<br>
36944 Even the mailing list is a cool place to hang on!<br>
36945 Code correctness and security are a must, nothing gets committed if it doesn’t get reviewed thoroughly first - nowadays the first two properties should be enforced in every major operating system.<br>
36946 I like the idea of a platform that continually evolves.<br>
36947 pledge(2) and unveil(2) are the proof that with a little effort, you can secure existing software better than ever.<br>
36948 I like the “sensible defaults” approach, having an OS ready to be used - UI included if you selected it during the setup process - is great.<br>
36949 Just install a browser and you’re ready to go.<br>
36950 Manual pages on OpenBSD are real manuals, not an extension of the “–help” command found in most CLI softwares.<br>
36951 They help you understand inner workings of the operating system, no internet connection needed.<br>
36952 There are some trade-offs, too.<br>
36953 Performance is not first-class, mostly because of all the security mitigations and checks done at runtime3.<br>
36954 I write Go code in neovim, and sometimes you can feel a slight slowdown when you’re compiling and editing multiple files at the same time, but usually I can’t notice any meaningful difference.<br>
36955 Browsers are a different matter though, you can definitely feel something differs from the experience you can have on mainstream operating systems.<br>
36956 But again, trade-offs.<br>
36957 To use OpenBSD on the desktop you must be ready to sacrifice some of the goodies of mainstream OSes, but if you’re searching for a zen place to do your computing stuff, it’s the best you can get right now.</p>
36958 </blockquote>
36959
36960 <p><hr></p>
36961
36962 <p>###<a href="https://distrowatch.com/weekly.php?issue=20180813#nomadbsd">Review: NomadBSD 1.1</a></p>
36963
36964 <blockquote>
36965 <p>One of the most recent additions to the DistroWatch database is NomadBSD. According to the NomadBSD website: “NomadBSD is a 64-bit live system for USB flash drives, based on FreeBSD. Together with automatic hardware detection and setup, it is configured to be used as a desktop system that works out of the box, but can also be used for data recovery.”<br>
36966 The latest release of NomadBSD (or simply “Nomad”, as I will refer to the project in this review) is version 1.1. It is based on FreeBSD 11.2 and is offered in two builds, one for generic personal computers and one for Macbooks. The release announcement mentions version 1.1 offers improved video driver support for Intel and AMD cards. The operating system ships with Octopkg for graphical package management and the system should automatically detect, and work with, VirtualBox environments.<br>
36967 Nomad 1.1 is available as a 2GB download, which we then decompress to produce a 4GB file which can be written to a USB thumb drive. There is no optical media build of Nomad as it is designed to be run entirely from the USB drive, and write data persistently to the drive, rather than simply being installed from the USB media.</p>
36968 </blockquote>
36969
36970 <ul>
36971 <li>Initial setup</li>
36972 </ul>
36973
36974 <blockquote>
36975 <p>Booting from the USB drive brings up a series of text-based menus which ask us to configure key parts of the operating system. We are asked to select our time zone, keyboard layout, keyboard model, keyboard mapping and our preferred language. While we can select options from a list, the options tend to be short and cryptic. Rather than “English (US)”, for example, we might be given “en_US”. We are also asked to create a password for the root user account and another one for a regular user which is called “nomad”. We can then select which shell nomad will use. The default is zsh, but there are plenty of other options, including csh and bash. We have the option of encrypting our user’s home directory.<br>
36976 I feel it is important to point out that these settings, and nomad’s home directory, are stored on the USB drive. The options and settings we select will not be saved to our local hard drive and our configuration choices will not affect other operating systems already installed on our computer. At the end, the configuration wizard asks if we want to run the BSDstats service. This option is not explained at all, but it contacts BSDstats to provide some basic statistics on BSD users.<br>
36977 The system then takes a few minutes to apply its changes to the USB drive and automatically reboots the computer. While running the initial setup wizard, I had nearly identical experiences when running Nomad on a physical computer and running the operating system in a VirtualBox virtual machine. However, after the initial setup process was over, I had quite different experiences depending on the environment so I want to divide my experiences into two different sections.</p>
36978 </blockquote>
36979
36980 <ul>
36981 <li>Physical desktop computer</li>
36982 </ul>
36983
36984 <blockquote>
36985 <p>At first, Nomad failed to boot on my desktop computer. From the operating system’s boot loader, I enabled Safe Mode which allowed Nomad to boot. At that point, Nomad was able to start up, but would only display a text console. The desktop environment failed to start when running in Safe Mode.<br>
36986 Networking was also disabled by default and I had to enable a network interface and DHCP address assignment to connect to the Internet. Instructions for enabling networking can be found in FreeBSD’s Handbook. Once we are on-line we can use the pkg command line package manager to install and update software. Had the desktop environment worked then the Octopkg graphical package manager would also be available to make browsing and installing software a point-n-click experience.<br>
36987 Had I been able to run the desktop for prolonged amounts of time I could have made use of such pre-installed items as the Firefox web browser, the VLC media player, LibreOffice and Thunderbird. Nomad offers a fairly small collection of desktop applications, but what is there is mostly popular, capable software.<br>
36988 When running the operating system I noted that, with one user logged in, Nomad only runs 15 processes with the default configuration. These processes require less than 100MB of RAM, and the whole system fits comfortably on a 4GB USB drive.</p>
36989 </blockquote>
36990
36991 <ul>
36992 <li>Conclusions</li>
36993 </ul>
36994
36995 <blockquote>
36996 <p>Ultimately using Nomad was not a practical option for me. The operating system did not work well with my hardware, or the virtual environment. In the virtual machine, Nomad crashed consistently after just a few minutes of uptime. On the desktop computer, I could not get a desktop environment to run. The command line tools worked well, and the system performed tasks very quickly, but a command line only environment is not well suited to my workflow.<br>
36997 I like the idea of what NomadBSD is offering. There are not many live desktop flavours of FreeBSD, apart from GhostBSD. It was nice to see developers trying to make a FreeBSD-based, plug-and-go operating system that would offer a desktop and persistent storage. I suspect the system would work and perform its stated functions on different hardware, but in my case my experiment was necessarily short lived.</p>
36998 </blockquote>
36999
37000 <p><hr></p>
37001
37002 <p>##Beastie Bits</p>
37003
37004 <ul>
37005 <li><a href="https://oshogbo.vexillium.org/blog/50/">FreeBSD lockless algorithm - seq</a></li>
37006 <li><a href="https://github.com/bob-beck/libtls/blob/master/TUTORIAL.md">Happy Bob’s Libtls tutorial</a></li>
37007 <li><a href="https://chown.me/blog/locking-openbsd-when-sleeping.html">Locking OpenBSD when it’s sleeping</a></li>
37008 <li><a href="https://www.geoghegan.ca/serviio.html">iio - The OpenBSD Way</a></li>
37009 <li><a href="https://bsdboy.ml/blog/installing-hugo-and-hosting-on-openbsd.html">Installing Hugo and Hosting Website on OpenBSD Server</a></li>
37010 <li><a href="http://blog.osorio.me/post.php?idpost=1">Fosdem 2019 reminder: BSD devroom CfP</a></li>
37011 <li><a href="https://www.youtube.com/watch?v=4gOoPxGKKjA&feature=youtu.be">OpenBGPD, gotta go fast! - Claudio Jeker</a></li>
37012 <li><a href="http://project-trident.org/post/2018-11-10_rc3-available/">Project Trident RC3 available</a></li>
37013 <li><a href="https://lists.freebsd.org/pipermail/freebsd-announce/2018-November/001849.html">FreeBSD 10.4 EOL</a></li>
37014 <li><a href="https://bsd.network/@ephemeris/101073578346815313">Play “Crazy Train” through your APU2 speaker</a></li>
37015 </ul>
37016
37017 <p><hr></p>
37018
37019 <p>##Feedback/Questions</p>
37020
37021 <ul>
37022 <li>Tobias - <a href="http://dpaste.com/174WGEY#wrap">Satisfying my storage hunger and wallet pains</a></li>
37023 <li>Lasse - <a href="http://dpaste.com/1QBMH73">Question regarding FreeBSD backups</a>
37024 <ul>
37025 <li><a href="https://twitter.com/dlangille">https://twitter.com/dlangille</a></li>
37026 <li><a href="https://dan.langille.org/">https://dan.langille.org/</a></li>
37027 </ul>
37028
37029 <p></li><br>
37030 </ul><br>
37031 <hr></p>
37032
37033 <ul>
37034 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
37035 </ul>
37036
37037 <p><hr></p>]]>
37038 </itunes:summary>
37039 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+ux9vMUR8</fireside:playerURL>
37040 <fireside:playerEmbedCode>
37041 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+ux9vMUR8" width="740" height="200" frameborder="0" scrolling="no">]]>
37042 </fireside:playerEmbedCode>
37043 </item>
37044 <item>
37045 <title>Episode 272: Detain the bhyve | BSD Now 272</title>
37046 <link>https://www.bsdnow.tv/272</link>
37047 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-2899</guid>
37048 <pubDate>Thu, 15 Nov 2018 10:00:00 -0800</pubDate>
37049 <author>Allan Jude</author>
37050 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/23422ca9-e188-4755-aaf1-295422643d21.mp3" length="41375491" type="audio/mp3"/>
37051 <itunes:episodeType>full</itunes:episodeType>
37052 <itunes:author>Allan Jude</itunes:author>
37053 <itunes:subtitle>Byproducts of reading OpenBSD’s netcat code, learnings from porting your own projects to FreeBSD, OpenBSD’s unveil(), NetBSD’s Virtual Machine Monitor, what 'dependency' means in Unix init systems, jailing bhyve, and more.</itunes:subtitle>
37054 <itunes:duration>1:08:39</itunes:duration>
37055 <itunes:explicit>no</itunes:explicit>
37056 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
37057 <description>Byproducts of reading OpenBSD’s netcat code, learnings from porting your own projects to FreeBSD, OpenBSD’s unveil(), NetBSD’s Virtual Machine Monitor, what 'dependency' means in Unix init systems, jailing bhyve, and more.
37058 <p>##Headlines<br> ###<a href="https://nanxiao.me/en/the-byproducts-of-reading-openbsd-netcat-code/">The byproducts of reading OpenBSD netcat code</a></p> <blockquote> <p>When I took part in a training last year, I heard about netcat for the first time. During that class, the tutor showed some hacks and tricks of using netcat which appealed to me and motivated me to learn the guts of it. Fortunately, in the past 2 months, I was not so busy that I can spend my spare time to dive into OpenBSD‘s netcat source code, and got abundant byproducts during this process.<br> (1) Brush up socket programming. I wrote my first network application more than 10 years ago, and always think the socket APIs are marvelous. Just ~10 functions (socket, bind, listen, accept…) with some IO multiplexing buddies (select, poll, epoll…) connect the whole world, wonderful! From that time, I developed a habit that is when touching a new programming language, network programming is an essential exercise. Even though I don’t write socket related code now, reading netcat socket code indeed refresh my knowledge and teach me new stuff.<br> (2) Write a tutorial about netcat. I am mediocre programmer and will forget things when I don’t use it for a long time. So I just take notes of what I think is useful. IMHO, this “tutorial” doesn’t really mean teach others something, but just a journal which I can refer when I need in the future.<br> (3) Submit patches to netcat. During reading code, I also found bugs and some enhancements. Though trivial contributions to OpenBSD, I am still happy and enjoy it.<br> (4) Implement a C++ encapsulation of libtls. OpenBSD‘s netcat supports tls/ssl connection, but it needs you take full care of resource management (memory, socket, etc), otherwise a small mistake can lead to resource leak which is fatal for long-live applications (In fact, the two bugs I reported to OpenBSD are all related resource leak). Therefore I develop a simple C++ library which wraps the libtls and hope it can free developer from this troublesome problem and put more energy in application logic part.<br> Long story to short, reading classical source code is a rewarding process, and you can consider to try it yourself.</p> </blockquote> <hr> <p>###<a href="https://github.com/shlomif/what-i-learned-from-porting-to-freebsd#what-i-learned-from-porting-my-projects-to-freebsd">What I learned from porting my projects to FreeBSD</a></p> <ul> <li>Introduction</li> </ul> <blockquote> <p>I set up a local FreeBSD VirtualBox VM to test something, and it seems to work very well. Due to the novelty factor, I decided to get my software projects to build and pass the tests there.</p> </blockquote> <ul> <li> <p>The Projects</p> </li> <li> <p><a href="https://github.com/shlomif/shlomif-computer-settings/">https://github.com/shlomif/shlomif-computer-settings/</a> (my dotfiles).</p> </li> <li> <p><a href="https://web-cpan.shlomifish.org/latemp/">https://web-cpan.shlomifish.org/latemp/</a></p> </li> <li> <p><a href="https://fc-solve.shlomifish.org/">https://fc-solve.shlomifish.org/</a></p> </li> <li> <p><a href="https://www.shlomifish.org/open-source/projects/black-hole-solitaire-solver/">https://www.shlomifish.org/open-source/projects/black-hole-solitaire-solver/</a></p> </li> <li> <p><a href="https://better-scm.shlomifish.org/source/">https://better-scm.shlomifish.org/source/</a></p> </li> <li> <p><a href="http://perl-begin.org/source/">http://perl-begin.org/source/</a></p> </li> <li> <p><a href="https://www.shlomifish.org/meta/site-source/">https://www.shlomifish.org/meta/site-source/</a></p> </li> <li> <p>Written using a mix of C, Perl 5, Python, Ruby, GNU Bash, XML, CMake, XSLT, XHTML5, XHTML1.1, Website META Language, JavaScript and more.</p> </li> <li> <p>Work fine on several Linux distributions and have <a href="https://en.wikipedia.org/wiki/Travis_CI">https://en.wikipedia.org/wiki/TravisCI</a> using Ubuntu 14.04 hosts</p> </li> <li> <p>Some pass builds and tests on AppVeyor/Win64</p> </li> <li> <p>What I Learned:</p> </li> <li> <p>FreeBSD on VBox has become very reliable</p> </li> <li> <p>Some executables on FreeBSD are in /usr/local/bin instead of /usr/bin</p> </li> <li> <p>make on FreeBSD is not GNU make</p> </li> <li> <p>m4 on FreeBSD is not compatible with GNU m4</p> </li> <li> <p>Some CPAN Modules fail to install using local-lib there</p> </li> <li> <p>DocBook/XSL Does Not Live Under /usr/share/sgml</p> </li> <li> <p>FreeBSD’s grep does not have a “-P” flag by default</p> </li> <li> <p>FreeBSD has no “nproc” command</p> </li> <li> <p>Conclusion:</p> </li> <li> <p>It is easier to port a shell than a shell script. — Larry Wall</p> </li> <li> <p>I ran into some cases where my scriptology was lacking and suboptimal, even for my own personal use, and fixed them.</p> </li> </ul> <hr> <p>##News Roundup<br> ###<a href="https://lwn.net/Articles/767137/">OpenBSD’s unveil()</a></p> <blockquote> <p>One of the key aspects of hardening the user-space side of an operating system is to provide mechanisms for restricting which parts of the filesystem hierarchy a given process can access. Linux has a number of mechanisms of varying capability and complexity for this purpose, but other kernels have taken a different approach. Over the last few months, OpenBSD has inaugurated a new system call named unveil() for this type of hardening that differs significantly from the mechanisms found in Linux.<br> The value of restricting access to the filesystem, from a security point of view, is fairly obvious. A compromised process cannot exfiltrate data that it cannot read, and it cannot corrupt files that it cannot write. Preventing unwanted access is, of course, the purpose of the permissions bits attached to every file, but permissions fall short in an important way: just because a particular user has access to a given file does not necessarily imply that every program run by that user should also have access to that file. There is no reason why your PDF viewer should be able to read your SSH keys, for example. Relying on just the permission bits makes it easy for a compromised process to access files that have nothing to do with that process’s actual job.<br> In a Linux system, there are many ways of trying to restrict that access; that is one of the purposes behind the Linux security module (LSM) architecture, for example. The SELinux LSM uses a complex matrix of labels and roles to make access-control decisions. The AppArmor LSM, instead, uses a relatively simple table of permissible pathnames associated with each application; that approach was highly controversial when AppArmor was first merged, and is still looked down upon by some security developers. Mount namespaces can be used to create a special view of the filesystem hierarchy for a set of processes, rendering much of that hierarchy invisible and, thus, inaccessible. The seccomp mechanism can be used to make decisions on attempts by a process to access files, but that approach is complex and error-prone. Yet another approach can be seen in the Qubes OS distribution, which runs applications in virtual machines to strictly control what they can access.<br> Compared to many of the options found in Linux, unveil() is an exercise in simplicity. This system call, introduced in July, has this prototype:</p> </blockquote> <p><code>int unveil(const char *path, const char *permissions);</code></p> <blockquote> <p>A process that has never called unveil() has full access to the filesystem hierarchy, modulo the usual file permissions and any restrictions that may have been applied by calling pledge(). Calling unveil() for the first time will “drop a veil” across the entire filesystem, rendering the whole thing invisible to the process, with one exception: the file or directory hierarchy starting at path will be accessible with the given permissions. The permissions string can contain any of “r” for read access, “w” for write, “x” for execute, and “c” for the ability to create or remove the path.<br> Subsequent calls to unveil() will make other parts of the filesystem hierarchy accessible; the unveil() system call itself still has access to the entire hierarchy, so there is no problem with unveiling distinct subtrees that are, until the call is made, invisible to the process. If one unveil() call applies to a subtree of a hierarchy unveiled by another call, the permissions associated with the more specific call apply.<br> Calling unveil() with both arguments as null will block any further calls, setting the current view of the filesystem in stone. Calls to unveil() can also be blocked using pledge(). Either way, once the view of the filesystem has been set up appropriately, it is possible to lock it so that the process cannot expand its access in the future should it be taken over and turn hostile.<br> unveil() thus looks a bit like AppArmor, in that it is a path-based mechanism for restricting access to files. In either case, one must first study the program in question to gain a solid understanding of which files it needs to access before closing things down, or the program is likely to break. One significant difference (beyond the other sorts of behavior that AppArmor can control) is that AppArmor’s permissions are stored in an external policy file, while unveil() calls are made by the application itself. That approach keeps the access rules tightly tied to the application and easy for the developers to modify, but it also makes it harder for system administrators to change them without having to rebuild the application from source.<br> One can certainly aim a number of criticisms at unveil() — all of the complaints that have been leveled at path-based access control and more. But the simplicity of unveil() brings a certain kind of utility, as can be seen in the large number of OpenBSD applications that are being modified to use it. OpenBSD is gaining a base level of protection against unintended program behavior; while it is arguably possible to protect a Linux system to a much greater extent, the complexity of the mechanisms involved keeps that from happening in a lot of real-world deployments. There is a certain kind of virtue to simplicity in security mechanisms.</p> </blockquote> <hr> <p>###<a href="http://m00nbsd.net/4e0798b7f2620c965d0dd9d6a7a2f296.html">NetBSD Virtual Machine Monitor (NVVM)</a></p> <ul> <li>NetBSD Virtual Machine Monitor</li> </ul> <blockquote> <p>The NVMM driver provides hardware-accelerated virtualization support on NetBSD. It is made of an ~MI frontend, to which MD backends can be plugged. A virtualization API is provided in libnvmm, that allows to easily create and manage virtual machines via NVMM. Two additional components are shipped as demonstrators, toyvirt and smallkern: the former is a toy virtualizer, that executes in a VM the 64bit ELF binary given as argument, the latter is an example of such binary.</p> </blockquote> <ul> <li>Download</li> </ul> <blockquote> <p>The source code of NVMM, plus the associated tools, can be downloaded here.</p> </blockquote> <ul> <li>Technical details</li> </ul> <blockquote> <p>NVMM can support up to 128 virtual machines, each having a maximum of 256 VCPUs and 4GB of RAM.<br> Each virtual machine is granted access to most of the CPU registers: the GPRs (obviously), the Segment Registers, the Control Registers, the Debug Registers, the FPU (x87 and SSE), and several MSRs.<br> Events can be injected in the virtual machines, to emulate device interrupts. A delay mechanism is used, and allows VMM software to schedule the interrupt right when the VCPU can receive it. NMIs can be injected as well, and use a similar mechanism.<br> The host must always be x8664, but the guest has no constraint on the mode, so it can be x8632, PAE, real mode, and so on.<br> The TSC of each VCPU is always re-based on the host CPU it is executing on, and is therefore guaranteed to increase regardless of the host CPU. However, it may not increase monotonically, because it is not possible to fully hide the host effects on the guest during #VMEXITs.<br> When there are more VCPUs than the host TLB can deal with, NVMM uses a shared ASID, and flushes the shared-ASID VCPUs on each VM switch.<br> The different intercepts are configured in such a way that they cover everything that needs to be emulated. In particular, the LAPIC can be emulated by VMM software, by intercepting reads/writes to the LAPIC page in memory, and monitoring changes to CR8 in the exit state.</p> </blockquote> <hr> <p>###<a href="https://utcc.utoronto.ca/~cks/space/blog/sysadmin/InitDependencyUnclear">What ‘dependency’ means in Unix init systems is underspecified (utoronto.ca)</a></p> <blockquote> <p>I was reading Davin McCall’s On the vagaries of init systems (via) when I ran across the following, about the relationship between various daemons (services, etc):<br> I do not see any compelling reason for having ordering relationships without actual dependency, as both Nosh and Systemd provide for. In comparison, Dinit’s dependencies also imply an ordering, which obviates the need to list a dependency twice in the service description.<br> Well, this may be an easy one but it depends on what an init system means by ‘dependency’. Let’s consider ®syslog and the SSH daemon. I want the syslog daemon to be started before the SSH daemon is started, so that the SSH daemon can log things to it from the beginning. However, I very much do not want the SSH daemon to not be started (or to be shut down) if the syslog daemon fails to start or later fails. If syslog fails, I still want the SSH daemon to be there so that I can perhaps SSH in to the machine and fix the problem.<br> This is generally true of almost all daemons; I want them to start after syslog, so that they can syslog things, but I almost never want them to not be running if syslog failed. (And if for some reason syslog is not configured to start, I want enabling and starting, say, SSH, to also enable and start the syslog daemon.)<br> In general, there are three different relationships between services that I tend to encounter:</p> </blockquote> <ul> <li> <p>a hard requirement, where service B is useless or dangerous without service A. For instance, many NFS v2 and NFS v3 daemons basically don’t function without the RPC portmapper alive and active. On any number of systems, firewall rules being in place are a hard requirement to start most network services; you would rather your network services not start at all than that they start without your defenses in place.</p> </li> <li> <p>a want, where service B wants service A to be running before B starts up, and service A should be started even if it wouldn’t otherwise be, but the failure of A still leaves B functional. Many daemons want the syslog daemon to be started before they start but will run without it, and often you want them to do so so that at least some of the system works even if there is, say, a corrupt syslog configuration file that causes the daemon to error out on start. (But some environments want to hard-fail if they can’t collect security related logging information, so they might make rsyslogd a requirement instead of a want.)</p> </li> <li> <p>an ordering, where if service A is going to be started, B wants to start after it (or before it), but B isn’t otherwise calling for A to be started. We have some of these in our systems, where we need NFS mounts done before cron starts and runs people’s @reboot jobs but neither cron nor NFS mounts exactly or explicitly want each other. (The system as a whole wants both, but that’s a different thing.)</p> </li> </ul> <blockquote> <p>Given these different relationships and the implications for what the init system should do in different situations, talking about ‘dependency’ in it systems is kind of underspecified. What sort of dependency? What happens if one service doesn’t start or fails later?<br> My impression is that generally people pick a want relationship as the default meaning for init system ‘dependency’. Usually this is fine; most services aren’t actively dangerous if one of their declared dependencies fails to start, and it’s generally harmless on any particular system to force a want instead of an ordering relationship because you’re going to be starting everything anyway.</p> </blockquote> <ul> <li>(In my example, you might as well say that cron on the systems in question wants NFS mounts. There is no difference in practice; we already always want to do NFS mounts and start cron.)</li> </ul> <hr> <p>###<a href="https://github.com/lattera/articles/blob/master/freebsd/2018-10-27jailedbhyve/article.md">Jailing The bhyve Hypervisor</a></p> <blockquote> <p>As FreeBSD nears the final 12.0-RELEASE release engineering cycles, I’d like to take a moment to document a cool new feature coming in 12: jailed bhyve.<br> You may notice that I use HardenedBSD instead of FreeBSD in this article. There is no functional difference in bhyve on HardenedBSD versus bhyve on FreeBSD. The only difference between HardenedBSD and FreeBSD is the aditional security offered by HardenedBSD.<br> The steps I outline here work for both FreeBSD and HardenedBSD. These are the bare minimum steps, no extra work needed for either FreeBSD or HardenedBSD.</p> </blockquote> <ul> <li>A Gentle History Lesson</li> </ul> <blockquote> <p>At work in my spare time, I’m helping develop a malware lab. Due to the nature of the beast, we would like to use bhyve on HardenedBSD. Starting with HardenedBSD 12, non-Cross-DSO CFI, SafeStack, Capsicum, ASLR, and strict W^X are all applied to bhyve, making it an extremely hardened hypervisor.<br> So, the work to support jailed bhyve is sponsored by both HardenedBSD and my employer. We’ve also jointly worked on other bhyve hardening features, like protecting the VM’s address space using guard pages (mmap(…, MAPGUARD, …)). Further work is being done in a project called “malhyve.” Only those modifications to bhyve/malhyve that make sense to upstream will be upstreamed.</p> </blockquote> <ul> <li>Initial Setup</li> </ul> <blockquote> <p>We will not go through the process of creating the jail’s filesystem. That process is documented in the FreeBSD Handbook. For UEFI guests, you will need to install the uefi-edk2-bhyve package inside the jail.<br> I network these jails with traditional jail networking. I have tested vnet jails with this setup, and that works fine, too. However, there is no real need to hook the jail up to any network so long as bhyve can access the tap device. In some cases, the VM might not need networking, in which case you can use a network-less VM in a network-less jail.<br> By default, access to the kernel side of bhyve is disabled within jails. We need to set allow.vmm in our jail.conf entry for the bhyve jail.</p> </blockquote> <ul> <li> <p>We will use the following in our jail, so we will need to set up devfs(8) rules for them:</p> </li> <li> <p>A ZFS volume</p> </li> <li> <p>A null-modem device (nmdm(4))</p> </li> <li> <p>UEFI GOP (no devfs rule, but IP assigned to the jail)</p> </li> <li> <p>A tap device</p> </li> <li> <p>Conclusion</p> </li> </ul> <blockquote> <p>The bhyve hypervisor works great within a jail. When combined with HardenedBSD, bhyve is extremely hardened:</p> </blockquote> <ul> <li>PaX ASLR is fully applied due to compilation as a Position-Independent Executable (HardenedBSD enhancement)</li> <li>PaX NOEXEC is fully applied (strict W^X) (HardenedBSD enhancement)</li> <li>Non-Cross-DSO CFI is fully applied (HardenedBSD enhancement)</li> <li>Full RELRO (RELRO + BINDNOW) is fully applied (HardenedBSD enhancement)</li> <li>SafeStack is applied to the application (HardenedBSD enhancement)</li> <li>Jailed (FreeBSD feature written by HardenedBSD)</li> <li>Virtual memory protected with guard pages (FreeBSD feature written by HardenedBSD)</li> <li>Capsicum is fully applied (FreeBSD feature)</li> </ul> <blockquote> <p>Bad guys are going to have a hard time breaking out of the userland components of bhyve on HardenedBSD. :)</p> </blockquote> <hr> <p>##Beastie Bits</p> <ul> <li><a href="https://www.ghostbsd.org/18.10releaseannouncement">GhostBSD 18.10 has been released</a></li> <li><a href="http://project-trident.org/post/2018-11-10rc3-available/">Project Trident RC3 has been released</a></li> <li><a href="https://undeadly.org/cgi?action=article;sid=20181022130631">The OpenBSD Foundation receives the first Silver contribution from a single individual</a></li> <li><a href="http://www.echothrust.com/blogs/monitoring-pf-logs-gource">Monitoring pf logs gource</a></li> <li><a href="https://twitter.com/zmcgrew/status/1055682596812730368">NetBSD on the RISC-V is alive</a></li> <li><a href="https://marc.info/?l=openbsd-tech&amp;m=154050351216908&amp;w=2">The X hole</a></li> <li><a href="http://mail-index.netbsd.org/pkgsrc-users/2018/10/05/msg027525.html">Announcing the pkgsrc-2018Q3 release (2018-10-05)</a></li> <li><a href="https://an.undulating.space/post/180927-er_alternate_firmware_benchmarks/">NAT performance on EdgeRouter X and Lite with EdgeOS, OpenBSD, and OpenWRT</a></li> <li><a href="https://www.princeton.edu/~hos/mike/transcripts/thompson.htm">UNIX (as we know it) might not have existed without Mrs. Thompson</a></li> <li><a href="https://www.freepizza.io/">Free Pizza for your dev events</a></li> <li><a href="https://calagator.org/events/1250474530">Portland BSD Pizza Night: Nov 29th 7pm</a></li> </ul> <hr> <p>##Feedback/Questions</p> <ul> <li>Dennis - <a href="http://dpaste.com/36JB7EC#wrap">Core developers leaving illumOS?</a></li> <li>Ben - <a href="http://dpaste.com/1R36Z32#wrap">Jumping from snapshot to snapshot</a></li> <li>Ias - <a href="http://dpaste.com/1CC86MX">Question about ZFS snapshots</a></li> </ul> <hr> <ul> <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li> </ul> <hr>
37059 </description>
37060 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, bhyve, jail, netcat, unveil, NVVM, 18.10, rc3</itunes:keywords>
37061 <content:encoded>
37062 <![CDATA[<p>Byproducts of reading OpenBSD’s netcat code, learnings from porting your own projects to FreeBSD, OpenBSD’s unveil(), NetBSD’s Virtual Machine Monitor, what 'dependency' means in Unix init systems, jailing bhyve, and more.<br>
37063 <p>##Headlines<br> ###<a href="https://nanxiao.me/en/the-byproducts-of-reading-openbsd-netcat-code/">The byproducts of reading OpenBSD netcat code</a></p> <blockquote> <p>When I took part in a training last year, I heard about netcat for the first time. During that class, the tutor showed some hacks and tricks of using netcat which appealed to me and motivated me to learn the guts of it. Fortunately, in the past 2 months, I was not so busy that I can spend my spare time to dive into OpenBSD‘s netcat source code, and got abundant byproducts during this process.<br> (1) Brush up socket programming. I wrote my first network application more than 10 years ago, and always think the socket APIs are marvelous. Just ~10 functions (socket, bind, listen, accept…) with some IO multiplexing buddies (select, poll, epoll…) connect the whole world, wonderful! From that time, I developed a habit that is when touching a new programming language, network programming is an essential exercise. Even though I don’t write socket related code now, reading netcat socket code indeed refresh my knowledge and teach me new stuff.<br> (2) Write a tutorial about netcat. I am mediocre programmer and will forget things when I don’t use it for a long time. So I just take notes of what I think is useful. IMHO, this “tutorial” doesn’t really mean teach others something, but just a journal which I can refer when I need in the future.<br> (3) Submit patches to netcat. During reading code, I also found bugs and some enhancements. Though trivial contributions to OpenBSD, I am still happy and enjoy it.<br> (4) Implement a C++ encapsulation of libtls. OpenBSD‘s netcat supports tls/ssl connection, but it needs you take full care of resource management (memory, socket, etc), otherwise a small mistake can lead to resource leak which is fatal for long-live applications (In fact, the two bugs I reported to OpenBSD are all related resource leak). Therefore I develop a simple C++ library which wraps the libtls and hope it can free developer from this troublesome problem and put more energy in application logic part.<br> Long story to short, reading classical source code is a rewarding process, and you can consider to try it yourself.</p> </blockquote> <hr> <p>###<a href="https://github.com/shlomif/what-i-learned-from-porting-to-freebsd#what-i-learned-from-porting-my-projects-to-freebsd">What I learned from porting my projects to FreeBSD</a></p> <ul> <li>Introduction</li> </ul> <blockquote> <p>I set up a local FreeBSD VirtualBox VM to test something, and it seems to work very well. Due to the novelty factor, I decided to get my software projects to build and pass the tests there.</p> </blockquote> <ul> <li> <p>The Projects</p> </li> <li> <p><a href="https://github.com/shlomif/shlomif-computer-settings/"><a href="https://github.com/shlomif/shlomif-computer-settings/" rel="nofollow">https://github.com/shlomif/shlomif-computer-settings/</a></a> (my dotfiles).</p> </li> <li> <p><a href="https://web-cpan.shlomifish.org/latemp/"><a href="https://web-cpan.shlomifish.org/latemp/" rel="nofollow">https://web-cpan.shlomifish.org/latemp/</a></a></p> </li> <li> <p><a href="https://fc-solve.shlomifish.org/"><a href="https://fc-solve.shlomifish.org/" rel="nofollow">https://fc-solve.shlomifish.org/</a></a></p> </li> <li> <p><a href="https://www.shlomifish.org/open-source/projects/black-hole-solitaire-solver/"><a href="https://www.shlomifish.org/open-source/projects/black-hole-solitaire-solver/" rel="nofollow">https://www.shlomifish.org/open-source/projects/black-hole-solitaire-solver/</a></a></p> </li> <li> <p><a href="https://better-scm.shlomifish.org/source/"><a href="https://better-scm.shlomifish.org/source/" rel="nofollow">https://better-scm.shlomifish.org/source/</a></a></p> </li> <li> <p><a href="http://perl-begin.org/source/"><a href="http://perl-begin.org/source/" rel="nofollow">http://perl-begin.org/source/</a></a></p> </li> <li> <p><a href="https://www.shlomifish.org/meta/site-source/"><a href="https://www.shlomifish.org/meta/site-source/" rel="nofollow">https://www.shlomifish.org/meta/site-source/</a></a></p> </li> <li> <p>Written using a mix of C, Perl 5, Python, Ruby, GNU Bash, XML, CMake, XSLT, XHTML5, XHTML1.1, Website META Language, JavaScript and more.</p> </li> <li> <p>Work fine on several Linux distributions and have <a href="https://en.wikipedia.org/wiki/Travis_CI"><a href="https://en.wikipedia.org/wiki/Travis_CI" rel="nofollow">https://en.wikipedia.org/wiki/Travis_CI</a></a> using Ubuntu 14.04 hosts</p> </li> <li> <p>Some pass builds and tests on AppVeyor/Win64</p> </li> <li> <p>What I Learned:</p> </li> <li> <p>FreeBSD on VBox has become very reliable</p> </li> <li> <p>Some executables on FreeBSD are in /usr/local/bin instead of /usr/bin</p> </li> <li> <p>make on FreeBSD is not GNU make</p> </li> <li> <p>m4 on FreeBSD is not compatible with GNU m4</p> </li> <li> <p>Some CPAN Modules fail to install using local-lib there</p> </li> <li> <p>DocBook/XSL Does Not Live Under /usr/share/sgml</p> </li> <li> <p>FreeBSD’s grep does not have a “-P” flag by default</p> </li> <li> <p>FreeBSD has no “nproc” command</p> </li> <li> <p>Conclusion:</p> </li> <li> <p>It is easier to port a shell than a shell script. — Larry Wall</p> </li> <li> <p>I ran into some cases where my scriptology was lacking and suboptimal, even for my own personal use, and fixed them.</p> </li> </ul> <hr> <p>##News Roundup<br> ###<a href="https://lwn.net/Articles/767137/">OpenBSD’s unveil()</a></p> <blockquote> <p>One of the key aspects of hardening the user-space side of an operating system is to provide mechanisms for restricting which parts of the filesystem hierarchy a given process can access. Linux has a number of mechanisms of varying capability and complexity for this purpose, but other kernels have taken a different approach. Over the last few months, OpenBSD has inaugurated a new system call named unveil() for this type of hardening that differs significantly from the mechanisms found in Linux.<br> The value of restricting access to the filesystem, from a security point of view, is fairly obvious. A compromised process cannot exfiltrate data that it cannot read, and it cannot corrupt files that it cannot write. Preventing unwanted access is, of course, the purpose of the permissions bits attached to every file, but permissions fall short in an important way: just because a particular user has access to a given file does not necessarily imply that every program run by that user should also have access to that file. There is no reason why your PDF viewer should be able to read your SSH keys, for example. Relying on just the permission bits makes it easy for a compromised process to access files that have nothing to do with that process’s actual job.<br> In a Linux system, there are many ways of trying to restrict that access; that is one of the purposes behind the Linux security module (LSM) architecture, for example. The SELinux LSM uses a complex matrix of labels and roles to make access-control decisions. The AppArmor LSM, instead, uses a relatively simple table of permissible pathnames associated with each application; that approach was highly controversial when AppArmor was first merged, and is still looked down upon by some security developers. Mount namespaces can be used to create a special view of the filesystem hierarchy for a set of processes, rendering much of that hierarchy invisible and, thus, inaccessible. The seccomp mechanism can be used to make decisions on attempts by a process to access files, but that approach is complex and error-prone. Yet another approach can be seen in the Qubes OS distribution, which runs applications in virtual machines to strictly control what they can access.<br> Compared to many of the options found in Linux, unveil() is an exercise in simplicity. This system call, introduced in July, has this prototype:</p> </blockquote> <p><code>int unveil(const char *path, const char *permissions);</code></p> <blockquote> <p>A process that has never called unveil() has full access to the filesystem hierarchy, modulo the usual file permissions and any restrictions that may have been applied by calling pledge(). Calling unveil() for the first time will “drop a veil” across the entire filesystem, rendering the whole thing invisible to the process, with one exception: the file or directory hierarchy starting at path will be accessible with the given permissions. The permissions string can contain any of “r” for read access, “w” for write, “x” for execute, and “c” for the ability to create or remove the path.<br> Subsequent calls to unveil() will make other parts of the filesystem hierarchy accessible; the unveil() system call itself still has access to the entire hierarchy, so there is no problem with unveiling distinct subtrees that are, until the call is made, invisible to the process. If one unveil() call applies to a subtree of a hierarchy unveiled by another call, the permissions associated with the more specific call apply.<br> Calling unveil() with both arguments as null will block any further calls, setting the current view of the filesystem in stone. Calls to unveil() can also be blocked using pledge(). Either way, once the view of the filesystem has been set up appropriately, it is possible to lock it so that the process cannot expand its access in the future should it be taken over and turn hostile.<br> unveil() thus looks a bit like AppArmor, in that it is a path-based mechanism for restricting access to files. In either case, one must first study the program in question to gain a solid understanding of which files it needs to access before closing things down, or the program is likely to break. One significant difference (beyond the other sorts of behavior that AppArmor can control) is that AppArmor’s permissions are stored in an external policy file, while unveil() calls are made by the application itself. That approach keeps the access rules tightly tied to the application and easy for the developers to modify, but it also makes it harder for system administrators to change them without having to rebuild the application from source.<br> One can certainly aim a number of criticisms at unveil() — all of the complaints that have been leveled at path-based access control and more. But the simplicity of unveil() brings a certain kind of utility, as can be seen in the large number of OpenBSD applications that are being modified to use it. OpenBSD is gaining a base level of protection against unintended program behavior; while it is arguably possible to protect a Linux system to a much greater extent, the complexity of the mechanisms involved keeps that from happening in a lot of real-world deployments. There is a certain kind of virtue to simplicity in security mechanisms.</p> </blockquote> <hr> <p>###<a href="http://m00nbsd.net/4e0798b7f2620c965d0dd9d6a7a2f296.html">NetBSD Virtual Machine Monitor (NVVM)</a></p> <ul> <li>NetBSD Virtual Machine Monitor</li> </ul> <blockquote> <p>The NVMM driver provides hardware-accelerated virtualization support on NetBSD. It is made of an ~MI frontend, to which MD backends can be plugged. A virtualization API is provided in libnvmm, that allows to easily create and manage virtual machines via NVMM. Two additional components are shipped as demonstrators, toyvirt and smallkern: the former is a toy virtualizer, that executes in a VM the 64bit ELF binary given as argument, the latter is an example of such binary.</p> </blockquote> <ul> <li>Download</li> </ul> <blockquote> <p>The source code of NVMM, plus the associated tools, can be downloaded here.</p> </blockquote> <ul> <li>Technical details</li> </ul> <blockquote> <p>NVMM can support up to 128 virtual machines, each having a maximum of 256 VCPUs and 4GB of RAM.<br> Each virtual machine is granted access to most of the CPU registers: the GPRs (obviously), the Segment Registers, the Control Registers, the Debug Registers, the FPU (x87 and SSE), and several MSRs.<br> Events can be injected in the virtual machines, to emulate device interrupts. A delay mechanism is used, and allows VMM software to schedule the interrupt right when the VCPU can receive it. NMIs can be injected as well, and use a similar mechanism.<br> The host must always be x86_64, but the guest has no constraint on the mode, so it can be x86_32, PAE, real mode, and so on.<br> The TSC of each VCPU is always re-based on the host CPU it is executing on, and is therefore guaranteed to increase regardless of the host CPU. However, it may not increase monotonically, because it is not possible to fully hide the host effects on the guest during #VMEXITs.<br> When there are more VCPUs than the host TLB can deal with, NVMM uses a shared ASID, and flushes the shared-ASID VCPUs on each VM switch.<br> The different intercepts are configured in such a way that they cover everything that needs to be emulated. In particular, the LAPIC can be emulated by VMM software, by intercepting reads/writes to the LAPIC page in memory, and monitoring changes to CR8 in the exit state.</p> </blockquote> <hr> <p>###<a href="https://utcc.utoronto.ca/~cks/space/blog/sysadmin/InitDependencyUnclear">What ‘dependency’ means in Unix init systems is underspecified (utoronto.ca)</a></p> <blockquote> <p>I was reading Davin McCall’s On the vagaries of init systems (via) when I ran across the following, about the relationship between various daemons (services, etc):<br> I do not see any compelling reason for having ordering relationships without actual dependency, as both Nosh and Systemd provide for. In comparison, Dinit’s dependencies also imply an ordering, which obviates the need to list a dependency twice in the service description.<br> Well, this may be an easy one but it depends on what an init system means by ‘dependency’. Let’s consider ®syslog and the SSH daemon. I want the syslog daemon to be started before the SSH daemon is started, so that the SSH daemon can log things to it from the beginning. However, I very much do not want the SSH daemon to not be started (or to be shut down) if the syslog daemon fails to start or later fails. If syslog fails, I still want the SSH daemon to be there so that I can perhaps SSH in to the machine and fix the problem.<br> This is generally true of almost all daemons; I want them to start after syslog, so that they can syslog things, but I almost never want them to not be running if syslog failed. (And if for some reason syslog is not configured to start, I want enabling and starting, say, SSH, to also enable and start the syslog daemon.)<br> In general, there are three different relationships between services that I tend to encounter:</p> </blockquote> <ul> <li> <p>a hard requirement, where service B is useless or dangerous without service A. For instance, many NFS v2 and NFS v3 daemons basically don’t function without the RPC portmapper alive and active. On any number of systems, firewall rules being in place are a hard requirement to start most network services; you would rather your network services not start at all than that they start without your defenses in place.</p> </li> <li> <p>a want, where service B wants service A to be running before B starts up, and service A should be started even if it wouldn’t otherwise be, but the failure of A still leaves B functional. Many daemons want the syslog daemon to be started before they start but will run without it, and often you want them to do so so that at least some of the system works even if there is, say, a corrupt syslog configuration file that causes the daemon to error out on start. (But some environments want to hard-fail if they can’t collect security related logging information, so they might make rsyslogd a requirement instead of a want.)</p> </li> <li> <p>an ordering, where if service A is going to be started, B wants to start after it (or before it), but B isn’t otherwise calling for A to be started. We have some of these in our systems, where we need NFS mounts done before cron starts and runs people’s @reboot jobs but neither cron nor NFS mounts exactly or explicitly want each other. (The system as a whole wants both, but that’s a different thing.)</p> </li> </ul> <blockquote> <p>Given these different relationships and the implications for what the init system should do in different situations, talking about ‘dependency’ in it systems is kind of underspecified. What sort of dependency? What happens if one service doesn’t start or fails later?<br> My impression is that generally people pick a want relationship as the default meaning for init system ‘dependency’. Usually this is fine; most services aren’t actively dangerous if one of their declared dependencies fails to start, and it’s generally harmless on any particular system to force a want instead of an ordering relationship because you’re going to be starting everything anyway.</p> </blockquote> <ul> <li>(In my example, you might as well say that cron on the systems in question wants NFS mounts. There is no difference in practice; we already always want to do NFS mounts and start cron.)</li> </ul> <hr> <p>###<a href="https://github.com/lattera/articles/blob/master/freebsd/2018-10-27_jailed_bhyve/article.md">Jailing The bhyve Hypervisor</a></p> <blockquote> <p>As FreeBSD nears the final 12.0-RELEASE release engineering cycles, I’d like to take a moment to document a cool new feature coming in 12: jailed bhyve.<br> You may notice that I use HardenedBSD instead of FreeBSD in this article. There is no functional difference in bhyve on HardenedBSD versus bhyve on FreeBSD. The only difference between HardenedBSD and FreeBSD is the aditional security offered by HardenedBSD.<br> The steps I outline here work for both FreeBSD and HardenedBSD. These are the bare minimum steps, no extra work needed for either FreeBSD or HardenedBSD.</p> </blockquote> <ul> <li>A Gentle History Lesson</li> </ul> <blockquote> <p>At work in my spare time, I’m helping develop a malware lab. Due to the nature of the beast, we would like to use bhyve on HardenedBSD. Starting with HardenedBSD 12, non-Cross-DSO CFI, SafeStack, Capsicum, ASLR, and strict W<sup>X</sup> are all applied to bhyve, making it an extremely hardened hypervisor.<br> So, the work to support jailed bhyve is sponsored by both HardenedBSD and my employer. We’ve also jointly worked on other bhyve hardening features, like protecting the VM’s address space using guard pages (mmap(…, MAP_GUARD, …)). Further work is being done in a project called “malhyve.” Only those modifications to bhyve/malhyve that make sense to upstream will be upstreamed.</p> </blockquote> <ul> <li>Initial Setup</li> </ul> <blockquote> <p>We will not go through the process of creating the jail’s filesystem. That process is documented in the FreeBSD Handbook. For UEFI guests, you will need to install the uefi-edk2-bhyve package inside the jail.<br> I network these jails with traditional jail networking. I have tested vnet jails with this setup, and that works fine, too. However, there is no real need to hook the jail up to any network so long as bhyve can access the tap device. In some cases, the VM might not need networking, in which case you can use a network-less VM in a network-less jail.<br> By default, access to the kernel side of bhyve is disabled within jails. We need to set allow.vmm in our jail.conf entry for the bhyve jail.</p> </blockquote> <ul> <li> <p>We will use the following in our jail, so we will need to set up devfs(8) rules for them:</p> </li> <li> <p>A ZFS volume</p> </li> <li> <p>A null-modem device (nmdm(4))</p> </li> <li> <p>UEFI GOP (no devfs rule, but IP assigned to the jail)</p> </li> <li> <p>A tap device</p> </li> <li> <p>Conclusion</p> </li> </ul> <blockquote> <p>The bhyve hypervisor works great within a jail. When combined with HardenedBSD, bhyve is extremely hardened:</p> </blockquote> <ul> <li>PaX ASLR is fully applied due to compilation as a Position-Independent Executable (HardenedBSD enhancement)</li> <li>PaX NOEXEC is fully applied (strict W<sup>X)</sup> (HardenedBSD enhancement)</li> <li>Non-Cross-DSO CFI is fully applied (HardenedBSD enhancement)</li> <li>Full RELRO (RELRO + BIND_NOW) is fully applied (HardenedBSD enhancement)</li> <li>SafeStack is applied to the application (HardenedBSD enhancement)</li> <li>Jailed (FreeBSD feature written by HardenedBSD)</li> <li>Virtual memory protected with guard pages (FreeBSD feature written by HardenedBSD)</li> <li>Capsicum is fully applied (FreeBSD feature)</li> </ul> <blockquote> <p>Bad guys are going to have a hard time breaking out of the userland components of bhyve on HardenedBSD. :)</p> </blockquote> <hr> <p>##Beastie Bits</p> <ul> <li><a href="https://www.ghostbsd.org/18.10_release_announcement">GhostBSD 18.10 has been released</a></li> <li><a href="http://project-trident.org/post/2018-11-10_rc3-available/">Project Trident RC3 has been released</a></li> <li><a href="https://undeadly.org/cgi?action=article;sid=20181022130631">The OpenBSD Foundation receives the first Silver contribution from a single individual</a></li> <li><a href="http://www.echothrust.com/blogs/monitoring-pf-logs-gource">Monitoring pf logs gource</a></li> <li><a href="https://twitter.com/zmcgrew/status/1055682596812730368">NetBSD on the RISC-V is alive</a></li> <li><a href="https://marc.info/?l=openbsd-tech&m=154050351216908&w=2">The X hole</a></li> <li><a href="http://mail-index.netbsd.org/pkgsrc-users/2018/10/05/msg027525.html">Announcing the pkgsrc-2018Q3 release (2018-10-05)</a></li> <li><a href="https://an.undulating.space/post/180927-er_alternate_firmware_benchmarks/">NAT performance on EdgeRouter X and Lite with EdgeOS, OpenBSD, and OpenWRT</a></li> <li><a href="https://www.princeton.edu/~hos/mike/transcripts/thompson.htm">UNIX (as we know it) might not have existed without Mrs. Thompson</a></li> <li><a href="https://www.freepizza.io/">Free Pizza for your dev events</a></li> <li><a href="https://calagator.org/events/1250474530">Portland BSD Pizza Night: Nov 29th 7pm</a></li> </ul> <hr> <p>##Feedback/Questions</p> <ul> <li>Dennis - <a href="http://dpaste.com/36JB7EC#wrap">Core developers leaving illumOS?</a></li> <li>Ben - <a href="http://dpaste.com/1R36Z32#wrap">Jumping from snapshot to snapshot</a></li> <li>Ias - <a href="http://dpaste.com/1CC86MX">Question about ZFS snapshots</a></li> </ul> <hr> <ul> <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv"><a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></a></li> </ul> <hr></p>]]>
37064 </content:encoded>
37065 <itunes:summary>
37066 <![CDATA[<p>Byproducts of reading OpenBSD’s netcat code, learnings from porting your own projects to FreeBSD, OpenBSD’s unveil(), NetBSD’s Virtual Machine Monitor, what 'dependency' means in Unix init systems, jailing bhyve, and more.<br>
37067 <p>##Headlines<br> ###<a href="https://nanxiao.me/en/the-byproducts-of-reading-openbsd-netcat-code/">The byproducts of reading OpenBSD netcat code</a></p> <blockquote> <p>When I took part in a training last year, I heard about netcat for the first time. During that class, the tutor showed some hacks and tricks of using netcat which appealed to me and motivated me to learn the guts of it. Fortunately, in the past 2 months, I was not so busy that I can spend my spare time to dive into OpenBSD‘s netcat source code, and got abundant byproducts during this process.<br> (1) Brush up socket programming. I wrote my first network application more than 10 years ago, and always think the socket APIs are marvelous. Just ~10 functions (socket, bind, listen, accept…) with some IO multiplexing buddies (select, poll, epoll…) connect the whole world, wonderful! From that time, I developed a habit that is when touching a new programming language, network programming is an essential exercise. Even though I don’t write socket related code now, reading netcat socket code indeed refresh my knowledge and teach me new stuff.<br> (2) Write a tutorial about netcat. I am mediocre programmer and will forget things when I don’t use it for a long time. So I just take notes of what I think is useful. IMHO, this “tutorial” doesn’t really mean teach others something, but just a journal which I can refer when I need in the future.<br> (3) Submit patches to netcat. During reading code, I also found bugs and some enhancements. Though trivial contributions to OpenBSD, I am still happy and enjoy it.<br> (4) Implement a C++ encapsulation of libtls. OpenBSD‘s netcat supports tls/ssl connection, but it needs you take full care of resource management (memory, socket, etc), otherwise a small mistake can lead to resource leak which is fatal for long-live applications (In fact, the two bugs I reported to OpenBSD are all related resource leak). Therefore I develop a simple C++ library which wraps the libtls and hope it can free developer from this troublesome problem and put more energy in application logic part.<br> Long story to short, reading classical source code is a rewarding process, and you can consider to try it yourself.</p> </blockquote> <hr> <p>###<a href="https://github.com/shlomif/what-i-learned-from-porting-to-freebsd#what-i-learned-from-porting-my-projects-to-freebsd">What I learned from porting my projects to FreeBSD</a></p> <ul> <li>Introduction</li> </ul> <blockquote> <p>I set up a local FreeBSD VirtualBox VM to test something, and it seems to work very well. Due to the novelty factor, I decided to get my software projects to build and pass the tests there.</p> </blockquote> <ul> <li> <p>The Projects</p> </li> <li> <p><a href="https://github.com/shlomif/shlomif-computer-settings/"><a href="https://github.com/shlomif/shlomif-computer-settings/" rel="nofollow">https://github.com/shlomif/shlomif-computer-settings/</a></a> (my dotfiles).</p> </li> <li> <p><a href="https://web-cpan.shlomifish.org/latemp/"><a href="https://web-cpan.shlomifish.org/latemp/" rel="nofollow">https://web-cpan.shlomifish.org/latemp/</a></a></p> </li> <li> <p><a href="https://fc-solve.shlomifish.org/"><a href="https://fc-solve.shlomifish.org/" rel="nofollow">https://fc-solve.shlomifish.org/</a></a></p> </li> <li> <p><a href="https://www.shlomifish.org/open-source/projects/black-hole-solitaire-solver/"><a href="https://www.shlomifish.org/open-source/projects/black-hole-solitaire-solver/" rel="nofollow">https://www.shlomifish.org/open-source/projects/black-hole-solitaire-solver/</a></a></p> </li> <li> <p><a href="https://better-scm.shlomifish.org/source/"><a href="https://better-scm.shlomifish.org/source/" rel="nofollow">https://better-scm.shlomifish.org/source/</a></a></p> </li> <li> <p><a href="http://perl-begin.org/source/"><a href="http://perl-begin.org/source/" rel="nofollow">http://perl-begin.org/source/</a></a></p> </li> <li> <p><a href="https://www.shlomifish.org/meta/site-source/"><a href="https://www.shlomifish.org/meta/site-source/" rel="nofollow">https://www.shlomifish.org/meta/site-source/</a></a></p> </li> <li> <p>Written using a mix of C, Perl 5, Python, Ruby, GNU Bash, XML, CMake, XSLT, XHTML5, XHTML1.1, Website META Language, JavaScript and more.</p> </li> <li> <p>Work fine on several Linux distributions and have <a href="https://en.wikipedia.org/wiki/Travis_CI"><a href="https://en.wikipedia.org/wiki/Travis_CI" rel="nofollow">https://en.wikipedia.org/wiki/Travis_CI</a></a> using Ubuntu 14.04 hosts</p> </li> <li> <p>Some pass builds and tests on AppVeyor/Win64</p> </li> <li> <p>What I Learned:</p> </li> <li> <p>FreeBSD on VBox has become very reliable</p> </li> <li> <p>Some executables on FreeBSD are in /usr/local/bin instead of /usr/bin</p> </li> <li> <p>make on FreeBSD is not GNU make</p> </li> <li> <p>m4 on FreeBSD is not compatible with GNU m4</p> </li> <li> <p>Some CPAN Modules fail to install using local-lib there</p> </li> <li> <p>DocBook/XSL Does Not Live Under /usr/share/sgml</p> </li> <li> <p>FreeBSD’s grep does not have a “-P” flag by default</p> </li> <li> <p>FreeBSD has no “nproc” command</p> </li> <li> <p>Conclusion:</p> </li> <li> <p>It is easier to port a shell than a shell script. — Larry Wall</p> </li> <li> <p>I ran into some cases where my scriptology was lacking and suboptimal, even for my own personal use, and fixed them.</p> </li> </ul> <hr> <p>##News Roundup<br> ###<a href="https://lwn.net/Articles/767137/">OpenBSD’s unveil()</a></p> <blockquote> <p>One of the key aspects of hardening the user-space side of an operating system is to provide mechanisms for restricting which parts of the filesystem hierarchy a given process can access. Linux has a number of mechanisms of varying capability and complexity for this purpose, but other kernels have taken a different approach. Over the last few months, OpenBSD has inaugurated a new system call named unveil() for this type of hardening that differs significantly from the mechanisms found in Linux.<br> The value of restricting access to the filesystem, from a security point of view, is fairly obvious. A compromised process cannot exfiltrate data that it cannot read, and it cannot corrupt files that it cannot write. Preventing unwanted access is, of course, the purpose of the permissions bits attached to every file, but permissions fall short in an important way: just because a particular user has access to a given file does not necessarily imply that every program run by that user should also have access to that file. There is no reason why your PDF viewer should be able to read your SSH keys, for example. Relying on just the permission bits makes it easy for a compromised process to access files that have nothing to do with that process’s actual job.<br> In a Linux system, there are many ways of trying to restrict that access; that is one of the purposes behind the Linux security module (LSM) architecture, for example. The SELinux LSM uses a complex matrix of labels and roles to make access-control decisions. The AppArmor LSM, instead, uses a relatively simple table of permissible pathnames associated with each application; that approach was highly controversial when AppArmor was first merged, and is still looked down upon by some security developers. Mount namespaces can be used to create a special view of the filesystem hierarchy for a set of processes, rendering much of that hierarchy invisible and, thus, inaccessible. The seccomp mechanism can be used to make decisions on attempts by a process to access files, but that approach is complex and error-prone. Yet another approach can be seen in the Qubes OS distribution, which runs applications in virtual machines to strictly control what they can access.<br> Compared to many of the options found in Linux, unveil() is an exercise in simplicity. This system call, introduced in July, has this prototype:</p> </blockquote> <p><code>int unveil(const char *path, const char *permissions);</code></p> <blockquote> <p>A process that has never called unveil() has full access to the filesystem hierarchy, modulo the usual file permissions and any restrictions that may have been applied by calling pledge(). Calling unveil() for the first time will “drop a veil” across the entire filesystem, rendering the whole thing invisible to the process, with one exception: the file or directory hierarchy starting at path will be accessible with the given permissions. The permissions string can contain any of “r” for read access, “w” for write, “x” for execute, and “c” for the ability to create or remove the path.<br> Subsequent calls to unveil() will make other parts of the filesystem hierarchy accessible; the unveil() system call itself still has access to the entire hierarchy, so there is no problem with unveiling distinct subtrees that are, until the call is made, invisible to the process. If one unveil() call applies to a subtree of a hierarchy unveiled by another call, the permissions associated with the more specific call apply.<br> Calling unveil() with both arguments as null will block any further calls, setting the current view of the filesystem in stone. Calls to unveil() can also be blocked using pledge(). Either way, once the view of the filesystem has been set up appropriately, it is possible to lock it so that the process cannot expand its access in the future should it be taken over and turn hostile.<br> unveil() thus looks a bit like AppArmor, in that it is a path-based mechanism for restricting access to files. In either case, one must first study the program in question to gain a solid understanding of which files it needs to access before closing things down, or the program is likely to break. One significant difference (beyond the other sorts of behavior that AppArmor can control) is that AppArmor’s permissions are stored in an external policy file, while unveil() calls are made by the application itself. That approach keeps the access rules tightly tied to the application and easy for the developers to modify, but it also makes it harder for system administrators to change them without having to rebuild the application from source.<br> One can certainly aim a number of criticisms at unveil() — all of the complaints that have been leveled at path-based access control and more. But the simplicity of unveil() brings a certain kind of utility, as can be seen in the large number of OpenBSD applications that are being modified to use it. OpenBSD is gaining a base level of protection against unintended program behavior; while it is arguably possible to protect a Linux system to a much greater extent, the complexity of the mechanisms involved keeps that from happening in a lot of real-world deployments. There is a certain kind of virtue to simplicity in security mechanisms.</p> </blockquote> <hr> <p>###<a href="http://m00nbsd.net/4e0798b7f2620c965d0dd9d6a7a2f296.html">NetBSD Virtual Machine Monitor (NVVM)</a></p> <ul> <li>NetBSD Virtual Machine Monitor</li> </ul> <blockquote> <p>The NVMM driver provides hardware-accelerated virtualization support on NetBSD. It is made of an ~MI frontend, to which MD backends can be plugged. A virtualization API is provided in libnvmm, that allows to easily create and manage virtual machines via NVMM. Two additional components are shipped as demonstrators, toyvirt and smallkern: the former is a toy virtualizer, that executes in a VM the 64bit ELF binary given as argument, the latter is an example of such binary.</p> </blockquote> <ul> <li>Download</li> </ul> <blockquote> <p>The source code of NVMM, plus the associated tools, can be downloaded here.</p> </blockquote> <ul> <li>Technical details</li> </ul> <blockquote> <p>NVMM can support up to 128 virtual machines, each having a maximum of 256 VCPUs and 4GB of RAM.<br> Each virtual machine is granted access to most of the CPU registers: the GPRs (obviously), the Segment Registers, the Control Registers, the Debug Registers, the FPU (x87 and SSE), and several MSRs.<br> Events can be injected in the virtual machines, to emulate device interrupts. A delay mechanism is used, and allows VMM software to schedule the interrupt right when the VCPU can receive it. NMIs can be injected as well, and use a similar mechanism.<br> The host must always be x86_64, but the guest has no constraint on the mode, so it can be x86_32, PAE, real mode, and so on.<br> The TSC of each VCPU is always re-based on the host CPU it is executing on, and is therefore guaranteed to increase regardless of the host CPU. However, it may not increase monotonically, because it is not possible to fully hide the host effects on the guest during #VMEXITs.<br> When there are more VCPUs than the host TLB can deal with, NVMM uses a shared ASID, and flushes the shared-ASID VCPUs on each VM switch.<br> The different intercepts are configured in such a way that they cover everything that needs to be emulated. In particular, the LAPIC can be emulated by VMM software, by intercepting reads/writes to the LAPIC page in memory, and monitoring changes to CR8 in the exit state.</p> </blockquote> <hr> <p>###<a href="https://utcc.utoronto.ca/~cks/space/blog/sysadmin/InitDependencyUnclear">What ‘dependency’ means in Unix init systems is underspecified (utoronto.ca)</a></p> <blockquote> <p>I was reading Davin McCall’s On the vagaries of init systems (via) when I ran across the following, about the relationship between various daemons (services, etc):<br> I do not see any compelling reason for having ordering relationships without actual dependency, as both Nosh and Systemd provide for. In comparison, Dinit’s dependencies also imply an ordering, which obviates the need to list a dependency twice in the service description.<br> Well, this may be an easy one but it depends on what an init system means by ‘dependency’. Let’s consider ®syslog and the SSH daemon. I want the syslog daemon to be started before the SSH daemon is started, so that the SSH daemon can log things to it from the beginning. However, I very much do not want the SSH daemon to not be started (or to be shut down) if the syslog daemon fails to start or later fails. If syslog fails, I still want the SSH daemon to be there so that I can perhaps SSH in to the machine and fix the problem.<br> This is generally true of almost all daemons; I want them to start after syslog, so that they can syslog things, but I almost never want them to not be running if syslog failed. (And if for some reason syslog is not configured to start, I want enabling and starting, say, SSH, to also enable and start the syslog daemon.)<br> In general, there are three different relationships between services that I tend to encounter:</p> </blockquote> <ul> <li> <p>a hard requirement, where service B is useless or dangerous without service A. For instance, many NFS v2 and NFS v3 daemons basically don’t function without the RPC portmapper alive and active. On any number of systems, firewall rules being in place are a hard requirement to start most network services; you would rather your network services not start at all than that they start without your defenses in place.</p> </li> <li> <p>a want, where service B wants service A to be running before B starts up, and service A should be started even if it wouldn’t otherwise be, but the failure of A still leaves B functional. Many daemons want the syslog daemon to be started before they start but will run without it, and often you want them to do so so that at least some of the system works even if there is, say, a corrupt syslog configuration file that causes the daemon to error out on start. (But some environments want to hard-fail if they can’t collect security related logging information, so they might make rsyslogd a requirement instead of a want.)</p> </li> <li> <p>an ordering, where if service A is going to be started, B wants to start after it (or before it), but B isn’t otherwise calling for A to be started. We have some of these in our systems, where we need NFS mounts done before cron starts and runs people’s @reboot jobs but neither cron nor NFS mounts exactly or explicitly want each other. (The system as a whole wants both, but that’s a different thing.)</p> </li> </ul> <blockquote> <p>Given these different relationships and the implications for what the init system should do in different situations, talking about ‘dependency’ in it systems is kind of underspecified. What sort of dependency? What happens if one service doesn’t start or fails later?<br> My impression is that generally people pick a want relationship as the default meaning for init system ‘dependency’. Usually this is fine; most services aren’t actively dangerous if one of their declared dependencies fails to start, and it’s generally harmless on any particular system to force a want instead of an ordering relationship because you’re going to be starting everything anyway.</p> </blockquote> <ul> <li>(In my example, you might as well say that cron on the systems in question wants NFS mounts. There is no difference in practice; we already always want to do NFS mounts and start cron.)</li> </ul> <hr> <p>###<a href="https://github.com/lattera/articles/blob/master/freebsd/2018-10-27_jailed_bhyve/article.md">Jailing The bhyve Hypervisor</a></p> <blockquote> <p>As FreeBSD nears the final 12.0-RELEASE release engineering cycles, I’d like to take a moment to document a cool new feature coming in 12: jailed bhyve.<br> You may notice that I use HardenedBSD instead of FreeBSD in this article. There is no functional difference in bhyve on HardenedBSD versus bhyve on FreeBSD. The only difference between HardenedBSD and FreeBSD is the aditional security offered by HardenedBSD.<br> The steps I outline here work for both FreeBSD and HardenedBSD. These are the bare minimum steps, no extra work needed for either FreeBSD or HardenedBSD.</p> </blockquote> <ul> <li>A Gentle History Lesson</li> </ul> <blockquote> <p>At work in my spare time, I’m helping develop a malware lab. Due to the nature of the beast, we would like to use bhyve on HardenedBSD. Starting with HardenedBSD 12, non-Cross-DSO CFI, SafeStack, Capsicum, ASLR, and strict W<sup>X</sup> are all applied to bhyve, making it an extremely hardened hypervisor.<br> So, the work to support jailed bhyve is sponsored by both HardenedBSD and my employer. We’ve also jointly worked on other bhyve hardening features, like protecting the VM’s address space using guard pages (mmap(…, MAP_GUARD, …)). Further work is being done in a project called “malhyve.” Only those modifications to bhyve/malhyve that make sense to upstream will be upstreamed.</p> </blockquote> <ul> <li>Initial Setup</li> </ul> <blockquote> <p>We will not go through the process of creating the jail’s filesystem. That process is documented in the FreeBSD Handbook. For UEFI guests, you will need to install the uefi-edk2-bhyve package inside the jail.<br> I network these jails with traditional jail networking. I have tested vnet jails with this setup, and that works fine, too. However, there is no real need to hook the jail up to any network so long as bhyve can access the tap device. In some cases, the VM might not need networking, in which case you can use a network-less VM in a network-less jail.<br> By default, access to the kernel side of bhyve is disabled within jails. We need to set allow.vmm in our jail.conf entry for the bhyve jail.</p> </blockquote> <ul> <li> <p>We will use the following in our jail, so we will need to set up devfs(8) rules for them:</p> </li> <li> <p>A ZFS volume</p> </li> <li> <p>A null-modem device (nmdm(4))</p> </li> <li> <p>UEFI GOP (no devfs rule, but IP assigned to the jail)</p> </li> <li> <p>A tap device</p> </li> <li> <p>Conclusion</p> </li> </ul> <blockquote> <p>The bhyve hypervisor works great within a jail. When combined with HardenedBSD, bhyve is extremely hardened:</p> </blockquote> <ul> <li>PaX ASLR is fully applied due to compilation as a Position-Independent Executable (HardenedBSD enhancement)</li> <li>PaX NOEXEC is fully applied (strict W<sup>X)</sup> (HardenedBSD enhancement)</li> <li>Non-Cross-DSO CFI is fully applied (HardenedBSD enhancement)</li> <li>Full RELRO (RELRO + BIND_NOW) is fully applied (HardenedBSD enhancement)</li> <li>SafeStack is applied to the application (HardenedBSD enhancement)</li> <li>Jailed (FreeBSD feature written by HardenedBSD)</li> <li>Virtual memory protected with guard pages (FreeBSD feature written by HardenedBSD)</li> <li>Capsicum is fully applied (FreeBSD feature)</li> </ul> <blockquote> <p>Bad guys are going to have a hard time breaking out of the userland components of bhyve on HardenedBSD. :)</p> </blockquote> <hr> <p>##Beastie Bits</p> <ul> <li><a href="https://www.ghostbsd.org/18.10_release_announcement">GhostBSD 18.10 has been released</a></li> <li><a href="http://project-trident.org/post/2018-11-10_rc3-available/">Project Trident RC3 has been released</a></li> <li><a href="https://undeadly.org/cgi?action=article;sid=20181022130631">The OpenBSD Foundation receives the first Silver contribution from a single individual</a></li> <li><a href="http://www.echothrust.com/blogs/monitoring-pf-logs-gource">Monitoring pf logs gource</a></li> <li><a href="https://twitter.com/zmcgrew/status/1055682596812730368">NetBSD on the RISC-V is alive</a></li> <li><a href="https://marc.info/?l=openbsd-tech&m=154050351216908&w=2">The X hole</a></li> <li><a href="http://mail-index.netbsd.org/pkgsrc-users/2018/10/05/msg027525.html">Announcing the pkgsrc-2018Q3 release (2018-10-05)</a></li> <li><a href="https://an.undulating.space/post/180927-er_alternate_firmware_benchmarks/">NAT performance on EdgeRouter X and Lite with EdgeOS, OpenBSD, and OpenWRT</a></li> <li><a href="https://www.princeton.edu/~hos/mike/transcripts/thompson.htm">UNIX (as we know it) might not have existed without Mrs. Thompson</a></li> <li><a href="https://www.freepizza.io/">Free Pizza for your dev events</a></li> <li><a href="https://calagator.org/events/1250474530">Portland BSD Pizza Night: Nov 29th 7pm</a></li> </ul> <hr> <p>##Feedback/Questions</p> <ul> <li>Dennis - <a href="http://dpaste.com/36JB7EC#wrap">Core developers leaving illumOS?</a></li> <li>Ben - <a href="http://dpaste.com/1R36Z32#wrap">Jumping from snapshot to snapshot</a></li> <li>Ias - <a href="http://dpaste.com/1CC86MX">Question about ZFS snapshots</a></li> </ul> <hr> <ul> <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv"><a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></a></li> </ul> <hr></p>]]>
37068 </itunes:summary>
37069 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+fhfXeW-_</fireside:playerURL>
37070 <fireside:playerEmbedCode>
37071 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+fhfXeW-_" width="740" height="200" frameborder="0" scrolling="no">]]>
37072 </fireside:playerEmbedCode>
37073 </item>
37074 <item>
37075 <title>Episode 271: Automatic Drive Tests | BSD Now 271</title>
37076 <link>https://www.bsdnow.tv/271</link>
37077 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-2867</guid>
37078 <pubDate>Thu, 08 Nov 2018 01:00:00 -0800</pubDate>
37079 <author>Allan Jude</author>
37080 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/79038ba2-cb6e-4b71-8bcb-83141df434c3.mp3" length="40996081" type="audio/mp3"/>
37081 <itunes:episodeType>full</itunes:episodeType>
37082 <itunes:author>Allan Jude</itunes:author>
37083 <itunes:subtitle>MidnightBSD 1.0 released, MeetBSD review, EuroBSDcon trip reports, DNS over TLS in FreeBSD 12, Upgrading OpenBSD with Ansible, how to use smartd to run tests on your drives automatically, and more.</itunes:subtitle>
37084 <itunes:duration>1:08:01</itunes:duration>
37085 <itunes:explicit>no</itunes:explicit>
37086 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
37087 <description>MidnightBSD 1.0 released, MeetBSD review, EuroBSDcon trip reports, DNS over TLS in FreeBSD 12, Upgrading OpenBSD with Ansible, how to use smartd to run tests on your drives automatically, and more.
37088 <p>##Headlines<br>
37089 <a href="https://www.midnightbsd.org/news/">MidnightBSD 1.0 now available</a></p>
37090 <blockquote>
37091 <p>I’m happy to announce the availability of MidnightBSD 1.0 for amd64 and i386. Over the years, many ambitious goals were set for our 1.0 release. As it approached, it was clear we wouldn’t be able to accomplish all of them. This release is more of a natural progression rather than a groundbreaking event. It includes many updates to the base system, improvements to the package manager, an updated compiler, and tools.<br>
37092 Of particular note, you can now boot off of ZFS and use NVME SSDs and some AMD Radeon graphics cards support acceleration. AMD Ryzen support has greatly improved in this release. We also have added bhyve from FreeBSD.<br>
37093 The 1.0 release is finally available. Still building packages for i386 and plan to do an amd64 package build later in the week. The single largest issue with the release process has been the web server performance. The CPU is overloaded and has been at solid 100% for several days. The server has a core i7 7700 in it. I’m trying to figure out what to buy as an upgrade so that we don’t continue to have this issue going forward. As it’s actually blocked in multiple processes, a 6 or 8 core chip might be an improvement for the workload…</p>
37094 </blockquote>
37095 <ul>
37096 <li>Download links: <a href="https://www.midnightbsd.org/download/">https://www.midnightbsd.org/download/</a></li>
37097 <li><a href="https://www.youtube.com/watch?time_continue=33&amp;v=-rlk2wFsjJ4">https://www.youtube.com/watch?time_continue=33&amp;v=-rlk2wFsjJ4</a></li>
37098 </ul>
37099 <hr>
37100 <p>###<a href="https://linuxunplugged.com/articles/meetbsd2018">MeetBSD Review</a></p>
37101 <blockquote>
37102 <p>MeetBSD 2018 took place at the sprawling Intel Santa Clara campus. The venue itself felt more like an olive branch than a simple friendly gesture by Intel. In truth it felt like a bit of an apology. You get the subtle sense they feel bad about how the BSD’s were treated with the Meltdown and Specter flaws. In fact, you may be right to think they felt a bit sorry towards the entire open source community.</p>
37103 </blockquote>
37104 <ul>
37105 <li>MeetBSD 2018</li>
37106 </ul>
37107 <blockquote>
37108 <p>At most massive venues the parking is the first concern, not so here - in fact that was rather straightforward. No, the real challenge is navigating the buildings. Luckily I had help from navigator extraordinaire, Hadea, who located the correct building, SC12 quickly. Finding the entrance took a moment or two though. The lobby itself was converted by iXsystems efficiently into the MeetBSD expo hall, clean, efficient and roomy with registration, some seating, and an extra conference room for on-on-one sessions. On day two sponsor booths were also setup. All who showed up on day one were warmly greeted with badges, lanyards and goodies by Denise and her friendly team.<br>
37109 Like every great BSD event, plenty of food was made available. And as always they make it look effortless. These events showcase iXsystem’s inherent generosity toward its community; with breakfast items in the back of the main auditorium room in the morning, boxed lunches, fruit and cookies at lunch time, and snacks for the rest of the day. But just in case your still hungry, there is a pizza meetup in another Intel room after day one and two.<br>
37110 MeetBSD leverages it’s realistically small crowd size on day one. The morning starts off with introductions of the entire group, the mic is passed around the room.<br>
37111 The group is a good mix of pros in the industry (such as Juniper, Intel, Ebay, Groupon, Cisco, etc), iX staff, and a few enthusiast. Lots of people with a focus or passion for networking. And, of course, some friendly Linux bashing went down for good measure, always followed by a good natured chuckle.</p>
37112 </blockquote>
37113 <ul>
37114 <li>MeetBSD Gives me The Feels</li>
37115 </ul>
37116 <blockquote>
37117 <p>I find that I am subtly unnerved at this venue, and at lunch I saw it clearly. I have always had a strong geek radar, allowing me to navigate a new area (like Berkeley for MeetBSD of 2016, or even SCALE earlier this year in Pasadena), and in a glance I can see who is from my conference and who isn’t. This means it is easy, nearly effortless to know who to greet with a smile and a wave. These are MY people. Here at the Intel campus though it is different. The drive in alone reveals behemoth complexes all with well known tech names prominently displayed. This is Silicon Valley, and all of these people look like MY people. So much for knowing who’s from my conference. Thank goodness for those infamous BSD horns. None-the-less I am struck by how massive these tech giants are. And Intel is one of the largest of those giants, and see the physical reminders of this fact brought home the significance that they had opened their doors, wifi, and bathrooms to the BSD community.</p>
37118 </blockquote>
37119 <hr>
37120 <p>###[EuroBSDcon 2018 Trip Reports]<br>
37121 <a href="https://www.freebsdfoundation.org/blog/eurobsd-2018-trip-report-joseph-mingrone/">https://www.freebsdfoundation.org/blog/eurobsd-2018-trip-report-joseph-mingrone/</a><br>
37122 <a href="https://www.freebsdfoundation.org/blog/eurobsd-2018-trip-report-vinicius-zavam/">https://www.freebsdfoundation.org/blog/eurobsd-2018-trip-report-vinicius-zavam/</a><br>
37123 <a href="https://www.freebsdfoundation.org/blog/eurobsd-2018-trip-report-emmanuel-vadot/">https://www.freebsdfoundation.org/blog/eurobsd-2018-trip-report-emmanuel-vadot/</a></p>
37124 <hr>
37125 <p>##News Roundup<br>
37126 <a href="https://blog.des.no/2018/10/dns-over-tls-in-freebsd-12/">DNS over TLS in FreeBSD 12</a></p>
37127 <blockquote>
37128 <p>With the arrival of OpenSSL 1.1.1, an upgraded Unbound, and some changes to the setup and init scripts, FreeBSD 12.0, currently in beta, now supports DNS over TLS out of the box.<br>
37129 DNS over TLS is just what it sounds like: DNS over TCP, but wrapped in a TLS session. It encrypts your requests and the server’s replies, and optionally allows you to verify the identity of the server. The advantages are protection against eavesdropping and manipulation of your DNS traffic; the drawbacks are a slight performance degradation and potential firewall traversal issues, as it runs over a non-standard port (TCP port 853) which may be blocked on some networks. Let’s take a look at how to set it up.</p>
37130 </blockquote>
37131 <ul>
37132 <li>Conclusion</li>
37133 </ul>
37134 <blockquote>
37135 <p>We’ve seen how to set up Unbound—specifically, the local_unbound service in FreeBSD 12.0—to use DNS over TLS instead of plain UDP or TCP, using Cloudflare’s public DNS service as an example. We’ve looked at the performance impact, and at how to ensure (and verify) that Unbound validates the server certificate to prevent man-in-the-middle attacks.<br>
37136 The question that remains is whether it is all worth it. There is undeniably a performance hit, though this may improve with TLS 1.3. More importantly, there are currently very few DNS-over-TLS providers—only one, really, since Quad9 filter their responses—and you have to weigh the advantage of encrypting your DNS traffic against the disadvantage of sending it all to a single organization. I can’t answer that question for you, but I can tell you that the parameters are evolving quickly, and if your answer is negative today, it may not remain so for long. More providers will appear. Performance will improve with TLS 1.3 and QUIC. Within a year or two, running DNS over TLS may very well become the rule rather than the experimental exception.</p>
37137 </blockquote>
37138 <hr>
37139 <p>###<a href="https://chown.me/blog/upgrading-openbsd-with-ansible.html">Upgrading OpenBSD with Ansible</a></p>
37140 <ul>
37141 <li>My router runs OpenBSD -current</li>
37142 </ul>
37143 <blockquote>
37144 <p>A few months ago, I needed software that had just hit the ports tree. I didn’t want to wait for the next release, so I upgraded my router to use -current. Since then, I’ve continued running -current, which means upgrading to a newer snapshot every so often. Running -current is great, but the process of updating to a newer snapshot was cumbersome. Initially, I had to plug in a serial cable and then reboot into bsd.rd, hit enter ten times, then reboot, run sysmerge and update packages.<br>
37145 I eventually switched to upobsd to be able to upgrade without the need for a serial connection. The process was better, but still tiresome. Usually, I would prepare the special version of bsd.rd, boot on bsd.rd, and do something like wash the dishes in the meantime. After about ten minutes, I would dry my hands and then go back to my workstation to see whether the bsd.rd part had finished so I could run sysmerge and pkgadd, and then return to the dishes while it upgraded packages.<br>
37146 Out of laziness, I thought: “I should automate this,” but what happened instead is that I simply didn’t upgrade that machine very often. (Yes, laziness). With my router out of commission, life is very dull, because it is my gateway to the Internet. Even services hosted at my place (like my Mastodon instance) are not reachable when the router is down because I use multiple VLANs (so I need the router to jump across VLANs).</p>
37147 </blockquote>
37148 <ul>
37149 <li>Ansible Reboot Module</li>
37150 </ul>
37151 <blockquote>
37152 <p>I recently got a new job, and one of my first tasks was auditing the Ansible roles written by my predecessors. In one role, the machine rebooted and they used the waitforconnection module to wait for it to come back up. That sounded quite hackish to me, so out of curiosity, I tried to determine whether there was a better way. I also thought I might be able to use something similar to further automate my OpenBSD upgrades, and wanted to assess the cleanliness of this method. ;-)<br>
37153 I learned that with the then-upcoming 2.7 Ansible release, a proper reboot module would be included. I went to the docs, which stated that for a certain parameter:<br>
37154 I took this to mean that there was no support for OpenBSD. I looked at the code and, indeed, there was not. However, I believed that it wouldn’t be too hard to add it. I added the missing pieces for OpenBSD, tested it on my poor Pine64 and then submitted it upstream. After a quick back and forth, the module’s author merged it into devel (having a friend working at Red Hat helped the process, merci Cyril !) A couple days later, the release engineer merged it into stable-2.7.<br>
37155 I proceeded to actually write the playbook, and then I hit a bug. The parameter reboottimeout was not recognized by Ansible. This feature would definitely be useful on a slow machine (such as the Pine64 and its dying SD card). Again, my fix was merged into master by the module’s author and then merged into stable-2.7. 2.7.1 will be the first release to feature these fixes, but if you use OpenBSD -current, you already have access to them. I backported the patches when I updated ansible.<br>
37156 Fun fact about Ansible and reboots: “The winreboot module was […] included with Ansible 2.1,” while for unix systems it wasn’t added until 2.7. :D For more details, you can read the module’s author blog article.</p>
37157 </blockquote>
37158 <ul>
37159 <li>The explanations</li>
37160 </ul>
37161 <blockquote>
37162 <p>Ansible runs my script on the remote host to fetch the sets. It creates an answer file from the template and then gives it to upobsd. Once upobsd has created the kernel, Ansible copies it in place of /bsd on the host. The router reboots and boots on /bsd, which is upobsd’s bsd.rd. The installer runs in autoupdate mode. Once it comes back from bsd.rd land, it archives the kernel and finishes by upgrading all the packages.<br>
37163 It also supports upgrading without fetching the sets ahead of time. For instance, I upgrade this way on my Pine64 because if I cared about speed, I wouldn’t use this weak computer with its dying SD card. For this case, I just comment out the pathsets variable and Ansible instead creates an answer file that will instruct the installer to fetch the sets from the designated mirror.<br>
37164 I’ve been archiving my kernels for a few years. It’s a nice way to fill up / keep a history of my upgrades. If I spot a regression, I can try a previous kernel … which may not work with the then-desynchronized userland, but that’s another story.<br>
37165 sysmerge already runs with rc.sysmerge in batch mode and sends the result by email. I don’t think there’s merit to running it again in the playbook. The only perk would be discovering in the terminal whether any files need to be manually merged, rather than reading exactly the same output in the email.<br>
37166 Initially, I used the openbsdpkg module, but it doesn’t work on -current just before a release because pkgadd automatically looks for pub/OpenBSD/${release}/packages/${arch} (which is empty). I wrote and tested this playbook while 6.4 was around the corner, so I switched to command to be able to pass the -Dsnap parameter.</p>
37167 </blockquote>
37168 <ul>
37169 <li>The result</li>
37170 </ul>
37171 <blockquote>
37172 <p>I’m very happy with the playbook! It performs the upgrade with as little intervention as possible and minimal downtime. \o/</p>
37173 </blockquote>
37174 <hr>
37175 <p>###<a href="https://dan.langille.org/2018/11/04/using-smartd-to-automatically-run-tests-on-your-drives/">Using smartd to automatically run tests on your drives</a></p>
37176 <blockquote>
37177 <p>Those programs can “control and monitor storage systems using the Self-Monitoring, Analysis and Reporting Technology System (SMART) built into most modern ATA/SATA, SCSI/SAS and NVMe disks. In many cases, these utilities will provide advanced warning of disk degradation and failure.” See the smartmontools website for more information.</p>
37178 </blockquote>
37179 <blockquote>
37180 <p>NOTE: “Due to OS-specific issues and also depending on the different state of smartmontools development on the platforms, device support is not the same for all OS platforms.” – use the documentation for your OS.</p>
37181 </blockquote>
37182 <blockquote>
37183 <p>I first started using smartd in March 2010 (according to that blog post, that’s when I still writing on both The FreeBSD Diary and this blog). Back then, and until recently, all I did was start smartd. As far as I can tell, all it did was send daily status messages via the FreeBSD periodic tools. I would set my drive devices via dailystatussmartdevices in /etc/periodic.conf and the daily status reports would include drive health information.</p>
37184 </blockquote>
37185 <ul>
37186 <li>Two types of tests</li>
37187 <li>My original abandoned attempt</li>
37188 <li>How do you prove it works?</li>
37189 <li>Looking at the test results</li>
37190 <li>Failed drive to the rescue</li>
37191 <li>smartd.conf I am using</li>
37192 <li>supernews</li>
37193 </ul>
37194 <hr>
37195 <p>##Beastie Bits</p>
37196 <ul>
37197 <li><a href="https://mwl.io/archives/3833">Decent Pics of “Relayd &amp; Httpd Mastery” signature</a></li>
37198 <li><a href="https://twitter.com/0xUID/status/1051208357850345472?s=20">A Unix Shell poster from 1983</a></li>
37199 <li><a href="https://www.meetup.com/UNIX-historians/">Cambridge UNIX historians (Cambridge, United Kingdom)</a></li>
37200 <li><a href="https://hackmd.io/Yv46aOjTS0eYk0m4YLXOTw#">Goals for FreeBSD 13</a></li>
37201 <li><a href="https://www.freebsdfoundation.org/blog/september-october-2018-issue-of-the-freebsd-journal-now-available/">September/October 2018 Issue of the FreeBSD Journal Now Available</a></li>
37202 <li><a href="https://blog.netbsd.org/tnf/entry/using_acme_sh_for_let">Using acme.sh for Let’s Encrypt certificates on pkgsrc.org servers</a></li>
37203 <li><a href="https://jonwillia.ms/2018/09/23/anycast-dns-openbsd">Deploying Anycast DNS Using OpenBSD and BGP</a></li>
37204 <li><a href="https://dataswamp.org/~solene/2017-03-17-integrity.html">How to check your data integrity?</a></li>
37205 </ul>
37206 <hr>
37207 <p>##Feedback/Questions</p>
37208 <ul>
37209 <li>Raymond - <a href="http://dpaste.com/0KNXTJF">MeetBSD California</a>
37210 <ul>
37211 <li>Dev Summit Videos: <a href="https://www.youtube.com/playlist?list=PLb87fdKUIo8TNG6f94xo9_W-XXrEbqgWI">https://www.youtube.com/playlist?list=PLb87fdKUIo8TNG6f94xo9_W-XXrEbqgWI</a></li>
37212 <li>Conference Videos: <a href="https://www.youtube.com/playlist?list=PLb87fdKUIo8Q41aoPE6vssP-uF4dxk86b">https://www.youtube.com/playlist?list=PLb87fdKUIo8Q41aoPE6vssP-uF4dxk86b</a></li>
37213 <li>Conference videos are still being processed, the rest should appear over the next few weeks.</li>
37214 </ul>
37215 </li>
37216 <li>Greg - <a href="http://dpaste.com/1W29RSK">Stable vs Release</a></li>
37217 <li>Mjrodriguez - <a href="http://dpaste.com/2XKMR6B#wrap">Open/FreeBSD support for Single Board computers</a></li>
37218 </ul>
37219 <hr>
37220 <ul>
37221 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
37222 </ul>
37223 <hr>
37224 </description>
37225 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, midnightbsd, eurobsdcon, ansible, dns</itunes:keywords>
37226 <content:encoded>
37227 <![CDATA[<p>MidnightBSD 1.0 released, MeetBSD review, EuroBSDcon trip reports, DNS over TLS in FreeBSD 12, Upgrading OpenBSD with Ansible, how to use smartd to run tests on your drives automatically, and more.</p>
37228
37229 <p>##Headlines<br>
37230 ###<a href="https://www.midnightbsd.org/news/">MidnightBSD 1.0 now available</a></p>
37231
37232 <blockquote>
37233 <p>I’m happy to announce the availability of MidnightBSD 1.0 for amd64 and i386. Over the years, many ambitious goals were set for our 1.0 release. As it approached, it was clear we wouldn’t be able to accomplish all of them. This release is more of a natural progression rather than a groundbreaking event. It includes many updates to the base system, improvements to the package manager, an updated compiler, and tools.<br>
37234 Of particular note, you can now boot off of ZFS and use NVME SSDs and some AMD Radeon graphics cards support acceleration. AMD Ryzen support has greatly improved in this release. We also have added bhyve from FreeBSD.<br>
37235 The 1.0 release is finally available. Still building packages for i386 and plan to do an amd64 package build later in the week. The single largest issue with the release process has been the web server performance. The CPU is overloaded and has been at solid 100% for several days. The server has a core i7 7700 in it. I’m trying to figure out what to buy as an upgrade so that we don’t continue to have this issue going forward. As it’s actually blocked in multiple processes, a 6 or 8 core chip might be an improvement for the workload…</p>
37236 </blockquote>
37237
37238 <ul>
37239 <li>Download links: <a href="https://www.midnightbsd.org/download/">https://www.midnightbsd.org/download/</a></li>
37240 <li><a href="https://www.youtube.com/watch?time_continue=33&v=-rlk2wFsjJ4">https://www.youtube.com/watch?time_continue=33&v=-rlk2wFsjJ4</a></li>
37241 </ul>
37242
37243 <p><hr></p>
37244
37245 <p>###<a href="https://linuxunplugged.com/articles/meetbsd2018">MeetBSD Review</a></p>
37246
37247 <blockquote>
37248 <p>MeetBSD 2018 took place at the sprawling Intel Santa Clara campus. The venue itself felt more like an olive branch than a simple friendly gesture by Intel. In truth it felt like a bit of an apology. You get the subtle sense they feel bad about how the BSD’s were treated with the Meltdown and Specter flaws. In fact, you may be right to think they felt a bit sorry towards the entire open source community.</p>
37249 </blockquote>
37250
37251 <ul>
37252 <li>MeetBSD 2018</li>
37253 </ul>
37254
37255 <blockquote>
37256 <p>At most massive venues the parking is the first concern, not so here - in fact that was rather straightforward. No, the real challenge is navigating the buildings. Luckily I had help from navigator extraordinaire, Hadea, who located the correct building, SC12 quickly. Finding the entrance took a moment or two though. The lobby itself was converted by iXsystems efficiently into the MeetBSD expo hall, clean, efficient and roomy with registration, some seating, and an extra conference room for on-on-one sessions. On day two sponsor booths were also setup. All who showed up on day one were warmly greeted with badges, lanyards and goodies by Denise and her friendly team.<br>
37257 Like every great BSD event, plenty of food was made available. And as always they make it look effortless. These events showcase iXsystem’s inherent generosity toward its community; with breakfast items in the back of the main auditorium room in the morning, boxed lunches, fruit and cookies at lunch time, and snacks for the rest of the day. But just in case your still hungry, there is a pizza meetup in another Intel room after day one and two.<br>
37258 MeetBSD leverages it’s realistically small crowd size on day one. The morning starts off with introductions of the entire group, the mic is passed around the room.<br>
37259 The group is a good mix of pros in the industry (such as Juniper, Intel, Ebay, Groupon, Cisco, etc), iX staff, and a few enthusiast. Lots of people with a focus or passion for networking. And, of course, some friendly Linux bashing went down for good measure, always followed by a good natured chuckle.</p>
37260 </blockquote>
37261
37262 <ul>
37263 <li>MeetBSD Gives me The Feels</li>
37264 </ul>
37265
37266 <blockquote>
37267 <p>I find that I am subtly unnerved at this venue, and at lunch I saw it clearly. I have always had a strong geek radar, allowing me to navigate a new area (like Berkeley for MeetBSD of 2016, or even SCALE earlier this year in Pasadena), and in a glance I can see who is from my conference and who isn’t. This means it is easy, nearly effortless to know who to greet with a smile and a wave. These are MY people. Here at the Intel campus though it is different. The drive in alone reveals behemoth complexes all with well known tech names prominently displayed. This is Silicon Valley, and all of these people look like MY people. So much for knowing who’s from my conference. Thank goodness for those infamous BSD horns. None-the-less I am struck by how massive these tech giants are. And Intel is one of the largest of those giants, and see the physical reminders of this fact brought home the significance that they had opened their doors, wifi, and bathrooms to the BSD community.</p>
37268 </blockquote>
37269
37270 <p><hr></p>
37271
37272 <p>###[EuroBSDcon 2018 Trip Reports]<br>
37273 <a href="https://www.freebsdfoundation.org/blog/eurobsd-2018-trip-report-joseph-mingrone/">https://www.freebsdfoundation.org/blog/eurobsd-2018-trip-report-joseph-mingrone/</a><br>
37274 <a href="https://www.freebsdfoundation.org/blog/eurobsd-2018-trip-report-vinicius-zavam/">https://www.freebsdfoundation.org/blog/eurobsd-2018-trip-report-vinicius-zavam/</a><br>
37275 <a href="https://www.freebsdfoundation.org/blog/eurobsd-2018-trip-report-emmanuel-vadot/">https://www.freebsdfoundation.org/blog/eurobsd-2018-trip-report-emmanuel-vadot/</a></p>
37276
37277 <p><hr></p>
37278
37279 <p>##News Roundup<br>
37280 ###<a href="https://blog.des.no/2018/10/dns-over-tls-in-freebsd-12/">DNS over TLS in FreeBSD 12</a></p>
37281
37282 <blockquote>
37283 <p>With the arrival of OpenSSL 1.1.1, an upgraded Unbound, and some changes to the setup and init scripts, FreeBSD 12.0, currently in beta, now supports DNS over TLS out of the box.<br>
37284 DNS over TLS is just what it sounds like: DNS over TCP, but wrapped in a TLS session. It encrypts your requests and the server’s replies, and optionally allows you to verify the identity of the server. The advantages are protection against eavesdropping and manipulation of your DNS traffic; the drawbacks are a slight performance degradation and potential firewall traversal issues, as it runs over a non-standard port (TCP port 853) which may be blocked on some networks. Let’s take a look at how to set it up.</p>
37285 </blockquote>
37286
37287 <ul>
37288 <li>Conclusion</li>
37289 </ul>
37290
37291 <blockquote>
37292 <p>We’ve seen how to set up Unbound—specifically, the local_unbound service in FreeBSD 12.0—to use DNS over TLS instead of plain UDP or TCP, using Cloudflare’s public DNS service as an example. We’ve looked at the performance impact, and at how to ensure (and verify) that Unbound validates the server certificate to prevent man-in-the-middle attacks.<br>
37293 The question that remains is whether it is all worth it. There is undeniably a performance hit, though this may improve with TLS 1.3. More importantly, there are currently very few DNS-over-TLS providers—only one, really, since Quad9 filter their responses—and you have to weigh the advantage of encrypting your DNS traffic against the disadvantage of sending it all to a single organization. I can’t answer that question for you, but I can tell you that the parameters are evolving quickly, and if your answer is negative today, it may not remain so for long. More providers will appear. Performance will improve with TLS 1.3 and QUIC. Within a year or two, running DNS over TLS may very well become the rule rather than the experimental exception.</p>
37294 </blockquote>
37295
37296 <p><hr></p>
37297
37298 <p>###<a href="https://chown.me/blog/upgrading-openbsd-with-ansible.html">Upgrading OpenBSD with Ansible</a></p>
37299
37300 <ul>
37301 <li>My router runs OpenBSD -current</li>
37302 </ul>
37303
37304 <blockquote>
37305 <p>A few months ago, I needed software that had just hit the ports tree. I didn’t want to wait for the next release, so I upgraded my router to use -current. Since then, I’ve continued running -current, which means upgrading to a newer snapshot every so often. Running -current is great, but the process of updating to a newer snapshot was cumbersome. Initially, I had to plug in a serial cable and then reboot into bsd.rd, hit enter ten times, then reboot, run sysmerge and update packages.<br>
37306 I eventually switched to upobsd to be able to upgrade without the need for a serial connection. The process was better, but still tiresome. Usually, I would prepare the special version of bsd.rd, boot on bsd.rd, and do something like wash the dishes in the meantime. After about ten minutes, I would dry my hands and then go back to my workstation to see whether the bsd.rd part had finished so I could run sysmerge and pkg_add, and then return to the dishes while it upgraded packages.<br>
37307 Out of laziness, I thought: “I should automate this,” but what happened instead is that I simply didn’t upgrade that machine very often. (Yes, laziness). With my router out of commission, life is very dull, because it is my gateway to the Internet. Even services hosted at my place (like my Mastodon instance) are not reachable when the router is down because I use multiple VLANs (so I need the router to jump across VLANs).</p>
37308 </blockquote>
37309
37310 <ul>
37311 <li>Ansible Reboot Module</li>
37312 </ul>
37313
37314 <blockquote>
37315 <p>I recently got a new job, and one of my first tasks was auditing the Ansible roles written by my predecessors. In one role, the machine rebooted and they used the wait_for_connection module to wait for it to come back up. That sounded quite hackish to me, so out of curiosity, I tried to determine whether there was a better way. I also thought I might be able to use something similar to further automate my OpenBSD upgrades, and wanted to assess the cleanliness of this method. ;-)<br>
37316 I learned that with the then-upcoming 2.7 Ansible release, a proper reboot module would be included. I went to the docs, which stated that for a certain parameter:<br>
37317 I took this to mean that there was no support for OpenBSD. I looked at the code and, indeed, there was not. However, I believed that it wouldn’t be too hard to add it. I added the missing pieces for OpenBSD, tested it on my poor Pine64 and then submitted it upstream. After a quick back and forth, the module’s author merged it into devel (having a friend working at Red Hat helped the process, merci Cyril !) A couple days later, the release engineer merged it into stable-2.7.<br>
37318 I proceeded to actually write the playbook, and then I hit a bug. The parameter reboot_timeout was not recognized by Ansible. This feature would definitely be useful on a slow machine (such as the Pine64 and its dying SD card). Again, my fix was merged into master by the module’s author and then merged into stable-2.7. 2.7.1 will be the first release to feature these fixes, but if you use OpenBSD -current, you already have access to them. I backported the patches when I updated ansible.<br>
37319 Fun fact about Ansible and reboots: “The win_reboot module was […] included with Ansible 2.1,” while for unix systems it wasn’t added until 2.7. :D For more details, you can read the module’s author blog article.</p>
37320 </blockquote>
37321
37322 <ul>
37323 <li>The explanations</li>
37324 </ul>
37325
37326 <blockquote>
37327 <p>Ansible runs my script on the remote host to fetch the sets. It creates an answer file from the template and then gives it to upobsd. Once upobsd has created the kernel, Ansible copies it in place of /bsd on the host. The router reboots and boots on /bsd, which is upobsd’s bsd.rd. The installer runs in auto_update mode. Once it comes back from bsd.rd land, it archives the kernel and finishes by upgrading all the packages.<br>
37328 It also supports upgrading without fetching the sets ahead of time. For instance, I upgrade this way on my Pine64 because if I cared about speed, I wouldn’t use this weak computer with its dying SD card. For this case, I just comment out the path_sets variable and Ansible instead creates an answer file that will instruct the installer to fetch the sets from the designated mirror.<br>
37329 I’ve been archiving my kernels for a few years. It’s a nice way to fill up / keep a history of my upgrades. If I spot a regression, I can try a previous kernel … which may not work with the then-desynchronized userland, but that’s another story.<br>
37330 sysmerge already runs with rc.sysmerge in batch mode and sends the result by email. I don’t think there’s merit to running it again in the playbook. The only perk would be discovering in the terminal whether any files need to be manually merged, rather than reading exactly the same output in the email.<br>
37331 Initially, I used the openbsd_pkg module, but it doesn’t work on -current just before a release because pkg_add automatically looks for pub/OpenBSD/${release}/packages/${arch} (which is empty). I wrote and tested this playbook while 6.4 was around the corner, so I switched to command to be able to pass the -Dsnap parameter.</p>
37332 </blockquote>
37333
37334 <ul>
37335 <li>The result</li>
37336 </ul>
37337
37338 <blockquote>
37339 <p>I’m very happy with the playbook! It performs the upgrade with as little intervention as possible and minimal downtime. \o/</p>
37340 </blockquote>
37341
37342 <p><hr></p>
37343
37344 <p>###<a href="https://dan.langille.org/2018/11/04/using-smartd-to-automatically-run-tests-on-your-drives/">Using smartd to automatically run tests on your drives</a></p>
37345
37346 <blockquote>
37347 <p>Those programs can “control and monitor storage systems using the Self-Monitoring, Analysis and Reporting Technology System (SMART) built into most modern ATA/SATA, SCSI/SAS and NVMe disks. In many cases, these utilities will provide advanced warning of disk degradation and failure.” See the smartmontools website for more information.</p>
37348 </blockquote>
37349
37350 <blockquote>
37351 <p>NOTE: “Due to OS-specific issues and also depending on the different state of smartmontools development on the platforms, device support is not the same for all OS platforms.” – use the documentation for your OS.</p>
37352 </blockquote>
37353
37354 <blockquote>
37355 <p>I first started using smartd in March 2010 (according to that blog post, that’s when I still writing on both The FreeBSD Diary and this blog). Back then, and until recently, all I did was start smartd. As far as I can tell, all it did was send daily status messages via the FreeBSD periodic tools. I would set my drive devices via daily_status_smart_devices in /etc/periodic.conf and the daily status reports would include drive health information.</p>
37356 </blockquote>
37357
37358 <ul>
37359 <li>Two types of tests</li>
37360 <li>My original abandoned attempt</li>
37361 <li>How do you prove it works?</li>
37362 <li>Looking at the test results</li>
37363 <li>Failed drive to the rescue</li>
37364 <li>smartd.conf I am using</li>
37365 <li>supernews</li>
37366 </ul>
37367
37368 <p><hr></p>
37369
37370 <p>##Beastie Bits</p>
37371
37372 <ul>
37373 <li><a href="https://mwl.io/archives/3833">Decent Pics of “Relayd & Httpd Mastery” signature</a></li>
37374 <li><a href="https://twitter.com/0xUID/status/1051208357850345472?s=20">A Unix Shell poster from 1983</a></li>
37375 <li><a href="https://www.meetup.com/UNIX-historians/">Cambridge UNIX historians (Cambridge, United Kingdom)</a></li>
37376 <li><a href="https://hackmd.io/Yv46aOjTS0eYk0m4YLXOTw#">Goals for FreeBSD 13</a></li>
37377 <li><a href="https://www.freebsdfoundation.org/blog/september-october-2018-issue-of-the-freebsd-journal-now-available/">September/October 2018 Issue of the FreeBSD Journal Now Available</a></li>
37378 <li><a href="https://blog.netbsd.org/tnf/entry/using_acme_sh_for_let">Using acme.sh for Let’s Encrypt certificates on pkgsrc.org servers</a></li>
37379 <li><a href="https://jonwillia.ms/2018/09/23/anycast-dns-openbsd">Deploying Anycast DNS Using OpenBSD and BGP</a></li>
37380 <li><a href="https://dataswamp.org/~solene/2017-03-17-integrity.html">How to check your data integrity?</a></li>
37381 </ul>
37382
37383 <p><hr></p>
37384
37385 <p>##Feedback/Questions</p>
37386
37387 <ul>
37388 <li>Raymond - <a href="http://dpaste.com/0KNXTJF">MeetBSD California</a>
37389 <ul>
37390 <li>Dev Summit Videos: <a href="https://www.youtube.com/playlist?list=PLb87fdKUIo8TNG6f94xo9_W-XXrEbqgWI">https://www.youtube.com/playlist?list=PLb87fdKUIo8TNG6f94xo9_W-XXrEbqgWI</a></li>
37391 <li>Conference Videos: <a href="https://www.youtube.com/playlist?list=PLb87fdKUIo8Q41aoPE6vssP-uF4dxk86b">https://www.youtube.com/playlist?list=PLb87fdKUIo8Q41aoPE6vssP-uF4dxk86b</a></li>
37392 <li>Conference videos are still being processed, the rest should appear over the next few weeks.</li>
37393 </ul>
37394
37395 <p></li><br>
37396 <li>Greg - <a href="http://dpaste.com/1W29RSK">Stable vs Release</a></li><br>
37397 <li>Mjrodriguez - <a href="http://dpaste.com/2XKMR6B#wrap">Open/FreeBSD support for Single Board computers</a></li><br>
37398 </ul><br>
37399 <hr></p>
37400
37401 <ul>
37402 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
37403 </ul>
37404
37405 <p><hr></p>]]>
37406 </content:encoded>
37407 <itunes:summary>
37408 <![CDATA[<p>MidnightBSD 1.0 released, MeetBSD review, EuroBSDcon trip reports, DNS over TLS in FreeBSD 12, Upgrading OpenBSD with Ansible, how to use smartd to run tests on your drives automatically, and more.</p>
37409
37410 <p>##Headlines<br>
37411 ###<a href="https://www.midnightbsd.org/news/">MidnightBSD 1.0 now available</a></p>
37412
37413 <blockquote>
37414 <p>I’m happy to announce the availability of MidnightBSD 1.0 for amd64 and i386. Over the years, many ambitious goals were set for our 1.0 release. As it approached, it was clear we wouldn’t be able to accomplish all of them. This release is more of a natural progression rather than a groundbreaking event. It includes many updates to the base system, improvements to the package manager, an updated compiler, and tools.<br>
37415 Of particular note, you can now boot off of ZFS and use NVME SSDs and some AMD Radeon graphics cards support acceleration. AMD Ryzen support has greatly improved in this release. We also have added bhyve from FreeBSD.<br>
37416 The 1.0 release is finally available. Still building packages for i386 and plan to do an amd64 package build later in the week. The single largest issue with the release process has been the web server performance. The CPU is overloaded and has been at solid 100% for several days. The server has a core i7 7700 in it. I’m trying to figure out what to buy as an upgrade so that we don’t continue to have this issue going forward. As it’s actually blocked in multiple processes, a 6 or 8 core chip might be an improvement for the workload…</p>
37417 </blockquote>
37418
37419 <ul>
37420 <li>Download links: <a href="https://www.midnightbsd.org/download/">https://www.midnightbsd.org/download/</a></li>
37421 <li><a href="https://www.youtube.com/watch?time_continue=33&v=-rlk2wFsjJ4">https://www.youtube.com/watch?time_continue=33&v=-rlk2wFsjJ4</a></li>
37422 </ul>
37423
37424 <p><hr></p>
37425
37426 <p>###<a href="https://linuxunplugged.com/articles/meetbsd2018">MeetBSD Review</a></p>
37427
37428 <blockquote>
37429 <p>MeetBSD 2018 took place at the sprawling Intel Santa Clara campus. The venue itself felt more like an olive branch than a simple friendly gesture by Intel. In truth it felt like a bit of an apology. You get the subtle sense they feel bad about how the BSD’s were treated with the Meltdown and Specter flaws. In fact, you may be right to think they felt a bit sorry towards the entire open source community.</p>
37430 </blockquote>
37431
37432 <ul>
37433 <li>MeetBSD 2018</li>
37434 </ul>
37435
37436 <blockquote>
37437 <p>At most massive venues the parking is the first concern, not so here - in fact that was rather straightforward. No, the real challenge is navigating the buildings. Luckily I had help from navigator extraordinaire, Hadea, who located the correct building, SC12 quickly. Finding the entrance took a moment or two though. The lobby itself was converted by iXsystems efficiently into the MeetBSD expo hall, clean, efficient and roomy with registration, some seating, and an extra conference room for on-on-one sessions. On day two sponsor booths were also setup. All who showed up on day one were warmly greeted with badges, lanyards and goodies by Denise and her friendly team.<br>
37438 Like every great BSD event, plenty of food was made available. And as always they make it look effortless. These events showcase iXsystem’s inherent generosity toward its community; with breakfast items in the back of the main auditorium room in the morning, boxed lunches, fruit and cookies at lunch time, and snacks for the rest of the day. But just in case your still hungry, there is a pizza meetup in another Intel room after day one and two.<br>
37439 MeetBSD leverages it’s realistically small crowd size on day one. The morning starts off with introductions of the entire group, the mic is passed around the room.<br>
37440 The group is a good mix of pros in the industry (such as Juniper, Intel, Ebay, Groupon, Cisco, etc), iX staff, and a few enthusiast. Lots of people with a focus or passion for networking. And, of course, some friendly Linux bashing went down for good measure, always followed by a good natured chuckle.</p>
37441 </blockquote>
37442
37443 <ul>
37444 <li>MeetBSD Gives me The Feels</li>
37445 </ul>
37446
37447 <blockquote>
37448 <p>I find that I am subtly unnerved at this venue, and at lunch I saw it clearly. I have always had a strong geek radar, allowing me to navigate a new area (like Berkeley for MeetBSD of 2016, or even SCALE earlier this year in Pasadena), and in a glance I can see who is from my conference and who isn’t. This means it is easy, nearly effortless to know who to greet with a smile and a wave. These are MY people. Here at the Intel campus though it is different. The drive in alone reveals behemoth complexes all with well known tech names prominently displayed. This is Silicon Valley, and all of these people look like MY people. So much for knowing who’s from my conference. Thank goodness for those infamous BSD horns. None-the-less I am struck by how massive these tech giants are. And Intel is one of the largest of those giants, and see the physical reminders of this fact brought home the significance that they had opened their doors, wifi, and bathrooms to the BSD community.</p>
37449 </blockquote>
37450
37451 <p><hr></p>
37452
37453 <p>###[EuroBSDcon 2018 Trip Reports]<br>
37454 <a href="https://www.freebsdfoundation.org/blog/eurobsd-2018-trip-report-joseph-mingrone/">https://www.freebsdfoundation.org/blog/eurobsd-2018-trip-report-joseph-mingrone/</a><br>
37455 <a href="https://www.freebsdfoundation.org/blog/eurobsd-2018-trip-report-vinicius-zavam/">https://www.freebsdfoundation.org/blog/eurobsd-2018-trip-report-vinicius-zavam/</a><br>
37456 <a href="https://www.freebsdfoundation.org/blog/eurobsd-2018-trip-report-emmanuel-vadot/">https://www.freebsdfoundation.org/blog/eurobsd-2018-trip-report-emmanuel-vadot/</a></p>
37457
37458 <p><hr></p>
37459
37460 <p>##News Roundup<br>
37461 ###<a href="https://blog.des.no/2018/10/dns-over-tls-in-freebsd-12/">DNS over TLS in FreeBSD 12</a></p>
37462
37463 <blockquote>
37464 <p>With the arrival of OpenSSL 1.1.1, an upgraded Unbound, and some changes to the setup and init scripts, FreeBSD 12.0, currently in beta, now supports DNS over TLS out of the box.<br>
37465 DNS over TLS is just what it sounds like: DNS over TCP, but wrapped in a TLS session. It encrypts your requests and the server’s replies, and optionally allows you to verify the identity of the server. The advantages are protection against eavesdropping and manipulation of your DNS traffic; the drawbacks are a slight performance degradation and potential firewall traversal issues, as it runs over a non-standard port (TCP port 853) which may be blocked on some networks. Let’s take a look at how to set it up.</p>
37466 </blockquote>
37467
37468 <ul>
37469 <li>Conclusion</li>
37470 </ul>
37471
37472 <blockquote>
37473 <p>We’ve seen how to set up Unbound—specifically, the local_unbound service in FreeBSD 12.0—to use DNS over TLS instead of plain UDP or TCP, using Cloudflare’s public DNS service as an example. We’ve looked at the performance impact, and at how to ensure (and verify) that Unbound validates the server certificate to prevent man-in-the-middle attacks.<br>
37474 The question that remains is whether it is all worth it. There is undeniably a performance hit, though this may improve with TLS 1.3. More importantly, there are currently very few DNS-over-TLS providers—only one, really, since Quad9 filter their responses—and you have to weigh the advantage of encrypting your DNS traffic against the disadvantage of sending it all to a single organization. I can’t answer that question for you, but I can tell you that the parameters are evolving quickly, and if your answer is negative today, it may not remain so for long. More providers will appear. Performance will improve with TLS 1.3 and QUIC. Within a year or two, running DNS over TLS may very well become the rule rather than the experimental exception.</p>
37475 </blockquote>
37476
37477 <p><hr></p>
37478
37479 <p>###<a href="https://chown.me/blog/upgrading-openbsd-with-ansible.html">Upgrading OpenBSD with Ansible</a></p>
37480
37481 <ul>
37482 <li>My router runs OpenBSD -current</li>
37483 </ul>
37484
37485 <blockquote>
37486 <p>A few months ago, I needed software that had just hit the ports tree. I didn’t want to wait for the next release, so I upgraded my router to use -current. Since then, I’ve continued running -current, which means upgrading to a newer snapshot every so often. Running -current is great, but the process of updating to a newer snapshot was cumbersome. Initially, I had to plug in a serial cable and then reboot into bsd.rd, hit enter ten times, then reboot, run sysmerge and update packages.<br>
37487 I eventually switched to upobsd to be able to upgrade without the need for a serial connection. The process was better, but still tiresome. Usually, I would prepare the special version of bsd.rd, boot on bsd.rd, and do something like wash the dishes in the meantime. After about ten minutes, I would dry my hands and then go back to my workstation to see whether the bsd.rd part had finished so I could run sysmerge and pkg_add, and then return to the dishes while it upgraded packages.<br>
37488 Out of laziness, I thought: “I should automate this,” but what happened instead is that I simply didn’t upgrade that machine very often. (Yes, laziness). With my router out of commission, life is very dull, because it is my gateway to the Internet. Even services hosted at my place (like my Mastodon instance) are not reachable when the router is down because I use multiple VLANs (so I need the router to jump across VLANs).</p>
37489 </blockquote>
37490
37491 <ul>
37492 <li>Ansible Reboot Module</li>
37493 </ul>
37494
37495 <blockquote>
37496 <p>I recently got a new job, and one of my first tasks was auditing the Ansible roles written by my predecessors. In one role, the machine rebooted and they used the wait_for_connection module to wait for it to come back up. That sounded quite hackish to me, so out of curiosity, I tried to determine whether there was a better way. I also thought I might be able to use something similar to further automate my OpenBSD upgrades, and wanted to assess the cleanliness of this method. ;-)<br>
37497 I learned that with the then-upcoming 2.7 Ansible release, a proper reboot module would be included. I went to the docs, which stated that for a certain parameter:<br>
37498 I took this to mean that there was no support for OpenBSD. I looked at the code and, indeed, there was not. However, I believed that it wouldn’t be too hard to add it. I added the missing pieces for OpenBSD, tested it on my poor Pine64 and then submitted it upstream. After a quick back and forth, the module’s author merged it into devel (having a friend working at Red Hat helped the process, merci Cyril !) A couple days later, the release engineer merged it into stable-2.7.<br>
37499 I proceeded to actually write the playbook, and then I hit a bug. The parameter reboot_timeout was not recognized by Ansible. This feature would definitely be useful on a slow machine (such as the Pine64 and its dying SD card). Again, my fix was merged into master by the module’s author and then merged into stable-2.7. 2.7.1 will be the first release to feature these fixes, but if you use OpenBSD -current, you already have access to them. I backported the patches when I updated ansible.<br>
37500 Fun fact about Ansible and reboots: “The win_reboot module was […] included with Ansible 2.1,” while for unix systems it wasn’t added until 2.7. :D For more details, you can read the module’s author blog article.</p>
37501 </blockquote>
37502
37503 <ul>
37504 <li>The explanations</li>
37505 </ul>
37506
37507 <blockquote>
37508 <p>Ansible runs my script on the remote host to fetch the sets. It creates an answer file from the template and then gives it to upobsd. Once upobsd has created the kernel, Ansible copies it in place of /bsd on the host. The router reboots and boots on /bsd, which is upobsd’s bsd.rd. The installer runs in auto_update mode. Once it comes back from bsd.rd land, it archives the kernel and finishes by upgrading all the packages.<br>
37509 It also supports upgrading without fetching the sets ahead of time. For instance, I upgrade this way on my Pine64 because if I cared about speed, I wouldn’t use this weak computer with its dying SD card. For this case, I just comment out the path_sets variable and Ansible instead creates an answer file that will instruct the installer to fetch the sets from the designated mirror.<br>
37510 I’ve been archiving my kernels for a few years. It’s a nice way to fill up / keep a history of my upgrades. If I spot a regression, I can try a previous kernel … which may not work with the then-desynchronized userland, but that’s another story.<br>
37511 sysmerge already runs with rc.sysmerge in batch mode and sends the result by email. I don’t think there’s merit to running it again in the playbook. The only perk would be discovering in the terminal whether any files need to be manually merged, rather than reading exactly the same output in the email.<br>
37512 Initially, I used the openbsd_pkg module, but it doesn’t work on -current just before a release because pkg_add automatically looks for pub/OpenBSD/${release}/packages/${arch} (which is empty). I wrote and tested this playbook while 6.4 was around the corner, so I switched to command to be able to pass the -Dsnap parameter.</p>
37513 </blockquote>
37514
37515 <ul>
37516 <li>The result</li>
37517 </ul>
37518
37519 <blockquote>
37520 <p>I’m very happy with the playbook! It performs the upgrade with as little intervention as possible and minimal downtime. \o/</p>
37521 </blockquote>
37522
37523 <p><hr></p>
37524
37525 <p>###<a href="https://dan.langille.org/2018/11/04/using-smartd-to-automatically-run-tests-on-your-drives/">Using smartd to automatically run tests on your drives</a></p>
37526
37527 <blockquote>
37528 <p>Those programs can “control and monitor storage systems using the Self-Monitoring, Analysis and Reporting Technology System (SMART) built into most modern ATA/SATA, SCSI/SAS and NVMe disks. In many cases, these utilities will provide advanced warning of disk degradation and failure.” See the smartmontools website for more information.</p>
37529 </blockquote>
37530
37531 <blockquote>
37532 <p>NOTE: “Due to OS-specific issues and also depending on the different state of smartmontools development on the platforms, device support is not the same for all OS platforms.” – use the documentation for your OS.</p>
37533 </blockquote>
37534
37535 <blockquote>
37536 <p>I first started using smartd in March 2010 (according to that blog post, that’s when I still writing on both The FreeBSD Diary and this blog). Back then, and until recently, all I did was start smartd. As far as I can tell, all it did was send daily status messages via the FreeBSD periodic tools. I would set my drive devices via daily_status_smart_devices in /etc/periodic.conf and the daily status reports would include drive health information.</p>
37537 </blockquote>
37538
37539 <ul>
37540 <li>Two types of tests</li>
37541 <li>My original abandoned attempt</li>
37542 <li>How do you prove it works?</li>
37543 <li>Looking at the test results</li>
37544 <li>Failed drive to the rescue</li>
37545 <li>smartd.conf I am using</li>
37546 <li>supernews</li>
37547 </ul>
37548
37549 <p><hr></p>
37550
37551 <p>##Beastie Bits</p>
37552
37553 <ul>
37554 <li><a href="https://mwl.io/archives/3833">Decent Pics of “Relayd & Httpd Mastery” signature</a></li>
37555 <li><a href="https://twitter.com/0xUID/status/1051208357850345472?s=20">A Unix Shell poster from 1983</a></li>
37556 <li><a href="https://www.meetup.com/UNIX-historians/">Cambridge UNIX historians (Cambridge, United Kingdom)</a></li>
37557 <li><a href="https://hackmd.io/Yv46aOjTS0eYk0m4YLXOTw#">Goals for FreeBSD 13</a></li>
37558 <li><a href="https://www.freebsdfoundation.org/blog/september-october-2018-issue-of-the-freebsd-journal-now-available/">September/October 2018 Issue of the FreeBSD Journal Now Available</a></li>
37559 <li><a href="https://blog.netbsd.org/tnf/entry/using_acme_sh_for_let">Using acme.sh for Let’s Encrypt certificates on pkgsrc.org servers</a></li>
37560 <li><a href="https://jonwillia.ms/2018/09/23/anycast-dns-openbsd">Deploying Anycast DNS Using OpenBSD and BGP</a></li>
37561 <li><a href="https://dataswamp.org/~solene/2017-03-17-integrity.html">How to check your data integrity?</a></li>
37562 </ul>
37563
37564 <p><hr></p>
37565
37566 <p>##Feedback/Questions</p>
37567
37568 <ul>
37569 <li>Raymond - <a href="http://dpaste.com/0KNXTJF">MeetBSD California</a>
37570 <ul>
37571 <li>Dev Summit Videos: <a href="https://www.youtube.com/playlist?list=PLb87fdKUIo8TNG6f94xo9_W-XXrEbqgWI">https://www.youtube.com/playlist?list=PLb87fdKUIo8TNG6f94xo9_W-XXrEbqgWI</a></li>
37572 <li>Conference Videos: <a href="https://www.youtube.com/playlist?list=PLb87fdKUIo8Q41aoPE6vssP-uF4dxk86b">https://www.youtube.com/playlist?list=PLb87fdKUIo8Q41aoPE6vssP-uF4dxk86b</a></li>
37573 <li>Conference videos are still being processed, the rest should appear over the next few weeks.</li>
37574 </ul>
37575
37576 <p></li><br>
37577 <li>Greg - <a href="http://dpaste.com/1W29RSK">Stable vs Release</a></li><br>
37578 <li>Mjrodriguez - <a href="http://dpaste.com/2XKMR6B#wrap">Open/FreeBSD support for Single Board computers</a></li><br>
37579 </ul><br>
37580 <hr></p>
37581
37582 <ul>
37583 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
37584 </ul>
37585
37586 <p><hr></p>]]>
37587 </itunes:summary>
37588 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+NbQNHfxg</fireside:playerURL>
37589 <fireside:playerEmbedCode>
37590 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+NbQNHfxg" width="740" height="200" frameborder="0" scrolling="no">]]>
37591 </fireside:playerEmbedCode>
37592 </item>
37593 <item>
37594 <title>Episode 270: Ghostly Releases | BSD Now 270</title>
37595 <link>https://www.bsdnow.tv/270</link>
37596 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-2822</guid>
37597 <pubDate>Thu, 01 Nov 2018 04:00:00 -0700</pubDate>
37598 <author>Allan Jude</author>
37599 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/83e21562-2f8c-4810-b4c6-0e8f3e36f95b.mp3" length="41653876" type="audio/mp3"/>
37600 <itunes:episodeType>full</itunes:episodeType>
37601 <itunes:author>Allan Jude</itunes:author>
37602 <itunes:subtitle>OpenBSD 6.4 released, GhostBSD RC2 released, MeetBSD - the ultimate hallway track, DragonflyBSD desktop on a Thinkpad, Porting keybase to NetBSD, OpenSSH 7.9, and draft-ietf-6man-ipv6only-flag in FreeBSD.</itunes:subtitle>
37603 <itunes:duration>1:09:07</itunes:duration>
37604 <itunes:explicit>no</itunes:explicit>
37605 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
37606 <description>OpenBSD 6.4 released, GhostBSD RC2 released, MeetBSD - the ultimate hallway track, DragonflyBSD desktop on a Thinkpad, Porting keybase to NetBSD, OpenSSH 7.9, and draft-ietf-6man-ipv6only-flag in FreeBSD.
37607 <p>##Headlines<br>
37608 <a href="https://www.openbsd.org/64.html">OpenBSD 6.4 released</a></p>
37609 <ul>
37610 <li><a href="https://www.openbsd.org/plus64.html">See a detailed log of changes between the 6.3 and 6.4 releases.</a></li>
37611 <li><a href="https://www.openbsd.org/ftp.html">See the information on the FTP page for a list of mirror machines.</a></li>
37612 <li><a href="https://www.openbsd.org/errata64.html">Have a look at the 6.4 errata page for a list of bugs and workarounds.</a></li>
37613 <li>signify(1) pubkeys for this release:</li>
37614 <li>base: RWQq6XmS4eDAcQW4KsT5Ka0KwTQp2JMOP9V/DR4HTVOL5Bc0D7LeuPwA</li>
37615 <li>fw: RWRoBbjnosJ/39llpve1XaNIrrQND4knG+jSBeIUYU8x4WNkxz6a2K97</li>
37616 <li>pkg: RWRF5TTY+LoN/51QD5kM2hKDtMTzycQBBPmPYhyQEb1+4pff/H6fh/kA</li>
37617 </ul>
37618 <hr>
37619 <p>###<a href="https://www.ghostbsd.org/18.10_RC2_release_announcement">GhostBSD 18.10 RC2 Announced</a></p>
37620 <blockquote>
37621 <p>This second release candidate of GhostBSD 18.10 is the second official release of GhostBSD with TrueOS under the hood. The official desktop of GhostBSD is MATE. However, in the future, there might be an XFCE community release, but for now, there is no community release yet.</p>
37622 </blockquote>
37623 <ul>
37624 <li>
37625 <p>What has changed since RC1</p>
37626 </li>
37627 <li>
37628 <p>Removed drm-stable-kmod and we will let users installed the propper drm-*-kmod</p>
37629 </li>
37630 <li>
37631 <p>Douglas Joachin added libva-intel-driver libva-vdpau-driver to supports accelerated some video driver for Intel</p>
37632 </li>
37633 <li>
37634 <p>Issues that got fixed</p>
37635 </li>
37636 <li>
37637 <p>Bug #70 Cannot run Octopi, missing libgksu error.</p>
37638 </li>
37639 <li>
37640 <p>Bug #71 LibreOffice doesn’t start because of missing libcurl.so.4</p>
37641 </li>
37642 <li>
37643 <p>Bug #72 libarchive is a missing dependency</p>
37644 </li>
37645 </ul>
37646 <blockquote>
37647 <p>Again thanks to iXsystems, TrueOS, Joe Maloney, Kris Moore, Ken Moore, Martin Wilke, Neville Goddard, Vester “Vic” Thacker, Douglas Joachim, Alex Lyakhov, Yetkin Degirmenci and many more who helped to make the transition from FreeBSD to TrueOS smoother.</p>
37648 </blockquote>
37649 <ul>
37650 <li>
37651 <p>Updating from RC1 to RC2:</p>
37652 </li>
37653 <li>
37654 <p>sudo pkg update -f</p>
37655 </li>
37656 <li>
37657 <p>sudo pkg install -f libarchive curl libgksu</p>
37658 </li>
37659 <li>
37660 <p>sudo pkg upgrade</p>
37661 </li>
37662 <li>
37663 <p>Where to download:</p>
37664 </li>
37665 <li>
37666 <p>All images checksum, hybrid ISO(DVD, USB) and torrent are available here: <a href="https://www.ghostbsd.org/download">https://www.ghostbsd.org/download</a></p>
37667 </li>
37668 <li>
37669 <p>[ScreenShots]</p>
37670 </li>
37671 <li>
37672 <p><a href="https://www.ghostbsd.org/sites/default/files/Screenshot_at_2018-10-20_13-22-41.png">https://www.ghostbsd.org/sites/default/files/Screenshotat2018-10-2013-22-41.png</a></p>
37673 </li>
37674 <li>
37675 <p><a href="https://www.ghostbsd.org/sites/default/files/Screenshotat2018-10-2013-27-26.png">https://www.ghostbsd.org/sites/default/files/Screenshotat2018-10-20_13-27-26.png</a></p>
37676 </li>
37677 </ul>
37678 <hr>
37679 <p>###<a href="https://www.openssh.com/txt/release-7.9">OpenSSH 7.9 has been released and it has support for OpenSSL 1.1</a></p>
37680 <pre><code>Changes since OpenSSH 7.8
37681 This is primarily a bugfix release.
37682 New Features
37683 ssh(1), sshd(8): allow most port numbers to be specified using
37684 service names from getservbyname(3) (typically /etc/services).
37685 ssh(1): allow the IdentityAgent configuration directive to accept
37686 environment variable names. This supports the use of multiple
37687 agent sockets without needing to use fixed paths.
37688 sshd(8): support signalling sessions via the SSH protocol.
37689 A limited subset of signals is supported and only for login or
37690 command sessions (i.e. not subsystems) that were not subject to
37691 a forced command via authorizedkeys or sshdconfig. bz#1424
37692 ssh(1): support &quot;ssh -Q sig&quot; to list supported signature options.
37693 Also &quot;ssh -Q help&quot; to show the full set of supported queries.
37694 ssh(1), sshd(8): add a CASignatureAlgorithms option for the
37695 client and server configs to allow control over which signature
37696 formats are allowed for CAs to sign certificates. For example,
37697 this allows banning CAs that sign certificates using the RSA-SHA1
37698 signature algorithm.
37699 sshd(8), ssh-keygen(1): allow key revocation lists (KRLs) to
37700 revoke keys specified by SHA256 hash.
37701 ssh-keygen(1): allow creation of key revocation lists directly
37702 from base64-encoded SHA256 fingerprints. This supports revoking
37703 keys using only the information contained in sshd(8)
37704 authentication log messages.
37705 Bugfixes
37706 ssh(1), ssh-keygen(1): avoid spurious &quot;invalid format&quot; errors when
37707 attempting to load PEM private keys while using an incorrect
37708 passphrase. bz#2901
37709 sshd(8): when a channel closed message is received from a client,
37710 close the stderr file descriptor at the same time stdout is
37711 closed. This avoids stuck processes if they were waiting for
37712 stderr to close and were insensitive to stdin/out closing. bz#2863
37713 ssh(1): allow ForwardX11Timeout=0 to disable the untrusted X11
37714 forwarding timeout and support X11 forwarding indefinitely.
37715 Previously the behaviour of ForwardX11Timeout=0 was undefined.
37716 sshd(8): when compiled with GSSAPI support, cache supported method
37717 OIDs regardless of whether GSSAPI authentication is enabled in the
37718 main section of sshd_config. This avoids sandbox violations if
37719 GSSAPI authentication was later enabled in a Match block. bz#2107
37720 sshd(8): do not fail closed when configured with a text key
37721 revocation list that contains a too-short key. bz#2897
37722 ssh(1): treat connections with ProxyJump specified the same as
37723 ones with a ProxyCommand set with regards to hostname
37724 canonicalisation (i.e. don't try to canonicalise the hostname
37725 unless CanonicalizeHostname is set to 'always'). bz#2896
37726 ssh(1): fix regression in OpenSSH 7.8 that could prevent public-
37727 key authentication using certificates hosted in a ssh-agent(1)
37728 or against sshd(8) from OpenSSH &lt;7.8.
37729 Portability
37730 All: support building against the openssl-1.1 API (releases 1.1.0g
37731 and later). The openssl-1.0 API will remain supported at least
37732 until OpenSSL terminates security patch support for that API version.
37733 sshd(8): allow the futex(2) syscall in the Linux seccomp sandbox;
37734 apparently required by some glibc/OpenSSL combinations.
37735 sshd(8): handle getgrouplist(3) returning more than
37736 SCNGROUPSMAX groups. Some platforms consider this limit more
37737 as a guideline.
37738 </code></pre>
37739 <hr>
37740 <p>##News Roundup</p>
37741 <p>###<a href="https://www.ixsystems.com/blog/meetbsd-2018/">MeetBSD 2018: The Ultimate Hallway Track</a></p>
37742 <blockquote>
37743 <p>Founded in Poland in 2007 and first hosted in California in 2008, MeetBSD combines formal talks with UnConference activities to provide a level of interactivity not found at any other BSD conference. The character of each MeetBSD is determined largely by its venue, ranging from Hacker Dojo in 2010 to Intel’s Santa Clara headquarters this year. The Intel SC12 building provided a beautiful auditorium and sponsors’ room, plus a cafeteria for the Friday night social event and the Saturday night FreeBSD 25th Anniversary Celebration. The formal nature of the auditorium motivated the formation of MeetBSD’s first independent Program Committee and public Call for Participation. Together these resulted in a backbone of talks presented by speakers from the USA, Canada, and Poland, combined with UnConference activities tailored to the space.</p>
37744 </blockquote>
37745 <ul>
37746 <li>MeetBSD Day 0</li>
37747 </ul>
37748 <blockquote>
37749 <p>Day Zero of MeetBSD was a FreeBSD Developer/Vendor Summit hosted in the same auditorium where the talks would take place. Like the conference itself, this event featured a mix of scheduled talks and interactive sessions. The scheduled talks were LWPMFS: LightWeight Persistent Memory Filesystem by Ravi Pokala, Evaluating GIT for FreeBSD by Ed Maste, and NUMA by Mark Johnston. Ed’s overview of the advantages and disadvantages of using Git for FreeBSD development was of the most interest to users and developers, and the discussion continued into the following two days.</p>
37750 </blockquote>
37751 <ul>
37752 <li>MeetBSD Day 1</li>
37753 </ul>
37754 <blockquote>
37755 <p>The first official day of MeetBSD 2018 was kicked off with introductions led by emcee JT Pennington and a keynote, “Using TrueOS to boot-strap your FreeBSD-based project” by Kris Moore. Kris described a new JSON-based release infrastructure that he has exercised with FreeBSD, TrueOS, and FreeNAS. Kris’ talk was followed by “Intel &amp; FreeBSD: Better Together” by Ben Widawsky, the FreeBSD program lead at Intel, who gave an overview of Intel’s past and current efforts supporting FreeBSD. Next came lunch, followed by Kamil Rytarowski’s “Bug detecting software in the NetBSD userland: MKSANITIZER”. This was followed by 5-Minute Lightning Talks, Andrew Fengler’s “FreeBSD: What to (Not) Monitor”, and an OpenZFS Panel Discussion featuring OpenZFS experts Michael W. Lucas, Allan Jude, Alexander Motin, Pawel Dawidek, and Dan Langille. Day one concluded with a social event at the Intel cafeteria where the discussions continued into the night.</p>
37756 </blockquote>
37757 <ul>
37758 <li>MeetBSD Day 2</li>
37759 </ul>
37760 <blockquote>
37761 <p>Day Two of MeetBSD 2018 kicked off with a keynote by Michael W. Lucas entitled “Why BSD?”, where Michael detailed what makes the BSD community different and why it attracts us all. This was followed by Dr. Kirk McKusick’s “The Early Days of BSD” talk, which was followed by “DTrace/dwatch in Production” by Devin Teske. After lunch, we enjoyed “A Curmudgeon’s Language Selection Criteria: Why I Don’t Write Everything in Go, Rust, Elixir, etc” by G. Clifford Williams and, “Best practices of sandboxing applications with Capsicum” by Mariusz Zaborski. I then hosted a Virtualization Panel Discussion that featured eight developers from FreeBSD, OpenBSD, and NetBSD. We then split up for Breakout Sessions and the one on Bloomberg’s controversial article on backdoored Supermicro systems was fascinating given the experts present, all of whom were skeptical of the feasibility of the attack. The day wrapped up with a final talk, “Tales of a Daemontown Performance Peddler: Why ‘it depends’ and what you can do about it” by Nick Principe, followed by the FreeBSD 25th Anniversary Celebration.</p>
37762 </blockquote>
37763 <ul>
37764 <li>Putting the “meet” in MeetBSD</li>
37765 </ul>
37766 <blockquote>
37767 <p>I confess the other organizers and I were nervous about how well one large auditorium would suit a BSD event but the flexible personal space it gave everyone allowed for countless meetings and heated hacking that often brought about immediate results. I watched people take ideas through several iterations with the help and input of obvious and unexpected experts, all of whom were within reach. Not having to pick up and leave for a talk in another room organically resulted in essentially a series of mini hackathons that none of us anticipated but were delighted to witness, taking the “hallway track” to a whole new level. The mix of formal and UnConference activities at MeetBSD is certain to evolve. Thank you to everyone who participated with questions, Lightning Talks, and Panel participation. A huge thanks to our sponsors, including Intel for both hosting and sponsoring MeetBSD California 2018, Western Digital, Supermicro, Verisign, Jupiter Broadcasting, the FreeBSD Foundation, Bank of America Merrill Lynch, the NetBSD Foundation, and the team at iXsystems.</p>
37768 </blockquote>
37769 <blockquote>
37770 <p>See you at MeetBSD 2020!</p>
37771 </blockquote>
37772 <hr>
37773 <p>###<a href="https://panoramacircle.com/2018/10/07/setup-dragonflybsd-with-a-desktop-on-real-hardware-thinkpad-t410/">Setup DragonflyBSD with a desktop on real hardware ThinkPad T410</a><br>
37774 +<a href="https://youtu.be/p4KwssNY82Q">Video Demo</a></p>
37775 <blockquote>
37776 <p>Linux has become too mainstream and standard BSD is a common thing now? How about DragonflyBSD which was created as a fork of FreeBSD 4.8 in conflict over system internals. This tutorial will show how to install it and set up a user-oriented desktop. It should work with DragonflyBSD, FreeBSD and probably all BSDs.<br>
37777 Some background: BSD was is ultimately derived from UNIX back in the days. It is not Linux even though it is similar in many ways because Linux was designed to follow UNIX principles. Seeing is believing, so check out the video of the install!<br>
37778 I did try two BSD distros before called GhostBSD and TrueOS and you can check out my short reviews. DragonflyBSD comes like FreeBSD bare bones and requires some work to get a desktop running.</p>
37779 </blockquote>
37780 <ul>
37781 <li>
37782 <p>Download image file and burn to USB drive or DVD</p>
37783 </li>
37784 <li>
37785 <p>First installation</p>
37786 </li>
37787 <li>
37788 <p>Setting up the system and installing a desktop</p>
37789 </li>
37790 <li>
37791 <p>Inside the desktop</p>
37792 </li>
37793 <li>
37794 <p>Install some more programs</p>
37795 </li>
37796 <li>
37797 <p>How to enable sound?</p>
37798 </li>
37799 <li>
37800 <p>Let’s play some free games</p>
37801 </li>
37802 <li>
37803 <p>Setup WiFi</p>
37804 </li>
37805 <li>
37806 <p>Power mode settings</p>
37807 </li>
37808 <li>
37809 <p>More to do?</p>
37810 </li>
37811 </ul>
37812 <blockquote>
37813 <p>You can check out this blog post if you want a much more detailed tutorial. If you don’t mind standard BSD, get the GhostBSD distro instead which comes with a ready-made desktop xcfe or mate and many functional presets.</p>
37814 </blockquote>
37815 <ul>
37816 <li>
37817 <p>A small summary of what we got on the upside:</p>
37818 <ul>
37819 <li>Free and open source operating system with a long history</li>
37820 <li>Drivers worked fine including Ethernet, WiFi, video 2D &amp; 3D, audio, etc</li>
37821 <li>Hammer2 advanced file system</li>
37822 <li>You are very unique if you use this OS fork</li>
37823 </ul>
37824 </li>
37825 <li>
37826 <p>Some downsides:</p>
37827 </li>
37828 <li>
37829 <p>Less driver and direct app support than Linux</p>
37830 </li>
37831 <li>
37832 <p>Installer and desktop have some traps and quirks and require work</p>
37833 </li>
37834 </ul>
37835 <hr>
37836 <p>###<a href="https://dressupgeekout.blogspot.com/2018/10/porting-keybase-to-netbsd.html">Porting Keybase to NetBSD</a></p>
37837 <blockquote>
37838 <p>Keybase significantly simplifies the whole keypair/PGP thing and makes what is usually a confusing, difficult experience actually rather pleasant. At its heart is an open-source command line utility that does all of the heavy cryptographic lifting. But it’s also hooked up to the network of all other Keybase users, so you don’t have to work very hard to maintain big keychains. Pretty cool!<br>
37839 So, this evening, I tried to get it to all work on NetBSD.<br>
37840 The Keybase client code base is, in my opinion, not very well architected… there exist many different Keybase clients (command line apps, desktop apps, mobile apps) and for some reason the code for all of them are seemingly in this single repository, without even using Git submodules. Not sure what that’s about.<br>
37841 Anyway, “go build”-ing the command line program (it’s written in Go) failed immediately because there’s some platform-specific code that just does not seem to recognize that NetBSD exists (but they do for FreeBSD and OpenBSD). Looks like the Keybase developers maintain a Golang wrapper around struct proc, which of course is different from OS to OS. So I literally just copypasted the OpenBSD wrapper, renamed it to “NetBSD”, and the build basically succeeded from there! This is of course super janky and untrustworthy, but it seems to Mostly Just Work…<br>
37842 I forked the GitHub repo, you can see the diff on top of keybase 2.7.3 here: bccaaf3096a<br>
37843 Eventually I ended up with a ~/go/bin/keybase which launches just fine. Meaning, I can main() okay. But the moment you try to do anything interesting, it looks super scary:</p>
37844 </blockquote>
37845 <pre><code>charlotte@sakuracity:~/go/bin ./keybase login
37846 ▶ WARNING Running in devel mode
37847 ▶ INFO Forking background server with pid=12932
37848 ▶ ERROR unexpected error in Login: API network error: doRetry failed,
37849 attempts: 1, timeout 5s, last err: Get
37850 http://localhost:3000//api/1.0/merkle/path.json?last=3784314&amp;loaddeleted=1&amp;loadresetchain=1&amp;poll=10&amp;sighints_low=3&amp;uid=38ae1dfa49cd6831ea2fdade5c5d0519:
37851 dial tcp [::1]:3000: connect: connection refused
37852 </code></pre>
37853 <blockquote>
37854 <p>There’s a few things about this error message that stuck out to me:</p>
37855 </blockquote>
37856 <ul>
37857 <li>Forking a background server? What?</li>
37858 <li>It’s trying to connect to localhost? That must be the server that doesn’t work …</li>
37859 </ul>
37860 <blockquote>
37861 <p>Unfortunately, this nonfunctional “background server” sticks around even when a command as simple as ‘login’ command just failed:</p>
37862 </blockquote>
37863 <pre><code>charlotte@sakuracity:~/go/bin ps 12932
37864 PID TTY STAT TIME COMMAND
37865 12932 ? Ssl 0:00.21 ./keybase --debug --log-file
37866 /home/charlotte/.cache/keybase.devel/keybase.service.log service --chdir
37867 /home/charlotte/.config/keybase.devel --auto-forked
37868 </code></pre>
37869 <blockquote>
37870 <p>I’m not exactly sure what the intended purpose of the “background server” even is, but fortunately we can kill it and even tell the keybase command to not even spawn one:</p>
37871 </blockquote>
37872 <pre><code>charlotte@sakuracity:~/go/bin ./keybase help advanced | grep -- --standalone
37873 --standalone Use the client without any daemon support.
37874 </code></pre>
37875 <blockquote>
37876 <p>And then we can fix wanting to connect to localhost by specifying an expected Keybase API server – how about the one hosted at <a href="https://keybase.io">https://keybase.io</a>?</p>
37877 </blockquote>
37878 <pre><code>charlotte@sakuracity:~/go/bin ./keybase help advanced | grep -- --server
37879 --server, -s Specify server API.
37880 </code></pre>
37881 <blockquote>
37882 <p>Basically, what I’m trying to say is that if you specify both of these options, the keybase command does what I expect on NetBSD:</p>
37883 </blockquote>
37884 <pre><code>charlotte@sakuracity:~/go/bin ./keybase --standalone -s https://keybase.io login
37885 ▶ WARNING Running in devel mode
37886 Please enter the Keybase passphrase for dressupgeekout (6+ characters):
37887 charlotte@sakuracity:~/go/bin ./keybase --standalone -s https://keybase.io id dressupgeekout
37888 ▶ WARNING Running in devel mode
37889 ▶ INFO Identifying dressupgeekout
37890 ✔ public key fingerprint: 7873 DA50 A786 9A3F 1662 3A17 20BD 8739 E82C 7F2F
37891 ✔ &quot;dressupgeekout&quot; on github:
37892 https://gist.github.com/0471c7918d254425835bf5e1b4bcda00 [cached 2018-10-11
37893 20:55:21 PDT]
37894 ✔ &quot;dressupgeekout&quot; on reddit:
37895 https://www.reddit.com/r/KeybaseProofs/comments/9ng5qm/mykeybaseproof_redditdressupgeekout/
37896 [cached 2018-10-11 20:55:21 PDT]
37897 </code></pre>
37898 <hr>
37899 <p>###<a href="https://svnweb.freebsd.org/base?view=revision&amp;revision=339929">Initial implementation of draft-ietf-6man-ipv6only-flag</a></p>
37900 <pre><code>This change defines the RA &quot;6&quot; (IPv6-Only) flag which routers
37901 may advertise, kernel logic to check if all routers on a link
37902 have the flag set and accordingly update a per-interface flag.
37903 If all routers agree that it is an IPv6-only link, etheroutputframe(),
37904 based on the interface flag, will filter out all ETHERTYPE_IP/ARP
37905 frames, drop them, and return EAFNOSUPPORT to upper layers.
37906 The change also updates ndp to show the &quot;6&quot; flag, ifconfig to
37907 display the IPV6_ONLY nd6 flag if set, and rtadvd to allow
37908 announcing the flag.
37909 Further changes to tcpdump (contrib code) are availble and will
37910 be upstreamed.
37911 Tested the code (slightly earlier version) with 2 FreeBSD
37912 IPv6 routers, a FreeBSD laptop on ethernet as well as wifi,
37913 and with Win10 and OSX clients (which did not fall over with
37914 the &quot;6&quot; flag set but not understood).
37915 We may also want to (a) implement and RX filter, and (b) over
37916 time enahnce user space to, say, stop dhclient from running
37917 when the interface flag is set. Also we might want to start
37918 IPv6 before IPv4 in the future.
37919 All the code is hidden under the EXPERIMENTAL option and not
37920 compiled by default as the draft is a work-in-progress and
37921 we cannot rely on the fact that IANA will assign the bits
37922 as requested by the draft and hence they may change.
37923 Dear 6man, you have running code.
37924 Discussed with: Bob Hinden, Brian E Carpenter
37925 </code></pre>
37926 <p>##Beastie Bits</p>
37927 <ul>
37928 <li><a href="https://dan.langille.org/2018/10/02/running-freebsd-on-osx-using-xhyve-a-port-of-bhyve/">Running FreeBSD on macOS via xhyve</a></li>
37929 <li><a href="https://mwl.io/archives/3841">Auction Winners</a></li>
37930 <li><a href="https://github.com/vedetta-com/vedetta/blob/master/src/usr/local/share/doc/vedetta/OpenSSH_Principals.md">OpenSSH Principals</a></li>
37931 <li><a href="https://undeadly.org/cgi?action=article;sid=20181018160645">OpenBSD Foundation gets a second Iridium donation from Handshake</a></li>
37932 <li><a href="https://mail-index.netbsd.org/netbsd-advocacy/2018/10/10/msg000786.html">NetBSD machines at Open Source Conference 2018 Kagawa</a></li>
37933 <li><a href="https://mwl.io/archives/3818">Absolute FreeBSD now shipping!</a></li>
37934 <li><a href="https://h3artbl33d.nl/blog/nextcloud-on-openbsd">NextCloud on OpenBSD</a></li>
37935 <li><a href="https://www.freebsd.org/news/newsflash.html#event20181027:01">FreeBSD 12.0-BETA2 Available</a></li>
37936 <li><a href="https://twitter.com/gvnn3/status/1049347862541344771">DTrace on Windows ported from FreeBSD</a></li>
37937 <li><a href="http://dpaste.com/36DFQ1S">HELBUG fall 2018 meeting scheduled - Thursday the 15th of November</a></li>
37938 <li><a href="https://translate.google.com/translate?hl=de&amp;sl=de&amp;tl=en&amp;u=https%3A%2F%2Ftickets.events.ccc.de%2F35c3%2Fintro%2F">35C3 pre-sale has started</a></li>
37939 <li><a href="https://www.meetup.com/BSD-Users-Stockholm/events/254235663/">Stockholm BSD User Meeting: Tuesday Nov 13, 18:00 - 21:30 </a></li>
37940 <li><a href="https://bsd-pl.org/en">Polish BSD User Group: Thursday Nov 15, 18:30 - 21:00 </a></li>
37941 </ul>
37942 <hr>
37943 <p>##Feedback/Questions</p>
37944 <ul>
37945 <li>Greg - <a href="http://dpaste.com/1WA54CC">Interview suggestion for the show</a></li>
37946 <li>Nelson - <a href="http://dpaste.com/21KKF7Q#wrap">Ghostscript vulnerabilities</a></li>
37947 <li>Allison - <a href="http://dpaste.com/3K6D7ST">Ports and GCC</a></li>
37948 </ul>
37949 <hr>
37950 <ul>
37951 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
37952 </ul>
37953 <hr>
37954 </description>
37955 <itunes:keywords>freebsd,openbsd,netbsd,dragonflybsd,trueos,trident,hardenedbsd,tutorial,howto,guide,bsd,interview,ghostbsd,keybase,openssh,openssl</itunes:keywords>
37956 <content:encoded>
37957 <![CDATA[<p>OpenBSD 6.4 released, GhostBSD RC2 released, MeetBSD - the ultimate hallway track, DragonflyBSD desktop on a Thinkpad, Porting keybase to NetBSD, OpenSSH 7.9, and draft-ietf-6man-ipv6only-flag in FreeBSD.</p>
37958
37959 <p>##Headlines<br>
37960 ###<a href="https://www.openbsd.org/64.html">OpenBSD 6.4 released</a></p>
37961
37962 <ul>
37963 <li><a href="https://www.openbsd.org/plus64.html">See a detailed log of changes between the 6.3 and 6.4 releases.</a></li>
37964 <li><a href="https://www.openbsd.org/ftp.html">See the information on the FTP page for a list of mirror machines.</a></li>
37965 <li><a href="https://www.openbsd.org/errata64.html">Have a look at the 6.4 errata page for a list of bugs and workarounds.</a></li>
37966 <li>signify(1) pubkeys for this release:</li>
37967 <li>base: RWQq6XmS4eDAcQW4KsT5Ka0KwTQp2JMOP9V/DR4HTVOL5Bc0D7LeuPwA</li>
37968 <li>fw: RWRoBbjnosJ/39llpve1XaNIrrQND4knG+jSBeIUYU8x4WNkxz6a2K97</li>
37969 <li>pkg: RWRF5TTY+LoN/51QD5kM2hKDtMTzycQBBPmPYhyQEb1+4pff/H6fh/kA</li>
37970 </ul>
37971
37972 <p><hr></p>
37973
37974 <p>###<a href="https://www.ghostbsd.org/18.10_RC2_release_announcement">GhostBSD 18.10 RC2 Announced</a></p>
37975
37976 <blockquote>
37977 <p>This second release candidate of GhostBSD 18.10 is the second official release of GhostBSD with TrueOS under the hood. The official desktop of GhostBSD is MATE. However, in the future, there might be an XFCE community release, but for now, there is no community release yet.</p>
37978 </blockquote>
37979
37980 <ul>
37981 <li>
37982 <p>What has changed since RC1</p>
37983 </li>
37984 <li>
37985 <p>Removed drm-stable-kmod and we will let users installed the propper drm-*-kmod</p>
37986 </li>
37987 <li>
37988 <p>Douglas Joachin added libva-intel-driver libva-vdpau-driver to supports accelerated some video driver for Intel</p>
37989 </li>
37990 <li>
37991 <p>Issues that got fixed</p>
37992 </li>
37993 <li>
37994 <p>Bug #70 Cannot run Octopi, missing libgksu error.</p>
37995 </li>
37996 <li>
37997 <p>Bug #71 LibreOffice doesn’t start because of missing libcurl.so.4</p>
37998 </li>
37999 <li>
38000 <p>Bug #72 libarchive is a missing dependency</p>
38001 </li>
38002 </ul>
38003
38004 <blockquote>
38005 <p>Again thanks to iXsystems, TrueOS, Joe Maloney, Kris Moore, Ken Moore, Martin Wilke, Neville Goddard, Vester “Vic” Thacker, Douglas Joachim, Alex Lyakhov, Yetkin Degirmenci and many more who helped to make the transition from FreeBSD to TrueOS smoother.</p>
38006 </blockquote>
38007
38008 <ul>
38009 <li>
38010 <p>Updating from RC1 to RC2:</p>
38011 </li>
38012 <li>
38013 <p>sudo pkg update -f</p>
38014 </li>
38015 <li>
38016 <p>sudo pkg install -f libarchive curl libgksu</p>
38017 </li>
38018 <li>
38019 <p>sudo pkg upgrade</p>
38020 </li>
38021 <li>
38022 <p>Where to download:</p>
38023 </li>
38024 <li>
38025 <p>All images checksum, hybrid ISO(DVD, USB) and torrent are available here: <a href="https://www.ghostbsd.org/download">https://www.ghostbsd.org/download</a></p>
38026 </li>
38027 <li>
38028 <p>[ScreenShots]</p>
38029 </li>
38030 <li>
38031 <p><a href="https://www.ghostbsd.org/sites/default/files/Screenshot_at_2018-10-20_13-22-41.png">https://www.ghostbsd.org/sites/default/files/Screenshot_at_2018-10-20_13-22-41.png</a></p>
38032 </li>
38033 <li>
38034 <p><a href="https://www.ghostbsd.org/sites/default/files/Screenshot_at_2018-10-20_13-27-26.png">https://www.ghostbsd.org/sites/default/files/Screenshot_at_2018-10-20_13-27-26.png</a></p>
38035 </li>
38036 </ul>
38037
38038 <p><hr></p>
38039
38040 <p>###<a href="https://www.openssh.com/txt/release-7.9">OpenSSH 7.9 has been released and it has support for OpenSSL 1.1</a></p>
38041
38042 <pre><code>Changes since OpenSSH 7.8
38043 =========================
38044
38045 This is primarily a bugfix release.
38046
38047 New Features
38048 ------------
38049 * ssh(1), sshd(8): allow most port numbers to be specified using
38050 service names from getservbyname(3) (typically /etc/services).
38051 * ssh(1): allow the IdentityAgent configuration directive to accept
38052 environment variable names. This supports the use of multiple
38053 agent sockets without needing to use fixed paths.
38054 * sshd(8): support signalling sessions via the SSH protocol.
38055 A limited subset of signals is supported and only for login or
38056 command sessions (i.e. not subsystems) that were not subject to
38057 a forced command via authorized_keys or sshd_config. bz#1424
38058 * ssh(1): support "ssh -Q sig" to list supported signature options.
38059 Also "ssh -Q help" to show the full set of supported queries.
38060 * ssh(1), sshd(8): add a CASignatureAlgorithms option for the
38061 client and server configs to allow control over which signature
38062 formats are allowed for CAs to sign certificates. For example,
38063 this allows banning CAs that sign certificates using the RSA-SHA1
38064 signature algorithm.
38065 * sshd(8), ssh-keygen(1): allow key revocation lists (KRLs) to
38066 revoke keys specified by SHA256 hash.
38067 * ssh-keygen(1): allow creation of key revocation lists directly
38068 from base64-encoded SHA256 fingerprints. This supports revoking
38069 keys using only the information contained in sshd(8)
38070 authentication log messages.
38071
38072 Bugfixes
38073 --------
38074
38075 * ssh(1), ssh-keygen(1): avoid spurious "invalid format" errors when
38076 attempting to load PEM private keys while using an incorrect
38077 passphrase. bz#2901
38078 * sshd(8): when a channel closed message is received from a client,
38079 close the stderr file descriptor at the same time stdout is
38080 closed. This avoids stuck processes if they were waiting for
38081 stderr to close and were insensitive to stdin/out closing. bz#2863
38082 * ssh(1): allow ForwardX11Timeout=0 to disable the untrusted X11
38083 forwarding timeout and support X11 forwarding indefinitely.
38084 Previously the behaviour of ForwardX11Timeout=0 was undefined.
38085 * sshd(8): when compiled with GSSAPI support, cache supported method
38086 OIDs regardless of whether GSSAPI authentication is enabled in the
38087 main section of sshd_config. This avoids sandbox violations if
38088 GSSAPI authentication was later enabled in a Match block. bz#2107
38089 * sshd(8): do not fail closed when configured with a text key
38090 revocation list that contains a too-short key. bz#2897
38091 * ssh(1): treat connections with ProxyJump specified the same as
38092 ones with a ProxyCommand set with regards to hostname
38093 canonicalisation (i.e. don't try to canonicalise the hostname
38094 unless CanonicalizeHostname is set to 'always'). bz#2896
38095 * ssh(1): fix regression in OpenSSH 7.8 that could prevent public-
38096 key authentication using certificates hosted in a ssh-agent(1)
38097 or against sshd(8) from OpenSSH <7.8.
38098
38099 Portability
38100 -----------
38101
38102 * All: support building against the openssl-1.1 API (releases 1.1.0g
38103 and later). The openssl-1.0 API will remain supported at least
38104 until OpenSSL terminates security patch support for that API version.
38105 * sshd(8): allow the futex(2) syscall in the Linux seccomp sandbox;
38106 apparently required by some glibc/OpenSSL combinations.
38107 * sshd(8): handle getgrouplist(3) returning more than
38108 _SC_NGROUPS_MAX groups. Some platforms consider this limit more
38109 as a guideline.
38110 </code></pre>
38111
38112 <p><hr></p>
38113
38114 <p>##News Roundup</p>
38115
38116 <p>###<a href="https://www.ixsystems.com/blog/meetbsd-2018/">MeetBSD 2018: The Ultimate Hallway Track</a></p>
38117
38118 <blockquote>
38119 <p>Founded in Poland in 2007 and first hosted in California in 2008, MeetBSD combines formal talks with UnConference activities to provide a level of interactivity not found at any other BSD conference. The character of each MeetBSD is determined largely by its venue, ranging from Hacker Dojo in 2010 to Intel’s Santa Clara headquarters this year. The Intel SC12 building provided a beautiful auditorium and sponsors’ room, plus a cafeteria for the Friday night social event and the Saturday night FreeBSD 25th Anniversary Celebration. The formal nature of the auditorium motivated the formation of MeetBSD’s first independent Program Committee and public Call for Participation. Together these resulted in a backbone of talks presented by speakers from the USA, Canada, and Poland, combined with UnConference activities tailored to the space.</p>
38120 </blockquote>
38121
38122 <ul>
38123 <li>MeetBSD Day 0</li>
38124 </ul>
38125
38126 <blockquote>
38127 <p>Day Zero of MeetBSD was a FreeBSD Developer/Vendor Summit hosted in the same auditorium where the talks would take place. Like the conference itself, this event featured a mix of scheduled talks and interactive sessions. The scheduled talks were LWPMFS: LightWeight Persistent Memory Filesystem by Ravi Pokala, Evaluating GIT for FreeBSD by Ed Maste, and NUMA by Mark Johnston. Ed’s overview of the advantages and disadvantages of using Git for FreeBSD development was of the most interest to users and developers, and the discussion continued into the following two days.</p>
38128 </blockquote>
38129
38130 <ul>
38131 <li>MeetBSD Day 1</li>
38132 </ul>
38133
38134 <blockquote>
38135 <p>The first official day of MeetBSD 2018 was kicked off with introductions led by emcee JT Pennington and a keynote, “Using TrueOS to boot-strap your FreeBSD-based project” by Kris Moore. Kris described a new JSON-based release infrastructure that he has exercised with FreeBSD, TrueOS, and FreeNAS. Kris’ talk was followed by “Intel & FreeBSD: Better Together” by Ben Widawsky, the FreeBSD program lead at Intel, who gave an overview of Intel’s past and current efforts supporting FreeBSD. Next came lunch, followed by Kamil Rytarowski’s “Bug detecting software in the NetBSD userland: MKSANITIZER”. This was followed by 5-Minute Lightning Talks, Andrew Fengler’s “FreeBSD: What to (Not) Monitor”, and an OpenZFS Panel Discussion featuring OpenZFS experts Michael W. Lucas, Allan Jude, Alexander Motin, Pawel Dawidek, and Dan Langille. Day one concluded with a social event at the Intel cafeteria where the discussions continued into the night.</p>
38136 </blockquote>
38137
38138 <ul>
38139 <li>MeetBSD Day 2</li>
38140 </ul>
38141
38142 <blockquote>
38143 <p>Day Two of MeetBSD 2018 kicked off with a keynote by Michael W. Lucas entitled “Why BSD?”, where Michael detailed what makes the BSD community different and why it attracts us all. This was followed by Dr. Kirk McKusick’s “The Early Days of BSD” talk, which was followed by “DTrace/dwatch in Production” by Devin Teske. After lunch, we enjoyed “A Curmudgeon’s Language Selection Criteria: Why I Don’t Write Everything in Go, Rust, Elixir, etc” by G. Clifford Williams and, “Best practices of sandboxing applications with Capsicum” by Mariusz Zaborski. I then hosted a Virtualization Panel Discussion that featured eight developers from FreeBSD, OpenBSD, and NetBSD. We then split up for Breakout Sessions and the one on Bloomberg’s controversial article on backdoored Supermicro systems was fascinating given the experts present, all of whom were skeptical of the feasibility of the attack. The day wrapped up with a final talk, “Tales of a Daemontown Performance Peddler: Why ‘it depends’ and what you can do about it” by Nick Principe, followed by the FreeBSD 25th Anniversary Celebration.</p>
38144 </blockquote>
38145
38146 <ul>
38147 <li>Putting the “meet” in MeetBSD</li>
38148 </ul>
38149
38150 <blockquote>
38151 <p>I confess the other organizers and I were nervous about how well one large auditorium would suit a BSD event but the flexible personal space it gave everyone allowed for countless meetings and heated hacking that often brought about immediate results. I watched people take ideas through several iterations with the help and input of obvious and unexpected experts, all of whom were within reach. Not having to pick up and leave for a talk in another room organically resulted in essentially a series of mini hackathons that none of us anticipated but were delighted to witness, taking the “hallway track” to a whole new level. The mix of formal and UnConference activities at MeetBSD is certain to evolve. Thank you to everyone who participated with questions, Lightning Talks, and Panel participation. A huge thanks to our sponsors, including Intel for both hosting and sponsoring MeetBSD California 2018, Western Digital, Supermicro, Verisign, Jupiter Broadcasting, the FreeBSD Foundation, Bank of America Merrill Lynch, the NetBSD Foundation, and the team at iXsystems.</p>
38152 </blockquote>
38153
38154 <blockquote>
38155 <p>See you at MeetBSD 2020!</p>
38156 </blockquote>
38157
38158 <p><hr></p>
38159
38160 <p>###<a href="https://panoramacircle.com/2018/10/07/setup-dragonflybsd-with-a-desktop-on-real-hardware-thinkpad-t410/">Setup DragonflyBSD with a desktop on real hardware ThinkPad T410</a><br>
38161 +<a href="https://youtu.be/p4KwssNY82Q">Video Demo</a></p>
38162
38163 <blockquote>
38164 <p>Linux has become too mainstream and standard BSD is a common thing now? How about DragonflyBSD which was created as a fork of FreeBSD 4.8 in conflict over system internals. This tutorial will show how to install it and set up a user-oriented desktop. It should work with DragonflyBSD, FreeBSD and probably all BSDs.<br>
38165 Some background: BSD was is ultimately derived from UNIX back in the days. It is not Linux even though it is similar in many ways because Linux was designed to follow UNIX principles. Seeing is believing, so check out the video of the install!<br>
38166 I did try two BSD distros before called GhostBSD and TrueOS and you can check out my short reviews. DragonflyBSD comes like FreeBSD bare bones and requires some work to get a desktop running.</p>
38167 </blockquote>
38168
38169 <ul>
38170 <li>
38171 <p>Download image file and burn to USB drive or DVD</p>
38172 </li>
38173 <li>
38174 <p>First installation</p>
38175 </li>
38176 <li>
38177 <p>Setting up the system and installing a desktop</p>
38178 </li>
38179 <li>
38180 <p>Inside the desktop</p>
38181 </li>
38182 <li>
38183 <p>Install some more programs</p>
38184 </li>
38185 <li>
38186 <p>How to enable sound?</p>
38187 </li>
38188 <li>
38189 <p>Let’s play some free games</p>
38190 </li>
38191 <li>
38192 <p>Setup WiFi</p>
38193 </li>
38194 <li>
38195 <p>Power mode settings</p>
38196 </li>
38197 <li>
38198 <p>More to do?</p>
38199 </li>
38200 </ul>
38201
38202 <blockquote>
38203 <p>You can check out this blog post if you want a much more detailed tutorial. If you don’t mind standard BSD, get the GhostBSD distro instead which comes with a ready-made desktop xcfe or mate and many functional presets.</p>
38204 </blockquote>
38205
38206 <ul>
38207 <li>
38208 <p>A small summary of what we got on the upside:</p>
38209 <ul>
38210 <li>Free and open source operating system with a long history</li>
38211 <li>Drivers worked fine including Ethernet, WiFi, video 2D & 3D, audio, etc</li>
38212 <li>Hammer2 advanced file system</li>
38213 <li>You are very unique if you use this OS fork</li>
38214 </ul>
38215
38216 <p></li><br>
38217 <li></p>
38218
38219 <p>Some downsides:</p>
38220
38221 <p></li><br>
38222 <li></p>
38223
38224 <p>Less driver and direct app support than Linux</p>
38225
38226 <p></li><br>
38227 <li></p>
38228
38229 <p>Installer and desktop have some traps and quirks and require work</p>
38230
38231 <p></li><br>
38232 </ul><br>
38233 <hr></p>
38234
38235 <p>###<a href="https://dressupgeekout.blogspot.com/2018/10/porting-keybase-to-netbsd.html">Porting Keybase to NetBSD</a></p>
38236
38237 <blockquote>
38238 <p>Keybase significantly simplifies the whole keypair/PGP thing and makes what is usually a confusing, difficult experience actually rather pleasant. At its heart is an open-source command line utility that does all of the heavy cryptographic lifting. But it’s also hooked up to the network of all other Keybase users, so you don’t have to work very hard to maintain big keychains. Pretty cool!<br>
38239 So, this evening, I tried to get it to all work on NetBSD.<br>
38240 The Keybase client code base is, in my opinion, not very well architected… there exist many different Keybase clients (command line apps, desktop apps, mobile apps) and for some reason the code for all of them are seemingly in this single repository, without even using Git submodules. Not sure what that’s about.<br>
38241 Anyway, “go build”-ing the command line program (it’s written in Go) failed immediately because there’s some platform-specific code that just does not seem to recognize that NetBSD exists (but they do for FreeBSD and OpenBSD). Looks like the Keybase developers maintain a Golang wrapper around struct proc, which of course is different from OS to OS. So I literally just copypasted the OpenBSD wrapper, renamed it to “NetBSD”, and the build basically succeeded from there! This is of course super janky and untrustworthy, but it seems to Mostly Just Work…<br>
38242 I forked the GitHub repo, you can see the diff on top of keybase 2.7.3 here: bccaaf3096a<br>
38243 Eventually I ended up with a ~/go/bin/keybase which launches just fine. Meaning, I can main() okay. But the moment you try to do anything interesting, it looks super scary:</p>
38244 </blockquote>
38245
38246 <pre><code>charlotte@sakuracity:~/go/bin ./keybase login
38247 ▶ WARNING Running in devel mode
38248 ▶ INFO Forking background server with pid=12932
38249 ▶ ERROR unexpected error in Login: API network error: doRetry failed,
38250 attempts: 1, timeout 5s, last err: Get
38251 http://localhost:3000/_/api/1.0/merkle/path.json?last=3784314&load_deleted=1&load_reset_chain=1&poll=10&sig_hints_low=3&uid=38ae1dfa49cd6831ea2fdade5c5d0519:
38252 dial tcp [::1]:3000: connect: connection refused
38253 </code></pre>
38254
38255 <blockquote>
38256 <p>There’s a few things about this error message that stuck out to me:</p>
38257 </blockquote>
38258
38259 <ul>
38260 <li>Forking a background server? What?</li>
38261 <li>It’s trying to connect to localhost? That must be the server that doesn’t work …</li>
38262 </ul>
38263
38264 <blockquote>
38265 <p>Unfortunately, this nonfunctional “background server” sticks around even when a command as simple as ‘login’ command just failed:</p>
38266 </blockquote>
38267
38268 <pre><code>charlotte@sakuracity:~/go/bin ps 12932
38269 PID TTY STAT TIME COMMAND
38270 12932 ? Ssl 0:00.21 ./keybase --debug --log-file
38271 /home/charlotte/.cache/keybase.devel/keybase.service.log service --chdir
38272 /home/charlotte/.config/keybase.devel --auto-forked
38273 </code></pre>
38274
38275 <blockquote>
38276 <p>I’m not exactly sure what the intended purpose of the “background server” even is, but fortunately we can kill it and even tell the keybase command to not even spawn one:</p>
38277 </blockquote>
38278
38279 <pre><code>charlotte@sakuracity:~/go/bin ./keybase help advanced | grep -- --standalone
38280 --standalone Use the client without any daemon support.
38281 </code></pre>
38282
38283 <blockquote>
38284 <p>And then we can fix wanting to connect to localhost by specifying an expected Keybase API server – how about the one hosted at <a href="https://keybase.io">https://keybase.io</a>?</p>
38285 </blockquote>
38286
38287 <pre><code>charlotte@sakuracity:~/go/bin ./keybase help advanced | grep -- --server
38288 --server, -s Specify server API.
38289 </code></pre>
38290
38291 <blockquote>
38292 <p>Basically, what I’m trying to say is that if you specify both of these options, the keybase command does what I expect on NetBSD:</p>
38293 </blockquote>
38294
38295 <pre><code>charlotte@sakuracity:~/go/bin ./keybase --standalone -s https://keybase.io login
38296 ▶ WARNING Running in devel mode
38297 Please enter the Keybase passphrase for dressupgeekout (6+ characters):
38298
38299 charlotte@sakuracity:~/go/bin ./keybase --standalone -s https://keybase.io id dressupgeekout
38300 ▶ WARNING Running in devel mode
38301 ▶ INFO Identifying dressupgeekout
38302 ✔ public key fingerprint: 7873 DA50 A786 9A3F 1662 3A17 20BD 8739 E82C 7F2F
38303 ✔ "dressupgeekout" on github:
38304 https://gist.github.com/0471c7918d254425835bf5e1b4bcda00 [cached 2018-10-11
38305 20:55:21 PDT]
38306 ✔ "dressupgeekout" on reddit:
38307 https://www.reddit.com/r/KeybaseProofs/comments/9ng5qm/my_keybase_proof_redditdressupgeekout/
38308 [cached 2018-10-11 20:55:21 PDT]
38309 </code></pre>
38310
38311 <p><hr></p>
38312
38313 <p>###<a href="https://svnweb.freebsd.org/base?view=revision&revision=339929">Initial implementation of draft-ietf-6man-ipv6only-flag</a></p>
38314
38315 <pre><code>This change defines the RA "6" (IPv6-Only) flag which routers
38316 may advertise, kernel logic to check if all routers on a link
38317 have the flag set and accordingly update a per-interface flag.
38318
38319 If all routers agree that it is an IPv6-only link, ether_output_frame(),
38320 based on the interface flag, will filter out all ETHERTYPE_IP/ARP
38321 frames, drop them, and return EAFNOSUPPORT to upper layers.
38322
38323 The change also updates ndp to show the "6" flag, ifconfig to
38324 display the IPV6_ONLY nd6 flag if set, and rtadvd to allow
38325 announcing the flag.
38326
38327 Further changes to tcpdump (contrib code) are availble and will
38328 be upstreamed.
38329
38330 Tested the code (slightly earlier version) with 2 FreeBSD
38331 IPv6 routers, a FreeBSD laptop on ethernet as well as wifi,
38332 and with Win10 and OSX clients (which did not fall over with
38333 the "6" flag set but not understood).
38334
38335 We may also want to (a) implement and RX filter, and (b) over
38336 time enahnce user space to, say, stop dhclient from running
38337 when the interface flag is set. Also we might want to start
38338 IPv6 before IPv4 in the future.
38339
38340 All the code is hidden under the EXPERIMENTAL option and not
38341 compiled by default as the draft is a work-in-progress and
38342 we cannot rely on the fact that IANA will assign the bits
38343 as requested by the draft and hence they may change.
38344
38345 Dear 6man, you have running code.
38346
38347 Discussed with: Bob Hinden, Brian E Carpenter
38348 </code></pre>
38349
38350 <p>##Beastie Bits</p>
38351
38352 <ul>
38353 <li><a href="https://dan.langille.org/2018/10/02/running-freebsd-on-osx-using-xhyve-a-port-of-bhyve/">Running FreeBSD on macOS via xhyve</a></li>
38354 <li><a href="https://mwl.io/archives/3841">Auction Winners</a></li>
38355 <li><a href="https://github.com/vedetta-com/vedetta/blob/master/src/usr/local/share/doc/vedetta/OpenSSH_Principals.md">OpenSSH Principals</a></li>
38356 <li><a href="https://undeadly.org/cgi?action=article;sid=20181018160645">OpenBSD Foundation gets a second Iridium donation from Handshake</a></li>
38357 <li><a href="https://mail-index.netbsd.org/netbsd-advocacy/2018/10/10/msg000786.html">NetBSD machines at Open Source Conference 2018 Kagawa</a></li>
38358 <li><a href="https://mwl.io/archives/3818">Absolute FreeBSD now shipping!</a></li>
38359 <li><a href="https://h3artbl33d.nl/blog/nextcloud-on-openbsd">NextCloud on OpenBSD</a></li>
38360 <li><a href="https://www.freebsd.org/news/newsflash.html#event20181027:01">FreeBSD 12.0-BETA2 Available</a></li>
38361 <li><a href="https://twitter.com/gvnn3/status/1049347862541344771">DTrace on Windows ported from FreeBSD</a></li>
38362 <li><a href="http://dpaste.com/36DFQ1S">HELBUG fall 2018 meeting scheduled - Thursday the 15th of November</a></li>
38363 <li><a href="https://translate.google.com/translate?hl=de&sl=de&tl=en&u=https%3A%2F%2Ftickets.events.ccc.de%2F35c3%2Fintro%2F">35C3 pre-sale has started</a></li>
38364 <li><a href="https://www.meetup.com/BSD-Users-Stockholm/events/254235663/">Stockholm BSD User Meeting: Tuesday Nov 13, 18:00 - 21:30 </a></li>
38365 <li><a href="https://bsd-pl.org/en">Polish BSD User Group: Thursday Nov 15, 18:30 - 21:00 </a></li>
38366 </ul>
38367
38368 <p><hr></p>
38369
38370 <p>##Feedback/Questions</p>
38371
38372 <ul>
38373 <li>Greg - <a href="http://dpaste.com/1WA54CC">Interview suggestion for the show</a></li>
38374 <li>Nelson - <a href="http://dpaste.com/21KKF7Q#wrap">Ghostscript vulnerabilities</a></li>
38375 <li>Allison - <a href="http://dpaste.com/3K6D7ST">Ports and GCC</a></li>
38376 </ul>
38377
38378 <p><hr></p>
38379
38380 <ul>
38381 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
38382 </ul>
38383
38384 <p><hr></p>]]>
38385 </content:encoded>
38386 <itunes:summary>
38387 <![CDATA[<p>OpenBSD 6.4 released, GhostBSD RC2 released, MeetBSD - the ultimate hallway track, DragonflyBSD desktop on a Thinkpad, Porting keybase to NetBSD, OpenSSH 7.9, and draft-ietf-6man-ipv6only-flag in FreeBSD.</p>
38388
38389 <p>##Headlines<br>
38390 ###<a href="https://www.openbsd.org/64.html">OpenBSD 6.4 released</a></p>
38391
38392 <ul>
38393 <li><a href="https://www.openbsd.org/plus64.html">See a detailed log of changes between the 6.3 and 6.4 releases.</a></li>
38394 <li><a href="https://www.openbsd.org/ftp.html">See the information on the FTP page for a list of mirror machines.</a></li>
38395 <li><a href="https://www.openbsd.org/errata64.html">Have a look at the 6.4 errata page for a list of bugs and workarounds.</a></li>
38396 <li>signify(1) pubkeys for this release:</li>
38397 <li>base: RWQq6XmS4eDAcQW4KsT5Ka0KwTQp2JMOP9V/DR4HTVOL5Bc0D7LeuPwA</li>
38398 <li>fw: RWRoBbjnosJ/39llpve1XaNIrrQND4knG+jSBeIUYU8x4WNkxz6a2K97</li>
38399 <li>pkg: RWRF5TTY+LoN/51QD5kM2hKDtMTzycQBBPmPYhyQEb1+4pff/H6fh/kA</li>
38400 </ul>
38401
38402 <p><hr></p>
38403
38404 <p>###<a href="https://www.ghostbsd.org/18.10_RC2_release_announcement">GhostBSD 18.10 RC2 Announced</a></p>
38405
38406 <blockquote>
38407 <p>This second release candidate of GhostBSD 18.10 is the second official release of GhostBSD with TrueOS under the hood. The official desktop of GhostBSD is MATE. However, in the future, there might be an XFCE community release, but for now, there is no community release yet.</p>
38408 </blockquote>
38409
38410 <ul>
38411 <li>
38412 <p>What has changed since RC1</p>
38413 </li>
38414 <li>
38415 <p>Removed drm-stable-kmod and we will let users installed the propper drm-*-kmod</p>
38416 </li>
38417 <li>
38418 <p>Douglas Joachin added libva-intel-driver libva-vdpau-driver to supports accelerated some video driver for Intel</p>
38419 </li>
38420 <li>
38421 <p>Issues that got fixed</p>
38422 </li>
38423 <li>
38424 <p>Bug #70 Cannot run Octopi, missing libgksu error.</p>
38425 </li>
38426 <li>
38427 <p>Bug #71 LibreOffice doesn’t start because of missing libcurl.so.4</p>
38428 </li>
38429 <li>
38430 <p>Bug #72 libarchive is a missing dependency</p>
38431 </li>
38432 </ul>
38433
38434 <blockquote>
38435 <p>Again thanks to iXsystems, TrueOS, Joe Maloney, Kris Moore, Ken Moore, Martin Wilke, Neville Goddard, Vester “Vic” Thacker, Douglas Joachim, Alex Lyakhov, Yetkin Degirmenci and many more who helped to make the transition from FreeBSD to TrueOS smoother.</p>
38436 </blockquote>
38437
38438 <ul>
38439 <li>
38440 <p>Updating from RC1 to RC2:</p>
38441 </li>
38442 <li>
38443 <p>sudo pkg update -f</p>
38444 </li>
38445 <li>
38446 <p>sudo pkg install -f libarchive curl libgksu</p>
38447 </li>
38448 <li>
38449 <p>sudo pkg upgrade</p>
38450 </li>
38451 <li>
38452 <p>Where to download:</p>
38453 </li>
38454 <li>
38455 <p>All images checksum, hybrid ISO(DVD, USB) and torrent are available here: <a href="https://www.ghostbsd.org/download">https://www.ghostbsd.org/download</a></p>
38456 </li>
38457 <li>
38458 <p>[ScreenShots]</p>
38459 </li>
38460 <li>
38461 <p><a href="https://www.ghostbsd.org/sites/default/files/Screenshot_at_2018-10-20_13-22-41.png">https://www.ghostbsd.org/sites/default/files/Screenshot_at_2018-10-20_13-22-41.png</a></p>
38462 </li>
38463 <li>
38464 <p><a href="https://www.ghostbsd.org/sites/default/files/Screenshot_at_2018-10-20_13-27-26.png">https://www.ghostbsd.org/sites/default/files/Screenshot_at_2018-10-20_13-27-26.png</a></p>
38465 </li>
38466 </ul>
38467
38468 <p><hr></p>
38469
38470 <p>###<a href="https://www.openssh.com/txt/release-7.9">OpenSSH 7.9 has been released and it has support for OpenSSL 1.1</a></p>
38471
38472 <pre><code>Changes since OpenSSH 7.8
38473 =========================
38474
38475 This is primarily a bugfix release.
38476
38477 New Features
38478 ------------
38479 * ssh(1), sshd(8): allow most port numbers to be specified using
38480 service names from getservbyname(3) (typically /etc/services).
38481 * ssh(1): allow the IdentityAgent configuration directive to accept
38482 environment variable names. This supports the use of multiple
38483 agent sockets without needing to use fixed paths.
38484 * sshd(8): support signalling sessions via the SSH protocol.
38485 A limited subset of signals is supported and only for login or
38486 command sessions (i.e. not subsystems) that were not subject to
38487 a forced command via authorized_keys or sshd_config. bz#1424
38488 * ssh(1): support "ssh -Q sig" to list supported signature options.
38489 Also "ssh -Q help" to show the full set of supported queries.
38490 * ssh(1), sshd(8): add a CASignatureAlgorithms option for the
38491 client and server configs to allow control over which signature
38492 formats are allowed for CAs to sign certificates. For example,
38493 this allows banning CAs that sign certificates using the RSA-SHA1
38494 signature algorithm.
38495 * sshd(8), ssh-keygen(1): allow key revocation lists (KRLs) to
38496 revoke keys specified by SHA256 hash.
38497 * ssh-keygen(1): allow creation of key revocation lists directly
38498 from base64-encoded SHA256 fingerprints. This supports revoking
38499 keys using only the information contained in sshd(8)
38500 authentication log messages.
38501
38502 Bugfixes
38503 --------
38504
38505 * ssh(1), ssh-keygen(1): avoid spurious "invalid format" errors when
38506 attempting to load PEM private keys while using an incorrect
38507 passphrase. bz#2901
38508 * sshd(8): when a channel closed message is received from a client,
38509 close the stderr file descriptor at the same time stdout is
38510 closed. This avoids stuck processes if they were waiting for
38511 stderr to close and were insensitive to stdin/out closing. bz#2863
38512 * ssh(1): allow ForwardX11Timeout=0 to disable the untrusted X11
38513 forwarding timeout and support X11 forwarding indefinitely.
38514 Previously the behaviour of ForwardX11Timeout=0 was undefined.
38515 * sshd(8): when compiled with GSSAPI support, cache supported method
38516 OIDs regardless of whether GSSAPI authentication is enabled in the
38517 main section of sshd_config. This avoids sandbox violations if
38518 GSSAPI authentication was later enabled in a Match block. bz#2107
38519 * sshd(8): do not fail closed when configured with a text key
38520 revocation list that contains a too-short key. bz#2897
38521 * ssh(1): treat connections with ProxyJump specified the same as
38522 ones with a ProxyCommand set with regards to hostname
38523 canonicalisation (i.e. don't try to canonicalise the hostname
38524 unless CanonicalizeHostname is set to 'always'). bz#2896
38525 * ssh(1): fix regression in OpenSSH 7.8 that could prevent public-
38526 key authentication using certificates hosted in a ssh-agent(1)
38527 or against sshd(8) from OpenSSH <7.8.
38528
38529 Portability
38530 -----------
38531
38532 * All: support building against the openssl-1.1 API (releases 1.1.0g
38533 and later). The openssl-1.0 API will remain supported at least
38534 until OpenSSL terminates security patch support for that API version.
38535 * sshd(8): allow the futex(2) syscall in the Linux seccomp sandbox;
38536 apparently required by some glibc/OpenSSL combinations.
38537 * sshd(8): handle getgrouplist(3) returning more than
38538 _SC_NGROUPS_MAX groups. Some platforms consider this limit more
38539 as a guideline.
38540 </code></pre>
38541
38542 <p><hr></p>
38543
38544 <p>##News Roundup</p>
38545
38546 <p>###<a href="https://www.ixsystems.com/blog/meetbsd-2018/">MeetBSD 2018: The Ultimate Hallway Track</a></p>
38547
38548 <blockquote>
38549 <p>Founded in Poland in 2007 and first hosted in California in 2008, MeetBSD combines formal talks with UnConference activities to provide a level of interactivity not found at any other BSD conference. The character of each MeetBSD is determined largely by its venue, ranging from Hacker Dojo in 2010 to Intel’s Santa Clara headquarters this year. The Intel SC12 building provided a beautiful auditorium and sponsors’ room, plus a cafeteria for the Friday night social event and the Saturday night FreeBSD 25th Anniversary Celebration. The formal nature of the auditorium motivated the formation of MeetBSD’s first independent Program Committee and public Call for Participation. Together these resulted in a backbone of talks presented by speakers from the USA, Canada, and Poland, combined with UnConference activities tailored to the space.</p>
38550 </blockquote>
38551
38552 <ul>
38553 <li>MeetBSD Day 0</li>
38554 </ul>
38555
38556 <blockquote>
38557 <p>Day Zero of MeetBSD was a FreeBSD Developer/Vendor Summit hosted in the same auditorium where the talks would take place. Like the conference itself, this event featured a mix of scheduled talks and interactive sessions. The scheduled talks were LWPMFS: LightWeight Persistent Memory Filesystem by Ravi Pokala, Evaluating GIT for FreeBSD by Ed Maste, and NUMA by Mark Johnston. Ed’s overview of the advantages and disadvantages of using Git for FreeBSD development was of the most interest to users and developers, and the discussion continued into the following two days.</p>
38558 </blockquote>
38559
38560 <ul>
38561 <li>MeetBSD Day 1</li>
38562 </ul>
38563
38564 <blockquote>
38565 <p>The first official day of MeetBSD 2018 was kicked off with introductions led by emcee JT Pennington and a keynote, “Using TrueOS to boot-strap your FreeBSD-based project” by Kris Moore. Kris described a new JSON-based release infrastructure that he has exercised with FreeBSD, TrueOS, and FreeNAS. Kris’ talk was followed by “Intel & FreeBSD: Better Together” by Ben Widawsky, the FreeBSD program lead at Intel, who gave an overview of Intel’s past and current efforts supporting FreeBSD. Next came lunch, followed by Kamil Rytarowski’s “Bug detecting software in the NetBSD userland: MKSANITIZER”. This was followed by 5-Minute Lightning Talks, Andrew Fengler’s “FreeBSD: What to (Not) Monitor”, and an OpenZFS Panel Discussion featuring OpenZFS experts Michael W. Lucas, Allan Jude, Alexander Motin, Pawel Dawidek, and Dan Langille. Day one concluded with a social event at the Intel cafeteria where the discussions continued into the night.</p>
38566 </blockquote>
38567
38568 <ul>
38569 <li>MeetBSD Day 2</li>
38570 </ul>
38571
38572 <blockquote>
38573 <p>Day Two of MeetBSD 2018 kicked off with a keynote by Michael W. Lucas entitled “Why BSD?”, where Michael detailed what makes the BSD community different and why it attracts us all. This was followed by Dr. Kirk McKusick’s “The Early Days of BSD” talk, which was followed by “DTrace/dwatch in Production” by Devin Teske. After lunch, we enjoyed “A Curmudgeon’s Language Selection Criteria: Why I Don’t Write Everything in Go, Rust, Elixir, etc” by G. Clifford Williams and, “Best practices of sandboxing applications with Capsicum” by Mariusz Zaborski. I then hosted a Virtualization Panel Discussion that featured eight developers from FreeBSD, OpenBSD, and NetBSD. We then split up for Breakout Sessions and the one on Bloomberg’s controversial article on backdoored Supermicro systems was fascinating given the experts present, all of whom were skeptical of the feasibility of the attack. The day wrapped up with a final talk, “Tales of a Daemontown Performance Peddler: Why ‘it depends’ and what you can do about it” by Nick Principe, followed by the FreeBSD 25th Anniversary Celebration.</p>
38574 </blockquote>
38575
38576 <ul>
38577 <li>Putting the “meet” in MeetBSD</li>
38578 </ul>
38579
38580 <blockquote>
38581 <p>I confess the other organizers and I were nervous about how well one large auditorium would suit a BSD event but the flexible personal space it gave everyone allowed for countless meetings and heated hacking that often brought about immediate results. I watched people take ideas through several iterations with the help and input of obvious and unexpected experts, all of whom were within reach. Not having to pick up and leave for a talk in another room organically resulted in essentially a series of mini hackathons that none of us anticipated but were delighted to witness, taking the “hallway track” to a whole new level. The mix of formal and UnConference activities at MeetBSD is certain to evolve. Thank you to everyone who participated with questions, Lightning Talks, and Panel participation. A huge thanks to our sponsors, including Intel for both hosting and sponsoring MeetBSD California 2018, Western Digital, Supermicro, Verisign, Jupiter Broadcasting, the FreeBSD Foundation, Bank of America Merrill Lynch, the NetBSD Foundation, and the team at iXsystems.</p>
38582 </blockquote>
38583
38584 <blockquote>
38585 <p>See you at MeetBSD 2020!</p>
38586 </blockquote>
38587
38588 <p><hr></p>
38589
38590 <p>###<a href="https://panoramacircle.com/2018/10/07/setup-dragonflybsd-with-a-desktop-on-real-hardware-thinkpad-t410/">Setup DragonflyBSD with a desktop on real hardware ThinkPad T410</a><br>
38591 +<a href="https://youtu.be/p4KwssNY82Q">Video Demo</a></p>
38592
38593 <blockquote>
38594 <p>Linux has become too mainstream and standard BSD is a common thing now? How about DragonflyBSD which was created as a fork of FreeBSD 4.8 in conflict over system internals. This tutorial will show how to install it and set up a user-oriented desktop. It should work with DragonflyBSD, FreeBSD and probably all BSDs.<br>
38595 Some background: BSD was is ultimately derived from UNIX back in the days. It is not Linux even though it is similar in many ways because Linux was designed to follow UNIX principles. Seeing is believing, so check out the video of the install!<br>
38596 I did try two BSD distros before called GhostBSD and TrueOS and you can check out my short reviews. DragonflyBSD comes like FreeBSD bare bones and requires some work to get a desktop running.</p>
38597 </blockquote>
38598
38599 <ul>
38600 <li>
38601 <p>Download image file and burn to USB drive or DVD</p>
38602 </li>
38603 <li>
38604 <p>First installation</p>
38605 </li>
38606 <li>
38607 <p>Setting up the system and installing a desktop</p>
38608 </li>
38609 <li>
38610 <p>Inside the desktop</p>
38611 </li>
38612 <li>
38613 <p>Install some more programs</p>
38614 </li>
38615 <li>
38616 <p>How to enable sound?</p>
38617 </li>
38618 <li>
38619 <p>Let’s play some free games</p>
38620 </li>
38621 <li>
38622 <p>Setup WiFi</p>
38623 </li>
38624 <li>
38625 <p>Power mode settings</p>
38626 </li>
38627 <li>
38628 <p>More to do?</p>
38629 </li>
38630 </ul>
38631
38632 <blockquote>
38633 <p>You can check out this blog post if you want a much more detailed tutorial. If you don’t mind standard BSD, get the GhostBSD distro instead which comes with a ready-made desktop xcfe or mate and many functional presets.</p>
38634 </blockquote>
38635
38636 <ul>
38637 <li>
38638 <p>A small summary of what we got on the upside:</p>
38639 <ul>
38640 <li>Free and open source operating system with a long history</li>
38641 <li>Drivers worked fine including Ethernet, WiFi, video 2D & 3D, audio, etc</li>
38642 <li>Hammer2 advanced file system</li>
38643 <li>You are very unique if you use this OS fork</li>
38644 </ul>
38645
38646 <p></li><br>
38647 <li></p>
38648
38649 <p>Some downsides:</p>
38650
38651 <p></li><br>
38652 <li></p>
38653
38654 <p>Less driver and direct app support than Linux</p>
38655
38656 <p></li><br>
38657 <li></p>
38658
38659 <p>Installer and desktop have some traps and quirks and require work</p>
38660
38661 <p></li><br>
38662 </ul><br>
38663 <hr></p>
38664
38665 <p>###<a href="https://dressupgeekout.blogspot.com/2018/10/porting-keybase-to-netbsd.html">Porting Keybase to NetBSD</a></p>
38666
38667 <blockquote>
38668 <p>Keybase significantly simplifies the whole keypair/PGP thing and makes what is usually a confusing, difficult experience actually rather pleasant. At its heart is an open-source command line utility that does all of the heavy cryptographic lifting. But it’s also hooked up to the network of all other Keybase users, so you don’t have to work very hard to maintain big keychains. Pretty cool!<br>
38669 So, this evening, I tried to get it to all work on NetBSD.<br>
38670 The Keybase client code base is, in my opinion, not very well architected… there exist many different Keybase clients (command line apps, desktop apps, mobile apps) and for some reason the code for all of them are seemingly in this single repository, without even using Git submodules. Not sure what that’s about.<br>
38671 Anyway, “go build”-ing the command line program (it’s written in Go) failed immediately because there’s some platform-specific code that just does not seem to recognize that NetBSD exists (but they do for FreeBSD and OpenBSD). Looks like the Keybase developers maintain a Golang wrapper around struct proc, which of course is different from OS to OS. So I literally just copypasted the OpenBSD wrapper, renamed it to “NetBSD”, and the build basically succeeded from there! This is of course super janky and untrustworthy, but it seems to Mostly Just Work…<br>
38672 I forked the GitHub repo, you can see the diff on top of keybase 2.7.3 here: bccaaf3096a<br>
38673 Eventually I ended up with a ~/go/bin/keybase which launches just fine. Meaning, I can main() okay. But the moment you try to do anything interesting, it looks super scary:</p>
38674 </blockquote>
38675
38676 <pre><code>charlotte@sakuracity:~/go/bin ./keybase login
38677 ▶ WARNING Running in devel mode
38678 ▶ INFO Forking background server with pid=12932
38679 ▶ ERROR unexpected error in Login: API network error: doRetry failed,
38680 attempts: 1, timeout 5s, last err: Get
38681 http://localhost:3000/_/api/1.0/merkle/path.json?last=3784314&load_deleted=1&load_reset_chain=1&poll=10&sig_hints_low=3&uid=38ae1dfa49cd6831ea2fdade5c5d0519:
38682 dial tcp [::1]:3000: connect: connection refused
38683 </code></pre>
38684
38685 <blockquote>
38686 <p>There’s a few things about this error message that stuck out to me:</p>
38687 </blockquote>
38688
38689 <ul>
38690 <li>Forking a background server? What?</li>
38691 <li>It’s trying to connect to localhost? That must be the server that doesn’t work …</li>
38692 </ul>
38693
38694 <blockquote>
38695 <p>Unfortunately, this nonfunctional “background server” sticks around even when a command as simple as ‘login’ command just failed:</p>
38696 </blockquote>
38697
38698 <pre><code>charlotte@sakuracity:~/go/bin ps 12932
38699 PID TTY STAT TIME COMMAND
38700 12932 ? Ssl 0:00.21 ./keybase --debug --log-file
38701 /home/charlotte/.cache/keybase.devel/keybase.service.log service --chdir
38702 /home/charlotte/.config/keybase.devel --auto-forked
38703 </code></pre>
38704
38705 <blockquote>
38706 <p>I’m not exactly sure what the intended purpose of the “background server” even is, but fortunately we can kill it and even tell the keybase command to not even spawn one:</p>
38707 </blockquote>
38708
38709 <pre><code>charlotte@sakuracity:~/go/bin ./keybase help advanced | grep -- --standalone
38710 --standalone Use the client without any daemon support.
38711 </code></pre>
38712
38713 <blockquote>
38714 <p>And then we can fix wanting to connect to localhost by specifying an expected Keybase API server – how about the one hosted at <a href="https://keybase.io">https://keybase.io</a>?</p>
38715 </blockquote>
38716
38717 <pre><code>charlotte@sakuracity:~/go/bin ./keybase help advanced | grep -- --server
38718 --server, -s Specify server API.
38719 </code></pre>
38720
38721 <blockquote>
38722 <p>Basically, what I’m trying to say is that if you specify both of these options, the keybase command does what I expect on NetBSD:</p>
38723 </blockquote>
38724
38725 <pre><code>charlotte@sakuracity:~/go/bin ./keybase --standalone -s https://keybase.io login
38726 ▶ WARNING Running in devel mode
38727 Please enter the Keybase passphrase for dressupgeekout (6+ characters):
38728
38729 charlotte@sakuracity:~/go/bin ./keybase --standalone -s https://keybase.io id dressupgeekout
38730 ▶ WARNING Running in devel mode
38731 ▶ INFO Identifying dressupgeekout
38732 ✔ public key fingerprint: 7873 DA50 A786 9A3F 1662 3A17 20BD 8739 E82C 7F2F
38733 ✔ "dressupgeekout" on github:
38734 https://gist.github.com/0471c7918d254425835bf5e1b4bcda00 [cached 2018-10-11
38735 20:55:21 PDT]
38736 ✔ "dressupgeekout" on reddit:
38737 https://www.reddit.com/r/KeybaseProofs/comments/9ng5qm/my_keybase_proof_redditdressupgeekout/
38738 [cached 2018-10-11 20:55:21 PDT]
38739 </code></pre>
38740
38741 <p><hr></p>
38742
38743 <p>###<a href="https://svnweb.freebsd.org/base?view=revision&revision=339929">Initial implementation of draft-ietf-6man-ipv6only-flag</a></p>
38744
38745 <pre><code>This change defines the RA "6" (IPv6-Only) flag which routers
38746 may advertise, kernel logic to check if all routers on a link
38747 have the flag set and accordingly update a per-interface flag.
38748
38749 If all routers agree that it is an IPv6-only link, ether_output_frame(),
38750 based on the interface flag, will filter out all ETHERTYPE_IP/ARP
38751 frames, drop them, and return EAFNOSUPPORT to upper layers.
38752
38753 The change also updates ndp to show the "6" flag, ifconfig to
38754 display the IPV6_ONLY nd6 flag if set, and rtadvd to allow
38755 announcing the flag.
38756
38757 Further changes to tcpdump (contrib code) are availble and will
38758 be upstreamed.
38759
38760 Tested the code (slightly earlier version) with 2 FreeBSD
38761 IPv6 routers, a FreeBSD laptop on ethernet as well as wifi,
38762 and with Win10 and OSX clients (which did not fall over with
38763 the "6" flag set but not understood).
38764
38765 We may also want to (a) implement and RX filter, and (b) over
38766 time enahnce user space to, say, stop dhclient from running
38767 when the interface flag is set. Also we might want to start
38768 IPv6 before IPv4 in the future.
38769
38770 All the code is hidden under the EXPERIMENTAL option and not
38771 compiled by default as the draft is a work-in-progress and
38772 we cannot rely on the fact that IANA will assign the bits
38773 as requested by the draft and hence they may change.
38774
38775 Dear 6man, you have running code.
38776
38777 Discussed with: Bob Hinden, Brian E Carpenter
38778 </code></pre>
38779
38780 <p>##Beastie Bits</p>
38781
38782 <ul>
38783 <li><a href="https://dan.langille.org/2018/10/02/running-freebsd-on-osx-using-xhyve-a-port-of-bhyve/">Running FreeBSD on macOS via xhyve</a></li>
38784 <li><a href="https://mwl.io/archives/3841">Auction Winners</a></li>
38785 <li><a href="https://github.com/vedetta-com/vedetta/blob/master/src/usr/local/share/doc/vedetta/OpenSSH_Principals.md">OpenSSH Principals</a></li>
38786 <li><a href="https://undeadly.org/cgi?action=article;sid=20181018160645">OpenBSD Foundation gets a second Iridium donation from Handshake</a></li>
38787 <li><a href="https://mail-index.netbsd.org/netbsd-advocacy/2018/10/10/msg000786.html">NetBSD machines at Open Source Conference 2018 Kagawa</a></li>
38788 <li><a href="https://mwl.io/archives/3818">Absolute FreeBSD now shipping!</a></li>
38789 <li><a href="https://h3artbl33d.nl/blog/nextcloud-on-openbsd">NextCloud on OpenBSD</a></li>
38790 <li><a href="https://www.freebsd.org/news/newsflash.html#event20181027:01">FreeBSD 12.0-BETA2 Available</a></li>
38791 <li><a href="https://twitter.com/gvnn3/status/1049347862541344771">DTrace on Windows ported from FreeBSD</a></li>
38792 <li><a href="http://dpaste.com/36DFQ1S">HELBUG fall 2018 meeting scheduled - Thursday the 15th of November</a></li>
38793 <li><a href="https://translate.google.com/translate?hl=de&sl=de&tl=en&u=https%3A%2F%2Ftickets.events.ccc.de%2F35c3%2Fintro%2F">35C3 pre-sale has started</a></li>
38794 <li><a href="https://www.meetup.com/BSD-Users-Stockholm/events/254235663/">Stockholm BSD User Meeting: Tuesday Nov 13, 18:00 - 21:30 </a></li>
38795 <li><a href="https://bsd-pl.org/en">Polish BSD User Group: Thursday Nov 15, 18:30 - 21:00 </a></li>
38796 </ul>
38797
38798 <p><hr></p>
38799
38800 <p>##Feedback/Questions</p>
38801
38802 <ul>
38803 <li>Greg - <a href="http://dpaste.com/1WA54CC">Interview suggestion for the show</a></li>
38804 <li>Nelson - <a href="http://dpaste.com/21KKF7Q#wrap">Ghostscript vulnerabilities</a></li>
38805 <li>Allison - <a href="http://dpaste.com/3K6D7ST">Ports and GCC</a></li>
38806 </ul>
38807
38808 <p><hr></p>
38809
38810 <ul>
38811 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
38812 </ul>
38813
38814 <p><hr></p>]]>
38815 </itunes:summary>
38816 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+LH8ySsnH</fireside:playerURL>
38817 <fireside:playerEmbedCode>
38818 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+LH8ySsnH" width="740" height="200" frameborder="0" scrolling="no">]]>
38819 </fireside:playerEmbedCode>
38820 </item>
38821 <item>
38822 <title>Episode 269: Tiny Daemon Lib | BSD Now 269</title>
38823 <link>https://www.bsdnow.tv/269</link>
38824 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-2747</guid>
38825 <pubDate>Wed, 24 Oct 2018 02:00:00 -0700</pubDate>
38826 <author>Allan Jude</author>
38827 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/5cd889a3-fdea-4394-a3e4-69aaa37d9ee0.mp3" length="53176544" type="audio/mp3"/>
38828 <itunes:episodeType>full</itunes:episodeType>
38829 <itunes:author>Allan Jude</itunes:author>
38830 <itunes:subtitle>FreeBSD Foundation September Update, tiny C lib for programming Unix daemons, EuroBSDcon trip reports, GhostBSD tested on real hardware, and a BSD auth module for duress.</itunes:subtitle>
38831 <itunes:duration>1:28:19</itunes:duration>
38832 <itunes:explicit>no</itunes:explicit>
38833 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
38834 <description>FreeBSD Foundation September Update, tiny C lib for programming Unix daemons, EuroBSDcon trip reports, GhostBSD tested on real hardware, and a BSD auth module for duress.
38835 <p>##Headlines<br>
38836 <a href="https://www.freebsdfoundation.org/news-and-events/newsletter/freebsd-foundation-update-september-2018/">FreeBSD Foundation Update, September 2018</a></p>
38837 <ul>
38838 <li>MESSAGE FROM THE EXECUTIVE DIRECTOR</li>
38839 </ul>
38840 <blockquote>
38841 <p>Dear FreeBSD Community Member, It is hard to believe that September is over. The Foundation team had a busy month promoting FreeBSD all over the globe, bug fixing in preparation for 12.0, and setting plans in motion to kick off our 4th quarter fundraising and advocacy efforts. Take a minute to see what we’ve been up to and please consider making a donation to help us continue our efforts supporting FreeBSD!</p>
38842 </blockquote>
38843 <ul>
38844 <li>September 2018 Development Projects Update</li>
38845 </ul>
38846 <blockquote>
38847 <p>In preparation for the release of FreeBSD 12.0, I have been working on investigating and fixing a backlog of kernel bug reports. Of course, this kind of work is never finished, and we will continue to make progress after the release. In the past couple of months I have fixed a combination of long-standing issues and recent regressions. Of note are a pair of UNIX domain socket bugs which had been affecting various applications for years. In particular, Chromium tabs would frequently hang unless a workaround was manually applied to the system, and the bug had started affecting recent versions of Firefox as well. Fixing these issues gave me an opportunity to revisit and extend our regression testing for UNIX sockets, which, in turn, resulted in some related bugs being identified and fixed.<br>
38848 Of late I have also been investigating reports of issues with ZFS, particularly, those reported on FreeBSD 11.2. A number of regressions, including a kernel memory leak and issues with ARC reclamation, have already been fixed for 12.0; investigation of other reports is ongoing. Those who closely follow FreeBSD-CURRENT know that some exciting work to improve memory usage on NUMA systems is now enabled by default. As is usually the case when new code is deployed in a diverse array of systems and workloads, a number of problems since have been identified. We are working on resolving them as soon as possible to ensure the quality of the release.<br>
38849 I’m passionate about maintaining FreeBSD’s stability and dependability as it continues to expand and grow new features, and I’m grateful to the FreeBSD Foundation for sponsoring this work. We depend on users to report problems to the mailing lists and via the bug tracker, so please try running the 12.0 candidate builds and help us make 12.0 a great release.</p>
38850 </blockquote>
38851 <ul>
38852 <li>Fundraising Update: Supporting the Project</li>
38853 </ul>
38854 <blockquote>
38855 <p>It’s officially Fall here at Foundation headquarters and we’re heading full-steam into our final fundraising campaign of the year. We couldn’t even have begun to reach our funding goal of $1.25 million dollars without the support from the companies who have partnered with us this year. Thank you to Verisign for becoming a Silver Partner. They now join a growing list of companies like Xiplink, NetApp, Microsoft, Tarsnap, VMware, and NeoSmart Technologies that are stepping up and showing their commitment to FreeBSD!<br>
38856 Funding from commercial users like these and individual users like yourself, help us continue our efforts of supporting critical areas of FreeBSD such as:</p>
38857 </blockquote>
38858 <ul>
38859 <li>Operating System Improvements: Providing staff to immediately respond to urgent problems and implement new features and functionality allowing for the innovation and stability you’ve come to rely on.</li>
38860 <li>Security: Providing engineering resources to bolster the capacity and responsiveness of the Security team providing your users with piece of mind when security issues arise.</li>
38861 <li>Release Engineering: Continue providing a full-time release engineer, resulting in timely and reliable releases you can plan around.</li>
38862 <li>Quality Assurance: Improving and increasing test coverage, continuous integration, and automated testing with a full-time software engineer to ensure you receive the highest quality, secure, and reliable operating system.</li>
38863 <li>New User Experience: Improving the process and documentation for getting new people involved with FreeBSD, and supporting those people as they become integrated into the FreeBSD Community providing the resources you may need to get new folks up to speed.</li>
38864 <li>Training: Supporting more FreeBSD training for undergraduates, graduates, and postgraduates. Growing the community means reaching people and catching their interest in systems software as early as possible and providing you with a bigger pool of candidates with the FreeBSD skills you’re looking for.</li>
38865 <li>Face-to-Face Opportunities: Facilitating collaboration among members of the community, and building connections throughout the industry to support a healthy and growing ecosystem and make it easier for you to find resources when questions emerge .</li>
38866 </ul>
38867 <blockquote>
38868 <p>We can continue the above work, if we meet our goal this year!<br>
38869 If your company uses FreeBSD, please consider joining our growing list of 2018 partners. If you haven’t made your donation yet, please consider donating today. We are indebted to the individual donors, and companies listed above who have already shown their commitment to open source.<br>
38870 Thank you for supporting FreeBSD and the Foundation!</p>
38871 </blockquote>
38872 <ul>
38873 <li>September 2018 Release Engineering Update</li>
38874 </ul>
38875 <blockquote>
38876 <p>The FreeBSD Release Engineering team continued working on the upcoming 12.0 RELEASE. At present, the 12.0 schedule had been adjusted by one week to allow for necessary works-in-progress to be completed.<br>
38877 Of note, one of the works-in-progress includes updating OpenSSL from 1.0.2 to 1.1.1, in order to avoid breaking the application binary interface (ABI) on an established stable branch.<br>
38878 Due to the level of non-trivial intrusiveness that had already been discovered and addressed in a project branch of the repository, it is possible (but not yet definite) that the schedule will need to be adjusted by another week to allow more time for larger and related updates for this particular update.<br>
38879 Should the 12.0-RELEASE schedule need to be adjusted at any time during the release cycle, the schedule on the FreeBSD project website will be updated accordingly. The current schedule is available at:<br>
38880 <a href="https://www.freebsd.org/releases/12.0R/schedule.html">https://www.freebsd.org/releases/12.0R/schedule.html</a></p>
38881 </blockquote>
38882 <ul>
38883 <li>BSDCam 2018 Trip Report: Marie Helene Kvello-Aune</li>
38884 </ul>
38885 <blockquote>
38886 <p>I’d like to start by thanking the FreeBSD Foundation for sponsoring my trip to BSDCam(bridge) 2018. I wouldn’t have managed to attend otherwise. I’ve used FreeBSD in both personal and professional deployments since the year 2000, and over the last few years I have become more involved with development and documentation.<br>
38887 I arrived in Gatwick, London at midnight. On Monday, August 13, I took the train to Cambridge, and decided to do some touristy activities as I walked from the train station to Churchill College. I ran into Allan outside the hotel right before the sky decided it was time for a heavy rainfall. Monday was mostly spent settling in, recouping after travel, and hanging out with Allan, Brad, Will and Andy later in the afternoon/evening. Read more…</p>
38888 </blockquote>
38889 <ul>
38890 <li>Continuous Integration Update</li>
38891 </ul>
38892 <blockquote>
38893 <p>The FreeBSD Foundation has sponsored the development of the Project’s continuous integration system, available at <a href="https://ci.FreeBSD.org">https://ci.FreeBSD.org</a>, since June. Over the summer, we improved both the software and hardware infrastructure, and also added some new jobs for extending test coverage of the -CURRENT and -STABLE branches. Following are some highlights.</p>
38894 </blockquote>
38895 <ul>
38896 <li>New Hardware</li>
38897 </ul>
38898 <blockquote>
38899 <p>The Foundation purchased 4 new build machines for scaling up the computation power for the various test jobs. These newer, faster machines substantially speed up the time it takes to test amd64 builds, so that failing changes can be identified more quickly. Also, in August, we received a donation of 2 PINE A64-LTS boards from <a href="http://PINE64.org">PINE64.org</a>, which will be put in the hardware test lab as one part of the continuous tests.</p>
38900 </blockquote>
38901 <ul>
38902 <li>CI Staging Environment</li>
38903 </ul>
38904 <blockquote>
38905 <p>We used hardware from a previous generation CI system to build a staging environment for the CI infrastructure, which is available at<br>
38906 <a href="https://ci-dev.freebsd.org">https://ci-dev.freebsd.org</a>. It executes the configurations and scripts from the “staging” branch of the FreeBSD-CI repository, and the development feature branches. We also use it to experiment with the new version of the jenkins server and plugins. Having a staging environment avoids affecting the production CI environment, reducing downtime.</p>
38907 </blockquote>
38908 <ul>
38909 <li>Mail Notification</li>
38910 </ul>
38911 <blockquote>
38912 <p>In July, we turned on failure notification for all the kernel and world build jobs. Committers will receive email containing the build information and failure log to inform them of possible problems with their modification on certain architectures. For amd64 of the -CURRENT branch, we also enabled the notification on failing regression test cases. Currently mail is sent only to the individual committers, but with help from postmaster team, we have created a dev-ci mailing list and will soon be also sending notifications there.</p>
38913 </blockquote>
38914 <ul>
38915 <li>New Test Job</li>
38916 </ul>
38917 <blockquote>
38918 <p>In August, we updated the embedded script of the virtual machine image. Originally it only executed pre-defined tests, but now this behavior can be modified by the data on the attached disk. This mechanism is used for adding new ZFS tests jobs. We are also working on analyzing and fixing the failing and skipped test cases.</p>
38919 </blockquote>
38920 <ul>
38921 <li>Work in Progress</li>
38922 </ul>
38923 <blockquote>
38924 <p>In August and September, we had two developer summits, one in Cambridge, UK and one in Bucharest, Romania. In these meetings, we discussed running special tests, such as ztest, which need a longer run time. We also planned the network testing for TCP/IP stack</p>
38925 </blockquote>
38926 <hr>
38927 <p>###<a href="https://chaoticlab.io/c/c++/unix/2018/10/01/daemonize.html">Daemonize - a Tiny C Library for Programming the UNIX Daemons</a></p>
38928 <blockquote>
38929 <p>Whatever they say, writing System-V style UNIX daemons is hard. One has to follow many rules to make a daemon process behave correctly on diverse UNIX flavours. Moreover, debugging such a code might be somewhat tricky. On the other hand, the process of daemon initialisation is rigid and well defined so the corresponding code has to be written and debugged once and later can be reused countless number of times.<br>
38930 Developers of BSD UNIX were very aware of this, as there a C library function daemon() was available starting from version 4.4. The function, although non-standard, is present on many UNIXes. Unfortunately, it does not follow all the required steps to reliably run a process in the background on systems which follow System-V semantics (e.g. Linux). The details are available at the corresponding Linux man page. The main problem here, as I understand it, is that daemon() does not use the double-forking technique to avoid the situation when zombie processes appear.<br>
38931 Whenever I encounter a problem like this one, I know it is time to write a tiny C library which solves it. This is exactly how ‘daemonize’ was born (GitHub mirror). The library consists of only two files which are meant to be integrated into the source tree of your project. Recently I have updated the library and realised that it would be good to describe how to use it on this site.<br>
38932 If for some reason you want to make a Windows service, I have a battle tested template code for you as well.</p>
38933 </blockquote>
38934 <ul>
38935 <li>System-V Daemon Initialisation Procedure</li>
38936 </ul>
38937 <blockquote>
38938 <p>To make discussion clear we shall quote the steps which have to be performed during a daemon initialisation (according to daemon(7) manual page on Linux). I do it to demonstrate that this task is more tricky than one might expect.</p>
38939 </blockquote>
38940 <ul>
38941 <li>
38942 <p>So, here we go:</p>
38943 </li>
38944 <li>
38945 <p>Close all open file descriptors except standard input, output, and error (i.e. the first three file descriptors 0, 1, 2). This ensures that no accidentally passed file descriptor stays around in the daemon process. On Linux, this is best implemented by iterating through /proc/self/fd, with a fallback of iterating from file descriptor 3 to the value returned by getrlimit() for RLIMITNOFILE.</p>
38946 </li>
38947 <li>
38948 <p>Reset all signal handlers to their default. This is best done by iterating through the available signals up to the limit of _NSIG and resetting them to SIGDFL.</p>
38949 </li>
38950 <li>
38951 <p>Reset the signal mask using sigprocmask().</p>
38952 </li>
38953 <li>
38954 <p>Sanitize the environment block, removing or resetting environment variables that might negatively impact daemon runtime.</p>
38955 </li>
38956 <li>
38957 <p>Call fork(), to create a background process.</p>
38958 </li>
38959 <li>
38960 <p>In the child, call setsid() to detach from any terminal and create an independent session.</p>
38961 </li>
38962 <li>
38963 <p>In the child, call fork() again, to ensure that the daemon can never re-acquire a terminal again.</p>
38964 </li>
38965 <li>
38966 <p>Call exit() in the first child, so that only the second child (the actual daemon process) stays around. This ensures that the daemon process is re-parented to init/PID 1, as all daemons should be.</p>
38967 </li>
38968 <li>
38969 <p>In the daemon process, connect /dev/null to standard input, output, and error.</p>
38970 </li>
38971 <li>
38972 <p>In the daemon process, reset the umask to 0, so that the file modes passed to open(), mkdir() and suchlike directly control the access mode of the created files and directories.</p>
38973 </li>
38974 <li>
38975 <p>In the daemon process, change the current directory to the root directory (/), in order to avoid that the daemon involuntarily blocks mount points from being unmounted.</p>
38976 </li>
38977 <li>
38978 <p>In the daemon process, write the daemon PID (as returned by getpid()) to a PID file, for example /run/foobar.pid (for a hypothetical daemon “foobar”) to ensure that the daemon cannot be started more than once. This must be implemented in race-free fashion so that the PID file is only updated when it is verified at the same time that the PID previously stored in the PID file no longer exists or belongs to a foreign process.</p>
38979 </li>
38980 <li>
38981 <p>In the daemon process, drop privileges, if possible and applicable.</p>
38982 </li>
38983 <li>
38984 <p>From the daemon process, notify the original process started that initialization is complete. This can be implemented via an unnamed pipe or similar communication channel that is created before the first fork() and hence available in both the original and the daemon process.</p>
38985 </li>
38986 <li>
38987 <p>Call exit() in the original process. The process that invoked the daemon must be able to rely on that this exit() happens after initialization is complete and all external communication channels are established and accessible.</p>
38988 </li>
38989 </ul>
38990 <blockquote>
38991 <p>The discussed library does most of the above-mentioned initialisation steps as it becomes immediately evident that implementation details for some of them heavily dependent on the internal logic of an application itself, so it is not possible to implement them in a universal library. I believe it is not a flaw, though, as the missed parts are safe to implement in an application code.</p>
38992 </blockquote>
38993 <ul>
38994 <li>The Library’s Application Programming Interface</li>
38995 </ul>
38996 <blockquote>
38997 <p>The generic programming interface was loosely modelled after above-mentioned BSD’s daemon() function. The library provides two user available functions (one is, in fact, implemented on top of the other) as well as a set of flags to control a daemon creation behaviour.</p>
38998 </blockquote>
38999 <ul>
39000 <li>Conclusion</li>
39001 </ul>
39002 <blockquote>
39003 <p>The objective of the library is to hide all the trickery of programming a daemon so you could concentrate on the more creative parts of your application. I hope it does this well.<br>
39004 If you are not only interested in writing a daemon, but also want to make yourself familiar with the techniques which are used to accomplish that, the source code is available. Moreover, I would advise anyone, who starts developing for a UNIX environment to do that, as it shows many intricacies of programming for these platforms.</p>
39005 </blockquote>
39006 <hr>
39007 <p>##News Roundup<br>
39008 <a href="https://blog.netbsd.org/tnf/entry/eurobsdcon_2018">EuroBSDCon 2018 travel report and obligatory pics</a></p>
39009 <blockquote>
39010 <p>This was my first big BSD conference. We also planned - planned might be a big word - thought about doing a devsummit on Friday. Since the people who were in charge of that had a change of plans, I was sure it’d go horribly wrong.<br>
39011 The day before the devsummit and still in the wrong country, I mentioned the hours and venue on the wiki, and booked a reservation for a restaurant.<br>
39012 It turns out that everything was totally fine, and since the devsummit was at the conference venue (that was having tutorials that day), they even had signs pointing at the room we were given. Thanks EuroBSDCon conference organizers!<br>
39013 At the devsummit, we spent some time hacking. A few people came with “travel laptops” without access to anything, like Riastradh, so I gave him access to my own laptop. This didn’t hold very long and I kinda forgot about it, but for a few moments he had access to a NetBSD source tree and an 8 thread, 16GB RAM machine with which to build things.<br>
39014 We had a short introduction and I suggested we take some pictures, so here’s the ones we got. A few people were concerned about privacy, so they’re not pictured. We had small team to hold the camera :-)<br>
39015 At the actual conference days, I stayed at the speaker hotel with the other speakers. I’ve attempted to make conversation with some visibly FreeBSD/OpenBSD people, but didn’t have plans to talk about anything, so there was a lot of just following people silently.<br>
39016 Perhaps for the next conference I’ll prepare a list of questions to random BSD people and then very obviously grab a piece of paper and ask, “what was…”, read a bit from it, and say, “your latest kernel panic?”, I’m sure it’ll be a great conversation starter.<br>
39017 At the conference itself, was pretty cool to have folks like Kirk McKusick give first person accounts of some past events (Kirk gave a talk about governance at FreeBSD), or the second keynote by Ron Broersma.<br>
39018 My own talk was hastily prepared, it was difficult to bring the topic together into a coherent talk. Nevertheless, I managed to talk about stuff for a while 40 minutes, though usually I skip over so many details that I have trouble putting together a sufficiently long talk.<br>
39019 I mentioned some of my coolest bugs to solve (I should probably make a separate article about some!). A few people asked for the slides after the talk, so I guess it wasn’t totally incoherent.<br>
39020 It was really fun to meet some of my favourite NetBSD people. I got to show off my now fairly well working laptop (it took a lot of work by all of us!).<br>
39021 After the conference I came back with a conference cold, and it took a few days to recover from it. Hopefully I didn’t infect too many people on the way back.</p>
39022 </blockquote>
39023 <hr>
39024 <p>###<a href="https://panoramacircle.com/2018/09/23/ghostbsd-tested-on-real-hardware-t410-better-than-trueos/">GhostBSD tested on real hardware T410 – better than TrueOS?</a></p>
39025 <blockquote>
39026 <p>You might have heard about FreeBSD which is ultimately derived from UNIX back in the days. It is not Linux even though it is similar in many ways because Linux was designed to follow UNIX principles. Seeing is believing, so check out the video of the install and some apps as well!</p>
39027 </blockquote>
39028 <blockquote>
39029 <p>Nowadays if you want some of that BSD on your personal desktop how to go about? Well there is a full package or distro called GhostBSD which is based on FreeBSD current with a Mate or XFCE desktop preconfigured. I did try another package called TrueOS before and you can check out my blog post as well.</p>
39030 </blockquote>
39031 <blockquote>
39032 <p>Let’s give it a try on my Lenovo ThinkPad T410. You can download the latest version from <a href="http://ghostbsd.org">ghostbsd.org</a>. Creating a bootable USB drive was surprisingly difficult as rufus did not work and created a corrupted drive. You have to follow this procedure under Windows: download the 2.5GB .iso file and rename the extension to .img. Download Win32 Disk imager and burn the img file to an USB drive and boot from it. You will be able to start a live session and use the onboard setup to install GhostBSD unto a disk.</p>
39033 </blockquote>
39034 <blockquote>
39035 <p>I did encounter some bugs or quirks along the way. The installer failed the first time for some unknown reason but worked on the second attempt. The first boot stopped upon initialization of the USB3 ports (the T410 does not have USB3) but I could use some ‘exit’ command line magic to continue. The second boot worked fine. Audio was only available through headphones, not speakers but that could partially be fixed using the command line again. Lot’s of installed apps did not show up in the start menu and on goes the quirks list.</p>
39036 </blockquote>
39037 <blockquote>
39038 <p>Overall it is still better than TrueOS for me because drivers did work very well and I could address most of the existing bugs.</p>
39039 </blockquote>
39040 <ul>
39041 <li>
39042 <p>On the upside:</p>
39043 </li>
39044 <li>
39045 <p>Free and open source FreeBSD package ready to go</p>
39046 </li>
39047 <li>
39048 <p>Mate or XFCE desktop (Mate is the only option for daily builds)</p>
39049 </li>
39050 <li>
39051 <p>Drivers work fine including LAN, WiFi, video 2D &amp; 3D, audio, etc</p>
39052 </li>
39053 <li>
39054 <p>UFS or ZFS advanced file systems available</p>
39055 </li>
39056 <li>
39057 <p>Some downsides:</p>
39058 </li>
39059 <li>
39060 <p>Less driver and direct app support than Linux</p>
39061 </li>
39062 <li>
39063 <p>Installer and desktop have some quirks and bugs</p>
39064 </li>
39065 <li>
39066 <p>App-store is cumbersome, inferior to TrueOS</p>
39067 </li>
39068 </ul>
39069 <hr>
39070 <p>##Beastie Bits</p>
39071 <ul>
39072 <li><a href="https://blog.netbsd.org/tnf/entry/eurobsdcon_2018_and_netbsd_sanitizers">EuroBSDCon 2018 and NetBSD sanitizers</a></li>
39073 <li><a href="https://undeadly.org/cgi?action=article;sid=20181002175838">New mandoc feature: -T html -O toc</a></li>
39074 <li><a href="https://www.geeklan.co.uk/?p=2307">EuroBSDcon 2018</a></li>
39075 <li><a href="https://oshogbo.vexillium.org/blog/55/">Polish BSD User Group</a></li>
39076 <li><a href="https://garbage.fm/episodes/43">garbage[43]: What year is it?</a></li>
39077 <li><a href="https://thedemoat50.org/">The Demo @ 50</a></li>
39078 <li><a href="https://youtu.be/tG8R5SQGPck?t=660">Microsoft ports DTrace from FreeBSD to Windows 10</a></li>
39079 <li><a href="https://twitter.com/openbsd">OpenBSD joins Twitter</a></li>
39080 <li><a href="https://roy.marples.name/blog/netbsd-curses-ripoffline-improvements">NetBSD curses ripoffline improvements</a></li>
39081 <li><a href="https://lists.freebsd.org/pipermail/freebsd-stable/2018-October/089717.html">FCP-0101: Deprecating most 10/100 Ethernet drivers</a></li>
39082 <li><a href="https://mail-index.netbsd.org/tech-pkg/2018/10/05/msg020326.html">Announcing the pkgsrc-2018Q3 release</a></li>
39083 <li><a href="http://www.netzbasis.de/openbsd/vmd-debian/index.html">Debian on OpenBSD vmd (without qemu or another debian system)</a></li>
39084 <li><a href="https://github.com/jcs/login_duress">A BSD authentication module for duress passwords (Joshua Stein)</a></li>
39085 <li><a href="https://twitter.com/oshogbovx/status/1019334534935007232?s=03">Disk Price/Performance Analysis</a></li>
39086 </ul>
39087 <hr>
39088 <p>##Feedback/Questions</p>
39089 <ul>
39090 <li>DJ - <a href="http://dpaste.com/0YV8WC6#wrap">Zombie ZFS</a></li>
39091 <li>Josua - <a href="http://dpaste.com/25B1EA8">arm tier 1? how to approach it</a></li>
39092 <li>-Gamah - <a href="http://dpaste.com/2SMSGPB">5ghz</a></li>
39093 </ul>
39094 <hr>
39095 <ul>
39096 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
39097 </ul>
39098 <hr>
39099 </description>
39100 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, ghostbsd, eurobsdcon, daemon</itunes:keywords>
39101 <content:encoded>
39102 <![CDATA[<p>FreeBSD Foundation September Update, tiny C lib for programming Unix daemons, EuroBSDcon trip reports, GhostBSD tested on real hardware, and a BSD auth module for duress.</p>
39103
39104 <p>##Headlines<br>
39105 ###<a href="https://www.freebsdfoundation.org/news-and-events/newsletter/freebsd-foundation-update-september-2018/">FreeBSD Foundation Update, September 2018</a></p>
39106
39107 <ul>
39108 <li>MESSAGE FROM THE EXECUTIVE DIRECTOR</li>
39109 </ul>
39110
39111 <blockquote>
39112 <p>Dear FreeBSD Community Member, It is hard to believe that September is over. The Foundation team had a busy month promoting FreeBSD all over the globe, bug fixing in preparation for 12.0, and setting plans in motion to kick off our 4th quarter fundraising and advocacy efforts. Take a minute to see what we’ve been up to and please consider making a donation to help us continue our efforts supporting FreeBSD!</p>
39113 </blockquote>
39114
39115 <ul>
39116 <li>September 2018 Development Projects Update</li>
39117 </ul>
39118
39119 <blockquote>
39120 <p>In preparation for the release of FreeBSD 12.0, I have been working on investigating and fixing a backlog of kernel bug reports. Of course, this kind of work is never finished, and we will continue to make progress after the release. In the past couple of months I have fixed a combination of long-standing issues and recent regressions. Of note are a pair of UNIX domain socket bugs which had been affecting various applications for years. In particular, Chromium tabs would frequently hang unless a workaround was manually applied to the system, and the bug had started affecting recent versions of Firefox as well. Fixing these issues gave me an opportunity to revisit and extend our regression testing for UNIX sockets, which, in turn, resulted in some related bugs being identified and fixed.<br>
39121 Of late I have also been investigating reports of issues with ZFS, particularly, those reported on FreeBSD 11.2. A number of regressions, including a kernel memory leak and issues with ARC reclamation, have already been fixed for 12.0; investigation of other reports is ongoing. Those who closely follow FreeBSD-CURRENT know that some exciting work to improve memory usage on NUMA systems is now enabled by default. As is usually the case when new code is deployed in a diverse array of systems and workloads, a number of problems since have been identified. We are working on resolving them as soon as possible to ensure the quality of the release.<br>
39122 I’m passionate about maintaining FreeBSD’s stability and dependability as it continues to expand and grow new features, and I’m grateful to the FreeBSD Foundation for sponsoring this work. We depend on users to report problems to the mailing lists and via the bug tracker, so please try running the 12.0 candidate builds and help us make 12.0 a great release.</p>
39123 </blockquote>
39124
39125 <ul>
39126 <li>Fundraising Update: Supporting the Project</li>
39127 </ul>
39128
39129 <blockquote>
39130 <p>It’s officially Fall here at Foundation headquarters and we’re heading full-steam into our final fundraising campaign of the year. We couldn’t even have begun to reach our funding goal of $1.25 million dollars without the support from the companies who have partnered with us this year. Thank you to Verisign for becoming a Silver Partner. They now join a growing list of companies like Xiplink, NetApp, Microsoft, Tarsnap, VMware, and NeoSmart Technologies that are stepping up and showing their commitment to FreeBSD!<br>
39131 Funding from commercial users like these and individual users like yourself, help us continue our efforts of supporting critical areas of FreeBSD such as:</p>
39132 </blockquote>
39133
39134 <ul>
39135 <li>Operating System Improvements: Providing staff to immediately respond to urgent problems and implement new features and functionality allowing for the innovation and stability you’ve come to rely on.</li>
39136 <li>Security: Providing engineering resources to bolster the capacity and responsiveness of the Security team providing your users with piece of mind when security issues arise.</li>
39137 <li>Release Engineering: Continue providing a full-time release engineer, resulting in timely and reliable releases you can plan around.</li>
39138 <li>Quality Assurance: Improving and increasing test coverage, continuous integration, and automated testing with a full-time software engineer to ensure you receive the highest quality, secure, and reliable operating system.</li>
39139 <li>New User Experience: Improving the process and documentation for getting new people involved with FreeBSD, and supporting those people as they become integrated into the FreeBSD Community providing the resources you may need to get new folks up to speed.</li>
39140 <li>Training: Supporting more FreeBSD training for undergraduates, graduates, and postgraduates. Growing the community means reaching people and catching their interest in systems software as early as possible and providing you with a bigger pool of candidates with the FreeBSD skills you’re looking for.</li>
39141 <li>Face-to-Face Opportunities: Facilitating collaboration among members of the community, and building connections throughout the industry to support a healthy and growing ecosystem and make it easier for you to find resources when questions emerge .</li>
39142 </ul>
39143
39144 <blockquote>
39145 <p>We can continue the above work, if we meet our goal this year!<br>
39146 If your company uses FreeBSD, please consider joining our growing list of 2018 partners. If you haven’t made your donation yet, please consider donating today. We are indebted to the individual donors, and companies listed above who have already shown their commitment to open source.<br>
39147 Thank you for supporting FreeBSD and the Foundation!</p>
39148 </blockquote>
39149
39150 <ul>
39151 <li>September 2018 Release Engineering Update</li>
39152 </ul>
39153
39154 <blockquote>
39155 <p>The FreeBSD Release Engineering team continued working on the upcoming 12.0 RELEASE. At present, the 12.0 schedule had been adjusted by one week to allow for necessary works-in-progress to be completed.<br>
39156 Of note, one of the works-in-progress includes updating OpenSSL from 1.0.2 to 1.1.1, in order to avoid breaking the application binary interface (ABI) on an established stable branch.<br>
39157 Due to the level of non-trivial intrusiveness that had already been discovered and addressed in a project branch of the repository, it is possible (but not yet definite) that the schedule will need to be adjusted by another week to allow more time for larger and related updates for this particular update.<br>
39158 Should the 12.0-RELEASE schedule need to be adjusted at any time during the release cycle, the schedule on the FreeBSD project website will be updated accordingly. The current schedule is available at:<br>
39159 <a href="https://www.freebsd.org/releases/12.0R/schedule.html">https://www.freebsd.org/releases/12.0R/schedule.html</a></p>
39160 </blockquote>
39161
39162 <ul>
39163 <li>BSDCam 2018 Trip Report: Marie Helene Kvello-Aune</li>
39164 </ul>
39165
39166 <blockquote>
39167 <p>I’d like to start by thanking the FreeBSD Foundation for sponsoring my trip to BSDCam(bridge) 2018. I wouldn’t have managed to attend otherwise. I’ve used FreeBSD in both personal and professional deployments since the year 2000, and over the last few years I have become more involved with development and documentation.<br>
39168 I arrived in Gatwick, London at midnight. On Monday, August 13, I took the train to Cambridge, and decided to do some touristy activities as I walked from the train station to Churchill College. I ran into Allan outside the hotel right before the sky decided it was time for a heavy rainfall. Monday was mostly spent settling in, recouping after travel, and hanging out with Allan, Brad, Will and Andy later in the afternoon/evening. Read more…</p>
39169 </blockquote>
39170
39171 <ul>
39172 <li>Continuous Integration Update</li>
39173 </ul>
39174
39175 <blockquote>
39176 <p>The FreeBSD Foundation has sponsored the development of the Project’s continuous integration system, available at <a href="https://ci.FreeBSD.org">https://ci.FreeBSD.org</a>, since June. Over the summer, we improved both the software and hardware infrastructure, and also added some new jobs for extending test coverage of the -CURRENT and -STABLE branches. Following are some highlights.</p>
39177 </blockquote>
39178
39179 <ul>
39180 <li>New Hardware</li>
39181 </ul>
39182
39183 <blockquote>
39184 <p>The Foundation purchased 4 new build machines for scaling up the computation power for the various test jobs. These newer, faster machines substantially speed up the time it takes to test amd64 builds, so that failing changes can be identified more quickly. Also, in August, we received a donation of 2 PINE A64-LTS boards from <a href="http://PINE64.org">PINE64.org</a>, which will be put in the hardware test lab as one part of the continuous tests.</p>
39185 </blockquote>
39186
39187 <ul>
39188 <li>CI Staging Environment</li>
39189 </ul>
39190
39191 <blockquote>
39192 <p>We used hardware from a previous generation CI system to build a staging environment for the CI infrastructure, which is available at<br>
39193 <a href="https://ci-dev.freebsd.org">https://ci-dev.freebsd.org</a>. It executes the configurations and scripts from the “staging” branch of the FreeBSD-CI repository, and the development feature branches. We also use it to experiment with the new version of the jenkins server and plugins. Having a staging environment avoids affecting the production CI environment, reducing downtime.</p>
39194 </blockquote>
39195
39196 <ul>
39197 <li>Mail Notification</li>
39198 </ul>
39199
39200 <blockquote>
39201 <p>In July, we turned on failure notification for all the kernel and world build jobs. Committers will receive email containing the build information and failure log to inform them of possible problems with their modification on certain architectures. For amd64 of the -CURRENT branch, we also enabled the notification on failing regression test cases. Currently mail is sent only to the individual committers, but with help from postmaster team, we have created a dev-ci mailing list and will soon be also sending notifications there.</p>
39202 </blockquote>
39203
39204 <ul>
39205 <li>New Test Job</li>
39206 </ul>
39207
39208 <blockquote>
39209 <p>In August, we updated the embedded script of the virtual machine image. Originally it only executed pre-defined tests, but now this behavior can be modified by the data on the attached disk. This mechanism is used for adding new ZFS tests jobs. We are also working on analyzing and fixing the failing and skipped test cases.</p>
39210 </blockquote>
39211
39212 <ul>
39213 <li>Work in Progress</li>
39214 </ul>
39215
39216 <blockquote>
39217 <p>In August and September, we had two developer summits, one in Cambridge, UK and one in Bucharest, Romania. In these meetings, we discussed running special tests, such as ztest, which need a longer run time. We also planned the network testing for TCP/IP stack</p>
39218 </blockquote>
39219
39220 <p><hr></p>
39221
39222 <p>###<a href="https://chaoticlab.io/c/c++/unix/2018/10/01/daemonize.html">Daemonize - a Tiny C Library for Programming the UNIX Daemons</a></p>
39223
39224 <blockquote>
39225 <p>Whatever they say, writing System-V style UNIX daemons is hard. One has to follow many rules to make a daemon process behave correctly on diverse UNIX flavours. Moreover, debugging such a code might be somewhat tricky. On the other hand, the process of daemon initialisation is rigid and well defined so the corresponding code has to be written and debugged once and later can be reused countless number of times.<br>
39226 Developers of BSD UNIX were very aware of this, as there a C library function daemon() was available starting from version 4.4. The function, although non-standard, is present on many UNIXes. Unfortunately, it does not follow all the required steps to reliably run a process in the background on systems which follow System-V semantics (e.g. Linux). The details are available at the corresponding Linux man page. The main problem here, as I understand it, is that daemon() does not use the double-forking technique to avoid the situation when zombie processes appear.<br>
39227 Whenever I encounter a problem like this one, I know it is time to write a tiny C library which solves it. This is exactly how ‘daemonize’ was born (GitHub mirror). The library consists of only two files which are meant to be integrated into the source tree of your project. Recently I have updated the library and realised that it would be good to describe how to use it on this site.<br>
39228 If for some reason you want to make a Windows service, I have a battle tested template code for you as well.</p>
39229 </blockquote>
39230
39231 <ul>
39232 <li>System-V Daemon Initialisation Procedure</li>
39233 </ul>
39234
39235 <blockquote>
39236 <p>To make discussion clear we shall quote the steps which have to be performed during a daemon initialisation (according to daemon(7) manual page on Linux). I do it to demonstrate that this task is more tricky than one might expect.</p>
39237 </blockquote>
39238
39239 <ul>
39240 <li>
39241 <p>So, here we go:</p>
39242 </li>
39243 <li>
39244 <p>Close all open file descriptors except standard input, output, and error (i.e. the first three file descriptors 0, 1, 2). This ensures that no accidentally passed file descriptor stays around in the daemon process. On Linux, this is best implemented by iterating through /proc/self/fd, with a fallback of iterating from file descriptor 3 to the value returned by getrlimit() for RLIMIT_NOFILE.</p>
39245 </li>
39246 <li>
39247 <p>Reset all signal handlers to their default. This is best done by iterating through the available signals up to the limit of _NSIG and resetting them to SIG_DFL.</p>
39248 </li>
39249 <li>
39250 <p>Reset the signal mask using sigprocmask().</p>
39251 </li>
39252 <li>
39253 <p>Sanitize the environment block, removing or resetting environment variables that might negatively impact daemon runtime.</p>
39254 </li>
39255 <li>
39256 <p>Call fork(), to create a background process.</p>
39257 </li>
39258 <li>
39259 <p>In the child, call setsid() to detach from any terminal and create an independent session.</p>
39260 </li>
39261 <li>
39262 <p>In the child, call fork() again, to ensure that the daemon can never re-acquire a terminal again.</p>
39263 </li>
39264 <li>
39265 <p>Call exit() in the first child, so that only the second child (the actual daemon process) stays around. This ensures that the daemon process is re-parented to init/PID 1, as all daemons should be.</p>
39266 </li>
39267 <li>
39268 <p>In the daemon process, connect /dev/null to standard input, output, and error.</p>
39269 </li>
39270 <li>
39271 <p>In the daemon process, reset the umask to 0, so that the file modes passed to open(), mkdir() and suchlike directly control the access mode of the created files and directories.</p>
39272 </li>
39273 <li>
39274 <p>In the daemon process, change the current directory to the root directory (/), in order to avoid that the daemon involuntarily blocks mount points from being unmounted.</p>
39275 </li>
39276 <li>
39277 <p>In the daemon process, write the daemon PID (as returned by getpid()) to a PID file, for example /run/foobar.pid (for a hypothetical daemon “foobar”) to ensure that the daemon cannot be started more than once. This must be implemented in race-free fashion so that the PID file is only updated when it is verified at the same time that the PID previously stored in the PID file no longer exists or belongs to a foreign process.</p>
39278 </li>
39279 <li>
39280 <p>In the daemon process, drop privileges, if possible and applicable.</p>
39281 </li>
39282 <li>
39283 <p>From the daemon process, notify the original process started that initialization is complete. This can be implemented via an unnamed pipe or similar communication channel that is created before the first fork() and hence available in both the original and the daemon process.</p>
39284 </li>
39285 <li>
39286 <p>Call exit() in the original process. The process that invoked the daemon must be able to rely on that this exit() happens after initialization is complete and all external communication channels are established and accessible.</p>
39287 </li>
39288 </ul>
39289
39290 <blockquote>
39291 <p>The discussed library does most of the above-mentioned initialisation steps as it becomes immediately evident that implementation details for some of them heavily dependent on the internal logic of an application itself, so it is not possible to implement them in a universal library. I believe it is not a flaw, though, as the missed parts are safe to implement in an application code.</p>
39292 </blockquote>
39293
39294 <ul>
39295 <li>The Library’s Application Programming Interface</li>
39296 </ul>
39297
39298 <blockquote>
39299 <p>The generic programming interface was loosely modelled after above-mentioned BSD’s daemon() function. The library provides two user available functions (one is, in fact, implemented on top of the other) as well as a set of flags to control a daemon creation behaviour.</p>
39300 </blockquote>
39301
39302 <ul>
39303 <li>Conclusion</li>
39304 </ul>
39305
39306 <blockquote>
39307 <p>The objective of the library is to hide all the trickery of programming a daemon so you could concentrate on the more creative parts of your application. I hope it does this well.<br>
39308 If you are not only interested in writing a daemon, but also want to make yourself familiar with the techniques which are used to accomplish that, the source code is available. Moreover, I would advise anyone, who starts developing for a UNIX environment to do that, as it shows many intricacies of programming for these platforms.</p>
39309 </blockquote>
39310
39311 <p><hr></p>
39312
39313 <p>##News Roundup<br>
39314 ###<a href="https://blog.netbsd.org/tnf/entry/eurobsdcon_2018">EuroBSDCon 2018 travel report and obligatory pics</a></p>
39315
39316 <blockquote>
39317 <p>This was my first big BSD conference. We also planned - planned might be a big word - thought about doing a devsummit on Friday. Since the people who were in charge of that had a change of plans, I was sure it’d go horribly wrong.<br>
39318 The day before the devsummit and still in the wrong country, I mentioned the hours and venue on the wiki, and booked a reservation for a restaurant.<br>
39319 It turns out that everything was totally fine, and since the devsummit was at the conference venue (that was having tutorials that day), they even had signs pointing at the room we were given. Thanks EuroBSDCon conference organizers!<br>
39320 At the devsummit, we spent some time hacking. A few people came with “travel laptops” without access to anything, like Riastradh, so I gave him access to my own laptop. This didn’t hold very long and I kinda forgot about it, but for a few moments he had access to a NetBSD source tree and an 8 thread, 16GB RAM machine with which to build things.<br>
39321 We had a short introduction and I suggested we take some pictures, so here’s the ones we got. A few people were concerned about privacy, so they’re not pictured. We had small team to hold the camera :-)<br>
39322 At the actual conference days, I stayed at the speaker hotel with the other speakers. I’ve attempted to make conversation with some visibly FreeBSD/OpenBSD people, but didn’t have plans to talk about anything, so there was a lot of just following people silently.<br>
39323 Perhaps for the next conference I’ll prepare a list of questions to random BSD people and then very obviously grab a piece of paper and ask, “what was…”, read a bit from it, and say, “your latest kernel panic?”, I’m sure it’ll be a great conversation starter.<br>
39324 At the conference itself, was pretty cool to have folks like Kirk McKusick give first person accounts of some past events (Kirk gave a talk about governance at FreeBSD), or the second keynote by Ron Broersma.<br>
39325 My own talk was hastily prepared, it was difficult to bring the topic together into a coherent talk. Nevertheless, I managed to talk about stuff for a while 40 minutes, though usually I skip over so many details that I have trouble putting together a sufficiently long talk.<br>
39326 I mentioned some of my coolest bugs to solve (I should probably make a separate article about some!). A few people asked for the slides after the talk, so I guess it wasn’t totally incoherent.<br>
39327 It was really fun to meet some of my favourite NetBSD people. I got to show off my now fairly well working laptop (it took a lot of work by all of us!).<br>
39328 After the conference I came back with a conference cold, and it took a few days to recover from it. Hopefully I didn’t infect too many people on the way back.</p>
39329 </blockquote>
39330
39331 <p><hr></p>
39332
39333 <p>###<a href="https://panoramacircle.com/2018/09/23/ghostbsd-tested-on-real-hardware-t410-better-than-trueos/">GhostBSD tested on real hardware T410 – better than TrueOS?</a></p>
39334
39335 <blockquote>
39336 <p>You might have heard about FreeBSD which is ultimately derived from UNIX back in the days. It is not Linux even though it is similar in many ways because Linux was designed to follow UNIX principles. Seeing is believing, so check out the video of the install and some apps as well!</p>
39337 </blockquote>
39338
39339 <blockquote>
39340 <p>Nowadays if you want some of that BSD on your personal desktop how to go about? Well there is a full package or distro called GhostBSD which is based on FreeBSD current with a Mate or XFCE desktop preconfigured. I did try another package called TrueOS before and you can check out my blog post as well.</p>
39341 </blockquote>
39342
39343 <blockquote>
39344 <p>Let’s give it a try on my Lenovo ThinkPad T410. You can download the latest version from <a href="http://ghostbsd.org">ghostbsd.org</a>. Creating a bootable USB drive was surprisingly difficult as rufus did not work and created a corrupted drive. You have to follow this procedure under Windows: download the 2.5GB .iso file and rename the extension to .img. Download Win32 Disk imager and burn the img file to an USB drive and boot from it. You will be able to start a live session and use the onboard setup to install GhostBSD unto a disk.</p>
39345 </blockquote>
39346
39347 <blockquote>
39348 <p>I did encounter some bugs or quirks along the way. The installer failed the first time for some unknown reason but worked on the second attempt. The first boot stopped upon initialization of the USB3 ports (the T410 does not have USB3) but I could use some ‘exit’ command line magic to continue. The second boot worked fine. Audio was only available through headphones, not speakers but that could partially be fixed using the command line again. Lot’s of installed apps did not show up in the start menu and on goes the quirks list.</p>
39349 </blockquote>
39350
39351 <blockquote>
39352 <p>Overall it is still better than TrueOS for me because drivers did work very well and I could address most of the existing bugs.</p>
39353 </blockquote>
39354
39355 <ul>
39356 <li>
39357 <p>On the upside:</p>
39358 </li>
39359 <li>
39360 <p>Free and open source FreeBSD package ready to go</p>
39361 </li>
39362 <li>
39363 <p>Mate or XFCE desktop (Mate is the only option for daily builds)</p>
39364 </li>
39365 <li>
39366 <p>Drivers work fine including LAN, WiFi, video 2D & 3D, audio, etc</p>
39367 </li>
39368 <li>
39369 <p>UFS or ZFS advanced file systems available</p>
39370 </li>
39371 <li>
39372 <p>Some downsides:</p>
39373 </li>
39374 <li>
39375 <p>Less driver and direct app support than Linux</p>
39376 </li>
39377 <li>
39378 <p>Installer and desktop have some quirks and bugs</p>
39379 </li>
39380 <li>
39381 <p>App-store is cumbersome, inferior to TrueOS</p>
39382 </li>
39383 </ul>
39384
39385 <p><hr></p>
39386
39387 <p>##Beastie Bits</p>
39388
39389 <ul>
39390 <li><a href="https://blog.netbsd.org/tnf/entry/eurobsdcon_2018_and_netbsd_sanitizers">EuroBSDCon 2018 and NetBSD sanitizers</a></li>
39391 <li><a href="https://undeadly.org/cgi?action=article;sid=20181002175838">New mandoc feature: -T html -O toc</a></li>
39392 <li><a href="https://www.geeklan.co.uk/?p=2307">EuroBSDcon 2018</a></li>
39393 <li><a href="https://oshogbo.vexillium.org/blog/55/">Polish BSD User Group</a></li>
39394 <li><a href="https://garbage.fm/episodes/43">garbage[43]: What year is it?</a></li>
39395 <li><a href="https://thedemoat50.org/">The Demo @ 50</a></li>
39396 <li><a href="https://youtu.be/tG8R5SQGPck?t=660">Microsoft ports DTrace from FreeBSD to Windows 10</a></li>
39397 <li><a href="https://twitter.com/openbsd">OpenBSD joins Twitter</a></li>
39398 <li><a href="https://roy.marples.name/blog/netbsd-curses-ripoffline-improvements">NetBSD curses ripoffline improvements</a></li>
39399 <li><a href="https://lists.freebsd.org/pipermail/freebsd-stable/2018-October/089717.html">FCP-0101: Deprecating most 10/100 Ethernet drivers</a></li>
39400 <li><a href="https://mail-index.netbsd.org/tech-pkg/2018/10/05/msg020326.html">Announcing the pkgsrc-2018Q3 release</a></li>
39401 <li><a href="http://www.netzbasis.de/openbsd/vmd-debian/index.html">Debian on OpenBSD vmd (without qemu or another debian system)</a></li>
39402 <li><a href="https://github.com/jcs/login_duress">A BSD authentication module for duress passwords (Joshua Stein)</a></li>
39403 <li><a href="https://twitter.com/oshogbovx/status/1019334534935007232?s=03">Disk Price/Performance Analysis</a></li>
39404 </ul>
39405
39406 <p><hr></p>
39407
39408 <p>##Feedback/Questions</p>
39409
39410 <ul>
39411 <li>DJ - <a href="http://dpaste.com/0YV8WC6#wrap">Zombie ZFS</a></li>
39412 <li>Josua - <a href="http://dpaste.com/25B1EA8">arm tier 1? how to approach it</a></li>
39413 <li>-Gamah - <a href="http://dpaste.com/2SMSGPB">5ghz</a></li>
39414 </ul>
39415
39416 <p><hr></p>
39417
39418 <ul>
39419 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
39420 </ul>
39421
39422 <p><hr></p>]]>
39423 </content:encoded>
39424 <itunes:summary>
39425 <![CDATA[<p>FreeBSD Foundation September Update, tiny C lib for programming Unix daemons, EuroBSDcon trip reports, GhostBSD tested on real hardware, and a BSD auth module for duress.</p>
39426
39427 <p>##Headlines<br>
39428 ###<a href="https://www.freebsdfoundation.org/news-and-events/newsletter/freebsd-foundation-update-september-2018/">FreeBSD Foundation Update, September 2018</a></p>
39429
39430 <ul>
39431 <li>MESSAGE FROM THE EXECUTIVE DIRECTOR</li>
39432 </ul>
39433
39434 <blockquote>
39435 <p>Dear FreeBSD Community Member, It is hard to believe that September is over. The Foundation team had a busy month promoting FreeBSD all over the globe, bug fixing in preparation for 12.0, and setting plans in motion to kick off our 4th quarter fundraising and advocacy efforts. Take a minute to see what we’ve been up to and please consider making a donation to help us continue our efforts supporting FreeBSD!</p>
39436 </blockquote>
39437
39438 <ul>
39439 <li>September 2018 Development Projects Update</li>
39440 </ul>
39441
39442 <blockquote>
39443 <p>In preparation for the release of FreeBSD 12.0, I have been working on investigating and fixing a backlog of kernel bug reports. Of course, this kind of work is never finished, and we will continue to make progress after the release. In the past couple of months I have fixed a combination of long-standing issues and recent regressions. Of note are a pair of UNIX domain socket bugs which had been affecting various applications for years. In particular, Chromium tabs would frequently hang unless a workaround was manually applied to the system, and the bug had started affecting recent versions of Firefox as well. Fixing these issues gave me an opportunity to revisit and extend our regression testing for UNIX sockets, which, in turn, resulted in some related bugs being identified and fixed.<br>
39444 Of late I have also been investigating reports of issues with ZFS, particularly, those reported on FreeBSD 11.2. A number of regressions, including a kernel memory leak and issues with ARC reclamation, have already been fixed for 12.0; investigation of other reports is ongoing. Those who closely follow FreeBSD-CURRENT know that some exciting work to improve memory usage on NUMA systems is now enabled by default. As is usually the case when new code is deployed in a diverse array of systems and workloads, a number of problems since have been identified. We are working on resolving them as soon as possible to ensure the quality of the release.<br>
39445 I’m passionate about maintaining FreeBSD’s stability and dependability as it continues to expand and grow new features, and I’m grateful to the FreeBSD Foundation for sponsoring this work. We depend on users to report problems to the mailing lists and via the bug tracker, so please try running the 12.0 candidate builds and help us make 12.0 a great release.</p>
39446 </blockquote>
39447
39448 <ul>
39449 <li>Fundraising Update: Supporting the Project</li>
39450 </ul>
39451
39452 <blockquote>
39453 <p>It’s officially Fall here at Foundation headquarters and we’re heading full-steam into our final fundraising campaign of the year. We couldn’t even have begun to reach our funding goal of $1.25 million dollars without the support from the companies who have partnered with us this year. Thank you to Verisign for becoming a Silver Partner. They now join a growing list of companies like Xiplink, NetApp, Microsoft, Tarsnap, VMware, and NeoSmart Technologies that are stepping up and showing their commitment to FreeBSD!<br>
39454 Funding from commercial users like these and individual users like yourself, help us continue our efforts of supporting critical areas of FreeBSD such as:</p>
39455 </blockquote>
39456
39457 <ul>
39458 <li>Operating System Improvements: Providing staff to immediately respond to urgent problems and implement new features and functionality allowing for the innovation and stability you’ve come to rely on.</li>
39459 <li>Security: Providing engineering resources to bolster the capacity and responsiveness of the Security team providing your users with piece of mind when security issues arise.</li>
39460 <li>Release Engineering: Continue providing a full-time release engineer, resulting in timely and reliable releases you can plan around.</li>
39461 <li>Quality Assurance: Improving and increasing test coverage, continuous integration, and automated testing with a full-time software engineer to ensure you receive the highest quality, secure, and reliable operating system.</li>
39462 <li>New User Experience: Improving the process and documentation for getting new people involved with FreeBSD, and supporting those people as they become integrated into the FreeBSD Community providing the resources you may need to get new folks up to speed.</li>
39463 <li>Training: Supporting more FreeBSD training for undergraduates, graduates, and postgraduates. Growing the community means reaching people and catching their interest in systems software as early as possible and providing you with a bigger pool of candidates with the FreeBSD skills you’re looking for.</li>
39464 <li>Face-to-Face Opportunities: Facilitating collaboration among members of the community, and building connections throughout the industry to support a healthy and growing ecosystem and make it easier for you to find resources when questions emerge .</li>
39465 </ul>
39466
39467 <blockquote>
39468 <p>We can continue the above work, if we meet our goal this year!<br>
39469 If your company uses FreeBSD, please consider joining our growing list of 2018 partners. If you haven’t made your donation yet, please consider donating today. We are indebted to the individual donors, and companies listed above who have already shown their commitment to open source.<br>
39470 Thank you for supporting FreeBSD and the Foundation!</p>
39471 </blockquote>
39472
39473 <ul>
39474 <li>September 2018 Release Engineering Update</li>
39475 </ul>
39476
39477 <blockquote>
39478 <p>The FreeBSD Release Engineering team continued working on the upcoming 12.0 RELEASE. At present, the 12.0 schedule had been adjusted by one week to allow for necessary works-in-progress to be completed.<br>
39479 Of note, one of the works-in-progress includes updating OpenSSL from 1.0.2 to 1.1.1, in order to avoid breaking the application binary interface (ABI) on an established stable branch.<br>
39480 Due to the level of non-trivial intrusiveness that had already been discovered and addressed in a project branch of the repository, it is possible (but not yet definite) that the schedule will need to be adjusted by another week to allow more time for larger and related updates for this particular update.<br>
39481 Should the 12.0-RELEASE schedule need to be adjusted at any time during the release cycle, the schedule on the FreeBSD project website will be updated accordingly. The current schedule is available at:<br>
39482 <a href="https://www.freebsd.org/releases/12.0R/schedule.html">https://www.freebsd.org/releases/12.0R/schedule.html</a></p>
39483 </blockquote>
39484
39485 <ul>
39486 <li>BSDCam 2018 Trip Report: Marie Helene Kvello-Aune</li>
39487 </ul>
39488
39489 <blockquote>
39490 <p>I’d like to start by thanking the FreeBSD Foundation for sponsoring my trip to BSDCam(bridge) 2018. I wouldn’t have managed to attend otherwise. I’ve used FreeBSD in both personal and professional deployments since the year 2000, and over the last few years I have become more involved with development and documentation.<br>
39491 I arrived in Gatwick, London at midnight. On Monday, August 13, I took the train to Cambridge, and decided to do some touristy activities as I walked from the train station to Churchill College. I ran into Allan outside the hotel right before the sky decided it was time for a heavy rainfall. Monday was mostly spent settling in, recouping after travel, and hanging out with Allan, Brad, Will and Andy later in the afternoon/evening. Read more…</p>
39492 </blockquote>
39493
39494 <ul>
39495 <li>Continuous Integration Update</li>
39496 </ul>
39497
39498 <blockquote>
39499 <p>The FreeBSD Foundation has sponsored the development of the Project’s continuous integration system, available at <a href="https://ci.FreeBSD.org">https://ci.FreeBSD.org</a>, since June. Over the summer, we improved both the software and hardware infrastructure, and also added some new jobs for extending test coverage of the -CURRENT and -STABLE branches. Following are some highlights.</p>
39500 </blockquote>
39501
39502 <ul>
39503 <li>New Hardware</li>
39504 </ul>
39505
39506 <blockquote>
39507 <p>The Foundation purchased 4 new build machines for scaling up the computation power for the various test jobs. These newer, faster machines substantially speed up the time it takes to test amd64 builds, so that failing changes can be identified more quickly. Also, in August, we received a donation of 2 PINE A64-LTS boards from <a href="http://PINE64.org">PINE64.org</a>, which will be put in the hardware test lab as one part of the continuous tests.</p>
39508 </blockquote>
39509
39510 <ul>
39511 <li>CI Staging Environment</li>
39512 </ul>
39513
39514 <blockquote>
39515 <p>We used hardware from a previous generation CI system to build a staging environment for the CI infrastructure, which is available at<br>
39516 <a href="https://ci-dev.freebsd.org">https://ci-dev.freebsd.org</a>. It executes the configurations and scripts from the “staging” branch of the FreeBSD-CI repository, and the development feature branches. We also use it to experiment with the new version of the jenkins server and plugins. Having a staging environment avoids affecting the production CI environment, reducing downtime.</p>
39517 </blockquote>
39518
39519 <ul>
39520 <li>Mail Notification</li>
39521 </ul>
39522
39523 <blockquote>
39524 <p>In July, we turned on failure notification for all the kernel and world build jobs. Committers will receive email containing the build information and failure log to inform them of possible problems with their modification on certain architectures. For amd64 of the -CURRENT branch, we also enabled the notification on failing regression test cases. Currently mail is sent only to the individual committers, but with help from postmaster team, we have created a dev-ci mailing list and will soon be also sending notifications there.</p>
39525 </blockquote>
39526
39527 <ul>
39528 <li>New Test Job</li>
39529 </ul>
39530
39531 <blockquote>
39532 <p>In August, we updated the embedded script of the virtual machine image. Originally it only executed pre-defined tests, but now this behavior can be modified by the data on the attached disk. This mechanism is used for adding new ZFS tests jobs. We are also working on analyzing and fixing the failing and skipped test cases.</p>
39533 </blockquote>
39534
39535 <ul>
39536 <li>Work in Progress</li>
39537 </ul>
39538
39539 <blockquote>
39540 <p>In August and September, we had two developer summits, one in Cambridge, UK and one in Bucharest, Romania. In these meetings, we discussed running special tests, such as ztest, which need a longer run time. We also planned the network testing for TCP/IP stack</p>
39541 </blockquote>
39542
39543 <p><hr></p>
39544
39545 <p>###<a href="https://chaoticlab.io/c/c++/unix/2018/10/01/daemonize.html">Daemonize - a Tiny C Library for Programming the UNIX Daemons</a></p>
39546
39547 <blockquote>
39548 <p>Whatever they say, writing System-V style UNIX daemons is hard. One has to follow many rules to make a daemon process behave correctly on diverse UNIX flavours. Moreover, debugging such a code might be somewhat tricky. On the other hand, the process of daemon initialisation is rigid and well defined so the corresponding code has to be written and debugged once and later can be reused countless number of times.<br>
39549 Developers of BSD UNIX were very aware of this, as there a C library function daemon() was available starting from version 4.4. The function, although non-standard, is present on many UNIXes. Unfortunately, it does not follow all the required steps to reliably run a process in the background on systems which follow System-V semantics (e.g. Linux). The details are available at the corresponding Linux man page. The main problem here, as I understand it, is that daemon() does not use the double-forking technique to avoid the situation when zombie processes appear.<br>
39550 Whenever I encounter a problem like this one, I know it is time to write a tiny C library which solves it. This is exactly how ‘daemonize’ was born (GitHub mirror). The library consists of only two files which are meant to be integrated into the source tree of your project. Recently I have updated the library and realised that it would be good to describe how to use it on this site.<br>
39551 If for some reason you want to make a Windows service, I have a battle tested template code for you as well.</p>
39552 </blockquote>
39553
39554 <ul>
39555 <li>System-V Daemon Initialisation Procedure</li>
39556 </ul>
39557
39558 <blockquote>
39559 <p>To make discussion clear we shall quote the steps which have to be performed during a daemon initialisation (according to daemon(7) manual page on Linux). I do it to demonstrate that this task is more tricky than one might expect.</p>
39560 </blockquote>
39561
39562 <ul>
39563 <li>
39564 <p>So, here we go:</p>
39565 </li>
39566 <li>
39567 <p>Close all open file descriptors except standard input, output, and error (i.e. the first three file descriptors 0, 1, 2). This ensures that no accidentally passed file descriptor stays around in the daemon process. On Linux, this is best implemented by iterating through /proc/self/fd, with a fallback of iterating from file descriptor 3 to the value returned by getrlimit() for RLIMIT_NOFILE.</p>
39568 </li>
39569 <li>
39570 <p>Reset all signal handlers to their default. This is best done by iterating through the available signals up to the limit of _NSIG and resetting them to SIG_DFL.</p>
39571 </li>
39572 <li>
39573 <p>Reset the signal mask using sigprocmask().</p>
39574 </li>
39575 <li>
39576 <p>Sanitize the environment block, removing or resetting environment variables that might negatively impact daemon runtime.</p>
39577 </li>
39578 <li>
39579 <p>Call fork(), to create a background process.</p>
39580 </li>
39581 <li>
39582 <p>In the child, call setsid() to detach from any terminal and create an independent session.</p>
39583 </li>
39584 <li>
39585 <p>In the child, call fork() again, to ensure that the daemon can never re-acquire a terminal again.</p>
39586 </li>
39587 <li>
39588 <p>Call exit() in the first child, so that only the second child (the actual daemon process) stays around. This ensures that the daemon process is re-parented to init/PID 1, as all daemons should be.</p>
39589 </li>
39590 <li>
39591 <p>In the daemon process, connect /dev/null to standard input, output, and error.</p>
39592 </li>
39593 <li>
39594 <p>In the daemon process, reset the umask to 0, so that the file modes passed to open(), mkdir() and suchlike directly control the access mode of the created files and directories.</p>
39595 </li>
39596 <li>
39597 <p>In the daemon process, change the current directory to the root directory (/), in order to avoid that the daemon involuntarily blocks mount points from being unmounted.</p>
39598 </li>
39599 <li>
39600 <p>In the daemon process, write the daemon PID (as returned by getpid()) to a PID file, for example /run/foobar.pid (for a hypothetical daemon “foobar”) to ensure that the daemon cannot be started more than once. This must be implemented in race-free fashion so that the PID file is only updated when it is verified at the same time that the PID previously stored in the PID file no longer exists or belongs to a foreign process.</p>
39601 </li>
39602 <li>
39603 <p>In the daemon process, drop privileges, if possible and applicable.</p>
39604 </li>
39605 <li>
39606 <p>From the daemon process, notify the original process started that initialization is complete. This can be implemented via an unnamed pipe or similar communication channel that is created before the first fork() and hence available in both the original and the daemon process.</p>
39607 </li>
39608 <li>
39609 <p>Call exit() in the original process. The process that invoked the daemon must be able to rely on that this exit() happens after initialization is complete and all external communication channels are established and accessible.</p>
39610 </li>
39611 </ul>
39612
39613 <blockquote>
39614 <p>The discussed library does most of the above-mentioned initialisation steps as it becomes immediately evident that implementation details for some of them heavily dependent on the internal logic of an application itself, so it is not possible to implement them in a universal library. I believe it is not a flaw, though, as the missed parts are safe to implement in an application code.</p>
39615 </blockquote>
39616
39617 <ul>
39618 <li>The Library’s Application Programming Interface</li>
39619 </ul>
39620
39621 <blockquote>
39622 <p>The generic programming interface was loosely modelled after above-mentioned BSD’s daemon() function. The library provides two user available functions (one is, in fact, implemented on top of the other) as well as a set of flags to control a daemon creation behaviour.</p>
39623 </blockquote>
39624
39625 <ul>
39626 <li>Conclusion</li>
39627 </ul>
39628
39629 <blockquote>
39630 <p>The objective of the library is to hide all the trickery of programming a daemon so you could concentrate on the more creative parts of your application. I hope it does this well.<br>
39631 If you are not only interested in writing a daemon, but also want to make yourself familiar with the techniques which are used to accomplish that, the source code is available. Moreover, I would advise anyone, who starts developing for a UNIX environment to do that, as it shows many intricacies of programming for these platforms.</p>
39632 </blockquote>
39633
39634 <p><hr></p>
39635
39636 <p>##News Roundup<br>
39637 ###<a href="https://blog.netbsd.org/tnf/entry/eurobsdcon_2018">EuroBSDCon 2018 travel report and obligatory pics</a></p>
39638
39639 <blockquote>
39640 <p>This was my first big BSD conference. We also planned - planned might be a big word - thought about doing a devsummit on Friday. Since the people who were in charge of that had a change of plans, I was sure it’d go horribly wrong.<br>
39641 The day before the devsummit and still in the wrong country, I mentioned the hours and venue on the wiki, and booked a reservation for a restaurant.<br>
39642 It turns out that everything was totally fine, and since the devsummit was at the conference venue (that was having tutorials that day), they even had signs pointing at the room we were given. Thanks EuroBSDCon conference organizers!<br>
39643 At the devsummit, we spent some time hacking. A few people came with “travel laptops” without access to anything, like Riastradh, so I gave him access to my own laptop. This didn’t hold very long and I kinda forgot about it, but for a few moments he had access to a NetBSD source tree and an 8 thread, 16GB RAM machine with which to build things.<br>
39644 We had a short introduction and I suggested we take some pictures, so here’s the ones we got. A few people were concerned about privacy, so they’re not pictured. We had small team to hold the camera :-)<br>
39645 At the actual conference days, I stayed at the speaker hotel with the other speakers. I’ve attempted to make conversation with some visibly FreeBSD/OpenBSD people, but didn’t have plans to talk about anything, so there was a lot of just following people silently.<br>
39646 Perhaps for the next conference I’ll prepare a list of questions to random BSD people and then very obviously grab a piece of paper and ask, “what was…”, read a bit from it, and say, “your latest kernel panic?”, I’m sure it’ll be a great conversation starter.<br>
39647 At the conference itself, was pretty cool to have folks like Kirk McKusick give first person accounts of some past events (Kirk gave a talk about governance at FreeBSD), or the second keynote by Ron Broersma.<br>
39648 My own talk was hastily prepared, it was difficult to bring the topic together into a coherent talk. Nevertheless, I managed to talk about stuff for a while 40 minutes, though usually I skip over so many details that I have trouble putting together a sufficiently long talk.<br>
39649 I mentioned some of my coolest bugs to solve (I should probably make a separate article about some!). A few people asked for the slides after the talk, so I guess it wasn’t totally incoherent.<br>
39650 It was really fun to meet some of my favourite NetBSD people. I got to show off my now fairly well working laptop (it took a lot of work by all of us!).<br>
39651 After the conference I came back with a conference cold, and it took a few days to recover from it. Hopefully I didn’t infect too many people on the way back.</p>
39652 </blockquote>
39653
39654 <p><hr></p>
39655
39656 <p>###<a href="https://panoramacircle.com/2018/09/23/ghostbsd-tested-on-real-hardware-t410-better-than-trueos/">GhostBSD tested on real hardware T410 – better than TrueOS?</a></p>
39657
39658 <blockquote>
39659 <p>You might have heard about FreeBSD which is ultimately derived from UNIX back in the days. It is not Linux even though it is similar in many ways because Linux was designed to follow UNIX principles. Seeing is believing, so check out the video of the install and some apps as well!</p>
39660 </blockquote>
39661
39662 <blockquote>
39663 <p>Nowadays if you want some of that BSD on your personal desktop how to go about? Well there is a full package or distro called GhostBSD which is based on FreeBSD current with a Mate or XFCE desktop preconfigured. I did try another package called TrueOS before and you can check out my blog post as well.</p>
39664 </blockquote>
39665
39666 <blockquote>
39667 <p>Let’s give it a try on my Lenovo ThinkPad T410. You can download the latest version from <a href="http://ghostbsd.org">ghostbsd.org</a>. Creating a bootable USB drive was surprisingly difficult as rufus did not work and created a corrupted drive. You have to follow this procedure under Windows: download the 2.5GB .iso file and rename the extension to .img. Download Win32 Disk imager and burn the img file to an USB drive and boot from it. You will be able to start a live session and use the onboard setup to install GhostBSD unto a disk.</p>
39668 </blockquote>
39669
39670 <blockquote>
39671 <p>I did encounter some bugs or quirks along the way. The installer failed the first time for some unknown reason but worked on the second attempt. The first boot stopped upon initialization of the USB3 ports (the T410 does not have USB3) but I could use some ‘exit’ command line magic to continue. The second boot worked fine. Audio was only available through headphones, not speakers but that could partially be fixed using the command line again. Lot’s of installed apps did not show up in the start menu and on goes the quirks list.</p>
39672 </blockquote>
39673
39674 <blockquote>
39675 <p>Overall it is still better than TrueOS for me because drivers did work very well and I could address most of the existing bugs.</p>
39676 </blockquote>
39677
39678 <ul>
39679 <li>
39680 <p>On the upside:</p>
39681 </li>
39682 <li>
39683 <p>Free and open source FreeBSD package ready to go</p>
39684 </li>
39685 <li>
39686 <p>Mate or XFCE desktop (Mate is the only option for daily builds)</p>
39687 </li>
39688 <li>
39689 <p>Drivers work fine including LAN, WiFi, video 2D & 3D, audio, etc</p>
39690 </li>
39691 <li>
39692 <p>UFS or ZFS advanced file systems available</p>
39693 </li>
39694 <li>
39695 <p>Some downsides:</p>
39696 </li>
39697 <li>
39698 <p>Less driver and direct app support than Linux</p>
39699 </li>
39700 <li>
39701 <p>Installer and desktop have some quirks and bugs</p>
39702 </li>
39703 <li>
39704 <p>App-store is cumbersome, inferior to TrueOS</p>
39705 </li>
39706 </ul>
39707
39708 <p><hr></p>
39709
39710 <p>##Beastie Bits</p>
39711
39712 <ul>
39713 <li><a href="https://blog.netbsd.org/tnf/entry/eurobsdcon_2018_and_netbsd_sanitizers">EuroBSDCon 2018 and NetBSD sanitizers</a></li>
39714 <li><a href="https://undeadly.org/cgi?action=article;sid=20181002175838">New mandoc feature: -T html -O toc</a></li>
39715 <li><a href="https://www.geeklan.co.uk/?p=2307">EuroBSDcon 2018</a></li>
39716 <li><a href="https://oshogbo.vexillium.org/blog/55/">Polish BSD User Group</a></li>
39717 <li><a href="https://garbage.fm/episodes/43">garbage[43]: What year is it?</a></li>
39718 <li><a href="https://thedemoat50.org/">The Demo @ 50</a></li>
39719 <li><a href="https://youtu.be/tG8R5SQGPck?t=660">Microsoft ports DTrace from FreeBSD to Windows 10</a></li>
39720 <li><a href="https://twitter.com/openbsd">OpenBSD joins Twitter</a></li>
39721 <li><a href="https://roy.marples.name/blog/netbsd-curses-ripoffline-improvements">NetBSD curses ripoffline improvements</a></li>
39722 <li><a href="https://lists.freebsd.org/pipermail/freebsd-stable/2018-October/089717.html">FCP-0101: Deprecating most 10/100 Ethernet drivers</a></li>
39723 <li><a href="https://mail-index.netbsd.org/tech-pkg/2018/10/05/msg020326.html">Announcing the pkgsrc-2018Q3 release</a></li>
39724 <li><a href="http://www.netzbasis.de/openbsd/vmd-debian/index.html">Debian on OpenBSD vmd (without qemu or another debian system)</a></li>
39725 <li><a href="https://github.com/jcs/login_duress">A BSD authentication module for duress passwords (Joshua Stein)</a></li>
39726 <li><a href="https://twitter.com/oshogbovx/status/1019334534935007232?s=03">Disk Price/Performance Analysis</a></li>
39727 </ul>
39728
39729 <p><hr></p>
39730
39731 <p>##Feedback/Questions</p>
39732
39733 <ul>
39734 <li>DJ - <a href="http://dpaste.com/0YV8WC6#wrap">Zombie ZFS</a></li>
39735 <li>Josua - <a href="http://dpaste.com/25B1EA8">arm tier 1? how to approach it</a></li>
39736 <li>-Gamah - <a href="http://dpaste.com/2SMSGPB">5ghz</a></li>
39737 </ul>
39738
39739 <p><hr></p>
39740
39741 <ul>
39742 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
39743 </ul>
39744
39745 <p><hr></p>]]>
39746 </itunes:summary>
39747 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+34EbQOOv</fireside:playerURL>
39748 <fireside:playerEmbedCode>
39749 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+34EbQOOv" width="740" height="200" frameborder="0" scrolling="no">]]>
39750 </fireside:playerEmbedCode>
39751 </item>
39752 <item>
39753 <title>Episode 268: Netcat Demystified | BSD Now 268</title>
39754 <link>https://www.bsdnow.tv/268</link>
39755 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-2721</guid>
39756 <pubDate>Tue, 16 Oct 2018 22:00:00 -0700</pubDate>
39757 <author>Allan Jude</author>
39758 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/78b4306b-b0ac-4221-b4f4-60d2bde9628e.mp3" length="40587288" type="audio/mp3"/>
39759 <itunes:episodeType>full</itunes:episodeType>
39760 <itunes:author>Allan Jude</itunes:author>
39761 <itunes:subtitle>6 metrics for zpool performance, 2FA with ssh on OpenBSD, ZFS maintaining file type information in dirs, everything old is new again, netcat demystified, and more.</itunes:subtitle>
39762 <itunes:duration>1:07:20</itunes:duration>
39763 <itunes:explicit>no</itunes:explicit>
39764 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
39765 <description>6 metrics for zpool performance, 2FA with ssh on OpenBSD, ZFS maintaining file type information in dirs, everything old is new again, netcat demystified, and more.
39766 <p>##Headlines<br>
39767 <a href="https://www.ixsystems.com/blog/zfs-pool-performance-1/">Six Metrics for Measuring ZFS Pool Performance Part 1</a></p>
39768 <blockquote>
39769 <p>The layout of a ZFS storage pool has a significant impact on system performance under various workloads. Given the importance of picking the right configuration for your workload and the fact that making changes to an in-use ZFS pool is far from trivial, it is important for an administrator to understand the mechanics of pool performance when designing a storage system.</p>
39770 </blockquote>
39771 <ul>
39772 <li>To quantify pool performance, we will consider six primary metrics:</li>
39773 <li>Read I/O operations per second (IOPS)</li>
39774 <li>Write IOPS</li>
39775 <li>Streaming read speed</li>
39776 <li>Streaming write speed</li>
39777 <li>Storage space efficiency (usable capacity after parity versus total raw capacity)</li>
39778 <li>Fault tolerance (maximum number of drives that can fail before data loss)</li>
39779 <li>For the sake of comparison, we’ll use an example system with 12 drives, each one sized at 6TB, and say that each drive does 100MB/s streaming reads and writes and can do 250 read and write IOPS. We will visualize how the data is spread across the drives by writing 12 multi-colored blocks, shown below. The blocks are written to the pool starting with the brown block on the left (number one), and working our way to the pink block on the right (number 12).</li>
39780 </ul>
39781 <blockquote>
39782 <p>Note that when we calculate data rates and IOPS values for the example system, they are only approximations. Many other factors can impact pool access speeds for better (compression, caching) or worse (poor CPU performance, not enough memory).<br>
39783 There is no single configuration that maximizes all six metrics. Like so many things in life, our objective is to find an appropriate balance of the metrics to match a target workload. For example, a cold-storage backup system will likely want a pool configuration that emphasizes usable storage space and fault tolerance over the other data-rate focused metrics.<br>
39784 Let’s start with a quick review of ZFS storage pools before diving into specific configuration options. ZFS storage pools are comprised of one or more virtual devices, or vdevs. Each vdev is comprised of one or more storage providers, typically physical hard disks. All disk-level redundancy is configured at the vdev level. That is, the RAID layout is set on each vdev as opposed to on the storage pool. Data written to the storage pool is then striped across all the vdevs. Because pool data is striped across the vdevs, the loss of any one vdev means total pool failure. This is perhaps the single most important fact to keep in mind when designing a ZFS storage system. We will circle back to this point in the next post, but keep it in mind as we go through the vdev configuration options.<br>
39785 Because storage pools are made up of one or more vdevs with the pool data striped over the top, we’ll take a look at pool configuration in terms of various vdev configurations. There are three basic vdev configurations: striping, mirroring, and RAIDZ (which itself has three different varieties). The first section will cover striped and mirrored vdevs in this post; the second post will cover RAIDZ and some example scenarios.<br>
39786 A striped vdev is the simplest configuration. Each vdev consists of a single disk with no redundancy. When several of these single-disk, striped vdevs are combined into a single storage pool, the total usable storage space would be the sum of all the drives. When you write data to a pool made of striped vdevs, the data is broken into small chunks called “blocks” and distributed across all the disks in the pool. The blocks are written in “round-robin” sequence, meaning after all the disks receive one row of blocks, called a stripe, it loops back around and writes another stripe under the first. A striped pool has excellent performance and storage space efficiency, but absolutely zero fault tolerance. If even a single drive in the pool fails, the entire pool will fail and all data stored on that pool will be lost.<br>
39787 The excellent performance of a striped pool comes from the fact that all of the disks can work independently for all read and write operations. If you have a bunch of small read or write operations (IOPS), each disk can work independently to fetch the next block. For streaming reads and writes, each disk can fetch the next block in line synchronized with its neighbors. For example, if a given disk is fetching block n, its neighbor to the left can be fetching block n-1, and its neighbor to the right can be fetching block n+1. Therefore, the speed of all read and write operations as well as the quantity of read and write operations (IOPS) on a striped pool will scale with the number of vdevs. Note here that I said the speeds and IOPS scale with the number of vdevs rather than the number of drives; there’s a reason for this and we’ll cover it in the next post when we discuss RAID-Z.<br>
39788 Here’s a summary of the total pool performance (where N is the number of disks in the pool):</p>
39789 </blockquote>
39790 <ul>
39791 <li>N-wide striped:</li>
39792 <li>Read IOPS: N * Read IOPS of a single drive</li>
39793 <li>Write IOPS: N * Write IOPS of a single drive</li>
39794 <li>Streaming read speed: N * Streaming read speed of a single drive</li>
39795 <li>Streaming write speed: N * Streaming write speed of a single drive</li>
39796 <li>Storage space efficiency: 100%</li>
39797 <li>Fault tolerance: None!</li>
39798 </ul>
39799 <blockquote>
39800 <p>Let’s apply this to our example system, configured with a 12-wide striped pool:</p>
39801 </blockquote>
39802 <ul>
39803 <li>12-wide striped:</li>
39804 <li>Read IOPS: 3000</li>
39805 <li>Write IOPS: 3000</li>
39806 <li>Streaming read speed: 1200 MB/s</li>
39807 <li>Streaming write speed: 1200 MB/s</li>
39808 <li>Storage space efficiency: 72 TB</li>
39809 <li>Fault tolerance: None!</li>
39810 <li>Below is a visual depiction of our 12 rainbow blocks written to this pool configuration:</li>
39811 </ul>
39812 <blockquote>
39813 <p>The blocks are simply striped across the 12 disks in the pool. The LBA column on the left stands for “Logical Block Address”. If we treat each disk as a column in an array, each LBA would be a row. It’s also easy to see that if any single disk fails, we would be missing a color in the rainbow and our data would be incomplete. While this configuration has fantastic read and write speeds and can handle a ton of IOPS, the data stored on the pool is very vulnerable. This configuration is not recommended unless you’re comfortable losing all of your pool’s data whenever any single drive fails.<br>
39814 A mirrored vdev consists of two or more disks. A mirrored vdev stores an exact copy of all the data written to it on each one of its drives. Traditional RAID-1 mirrors usually only support two drive mirrors, but ZFS allows for more drives per mirror to increase redundancy and fault tolerance. All disks in a mirrored vdev have to fail for the vdev, and thus the whole pool, to fail. Total storage space will be equal to the size of a single drive in the vdev. If you’re using mismatched drive sizes in your mirrors, the total size will be that of the smallest drive in the mirror.<br>
39815 Streaming read speeds and read IOPS on a mirrored vdev will be faster than write speeds and IOPS. When reading from a mirrored vdev, the drives can “divide and conquer” the operations, similar to what we saw above in the striped pool. This is because each drive in the mirror has an identical copy of the data. For write operations, all of the drives need to write a copy of the data, so the mirrored vdev will be limited to the streaming write speed and IOPS of a single disk.</p>
39816 </blockquote>
39817 <blockquote>
39818 <p>Here’s a summary:</p>
39819 </blockquote>
39820 <ul>
39821 <li>
39822 <p>N-way mirror:</p>
39823 </li>
39824 <li>
39825 <p>Read IOPS: N * Read IOPS of a single drive</p>
39826 </li>
39827 <li>
39828 <p>Write IOPS: Write IOPS of a single drive</p>
39829 </li>
39830 <li>
39831 <p>Streaming read speed: N * Streaming read speed of a single drive</p>
39832 </li>
39833 <li>
39834 <p>Streaming write speed: Streaming write speed of a single drive</p>
39835 </li>
39836 <li>
39837 <p>Storage space efficiency: 50% for 2-way, 33% for 3-way, 25% for 4-way, etc. [(N-1)/N]</p>
39838 </li>
39839 <li>
39840 <p>Fault tolerance: 1 disk per vdev for 2-way, 2 for 3-way, 3 for 4-way, etc. [N-1]</p>
39841 </li>
39842 <li>
39843 <p>For our first example configuration, let’s do something ridiculous and create a 12-way mirror. ZFS supports this kind of thing, but your management probably will not.</p>
39844 </li>
39845 <li>
39846 <p>1x 12-way mirror:</p>
39847 </li>
39848 <li>
39849 <p>Read IOPS: 3000</p>
39850 </li>
39851 <li>
39852 <p>Write IOPS: 250</p>
39853 </li>
39854 <li>
39855 <p>Streaming read speed: 1200 MB/s</p>
39856 </li>
39857 <li>
39858 <p>Streaming write speed: 100 MB/s</p>
39859 </li>
39860 <li>
39861 <p>Storage space efficiency: 8.3% (6 TB)</p>
39862 </li>
39863 <li>
39864 <p>Fault tolerance: 11</p>
39865 </li>
39866 </ul>
39867 <blockquote>
39868 <p>As we can clearly see from the diagram, every single disk in the vdev gets a full copy of our rainbow data. The chainlink icons between the disk labels in the column headers indicate the disks are part of a single vdev. We can lose up to 11 disks in this vdev and still have a complete rainbow. Of course, the data takes up far too much room on the pool, occupying a full 12 LBAs in the data array.</p>
39869 </blockquote>
39870 <blockquote>
39871 <p>Obviously, this is far from the best use of 12 drives. Let’s do something a little more practical and configure the pool with the ZFS equivalent of RAID-10. We’ll configure six 2-way mirror vdevs. ZFS will stripe the data across all 6 of the vdevs. We can use the work we did in the striped vdev section to determine how the pool as a whole will behave. Let’s first calculate the performance per vdev, then we can work on the full pool:</p>
39872 </blockquote>
39873 <ul>
39874 <li>
39875 <p>1x 2-way mirror:</p>
39876 </li>
39877 <li>
39878 <p>Read IOPS: 500</p>
39879 </li>
39880 <li>
39881 <p>Write IOPS: 250</p>
39882 </li>
39883 <li>
39884 <p>Streaming read speed: 200 MB/s</p>
39885 </li>
39886 <li>
39887 <p>Streaming write speed: 100 MB/s</p>
39888 </li>
39889 <li>
39890 <p>Storage space efficiency: 50% (6 TB)</p>
39891 </li>
39892 <li>
39893 <p>Fault tolerance: 1</p>
39894 </li>
39895 <li>
39896 <p>Now we can pretend we have 6 drives with the performance statistics listed above and run them through our striped vdev performance calculator to get the total pool’s performance:</p>
39897 </li>
39898 <li>
39899 <p>6x 2-way mirror:</p>
39900 </li>
39901 <li>
39902 <p>Read IOPS: 3000</p>
39903 </li>
39904 <li>
39905 <p>Write IOPS: 1500</p>
39906 </li>
39907 <li>
39908 <p>Streaming read speed: 3000 MB/s</p>
39909 </li>
39910 <li>
39911 <p>Streaming write speed: 1500 MB/s</p>
39912 </li>
39913 <li>
39914 <p>Storage space efficiency: 50% (36 TB)</p>
39915 </li>
39916 <li>
39917 <p>Fault tolerance: 1 per vdev, 6 total</p>
39918 </li>
39919 <li>
39920 <p>Again, we will examine the configuration from a visual perspective:</p>
39921 </li>
39922 </ul>
39923 <blockquote>
39924 <p>Each vdev gets a block of data and ZFS writes that data to all of (or in this case, both of) the disks in the mirror. As long as we have at least one functional disk in each vdev, we can retrieve our rainbow. As before, the chain link icons denote the disks are part of a single vdev. This configuration emphasizes performance over raw capacity but doesn’t totally disregard fault tolerance as our striped pool did. It’s a very popular configuration for systems that need a lot of fast I/O. Let’s look at one more example configuration using four 3-way mirrors. We’ll skip the individual vdev performance calculation and go straight to the full pool:</p>
39925 </blockquote>
39926 <ul>
39927 <li>4x 3-way mirror:</li>
39928 <li>Read IOPS: 3000</li>
39929 <li>Write IOPS: 1000</li>
39930 <li>Streaming read speed: 3000 MB/s</li>
39931 <li>Streaming write speed: 400 MB/s</li>
39932 <li>Storage space efficiency: 33% (24 TB)</li>
39933 <li>Fault tolerance: 2 per vdev, 8 total</li>
39934 </ul>
39935 <blockquote>
39936 <p>While we have sacrificed some write performance and capacity, the pool is now extremely fault tolerant. This configuration is probably not practical for most applications and it would make more sense to use lower fault tolerance and set up an offsite backup system.<br>
39937 Striped and mirrored vdevs are fantastic for access speed performance, but they either leave you with no redundancy whatsoever or impose at least a 50% penalty on the total usable space of your pool. In the next post, we will cover RAIDZ, which lets you keep data redundancy without sacrificing as much storage space efficiency. We’ll also look at some example workload scenarios and decide which layout would be the best fit for each.</p>
39938 </blockquote>
39939 <hr>
39940 <p>###<a href="https://chown.me/blog/2FA-with-ssh-on-OpenBSD.html">2FA with ssh on OpenBSD</a></p>
39941 <blockquote>
39942 <p>Five years ago I wrote about using a yubikey on OpenBSD. The only problem with doing this is that there’s no validation server available on OpenBSD, so you need to use a different OTP slot for each machine. (You don’t want to risk a replay attack if someone succeeds in capturing an OTP on one machine, right?) Yubikey has two OTP slots per device, so you would need a yubikey for every two machines with which you’d like to use it. You could use a bastion—and use only one yubikey—but I don’t like the SPOF aspect of a bastion. YMMV.<br>
39943 After I played with TOTP, I wanted to use them as a 2FA for ssh. At the time of writing, we can’t do that using only the tools in base. This article focuses on OpenBSD; if you use another operating system, here are two handy links.</p>
39944 </blockquote>
39945 <ul>
39946 <li>SEED CONFIGURATION</li>
39947 </ul>
39948 <blockquote>
39949 <p>The first thing we need to do is to install the software which will be used to verify the OTPs we submit.</p>
39950 </blockquote>
39951 <p><code># pkgadd loginoath</code></p>
39952 <blockquote>
39953 <p>We need to create a secret - aka, the seed - that will be used to calculate the Time-based One-Time Passwords. We should make sure no one can read or change it.</p>
39954 </blockquote>
39955 <p><code>$ openssl rand -hex 20 &gt; ~/.totp-key</code><br>
39956 <code>$ chmod 400 ~/.totp-key</code></p>
39957 <blockquote>
39958 <p>Now we have a hexadecimal key, but apps usually want a base32 secret. I initially wrote a small script to do the conversion.<br>
39959 While writing this article, I took the opportunity to improve it. When I initially wrote this utility for my use, python-qrcode hadn’t yet been imported to the OpenBSD ports/packages system. It’s easy to install now, so let’s use it.<br>
39960 Here’s the improved version. It will ask for the hex key and output the secret as a base32-encoded string, both with and without spacing so you can copy-paste it into your password manager or easily retype it. It will then ask for the information needed to generate a QR code. Adding our new OTP secret to any mobile app using the QR code will be super easy!</p>
39961 </blockquote>
39962 <ul>
39963 <li>SYSTEM CONFIGURATION</li>
39964 </ul>
39965 <blockquote>
39966 <p>We can now move to the configuration of the system to put our new TOTP to use. As you might guess, it’s going to be quite close to what we did with the yubikey.<br>
39967 We need to tweak login.conf. Be careful and keep a root shell open at all times. The few times I broke my OpenBSD were because I messed with login.conf without showing enough care.</p>
39968 </blockquote>
39969 <ul>
39970 <li>SSHD CONFIGURATION</li>
39971 </ul>
39972 <blockquote>
39973 <p>Again, keeping a root shell around decreases the risk of losing access to the system and being locked outside.<br>
39974 A good standard is to use PasswordAuthentication no and to use public key only. Except… have a guess what the P stands for in TOTP. Yes, congrats, you guessed it!<br>
39975 We need to switch to PasswordAuthentication yes. However, if we made this change alone, sshd would then accept a public key OR a password (which are TOTP because of our login.conf). 2FA uses both at the same time.<br>
39976 To inform sshd we intend to use both, we need to set AuthenticationMethods publickey,password. This way, the user trying to login will first need to perform the traditional publickey authentication. Once that’s done, ssh will prompt for a password and the user will need to submit a valid TOTP for the system.<br>
39977 We could do this the other way around, but I think bots could try passwords, wasting resources. Evaluated in this order, failing to provide a public key leads to sshd immediately declining your attempt.</p>
39978 </blockquote>
39979 <ul>
39980 <li>IMPROVING SECURITY WITHOUT IMPACTING UX</li>
39981 </ul>
39982 <blockquote>
39983 <p>My phone has a long enough password that most of the time, I fail to type it correctly on the first try. Of course, if I had to unlock my phone, launch my TOTP app and use my keyboard to enter what I see on my phone’s screen, I would quickly disable 2FA.<br>
39984 To find a balance, I have whitelisted certain IP addresses and users. If I connect from a particular IP address or as a specific user, I don’t want to go through 2FA. For some users, I might not even enable 2FA.<br>
39985 To sum up, we covered how to create a seed, how to perform a hexadecimal to base32 conversion and how to create a QR code for mobile applications. We configured the login system with login.conf so that ssh authentication uses the TOTP login system, and we told sshd to ask for both the public key and the Time-based One-Time Password. Now you should be all set to use two-factor ssh authentication on OpenBSD!</p>
39986 </blockquote>
39987 <hr>
39988 <p>##News Roundup<br>
39989 <a href="https://utcc.utoronto.ca/~cks/space/blog/solaris/ZFSAndDirectoryDType">How ZFS maintains file type information in directories</a></p>
39990 <blockquote>
39991 <p>As an aside in yesterday’s history of file type information being available in Unix directories, I mentioned that it was possible for a filesystem to support this even though its Unix didn’t. By supporting it, I mean that the filesystem maintains this information in its on disk format for directories, even though the rest of the kernel will never ask for it. This is what ZFS does.<br>
39992 The easiest way to see that ZFS does this is to use zdb to dump a directory. I’m going to do this on an OmniOS machine, to make it more convincing, and it turns out that this has some interesting results. Since this is OmniOS, we don’t have the convenience of just naming a directory in zdb, so let’s find the root directory of a filesystem, starting from dnode 1 (as seen before).</p>
39993 </blockquote>
39994 <p><code># zdb -dddd fs3-corestaff-01/h/281 1</code><br>
39995 <code>Dataset [....]</code><br>
39996 <code>[...]</code><br>
39997 <code>microzap: 512 bytes, 4 entries</code><br>
39998 <code>[...]</code><br>
39999 <code>ROOT = 3</code><br>
40000 <code></code><br>
40001 <code># zdb -dddd fs3-corestaff-01/h/281 3</code><br>
40002 <code>Object lvl iblk dblk dsize lsize %full type</code><br>
40003 <code>3 1 16K 1K 8K 1K 100.00 ZFS directory</code><br>
40004 <code>[...]</code><br>
40005 <code>microzap: 1024 bytes, 8 entries</code><br>
40006 <code></code><br>
40007 <code>RESTORED = 4396504 (type: Directory)</code><br>
40008 <code>ckstst = 12017 (type: not specified)</code><br>
40009 <code>ckstst3 = 25069 (type: Directory)</code><br>
40010 <code>.demo-file = 5832188 (type: Regular File)</code><br>
40011 <code>.peergroup = 12590 (type: not specified)</code><br>
40012 <code>cks = 5 (type: not specified)</code><br>
40013 <code>cksimap1 = 5247832 (type: Directory)</code><br>
40014 <code>.diskuse = 12016 (type: not specified)</code><br>
40015 <code>ckstst2 = 12535 (type: not specified)</code></p>
40016 <blockquote>
40017 <p>This is actually an old filesystem (it dates from Solaris 10 and has been transferred around with ‘zfs send | zfs recv’ since then), but various home directories for real and test users have been created in it over time (you can probably guess which one is the oldest one). Sufficiently old directories and files have no file type information, but more recent ones have this information, including .demo-file, which I made just now so this would have an entry that was a regular file with type information.<br>
40018 Once I dug into it, this turned out to be a change introduced (or activated) in ZFS filesystem version 2, which is described in ‘zfs upgrade -v’ as ‘enhanced directory entries’. As an actual change in (Open)Solaris, it dates from mid 2007, although I’m not sure what Solaris release it made it into. The upshot is that if you made your ZFS filesystem any time in the last decade, you’ll have this file type information in your directories.<br>
40019 How ZFS stores this file type information is interesting and clever, especially when it comes to backwards compatibility. I’ll start by quoting the comment from zfs_znode.h:</p>
40020 </blockquote>
40021 <p><code>/*</code><br>
40022 <code>* The directory entry has the type (currently unused on</code><br>
40023 <code>* Solaris) in the top 4 bits, and the object number in</code><br>
40024 <code>* the low 48 bits. The &quot;middle&quot; 12 bits are unused.</code><br>
40025 <code>*/</code></p>
40026 <blockquote>
40027 <p>In yesterday’s entry I said that Unix directory entries need to store at least the filename and the inode number of the file. What ZFS is doing here is reusing the 64 bit field used for the ‘inode’ (the ZFS dnode number) to also store the file type, because it knows that object numbers have only a limited range. This also makes old directory entries compatible, by making type 0 (all 4 bits 0) mean ‘not specified’. Since old directory entries only stored the object number and the object number is 48 bits or less, the higher bits are guaranteed to be all zero.<br>
40028 The reason this needed a new ZFS filesystem version is now clear. If you tried to read directory entries with file type information on a version of ZFS that didn’t know about them, the old version would likely see crazy (and non-existent) object numbers and nothing would work. In order to even read a ‘file type in directory entries’ filesystem, you need to know to only look at the low 48 bits of the object number field in directory entries.</p>
40029 </blockquote>
40030 <hr>
40031 <p>###<a href="https://euroquis.nl/bobulate/?p=1976">Everything old is new again</a></p>
40032 <blockquote>
40033 <p>Just because KDE4-era software has been deprecated by the KDE-FreeBSD team in the official ports-repository, doesn’t mean we don’t care for it while we still need to. KDE4 was released on January 11th, 2008 — I still have the T-shirt — which was a very different C++ world than what we now live in. Much of the code pre-dates the availability of C<ins>11 — certainly the availability of compilers with C</ins>11 support. The language has changed a great deal in those ten years since the original release.<br>
40034 The platforms we run KDE code on have, too — FreeBSD 12 is a long way from the FreeBSD 6 or 7 that were current at release (although at the time, I was more into OpenSolaris). In particular, since then the FreeBSD world has switched over to Clang, and FreeBSD current is experimenting with Clang 7. So we’re seeing KDE4-era code being built, and running, on FreeBSD 12 with Clang 7. That’s a platform with a very different idea of what constitutes correct code, than what the code was originally written for. (Not quite as big a difference as Helio’s KDE1 efforts, though)<br>
40035 So, while we’re counting down to removing KDE4 from the FreeBSD ports tree, we’re also going through and fixing it to work with Clang 7, which defaults to a newer C++ standard and which is quite picky about some things. Some time in the distant past, when pointers were integers and NULL was zero, there was some confusion about booleans. So there’s lots of code that does list.contains(element) &gt; 0 … this must have been a trick before booleans were a supported type in all our compilers. In any case it breaks with Clang 7, since contains() returns a QBool which converts to a nullptr (when false) which isn’t comparable to the integer 0. Suffice to say I’ve spent more time reading KDE4-era code this month, than in the past two years.<br>
40036 However, work is proceeding apace, so if you really really want to, you can still get your old-school kicks on a new platform. Because we care about packaging things right, even when we want to get rid of it.</p>
40037 </blockquote>
40038 <hr>
40039 <p>###<a href="https://nanxiao.gitbooks.io/openbsd-netcat-demystified/">OpenBSD netcat demystified</a></p>
40040 <blockquote>
40041 <p>Owing to its versatile functionalities, netcat earns the reputation as “TCP/IP Swiss army knife”. For example, you can create a simple chat app using netcat:</p>
40042 </blockquote>
40043 <ul>
40044 <li>(1) Open a terminal and input following command:</li>
40045 </ul>
40046 <p><code># nc -l 3003</code></p>
40047 <blockquote>
40048 <p>This means a netcat process will listen on 3003 port in this machine (the IP address of current machine is 192.168.35.176).</p>
40049 </blockquote>
40050 <ul>
40051 <li>(2) Connect aforemontioned netcat process in another machine, and send a greeting:</li>
40052 </ul>
40053 <p><code># nc 192.168.35.176 3003</code><br>
40054 <code>hello</code></p>
40055 <blockquote>
40056 <p>Then in the first machine’s terminal, you will see the “hello” text:</p>
40057 </blockquote>
40058 <p><code># nc -l 3003</code><br>
40059 <code>hello</code></p>
40060 <blockquote>
40061 <p>A primitive chatroom is built successfully. Very cool! Isn’t it? I think many people can’t wait to explore more features of netcatnow. If you are among them, congratulations! This tutorial may be the correct place for you.<br>
40062 In the following parts, I will delve into OpenBSD’s netcatcode to give a detailed anatomy of it. The reason of picking OpenBSD’s netcat rather than others’ is because its code repository is small (~2000 lines of code) and neat. Furthermore, I also hope this little book can assist you learn more socket programming knowledge not just grasping usage of netcat.<br>
40063 We’re all set. Let’s go!</p>
40064 </blockquote>
40065 <hr>
40066 <p>##Beastie Bits</p>
40067 <ul>
40068 <li><a href="https://www.geeklan.co.uk/files/eurobsdcon2018.pdf">What’s in store for NetBSD 9.0</a></li>
40069 <li><a href="https://mail-index.netbsd.org/netbsd-advocacy/2018/09/25/msg000783.html">NetBSD machines at Open Source Conference 2018 Hiroshima</a></li>
40070 <li><a href="http://vincentdelft.be/post/post_20180922">nmctl adapted with limited privileges: nmctl-0.6.0</a></li>
40071 <li><a href="https://www.freebsdfoundation.org/blog/submit-your-work-check-out-scale-17x-and-fosdem-19-cfps/">Submit Your Work: Check out SCALE 17x and FOSDEM ’19 CFPs</a></li>
40072 <li><a href="https://www.openbsd.org/64.html">OpenBSD 6.4 site is up! (with a partial list of new features)</a></li>
40073 <li><a href="https://www.blackcatenterprises.us/using-alpine-to-read-your-email/">Using Alpine to Read Your Email on OpenBSD</a></li>
40074 </ul>
40075 <hr>
40076 <p>##Feedback/Questions</p>
40077 <ul>
40078 <li>Morgan - <a href="http://dpaste.com/0EXPWQK#wrap">Send/Receive to Manage Fragmentation?</a></li>
40079 <li>Ryan - <a href="http://dpaste.com/0B6C0Y0">ZFS and mmap</a></li>
40080 <li>Marcus - <a href="http://dpaste.com/1DT26S8#wrap">Linux Compat</a></li>
40081 <li>Ben - <a href="http://dpaste.com/20GTHZE#wrap">Multiple Pools</a></li>
40082 </ul>
40083 <hr>
40084 <ul>
40085 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
40086 </ul>
40087 <hr>
40088 </description>
40089 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, netcat, kde yubikey, 2fa, ssh, zfs, performance</itunes:keywords>
40090 <content:encoded>
40091 <![CDATA[<p>6 metrics for zpool performance, 2FA with ssh on OpenBSD, ZFS maintaining file type information in dirs, everything old is new again, netcat demystified, and more.</p>
40092
40093 <p>##Headlines<br>
40094 ###<a href="https://www.ixsystems.com/blog/zfs-pool-performance-1/">Six Metrics for Measuring ZFS Pool Performance Part 1</a></p>
40095
40096 <blockquote>
40097 <p>The layout of a ZFS storage pool has a significant impact on system performance under various workloads. Given the importance of picking the right configuration for your workload and the fact that making changes to an in-use ZFS pool is far from trivial, it is important for an administrator to understand the mechanics of pool performance when designing a storage system.</p>
40098 </blockquote>
40099
40100 <ul>
40101 <li>To quantify pool performance, we will consider six primary metrics:</li>
40102 <li>Read I/O operations per second (IOPS)</li>
40103 <li>Write IOPS</li>
40104 <li>Streaming read speed</li>
40105 <li>Streaming write speed</li>
40106 <li>Storage space efficiency (usable capacity after parity versus total raw capacity)</li>
40107 <li>Fault tolerance (maximum number of drives that can fail before data loss)</li>
40108 <li>For the sake of comparison, we’ll use an example system with 12 drives, each one sized at 6TB, and say that each drive does 100MB/s streaming reads and writes and can do 250 read and write IOPS. We will visualize how the data is spread across the drives by writing 12 multi-colored blocks, shown below. The blocks are written to the pool starting with the brown block on the left (number one), and working our way to the pink block on the right (number 12).</li>
40109 </ul>
40110
40111 <blockquote>
40112 <p>Note that when we calculate data rates and IOPS values for the example system, they are only approximations. Many other factors can impact pool access speeds for better (compression, caching) or worse (poor CPU performance, not enough memory).<br>
40113 There is no single configuration that maximizes all six metrics. Like so many things in life, our objective is to find an appropriate balance of the metrics to match a target workload. For example, a cold-storage backup system will likely want a pool configuration that emphasizes usable storage space and fault tolerance over the other data-rate focused metrics.<br>
40114 Let’s start with a quick review of ZFS storage pools before diving into specific configuration options. ZFS storage pools are comprised of one or more virtual devices, or vdevs. Each vdev is comprised of one or more storage providers, typically physical hard disks. All disk-level redundancy is configured at the vdev level. That is, the RAID layout is set on each vdev as opposed to on the storage pool. Data written to the storage pool is then striped across all the vdevs. Because pool data is striped across the vdevs, the loss of any one vdev means total pool failure. This is perhaps the single most important fact to keep in mind when designing a ZFS storage system. We will circle back to this point in the next post, but keep it in mind as we go through the vdev configuration options.<br>
40115 Because storage pools are made up of one or more vdevs with the pool data striped over the top, we’ll take a look at pool configuration in terms of various vdev configurations. There are three basic vdev configurations: striping, mirroring, and RAIDZ (which itself has three different varieties). The first section will cover striped and mirrored vdevs in this post; the second post will cover RAIDZ and some example scenarios.<br>
40116 A striped vdev is the simplest configuration. Each vdev consists of a single disk with no redundancy. When several of these single-disk, striped vdevs are combined into a single storage pool, the total usable storage space would be the sum of all the drives. When you write data to a pool made of striped vdevs, the data is broken into small chunks called “blocks” and distributed across all the disks in the pool. The blocks are written in “round-robin” sequence, meaning after all the disks receive one row of blocks, called a stripe, it loops back around and writes another stripe under the first. A striped pool has excellent performance and storage space efficiency, but absolutely zero fault tolerance. If even a single drive in the pool fails, the entire pool will fail and all data stored on that pool will be lost.<br>
40117 The excellent performance of a striped pool comes from the fact that all of the disks can work independently for all read and write operations. If you have a bunch of small read or write operations (IOPS), each disk can work independently to fetch the next block. For streaming reads and writes, each disk can fetch the next block in line synchronized with its neighbors. For example, if a given disk is fetching block n, its neighbor to the left can be fetching block n-1, and its neighbor to the right can be fetching block n+1. Therefore, the speed of all read and write operations as well as the quantity of read and write operations (IOPS) on a striped pool will scale with the number of vdevs. Note here that I said the speeds and IOPS scale with the number of vdevs rather than the number of drives; there’s a reason for this and we’ll cover it in the next post when we discuss RAID-Z.<br>
40118 Here’s a summary of the total pool performance (where N is the number of disks in the pool):</p>
40119 </blockquote>
40120
40121 <ul>
40122 <li>N-wide striped:</li>
40123 <li>Read IOPS: N * Read IOPS of a single drive</li>
40124 <li>Write IOPS: N * Write IOPS of a single drive</li>
40125 <li>Streaming read speed: N * Streaming read speed of a single drive</li>
40126 <li>Streaming write speed: N * Streaming write speed of a single drive</li>
40127 <li>Storage space efficiency: 100%</li>
40128 <li>Fault tolerance: None!</li>
40129 </ul>
40130
40131 <blockquote>
40132 <p>Let’s apply this to our example system, configured with a 12-wide striped pool:</p>
40133 </blockquote>
40134
40135 <ul>
40136 <li>12-wide striped:</li>
40137 <li>Read IOPS: 3000</li>
40138 <li>Write IOPS: 3000</li>
40139 <li>Streaming read speed: 1200 MB/s</li>
40140 <li>Streaming write speed: 1200 MB/s</li>
40141 <li>Storage space efficiency: 72 TB</li>
40142 <li>Fault tolerance: None!</li>
40143 <li>Below is a visual depiction of our 12 rainbow blocks written to this pool configuration:</li>
40144 </ul>
40145
40146 <blockquote>
40147 <p>The blocks are simply striped across the 12 disks in the pool. The LBA column on the left stands for “Logical Block Address”. If we treat each disk as a column in an array, each LBA would be a row. It’s also easy to see that if any single disk fails, we would be missing a color in the rainbow and our data would be incomplete. While this configuration has fantastic read and write speeds and can handle a ton of IOPS, the data stored on the pool is very vulnerable. This configuration is not recommended unless you’re comfortable losing all of your pool’s data whenever any single drive fails.<br>
40148 A mirrored vdev consists of two or more disks. A mirrored vdev stores an exact copy of all the data written to it on each one of its drives. Traditional RAID-1 mirrors usually only support two drive mirrors, but ZFS allows for more drives per mirror to increase redundancy and fault tolerance. All disks in a mirrored vdev have to fail for the vdev, and thus the whole pool, to fail. Total storage space will be equal to the size of a single drive in the vdev. If you’re using mismatched drive sizes in your mirrors, the total size will be that of the smallest drive in the mirror.<br>
40149 Streaming read speeds and read IOPS on a mirrored vdev will be faster than write speeds and IOPS. When reading from a mirrored vdev, the drives can “divide and conquer” the operations, similar to what we saw above in the striped pool. This is because each drive in the mirror has an identical copy of the data. For write operations, all of the drives need to write a copy of the data, so the mirrored vdev will be limited to the streaming write speed and IOPS of a single disk.</p>
40150 </blockquote>
40151
40152 <blockquote>
40153 <p>Here’s a summary:</p>
40154 </blockquote>
40155
40156 <ul>
40157 <li>
40158 <p>N-way mirror:</p>
40159 </li>
40160 <li>
40161 <p>Read IOPS: N * Read IOPS of a single drive</p>
40162 </li>
40163 <li>
40164 <p>Write IOPS: Write IOPS of a single drive</p>
40165 </li>
40166 <li>
40167 <p>Streaming read speed: N * Streaming read speed of a single drive</p>
40168 </li>
40169 <li>
40170 <p>Streaming write speed: Streaming write speed of a single drive</p>
40171 </li>
40172 <li>
40173 <p>Storage space efficiency: 50% for 2-way, 33% for 3-way, 25% for 4-way, etc. [(N-1)/N]</p>
40174 </li>
40175 <li>
40176 <p>Fault tolerance: 1 disk per vdev for 2-way, 2 for 3-way, 3 for 4-way, etc. [N-1]</p>
40177 </li>
40178 <li>
40179 <p>For our first example configuration, let’s do something ridiculous and create a 12-way mirror. ZFS supports this kind of thing, but your management probably will not.</p>
40180 </li>
40181 <li>
40182 <p>1x 12-way mirror:</p>
40183 </li>
40184 <li>
40185 <p>Read IOPS: 3000</p>
40186 </li>
40187 <li>
40188 <p>Write IOPS: 250</p>
40189 </li>
40190 <li>
40191 <p>Streaming read speed: 1200 MB/s</p>
40192 </li>
40193 <li>
40194 <p>Streaming write speed: 100 MB/s</p>
40195 </li>
40196 <li>
40197 <p>Storage space efficiency: 8.3% (6 TB)</p>
40198 </li>
40199 <li>
40200 <p>Fault tolerance: 11</p>
40201 </li>
40202 </ul>
40203
40204 <blockquote>
40205 <p>As we can clearly see from the diagram, every single disk in the vdev gets a full copy of our rainbow data. The chainlink icons between the disk labels in the column headers indicate the disks are part of a single vdev. We can lose up to 11 disks in this vdev and still have a complete rainbow. Of course, the data takes up far too much room on the pool, occupying a full 12 LBAs in the data array.</p>
40206 </blockquote>
40207
40208 <blockquote>
40209 <p>Obviously, this is far from the best use of 12 drives. Let’s do something a little more practical and configure the pool with the ZFS equivalent of RAID-10. We’ll configure six 2-way mirror vdevs. ZFS will stripe the data across all 6 of the vdevs. We can use the work we did in the striped vdev section to determine how the pool as a whole will behave. Let’s first calculate the performance per vdev, then we can work on the full pool:</p>
40210 </blockquote>
40211
40212 <ul>
40213 <li>
40214 <p>1x 2-way mirror:</p>
40215 </li>
40216 <li>
40217 <p>Read IOPS: 500</p>
40218 </li>
40219 <li>
40220 <p>Write IOPS: 250</p>
40221 </li>
40222 <li>
40223 <p>Streaming read speed: 200 MB/s</p>
40224 </li>
40225 <li>
40226 <p>Streaming write speed: 100 MB/s</p>
40227 </li>
40228 <li>
40229 <p>Storage space efficiency: 50% (6 TB)</p>
40230 </li>
40231 <li>
40232 <p>Fault tolerance: 1</p>
40233 </li>
40234 <li>
40235 <p>Now we can pretend we have 6 drives with the performance statistics listed above and run them through our striped vdev performance calculator to get the total pool’s performance:</p>
40236 </li>
40237 <li>
40238 <p>6x 2-way mirror:</p>
40239 </li>
40240 <li>
40241 <p>Read IOPS: 3000</p>
40242 </li>
40243 <li>
40244 <p>Write IOPS: 1500</p>
40245 </li>
40246 <li>
40247 <p>Streaming read speed: 3000 MB/s</p>
40248 </li>
40249 <li>
40250 <p>Streaming write speed: 1500 MB/s</p>
40251 </li>
40252 <li>
40253 <p>Storage space efficiency: 50% (36 TB)</p>
40254 </li>
40255 <li>
40256 <p>Fault tolerance: 1 per vdev, 6 total</p>
40257 </li>
40258 <li>
40259 <p>Again, we will examine the configuration from a visual perspective:</p>
40260 </li>
40261 </ul>
40262
40263 <blockquote>
40264 <p>Each vdev gets a block of data and ZFS writes that data to all of (or in this case, both of) the disks in the mirror. As long as we have at least one functional disk in each vdev, we can retrieve our rainbow. As before, the chain link icons denote the disks are part of a single vdev. This configuration emphasizes performance over raw capacity but doesn’t totally disregard fault tolerance as our striped pool did. It’s a very popular configuration for systems that need a lot of fast I/O. Let’s look at one more example configuration using four 3-way mirrors. We’ll skip the individual vdev performance calculation and go straight to the full pool:</p>
40265 </blockquote>
40266
40267 <ul>
40268 <li>4x 3-way mirror:</li>
40269 <li>Read IOPS: 3000</li>
40270 <li>Write IOPS: 1000</li>
40271 <li>Streaming read speed: 3000 MB/s</li>
40272 <li>Streaming write speed: 400 MB/s</li>
40273 <li>Storage space efficiency: 33% (24 TB)</li>
40274 <li>Fault tolerance: 2 per vdev, 8 total</li>
40275 </ul>
40276
40277 <blockquote>
40278 <p>While we have sacrificed some write performance and capacity, the pool is now extremely fault tolerant. This configuration is probably not practical for most applications and it would make more sense to use lower fault tolerance and set up an offsite backup system.<br>
40279 Striped and mirrored vdevs are fantastic for access speed performance, but they either leave you with no redundancy whatsoever or impose at least a 50% penalty on the total usable space of your pool. In the next post, we will cover RAIDZ, which lets you keep data redundancy without sacrificing as much storage space efficiency. We’ll also look at some example workload scenarios and decide which layout would be the best fit for each.</p>
40280 </blockquote>
40281
40282 <p><hr></p>
40283
40284 <p>###<a href="https://chown.me/blog/2FA-with-ssh-on-OpenBSD.html">2FA with ssh on OpenBSD</a></p>
40285
40286 <blockquote>
40287 <p>Five years ago I wrote about using a yubikey on OpenBSD. The only problem with doing this is that there’s no validation server available on OpenBSD, so you need to use a different OTP slot for each machine. (You don’t want to risk a replay attack if someone succeeds in capturing an OTP on one machine, right?) Yubikey has two OTP slots per device, so you would need a yubikey for every two machines with which you’d like to use it. You could use a bastion—and use only one yubikey—but I don’t like the SPOF aspect of a bastion. YMMV.<br>
40288 After I played with TOTP, I wanted to use them as a 2FA for ssh. At the time of writing, we can’t do that using only the tools in base. This article focuses on OpenBSD; if you use another operating system, here are two handy links.</p>
40289 </blockquote>
40290
40291 <ul>
40292 <li>SEED CONFIGURATION</li>
40293 </ul>
40294
40295 <blockquote>
40296 <p>The first thing we need to do is to install the software which will be used to verify the OTPs we submit.</p>
40297 </blockquote>
40298
40299 <p><code># pkg_add login_oath</code></p>
40300
40301 <blockquote>
40302 <p>We need to create a secret - aka, the seed - that will be used to calculate the Time-based One-Time Passwords. We should make sure no one can read or change it.</p>
40303 </blockquote>
40304
40305 <p><code>$ openssl rand -hex 20 > ~/.totp-key</code><br>
40306 <code>$ chmod 400 ~/.totp-key</code></p>
40307
40308 <blockquote>
40309 <p>Now we have a hexadecimal key, but apps usually want a base32 secret. I initially wrote a small script to do the conversion.<br>
40310 While writing this article, I took the opportunity to improve it. When I initially wrote this utility for my use, python-qrcode hadn’t yet been imported to the OpenBSD ports/packages system. It’s easy to install now, so let’s use it.<br>
40311 Here’s the improved version. It will ask for the hex key and output the secret as a base32-encoded string, both with and without spacing so you can copy-paste it into your password manager or easily retype it. It will then ask for the information needed to generate a QR code. Adding our new OTP secret to any mobile app using the QR code will be super easy!</p>
40312 </blockquote>
40313
40314 <ul>
40315 <li>SYSTEM CONFIGURATION</li>
40316 </ul>
40317
40318 <blockquote>
40319 <p>We can now move to the configuration of the system to put our new TOTP to use. As you might guess, it’s going to be quite close to what we did with the yubikey.<br>
40320 We need to tweak login.conf. Be careful and keep a root shell open at all times. The few times I broke my OpenBSD were because I messed with login.conf without showing enough care.</p>
40321 </blockquote>
40322
40323 <ul>
40324 <li>SSHD CONFIGURATION</li>
40325 </ul>
40326
40327 <blockquote>
40328 <p>Again, keeping a root shell around decreases the risk of losing access to the system and being locked outside.<br>
40329 A good standard is to use PasswordAuthentication no and to use public key only. Except… have a guess what the P stands for in TOTP. Yes, congrats, you guessed it!<br>
40330 We need to switch to PasswordAuthentication yes. However, if we made this change alone, sshd would then accept a public key OR a password (which are TOTP because of our login.conf). 2FA uses both at the same time.<br>
40331 To inform sshd we intend to use both, we need to set AuthenticationMethods publickey,password. This way, the user trying to login will first need to perform the traditional publickey authentication. Once that’s done, ssh will prompt for a password and the user will need to submit a valid TOTP for the system.<br>
40332 We could do this the other way around, but I think bots could try passwords, wasting resources. Evaluated in this order, failing to provide a public key leads to sshd immediately declining your attempt.</p>
40333 </blockquote>
40334
40335 <ul>
40336 <li>IMPROVING SECURITY WITHOUT IMPACTING UX</li>
40337 </ul>
40338
40339 <blockquote>
40340 <p>My phone has a long enough password that most of the time, I fail to type it correctly on the first try. Of course, if I had to unlock my phone, launch my TOTP app and use my keyboard to enter what I see on my phone’s screen, I would quickly disable 2FA.<br>
40341 To find a balance, I have whitelisted certain IP addresses and users. If I connect from a particular IP address or as a specific user, I don’t want to go through 2FA. For some users, I might not even enable 2FA.<br>
40342 To sum up, we covered how to create a seed, how to perform a hexadecimal to base32 conversion and how to create a QR code for mobile applications. We configured the login system with login.conf so that ssh authentication uses the TOTP login system, and we told sshd to ask for both the public key and the Time-based One-Time Password. Now you should be all set to use two-factor ssh authentication on OpenBSD!</p>
40343 </blockquote>
40344
40345 <p><hr></p>
40346
40347 <p>##News Roundup<br>
40348 ###<a href="https://utcc.utoronto.ca/~cks/space/blog/solaris/ZFSAndDirectoryDType">How ZFS maintains file type information in directories</a></p>
40349
40350 <blockquote>
40351 <p>As an aside in yesterday’s history of file type information being available in Unix directories, I mentioned that it was possible for a filesystem to support this even though its Unix didn’t. By supporting it, I mean that the filesystem maintains this information in its on disk format for directories, even though the rest of the kernel will never ask for it. This is what ZFS does.<br>
40352 The easiest way to see that ZFS does this is to use zdb to dump a directory. I’m going to do this on an OmniOS machine, to make it more convincing, and it turns out that this has some interesting results. Since this is OmniOS, we don’t have the convenience of just naming a directory in zdb, so let’s find the root directory of a filesystem, starting from dnode 1 (as seen before).</p>
40353 </blockquote>
40354
40355 <p><code># zdb -dddd fs3-corestaff-01/h/281 1</code><br>
40356 <code>Dataset [....]</code><br>
40357 <code>[...]</code><br>
40358 <code>microzap: 512 bytes, 4 entries</code><br>
40359 <code>[...]</code><br>
40360 <code>ROOT = 3</code><br>
40361 <code></code><br>
40362 <code># zdb -dddd fs3-corestaff-01/h/281 3</code><br>
40363 <code>Object lvl iblk dblk dsize lsize %full type</code><br>
40364 <code>3 1 16K 1K 8K 1K 100.00 ZFS directory</code><br>
40365 <code>[...]</code><br>
40366 <code>microzap: 1024 bytes, 8 entries</code><br>
40367 <code></code><br>
40368 <code>RESTORED = 4396504 (type: Directory)</code><br>
40369 <code>ckstst = 12017 (type: not specified)</code><br>
40370 <code>ckstst3 = 25069 (type: Directory)</code><br>
40371 <code>.demo-file = 5832188 (type: Regular File)</code><br>
40372 <code>.peergroup = 12590 (type: not specified)</code><br>
40373 <code>cks = 5 (type: not specified)</code><br>
40374 <code>cksimap1 = 5247832 (type: Directory)</code><br>
40375 <code>.diskuse = 12016 (type: not specified)</code><br>
40376 <code>ckstst2 = 12535 (type: not specified)</code></p>
40377
40378 <blockquote>
40379 <p>This is actually an old filesystem (it dates from Solaris 10 and has been transferred around with ‘zfs send | zfs recv’ since then), but various home directories for real and test users have been created in it over time (you can probably guess which one is the oldest one). Sufficiently old directories and files have no file type information, but more recent ones have this information, including .demo-file, which I made just now so this would have an entry that was a regular file with type information.<br>
40380 Once I dug into it, this turned out to be a change introduced (or activated) in ZFS filesystem version 2, which is described in ‘zfs upgrade -v’ as ‘enhanced directory entries’. As an actual change in (Open)Solaris, it dates from mid 2007, although I’m not sure what Solaris release it made it into. The upshot is that if you made your ZFS filesystem any time in the last decade, you’ll have this file type information in your directories.<br>
40381 How ZFS stores this file type information is interesting and clever, especially when it comes to backwards compatibility. I’ll start by quoting the comment from zfs_znode.h:</p>
40382 </blockquote>
40383
40384 <p><code>/*</code><br>
40385 <code>* The directory entry has the type (currently unused on</code><br>
40386 <code>* Solaris) in the top 4 bits, and the object number in</code><br>
40387 <code>* the low 48 bits. The "middle" 12 bits are unused.</code><br>
40388 <code>*/</code></p>
40389
40390 <blockquote>
40391 <p>In yesterday’s entry I said that Unix directory entries need to store at least the filename and the inode number of the file. What ZFS is doing here is reusing the 64 bit field used for the ‘inode’ (the ZFS dnode number) to also store the file type, because it knows that object numbers have only a limited range. This also makes old directory entries compatible, by making type 0 (all 4 bits 0) mean ‘not specified’. Since old directory entries only stored the object number and the object number is 48 bits or less, the higher bits are guaranteed to be all zero.<br>
40392 The reason this needed a new ZFS filesystem version is now clear. If you tried to read directory entries with file type information on a version of ZFS that didn’t know about them, the old version would likely see crazy (and non-existent) object numbers and nothing would work. In order to even read a ‘file type in directory entries’ filesystem, you need to know to only look at the low 48 bits of the object number field in directory entries.</p>
40393 </blockquote>
40394
40395 <p><hr></p>
40396
40397 <p>###<a href="https://euroquis.nl/bobulate/?p=1976">Everything old is new again</a></p>
40398
40399 <blockquote>
40400 <p>Just because KDE4-era software has been deprecated by the KDE-FreeBSD team in the official ports-repository, doesn’t mean we don’t care for it while we still need to. KDE4 was released on January 11th, 2008 — I still have the T-shirt — which was a very different C++ world than what we now live in. Much of the code pre-dates the availability of C<ins>11 — certainly the availability of compilers with C</ins>11 support. The language has changed a great deal in those ten years since the original release.<br>
40401 The platforms we run KDE code on have, too — FreeBSD 12 is a long way from the FreeBSD 6 or 7 that were current at release (although at the time, I was more into OpenSolaris). In particular, since then the FreeBSD world has switched over to Clang, and FreeBSD current is experimenting with Clang 7. So we’re seeing KDE4-era code being built, and running, on FreeBSD 12 with Clang 7. That’s a platform with a very different idea of what constitutes correct code, than what the code was originally written for. (Not quite as big a difference as Helio’s KDE1 efforts, though)<br>
40402 So, while we’re counting down to removing KDE4 from the FreeBSD ports tree, we’re also going through and fixing it to work with Clang 7, which defaults to a newer C++ standard and which is quite picky about some things. Some time in the distant past, when pointers were integers and NULL was zero, there was some confusion about booleans. So there’s lots of code that does list.contains(element) > 0 … this must have been a trick before booleans were a supported type in all our compilers. In any case it breaks with Clang 7, since contains() returns a QBool which converts to a nullptr (when false) which isn’t comparable to the integer 0. Suffice to say I’ve spent more time reading KDE4-era code this month, than in the past two years.<br>
40403 However, work is proceeding apace, so if you really really want to, you can still get your old-school kicks on a new platform. Because we care about packaging things right, even when we want to get rid of it.</p>
40404 </blockquote>
40405
40406 <p><hr></p>
40407
40408 <p>###<a href="https://nanxiao.gitbooks.io/openbsd-netcat-demystified/">OpenBSD netcat demystified</a></p>
40409
40410 <blockquote>
40411 <p>Owing to its versatile functionalities, netcat earns the reputation as “TCP/IP Swiss army knife”. For example, you can create a simple chat app using netcat:</p>
40412 </blockquote>
40413
40414 <ul>
40415 <li>(1) Open a terminal and input following command:</li>
40416 </ul>
40417
40418 <p><code># nc -l 3003</code></p>
40419
40420 <blockquote>
40421 <p>This means a netcat process will listen on 3003 port in this machine (the IP address of current machine is 192.168.35.176).</p>
40422 </blockquote>
40423
40424 <ul>
40425 <li>(2) Connect aforemontioned netcat process in another machine, and send a greeting:</li>
40426 </ul>
40427
40428 <p><code># nc 192.168.35.176 3003</code><br>
40429 <code>hello</code></p>
40430
40431 <blockquote>
40432 <p>Then in the first machine’s terminal, you will see the “hello” text:</p>
40433 </blockquote>
40434
40435 <p><code># nc -l 3003</code><br>
40436 <code>hello</code></p>
40437
40438 <blockquote>
40439 <p>A primitive chatroom is built successfully. Very cool! Isn’t it? I think many people can’t wait to explore more features of netcatnow. If you are among them, congratulations! This tutorial may be the correct place for you.<br>
40440 In the following parts, I will delve into OpenBSD’s netcatcode to give a detailed anatomy of it. The reason of picking OpenBSD’s netcat rather than others’ is because its code repository is small (~2000 lines of code) and neat. Furthermore, I also hope this little book can assist you learn more socket programming knowledge not just grasping usage of netcat.<br>
40441 We’re all set. Let’s go!</p>
40442 </blockquote>
40443
40444 <p><hr></p>
40445
40446 <p>##Beastie Bits</p>
40447
40448 <ul>
40449 <li><a href="https://www.geeklan.co.uk/files/eurobsdcon2018.pdf">What’s in store for NetBSD 9.0</a></li>
40450 <li><a href="https://mail-index.netbsd.org/netbsd-advocacy/2018/09/25/msg000783.html">NetBSD machines at Open Source Conference 2018 Hiroshima</a></li>
40451 <li><a href="http://vincentdelft.be/post/post_20180922">nmctl adapted with limited privileges: nmctl-0.6.0</a></li>
40452 <li><a href="https://www.freebsdfoundation.org/blog/submit-your-work-check-out-scale-17x-and-fosdem-19-cfps/">Submit Your Work: Check out SCALE 17x and FOSDEM ’19 CFPs</a></li>
40453 <li><a href="https://www.openbsd.org/64.html">OpenBSD 6.4 site is up! (with a partial list of new features)</a></li>
40454 <li><a href="https://www.blackcatenterprises.us/using-alpine-to-read-your-email/">Using Alpine to Read Your Email on OpenBSD</a></li>
40455 </ul>
40456
40457 <p><hr></p>
40458
40459 <p>##Feedback/Questions</p>
40460
40461 <ul>
40462 <li>Morgan - <a href="http://dpaste.com/0EXPWQK#wrap">Send/Receive to Manage Fragmentation?</a></li>
40463 <li>Ryan - <a href="http://dpaste.com/0B6C0Y0">ZFS and mmap</a></li>
40464 <li>Marcus - <a href="http://dpaste.com/1DT26S8#wrap">Linux Compat</a></li>
40465 <li>Ben - <a href="http://dpaste.com/20GTHZE#wrap">Multiple Pools</a></li>
40466 </ul>
40467
40468 <p><hr></p>
40469
40470 <ul>
40471 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
40472 </ul>
40473
40474 <p><hr></p>]]>
40475 </content:encoded>
40476 <itunes:summary>
40477 <![CDATA[<p>6 metrics for zpool performance, 2FA with ssh on OpenBSD, ZFS maintaining file type information in dirs, everything old is new again, netcat demystified, and more.</p>
40478
40479 <p>##Headlines<br>
40480 ###<a href="https://www.ixsystems.com/blog/zfs-pool-performance-1/">Six Metrics for Measuring ZFS Pool Performance Part 1</a></p>
40481
40482 <blockquote>
40483 <p>The layout of a ZFS storage pool has a significant impact on system performance under various workloads. Given the importance of picking the right configuration for your workload and the fact that making changes to an in-use ZFS pool is far from trivial, it is important for an administrator to understand the mechanics of pool performance when designing a storage system.</p>
40484 </blockquote>
40485
40486 <ul>
40487 <li>To quantify pool performance, we will consider six primary metrics:</li>
40488 <li>Read I/O operations per second (IOPS)</li>
40489 <li>Write IOPS</li>
40490 <li>Streaming read speed</li>
40491 <li>Streaming write speed</li>
40492 <li>Storage space efficiency (usable capacity after parity versus total raw capacity)</li>
40493 <li>Fault tolerance (maximum number of drives that can fail before data loss)</li>
40494 <li>For the sake of comparison, we’ll use an example system with 12 drives, each one sized at 6TB, and say that each drive does 100MB/s streaming reads and writes and can do 250 read and write IOPS. We will visualize how the data is spread across the drives by writing 12 multi-colored blocks, shown below. The blocks are written to the pool starting with the brown block on the left (number one), and working our way to the pink block on the right (number 12).</li>
40495 </ul>
40496
40497 <blockquote>
40498 <p>Note that when we calculate data rates and IOPS values for the example system, they are only approximations. Many other factors can impact pool access speeds for better (compression, caching) or worse (poor CPU performance, not enough memory).<br>
40499 There is no single configuration that maximizes all six metrics. Like so many things in life, our objective is to find an appropriate balance of the metrics to match a target workload. For example, a cold-storage backup system will likely want a pool configuration that emphasizes usable storage space and fault tolerance over the other data-rate focused metrics.<br>
40500 Let’s start with a quick review of ZFS storage pools before diving into specific configuration options. ZFS storage pools are comprised of one or more virtual devices, or vdevs. Each vdev is comprised of one or more storage providers, typically physical hard disks. All disk-level redundancy is configured at the vdev level. That is, the RAID layout is set on each vdev as opposed to on the storage pool. Data written to the storage pool is then striped across all the vdevs. Because pool data is striped across the vdevs, the loss of any one vdev means total pool failure. This is perhaps the single most important fact to keep in mind when designing a ZFS storage system. We will circle back to this point in the next post, but keep it in mind as we go through the vdev configuration options.<br>
40501 Because storage pools are made up of one or more vdevs with the pool data striped over the top, we’ll take a look at pool configuration in terms of various vdev configurations. There are three basic vdev configurations: striping, mirroring, and RAIDZ (which itself has three different varieties). The first section will cover striped and mirrored vdevs in this post; the second post will cover RAIDZ and some example scenarios.<br>
40502 A striped vdev is the simplest configuration. Each vdev consists of a single disk with no redundancy. When several of these single-disk, striped vdevs are combined into a single storage pool, the total usable storage space would be the sum of all the drives. When you write data to a pool made of striped vdevs, the data is broken into small chunks called “blocks” and distributed across all the disks in the pool. The blocks are written in “round-robin” sequence, meaning after all the disks receive one row of blocks, called a stripe, it loops back around and writes another stripe under the first. A striped pool has excellent performance and storage space efficiency, but absolutely zero fault tolerance. If even a single drive in the pool fails, the entire pool will fail and all data stored on that pool will be lost.<br>
40503 The excellent performance of a striped pool comes from the fact that all of the disks can work independently for all read and write operations. If you have a bunch of small read or write operations (IOPS), each disk can work independently to fetch the next block. For streaming reads and writes, each disk can fetch the next block in line synchronized with its neighbors. For example, if a given disk is fetching block n, its neighbor to the left can be fetching block n-1, and its neighbor to the right can be fetching block n+1. Therefore, the speed of all read and write operations as well as the quantity of read and write operations (IOPS) on a striped pool will scale with the number of vdevs. Note here that I said the speeds and IOPS scale with the number of vdevs rather than the number of drives; there’s a reason for this and we’ll cover it in the next post when we discuss RAID-Z.<br>
40504 Here’s a summary of the total pool performance (where N is the number of disks in the pool):</p>
40505 </blockquote>
40506
40507 <ul>
40508 <li>N-wide striped:</li>
40509 <li>Read IOPS: N * Read IOPS of a single drive</li>
40510 <li>Write IOPS: N * Write IOPS of a single drive</li>
40511 <li>Streaming read speed: N * Streaming read speed of a single drive</li>
40512 <li>Streaming write speed: N * Streaming write speed of a single drive</li>
40513 <li>Storage space efficiency: 100%</li>
40514 <li>Fault tolerance: None!</li>
40515 </ul>
40516
40517 <blockquote>
40518 <p>Let’s apply this to our example system, configured with a 12-wide striped pool:</p>
40519 </blockquote>
40520
40521 <ul>
40522 <li>12-wide striped:</li>
40523 <li>Read IOPS: 3000</li>
40524 <li>Write IOPS: 3000</li>
40525 <li>Streaming read speed: 1200 MB/s</li>
40526 <li>Streaming write speed: 1200 MB/s</li>
40527 <li>Storage space efficiency: 72 TB</li>
40528 <li>Fault tolerance: None!</li>
40529 <li>Below is a visual depiction of our 12 rainbow blocks written to this pool configuration:</li>
40530 </ul>
40531
40532 <blockquote>
40533 <p>The blocks are simply striped across the 12 disks in the pool. The LBA column on the left stands for “Logical Block Address”. If we treat each disk as a column in an array, each LBA would be a row. It’s also easy to see that if any single disk fails, we would be missing a color in the rainbow and our data would be incomplete. While this configuration has fantastic read and write speeds and can handle a ton of IOPS, the data stored on the pool is very vulnerable. This configuration is not recommended unless you’re comfortable losing all of your pool’s data whenever any single drive fails.<br>
40534 A mirrored vdev consists of two or more disks. A mirrored vdev stores an exact copy of all the data written to it on each one of its drives. Traditional RAID-1 mirrors usually only support two drive mirrors, but ZFS allows for more drives per mirror to increase redundancy and fault tolerance. All disks in a mirrored vdev have to fail for the vdev, and thus the whole pool, to fail. Total storage space will be equal to the size of a single drive in the vdev. If you’re using mismatched drive sizes in your mirrors, the total size will be that of the smallest drive in the mirror.<br>
40535 Streaming read speeds and read IOPS on a mirrored vdev will be faster than write speeds and IOPS. When reading from a mirrored vdev, the drives can “divide and conquer” the operations, similar to what we saw above in the striped pool. This is because each drive in the mirror has an identical copy of the data. For write operations, all of the drives need to write a copy of the data, so the mirrored vdev will be limited to the streaming write speed and IOPS of a single disk.</p>
40536 </blockquote>
40537
40538 <blockquote>
40539 <p>Here’s a summary:</p>
40540 </blockquote>
40541
40542 <ul>
40543 <li>
40544 <p>N-way mirror:</p>
40545 </li>
40546 <li>
40547 <p>Read IOPS: N * Read IOPS of a single drive</p>
40548 </li>
40549 <li>
40550 <p>Write IOPS: Write IOPS of a single drive</p>
40551 </li>
40552 <li>
40553 <p>Streaming read speed: N * Streaming read speed of a single drive</p>
40554 </li>
40555 <li>
40556 <p>Streaming write speed: Streaming write speed of a single drive</p>
40557 </li>
40558 <li>
40559 <p>Storage space efficiency: 50% for 2-way, 33% for 3-way, 25% for 4-way, etc. [(N-1)/N]</p>
40560 </li>
40561 <li>
40562 <p>Fault tolerance: 1 disk per vdev for 2-way, 2 for 3-way, 3 for 4-way, etc. [N-1]</p>
40563 </li>
40564 <li>
40565 <p>For our first example configuration, let’s do something ridiculous and create a 12-way mirror. ZFS supports this kind of thing, but your management probably will not.</p>
40566 </li>
40567 <li>
40568 <p>1x 12-way mirror:</p>
40569 </li>
40570 <li>
40571 <p>Read IOPS: 3000</p>
40572 </li>
40573 <li>
40574 <p>Write IOPS: 250</p>
40575 </li>
40576 <li>
40577 <p>Streaming read speed: 1200 MB/s</p>
40578 </li>
40579 <li>
40580 <p>Streaming write speed: 100 MB/s</p>
40581 </li>
40582 <li>
40583 <p>Storage space efficiency: 8.3% (6 TB)</p>
40584 </li>
40585 <li>
40586 <p>Fault tolerance: 11</p>
40587 </li>
40588 </ul>
40589
40590 <blockquote>
40591 <p>As we can clearly see from the diagram, every single disk in the vdev gets a full copy of our rainbow data. The chainlink icons between the disk labels in the column headers indicate the disks are part of a single vdev. We can lose up to 11 disks in this vdev and still have a complete rainbow. Of course, the data takes up far too much room on the pool, occupying a full 12 LBAs in the data array.</p>
40592 </blockquote>
40593
40594 <blockquote>
40595 <p>Obviously, this is far from the best use of 12 drives. Let’s do something a little more practical and configure the pool with the ZFS equivalent of RAID-10. We’ll configure six 2-way mirror vdevs. ZFS will stripe the data across all 6 of the vdevs. We can use the work we did in the striped vdev section to determine how the pool as a whole will behave. Let’s first calculate the performance per vdev, then we can work on the full pool:</p>
40596 </blockquote>
40597
40598 <ul>
40599 <li>
40600 <p>1x 2-way mirror:</p>
40601 </li>
40602 <li>
40603 <p>Read IOPS: 500</p>
40604 </li>
40605 <li>
40606 <p>Write IOPS: 250</p>
40607 </li>
40608 <li>
40609 <p>Streaming read speed: 200 MB/s</p>
40610 </li>
40611 <li>
40612 <p>Streaming write speed: 100 MB/s</p>
40613 </li>
40614 <li>
40615 <p>Storage space efficiency: 50% (6 TB)</p>
40616 </li>
40617 <li>
40618 <p>Fault tolerance: 1</p>
40619 </li>
40620 <li>
40621 <p>Now we can pretend we have 6 drives with the performance statistics listed above and run them through our striped vdev performance calculator to get the total pool’s performance:</p>
40622 </li>
40623 <li>
40624 <p>6x 2-way mirror:</p>
40625 </li>
40626 <li>
40627 <p>Read IOPS: 3000</p>
40628 </li>
40629 <li>
40630 <p>Write IOPS: 1500</p>
40631 </li>
40632 <li>
40633 <p>Streaming read speed: 3000 MB/s</p>
40634 </li>
40635 <li>
40636 <p>Streaming write speed: 1500 MB/s</p>
40637 </li>
40638 <li>
40639 <p>Storage space efficiency: 50% (36 TB)</p>
40640 </li>
40641 <li>
40642 <p>Fault tolerance: 1 per vdev, 6 total</p>
40643 </li>
40644 <li>
40645 <p>Again, we will examine the configuration from a visual perspective:</p>
40646 </li>
40647 </ul>
40648
40649 <blockquote>
40650 <p>Each vdev gets a block of data and ZFS writes that data to all of (or in this case, both of) the disks in the mirror. As long as we have at least one functional disk in each vdev, we can retrieve our rainbow. As before, the chain link icons denote the disks are part of a single vdev. This configuration emphasizes performance over raw capacity but doesn’t totally disregard fault tolerance as our striped pool did. It’s a very popular configuration for systems that need a lot of fast I/O. Let’s look at one more example configuration using four 3-way mirrors. We’ll skip the individual vdev performance calculation and go straight to the full pool:</p>
40651 </blockquote>
40652
40653 <ul>
40654 <li>4x 3-way mirror:</li>
40655 <li>Read IOPS: 3000</li>
40656 <li>Write IOPS: 1000</li>
40657 <li>Streaming read speed: 3000 MB/s</li>
40658 <li>Streaming write speed: 400 MB/s</li>
40659 <li>Storage space efficiency: 33% (24 TB)</li>
40660 <li>Fault tolerance: 2 per vdev, 8 total</li>
40661 </ul>
40662
40663 <blockquote>
40664 <p>While we have sacrificed some write performance and capacity, the pool is now extremely fault tolerant. This configuration is probably not practical for most applications and it would make more sense to use lower fault tolerance and set up an offsite backup system.<br>
40665 Striped and mirrored vdevs are fantastic for access speed performance, but they either leave you with no redundancy whatsoever or impose at least a 50% penalty on the total usable space of your pool. In the next post, we will cover RAIDZ, which lets you keep data redundancy without sacrificing as much storage space efficiency. We’ll also look at some example workload scenarios and decide which layout would be the best fit for each.</p>
40666 </blockquote>
40667
40668 <p><hr></p>
40669
40670 <p>###<a href="https://chown.me/blog/2FA-with-ssh-on-OpenBSD.html">2FA with ssh on OpenBSD</a></p>
40671
40672 <blockquote>
40673 <p>Five years ago I wrote about using a yubikey on OpenBSD. The only problem with doing this is that there’s no validation server available on OpenBSD, so you need to use a different OTP slot for each machine. (You don’t want to risk a replay attack if someone succeeds in capturing an OTP on one machine, right?) Yubikey has two OTP slots per device, so you would need a yubikey for every two machines with which you’d like to use it. You could use a bastion—and use only one yubikey—but I don’t like the SPOF aspect of a bastion. YMMV.<br>
40674 After I played with TOTP, I wanted to use them as a 2FA for ssh. At the time of writing, we can’t do that using only the tools in base. This article focuses on OpenBSD; if you use another operating system, here are two handy links.</p>
40675 </blockquote>
40676
40677 <ul>
40678 <li>SEED CONFIGURATION</li>
40679 </ul>
40680
40681 <blockquote>
40682 <p>The first thing we need to do is to install the software which will be used to verify the OTPs we submit.</p>
40683 </blockquote>
40684
40685 <p><code># pkg_add login_oath</code></p>
40686
40687 <blockquote>
40688 <p>We need to create a secret - aka, the seed - that will be used to calculate the Time-based One-Time Passwords. We should make sure no one can read or change it.</p>
40689 </blockquote>
40690
40691 <p><code>$ openssl rand -hex 20 > ~/.totp-key</code><br>
40692 <code>$ chmod 400 ~/.totp-key</code></p>
40693
40694 <blockquote>
40695 <p>Now we have a hexadecimal key, but apps usually want a base32 secret. I initially wrote a small script to do the conversion.<br>
40696 While writing this article, I took the opportunity to improve it. When I initially wrote this utility for my use, python-qrcode hadn’t yet been imported to the OpenBSD ports/packages system. It’s easy to install now, so let’s use it.<br>
40697 Here’s the improved version. It will ask for the hex key and output the secret as a base32-encoded string, both with and without spacing so you can copy-paste it into your password manager or easily retype it. It will then ask for the information needed to generate a QR code. Adding our new OTP secret to any mobile app using the QR code will be super easy!</p>
40698 </blockquote>
40699
40700 <ul>
40701 <li>SYSTEM CONFIGURATION</li>
40702 </ul>
40703
40704 <blockquote>
40705 <p>We can now move to the configuration of the system to put our new TOTP to use. As you might guess, it’s going to be quite close to what we did with the yubikey.<br>
40706 We need to tweak login.conf. Be careful and keep a root shell open at all times. The few times I broke my OpenBSD were because I messed with login.conf without showing enough care.</p>
40707 </blockquote>
40708
40709 <ul>
40710 <li>SSHD CONFIGURATION</li>
40711 </ul>
40712
40713 <blockquote>
40714 <p>Again, keeping a root shell around decreases the risk of losing access to the system and being locked outside.<br>
40715 A good standard is to use PasswordAuthentication no and to use public key only. Except… have a guess what the P stands for in TOTP. Yes, congrats, you guessed it!<br>
40716 We need to switch to PasswordAuthentication yes. However, if we made this change alone, sshd would then accept a public key OR a password (which are TOTP because of our login.conf). 2FA uses both at the same time.<br>
40717 To inform sshd we intend to use both, we need to set AuthenticationMethods publickey,password. This way, the user trying to login will first need to perform the traditional publickey authentication. Once that’s done, ssh will prompt for a password and the user will need to submit a valid TOTP for the system.<br>
40718 We could do this the other way around, but I think bots could try passwords, wasting resources. Evaluated in this order, failing to provide a public key leads to sshd immediately declining your attempt.</p>
40719 </blockquote>
40720
40721 <ul>
40722 <li>IMPROVING SECURITY WITHOUT IMPACTING UX</li>
40723 </ul>
40724
40725 <blockquote>
40726 <p>My phone has a long enough password that most of the time, I fail to type it correctly on the first try. Of course, if I had to unlock my phone, launch my TOTP app and use my keyboard to enter what I see on my phone’s screen, I would quickly disable 2FA.<br>
40727 To find a balance, I have whitelisted certain IP addresses and users. If I connect from a particular IP address or as a specific user, I don’t want to go through 2FA. For some users, I might not even enable 2FA.<br>
40728 To sum up, we covered how to create a seed, how to perform a hexadecimal to base32 conversion and how to create a QR code for mobile applications. We configured the login system with login.conf so that ssh authentication uses the TOTP login system, and we told sshd to ask for both the public key and the Time-based One-Time Password. Now you should be all set to use two-factor ssh authentication on OpenBSD!</p>
40729 </blockquote>
40730
40731 <p><hr></p>
40732
40733 <p>##News Roundup<br>
40734 ###<a href="https://utcc.utoronto.ca/~cks/space/blog/solaris/ZFSAndDirectoryDType">How ZFS maintains file type information in directories</a></p>
40735
40736 <blockquote>
40737 <p>As an aside in yesterday’s history of file type information being available in Unix directories, I mentioned that it was possible for a filesystem to support this even though its Unix didn’t. By supporting it, I mean that the filesystem maintains this information in its on disk format for directories, even though the rest of the kernel will never ask for it. This is what ZFS does.<br>
40738 The easiest way to see that ZFS does this is to use zdb to dump a directory. I’m going to do this on an OmniOS machine, to make it more convincing, and it turns out that this has some interesting results. Since this is OmniOS, we don’t have the convenience of just naming a directory in zdb, so let’s find the root directory of a filesystem, starting from dnode 1 (as seen before).</p>
40739 </blockquote>
40740
40741 <p><code># zdb -dddd fs3-corestaff-01/h/281 1</code><br>
40742 <code>Dataset [....]</code><br>
40743 <code>[...]</code><br>
40744 <code>microzap: 512 bytes, 4 entries</code><br>
40745 <code>[...]</code><br>
40746 <code>ROOT = 3</code><br>
40747 <code></code><br>
40748 <code># zdb -dddd fs3-corestaff-01/h/281 3</code><br>
40749 <code>Object lvl iblk dblk dsize lsize %full type</code><br>
40750 <code>3 1 16K 1K 8K 1K 100.00 ZFS directory</code><br>
40751 <code>[...]</code><br>
40752 <code>microzap: 1024 bytes, 8 entries</code><br>
40753 <code></code><br>
40754 <code>RESTORED = 4396504 (type: Directory)</code><br>
40755 <code>ckstst = 12017 (type: not specified)</code><br>
40756 <code>ckstst3 = 25069 (type: Directory)</code><br>
40757 <code>.demo-file = 5832188 (type: Regular File)</code><br>
40758 <code>.peergroup = 12590 (type: not specified)</code><br>
40759 <code>cks = 5 (type: not specified)</code><br>
40760 <code>cksimap1 = 5247832 (type: Directory)</code><br>
40761 <code>.diskuse = 12016 (type: not specified)</code><br>
40762 <code>ckstst2 = 12535 (type: not specified)</code></p>
40763
40764 <blockquote>
40765 <p>This is actually an old filesystem (it dates from Solaris 10 and has been transferred around with ‘zfs send | zfs recv’ since then), but various home directories for real and test users have been created in it over time (you can probably guess which one is the oldest one). Sufficiently old directories and files have no file type information, but more recent ones have this information, including .demo-file, which I made just now so this would have an entry that was a regular file with type information.<br>
40766 Once I dug into it, this turned out to be a change introduced (or activated) in ZFS filesystem version 2, which is described in ‘zfs upgrade -v’ as ‘enhanced directory entries’. As an actual change in (Open)Solaris, it dates from mid 2007, although I’m not sure what Solaris release it made it into. The upshot is that if you made your ZFS filesystem any time in the last decade, you’ll have this file type information in your directories.<br>
40767 How ZFS stores this file type information is interesting and clever, especially when it comes to backwards compatibility. I’ll start by quoting the comment from zfs_znode.h:</p>
40768 </blockquote>
40769
40770 <p><code>/*</code><br>
40771 <code>* The directory entry has the type (currently unused on</code><br>
40772 <code>* Solaris) in the top 4 bits, and the object number in</code><br>
40773 <code>* the low 48 bits. The "middle" 12 bits are unused.</code><br>
40774 <code>*/</code></p>
40775
40776 <blockquote>
40777 <p>In yesterday’s entry I said that Unix directory entries need to store at least the filename and the inode number of the file. What ZFS is doing here is reusing the 64 bit field used for the ‘inode’ (the ZFS dnode number) to also store the file type, because it knows that object numbers have only a limited range. This also makes old directory entries compatible, by making type 0 (all 4 bits 0) mean ‘not specified’. Since old directory entries only stored the object number and the object number is 48 bits or less, the higher bits are guaranteed to be all zero.<br>
40778 The reason this needed a new ZFS filesystem version is now clear. If you tried to read directory entries with file type information on a version of ZFS that didn’t know about them, the old version would likely see crazy (and non-existent) object numbers and nothing would work. In order to even read a ‘file type in directory entries’ filesystem, you need to know to only look at the low 48 bits of the object number field in directory entries.</p>
40779 </blockquote>
40780
40781 <p><hr></p>
40782
40783 <p>###<a href="https://euroquis.nl/bobulate/?p=1976">Everything old is new again</a></p>
40784
40785 <blockquote>
40786 <p>Just because KDE4-era software has been deprecated by the KDE-FreeBSD team in the official ports-repository, doesn’t mean we don’t care for it while we still need to. KDE4 was released on January 11th, 2008 — I still have the T-shirt — which was a very different C++ world than what we now live in. Much of the code pre-dates the availability of C<ins>11 — certainly the availability of compilers with C</ins>11 support. The language has changed a great deal in those ten years since the original release.<br>
40787 The platforms we run KDE code on have, too — FreeBSD 12 is a long way from the FreeBSD 6 or 7 that were current at release (although at the time, I was more into OpenSolaris). In particular, since then the FreeBSD world has switched over to Clang, and FreeBSD current is experimenting with Clang 7. So we’re seeing KDE4-era code being built, and running, on FreeBSD 12 with Clang 7. That’s a platform with a very different idea of what constitutes correct code, than what the code was originally written for. (Not quite as big a difference as Helio’s KDE1 efforts, though)<br>
40788 So, while we’re counting down to removing KDE4 from the FreeBSD ports tree, we’re also going through and fixing it to work with Clang 7, which defaults to a newer C++ standard and which is quite picky about some things. Some time in the distant past, when pointers were integers and NULL was zero, there was some confusion about booleans. So there’s lots of code that does list.contains(element) > 0 … this must have been a trick before booleans were a supported type in all our compilers. In any case it breaks with Clang 7, since contains() returns a QBool which converts to a nullptr (when false) which isn’t comparable to the integer 0. Suffice to say I’ve spent more time reading KDE4-era code this month, than in the past two years.<br>
40789 However, work is proceeding apace, so if you really really want to, you can still get your old-school kicks on a new platform. Because we care about packaging things right, even when we want to get rid of it.</p>
40790 </blockquote>
40791
40792 <p><hr></p>
40793
40794 <p>###<a href="https://nanxiao.gitbooks.io/openbsd-netcat-demystified/">OpenBSD netcat demystified</a></p>
40795
40796 <blockquote>
40797 <p>Owing to its versatile functionalities, netcat earns the reputation as “TCP/IP Swiss army knife”. For example, you can create a simple chat app using netcat:</p>
40798 </blockquote>
40799
40800 <ul>
40801 <li>(1) Open a terminal and input following command:</li>
40802 </ul>
40803
40804 <p><code># nc -l 3003</code></p>
40805
40806 <blockquote>
40807 <p>This means a netcat process will listen on 3003 port in this machine (the IP address of current machine is 192.168.35.176).</p>
40808 </blockquote>
40809
40810 <ul>
40811 <li>(2) Connect aforemontioned netcat process in another machine, and send a greeting:</li>
40812 </ul>
40813
40814 <p><code># nc 192.168.35.176 3003</code><br>
40815 <code>hello</code></p>
40816
40817 <blockquote>
40818 <p>Then in the first machine’s terminal, you will see the “hello” text:</p>
40819 </blockquote>
40820
40821 <p><code># nc -l 3003</code><br>
40822 <code>hello</code></p>
40823
40824 <blockquote>
40825 <p>A primitive chatroom is built successfully. Very cool! Isn’t it? I think many people can’t wait to explore more features of netcatnow. If you are among them, congratulations! This tutorial may be the correct place for you.<br>
40826 In the following parts, I will delve into OpenBSD’s netcatcode to give a detailed anatomy of it. The reason of picking OpenBSD’s netcat rather than others’ is because its code repository is small (~2000 lines of code) and neat. Furthermore, I also hope this little book can assist you learn more socket programming knowledge not just grasping usage of netcat.<br>
40827 We’re all set. Let’s go!</p>
40828 </blockquote>
40829
40830 <p><hr></p>
40831
40832 <p>##Beastie Bits</p>
40833
40834 <ul>
40835 <li><a href="https://www.geeklan.co.uk/files/eurobsdcon2018.pdf">What’s in store for NetBSD 9.0</a></li>
40836 <li><a href="https://mail-index.netbsd.org/netbsd-advocacy/2018/09/25/msg000783.html">NetBSD machines at Open Source Conference 2018 Hiroshima</a></li>
40837 <li><a href="http://vincentdelft.be/post/post_20180922">nmctl adapted with limited privileges: nmctl-0.6.0</a></li>
40838 <li><a href="https://www.freebsdfoundation.org/blog/submit-your-work-check-out-scale-17x-and-fosdem-19-cfps/">Submit Your Work: Check out SCALE 17x and FOSDEM ’19 CFPs</a></li>
40839 <li><a href="https://www.openbsd.org/64.html">OpenBSD 6.4 site is up! (with a partial list of new features)</a></li>
40840 <li><a href="https://www.blackcatenterprises.us/using-alpine-to-read-your-email/">Using Alpine to Read Your Email on OpenBSD</a></li>
40841 </ul>
40842
40843 <p><hr></p>
40844
40845 <p>##Feedback/Questions</p>
40846
40847 <ul>
40848 <li>Morgan - <a href="http://dpaste.com/0EXPWQK#wrap">Send/Receive to Manage Fragmentation?</a></li>
40849 <li>Ryan - <a href="http://dpaste.com/0B6C0Y0">ZFS and mmap</a></li>
40850 <li>Marcus - <a href="http://dpaste.com/1DT26S8#wrap">Linux Compat</a></li>
40851 <li>Ben - <a href="http://dpaste.com/20GTHZE#wrap">Multiple Pools</a></li>
40852 </ul>
40853
40854 <p><hr></p>
40855
40856 <ul>
40857 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
40858 </ul>
40859
40860 <p><hr></p>]]>
40861 </itunes:summary>
40862 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+tDconsoz</fireside:playerURL>
40863 <fireside:playerEmbedCode>
40864 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+tDconsoz" width="740" height="200" frameborder="0" scrolling="no">]]>
40865 </fireside:playerEmbedCode>
40866 </item>
40867 <item>
40868 <title>Episode 267: Absolute FreeBSD | BSD Now 267</title>
40869 <link>https://www.bsdnow.tv/267</link>
40870 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-2689</guid>
40871 <pubDate>Wed, 10 Oct 2018 03:00:00 -0700</pubDate>
40872 <author>Allan Jude</author>
40873 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/065b608e-9204-46f2-a689-63ccf08c58a2.mp3" length="40763471" type="audio/mp3"/>
40874 <itunes:episodeType>full</itunes:episodeType>
40875 <itunes:author>Allan Jude</itunes:author>
40876 <itunes:subtitle>We have a long interview with fiction and non-fiction author Michael W. Lucas for you this week as well as questions from the audience.</itunes:subtitle>
40877 <itunes:duration>1:07:38</itunes:duration>
40878 <itunes:explicit>no</itunes:explicit>
40879 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
40880 <description>We have a long interview with fiction and non-fiction author Michael W. Lucas for you this week as well as questions from the audience.
40881 <p>##Headlines<br>
40882 Interview - Michael W. Lucas - <a href="mailto:mwlucas@michaelwlucas.com">mwlucas@michaelwlucas.com</a> / <a href="https://twitter.com/mwlauthor">@mwlauthor</a></p>
40883 <ul>
40884 <li>BR: [Welcome Back]</li>
40885 <li>AJ: What have you been doing since last we talked to you [ed, ssh, and af3e]</li>
40886 <li>BR: Tell us more about AF3e</li>
40887 <li>AJ: How did the first Absolute FreeBSD come about?</li>
40888 <li>BR: Do you have anything special planned for MeetBSD?</li>
40889 <li>AJ: What are you working on now? [FM:Jails, Git sync Murder]</li>
40890 <li>BR: What are your plans for next year?</li>
40891 <li>AJ: How has SEMIBug been going?</li>
40892 </ul>
40893 <p>Auction at <a href="https://mwl.io">https://mwl.io</a><br>
40894 Patreon Link:</p>
40895 <hr>
40896 <p>##Feedback/Questions</p>
40897 <ul>
40898 <li>Paul - <a href="http://dpaste.com/0Q6C25T#wrap">Recent bhyve related videos (daemon)</a></li>
40899 <li>Michael - <a href="http://dpaste.com/1YTR9FZ">freebsd-update question</a></li>
40900 <li>Sigflup - <a href="http://dpaste.com/3799BBX#wrap">pkg file search</a></li>
40901 </ul>
40902 <hr>
40903 <ul>
40904 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
40905 </ul>
40906 <hr>
40907 </description>
40908 <itunes:keywords>freebsd,openbsd,netbsd,dragonflybsd,trueos,trident,hardenedbsd,tutorial,howto,guide,bsd,interview,netcat,kde yubikey,2fa,ssh,zfs,performance</itunes:keywords>
40909 <content:encoded>
40910 <![CDATA[<p>We have a long interview with fiction and non-fiction author Michael W. Lucas for you this week as well as questions from the audience.</p>
40911
40912 <p>##Headlines<br>
40913 ##Interview - Michael W. Lucas - <a href="mailto:mwlucas@michaelwlucas.com">mwlucas@michaelwlucas.com</a> / <a href="https://twitter.com/mwlauthor">@mwlauthor</a></p>
40914
40915 <ul>
40916 <li>BR: [Welcome Back]</li>
40917 <li>AJ: What have you been doing since last we talked to you [ed, ssh, and af3e]</li>
40918 <li>BR: Tell us more about AF3e</li>
40919 <li>AJ: How did the first Absolute FreeBSD come about?</li>
40920 <li>BR: Do you have anything special planned for MeetBSD?</li>
40921 <li>AJ: What are you working on now? [FM:Jails, Git sync Murder]</li>
40922 <li>BR: What are your plans for next year?</li>
40923 <li>AJ: How has SEMIBug been going?</li>
40924 </ul>
40925
40926 <p>Auction at <a href="https://mwl.io">https://mwl.io</a><br>
40927 Patreon Link:</p>
40928
40929 <p><hr></p>
40930
40931 <p>##Feedback/Questions</p>
40932
40933 <ul>
40934 <li>Paul - <a href="http://dpaste.com/0Q6C25T#wrap">Recent bhyve related videos (daemon)</a></li>
40935 <li>Michael - <a href="http://dpaste.com/1YTR9FZ">freebsd-update question</a></li>
40936 <li>Sigflup - <a href="http://dpaste.com/3799BBX#wrap">pkg file search</a></li>
40937 </ul>
40938
40939 <p><hr></p>
40940
40941 <ul>
40942 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
40943 </ul>
40944
40945 <p><hr></p>]]>
40946 </content:encoded>
40947 <itunes:summary>
40948 <![CDATA[<p>We have a long interview with fiction and non-fiction author Michael W. Lucas for you this week as well as questions from the audience.</p>
40949
40950 <p>##Headlines<br>
40951 ##Interview - Michael W. Lucas - <a href="mailto:mwlucas@michaelwlucas.com">mwlucas@michaelwlucas.com</a> / <a href="https://twitter.com/mwlauthor">@mwlauthor</a></p>
40952
40953 <ul>
40954 <li>BR: [Welcome Back]</li>
40955 <li>AJ: What have you been doing since last we talked to you [ed, ssh, and af3e]</li>
40956 <li>BR: Tell us more about AF3e</li>
40957 <li>AJ: How did the first Absolute FreeBSD come about?</li>
40958 <li>BR: Do you have anything special planned for MeetBSD?</li>
40959 <li>AJ: What are you working on now? [FM:Jails, Git sync Murder]</li>
40960 <li>BR: What are your plans for next year?</li>
40961 <li>AJ: How has SEMIBug been going?</li>
40962 </ul>
40963
40964 <p>Auction at <a href="https://mwl.io">https://mwl.io</a><br>
40965 Patreon Link:</p>
40966
40967 <p><hr></p>
40968
40969 <p>##Feedback/Questions</p>
40970
40971 <ul>
40972 <li>Paul - <a href="http://dpaste.com/0Q6C25T#wrap">Recent bhyve related videos (daemon)</a></li>
40973 <li>Michael - <a href="http://dpaste.com/1YTR9FZ">freebsd-update question</a></li>
40974 <li>Sigflup - <a href="http://dpaste.com/3799BBX#wrap">pkg file search</a></li>
40975 </ul>
40976
40977 <p><hr></p>
40978
40979 <ul>
40980 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
40981 </ul>
40982
40983 <p><hr></p>]]>
40984 </itunes:summary>
40985 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+VV3UYOcT</fireside:playerURL>
40986 <fireside:playerEmbedCode>
40987 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+VV3UYOcT" width="740" height="200" frameborder="0" scrolling="no">]]>
40988 </fireside:playerEmbedCode>
40989 </item>
40990 <item>
40991 <title>Episode 266: File Type History | BSD Now 266</title>
40992 <link>https://www.bsdnow.tv/266</link>
40993 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-2661</guid>
40994 <pubDate>Wed, 03 Oct 2018 10:00:00 -0700</pubDate>
40995 <author>Allan Jude</author>
40996 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/04e29e6e-69af-4d6a-9e57-2caa87aaeb48.mp3" length="45192669" type="audio/mp3"/>
40997 <itunes:episodeType>full</itunes:episodeType>
40998 <itunes:author>Allan Jude</itunes:author>
40999 <itunes:subtitle>Running OpenBSD/NetBSD on FreeBSD using grub2-bhyve, vermaden’s FreeBSD story, thoughts on OpenBSD on the desktop, history of file type info in Unix dirs, Multiboot a Pinebook KDE neon image, and more.</itunes:subtitle>
41000 <itunes:duration>1:15:00</itunes:duration>
41001 <itunes:explicit>no</itunes:explicit>
41002 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
41003 <description>Running OpenBSD/NetBSD on FreeBSD using grub2-bhyve, vermaden’s FreeBSD story, thoughts on OpenBSD on the desktop, history of file type info in Unix dirs, Multiboot a Pinebook KDE neon image, and more.
41004 <p>##Headlines<br>
41005 <a href="https://oshogbo.vexillium.org/blog/53/">OpenBSD/NetBSD on FreeBSD using grub2-bhyve</a></p>
41006 <blockquote>
41007 <p>When I was writing a blog post about the process title, I needed a couple of virtual machines with OpenBSD, NetBSD, and Ubuntu. Before that day I mainly used FreeBSD and Windows with bhyve. I spent some time trying to set up an OpenBSD using bhyve and UEFI as described here. I had numerous problems trying to use it, and this was the day I discovered the grub2-bhyve tool, and I love it!<br>
41008 The grub2-bhyve allows you to load a kernel using GRUB bootloader. GRUB supports most of the operating systems with a standard configuration, so exactly the same method can be used to install NetBSD or Ubuntu. First, let’s install grub2-bhyve on our FreeBSD box:</p>
41009 </blockquote>
41010 <p><code># pkg install grub2-bhyve</code></p>
41011 <blockquote>
41012 <p>To run grub2-bhyve we need to provide at least the name of the VM. In bhyve, if the memsize is not specified the default VM is created with 256MB of the memory.</p>
41013 </blockquote>
41014 <p><code># grub-bhyve test</code><br>
41015 <code>GNU GRUB version 2.00</code><br>
41016 <code>Minimal BASH-like line editing is supported. For the first word, TAB lists possible command</code><br>
41017 <code>completions. Anywhere else TAB lists possible device or file completions.</code><br>
41018 <code></code><br>
41019 <code></code><br>
41020 <code>grub&gt;</code></p>
41021 <blockquote>
41022 <p>After running grub-bhyve command we will enter the GRUB loader. If we type the ls command, we will see all the available devices. In the case of the grub2-bhyve there is one additional device called “(host)” that is always available and allows the host filesystem to be accessed. We can list files under that device.</p>
41023 </blockquote>
41024 <p><code>grub&gt; ls</code><br>
41025 <code>(host)</code><br>
41026 <code>grub&gt; ls (host)/</code><br>
41027 <code>libexec/ bin/ usr/ bhyve/ compat/ tank/ etc/ boot/ net/ entropy proc/ lib/ root/ sys/ mnt/ rescue/ tmp/ home/ sbin/ media/ jail/ COPYRIGHT var/ dev/</code><br>
41028 <code>grub&gt;</code></p>
41029 <blockquote>
41030 <p>To exit console simply type ‘reboot’. I would like to install my new operating system under a ZVOL <code>ztank/bhyve/post</code>. On another terminal, we create:</p>
41031 </blockquote>
41032 <p><code># zfs create -V 10G ztank/bhyve/post</code></p>
41033 <blockquote>
41034 <p>If you don’t use ZFS for some crazy reason you can also create a raw blob using the truncate(1) command.</p>
41035 </blockquote>
41036 <p><code># truncate -s 10G post.img</code></p>
41037 <blockquote>
41038 <p>I recommend installing an operating system from the disk image (installXX.fs for OpenBSD and NetBSD-X.X-amd64-install.img for NetBSD). Now we need to create a device map for a GRUB.</p>
41039 </blockquote>
41040 <p><code>cat &gt; /tmp/post.map &lt;&lt; EOF</code><br>
41041 <code>(hd0) /directory/to/disk/image</code><br>
41042 <code>(hd1) /dev/zvol/ztank/bhyve/post</code><br>
41043 <code>EOF</code></p>
41044 <blockquote>
41045 <p>The mapping files describe the names for files in the GRUB. In our case under hd0 we will have an installation image and in hd1 we will have our ZVOL/blob. You can also try to use an ISO image then instead of using hd0 device name use a cd0. When we will run the grub-bhyve command we will see two additional devices.</p>
41046 </blockquote>
41047 <p><code># grub-bhyve -m /tmp/post.map post</code><br>
41048 <code>grub&gt; ls</code><br>
41049 <code>(hd0) (hd0,msdos4) (hd0,msdos1) (hd0,openbsd9) (hd0,openbsd1) (hd1) (host)</code></p>
41050 <blockquote>
41051 <p>The hd0 (in this example OpenBSD image) contains multiple partitions. We can check what is on it.</p>
41052 </blockquote>
41053 <p><code>grub&gt; ls (hd0,msdos4)/</code><br>
41054 <code>boot bsd 6.4/ etc/</code></p>
41055 <blockquote>
41056 <p>And this is the partition that contains a kernel. Now we can set a root device, load an OpenBSD kernel and boot:</p>
41057 </blockquote>
41058 <p><code>grub&gt; set root=(hd0,msdos4)</code><br>
41059 <code>grub&gt; kopenbsd -h com0 -r sd0a /bsd</code><br>
41060 <code>grub&gt; boot</code></p>
41061 <blockquote>
41062 <p>After that, we can run bhyve virtual machine. In my case it is:</p>
41063 </blockquote>
41064 <p><code># bhyve -c 1 -w -u -H \</code><br>
41065 <code>-s 0,amd_hostbridge \</code><br>
41066 <code>-s 3,ahci-hd,/directory/to/disk/image \</code><br>
41067 <code>-s 4,ahci-hd,/dev/zvol/ztank/bhyve/post \</code><br>
41068 <code>-s 31,lpc -l com1,stdio \</code><br>
41069 <code>post</code></p>
41070 <blockquote>
41071 <p>Unfortunately explaining the whole bhyve(8) command line is beyond this article. After installing the operating system remove hd0 from the mapping file and the image from the bhyve(8) command. If you don’t want to type all those GRUB commands, you can simply redirect them to the standard input.</p>
41072 </blockquote>
41073 <p><code>cat &lt;&lt; EOF | grub-bhyve -m /tmp/post.map -M 512 post</code><br>
41074 <code>set root=(hd0,4)</code><br>
41075 <code>kopenbsd -h com0 -r sd0a /bsd</code><br>
41076 <code>boot</code><br>
41077 <code>EOF</code></p>
41078 <hr>
41079 <p>###<a href="https://vermaden.wordpress.com/2018/09/07/my-freebsd-story/">My FreeBSD Story</a></p>
41080 <blockquote>
41081 <p>My first devices/computers/consoles (not at the same time) that I remember were Atari 2600 and Pegasus console which was hardware clone of the Nintendo NES.<br>
41082 Back then I did not even knew that it was Atari 2600 as I referred to it as Video Computer System … and I did not even knew any english by then. It took me about two decades to get to know (by accident) that this Video Computer System was Atari 2600<br>
41083 Then I got AMIGA 600 computer (or should I say my parents bought it for me) which served both for playing computer games and also other activities for the first time. AMIGA is the computer that had the greatest influence on me, as it was the first time I studied the books about Amiga Workbench operating system and learned commands from Amiga Shell terminal. I loved the idea of Ram Disk icon/directory on the desktop that allowed me to transparently put any things in system memory. I still miss that concept on today’s desktop systems … and I still remember how dismal I was when I watched Amiga Deathbed Vigil movie.<br>
41084 At the end of 1998 I got my first PC that of course came with Windows and that computer served both as gaming machine and as well as typical tool. One time I dig into the internals with Windows Registry (which left me disgusted by its concepts and implementation) and its limited command line interface provided by CMD.EXE executable. I remember that the heart of this box was not the CPU or the motherboard but the graphics accelerator – the legendary 3Dfx Voodoo card. This company (3Dfx) – their attitude and philosophy – also left solid fingerprint on my way. Like AMIGA did.<br>
41085 After ‘migration’ from AMIGA to PC it never again ‘felt right’. The games were cool but the Windows system was horrible. Time has passed and different Windows versions and hardware modifications took place. Windows XP felt really heavy at that time, not to mention Windows 2000 for example with even bigger hardware requirements. I also do not understand all the hate about Windows ME. It crashed with the same frequency as Windows 98 or later Windows 98 Second Edition but maybe my hardware was different ??<br>
41086 I do not have any ‘mine’ screenshots from that period as I lost all my 40 GB (huge then) drive of data when I moved/resized the partition with Partition Magic to get some more space from the less filled C: drive. That day I learned hard that “there are people who do backups and people who will do backups”. I never lost data again as I had multiple copies of my data, but the same as Netheril fall the lost data was was gone forever.<br>
41087 I always followed various alternatives which led me to try Linux in 2003, after reading about various distributions philosophies I decided to run Slackware Linux with KDE 3. My buddy used Aurox Linux by then (one of the few Linux distributions from Poland) and encouraged me to do the same – especially in the context of fixing possible problems as he already knew it and also as he recently dumped Windows system. But Slackware sounded like a better idea so I took that path instead. At first I dual booted between Windows XP and Slackware Linux cause I had everything worked out on the Windows world while I often felt helpless in the Linux world, so I would reboot into Windows to play some games or find a solution for Linux problem if that was required. I remember how strange the concept of dual clipboards (PRIMARY and SECONDARY) was for me by then. I was amazed why ‘so much better’ system as Linux (at least marketed that way) needs a system tray program to literally manage the clipboard. On Windows it was obvious, you do [CTRL]+[C] to copy and [CTRL]+[V] to paste things, but on Linux there (no I know its X11 feature) there were two clipboards that were synchronized by this little system tray program from KDE 3. It was also unthinkable for me that I will ‘lost’ contents of last/recent [CTRL]+[C] operation if I close the application from which the copy was made. I settled down a little on Slackware but not for long. I really did not liked manual dependency management for packages for example. Also KDE 3 was really ugly and despite trying all possible options I was not able to tweak it into something nice looking.<br>
41088 After half a year on Slackware I checked the Linux distributions again and decided to try Gentoo Linux. I definitely agree with the image below which visualizes Gentoo Linux experience, especially when You install it for he first time ??<br>
41089 Of course I went with the most hardcore version with self building Stage 1 (compiler and toolchain) which was horrible idea at that time because compilation on slow single core machine took forever … but after many hours I got Gentoo installed. I now have to decide which desktop environment to use. I have read a lot of good news about Fluxbox at that time so this is what I tried. It was very weird experience (to create everything in GUI from scratch) but very pleasant one. That recalled me the times of AMIGA … but Linux came in the way too much often. The more I dig into Gentoo Linux the more I read that lots of Gentoo features are based on FreeBSD solutions. Gentoo Portage is a clone of FreeBSD Ports. That ‘central’ /etc/rc.conf system configuration file concept was taken from FreeBSD as well. So I started to gather information about FreeBSD. The (then) FreeBSD website or FreeBSD Ports site (still) felt little outdated to say the least but that did not discouraged me.<br>
41090 Somewhere in 2005 I installed FreeBSD 5.4 on my computer. The beginnings were hard, like the earlier step with Gentoo but similarly like Gentoo the FreeBSD project came with a lot of great documentation. While Gentoo documentation is concentrated within various Gentoo Wiki sites the FreeBSD project comes with ‘official’ documentation in the form of Handbook and FAQ. I remember my first questions at the now nonexistent <a href="http://BSDForums.org">BSDForums.org</a> site – for example one of the first ones – how to scroll the terminal output in the plain console. I now know that I had to push Scroll Lock button but it was something totally new for me.<br>
41091 Why FreeBSD and not OpenBSD or NetBSD? Probably because Gentoo based most their concepts on the FreeBSD solutions, so that led me to FreeBSD instead of the other BSD operating systems. Currently I still use FreeBSD but I keep an steady eye on the OpenBSD, HardenedBSD and DragonFly BSD solutions and improvements.<br>
41092 As the migration path from Linux to FreeBSD is a lot easier – all configuration files from /home can be just copied – the migration was quite fast easy. I again had the Fluxbox configuration which I used on the Gentoo. Now – on FreeBSD – it started to fell even more like AMIGA times. Everything is/has been well thought and had its place and reason. The documentation was good and the FreeBSD Community was second to none.<br>
41093 After 15 years of using various Windows, UNIX (macOS/AIX/HP-UX/Solaris/OpenSolaris/Illumos/FreeBSD/OpenBSD/NetBSD) and UNIX-like (Linux) systems I always come to conclusion that FreeBSD is the system that sucks least. And sucks least with each release and one day I will write why FreeBSD is such great operating system … if I already haven’t</p>
41094 </blockquote>
41095 <hr>
41096 <p>##News Roundup<br>
41097 <a href="https://blog.gsora.xyz/openbsd-on-the-desktop-some-thoughts/">OpenBSD on the Desktop: some thoughts</a></p>
41098 <blockquote>
41099 <p>I’ve been using OpenBSD on my ThinkPad X230 for some weeks now, and the experience has been peculiar in some ways.<br>
41100 The OS itself in my opinion is not ready for widespread desktop usage, and the development team is not trying to push it in the throat of anybody who wants a Windows or macOS alternative. You need to understand a little bit of how *NIX systems work, because you’ll use CLI more than UI. That’s not necessarily bad, and I’m sure I learned a trick or two that could translate easily to Linux or macOS. Their development process is purely based on developers that love to contribute and hack around, just because it’s fun. Even the mailing list is a cool place to hang on! Code correctness and security are a must, nothing gets committed if it doesn’t get reviewed thoroughly first - nowadays the first two properties should be enforced in every major operating system.<br>
41101 I like the idea of a platform that continually evolves. pledge(2) and unveil(2) are the proof that with a little effort, you can secure existing software better than ever.<br>
41102 I like the “sensible defaults” approach, having an OS ready to be used - UI included if you selected it during the setup process - is great.<br>
41103 Just install a browser and you’re ready to go.<br>
41104 Manual pages on OpenBSD are real manuals, not an extension of the “–help” command found in most CLI softwares. They help you understand inner workings of the operating system, no internet connection needed. There are some trade-offs, too.<br>
41105 Performance is not first-class, mostly because of all the security mitigations and checks done at runtime.<br>
41106 I write Go code in neovim, and sometimes you can feel a slight slowdown when you’re compiling and editing multiple files at the same time, but usually I can’t notice any meaningful difference. Browsers are a different matter though, you can definitely feel something differs from the experience you can have on mainstream operating systems. But again, trade-offs.<br>
41107 To use OpenBSD on the desktop you must be ready to sacrifice some of the goodies of mainstream OSes, but if you’re searching for a zen place to do your computing stuff, it’s the best you can get right now.</p>
41108 </blockquote>
41109 <hr>
41110 <p>###<a href="https://utcc.utoronto.ca/~cks/space/blog/unix/DirectoryDTypeHistory">The history of file type information being available in Unix directories</a></p>
41111 <blockquote>
41112 <p>The two things that Unix directory entries absolutely have to have are the name of the directory entry and its ‘inode’, by which we generically mean some stable kernel identifier for the file that will persist if it gets renamed, linked to other directories, and so on. Unsurprisingly, directory entries have had these since the days when you read the raw bytes of directories with read(), and for a long time that was all they had; if you wanted more than the name and the inode number, you had to stat() the file, not just read the directory. Then, well, I’ll quote myself from an old entry on a find optimization:<br>
41113 […], Unix filesystem developers realized that it was very common for programs reading directories to need to know a bit more about directory entries than just their names, especially their file types (find is the obvious case, but also consider things like ‘ls -F’). Given that the type of an active inode never changes, it’s possible to embed this information straight in the directory entry and then return this to user level, and that’s what developers did; on some systems, readdir(3) will now return directory entries with an additional dtype field that has the directory entry’s type.<br>
41114 On Twitter, I recently grumbled about Illumos not having this dtype field. The ensuing conversation wound up with me curious about exactly where dtype came from and how far back it went. The answer turns out to be a bit surprising due to there being two sides of dtype.<br>
41115 On the kernel side, dtype appears to have shown up in 4.4 BSD. The 4.4 BSD /usr/src/sys/dirent.h has a struct dirent that has a dtype field, but the field isn’t documented in either the comments in the file or in the getdirentries(2) manpage; both of those admit only to the traditional BSD dirent fields. This 4.4 BSD dtype was carried through to things that inherited from 4.4 BSD (Lite), specifically FreeBSD, but it continued to be undocumented for at least a while.<br>
41116 (In FreeBSD, the most convenient history I can find is here, and the dtype field is present in sys/dirent.h as far back as FreeBSD 2.0, which seems to be as far as the repo goes for releases.)<br>
41117 Documentation for dtype appeared in the getdirentries(2) manpage in FreeBSD 2.2.0, where the manpage itself claims to have been updated on May 3rd 1995 (cf). In FreeBSD, this appears to have been part of merging 4.4 BSD ‘Lite2’, which seems to have been done in 1997. I stumbled over a repo of UCB BSD commit history, and in it the documentation appears in this May 3rd 1995 change, which at least has the same date. It appears that FreeBSD 2.2.0 was released some time in 1997, which is when this would have appeared in an official release.<br>
41118 In Linux, it seems that a dirent structure with a dtype member appeared only just before 2.4.0, which was released at the start of 2001. Linux took this long because the dtype field only appeared in the 64-bit ‘large file support’ version of the dirent structure, and so was only return by the new 64-bit getdents64() system call. This would have been a few years after FreeBSD officially documented dtype, and probably many years after it was actually available if you peeked at the structure definition.<br>
41119 As far as I can tell, dtype is present on Linux, FreeBSD, OpenBSD, NetBSD, Dragonfly BSD, and Darwin (aka MacOS or OS X). It’s not present on Solaris and thus Illumos. As far as other commercial Unixes go, you’re on your own; all the links to manpages for things like AIX from my old entry on the remaining Unixes appear to have rotted away.<br>
41120 Sidebar: The filesystem also matters on modern Unixes<br>
41121 Even if your Unix supports dtype in directory entries, it doesn’t mean that it’s supported by the filesystem of any specific directory. As far as I know, every Unix with dtype support has support for it in their normal local filesystems, but it’s not guaranteed to be in all filesystems, especially non-Unix ones like FAT32. Your code should always be prepared to deal with a file type of DTUNKNOWN.<br>
41122 It’s also possible to have things the other way around, where you have a filesystem with support for file type information in directories that’s on a Unix that doesn’t support it. There are a number of plausible reasons for this to happen, but they’re either obvious or beyond the scope of this entry.</p>
41123 </blockquote>
41124 <hr>
41125 <p>###<a href="https://euroquis.nl/bobulate/?p=1979">Multiboot Pinebook KDE neon</a></p>
41126 <blockquote>
41127 <p>Recently a KDE neon image for the Pinebook was announced. There is a new image, with a handful of fixes, which the KDE Plasma team has been working on over the past week and a half.<br>
41128 Here’s a picture of my Pinebook running KDE neon — watching Panic! At the Disco’s High Hopes — sitting in front of my monitor that’s hooked up to one of my openSUSE systems. There are still some errata, and watching video sucks up battery, but for hacking on documentation from my hammock in the garden, or doing IRC meetings it’s a really nice machine.<br>
41129 But one of the neat things about running KDE neon off of an SD card on the Pinebook is that it’s portable — that SD card can move around. So let’s talk about multiboot in the sense of “booting the same OS storage medium in different hardware units” rather than “booting different OS from a medium in a single hardware unit”. On these little ARM boards, u-boot does all the heavy lifting early in the boot process. So to re-use the KDE neon Pinebook image on another ARM board, the u-boot blocks need to be replaced.<br>
41130 I have the u-boot from a Pine64 image (I forget what) lying around, 1015 blocks of 1024 bytes, which I can dd over the u-boot blocks on the SD card, dd bs=1k conv=notrunc,sync if=uboot.img of=/dev/da0 seek=8, and then the same SD card, with the filesystem and data from the Pinebook, will boot on the Pine64 board. Of course, to move the SD card back again, I need to restore the Pinebook u-boot blocks.<br>
41131 Here’s a picture of my Pineboard (the base is a piece of the garden fence, it’s Douglas pine, with 4mm threaded rods acting as the corner posts for my Pine64 mini-rack), with power and network and a serial console attached, along with the serial console output of the same.<br>
41132 The nice thing here is that the same software stack runs on the Pine64 but then has a wired network — which in turn means that if I switch on the other boards in that mini-rack, I’ve got a distcc-capable cluster for fast development, and vast NFS storage (served from ZFS on my FreeBSD machines) for source. I can develop in a high(er) powered environment, and then swap the card around into the Pinebook for testing-on-the-go.<br>
41133 So to sum up: you can multiboot the KDE neon Pinebook image on other Pine64 hardware (i.e. the Pine64 board). To do so, you need to swap around u-boot blocks. The blocks can be picked out of an image built for each board, and then a particular image (e.g. the latest KDE neon Pinebook) can be run on either board.</p>
41134 </blockquote>
41135 <hr>
41136 <p>##Beastie Bits</p>
41137 <ul>
41138 <li><a href="http://lists.dragonflybsd.org/pipermail/users/2018-September/357883.html">Unexpected benefit with Ryzen – reducing power for build server</a></li>
41139 <li><a href="https://mwl.io/archives/3758">Happy #CIDRDay!</a></li>
41140 <li><a href="https://mwl.io/archives/3771">Absolute FreeBSD 3e ship date</a></li>
41141 <li><a href="http://www.mug.org/">MWL FreeBSD talk @ October 9th 2018 - MUG Meeting</a></li>
41142 <li><a href="https://www.ixsystems.com/blog/meetbsd-2018-countdown/">MeetBSD Oct 19-20</a></li>
41143 <li><a href="http://mailman.uk.freebsd.org/pipermail/ukfreebsd/2018-September/014218.html">October’s London *BSD meetup - 9th Oct 2018</a></li>
41144 <li><a href="https://www.bsd.nrw/">NRW BUG Meeting at Trivago Oct. 9</a></li>
41145 <li><a href="https://blog.socruel.nu/misc/eurobsdcon-2018.html">Lars Wittebrood blogs about his visit to EuroBSDCon 2018</a></li>
41146 <li><a href="https://undeadly.org/cgi?action=article;sid=20180925075334">EuroBSDcon 2018 OpenBSD slides available</a></li>
41147 <li><a href="https://2018.eurobsdcon.org/talks-speakers/">EuroBSDCon conference site has most slides as well</a></li>
41148 </ul>
41149 <hr>
41150 <p>##Feedback/Questions</p>
41151 <ul>
41152 <li>Brad - <a href="http://dpaste.com/3T9M2QC#wrap">Unmounted ZFS sends</a></li>
41153 <li>Niclas - <a href="http://dpaste.com/11TKDK2">Report from a Meetup</a></li>
41154 <li>Ghislain - <a href="http://dpaste.com/2790GC6">Bhyve not used?</a></li>
41155 <li>Shane - <a href="http://dpaste.com/1P055SQ">zpool history and snapshots</a></li>
41156 </ul>
41157 <hr>
41158 <ul>
41159 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
41160 </ul>
41161 <hr>
41162 </description>
41163 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, Ryzen, Pinebook, KDE Neon, bhyve, desktop</itunes:keywords>
41164 <content:encoded>
41165 <![CDATA[<p>Running OpenBSD/NetBSD on FreeBSD using grub2-bhyve, vermaden’s FreeBSD story, thoughts on OpenBSD on the desktop, history of file type info in Unix dirs, Multiboot a Pinebook KDE neon image, and more.</p>
41166
41167 <p>##Headlines<br>
41168 ###<a href="https://oshogbo.vexillium.org/blog/53/">OpenBSD/NetBSD on FreeBSD using grub2-bhyve</a></p>
41169
41170 <blockquote>
41171 <p>When I was writing a blog post about the process title, I needed a couple of virtual machines with OpenBSD, NetBSD, and Ubuntu. Before that day I mainly used FreeBSD and Windows with bhyve. I spent some time trying to set up an OpenBSD using bhyve and UEFI as described here. I had numerous problems trying to use it, and this was the day I discovered the grub2-bhyve tool, and I love it!<br>
41172 The grub2-bhyve allows you to load a kernel using GRUB bootloader. GRUB supports most of the operating systems with a standard configuration, so exactly the same method can be used to install NetBSD or Ubuntu. First, let’s install grub2-bhyve on our FreeBSD box:</p>
41173 </blockquote>
41174
41175 <p><code># pkg install grub2-bhyve</code></p>
41176
41177 <blockquote>
41178 <p>To run grub2-bhyve we need to provide at least the name of the VM. In bhyve, if the memsize is not specified the default VM is created with 256MB of the memory.</p>
41179 </blockquote>
41180
41181 <p><code># grub-bhyve test</code><br>
41182 <code>GNU GRUB version 2.00</code><br>
41183 <code>Minimal BASH-like line editing is supported. For the first word, TAB lists possible command</code><br>
41184 <code>completions. Anywhere else TAB lists possible device or file completions.</code><br>
41185 <code></code><br>
41186 <code></code><br>
41187 <code>grub></code></p>
41188
41189 <blockquote>
41190 <p>After running grub-bhyve command we will enter the GRUB loader. If we type the ls command, we will see all the available devices. In the case of the grub2-bhyve there is one additional device called “(host)” that is always available and allows the host filesystem to be accessed. We can list files under that device.</p>
41191 </blockquote>
41192
41193 <p><code>grub> ls</code><br>
41194 <code>(host)</code><br>
41195 <code>grub> ls (host)/</code><br>
41196 <code>libexec/ bin/ usr/ bhyve/ compat/ tank/ etc/ boot/ net/ entropy proc/ lib/ root/ sys/ mnt/ rescue/ tmp/ home/ sbin/ media/ jail/ COPYRIGHT var/ dev/</code><br>
41197 <code>grub></code></p>
41198
41199 <blockquote>
41200 <p>To exit console simply type ‘reboot’. I would like to install my new operating system under a ZVOL <code>ztank/bhyve/post</code>. On another terminal, we create:</p>
41201 </blockquote>
41202
41203 <p><code># zfs create -V 10G ztank/bhyve/post</code></p>
41204
41205 <blockquote>
41206 <p>If you don’t use ZFS for some crazy reason you can also create a raw blob using the truncate(1) command.</p>
41207 </blockquote>
41208
41209 <p><code># truncate -s 10G post.img</code></p>
41210
41211 <blockquote>
41212 <p>I recommend installing an operating system from the disk image (installXX.fs for OpenBSD and NetBSD-X.X-amd64-install.img for NetBSD). Now we need to create a device map for a GRUB.</p>
41213 </blockquote>
41214
41215 <p><code>cat > /tmp/post.map << EOF</code><br>
41216 <code>(hd0) /directory/to/disk/image</code><br>
41217 <code>(hd1) /dev/zvol/ztank/bhyve/post</code><br>
41218 <code>EOF</code></p>
41219
41220 <blockquote>
41221 <p>The mapping files describe the names for files in the GRUB. In our case under hd0 we will have an installation image and in hd1 we will have our ZVOL/blob. You can also try to use an ISO image then instead of using hd0 device name use a cd0. When we will run the grub-bhyve command we will see two additional devices.</p>
41222 </blockquote>
41223
41224 <p><code># grub-bhyve -m /tmp/post.map post</code><br>
41225 <code>grub> ls</code><br>
41226 <code>(hd0) (hd0,msdos4) (hd0,msdos1) (hd0,openbsd9) (hd0,openbsd1) (hd1) (host)</code></p>
41227
41228 <blockquote>
41229 <p>The hd0 (in this example OpenBSD image) contains multiple partitions. We can check what is on it.</p>
41230 </blockquote>
41231
41232 <p><code>grub> ls (hd0,msdos4)/</code><br>
41233 <code>boot bsd 6.4/ etc/</code></p>
41234
41235 <blockquote>
41236 <p>And this is the partition that contains a kernel. Now we can set a root device, load an OpenBSD kernel and boot:</p>
41237 </blockquote>
41238
41239 <p><code>grub> set root=(hd0,msdos4)</code><br>
41240 <code>grub> kopenbsd -h com0 -r sd0a /bsd</code><br>
41241 <code>grub> boot</code></p>
41242
41243 <blockquote>
41244 <p>After that, we can run bhyve virtual machine. In my case it is:</p>
41245 </blockquote>
41246
41247 <p><code># bhyve -c 1 -w -u -H \</code><br>
41248 <code>-s 0,amd_hostbridge \</code><br>
41249 <code>-s 3,ahci-hd,/directory/to/disk/image \</code><br>
41250 <code>-s 4,ahci-hd,/dev/zvol/ztank/bhyve/post \</code><br>
41251 <code>-s 31,lpc -l com1,stdio \</code><br>
41252 <code>post</code></p>
41253
41254 <blockquote>
41255 <p>Unfortunately explaining the whole bhyve(8) command line is beyond this article. After installing the operating system remove hd0 from the mapping file and the image from the bhyve(8) command. If you don’t want to type all those GRUB commands, you can simply redirect them to the standard input.</p>
41256 </blockquote>
41257
41258 <p><code>cat << EOF | grub-bhyve -m /tmp/post.map -M 512 post</code><br>
41259 <code>set root=(hd0,4)</code><br>
41260 <code>kopenbsd -h com0 -r sd0a /bsd</code><br>
41261 <code>boot</code><br>
41262 <code>EOF</code></p>
41263
41264 <p><hr></p>
41265
41266 <p>###<a href="https://vermaden.wordpress.com/2018/09/07/my-freebsd-story/">My FreeBSD Story</a></p>
41267
41268 <blockquote>
41269 <p>My first devices/computers/consoles (not at the same time) that I remember were Atari 2600 and Pegasus console which was hardware clone of the Nintendo NES.<br>
41270 Back then I did not even knew that it was Atari 2600 as I referred to it as Video Computer System … and I did not even knew any english by then. It took me about two decades to get to know (by accident) that this Video Computer System was Atari 2600<br>
41271 Then I got AMIGA 600 computer (or should I say my parents bought it for me) which served both for playing computer games and also other activities for the first time. AMIGA is the computer that had the greatest influence on me, as it was the first time I studied the books about Amiga Workbench operating system and learned commands from Amiga Shell terminal. I loved the idea of Ram Disk icon/directory on the desktop that allowed me to transparently put any things in system memory. I still miss that concept on today’s desktop systems … and I still remember how dismal I was when I watched Amiga Deathbed Vigil movie.<br>
41272 At the end of 1998 I got my first PC that of course came with Windows and that computer served both as gaming machine and as well as typical tool. One time I dig into the internals with Windows Registry (which left me disgusted by its concepts and implementation) and its limited command line interface provided by CMD.EXE executable. I remember that the heart of this box was not the CPU or the motherboard but the graphics accelerator – the legendary 3Dfx Voodoo card. This company (3Dfx) – their attitude and philosophy – also left solid fingerprint on my way. Like AMIGA did.<br>
41273 After ‘migration’ from AMIGA to PC it never again ‘felt right’. The games were cool but the Windows system was horrible. Time has passed and different Windows versions and hardware modifications took place. Windows XP felt really heavy at that time, not to mention Windows 2000 for example with even bigger hardware requirements. I also do not understand all the hate about Windows ME. It crashed with the same frequency as Windows 98 or later Windows 98 Second Edition but maybe my hardware was different ??<br>
41274 I do not have any ‘mine’ screenshots from that period as I lost all my 40 GB (huge then) drive of data when I moved/resized the partition with Partition Magic to get some more space from the less filled C: drive. That day I learned hard that “there are people who do backups and people who will do backups”. I never lost data again as I had multiple copies of my data, but the same as Netheril fall the lost data was was gone forever.<br>
41275 I always followed various alternatives which led me to try Linux in 2003, after reading about various distributions philosophies I decided to run Slackware Linux with KDE 3. My buddy used Aurox Linux by then (one of the few Linux distributions from Poland) and encouraged me to do the same – especially in the context of fixing possible problems as he already knew it and also as he recently dumped Windows system. But Slackware sounded like a better idea so I took that path instead. At first I dual booted between Windows XP and Slackware Linux cause I had everything worked out on the Windows world while I often felt helpless in the Linux world, so I would reboot into Windows to play some games or find a solution for Linux problem if that was required. I remember how strange the concept of dual clipboards (PRIMARY and SECONDARY) was for me by then. I was amazed why ‘so much better’ system as Linux (at least marketed that way) needs a system tray program to literally manage the clipboard. On Windows it was obvious, you do [CTRL]+[C] to copy and [CTRL]+[V] to paste things, but on Linux there (no I know its X11 feature) there were two clipboards that were synchronized by this little system tray program from KDE 3. It was also unthinkable for me that I will ‘lost’ contents of last/recent [CTRL]+[C] operation if I close the application from which the copy was made. I settled down a little on Slackware but not for long. I really did not liked manual dependency management for packages for example. Also KDE 3 was really ugly and despite trying all possible options I was not able to tweak it into something nice looking.<br>
41276 After half a year on Slackware I checked the Linux distributions again and decided to try Gentoo Linux. I definitely agree with the image below which visualizes Gentoo Linux experience, especially when You install it for he first time ??<br>
41277 Of course I went with the most hardcore version with self building Stage 1 (compiler and toolchain) which was horrible idea at that time because compilation on slow single core machine took forever … but after many hours I got Gentoo installed. I now have to decide which desktop environment to use. I have read a lot of good news about Fluxbox at that time so this is what I tried. It was very weird experience (to create everything in GUI from scratch) but very pleasant one. That recalled me the times of AMIGA … but Linux came in the way too much often. The more I dig into Gentoo Linux the more I read that lots of Gentoo features are based on FreeBSD solutions. Gentoo Portage is a clone of FreeBSD Ports. That ‘central’ /etc/rc.conf system configuration file concept was taken from FreeBSD as well. So I started to gather information about FreeBSD. The (then) FreeBSD website or FreeBSD Ports site (still) felt little outdated to say the least but that did not discouraged me.<br>
41278 Somewhere in 2005 I installed FreeBSD 5.4 on my computer. The beginnings were hard, like the earlier step with Gentoo but similarly like Gentoo the FreeBSD project came with a lot of great documentation. While Gentoo documentation is concentrated within various Gentoo Wiki sites the FreeBSD project comes with ‘official’ documentation in the form of Handbook and FAQ. I remember my first questions at the now nonexistent <a href="http://BSDForums.org">BSDForums.org</a> site – for example one of the first ones – how to scroll the terminal output in the plain console. I now know that I had to push Scroll Lock button but it was something totally new for me.<br>
41279 Why FreeBSD and not OpenBSD or NetBSD? Probably because Gentoo based most their concepts on the FreeBSD solutions, so that led me to FreeBSD instead of the other BSD operating systems. Currently I still use FreeBSD but I keep an steady eye on the OpenBSD, HardenedBSD and DragonFly BSD solutions and improvements.<br>
41280 As the migration path from Linux to FreeBSD is a lot easier – all configuration files from /home can be just copied – the migration was quite fast easy. I again had the Fluxbox configuration which I used on the Gentoo. Now – on FreeBSD – it started to fell even more like AMIGA times. Everything is/has been well thought and had its place and reason. The documentation was good and the FreeBSD Community was second to none.<br>
41281 After 15 years of using various Windows, UNIX (macOS/AIX/HP-UX/Solaris/OpenSolaris/Illumos/FreeBSD/OpenBSD/NetBSD) and UNIX-like (Linux) systems I always come to conclusion that FreeBSD is the system that sucks least. And sucks least with each release and one day I will write why FreeBSD is such great operating system … if I already haven’t</p>
41282 </blockquote>
41283
41284 <p><hr></p>
41285
41286 <p>##News Roundup<br>
41287 ###<a href="https://blog.gsora.xyz/openbsd-on-the-desktop-some-thoughts/">OpenBSD on the Desktop: some thoughts</a></p>
41288
41289 <blockquote>
41290 <p>I’ve been using OpenBSD on my ThinkPad X230 for some weeks now, and the experience has been peculiar in some ways.<br>
41291 The OS itself in my opinion is not ready for widespread desktop usage, and the development team is not trying to push it in the throat of anybody who wants a Windows or macOS alternative. You need to understand a little bit of how *NIX systems work, because you’ll use CLI more than UI. That’s not necessarily bad, and I’m sure I learned a trick or two that could translate easily to Linux or macOS. Their development process is purely based on developers that love to contribute and hack around, just because it’s fun. Even the mailing list is a cool place to hang on! Code correctness and security are a must, nothing gets committed if it doesn’t get reviewed thoroughly first - nowadays the first two properties should be enforced in every major operating system.<br>
41292 I like the idea of a platform that continually evolves. pledge(2) and unveil(2) are the proof that with a little effort, you can secure existing software better than ever.<br>
41293 I like the “sensible defaults” approach, having an OS ready to be used - UI included if you selected it during the setup process - is great.<br>
41294 Just install a browser and you’re ready to go.<br>
41295 Manual pages on OpenBSD are real manuals, not an extension of the “–help” command found in most CLI softwares. They help you understand inner workings of the operating system, no internet connection needed. There are some trade-offs, too.<br>
41296 Performance is not first-class, mostly because of all the security mitigations and checks done at runtime.<br>
41297 I write Go code in neovim, and sometimes you can feel a slight slowdown when you’re compiling and editing multiple files at the same time, but usually I can’t notice any meaningful difference. Browsers are a different matter though, you can definitely feel something differs from the experience you can have on mainstream operating systems. But again, trade-offs.<br>
41298 To use OpenBSD on the desktop you must be ready to sacrifice some of the goodies of mainstream OSes, but if you’re searching for a zen place to do your computing stuff, it’s the best you can get right now.</p>
41299 </blockquote>
41300
41301 <p><hr></p>
41302
41303 <p>###<a href="https://utcc.utoronto.ca/~cks/space/blog/unix/DirectoryDTypeHistory">The history of file type information being available in Unix directories</a></p>
41304
41305 <blockquote>
41306 <p>The two things that Unix directory entries absolutely have to have are the name of the directory entry and its ‘inode’, by which we generically mean some stable kernel identifier for the file that will persist if it gets renamed, linked to other directories, and so on. Unsurprisingly, directory entries have had these since the days when you read the raw bytes of directories with read(), and for a long time that was all they had; if you wanted more than the name and the inode number, you had to stat() the file, not just read the directory. Then, well, I’ll quote myself from an old entry on a find optimization:<br>
41307 […], Unix filesystem developers realized that it was very common for programs reading directories to need to know a bit more about directory entries than just their names, especially their file types (find is the obvious case, but also consider things like ‘ls -F’). Given that the type of an active inode never changes, it’s possible to embed this information straight in the directory entry and then return this to user level, and that’s what developers did; on some systems, readdir(3) will now return directory entries with an additional d_type field that has the directory entry’s type.<br>
41308 On Twitter, I recently grumbled about Illumos not having this d_type field. The ensuing conversation wound up with me curious about exactly where d_type came from and how far back it went. The answer turns out to be a bit surprising due to there being two sides of d_type.<br>
41309 On the kernel side, d_type appears to have shown up in 4.4 BSD. The 4.4 BSD /usr/src/sys/dirent.h has a struct dirent that has a d_type field, but the field isn’t documented in either the comments in the file or in the getdirentries(2) manpage; both of those admit only to the traditional BSD dirent fields. This 4.4 BSD d_type was carried through to things that inherited from 4.4 BSD (Lite), specifically FreeBSD, but it continued to be undocumented for at least a while.<br>
41310 (In FreeBSD, the most convenient history I can find is here, and the d_type field is present in sys/dirent.h as far back as FreeBSD 2.0, which seems to be as far as the repo goes for releases.)<br>
41311 Documentation for d_type appeared in the getdirentries(2) manpage in FreeBSD 2.2.0, where the manpage itself claims to have been updated on May 3rd 1995 (cf). In FreeBSD, this appears to have been part of merging 4.4 BSD ‘Lite2’, which seems to have been done in 1997. I stumbled over a repo of UCB BSD commit history, and in it the documentation appears in this May 3rd 1995 change, which at least has the same date. It appears that FreeBSD 2.2.0 was released some time in 1997, which is when this would have appeared in an official release.<br>
41312 In Linux, it seems that a dirent structure with a d_type member appeared only just before 2.4.0, which was released at the start of 2001. Linux took this long because the d_type field only appeared in the 64-bit ‘large file support’ version of the dirent structure, and so was only return by the new 64-bit getdents64() system call. This would have been a few years after FreeBSD officially documented d_type, and probably many years after it was actually available if you peeked at the structure definition.<br>
41313 As far as I can tell, d_type is present on Linux, FreeBSD, OpenBSD, NetBSD, Dragonfly BSD, and Darwin (aka MacOS or OS X). It’s not present on Solaris and thus Illumos. As far as other commercial Unixes go, you’re on your own; all the links to manpages for things like AIX from my old entry on the remaining Unixes appear to have rotted away.<br>
41314 Sidebar: The filesystem also matters on modern Unixes<br>
41315 Even if your Unix supports d_type in directory entries, it doesn’t mean that it’s supported by the filesystem of any specific directory. As far as I know, every Unix with d_type support has support for it in their normal local filesystems, but it’s not guaranteed to be in all filesystems, especially non-Unix ones like FAT32. Your code should always be prepared to deal with a file type of DT_UNKNOWN.<br>
41316 It’s also possible to have things the other way around, where you have a filesystem with support for file type information in directories that’s on a Unix that doesn’t support it. There are a number of plausible reasons for this to happen, but they’re either obvious or beyond the scope of this entry.</p>
41317 </blockquote>
41318
41319 <p><hr></p>
41320
41321 <p>###<a href="https://euroquis.nl/bobulate/?p=1979">Multiboot Pinebook KDE neon</a></p>
41322
41323 <blockquote>
41324 <p>Recently a KDE neon image for the Pinebook was announced. There is a new image, with a handful of fixes, which the KDE Plasma team has been working on over the past week and a half.<br>
41325 Here’s a picture of my Pinebook running KDE neon — watching Panic! At the Disco’s High Hopes — sitting in front of my monitor that’s hooked up to one of my openSUSE systems. There are still some errata, and watching video sucks up battery, but for hacking on documentation from my hammock in the garden, or doing IRC meetings it’s a really nice machine.<br>
41326 But one of the neat things about running KDE neon off of an SD card on the Pinebook is that it’s portable — that SD card can move around. So let’s talk about multiboot in the sense of “booting the same OS storage medium in different hardware units” rather than “booting different OS from a medium in a single hardware unit”. On these little ARM boards, u-boot does all the heavy lifting early in the boot process. So to re-use the KDE neon Pinebook image on another ARM board, the u-boot blocks need to be replaced.<br>
41327 I have the u-boot from a Pine64 image (I forget what) lying around, 1015 blocks of 1024 bytes, which I can dd over the u-boot blocks on the SD card, dd bs=1k conv=notrunc,sync if=uboot.img of=/dev/da0 seek=8, and then the same SD card, with the filesystem and data from the Pinebook, will boot on the Pine64 board. Of course, to move the SD card back again, I need to restore the Pinebook u-boot blocks.<br>
41328 Here’s a picture of my Pineboard (the base is a piece of the garden fence, it’s Douglas pine, with 4mm threaded rods acting as the corner posts for my Pine64 mini-rack), with power and network and a serial console attached, along with the serial console output of the same.<br>
41329 The nice thing here is that the same software stack runs on the Pine64 but then has a wired network — which in turn means that if I switch on the other boards in that mini-rack, I’ve got a distcc-capable cluster for fast development, and vast NFS storage (served from ZFS on my FreeBSD machines) for source. I can develop in a high(er) powered environment, and then swap the card around into the Pinebook for testing-on-the-go.<br>
41330 So to sum up: you can multiboot the KDE neon Pinebook image on other Pine64 hardware (i.e. the Pine64 board). To do so, you need to swap around u-boot blocks. The blocks can be picked out of an image built for each board, and then a particular image (e.g. the latest KDE neon Pinebook) can be run on either board.</p>
41331 </blockquote>
41332
41333 <p><hr></p>
41334
41335 <p>##Beastie Bits</p>
41336
41337 <ul>
41338 <li><a href="http://lists.dragonflybsd.org/pipermail/users/2018-September/357883.html">Unexpected benefit with Ryzen – reducing power for build server</a></li>
41339 <li><a href="https://mwl.io/archives/3758">Happy #CIDRDay!</a></li>
41340 <li><a href="https://mwl.io/archives/3771">Absolute FreeBSD 3e ship date</a></li>
41341 <li><a href="http://www.mug.org/">MWL FreeBSD talk @ October 9th 2018 - MUG Meeting</a></li>
41342 <li><a href="https://www.ixsystems.com/blog/meetbsd-2018-countdown/">MeetBSD Oct 19-20</a></li>
41343 <li><a href="http://mailman.uk.freebsd.org/pipermail/ukfreebsd/2018-September/014218.html">October’s London *BSD meetup - 9th Oct 2018</a></li>
41344 <li><a href="https://www.bsd.nrw/">NRW BUG Meeting at Trivago Oct. 9</a></li>
41345 <li><a href="https://blog.socruel.nu/misc/eurobsdcon-2018.html">Lars Wittebrood blogs about his visit to EuroBSDCon 2018</a></li>
41346 <li><a href="https://undeadly.org/cgi?action=article;sid=20180925075334">EuroBSDcon 2018 OpenBSD slides available</a></li>
41347 <li><a href="https://2018.eurobsdcon.org/talks-speakers/">EuroBSDCon conference site has most slides as well</a></li>
41348 </ul>
41349
41350 <p><hr></p>
41351
41352 <p>##Feedback/Questions</p>
41353
41354 <ul>
41355 <li>Brad - <a href="http://dpaste.com/3T9M2QC#wrap">Unmounted ZFS sends</a></li>
41356 <li>Niclas - <a href="http://dpaste.com/11TKDK2">Report from a Meetup</a></li>
41357 <li>Ghislain - <a href="http://dpaste.com/2790GC6">Bhyve not used?</a></li>
41358 <li>Shane - <a href="http://dpaste.com/1P055SQ">zpool history and snapshots</a></li>
41359 </ul>
41360
41361 <p><hr></p>
41362
41363 <ul>
41364 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
41365 </ul>
41366
41367 <p><hr></p>]]>
41368 </content:encoded>
41369 <itunes:summary>
41370 <![CDATA[<p>Running OpenBSD/NetBSD on FreeBSD using grub2-bhyve, vermaden’s FreeBSD story, thoughts on OpenBSD on the desktop, history of file type info in Unix dirs, Multiboot a Pinebook KDE neon image, and more.</p>
41371
41372 <p>##Headlines<br>
41373 ###<a href="https://oshogbo.vexillium.org/blog/53/">OpenBSD/NetBSD on FreeBSD using grub2-bhyve</a></p>
41374
41375 <blockquote>
41376 <p>When I was writing a blog post about the process title, I needed a couple of virtual machines with OpenBSD, NetBSD, and Ubuntu. Before that day I mainly used FreeBSD and Windows with bhyve. I spent some time trying to set up an OpenBSD using bhyve and UEFI as described here. I had numerous problems trying to use it, and this was the day I discovered the grub2-bhyve tool, and I love it!<br>
41377 The grub2-bhyve allows you to load a kernel using GRUB bootloader. GRUB supports most of the operating systems with a standard configuration, so exactly the same method can be used to install NetBSD or Ubuntu. First, let’s install grub2-bhyve on our FreeBSD box:</p>
41378 </blockquote>
41379
41380 <p><code># pkg install grub2-bhyve</code></p>
41381
41382 <blockquote>
41383 <p>To run grub2-bhyve we need to provide at least the name of the VM. In bhyve, if the memsize is not specified the default VM is created with 256MB of the memory.</p>
41384 </blockquote>
41385
41386 <p><code># grub-bhyve test</code><br>
41387 <code>GNU GRUB version 2.00</code><br>
41388 <code>Minimal BASH-like line editing is supported. For the first word, TAB lists possible command</code><br>
41389 <code>completions. Anywhere else TAB lists possible device or file completions.</code><br>
41390 <code></code><br>
41391 <code></code><br>
41392 <code>grub></code></p>
41393
41394 <blockquote>
41395 <p>After running grub-bhyve command we will enter the GRUB loader. If we type the ls command, we will see all the available devices. In the case of the grub2-bhyve there is one additional device called “(host)” that is always available and allows the host filesystem to be accessed. We can list files under that device.</p>
41396 </blockquote>
41397
41398 <p><code>grub> ls</code><br>
41399 <code>(host)</code><br>
41400 <code>grub> ls (host)/</code><br>
41401 <code>libexec/ bin/ usr/ bhyve/ compat/ tank/ etc/ boot/ net/ entropy proc/ lib/ root/ sys/ mnt/ rescue/ tmp/ home/ sbin/ media/ jail/ COPYRIGHT var/ dev/</code><br>
41402 <code>grub></code></p>
41403
41404 <blockquote>
41405 <p>To exit console simply type ‘reboot’. I would like to install my new operating system under a ZVOL <code>ztank/bhyve/post</code>. On another terminal, we create:</p>
41406 </blockquote>
41407
41408 <p><code># zfs create -V 10G ztank/bhyve/post</code></p>
41409
41410 <blockquote>
41411 <p>If you don’t use ZFS for some crazy reason you can also create a raw blob using the truncate(1) command.</p>
41412 </blockquote>
41413
41414 <p><code># truncate -s 10G post.img</code></p>
41415
41416 <blockquote>
41417 <p>I recommend installing an operating system from the disk image (installXX.fs for OpenBSD and NetBSD-X.X-amd64-install.img for NetBSD). Now we need to create a device map for a GRUB.</p>
41418 </blockquote>
41419
41420 <p><code>cat > /tmp/post.map << EOF</code><br>
41421 <code>(hd0) /directory/to/disk/image</code><br>
41422 <code>(hd1) /dev/zvol/ztank/bhyve/post</code><br>
41423 <code>EOF</code></p>
41424
41425 <blockquote>
41426 <p>The mapping files describe the names for files in the GRUB. In our case under hd0 we will have an installation image and in hd1 we will have our ZVOL/blob. You can also try to use an ISO image then instead of using hd0 device name use a cd0. When we will run the grub-bhyve command we will see two additional devices.</p>
41427 </blockquote>
41428
41429 <p><code># grub-bhyve -m /tmp/post.map post</code><br>
41430 <code>grub> ls</code><br>
41431 <code>(hd0) (hd0,msdos4) (hd0,msdos1) (hd0,openbsd9) (hd0,openbsd1) (hd1) (host)</code></p>
41432
41433 <blockquote>
41434 <p>The hd0 (in this example OpenBSD image) contains multiple partitions. We can check what is on it.</p>
41435 </blockquote>
41436
41437 <p><code>grub> ls (hd0,msdos4)/</code><br>
41438 <code>boot bsd 6.4/ etc/</code></p>
41439
41440 <blockquote>
41441 <p>And this is the partition that contains a kernel. Now we can set a root device, load an OpenBSD kernel and boot:</p>
41442 </blockquote>
41443
41444 <p><code>grub> set root=(hd0,msdos4)</code><br>
41445 <code>grub> kopenbsd -h com0 -r sd0a /bsd</code><br>
41446 <code>grub> boot</code></p>
41447
41448 <blockquote>
41449 <p>After that, we can run bhyve virtual machine. In my case it is:</p>
41450 </blockquote>
41451
41452 <p><code># bhyve -c 1 -w -u -H \</code><br>
41453 <code>-s 0,amd_hostbridge \</code><br>
41454 <code>-s 3,ahci-hd,/directory/to/disk/image \</code><br>
41455 <code>-s 4,ahci-hd,/dev/zvol/ztank/bhyve/post \</code><br>
41456 <code>-s 31,lpc -l com1,stdio \</code><br>
41457 <code>post</code></p>
41458
41459 <blockquote>
41460 <p>Unfortunately explaining the whole bhyve(8) command line is beyond this article. After installing the operating system remove hd0 from the mapping file and the image from the bhyve(8) command. If you don’t want to type all those GRUB commands, you can simply redirect them to the standard input.</p>
41461 </blockquote>
41462
41463 <p><code>cat << EOF | grub-bhyve -m /tmp/post.map -M 512 post</code><br>
41464 <code>set root=(hd0,4)</code><br>
41465 <code>kopenbsd -h com0 -r sd0a /bsd</code><br>
41466 <code>boot</code><br>
41467 <code>EOF</code></p>
41468
41469 <p><hr></p>
41470
41471 <p>###<a href="https://vermaden.wordpress.com/2018/09/07/my-freebsd-story/">My FreeBSD Story</a></p>
41472
41473 <blockquote>
41474 <p>My first devices/computers/consoles (not at the same time) that I remember were Atari 2600 and Pegasus console which was hardware clone of the Nintendo NES.<br>
41475 Back then I did not even knew that it was Atari 2600 as I referred to it as Video Computer System … and I did not even knew any english by then. It took me about two decades to get to know (by accident) that this Video Computer System was Atari 2600<br>
41476 Then I got AMIGA 600 computer (or should I say my parents bought it for me) which served both for playing computer games and also other activities for the first time. AMIGA is the computer that had the greatest influence on me, as it was the first time I studied the books about Amiga Workbench operating system and learned commands from Amiga Shell terminal. I loved the idea of Ram Disk icon/directory on the desktop that allowed me to transparently put any things in system memory. I still miss that concept on today’s desktop systems … and I still remember how dismal I was when I watched Amiga Deathbed Vigil movie.<br>
41477 At the end of 1998 I got my first PC that of course came with Windows and that computer served both as gaming machine and as well as typical tool. One time I dig into the internals with Windows Registry (which left me disgusted by its concepts and implementation) and its limited command line interface provided by CMD.EXE executable. I remember that the heart of this box was not the CPU or the motherboard but the graphics accelerator – the legendary 3Dfx Voodoo card. This company (3Dfx) – their attitude and philosophy – also left solid fingerprint on my way. Like AMIGA did.<br>
41478 After ‘migration’ from AMIGA to PC it never again ‘felt right’. The games were cool but the Windows system was horrible. Time has passed and different Windows versions and hardware modifications took place. Windows XP felt really heavy at that time, not to mention Windows 2000 for example with even bigger hardware requirements. I also do not understand all the hate about Windows ME. It crashed with the same frequency as Windows 98 or later Windows 98 Second Edition but maybe my hardware was different ??<br>
41479 I do not have any ‘mine’ screenshots from that period as I lost all my 40 GB (huge then) drive of data when I moved/resized the partition with Partition Magic to get some more space from the less filled C: drive. That day I learned hard that “there are people who do backups and people who will do backups”. I never lost data again as I had multiple copies of my data, but the same as Netheril fall the lost data was was gone forever.<br>
41480 I always followed various alternatives which led me to try Linux in 2003, after reading about various distributions philosophies I decided to run Slackware Linux with KDE 3. My buddy used Aurox Linux by then (one of the few Linux distributions from Poland) and encouraged me to do the same – especially in the context of fixing possible problems as he already knew it and also as he recently dumped Windows system. But Slackware sounded like a better idea so I took that path instead. At first I dual booted between Windows XP and Slackware Linux cause I had everything worked out on the Windows world while I often felt helpless in the Linux world, so I would reboot into Windows to play some games or find a solution for Linux problem if that was required. I remember how strange the concept of dual clipboards (PRIMARY and SECONDARY) was for me by then. I was amazed why ‘so much better’ system as Linux (at least marketed that way) needs a system tray program to literally manage the clipboard. On Windows it was obvious, you do [CTRL]+[C] to copy and [CTRL]+[V] to paste things, but on Linux there (no I know its X11 feature) there were two clipboards that were synchronized by this little system tray program from KDE 3. It was also unthinkable for me that I will ‘lost’ contents of last/recent [CTRL]+[C] operation if I close the application from which the copy was made. I settled down a little on Slackware but not for long. I really did not liked manual dependency management for packages for example. Also KDE 3 was really ugly and despite trying all possible options I was not able to tweak it into something nice looking.<br>
41481 After half a year on Slackware I checked the Linux distributions again and decided to try Gentoo Linux. I definitely agree with the image below which visualizes Gentoo Linux experience, especially when You install it for he first time ??<br>
41482 Of course I went with the most hardcore version with self building Stage 1 (compiler and toolchain) which was horrible idea at that time because compilation on slow single core machine took forever … but after many hours I got Gentoo installed. I now have to decide which desktop environment to use. I have read a lot of good news about Fluxbox at that time so this is what I tried. It was very weird experience (to create everything in GUI from scratch) but very pleasant one. That recalled me the times of AMIGA … but Linux came in the way too much often. The more I dig into Gentoo Linux the more I read that lots of Gentoo features are based on FreeBSD solutions. Gentoo Portage is a clone of FreeBSD Ports. That ‘central’ /etc/rc.conf system configuration file concept was taken from FreeBSD as well. So I started to gather information about FreeBSD. The (then) FreeBSD website or FreeBSD Ports site (still) felt little outdated to say the least but that did not discouraged me.<br>
41483 Somewhere in 2005 I installed FreeBSD 5.4 on my computer. The beginnings were hard, like the earlier step with Gentoo but similarly like Gentoo the FreeBSD project came with a lot of great documentation. While Gentoo documentation is concentrated within various Gentoo Wiki sites the FreeBSD project comes with ‘official’ documentation in the form of Handbook and FAQ. I remember my first questions at the now nonexistent <a href="http://BSDForums.org">BSDForums.org</a> site – for example one of the first ones – how to scroll the terminal output in the plain console. I now know that I had to push Scroll Lock button but it was something totally new for me.<br>
41484 Why FreeBSD and not OpenBSD or NetBSD? Probably because Gentoo based most their concepts on the FreeBSD solutions, so that led me to FreeBSD instead of the other BSD operating systems. Currently I still use FreeBSD but I keep an steady eye on the OpenBSD, HardenedBSD and DragonFly BSD solutions and improvements.<br>
41485 As the migration path from Linux to FreeBSD is a lot easier – all configuration files from /home can be just copied – the migration was quite fast easy. I again had the Fluxbox configuration which I used on the Gentoo. Now – on FreeBSD – it started to fell even more like AMIGA times. Everything is/has been well thought and had its place and reason. The documentation was good and the FreeBSD Community was second to none.<br>
41486 After 15 years of using various Windows, UNIX (macOS/AIX/HP-UX/Solaris/OpenSolaris/Illumos/FreeBSD/OpenBSD/NetBSD) and UNIX-like (Linux) systems I always come to conclusion that FreeBSD is the system that sucks least. And sucks least with each release and one day I will write why FreeBSD is such great operating system … if I already haven’t</p>
41487 </blockquote>
41488
41489 <p><hr></p>
41490
41491 <p>##News Roundup<br>
41492 ###<a href="https://blog.gsora.xyz/openbsd-on-the-desktop-some-thoughts/">OpenBSD on the Desktop: some thoughts</a></p>
41493
41494 <blockquote>
41495 <p>I’ve been using OpenBSD on my ThinkPad X230 for some weeks now, and the experience has been peculiar in some ways.<br>
41496 The OS itself in my opinion is not ready for widespread desktop usage, and the development team is not trying to push it in the throat of anybody who wants a Windows or macOS alternative. You need to understand a little bit of how *NIX systems work, because you’ll use CLI more than UI. That’s not necessarily bad, and I’m sure I learned a trick or two that could translate easily to Linux or macOS. Their development process is purely based on developers that love to contribute and hack around, just because it’s fun. Even the mailing list is a cool place to hang on! Code correctness and security are a must, nothing gets committed if it doesn’t get reviewed thoroughly first - nowadays the first two properties should be enforced in every major operating system.<br>
41497 I like the idea of a platform that continually evolves. pledge(2) and unveil(2) are the proof that with a little effort, you can secure existing software better than ever.<br>
41498 I like the “sensible defaults” approach, having an OS ready to be used - UI included if you selected it during the setup process - is great.<br>
41499 Just install a browser and you’re ready to go.<br>
41500 Manual pages on OpenBSD are real manuals, not an extension of the “–help” command found in most CLI softwares. They help you understand inner workings of the operating system, no internet connection needed. There are some trade-offs, too.<br>
41501 Performance is not first-class, mostly because of all the security mitigations and checks done at runtime.<br>
41502 I write Go code in neovim, and sometimes you can feel a slight slowdown when you’re compiling and editing multiple files at the same time, but usually I can’t notice any meaningful difference. Browsers are a different matter though, you can definitely feel something differs from the experience you can have on mainstream operating systems. But again, trade-offs.<br>
41503 To use OpenBSD on the desktop you must be ready to sacrifice some of the goodies of mainstream OSes, but if you’re searching for a zen place to do your computing stuff, it’s the best you can get right now.</p>
41504 </blockquote>
41505
41506 <p><hr></p>
41507
41508 <p>###<a href="https://utcc.utoronto.ca/~cks/space/blog/unix/DirectoryDTypeHistory">The history of file type information being available in Unix directories</a></p>
41509
41510 <blockquote>
41511 <p>The two things that Unix directory entries absolutely have to have are the name of the directory entry and its ‘inode’, by which we generically mean some stable kernel identifier for the file that will persist if it gets renamed, linked to other directories, and so on. Unsurprisingly, directory entries have had these since the days when you read the raw bytes of directories with read(), and for a long time that was all they had; if you wanted more than the name and the inode number, you had to stat() the file, not just read the directory. Then, well, I’ll quote myself from an old entry on a find optimization:<br>
41512 […], Unix filesystem developers realized that it was very common for programs reading directories to need to know a bit more about directory entries than just their names, especially their file types (find is the obvious case, but also consider things like ‘ls -F’). Given that the type of an active inode never changes, it’s possible to embed this information straight in the directory entry and then return this to user level, and that’s what developers did; on some systems, readdir(3) will now return directory entries with an additional d_type field that has the directory entry’s type.<br>
41513 On Twitter, I recently grumbled about Illumos not having this d_type field. The ensuing conversation wound up with me curious about exactly where d_type came from and how far back it went. The answer turns out to be a bit surprising due to there being two sides of d_type.<br>
41514 On the kernel side, d_type appears to have shown up in 4.4 BSD. The 4.4 BSD /usr/src/sys/dirent.h has a struct dirent that has a d_type field, but the field isn’t documented in either the comments in the file or in the getdirentries(2) manpage; both of those admit only to the traditional BSD dirent fields. This 4.4 BSD d_type was carried through to things that inherited from 4.4 BSD (Lite), specifically FreeBSD, but it continued to be undocumented for at least a while.<br>
41515 (In FreeBSD, the most convenient history I can find is here, and the d_type field is present in sys/dirent.h as far back as FreeBSD 2.0, which seems to be as far as the repo goes for releases.)<br>
41516 Documentation for d_type appeared in the getdirentries(2) manpage in FreeBSD 2.2.0, where the manpage itself claims to have been updated on May 3rd 1995 (cf). In FreeBSD, this appears to have been part of merging 4.4 BSD ‘Lite2’, which seems to have been done in 1997. I stumbled over a repo of UCB BSD commit history, and in it the documentation appears in this May 3rd 1995 change, which at least has the same date. It appears that FreeBSD 2.2.0 was released some time in 1997, which is when this would have appeared in an official release.<br>
41517 In Linux, it seems that a dirent structure with a d_type member appeared only just before 2.4.0, which was released at the start of 2001. Linux took this long because the d_type field only appeared in the 64-bit ‘large file support’ version of the dirent structure, and so was only return by the new 64-bit getdents64() system call. This would have been a few years after FreeBSD officially documented d_type, and probably many years after it was actually available if you peeked at the structure definition.<br>
41518 As far as I can tell, d_type is present on Linux, FreeBSD, OpenBSD, NetBSD, Dragonfly BSD, and Darwin (aka MacOS or OS X). It’s not present on Solaris and thus Illumos. As far as other commercial Unixes go, you’re on your own; all the links to manpages for things like AIX from my old entry on the remaining Unixes appear to have rotted away.<br>
41519 Sidebar: The filesystem also matters on modern Unixes<br>
41520 Even if your Unix supports d_type in directory entries, it doesn’t mean that it’s supported by the filesystem of any specific directory. As far as I know, every Unix with d_type support has support for it in their normal local filesystems, but it’s not guaranteed to be in all filesystems, especially non-Unix ones like FAT32. Your code should always be prepared to deal with a file type of DT_UNKNOWN.<br>
41521 It’s also possible to have things the other way around, where you have a filesystem with support for file type information in directories that’s on a Unix that doesn’t support it. There are a number of plausible reasons for this to happen, but they’re either obvious or beyond the scope of this entry.</p>
41522 </blockquote>
41523
41524 <p><hr></p>
41525
41526 <p>###<a href="https://euroquis.nl/bobulate/?p=1979">Multiboot Pinebook KDE neon</a></p>
41527
41528 <blockquote>
41529 <p>Recently a KDE neon image for the Pinebook was announced. There is a new image, with a handful of fixes, which the KDE Plasma team has been working on over the past week and a half.<br>
41530 Here’s a picture of my Pinebook running KDE neon — watching Panic! At the Disco’s High Hopes — sitting in front of my monitor that’s hooked up to one of my openSUSE systems. There are still some errata, and watching video sucks up battery, but for hacking on documentation from my hammock in the garden, or doing IRC meetings it’s a really nice machine.<br>
41531 But one of the neat things about running KDE neon off of an SD card on the Pinebook is that it’s portable — that SD card can move around. So let’s talk about multiboot in the sense of “booting the same OS storage medium in different hardware units” rather than “booting different OS from a medium in a single hardware unit”. On these little ARM boards, u-boot does all the heavy lifting early in the boot process. So to re-use the KDE neon Pinebook image on another ARM board, the u-boot blocks need to be replaced.<br>
41532 I have the u-boot from a Pine64 image (I forget what) lying around, 1015 blocks of 1024 bytes, which I can dd over the u-boot blocks on the SD card, dd bs=1k conv=notrunc,sync if=uboot.img of=/dev/da0 seek=8, and then the same SD card, with the filesystem and data from the Pinebook, will boot on the Pine64 board. Of course, to move the SD card back again, I need to restore the Pinebook u-boot blocks.<br>
41533 Here’s a picture of my Pineboard (the base is a piece of the garden fence, it’s Douglas pine, with 4mm threaded rods acting as the corner posts for my Pine64 mini-rack), with power and network and a serial console attached, along with the serial console output of the same.<br>
41534 The nice thing here is that the same software stack runs on the Pine64 but then has a wired network — which in turn means that if I switch on the other boards in that mini-rack, I’ve got a distcc-capable cluster for fast development, and vast NFS storage (served from ZFS on my FreeBSD machines) for source. I can develop in a high(er) powered environment, and then swap the card around into the Pinebook for testing-on-the-go.<br>
41535 So to sum up: you can multiboot the KDE neon Pinebook image on other Pine64 hardware (i.e. the Pine64 board). To do so, you need to swap around u-boot blocks. The blocks can be picked out of an image built for each board, and then a particular image (e.g. the latest KDE neon Pinebook) can be run on either board.</p>
41536 </blockquote>
41537
41538 <p><hr></p>
41539
41540 <p>##Beastie Bits</p>
41541
41542 <ul>
41543 <li><a href="http://lists.dragonflybsd.org/pipermail/users/2018-September/357883.html">Unexpected benefit with Ryzen – reducing power for build server</a></li>
41544 <li><a href="https://mwl.io/archives/3758">Happy #CIDRDay!</a></li>
41545 <li><a href="https://mwl.io/archives/3771">Absolute FreeBSD 3e ship date</a></li>
41546 <li><a href="http://www.mug.org/">MWL FreeBSD talk @ October 9th 2018 - MUG Meeting</a></li>
41547 <li><a href="https://www.ixsystems.com/blog/meetbsd-2018-countdown/">MeetBSD Oct 19-20</a></li>
41548 <li><a href="http://mailman.uk.freebsd.org/pipermail/ukfreebsd/2018-September/014218.html">October’s London *BSD meetup - 9th Oct 2018</a></li>
41549 <li><a href="https://www.bsd.nrw/">NRW BUG Meeting at Trivago Oct. 9</a></li>
41550 <li><a href="https://blog.socruel.nu/misc/eurobsdcon-2018.html">Lars Wittebrood blogs about his visit to EuroBSDCon 2018</a></li>
41551 <li><a href="https://undeadly.org/cgi?action=article;sid=20180925075334">EuroBSDcon 2018 OpenBSD slides available</a></li>
41552 <li><a href="https://2018.eurobsdcon.org/talks-speakers/">EuroBSDCon conference site has most slides as well</a></li>
41553 </ul>
41554
41555 <p><hr></p>
41556
41557 <p>##Feedback/Questions</p>
41558
41559 <ul>
41560 <li>Brad - <a href="http://dpaste.com/3T9M2QC#wrap">Unmounted ZFS sends</a></li>
41561 <li>Niclas - <a href="http://dpaste.com/11TKDK2">Report from a Meetup</a></li>
41562 <li>Ghislain - <a href="http://dpaste.com/2790GC6">Bhyve not used?</a></li>
41563 <li>Shane - <a href="http://dpaste.com/1P055SQ">zpool history and snapshots</a></li>
41564 </ul>
41565
41566 <p><hr></p>
41567
41568 <ul>
41569 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
41570 </ul>
41571
41572 <p><hr></p>]]>
41573 </itunes:summary>
41574 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+arq3hCX1</fireside:playerURL>
41575 <fireside:playerEmbedCode>
41576 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+arq3hCX1" width="740" height="200" frameborder="0" scrolling="no">]]>
41577 </fireside:playerEmbedCode>
41578 </item>
41579 <item>
41580 <title>Episode 265: Software Disenchantment | BSD Now 265</title>
41581 <link>https://www.bsdnow.tv/265</link>
41582 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-2631</guid>
41583 <pubDate>Thu, 27 Sep 2018 01:00:00 -0700</pubDate>
41584 <author>Allan Jude</author>
41585 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/01bccaf7-cfe6-48d1-90e8-8fd66badaeb6.mp3" length="61339126" type="audio/mp3"/>
41586 <itunes:episodeType>full</itunes:episodeType>
41587 <itunes:author>Allan Jude</itunes:author>
41588 <itunes:subtitle>We report from our experiences at EuroBSDcon, disenchant software, LLVM 7.0.0 has been released, Thinkpad BIOS update options, HardenedBSD Foundation announced, and ZFS send vs. rsync.</itunes:subtitle>
41589 <itunes:duration>1:41:55</itunes:duration>
41590 <itunes:explicit>no</itunes:explicit>
41591 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
41592 <description>We report from our experiences at EuroBSDcon, disenchant software, LLVM 7.0.0 has been released, Thinkpad BIOS update options, HardenedBSD Foundation announced, and ZFS send vs. rsync.
41593 <p>##Headlines</p>
41594 <p>###[FreeBSD DevSummit &amp; EuroBSDcon 2018 in Romania]</p>
41595 <ul>
41596 <li>Your hosts are back from EuroBSDcon 2018 held in Bucharest, Romania this year. The first two days of the conference are used for tutorials and devsummits (FreeBSD and NetBSD), while the last two are for talks.</li>
41597 <li>Although Benedict organized the devsummit in large parts, he did not attend it this year. He held his Ansible tutorial in the morning of the first day, followed by Niclas Zeising’s new ports and poudriere tutorial (which had a record attendance). It was intended for beginners that had never used poudriere before and those who wanted to create their first port. The tutorial was well received and Niclas already has ideas for extending it for future conferences.</li>
41598 <li>On the second day, Benedict took Kirk McKusick’s “An Introduction to the FreeBSD Open-Source Operating System” tutorial, held as a one full day class this year. Although it was reduced in content, it went into enough depth of many areas of the kernel and operating system to spark many questions from attendees. Clearly, this is a good start into kernel programming as Kirk provides enough material and backstories to understand why certain things are implemented as they are.</li>
41599 <li>Olivier Robert took <a href="https://www.talegraph.com/tales/l2o9ltrvsE">https://www.talegraph.com/tales/l2o9ltrvsE</a> (pictures from the devsummit) and created a nice gallery out of it.</li>
41600 <li>Devsummit evenings saw dinners at two restaurants that allowed developers to spend some time talking over food and drinks.</li>
41601 <li>The conference opened on the next day with the opening session held by Mihai Carabas. He introduced the first keynote speaker, a colleague of his who presented “Lightweight virtualization with LightVM and Unikraft”.</li>
41602 <li>Benedict helped out at the FreeBSD Foundation sponsor table and talked to people. He saw the following talks in between:</li>
41603 </ul>
41604 <blockquote>
41605 <p>Selfhosting as an alternative to the public cloud (by Albert Dengg)<br>
41606 Using Boot Environments at Scale (by Allan Jude)<br>
41607 Livepatching FreeBSD kernel (by Maciej Grochowski)<br>
41608 FreeBSD: What to (Not) Monitor (by Andrew Fengler)<br>
41609 FreeBSD Graphics (by Niclas Zeising)</p>
41610 </blockquote>
41611 <ul>
41612 <li>Allan spent a lot of time talking to people and helping track down issues they were having, in addition to attending many talks:
41613 <blockquote>
41614 <p>Hacking together a FreeBSD presentation streaming box – For as little as possible (by Tom Jones)<br>
41615 Introduction of FreeBSD in new environments (by Baptiste Daroussin)<br>
41616 Keynote: Some computing and networking historical perspectives (by Ron Broersma)<br>
41617 Livepatching FreeBSD kernel (by Maciej Grochowski)<br>
41618 FreeBSD: What to (Not) Monitor (by Andrew Fengler)<br>
41619 Being a BSD user (by Roller Angel)<br>
41620 From “Hello World” to the VFS Layer: building a beadm for DragonFly BSD (by Michael Voight)</p>
41621 </blockquote>
41622 </li>
41623 <li>We also met the winner of our Power Bagel raffle from <a href="http://www.bsdnow.tv/episodes/2018_07_25-2_8_because_computers">Episode 2^8</a>. He received the item in the meantime and had it with him at the conference, providing a power outlet to charge other people’s devices.</li>
41624 <li>During the closing session, <a href="https://twitter.com/groffthebsdgoat">GroffTheBSDGoat</a> was handed over to Deb Goodkin, who will bring the little guy to the <a href="https://ghc.anitab.org/">Grace Hopper Celebration of Women in Computing conference</a> and then to <a href="http://meetbsd.com">MeetBSD</a> later this year. It was also revealed that next year’s EuroBSDcon will be held in Lillehammer, Norway.</li>
41625 <li>Thanks to all the speakers, helpers, sponsors, organizers, and attendees for making it a successful conferences. There were no talks recorded this year, but the slides will be uploaded to the <a href="http://eurobsdcon.org">EuroBSDcon website</a> in a couple of weeks. The <a href="https://www.openbsd.org/events.html#eurobsdcon2018">OpenBSD talks</a> are already available, so check them out.</li>
41626 </ul>
41627 <p>###<a href="http://tonsky.me/blog/disenchantment/">Software disenchantment</a></p>
41628 <blockquote>
41629 <p>I’ve been programming for 15 years now. Recently our industry’s lack of care for efficiency, simplicity, and excellence started really getting to me, to the point of me getting depressed by my own career and the IT in general.<br>
41630 Modern cars work, let’s say for the sake of argument, at 98% of what’s physically possible with the current engine design. Modern buildings use just enough material to fulfill their function and stay safe under the given conditions. All planes converged to the optimal size/form/load and basically look the same.<br>
41631 Only in software, it’s fine if a program runs at 1% or even 0.01% of the possible performance. Everybody just seems to be ok with it. People are often even proud about how much inefficient it is, as in “why should we worry, computers are fast enough”:<br>
41632 @tveastman: I have a Python program I run every day, it takes 1.5 seconds. I spent six hours re-writing it in rust, now it takes 0.06 seconds. That efficiency improvement means I’ll make my time back in 41 years, 24 days :-)<br>
41633 You’ve probably heard this mantra: “programmer time is more expensive than computer time”. What it means basically is that we’re wasting computers at an unprecedented scale. Would you buy a car if it eats 100 liters per 100 kilometers? How about 1000 liters? With computers, we do that all the time.</p>
41634 </blockquote>
41635 <ul>
41636 <li>Everything is unbearably slow</li>
41637 </ul>
41638 <blockquote>
41639 <p>Look around: our portable computers are thousands of times more powerful than the ones that brought man to the moon. Yet every other webpage struggles to maintain a smooth 60fps scroll on the latest top-of-the-line MacBook Pro. I can comfortably play games, watch 4K videos but not scroll web pages? How is it ok?<br>
41640 Google Inbox, a web app written by Google, running in Chrome browser also by Google, takes 13 seconds to open moderately-sized emails:<br>
41641 It also animates empty white boxes instead of showing their content because it’s the only way anything can be animated on a webpage with decent performance. No, decent doesn’t mean 60fps, it’s rather “as fast as this web page could possibly go”. I’m dying to see web community answer when 120Hz displays become mainstream. Shit barely hits 60Hz already.<br>
41642 Windows 10 takes 30 minutes to update. What could it possibly be doing for that long? That much time is enough to fully format my SSD drive, download a fresh build and install it like 5 times in a row.<br>
41643 Pavel Fatin: Typing in editor is a relatively simple process, so even 286 PCs were able to provide a rather fluid typing experience.<br>
41644 Modern text editors have higher latency than 42-year-old Emacs. Text editors! What can be simpler? On each keystroke, all you have to do is update tiny rectangular region and modern text editors can’t do that in 16ms. It’s a lot of time. A LOT. A 3D game can fill the whole screen with hundreds of thousands (!!!) of polygons in the same 16ms and also process input, recalculate the world and dynamically load/unload resources. How come?<br>
41645 As a general trend, we’re not getting faster software with more features. We’re getting faster hardware that runs slower software with the same features. Everything works way below the possible speed. Ever wonder why your phone needs 30 to 60 seconds to boot? Why can’t it boot, say, in one second? There are no physical limitations to that. I would love to see that. I would love to see limits reached and explored, utilizing every last bit of performance we can get for something meaningful in a meaningful way.</p>
41646 </blockquote>
41647 <ul>
41648 <li>Everything is HUUUUGE</li>
41649 </ul>
41650 <blockquote>
41651 <p>And then there’s bloat. Web apps could open up to 10× faster if you just simply block all ads. Google begs everyone to stop shooting themselves in their feet with AMP initiative—a technology solution to a problem that doesn’t need any technology, just a little bit of common sense. If you remove bloat, the web becomes crazy fast. How smart do you have to be to understand that?<br>
41652 Android system with no apps takes almost 6 Gb. Just think for a second how obscenely HUGE that number is. What’s in there, HD movies? I guess it’s basically code: kernel, drivers. Some string and resources too, sure, but those can’t be big. So, how many drivers do you need for a phone?<br>
41653 Windows 95 was 30Mb. Today we have web pages heavier than that! Windows 10 is 4Gb, which is 133 times as big. But is it 133 times as superior? I mean, functionally they are basically the same. Yes, we have Cortana, but I doubt it takes 3970 Mb. But whatever Windows 10 is, is Android really 150% of that?<br>
41654 Google keyboard app routinely eats 150 Mb. Is an app that draws 30 keys on a screen really five times more complex than the whole Windows 95? Google app, which is basically just a package for Google Web Search, is 350 Mb! Google Play Services, which I do not use (I don’t buy books, music or videos there)—300 Mb that just sit there and which I’m unable to delete.<br>
41655 All that leaves me around 1 Gb for my photos after I install all the essential (social, chats, maps, taxi, banks etc) apps. And that’s with no games and no music at all! Remember times when an OS, apps and all your data fit on a floppy?<br>
41656 Your desktop todo app is probably written in Electron and thus has userland driver for Xbox 360 controller in it, can render 3d graphics and play audio and take photos with your web camera.<br>
41657 A simple text chat is notorious for its load speed and memory consumption. Yes, you really have to count Slack in as a resource-heavy application. I mean, chatroom and barebones text editor, those are supposed to be two of the less demanding apps in the whole world. Welcome to 2018.<br>
41658 At least it works, you might say. Well, bigger doesn’t imply better. Bigger means someone has lost control. Bigger means we don’t know what’s going on. Bigger means complexity tax, performance tax, reliability tax. This is not the norm and should not become the norm. Overweight apps should mean a red flag. They should mean run away scared.</p>
41659 </blockquote>
41660 <ul>
41661 <li>Better world manifesto</li>
41662 </ul>
41663 <blockquote>
41664 <p>I want to see progress. I want change. I want state-of-the-art in software engineering to improve, not just stand still. I don’t want to reinvent the same stuff over and over, less performant and more bloated each time. I want something to believe in, a worthy end goal, a future better than what we have today, and I want a community of engineers who share that vision.<br>
41665 What we have today is not progress. We barely meet business goals with poor tools applied over the top. We’re stuck in local optima and nobody wants to move out. It’s not even a good place, it’s bloated and inefficient. We just somehow got used to it.<br>
41666 So I want to call it out: where we are today is bullshit. As engineers, we can, and should, and will do better. We can have better tools, we can build better apps, faster, more predictable, more reliable, using fewer resources (orders of magnitude fewer!). We need to understand deeply what are we doing and why. We need to deliver: reliably, predictably, with topmost quality. We can—and should–take pride in our work. Not just “given what we had…”—no buts!<br>
41667 I hope I’m not alone at this. I hope there are people out there who want to do the same. I’d appreciate if we at least start talking about how absurdly bad our current situation in the software industry is. And then we maybe figure out how to get out.</p>
41668 </blockquote>
41669 <hr>
41670 <p>##News Roundup<br>
41671 <a href="https://lists.llvm.org/pipermail/llvm-announce/2018-September/000080.html">[llvm-announce] LLVM 7.0.0 Release</a></p>
41672 <pre><code>I am pleased to announce that LLVM 7 is now available.
41673
41674 Get it here: https://llvm.org/releases/download.html#7.0.0
41675
41676 The release contains the work on trunk up to SVN revision 338536 plus
41677 work on the release branch. It is the result of the community's work
41678 over the past six months, including: function multiversioning in Clang
41679 with the 'target' attribute for ELF-based x86/x86_64 targets, improved
41680 PCH support in clang-cl, preliminary DWARF v5 support, basic support
41681 for OpenMP 4.5 offloading to NVPTX, OpenCL C++ support, MSan, X-Ray
41682 and libFuzzer support for FreeBSD, early UBSan, X-Ray and libFuzzer
41683 support for OpenBSD, UBSan checks for implicit conversions, many
41684 long-tail compatibility issues fixed in lld which is now production
41685 ready for ELF, COFF and MinGW, new tools llvm-exegesis, llvm-mca and
41686 diagtool. And as usual, many optimizations, improved diagnostics, and
41687 bug fixes.
41688
41689 For more details, see the release notes:
41690 https://llvm.org/releases/7.0.0/docs/ReleaseNotes.html
41691 https://llvm.org/releases/7.0.0/tools/clang/docs/ReleaseNotes.html
41692 https://llvm.org/releases/7.0.0/tools/clang/tools/extra/docs/ReleaseNotes.html
41693 https://llvm.org/releases/7.0.0/tools/lld/docs/ReleaseNotes.html
41694
41695 Thanks to everyone who helped with filing, fixing, and code reviewing
41696 for the release-blocking bugs!
41697
41698 Special thanks to the release testers and packagers: Bero
41699 Rosenkränzer, Brian Cain, Dimitry Andric, Jonas Hahnfeld, Lei Huang
41700 Michał Górny, Sylvestre Ledru, Takumi Nakamura, and Vedant Kumar.
41701
41702 For questions or comments about the release, please contact the
41703 community on the mailing lists. Onwards to LLVM 8!
41704
41705 Cheers,
41706 Hans
41707 </code></pre>
41708 <hr>
41709 <p>###<a href="https://blog.raveland.org/post/thinkpad_update_bios/">Update your Thinkpad’s bios with Linux or OpenBSD</a></p>
41710 <ul>
41711 <li>Get your new bios</li>
41712 </ul>
41713 <blockquote>
41714 <p>At first, go to the Lenovo website and download your new bios:</p>
41715 </blockquote>
41716 <ul>
41717 <li>Go to lenovo support</li>
41718 <li>Use the search bar to find your product (example for me, x270)</li>
41719 <li>Choose the right product (if necessary) and click search</li>
41720 <li>On the right side, click on Update Your System</li>
41721 <li>Click on BIOS/UEFI</li>
41722 <li>Choose *BIOS Update (Bootable CD) for Windows *</li>
41723 <li>Download</li>
41724 </ul>
41725 <blockquote>
41726 <p>For me the file is called like this : r0iuj25wd.iso</p>
41727 </blockquote>
41728 <ul>
41729 <li>Extract bios update</li>
41730 </ul>
41731 <blockquote>
41732 <p>Now you will need to install geteltorito.</p>
41733 </blockquote>
41734 <ul>
41735 <li>With OpenBSD:</li>
41736 </ul>
41737 <p><code>$ doas pkgadd geteltorito</code><br>
41738 <code>quirks-3.7 signed on 2018-09-09T13:15:19Z</code><br>
41739 <code>geteltorito-0.6: ok</code></p>
41740 <ul>
41741 <li>With Debian:</li>
41742 </ul>
41743 <p><code>$ sudo apt-get install genisoimage</code></p>
41744 <ul>
41745 <li>Now we will extract the bios update :</li>
41746 </ul>
41747 <p><code>$ geteltorito -o biosupdate.img r0iuj25wd.iso</code><br>
41748 <code>Booting catalog starts at sector: 20</code><br>
41749 <code>Manufacturer of CD: NERO BURNING ROM VER 12</code><br>
41750 <code>Image architecture: x86</code><br>
41751 <code>Boot media type is: harddisk</code><br>
41752 <code>El Torito image starts at sector 27 and has 43008 sector(s) of 512 Bytes</code><br>
41753 <code></code><br>
41754 <code>Image has been written to file &quot;biosupdate.img&quot;.</code><br>
41755 <code>This will create a file called biosupdate.img.</code></p>
41756 <ul>
41757 <li>Put the image on an USB key</li>
41758 <li>CAREFULL : on my computer, my USB key is sda1 on Linux and sd1 on OpenBSD.</li>
41759 </ul>
41760 <blockquote>
41761 <p>Please check twice on your computer the name of your USB key.</p>
41762 </blockquote>
41763 <ul>
41764 <li>With OpenBSD :</li>
41765 </ul>
41766 <p><code>$ doas dd if=biosupdate.img of=/dev/rsd1c</code></p>
41767 <ul>
41768 <li>With Linux :</li>
41769 </ul>
41770 <p><code>$ sudo dd if=biosupdate.img of=/dev/sda</code></p>
41771 <blockquote>
41772 <p>Now all you need is to reboot, to boot on your USB key and follow the instructions. Enjoy &#x1f609;</p>
41773 </blockquote>
41774 <hr>
41775 <p>###<a href="https://hardenedbsd.org/article/shawn-webb/2018-09-17/announcing-hardenedbsd-foundation">Announcing The HardenedBSD Foundation</a></p>
41776 <blockquote>
41777 <p>In June of 2018, we announced our intent to become a not-for-profit, tax-exempt 501©(3) organization in the United States. It took a dedicated team months of work behind-the-scenes to make that happen. On 06 September 2018, HardenedBSD Foundation Corp was granted 501©(3) status, from which point all US-based persons making donations can deduct the donation from their taxes.<br>
41778 We are grateful for those who contribute to HardenedBSD in whatever way they can. Thank you for making HardenedBSD possible. We look forward to a bright future, driven by a helpful and positive community.</p>
41779 </blockquote>
41780 <hr>
41781 <p>###<a href="https://utcc.utoronto.ca/~cks/space/blog/solaris/ZFSSendRecvVsRsync">How you migrate ZFS filesystems matters</a></p>
41782 <blockquote>
41783 <p>If you want to move a ZFS filesystem around from one host to another, you have two general approaches; you can use ‘zfs send’ and ‘zfs receive’, or you can use a user level copying tool such as rsync (or ‘tar -cf | tar -xf’, or any number of similar options). Until recently, I had considered these two approaches to be more or less equivalent apart from their convenience and speed (which generally tilted in favour of ‘zfs send’). It turns out that this is not necessarily the case and there are situations where you will want one instead of the other.<br>
41784 We have had two generations of ZFS fileservers so far, the Solaris ones and the OmniOS ones. When we moved from the first generation to the second generation, we migrated filesystems across using ‘zfs send’, including the filesystem with my home directory in it (we did this for various reasons). Recently I discovered that some old things in my filesystem didn’t have file type information in their directory entries. ZFS has been adding file type information to directories for a long time, but not quite as long as my home directory has been on ZFS.<br>
41785 This illustrates an important difference between the ‘zfs send’ approach and the rsync approach, which is that zfs send doesn’t update or change at least some ZFS on-disk data structures, in the way that re-writing them from scratch from user level does. There are both positives and negatives to this, and a certain amount of rewriting does happen even in the ‘zfs send’ case (for example, all of the block pointers get changed, and ZFS will re-compress your data as applicable).<br>
41786 I knew that in theory you had to copy things at the user level if you wanted to make sure that your ZFS filesystem and everything in it was fully up to date with the latest ZFS features. But I didn’t expect to hit a situation where it mattered in practice until, well, I did. Now I suspect that old files on our old filesystems may be partially missing a number of things, and I’m wondering how much of the various changes in ‘zfs upgrade -v’ apply even to old data.<br>
41787 (I’d run into this sort of general thing before when I looked into ext3 to ext4 conversion on Linux.)<br>
41788 With all that said, I doubt this will change our plans for migrating our ZFS filesystems in the future (to our third generation fileservers). ZFS sending and receiving is just too convenient, too fast and too reliable to give up. Rsync isn’t bad, but it’s not the same, and so we only use it when we have to (when we’re moving only some of the people in a filesystem instead of all of them, for example).<br>
41789 PS: I was going to try to say something about what ‘zfs send’ did and didn’t update, but having looked briefly at the code I’ve concluded that I need to do more research before running my keyboard off. In the mean time, you can read the OpenZFS wiki page on ZFS send and receive, which has plenty of juicy technical details.<br>
41790 PPS: Since eliminating all-zero blocks is a form of compression, you can turn zero-filled files into sparse files through a ZFS send/receive if the destination has compression enabled. As far as I know, genuine sparse files on the source will stay sparse through a ZFS send/receive even if they’re sent to a destination with compression off.</p>
41791 </blockquote>
41792 <hr>
41793 <p>##Beastie Bits</p>
41794 <ul>
41795 <li><a href="https://www.meetup.com/BSD-Users-Stockholm/events/254235663/">BSD Users Stockholm Meetup #4: Tuesday, November 13, 2018 at 18:00</a></li>
41796 <li><a href="https://bsd-pl.org/en">BSD Poland User Group: Next Meeting: October 11, 2018, 18:15 - 21:15 at Warsaw University of Technology</a></li>
41797 <li><a href="https://undeadly.org/cgi?action=article;sid=20180915112028">n2k18 Hackathon report: Ken Westerback (krw@) on disklabel(8) work, dhclient(8) progress</a></li>
41798 <li><a href="https://lists.xenproject.org/archives/html/mirageos-devel/2018-09/msg00013.html">Running MirageOS Unikernels on OpenBSD in vmm (Now Works)</a></li>
41799 <li><a href="https://undeadly.org/cgi?action=article;sid=20180910070407">vmm(4) gets support for qcow2</a></li>
41800 <li><a href="https://oshogbo.vexillium.org/blog/52/">MeetBSD and SecurityBsides</a></li>
41801 <li><a href="https://twitter.com/cperciva/status/1041433506453155840">Colin Percival reduced FreeBSD startup time from 10627ms (11.2) to 4738ms (12.0)</a></li>
41802 <li><a href="https://lists.freebsd.org/pipermail/freebsd-announce/2018-September/001842.html">FreeBSD 11.1 end-of-life</a></li>
41803 <li><a href="https://www.meetup.com/KnoxBUG-BSD-Linux-and-FOSS-Users-Unite/events/254759084">KnoxBug: Monday, October 1, 2018 at 18:00: Real-world Performance Advantages of NVDIMM and NVMe: Case Study with OpenZFS</a></li>
41804 </ul>
41805 <hr>
41806 <p>##Feedback/Questions</p>
41807 <ul>
41808 <li>Todd - <a href="http://dpaste.com/2QZEZPA">2 Nics, 1 bhyve and a jail cell</a></li>
41809 <li>Thomas - <a href="http://dpaste.com/3SFM1YP#wrap">Deep Dive</a></li>
41810 <li>Morgan - <a href="http://dpaste.com/07EK4RK#wrap">Send/Receive to Manage Fragmentation?</a></li>
41811 <li>Dominik - <a href="http://dpaste.com/0SZJ0V4#wrap">hierarchical jails -&gt; networking</a></li>
41812 </ul>
41813 <hr>
41814 <ul>
41815 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
41816 </ul>
41817 <hr>
41818 </description>
41819 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, ZFS rsync, Thinkpad, BIOS, LLVM, eurobsdcon, trip report, conference, bsd conference</itunes:keywords>
41820 <content:encoded>
41821 <![CDATA[<p>We report from our experiences at EuroBSDcon, disenchant software, LLVM 7.0.0 has been released, Thinkpad BIOS update options, HardenedBSD Foundation announced, and ZFS send vs. rsync.</p>
41822
41823 <p>##Headlines</p>
41824
41825 <p>###[FreeBSD DevSummit & EuroBSDcon 2018 in Romania]</p>
41826
41827 <ul>
41828 <li>Your hosts are back from EuroBSDcon 2018 held in Bucharest, Romania this year. The first two days of the conference are used for tutorials and devsummits (FreeBSD and NetBSD), while the last two are for talks.</li>
41829 <li>Although Benedict organized the devsummit in large parts, he did not attend it this year. He held his Ansible tutorial in the morning of the first day, followed by Niclas Zeising’s new ports and poudriere tutorial (which had a record attendance). It was intended for beginners that had never used poudriere before and those who wanted to create their first port. The tutorial was well received and Niclas already has ideas for extending it for future conferences.</li>
41830 <li>On the second day, Benedict took Kirk McKusick’s “An Introduction to the FreeBSD Open-Source Operating System” tutorial, held as a one full day class this year. Although it was reduced in content, it went into enough depth of many areas of the kernel and operating system to spark many questions from attendees. Clearly, this is a good start into kernel programming as Kirk provides enough material and backstories to understand why certain things are implemented as they are.</li>
41831 <li>Olivier Robert took [<a href="https://www.talegraph.com/tales/l2o9ltrvsE">https://www.talegraph.com/tales/l2o9ltrvsE</a>](pictures from the devsummit) and created a nice gallery out of it.</li>
41832 <li>Devsummit evenings saw dinners at two restaurants that allowed developers to spend some time talking over food and drinks.</li>
41833 <li>The conference opened on the next day with the opening session held by Mihai Carabas. He introduced the first keynote speaker, a colleague of his who presented “Lightweight virtualization with LightVM and Unikraft”.</li>
41834 <li>Benedict helped out at the FreeBSD Foundation sponsor table and talked to people. He saw the following talks in between:</li>
41835 </ul>
41836
41837 <blockquote>
41838 <p>Selfhosting as an alternative to the public cloud (by Albert Dengg)<br>
41839 Using Boot Environments at Scale (by Allan Jude)<br>
41840 Livepatching FreeBSD kernel (by Maciej Grochowski)<br>
41841 FreeBSD: What to (Not) Monitor (by Andrew Fengler)<br>
41842 FreeBSD Graphics (by Niclas Zeising)</p>
41843 </blockquote>
41844
41845 <ul>
41846 <li>Allan spent a lot of time talking to people and helping track down issues they were having, in addition to attending many talks:
41847 <blockquote>
41848 <p>Hacking together a FreeBSD presentation streaming box – For as little as possible (by Tom Jones)<br>
41849 Introduction of FreeBSD in new environments (by Baptiste Daroussin)<br>
41850 Keynote: Some computing and networking historical perspectives (by Ron Broersma)<br>
41851 Livepatching FreeBSD kernel (by Maciej Grochowski)<br>
41852 FreeBSD: What to (Not) Monitor (by Andrew Fengler)<br>
41853 Being a BSD user (by Roller Angel)<br>
41854 From “Hello World” to the VFS Layer: building a beadm for DragonFly BSD (by Michael Voight)</p>
41855 </blockquote>
41856 </li>
41857 <li>We also met the winner of our Power Bagel raffle from <a href="http://www.bsdnow.tv/episodes/2018_07_25-2_8_because_computers">Episode 2^8</a>. He received the item in the meantime and had it with him at the conference, providing a power outlet to charge other people’s devices.</li>
41858 <li>During the closing session, <a href="https://twitter.com/groffthebsdgoat">GroffTheBSDGoat</a> was handed over to Deb Goodkin, who will bring the little guy to the <a href="https://ghc.anitab.org/">Grace Hopper Celebration of Women in Computing conference</a> and then to <a href="http://meetbsd.com">MeetBSD</a> later this year. It was also revealed that next year’s EuroBSDcon will be held in Lillehammer, Norway.</li>
41859 <li>Thanks to all the speakers, helpers, sponsors, organizers, and attendees for making it a successful conferences. There were no talks recorded this year, but the slides will be uploaded to the <a href="http://eurobsdcon.org">EuroBSDcon website</a> in a couple of weeks. The <a href="https://www.openbsd.org/events.html#eurobsdcon2018">OpenBSD talks</a> are already available, so check them out.</li>
41860 </ul>
41861
41862 <p>###<a href="http://tonsky.me/blog/disenchantment/">Software disenchantment</a></p>
41863
41864 <blockquote>
41865 <p>I’ve been programming for 15 years now. Recently our industry’s lack of care for efficiency, simplicity, and excellence started really getting to me, to the point of me getting depressed by my own career and the IT in general.<br>
41866 Modern cars work, let’s say for the sake of argument, at 98% of what’s physically possible with the current engine design. Modern buildings use just enough material to fulfill their function and stay safe under the given conditions. All planes converged to the optimal size/form/load and basically look the same.<br>
41867 Only in software, it’s fine if a program runs at 1% or even 0.01% of the possible performance. Everybody just seems to be ok with it. People are often even proud about how much inefficient it is, as in “why should we worry, computers are fast enough”:<br>
41868 @tveastman: I have a Python program I run every day, it takes 1.5 seconds. I spent six hours re-writing it in rust, now it takes 0.06 seconds. That efficiency improvement means I’ll make my time back in 41 years, 24 days :-)<br>
41869 You’ve probably heard this mantra: “programmer time is more expensive than computer time”. What it means basically is that we’re wasting computers at an unprecedented scale. Would you buy a car if it eats 100 liters per 100 kilometers? How about 1000 liters? With computers, we do that all the time.</p>
41870 </blockquote>
41871
41872 <ul>
41873 <li>Everything is unbearably slow</li>
41874 </ul>
41875
41876 <blockquote>
41877 <p>Look around: our portable computers are thousands of times more powerful than the ones that brought man to the moon. Yet every other webpage struggles to maintain a smooth 60fps scroll on the latest top-of-the-line MacBook Pro. I can comfortably play games, watch 4K videos but not scroll web pages? How is it ok?<br>
41878 Google Inbox, a web app written by Google, running in Chrome browser also by Google, takes 13 seconds to open moderately-sized emails:<br>
41879 It also animates empty white boxes instead of showing their content because it’s the only way anything can be animated on a webpage with decent performance. No, decent doesn’t mean 60fps, it’s rather “as fast as this web page could possibly go”. I’m dying to see web community answer when 120Hz displays become mainstream. Shit barely hits 60Hz already.<br>
41880 Windows 10 takes 30 minutes to update. What could it possibly be doing for that long? That much time is enough to fully format my SSD drive, download a fresh build and install it like 5 times in a row.<br>
41881 Pavel Fatin: Typing in editor is a relatively simple process, so even 286 PCs were able to provide a rather fluid typing experience.<br>
41882 Modern text editors have higher latency than 42-year-old Emacs. Text editors! What can be simpler? On each keystroke, all you have to do is update tiny rectangular region and modern text editors can’t do that in 16ms. It’s a lot of time. A LOT. A 3D game can fill the whole screen with hundreds of thousands (!!!) of polygons in the same 16ms and also process input, recalculate the world and dynamically load/unload resources. How come?<br>
41883 As a general trend, we’re not getting faster software with more features. We’re getting faster hardware that runs slower software with the same features. Everything works way below the possible speed. Ever wonder why your phone needs 30 to 60 seconds to boot? Why can’t it boot, say, in one second? There are no physical limitations to that. I would love to see that. I would love to see limits reached and explored, utilizing every last bit of performance we can get for something meaningful in a meaningful way.</p>
41884 </blockquote>
41885
41886 <ul>
41887 <li>Everything is HUUUUGE</li>
41888 </ul>
41889
41890 <blockquote>
41891 <p>And then there’s bloat. Web apps could open up to 10× faster if you just simply block all ads. Google begs everyone to stop shooting themselves in their feet with AMP initiative—a technology solution to a problem that doesn’t need any technology, just a little bit of common sense. If you remove bloat, the web becomes crazy fast. How smart do you have to be to understand that?<br>
41892 Android system with no apps takes almost 6 Gb. Just think for a second how obscenely HUGE that number is. What’s in there, HD movies? I guess it’s basically code: kernel, drivers. Some string and resources too, sure, but those can’t be big. So, how many drivers do you need for a phone?<br>
41893 Windows 95 was 30Mb. Today we have web pages heavier than that! Windows 10 is 4Gb, which is 133 times as big. But is it 133 times as superior? I mean, functionally they are basically the same. Yes, we have Cortana, but I doubt it takes 3970 Mb. But whatever Windows 10 is, is Android really 150% of that?<br>
41894 Google keyboard app routinely eats 150 Mb. Is an app that draws 30 keys on a screen really five times more complex than the whole Windows 95? Google app, which is basically just a package for Google Web Search, is 350 Mb! Google Play Services, which I do not use (I don’t buy books, music or videos there)—300 Mb that just sit there and which I’m unable to delete.<br>
41895 All that leaves me around 1 Gb for my photos after I install all the essential (social, chats, maps, taxi, banks etc) apps. And that’s with no games and no music at all! Remember times when an OS, apps and all your data fit on a floppy?<br>
41896 Your desktop todo app is probably written in Electron and thus has userland driver for Xbox 360 controller in it, can render 3d graphics and play audio and take photos with your web camera.<br>
41897 A simple text chat is notorious for its load speed and memory consumption. Yes, you really have to count Slack in as a resource-heavy application. I mean, chatroom and barebones text editor, those are supposed to be two of the less demanding apps in the whole world. Welcome to 2018.<br>
41898 At least it works, you might say. Well, bigger doesn’t imply better. Bigger means someone has lost control. Bigger means we don’t know what’s going on. Bigger means complexity tax, performance tax, reliability tax. This is not the norm and should not become the norm. Overweight apps should mean a red flag. They should mean run away scared.</p>
41899 </blockquote>
41900
41901 <ul>
41902 <li>Better world manifesto</li>
41903 </ul>
41904
41905 <blockquote>
41906 <p>I want to see progress. I want change. I want state-of-the-art in software engineering to improve, not just stand still. I don’t want to reinvent the same stuff over and over, less performant and more bloated each time. I want something to believe in, a worthy end goal, a future better than what we have today, and I want a community of engineers who share that vision.<br>
41907 What we have today is not progress. We barely meet business goals with poor tools applied over the top. We’re stuck in local optima and nobody wants to move out. It’s not even a good place, it’s bloated and inefficient. We just somehow got used to it.<br>
41908 So I want to call it out: where we are today is bullshit. As engineers, we can, and should, and will do better. We can have better tools, we can build better apps, faster, more predictable, more reliable, using fewer resources (orders of magnitude fewer!). We need to understand deeply what are we doing and why. We need to deliver: reliably, predictably, with topmost quality. We can—and should–take pride in our work. Not just “given what we had…”—no buts!<br>
41909 I hope I’m not alone at this. I hope there are people out there who want to do the same. I’d appreciate if we at least start talking about how absurdly bad our current situation in the software industry is. And then we maybe figure out how to get out.</p>
41910 </blockquote>
41911
41912 <p><hr></p>
41913
41914 <p>##News Roundup<br>
41915 ###<a href="https://lists.llvm.org/pipermail/llvm-announce/2018-September/000080.html">[llvm-announce] LLVM 7.0.0 Release</a></p>
41916
41917 <pre><code>I am pleased to announce that LLVM 7 is now available.
41918
41919 Get it here: https://llvm.org/releases/download.html#7.0.0
41920
41921 The release contains the work on trunk up to SVN revision 338536 plus
41922 work on the release branch. It is the result of the community's work
41923 over the past six months, including: function multiversioning in Clang
41924 with the 'target' attribute for ELF-based x86/x86_64 targets, improved
41925 PCH support in clang-cl, preliminary DWARF v5 support, basic support
41926 for OpenMP 4.5 offloading to NVPTX, OpenCL C++ support, MSan, X-Ray
41927 and libFuzzer support for FreeBSD, early UBSan, X-Ray and libFuzzer
41928 support for OpenBSD, UBSan checks for implicit conversions, many
41929 long-tail compatibility issues fixed in lld which is now production
41930 ready for ELF, COFF and MinGW, new tools llvm-exegesis, llvm-mca and
41931 diagtool. And as usual, many optimizations, improved diagnostics, and
41932 bug fixes.
41933
41934 For more details, see the release notes:
41935 https://llvm.org/releases/7.0.0/docs/ReleaseNotes.html
41936 https://llvm.org/releases/7.0.0/tools/clang/docs/ReleaseNotes.html
41937 https://llvm.org/releases/7.0.0/tools/clang/tools/extra/docs/ReleaseNotes.html
41938 https://llvm.org/releases/7.0.0/tools/lld/docs/ReleaseNotes.html
41939
41940 Thanks to everyone who helped with filing, fixing, and code reviewing
41941 for the release-blocking bugs!
41942
41943 Special thanks to the release testers and packagers: Bero
41944 Rosenkränzer, Brian Cain, Dimitry Andric, Jonas Hahnfeld, Lei Huang
41945 Michał Górny, Sylvestre Ledru, Takumi Nakamura, and Vedant Kumar.
41946
41947 For questions or comments about the release, please contact the
41948 community on the mailing lists. Onwards to LLVM 8!
41949
41950 Cheers,
41951 Hans
41952 </code></pre>
41953
41954 <p><hr></p>
41955
41956 <p>###<a href="https://blog.raveland.org/post/thinkpad_update_bios/">Update your Thinkpad’s bios with Linux or OpenBSD</a></p>
41957
41958 <ul>
41959 <li>Get your new bios</li>
41960 </ul>
41961
41962 <blockquote>
41963 <p>At first, go to the Lenovo website and download your new bios:</p>
41964 </blockquote>
41965
41966 <ul>
41967 <li>Go to lenovo support</li>
41968 <li>Use the search bar to find your product (example for me, x270)</li>
41969 <li>Choose the right product (if necessary) and click search</li>
41970 <li>On the right side, click on Update Your System</li>
41971 <li>Click on BIOS/UEFI</li>
41972 <li>Choose *BIOS Update (Bootable CD) for Windows *</li>
41973 <li>Download</li>
41974 </ul>
41975
41976 <blockquote>
41977 <p>For me the file is called like this : r0iuj25wd.iso</p>
41978 </blockquote>
41979
41980 <ul>
41981 <li>Extract bios update</li>
41982 </ul>
41983
41984 <blockquote>
41985 <p>Now you will need to install geteltorito.</p>
41986 </blockquote>
41987
41988 <ul>
41989 <li>With OpenBSD:</li>
41990 </ul>
41991
41992 <p><code>$ doas pkg_add geteltorito</code><br>
41993 <code>quirks-3.7 signed on 2018-09-09T13:15:19Z</code><br>
41994 <code>geteltorito-0.6: ok</code></p>
41995
41996 <ul>
41997 <li>With Debian:</li>
41998 </ul>
41999
42000 <p><code>$ sudo apt-get install genisoimage</code></p>
42001
42002 <ul>
42003 <li>Now we will extract the bios update :</li>
42004 </ul>
42005
42006 <p><code>$ geteltorito -o bios_update.img r0iuj25wd.iso</code><br>
42007 <code>Booting catalog starts at sector: 20</code><br>
42008 <code>Manufacturer of CD: NERO BURNING ROM VER 12</code><br>
42009 <code>Image architecture: x86</code><br>
42010 <code>Boot media type is: harddisk</code><br>
42011 <code>El Torito image starts at sector 27 and has 43008 sector(s) of 512 Bytes</code><br>
42012 <code></code><br>
42013 <code>Image has been written to file "bios_update.img".</code><br>
42014 <code>This will create a file called bios_update.img.</code></p>
42015
42016 <ul>
42017 <li>Put the image on an USB key</li>
42018 <li>CAREFULL : on my computer, my USB key is sda1 on Linux and sd1 on OpenBSD.</li>
42019 </ul>
42020
42021 <blockquote>
42022 <p>Please check twice on your computer the name of your USB key.</p>
42023 </blockquote>
42024
42025 <ul>
42026 <li>With OpenBSD :</li>
42027 </ul>
42028
42029 <p><code>$ doas dd if=bios_update.img of=/dev/rsd1c</code></p>
42030
42031 <ul>
42032 <li>With Linux :</li>
42033 </ul>
42034
42035 <p><code>$ sudo dd if=bios_update.img of=/dev/sda</code></p>
42036
42037 <blockquote>
42038 <p>Now all you need is to reboot, to boot on your USB key and follow the instructions. Enjoy 😉</p>
42039 </blockquote>
42040
42041 <p><hr></p>
42042
42043 <p>###<a href="https://hardenedbsd.org/article/shawn-webb/2018-09-17/announcing-hardenedbsd-foundation">Announcing The HardenedBSD Foundation</a></p>
42044
42045 <blockquote>
42046 <p>In June of 2018, we announced our intent to become a not-for-profit, tax-exempt 501©(3) organization in the United States. It took a dedicated team months of work behind-the-scenes to make that happen. On 06 September 2018, HardenedBSD Foundation Corp was granted 501©(3) status, from which point all US-based persons making donations can deduct the donation from their taxes.<br>
42047 We are grateful for those who contribute to HardenedBSD in whatever way they can. Thank you for making HardenedBSD possible. We look forward to a bright future, driven by a helpful and positive community.</p>
42048 </blockquote>
42049
42050 <p><hr></p>
42051
42052 <p>###<a href="https://utcc.utoronto.ca/~cks/space/blog/solaris/ZFSSendRecvVsRsync">How you migrate ZFS filesystems matters</a></p>
42053
42054 <blockquote>
42055 <p>If you want to move a ZFS filesystem around from one host to another, you have two general approaches; you can use ‘zfs send’ and ‘zfs receive’, or you can use a user level copying tool such as rsync (or ‘tar -cf | tar -xf’, or any number of similar options). Until recently, I had considered these two approaches to be more or less equivalent apart from their convenience and speed (which generally tilted in favour of ‘zfs send’). It turns out that this is not necessarily the case and there are situations where you will want one instead of the other.<br>
42056 We have had two generations of ZFS fileservers so far, the Solaris ones and the OmniOS ones. When we moved from the first generation to the second generation, we migrated filesystems across using ‘zfs send’, including the filesystem with my home directory in it (we did this for various reasons). Recently I discovered that some old things in my filesystem didn’t have file type information in their directory entries. ZFS has been adding file type information to directories for a long time, but not quite as long as my home directory has been on ZFS.<br>
42057 This illustrates an important difference between the ‘zfs send’ approach and the rsync approach, which is that zfs send doesn’t update or change at least some ZFS on-disk data structures, in the way that re-writing them from scratch from user level does. There are both positives and negatives to this, and a certain amount of rewriting does happen even in the ‘zfs send’ case (for example, all of the block pointers get changed, and ZFS will re-compress your data as applicable).<br>
42058 I knew that in theory you had to copy things at the user level if you wanted to make sure that your ZFS filesystem and everything in it was fully up to date with the latest ZFS features. But I didn’t expect to hit a situation where it mattered in practice until, well, I did. Now I suspect that old files on our old filesystems may be partially missing a number of things, and I’m wondering how much of the various changes in ‘zfs upgrade -v’ apply even to old data.<br>
42059 (I’d run into this sort of general thing before when I looked into ext3 to ext4 conversion on Linux.)<br>
42060 With all that said, I doubt this will change our plans for migrating our ZFS filesystems in the future (to our third generation fileservers). ZFS sending and receiving is just too convenient, too fast and too reliable to give up. Rsync isn’t bad, but it’s not the same, and so we only use it when we have to (when we’re moving only some of the people in a filesystem instead of all of them, for example).<br>
42061 PS: I was going to try to say something about what ‘zfs send’ did and didn’t update, but having looked briefly at the code I’ve concluded that I need to do more research before running my keyboard off. In the mean time, you can read the OpenZFS wiki page on ZFS send and receive, which has plenty of juicy technical details.<br>
42062 PPS: Since eliminating all-zero blocks is a form of compression, you can turn zero-filled files into sparse files through a ZFS send/receive if the destination has compression enabled. As far as I know, genuine sparse files on the source will stay sparse through a ZFS send/receive even if they’re sent to a destination with compression off.</p>
42063 </blockquote>
42064
42065 <p><hr></p>
42066
42067 <p>##Beastie Bits</p>
42068
42069 <ul>
42070 <li><a href="https://www.meetup.com/BSD-Users-Stockholm/events/254235663/">BSD Users Stockholm Meetup #4: Tuesday, November 13, 2018 at 18:00</a></li>
42071 <li><a href="https://bsd-pl.org/en">BSD Poland User Group: Next Meeting: October 11, 2018, 18:15 - 21:15 at Warsaw University of Technology</a></li>
42072 <li><a href="https://undeadly.org/cgi?action=article;sid=20180915112028">n2k18 Hackathon report: Ken Westerback (krw@) on disklabel(8) work, dhclient(8) progress</a></li>
42073 <li><a href="https://lists.xenproject.org/archives/html/mirageos-devel/2018-09/msg00013.html">Running MirageOS Unikernels on OpenBSD in vmm (Now Works)</a></li>
42074 <li><a href="https://undeadly.org/cgi?action=article;sid=20180910070407">vmm(4) gets support for qcow2</a></li>
42075 <li><a href="https://oshogbo.vexillium.org/blog/52/">MeetBSD and SecurityBsides</a></li>
42076 <li><a href="https://twitter.com/cperciva/status/1041433506453155840">Colin Percival reduced FreeBSD startup time from 10627ms (11.2) to 4738ms (12.0)</a></li>
42077 <li><a href="https://lists.freebsd.org/pipermail/freebsd-announce/2018-September/001842.html">FreeBSD 11.1 end-of-life</a></li>
42078 <li><a href="https://www.meetup.com/KnoxBUG-BSD-Linux-and-FOSS-Users-Unite/events/254759084">KnoxBug: Monday, October 1, 2018 at 18:00: Real-world Performance Advantages of NVDIMM and NVMe: Case Study with OpenZFS</a></li>
42079 </ul>
42080
42081 <p><hr></p>
42082
42083 <p>##Feedback/Questions</p>
42084
42085 <ul>
42086 <li>Todd - <a href="http://dpaste.com/2QZEZPA">2 Nics, 1 bhyve and a jail cell</a></li>
42087 <li>Thomas - <a href="http://dpaste.com/3SFM1YP#wrap">Deep Dive</a></li>
42088 <li>Morgan - <a href="http://dpaste.com/07EK4RK#wrap">Send/Receive to Manage Fragmentation?</a></li>
42089 <li>Dominik - <a href="http://dpaste.com/0SZJ0V4#wrap">hierarchical jails -> networking</a></li>
42090 </ul>
42091
42092 <p><hr></p>
42093
42094 <ul>
42095 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
42096 </ul>
42097
42098 <p><hr></p>]]>
42099 </content:encoded>
42100 <itunes:summary>
42101 <![CDATA[<p>We report from our experiences at EuroBSDcon, disenchant software, LLVM 7.0.0 has been released, Thinkpad BIOS update options, HardenedBSD Foundation announced, and ZFS send vs. rsync.</p>
42102
42103 <p>##Headlines</p>
42104
42105 <p>###[FreeBSD DevSummit & EuroBSDcon 2018 in Romania]</p>
42106
42107 <ul>
42108 <li>Your hosts are back from EuroBSDcon 2018 held in Bucharest, Romania this year. The first two days of the conference are used for tutorials and devsummits (FreeBSD and NetBSD), while the last two are for talks.</li>
42109 <li>Although Benedict organized the devsummit in large parts, he did not attend it this year. He held his Ansible tutorial in the morning of the first day, followed by Niclas Zeising’s new ports and poudriere tutorial (which had a record attendance). It was intended for beginners that had never used poudriere before and those who wanted to create their first port. The tutorial was well received and Niclas already has ideas for extending it for future conferences.</li>
42110 <li>On the second day, Benedict took Kirk McKusick’s “An Introduction to the FreeBSD Open-Source Operating System” tutorial, held as a one full day class this year. Although it was reduced in content, it went into enough depth of many areas of the kernel and operating system to spark many questions from attendees. Clearly, this is a good start into kernel programming as Kirk provides enough material and backstories to understand why certain things are implemented as they are.</li>
42111 <li>Olivier Robert took [<a href="https://www.talegraph.com/tales/l2o9ltrvsE">https://www.talegraph.com/tales/l2o9ltrvsE</a>](pictures from the devsummit) and created a nice gallery out of it.</li>
42112 <li>Devsummit evenings saw dinners at two restaurants that allowed developers to spend some time talking over food and drinks.</li>
42113 <li>The conference opened on the next day with the opening session held by Mihai Carabas. He introduced the first keynote speaker, a colleague of his who presented “Lightweight virtualization with LightVM and Unikraft”.</li>
42114 <li>Benedict helped out at the FreeBSD Foundation sponsor table and talked to people. He saw the following talks in between:</li>
42115 </ul>
42116
42117 <blockquote>
42118 <p>Selfhosting as an alternative to the public cloud (by Albert Dengg)<br>
42119 Using Boot Environments at Scale (by Allan Jude)<br>
42120 Livepatching FreeBSD kernel (by Maciej Grochowski)<br>
42121 FreeBSD: What to (Not) Monitor (by Andrew Fengler)<br>
42122 FreeBSD Graphics (by Niclas Zeising)</p>
42123 </blockquote>
42124
42125 <ul>
42126 <li>Allan spent a lot of time talking to people and helping track down issues they were having, in addition to attending many talks:
42127 <blockquote>
42128 <p>Hacking together a FreeBSD presentation streaming box – For as little as possible (by Tom Jones)<br>
42129 Introduction of FreeBSD in new environments (by Baptiste Daroussin)<br>
42130 Keynote: Some computing and networking historical perspectives (by Ron Broersma)<br>
42131 Livepatching FreeBSD kernel (by Maciej Grochowski)<br>
42132 FreeBSD: What to (Not) Monitor (by Andrew Fengler)<br>
42133 Being a BSD user (by Roller Angel)<br>
42134 From “Hello World” to the VFS Layer: building a beadm for DragonFly BSD (by Michael Voight)</p>
42135 </blockquote>
42136 </li>
42137 <li>We also met the winner of our Power Bagel raffle from <a href="http://www.bsdnow.tv/episodes/2018_07_25-2_8_because_computers">Episode 2^8</a>. He received the item in the meantime and had it with him at the conference, providing a power outlet to charge other people’s devices.</li>
42138 <li>During the closing session, <a href="https://twitter.com/groffthebsdgoat">GroffTheBSDGoat</a> was handed over to Deb Goodkin, who will bring the little guy to the <a href="https://ghc.anitab.org/">Grace Hopper Celebration of Women in Computing conference</a> and then to <a href="http://meetbsd.com">MeetBSD</a> later this year. It was also revealed that next year’s EuroBSDcon will be held in Lillehammer, Norway.</li>
42139 <li>Thanks to all the speakers, helpers, sponsors, organizers, and attendees for making it a successful conferences. There were no talks recorded this year, but the slides will be uploaded to the <a href="http://eurobsdcon.org">EuroBSDcon website</a> in a couple of weeks. The <a href="https://www.openbsd.org/events.html#eurobsdcon2018">OpenBSD talks</a> are already available, so check them out.</li>
42140 </ul>
42141
42142 <p>###<a href="http://tonsky.me/blog/disenchantment/">Software disenchantment</a></p>
42143
42144 <blockquote>
42145 <p>I’ve been programming for 15 years now. Recently our industry’s lack of care for efficiency, simplicity, and excellence started really getting to me, to the point of me getting depressed by my own career and the IT in general.<br>
42146 Modern cars work, let’s say for the sake of argument, at 98% of what’s physically possible with the current engine design. Modern buildings use just enough material to fulfill their function and stay safe under the given conditions. All planes converged to the optimal size/form/load and basically look the same.<br>
42147 Only in software, it’s fine if a program runs at 1% or even 0.01% of the possible performance. Everybody just seems to be ok with it. People are often even proud about how much inefficient it is, as in “why should we worry, computers are fast enough”:<br>
42148 @tveastman: I have a Python program I run every day, it takes 1.5 seconds. I spent six hours re-writing it in rust, now it takes 0.06 seconds. That efficiency improvement means I’ll make my time back in 41 years, 24 days :-)<br>
42149 You’ve probably heard this mantra: “programmer time is more expensive than computer time”. What it means basically is that we’re wasting computers at an unprecedented scale. Would you buy a car if it eats 100 liters per 100 kilometers? How about 1000 liters? With computers, we do that all the time.</p>
42150 </blockquote>
42151
42152 <ul>
42153 <li>Everything is unbearably slow</li>
42154 </ul>
42155
42156 <blockquote>
42157 <p>Look around: our portable computers are thousands of times more powerful than the ones that brought man to the moon. Yet every other webpage struggles to maintain a smooth 60fps scroll on the latest top-of-the-line MacBook Pro. I can comfortably play games, watch 4K videos but not scroll web pages? How is it ok?<br>
42158 Google Inbox, a web app written by Google, running in Chrome browser also by Google, takes 13 seconds to open moderately-sized emails:<br>
42159 It also animates empty white boxes instead of showing their content because it’s the only way anything can be animated on a webpage with decent performance. No, decent doesn’t mean 60fps, it’s rather “as fast as this web page could possibly go”. I’m dying to see web community answer when 120Hz displays become mainstream. Shit barely hits 60Hz already.<br>
42160 Windows 10 takes 30 minutes to update. What could it possibly be doing for that long? That much time is enough to fully format my SSD drive, download a fresh build and install it like 5 times in a row.<br>
42161 Pavel Fatin: Typing in editor is a relatively simple process, so even 286 PCs were able to provide a rather fluid typing experience.<br>
42162 Modern text editors have higher latency than 42-year-old Emacs. Text editors! What can be simpler? On each keystroke, all you have to do is update tiny rectangular region and modern text editors can’t do that in 16ms. It’s a lot of time. A LOT. A 3D game can fill the whole screen with hundreds of thousands (!!!) of polygons in the same 16ms and also process input, recalculate the world and dynamically load/unload resources. How come?<br>
42163 As a general trend, we’re not getting faster software with more features. We’re getting faster hardware that runs slower software with the same features. Everything works way below the possible speed. Ever wonder why your phone needs 30 to 60 seconds to boot? Why can’t it boot, say, in one second? There are no physical limitations to that. I would love to see that. I would love to see limits reached and explored, utilizing every last bit of performance we can get for something meaningful in a meaningful way.</p>
42164 </blockquote>
42165
42166 <ul>
42167 <li>Everything is HUUUUGE</li>
42168 </ul>
42169
42170 <blockquote>
42171 <p>And then there’s bloat. Web apps could open up to 10× faster if you just simply block all ads. Google begs everyone to stop shooting themselves in their feet with AMP initiative—a technology solution to a problem that doesn’t need any technology, just a little bit of common sense. If you remove bloat, the web becomes crazy fast. How smart do you have to be to understand that?<br>
42172 Android system with no apps takes almost 6 Gb. Just think for a second how obscenely HUGE that number is. What’s in there, HD movies? I guess it’s basically code: kernel, drivers. Some string and resources too, sure, but those can’t be big. So, how many drivers do you need for a phone?<br>
42173 Windows 95 was 30Mb. Today we have web pages heavier than that! Windows 10 is 4Gb, which is 133 times as big. But is it 133 times as superior? I mean, functionally they are basically the same. Yes, we have Cortana, but I doubt it takes 3970 Mb. But whatever Windows 10 is, is Android really 150% of that?<br>
42174 Google keyboard app routinely eats 150 Mb. Is an app that draws 30 keys on a screen really five times more complex than the whole Windows 95? Google app, which is basically just a package for Google Web Search, is 350 Mb! Google Play Services, which I do not use (I don’t buy books, music or videos there)—300 Mb that just sit there and which I’m unable to delete.<br>
42175 All that leaves me around 1 Gb for my photos after I install all the essential (social, chats, maps, taxi, banks etc) apps. And that’s with no games and no music at all! Remember times when an OS, apps and all your data fit on a floppy?<br>
42176 Your desktop todo app is probably written in Electron and thus has userland driver for Xbox 360 controller in it, can render 3d graphics and play audio and take photos with your web camera.<br>
42177 A simple text chat is notorious for its load speed and memory consumption. Yes, you really have to count Slack in as a resource-heavy application. I mean, chatroom and barebones text editor, those are supposed to be two of the less demanding apps in the whole world. Welcome to 2018.<br>
42178 At least it works, you might say. Well, bigger doesn’t imply better. Bigger means someone has lost control. Bigger means we don’t know what’s going on. Bigger means complexity tax, performance tax, reliability tax. This is not the norm and should not become the norm. Overweight apps should mean a red flag. They should mean run away scared.</p>
42179 </blockquote>
42180
42181 <ul>
42182 <li>Better world manifesto</li>
42183 </ul>
42184
42185 <blockquote>
42186 <p>I want to see progress. I want change. I want state-of-the-art in software engineering to improve, not just stand still. I don’t want to reinvent the same stuff over and over, less performant and more bloated each time. I want something to believe in, a worthy end goal, a future better than what we have today, and I want a community of engineers who share that vision.<br>
42187 What we have today is not progress. We barely meet business goals with poor tools applied over the top. We’re stuck in local optima and nobody wants to move out. It’s not even a good place, it’s bloated and inefficient. We just somehow got used to it.<br>
42188 So I want to call it out: where we are today is bullshit. As engineers, we can, and should, and will do better. We can have better tools, we can build better apps, faster, more predictable, more reliable, using fewer resources (orders of magnitude fewer!). We need to understand deeply what are we doing and why. We need to deliver: reliably, predictably, with topmost quality. We can—and should–take pride in our work. Not just “given what we had…”—no buts!<br>
42189 I hope I’m not alone at this. I hope there are people out there who want to do the same. I’d appreciate if we at least start talking about how absurdly bad our current situation in the software industry is. And then we maybe figure out how to get out.</p>
42190 </blockquote>
42191
42192 <p><hr></p>
42193
42194 <p>##News Roundup<br>
42195 ###<a href="https://lists.llvm.org/pipermail/llvm-announce/2018-September/000080.html">[llvm-announce] LLVM 7.0.0 Release</a></p>
42196
42197 <pre><code>I am pleased to announce that LLVM 7 is now available.
42198
42199 Get it here: https://llvm.org/releases/download.html#7.0.0
42200
42201 The release contains the work on trunk up to SVN revision 338536 plus
42202 work on the release branch. It is the result of the community's work
42203 over the past six months, including: function multiversioning in Clang
42204 with the 'target' attribute for ELF-based x86/x86_64 targets, improved
42205 PCH support in clang-cl, preliminary DWARF v5 support, basic support
42206 for OpenMP 4.5 offloading to NVPTX, OpenCL C++ support, MSan, X-Ray
42207 and libFuzzer support for FreeBSD, early UBSan, X-Ray and libFuzzer
42208 support for OpenBSD, UBSan checks for implicit conversions, many
42209 long-tail compatibility issues fixed in lld which is now production
42210 ready for ELF, COFF and MinGW, new tools llvm-exegesis, llvm-mca and
42211 diagtool. And as usual, many optimizations, improved diagnostics, and
42212 bug fixes.
42213
42214 For more details, see the release notes:
42215 https://llvm.org/releases/7.0.0/docs/ReleaseNotes.html
42216 https://llvm.org/releases/7.0.0/tools/clang/docs/ReleaseNotes.html
42217 https://llvm.org/releases/7.0.0/tools/clang/tools/extra/docs/ReleaseNotes.html
42218 https://llvm.org/releases/7.0.0/tools/lld/docs/ReleaseNotes.html
42219
42220 Thanks to everyone who helped with filing, fixing, and code reviewing
42221 for the release-blocking bugs!
42222
42223 Special thanks to the release testers and packagers: Bero
42224 Rosenkränzer, Brian Cain, Dimitry Andric, Jonas Hahnfeld, Lei Huang
42225 Michał Górny, Sylvestre Ledru, Takumi Nakamura, and Vedant Kumar.
42226
42227 For questions or comments about the release, please contact the
42228 community on the mailing lists. Onwards to LLVM 8!
42229
42230 Cheers,
42231 Hans
42232 </code></pre>
42233
42234 <p><hr></p>
42235
42236 <p>###<a href="https://blog.raveland.org/post/thinkpad_update_bios/">Update your Thinkpad’s bios with Linux or OpenBSD</a></p>
42237
42238 <ul>
42239 <li>Get your new bios</li>
42240 </ul>
42241
42242 <blockquote>
42243 <p>At first, go to the Lenovo website and download your new bios:</p>
42244 </blockquote>
42245
42246 <ul>
42247 <li>Go to lenovo support</li>
42248 <li>Use the search bar to find your product (example for me, x270)</li>
42249 <li>Choose the right product (if necessary) and click search</li>
42250 <li>On the right side, click on Update Your System</li>
42251 <li>Click on BIOS/UEFI</li>
42252 <li>Choose *BIOS Update (Bootable CD) for Windows *</li>
42253 <li>Download</li>
42254 </ul>
42255
42256 <blockquote>
42257 <p>For me the file is called like this : r0iuj25wd.iso</p>
42258 </blockquote>
42259
42260 <ul>
42261 <li>Extract bios update</li>
42262 </ul>
42263
42264 <blockquote>
42265 <p>Now you will need to install geteltorito.</p>
42266 </blockquote>
42267
42268 <ul>
42269 <li>With OpenBSD:</li>
42270 </ul>
42271
42272 <p><code>$ doas pkg_add geteltorito</code><br>
42273 <code>quirks-3.7 signed on 2018-09-09T13:15:19Z</code><br>
42274 <code>geteltorito-0.6: ok</code></p>
42275
42276 <ul>
42277 <li>With Debian:</li>
42278 </ul>
42279
42280 <p><code>$ sudo apt-get install genisoimage</code></p>
42281
42282 <ul>
42283 <li>Now we will extract the bios update :</li>
42284 </ul>
42285
42286 <p><code>$ geteltorito -o bios_update.img r0iuj25wd.iso</code><br>
42287 <code>Booting catalog starts at sector: 20</code><br>
42288 <code>Manufacturer of CD: NERO BURNING ROM VER 12</code><br>
42289 <code>Image architecture: x86</code><br>
42290 <code>Boot media type is: harddisk</code><br>
42291 <code>El Torito image starts at sector 27 and has 43008 sector(s) of 512 Bytes</code><br>
42292 <code></code><br>
42293 <code>Image has been written to file "bios_update.img".</code><br>
42294 <code>This will create a file called bios_update.img.</code></p>
42295
42296 <ul>
42297 <li>Put the image on an USB key</li>
42298 <li>CAREFULL : on my computer, my USB key is sda1 on Linux and sd1 on OpenBSD.</li>
42299 </ul>
42300
42301 <blockquote>
42302 <p>Please check twice on your computer the name of your USB key.</p>
42303 </blockquote>
42304
42305 <ul>
42306 <li>With OpenBSD :</li>
42307 </ul>
42308
42309 <p><code>$ doas dd if=bios_update.img of=/dev/rsd1c</code></p>
42310
42311 <ul>
42312 <li>With Linux :</li>
42313 </ul>
42314
42315 <p><code>$ sudo dd if=bios_update.img of=/dev/sda</code></p>
42316
42317 <blockquote>
42318 <p>Now all you need is to reboot, to boot on your USB key and follow the instructions. Enjoy 😉</p>
42319 </blockquote>
42320
42321 <p><hr></p>
42322
42323 <p>###<a href="https://hardenedbsd.org/article/shawn-webb/2018-09-17/announcing-hardenedbsd-foundation">Announcing The HardenedBSD Foundation</a></p>
42324
42325 <blockquote>
42326 <p>In June of 2018, we announced our intent to become a not-for-profit, tax-exempt 501©(3) organization in the United States. It took a dedicated team months of work behind-the-scenes to make that happen. On 06 September 2018, HardenedBSD Foundation Corp was granted 501©(3) status, from which point all US-based persons making donations can deduct the donation from their taxes.<br>
42327 We are grateful for those who contribute to HardenedBSD in whatever way they can. Thank you for making HardenedBSD possible. We look forward to a bright future, driven by a helpful and positive community.</p>
42328 </blockquote>
42329
42330 <p><hr></p>
42331
42332 <p>###<a href="https://utcc.utoronto.ca/~cks/space/blog/solaris/ZFSSendRecvVsRsync">How you migrate ZFS filesystems matters</a></p>
42333
42334 <blockquote>
42335 <p>If you want to move a ZFS filesystem around from one host to another, you have two general approaches; you can use ‘zfs send’ and ‘zfs receive’, or you can use a user level copying tool such as rsync (or ‘tar -cf | tar -xf’, or any number of similar options). Until recently, I had considered these two approaches to be more or less equivalent apart from their convenience and speed (which generally tilted in favour of ‘zfs send’). It turns out that this is not necessarily the case and there are situations where you will want one instead of the other.<br>
42336 We have had two generations of ZFS fileservers so far, the Solaris ones and the OmniOS ones. When we moved from the first generation to the second generation, we migrated filesystems across using ‘zfs send’, including the filesystem with my home directory in it (we did this for various reasons). Recently I discovered that some old things in my filesystem didn’t have file type information in their directory entries. ZFS has been adding file type information to directories for a long time, but not quite as long as my home directory has been on ZFS.<br>
42337 This illustrates an important difference between the ‘zfs send’ approach and the rsync approach, which is that zfs send doesn’t update or change at least some ZFS on-disk data structures, in the way that re-writing them from scratch from user level does. There are both positives and negatives to this, and a certain amount of rewriting does happen even in the ‘zfs send’ case (for example, all of the block pointers get changed, and ZFS will re-compress your data as applicable).<br>
42338 I knew that in theory you had to copy things at the user level if you wanted to make sure that your ZFS filesystem and everything in it was fully up to date with the latest ZFS features. But I didn’t expect to hit a situation where it mattered in practice until, well, I did. Now I suspect that old files on our old filesystems may be partially missing a number of things, and I’m wondering how much of the various changes in ‘zfs upgrade -v’ apply even to old data.<br>
42339 (I’d run into this sort of general thing before when I looked into ext3 to ext4 conversion on Linux.)<br>
42340 With all that said, I doubt this will change our plans for migrating our ZFS filesystems in the future (to our third generation fileservers). ZFS sending and receiving is just too convenient, too fast and too reliable to give up. Rsync isn’t bad, but it’s not the same, and so we only use it when we have to (when we’re moving only some of the people in a filesystem instead of all of them, for example).<br>
42341 PS: I was going to try to say something about what ‘zfs send’ did and didn’t update, but having looked briefly at the code I’ve concluded that I need to do more research before running my keyboard off. In the mean time, you can read the OpenZFS wiki page on ZFS send and receive, which has plenty of juicy technical details.<br>
42342 PPS: Since eliminating all-zero blocks is a form of compression, you can turn zero-filled files into sparse files through a ZFS send/receive if the destination has compression enabled. As far as I know, genuine sparse files on the source will stay sparse through a ZFS send/receive even if they’re sent to a destination with compression off.</p>
42343 </blockquote>
42344
42345 <p><hr></p>
42346
42347 <p>##Beastie Bits</p>
42348
42349 <ul>
42350 <li><a href="https://www.meetup.com/BSD-Users-Stockholm/events/254235663/">BSD Users Stockholm Meetup #4: Tuesday, November 13, 2018 at 18:00</a></li>
42351 <li><a href="https://bsd-pl.org/en">BSD Poland User Group: Next Meeting: October 11, 2018, 18:15 - 21:15 at Warsaw University of Technology</a></li>
42352 <li><a href="https://undeadly.org/cgi?action=article;sid=20180915112028">n2k18 Hackathon report: Ken Westerback (krw@) on disklabel(8) work, dhclient(8) progress</a></li>
42353 <li><a href="https://lists.xenproject.org/archives/html/mirageos-devel/2018-09/msg00013.html">Running MirageOS Unikernels on OpenBSD in vmm (Now Works)</a></li>
42354 <li><a href="https://undeadly.org/cgi?action=article;sid=20180910070407">vmm(4) gets support for qcow2</a></li>
42355 <li><a href="https://oshogbo.vexillium.org/blog/52/">MeetBSD and SecurityBsides</a></li>
42356 <li><a href="https://twitter.com/cperciva/status/1041433506453155840">Colin Percival reduced FreeBSD startup time from 10627ms (11.2) to 4738ms (12.0)</a></li>
42357 <li><a href="https://lists.freebsd.org/pipermail/freebsd-announce/2018-September/001842.html">FreeBSD 11.1 end-of-life</a></li>
42358 <li><a href="https://www.meetup.com/KnoxBUG-BSD-Linux-and-FOSS-Users-Unite/events/254759084">KnoxBug: Monday, October 1, 2018 at 18:00: Real-world Performance Advantages of NVDIMM and NVMe: Case Study with OpenZFS</a></li>
42359 </ul>
42360
42361 <p><hr></p>
42362
42363 <p>##Feedback/Questions</p>
42364
42365 <ul>
42366 <li>Todd - <a href="http://dpaste.com/2QZEZPA">2 Nics, 1 bhyve and a jail cell</a></li>
42367 <li>Thomas - <a href="http://dpaste.com/3SFM1YP#wrap">Deep Dive</a></li>
42368 <li>Morgan - <a href="http://dpaste.com/07EK4RK#wrap">Send/Receive to Manage Fragmentation?</a></li>
42369 <li>Dominik - <a href="http://dpaste.com/0SZJ0V4#wrap">hierarchical jails -> networking</a></li>
42370 </ul>
42371
42372 <p><hr></p>
42373
42374 <ul>
42375 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
42376 </ul>
42377
42378 <p><hr></p>]]>
42379 </itunes:summary>
42380 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+_ZKTIDUu</fireside:playerURL>
42381 <fireside:playerEmbedCode>
42382 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+_ZKTIDUu" width="740" height="200" frameborder="0" scrolling="no">]]>
42383 </fireside:playerEmbedCode>
42384 </item>
42385 <item>
42386 <title>Episode 264: Optimized-out | BSD Now 264</title>
42387 <link>https://www.bsdnow.tv/264</link>
42388 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-2594</guid>
42389 <pubDate>Wed, 19 Sep 2018 22:00:00 -0700</pubDate>
42390 <author>Allan Jude</author>
42391 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/870be997-e69a-4290-b287-0465a463522d.mp3" length="43367569" type="audio/mp3"/>
42392 <itunes:episodeType>full</itunes:episodeType>
42393 <itunes:author>Allan Jude</itunes:author>
42394 <itunes:subtitle>FreeBSD and DragonflyBSD benchmarks on AMD’s Threadripper, NetBSD 7.2 has been released, optimized out DTrace kernel symbols, stuck UEFI bootloaders, why ed is not a good editor today, tell your BSD story, and more.</itunes:subtitle>
42395 <itunes:duration>1:11:58</itunes:duration>
42396 <itunes:explicit>no</itunes:explicit>
42397 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
42398 <description>FreeBSD and DragonflyBSD benchmarks on AMD’s Threadripper, NetBSD 7.2 has been released, optimized out DTrace kernel symbols, stuck UEFI bootloaders, why ed is not a good editor today, tell your BSD story, and more.
42399 <p>##Headlines<br>
42400 <a href="https://www.phoronix.com/scan.php?page=article&amp;item=bsd-threadripper-2990wx&amp;num=1">FreeBSD &amp; DragonFlyBSD Put Up A Strong Fight On AMD’s Threadripper 2990WX, Benchmarks Against Linux</a></p>
42401 <blockquote>
42402 <p>The past two weeks I have been delivering a great deal of AMD Threadripper 2990WX benchmarks on Linux as well as some against Windows and Windows Server. But recently I got around to trying out some of the BSD operating systems on this 32-core / 64-thread processor to see how they would run and to see whether they would have similar scaling issues or not like we’ve seen on the Windows side against Linux. In this article are FreeBSD and DragonFlyBSD benchmarks with the X399 + 2990WX compared to a few Linux distributions.<br>
42403 The BSDs I focused my testing on were FreeBSD 11.2-STABLE and 12.0-CURRENT/ALPHA1 (the version in development) as well as iX System’s TrueOS that is tracking FreeBSD 12.0-CURRENT. Also included were DragonFlyBSD, with FreeBSD and DragonFlyBSD being tied as my favorite operating systems when it comes to the BSDs. When it came to FreeBSD 11.2-STABLE and 12.0-ALPHA1 on the Threadripper 2990WX, it worked out surprisingly well. I encountered no real issues during my two days of benchmarking on FreeBSD (and TrueOS). It was a great experience and FreeBSD was happy to exploit the 64 threads on the system.<br>
42404 DragonFlyBSD was a bit of a different story… Last week when I started this BSD testing I tried DragonFly 5.2.2 as the latest stable release as well as a DragonFlyBSD 5.3 development snapshot from last week: both failed to boot in either BIOS or UEFI modes.<br>
42405 But then a few days ago DragonFlyBSD lead developer Matthew Dillon bought himself a 2990WX platform. He made the necessary changes to get DragonFlyBSD 5.3 working and he ended up finding really great performance and potential out of the platform. So I tried the latest DragonFlyBSD 5.3 daily ISO on 22 August and indeed it now booted successfully and we were off to the races. Thus there are some DragonFlyBSD 5.3 benchmarks included in this article too.<br>
42406 Just hours ago, Matthew Dillon landed some 2990WX topology and scheduler enhancements but that fell out of the scope of when DragonFly was installed on this system. But over the weekend or so I plan to re-test DragonFlyBSD 5.3 and see how those optimizations affect the overall 2990WX performance now on that BSD. DragonFlyBSD 5.4 stable should certainly be an interesting release on several fronts!<br>
42407 With FreeBSD 11.2-STABLE and 12.0-ALPHA1 I ran benchmarks when using their stock compiler (LLVM Clang 6.0) as well as GCC 7.3 obtained via GCC 7.3. That was done to rule out compiler differences in benchmarking against the GCC-based Linux distributions. On DragonFlyBSD 5.3 it defaults to the GCC 5.4.1 but via pkg I also did a secondary run when upgraded to GCC 7.3.<br>
42408 The hardware and BIOS/UEFI settings were maintained the same throughout the entire benchmarking process. The system was made up of the AMD Ryzen Threadripper 2990WX at stock speeds, the ASUS ROG ZENITH EXTREME motherboard, 4 x 8GB DDR4-3200MHz memory, Samsung 970 EVO 500GB NVMe SSD, and Radeon RX Vega 56 graphics card.<br>
42409 All of these Linux vs. BSD benchmarks were carried out in a fully-automated and reproducible manner using the open-source Phoronix Test Suite benchmarking framework.<br>
42410 While for the last of today’s BSD vs. Linux benchmarking on the Threadripper 2990WX, the Linux distributions came out slightly ahead of FreeBSD and DragonFlyBSD with GCC (another test having issues with Clang 6.0 on the BSDs).<br>
42411 Overall, I was quite taken away by the BSD performance on the Threadripper 2990WX – particularly FreeBSD. In a surprising number of benchmarks, the BSDs were outperforming the tested Linux distributions though often by incredibly thin margins. Still, quite an accomplishment for these BSD operating systems and considering how much better Linux is already doing than Windows 10 / Windows Server on this 32-core / 64-thread processor. Then again, the BSDs like Linux have a long history of running on high core/thread-count systems, super computers, and other HPC environments.<br>
42412 It will be interesting to see how much faster DragonFlyBSD can run given today’s commit to its kernel with scheduler and topology improvements for the 2990WX. Those additional DragonFlyBSD benchmarks will be published in the coming days once they are completed.</p>
42413 </blockquote>
42414 <hr>
42415 <p>###<a href="https://www.netbsd.org/releases/formal-7/NetBSD-7.2.html">NetBSD 7.2 released</a></p>
42416 <blockquote>
42417 <p>The NetBSD Project is pleased to announce NetBSD 7.2, the second feature update of the NetBSD 7 release branch. It represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements.</p>
42418 </blockquote>
42419 <ul>
42420 <li>General Security Note</li>
42421 </ul>
42422 <p><code>The NetBSD 7.2 release is a maintenance release of the netbsd-7 branch, which had it's first major release, NetBSD 7.0 in September 2015. A lot of security features have been added to later NetBSD versions, and for new installations we highly recommend using our latest release, NetBSD 8.0 instead.</code></p>
42423 <ul>
42424 <li>Some highlights of the 7.2 release are:</li>
42425 <li>Support for USB 3.0.</li>
42426 <li>Enhancements to the Linux emulation subsystem.</li>
42427 <li>Fixes in binary compatibility for ancient NetBSD executables.</li>
42428 <li>iwm(4) driver for Intel Wireless 726x, 316x, 826x and 416x series added.</li>
42429 <li>Support for Raspberry Pi 3 added.</li>
42430 <li>Fix interrupt setup on Hyper-V VMs with Legacy Network Adapter.</li>
42431 <li>SVR4 and IBCS2 compatibility subsystems have been disabled by default (besides IBCS2 on VAX). These subsystems also do not auto-load their modules any more.</li>
42432 <li>Various USB stability enhancements.</li>
42433 <li>Numerous bug fixes and stability improvements.</li>
42434 </ul>
42435 <blockquote>
42436 <p>Complete source and binaries for NetBSD 7.2 are available for download at many sites around the world. A list of download sites providing FTP, AnonCVS, SUP, and other services may be found at <a href="https://www.NetBSD.org/mirrors/">https://www.NetBSD.org/mirrors/</a>. We encourage users who wish to install via ISO or USB disk images to download via BitTorrent by using the torrent files supplied in the images area. A list of hashes for the NetBSD 7.2 distribution has been signed with the well-connected PGP key for the NetBSD Security Officer: <a href="https://cdn.NetBSD.org/pub/NetBSD/security/hashes/NetBSD-7.2_hashes.asc">https://cdn.NetBSD.org/pub/NetBSD/security/hashes/NetBSD-7.2_hashes.asc</a><br>
42437 NetBSD is free. All of the code is under non-restrictive licenses, and may be used without paying royalties to anyone. Free support services are available via our mailing lists and website. Commercial support is available from a variety of sources. More extensive information on NetBSD is available from our website:</p>
42438 </blockquote>
42439 <hr>
42440 <p>##News Roundup<br>
42441 <a href="https://farhan.codes/2018/08/16/including-optimized-out-kernel-symbols-in-dtrace-on-freebsd/">Including optimized-out kernel symbols in dtrace on FreeBSD</a></p>
42442 <blockquote>
42443 <p>Have you ever had dtrace(1) on FreeBSD fail to list a probe that should exist in the kernel? This is because Clang will optimize-out some functions. The result is ctfconvert(1) will not generate debugging symbols that dtrace(1) uses to identify probes. I have a quick solution to getting those probes visible to dtrace(1).</p>
42444 </blockquote>
42445 <blockquote>
42446 <p>In my case, I was trying to instrument on ieee80211_ioctl_get80211, whose sister function ieee80211_ioctl_set80211 has a dtrace(1) probe in the generic FreeBSD 11 and 12 kernels. Both functions are located in /usr/src/sys/net80211/ieee80211_ioctl.c.</p>
42447 </blockquote>
42448 <blockquote>
42449 <p>My first attempt was to add to /etc/make.conf as follows and recompile the kernel.</p>
42450 </blockquote>
42451 <p><code>CFLAGS+=-O0 and -fno-inline-functions</code></p>
42452 <blockquote>
42453 <p>This failed to produce the dtrace(1) probe. Several other attempts failed and I was getting inconsistent compilation results (Is it me or is ieee80211_ioctl.c compiled with different flags if NO_CLEAN=1 is set?). When I manually compiled the object file by copying the compilation line for the object file and adding -O0 -fno-inline-functions, nm(1) on both the object file and kernel demonstrated that the symbol was present. I installed the kernel, rebooted and it was listed as a dtrace probe. Great!</p>
42454 </blockquote>
42455 <blockquote>
42456 <p>But as I continued to debug my WiFi driver (oh yeah, I’m very slowly extending rtwn(4)), I found myself rebuilding the kernel several times and frequently rebooting. Why not do this across the entire kernel?</p>
42457 </blockquote>
42458 <blockquote>
42459 <p>After hacking around, my solution was to modify the build scripts. My solution was to edit /usr/src/sys/conf/kern.pre.mk and modify all optimization level 2 to optimization level 0. The following is my diff(1) on FreeBSD 12.0-CURRENT.</p>
42460 </blockquote>
42461 <ul>
42462 <li>A few thoughts:</li>
42463 </ul>
42464 <blockquote>
42465 <p>This seems like a hack rather than a long-term solution. Either the problem is with the hard-coded optimization flags, or the inability to overwrite them in all places in make.conf.<br>
42466 Removing optimizations is only something I would do in a non-production kernel, so its as if I have to choose between optimizations for a production kernel or having dtrace probes. But dtrace explicitly markets itself as not impactful on production.<br>
42467 Using the dtrace pony as your featured image on WordPress does not render properly and must be rotated and modified. Blame Bryan Cantrill.<br>
42468 If you have a better solution, please let me know and I will update the article, but this works for me!</p>
42469 </blockquote>
42470 <hr>
42471 <p>###<a href="https://www.neelc.org/freebsd-uefi-on-asus-motherboards/">FreeBSD: UEFI Bootloader stuck on BootCurrent/BootOrder/BootInfo on Asus Motherboards (and fix!)</a></p>
42472 <blockquote>
42473 <p>Starting with FreeBSD CURRENT from about a few weeks of posting date, but including FreeBSD 12 alpha releases (not related to DEC Alpha), I noticed one thing: When I boot FreeBSD from UEFI on a homebuilt desktop with a Asus H87M-E motherboard, and have Root on ZFS, the bootloader gets stuck on lines like BootCurrent, BootOrder, and BootInfo. This issue occurs when I try to boot directly to efi\boot\bootx64.efi.</p>
42474 </blockquote>
42475 <blockquote>
42476 <p>One person had a similar issue on a Asus H87I-PLUS motherboard. This issue may or may not exist on other Asus motherboards, desktops, or laptops. This may be specific to Asus motherboards for Intel’s Haswell, but may also exist on newer systems (e.g. Skylake) or older (e.g. Ivy Bridge) with Asus motherboards, as well as Asus desktops or laptops.</p>
42477 </blockquote>
42478 <ul>
42479 <li>There are two solutions to this problem:</li>
42480 <li>Use Legacy BIOS mode instead of UEFI mode</li>
42481 <li>Install a FreeBSD UEFI Boot entry</li>
42482 </ul>
42483 <blockquote>
42484 <p>Keep in mind that I am not going to talk about this issue and third-party UEFI boot managers such as rEFInd here.<br>
42485 The first option is rather straightforward: you need to make sure your computer has “Secure Boot” disabled and “Legacy Boot” or “CSM” enabled. Then, you need to make sure FreeBSD is installed in BIOS mode. However, this solution is (in my opinion) suboptimal. Why? Because:<br>
42486 You won’t be able to use hard drives bigger than 2TB<br>
42487 You are limited to MBR Partitioning on Asus motherboards with UEFI as Asus motherboards refuse to boot GPT partitioned disks in BIOS mode<br>
42488 Legacy BIOS mode may not exist on future computers or motherboards (although those systems may not have this issue, and this issue may get fixed by then)<br>
42489 The second option, however, is less straightforward, but will let you keep UEFI. Many UEFI systems, including affected Asus motherboards described here, include a boot manager built into the UEFI. FreeBSD includes a tool called efibootmgr to manage this, similar to the similarly-named tool in Linux, but with a different syntax.</p>
42490 </blockquote>
42491 <hr>
42492 <p>###<a href="https://utcc.utoronto.ca/~cks/space/blog/unix/EdNoLongerGoodEditor">Why ed(1) is not a good editor today</a></p>
42493 <blockquote>
42494 <p>I’ll start with my tweet:</p>
42495 </blockquote>
42496 <p><code>Heretical Unix opinion time: ed(1) may be the 'standard Unix editor', but it is not a particularly good editor outside of a limited environment that almost never applies today.</code></p>
42497 <blockquote>
42498 <p>There is a certain portion of Unixdom that really likes ed(1), the ‘standard Unix editor’. Having actually used ed for a not insignificant amount of time (although it was the friendlier ‘UofT ed’ variant), I have some reactions to what I feel is sometimes overzealous praise of it. One of these is what I tweeted.<br>
42499 The fundamental limitation of ed is that it is what I call an indirect manipulation interface, in contrast to the explicit manipulation interfaces of screen editors like vi and graphical editors like sam (which are generally lumped together as ‘visual’ editors, so called because they actually show you the text you’re editing). When you edit text in ed, you have some problems that you don’t have in visual editors; you have to maintain in your head the context of what the text looks like (and where you are in it), you have to figure out how to address portions of that text in order to modify them, and finally you have to think about how your edit commands will change the context. Copious use of ed’s p command can help with the first problem, but nothing really deals with the other two. In order to use ed, you basically have to simulate parts of ed in your head.<br>
42500 Ed is a great editor in situations where the editor explicitly presenting this context is a very expensive or outright impossible operation. Ed works great on real teletypes, for example, or over extremely slow links where you want to send and receive as little data as possible (and on real teletypes you have some amount of context in the form of an actual printout that you can look back at). Back in the old days of Unix, this described a fairly large number of situations; you had actual teletypes, you had slow dialup links (and later slow, high latency network links), and you had slow and heavily overloaded systems.<br>
42501 However, that’s no longer the situation today (at least almost all of the time). Modern systems and links can easily support visual editors that continually show you the context of the text and generally let you more or less directly manipulate it (whether that is through cursoring around it or using a mouse). Such editors are easier and faster to use, and they leave you with more brainpower free to think about things like the program you’re writing (which is the important thing).<br>
42502 If you can use a visual editor, ed is not a particularly good editor to use instead; you will probably spend a lot of effort (and some amount of time) on doing by hand something that the visual editor will do for you. If you are very practiced at ed, maybe this partly goes away, but I maintain that you are still working harder than you need to be.<br>
42503 The people who say that ed is a quite powerful editor are correct; ed is quite capable (although sadly limited by only editing a single file). It’s just that it’s also a pain to use.<br>
42504 (They’re also correct that ed is the foundation of many other things in Unix, including sed and vi. But that doesn’t mean that the best way to learn or understand those things is to learn and use ed.)<br>
42505 This doesn’t make ed a useless, vestigial thing on modern Unix, though. There are uses for ed in non-interactive editing, for example. But on modern Unix, ed is a specialized tool, much like dc. It’s worth knowing that ed is there and roughly what it can do, but it’s probably not worth learning how to use it before you need it. And you’re unlikely to ever be in a situation where it’s the best choice for interactive editing (and if you are, something has generally gone wrong).<br>
42506 (But if you enjoy exploring the obscure corners of Unix, sure, go for it. Learn dc too, because it’s interesting in its own way and, like ed, it’s one of those classical old Unix programs.)</p>
42507 </blockquote>
42508 <hr>
42509 <p>##Beastie Bits</p>
42510 <ul>
42511 <li><a href="https://twitter.com/DavieDavieDave/status/1040359656864903169">Is there any interest in a #BSD user group in #Montreal?</a></li>
42512 <li><a href="https://www.bsdjobs.com/people/hi.html">Tell your BSD story</a></li>
42513 <li><a href="https://blog.netbsd.org/tnf/entry/finishing_leftover_tasks_from_google">Finishing leftover tasks from Google Summer of Code</a></li>
42514 <li><a href="https://undeadly.org/cgi?action=article;sid=20180906072459">Fuzzing the OpenBSD Kernel</a></li>
42515 <li><a href="http://lists.nycbug.org/pipermail/talk/2018-August/017692.html">ARM - any Tier-1 *BSD options?</a></li>
42516 </ul>
42517 <hr>
42518 <p>##Feedback/Questions</p>
42519 <ul>
42520 <li>Chris - <a href="http://dpaste.com/2Y6XBYN">byhve question</a></li>
42521 <li>Paulo - <a href="http://dpaste.com/1A88F2W">Topic suggestion</a></li>
42522 <li>Bostjan - <a href="http://dpaste.com/140ZHZD#wrap">How data gets to disk</a></li>
42523 </ul>
42524 <hr>
42525 <ul>
42526 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
42527 </ul>
42528 <hr>
42529 </description>
42530 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview</itunes:keywords>
42531 <content:encoded>
42532 <![CDATA[<p>FreeBSD and DragonflyBSD benchmarks on AMD’s Threadripper, NetBSD 7.2 has been released, optimized out DTrace kernel symbols, stuck UEFI bootloaders, why ed is not a good editor today, tell your BSD story, and more.</p>
42533
42534 <p>##Headlines<br>
42535 ###<a href="https://www.phoronix.com/scan.php?page=article&item=bsd-threadripper-2990wx&num=1">FreeBSD & DragonFlyBSD Put Up A Strong Fight On AMD’s Threadripper 2990WX, Benchmarks Against Linux</a></p>
42536
42537 <blockquote>
42538 <p>The past two weeks I have been delivering a great deal of AMD Threadripper 2990WX benchmarks on Linux as well as some against Windows and Windows Server. But recently I got around to trying out some of the BSD operating systems on this 32-core / 64-thread processor to see how they would run and to see whether they would have similar scaling issues or not like we’ve seen on the Windows side against Linux. In this article are FreeBSD and DragonFlyBSD benchmarks with the X399 + 2990WX compared to a few Linux distributions.<br>
42539 The BSDs I focused my testing on were FreeBSD 11.2-STABLE and 12.0-CURRENT/ALPHA1 (the version in development) as well as iX System’s TrueOS that is tracking FreeBSD 12.0-CURRENT. Also included were DragonFlyBSD, with FreeBSD and DragonFlyBSD being tied as my favorite operating systems when it comes to the BSDs. When it came to FreeBSD 11.2-STABLE and 12.0-ALPHA1 on the Threadripper 2990WX, it worked out surprisingly well. I encountered no real issues during my two days of benchmarking on FreeBSD (and TrueOS). It was a great experience and FreeBSD was happy to exploit the 64 threads on the system.<br>
42540 DragonFlyBSD was a bit of a different story… Last week when I started this BSD testing I tried DragonFly 5.2.2 as the latest stable release as well as a DragonFlyBSD 5.3 development snapshot from last week: both failed to boot in either BIOS or UEFI modes.<br>
42541 But then a few days ago DragonFlyBSD lead developer Matthew Dillon bought himself a 2990WX platform. He made the necessary changes to get DragonFlyBSD 5.3 working and he ended up finding really great performance and potential out of the platform. So I tried the latest DragonFlyBSD 5.3 daily ISO on 22 August and indeed it now booted successfully and we were off to the races. Thus there are some DragonFlyBSD 5.3 benchmarks included in this article too.<br>
42542 Just hours ago, Matthew Dillon landed some 2990WX topology and scheduler enhancements but that fell out of the scope of when DragonFly was installed on this system. But over the weekend or so I plan to re-test DragonFlyBSD 5.3 and see how those optimizations affect the overall 2990WX performance now on that BSD. DragonFlyBSD 5.4 stable should certainly be an interesting release on several fronts!<br>
42543 With FreeBSD 11.2-STABLE and 12.0-ALPHA1 I ran benchmarks when using their stock compiler (LLVM Clang 6.0) as well as GCC 7.3 obtained via GCC 7.3. That was done to rule out compiler differences in benchmarking against the GCC-based Linux distributions. On DragonFlyBSD 5.3 it defaults to the GCC 5.4.1 but via pkg I also did a secondary run when upgraded to GCC 7.3.<br>
42544 The hardware and BIOS/UEFI settings were maintained the same throughout the entire benchmarking process. The system was made up of the AMD Ryzen Threadripper 2990WX at stock speeds, the ASUS ROG ZENITH EXTREME motherboard, 4 x 8GB DDR4-3200MHz memory, Samsung 970 EVO 500GB NVMe SSD, and Radeon RX Vega 56 graphics card.<br>
42545 All of these Linux vs. BSD benchmarks were carried out in a fully-automated and reproducible manner using the open-source Phoronix Test Suite benchmarking framework.<br>
42546 While for the last of today’s BSD vs. Linux benchmarking on the Threadripper 2990WX, the Linux distributions came out slightly ahead of FreeBSD and DragonFlyBSD with GCC (another test having issues with Clang 6.0 on the BSDs).<br>
42547 Overall, I was quite taken away by the BSD performance on the Threadripper 2990WX – particularly FreeBSD. In a surprising number of benchmarks, the BSDs were outperforming the tested Linux distributions though often by incredibly thin margins. Still, quite an accomplishment for these BSD operating systems and considering how much better Linux is already doing than Windows 10 / Windows Server on this 32-core / 64-thread processor. Then again, the BSDs like Linux have a long history of running on high core/thread-count systems, super computers, and other HPC environments.<br>
42548 It will be interesting to see how much faster DragonFlyBSD can run given today’s commit to its kernel with scheduler and topology improvements for the 2990WX. Those additional DragonFlyBSD benchmarks will be published in the coming days once they are completed.</p>
42549 </blockquote>
42550
42551 <p><hr></p>
42552
42553 <p>###<a href="https://www.netbsd.org/releases/formal-7/NetBSD-7.2.html">NetBSD 7.2 released</a></p>
42554
42555 <blockquote>
42556 <p>The NetBSD Project is pleased to announce NetBSD 7.2, the second feature update of the NetBSD 7 release branch. It represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements.</p>
42557 </blockquote>
42558
42559 <ul>
42560 <li>General Security Note</li>
42561 </ul>
42562
42563 <p><code>The NetBSD 7.2 release is a maintenance release of the netbsd-7 branch, which had it's first major release, NetBSD 7.0 in September 2015. A lot of security features have been added to later NetBSD versions, and for new installations we highly recommend using our latest release, NetBSD 8.0 instead.</code></p>
42564
42565 <ul>
42566 <li>Some highlights of the 7.2 release are:</li>
42567 <li>Support for USB 3.0.</li>
42568 <li>Enhancements to the Linux emulation subsystem.</li>
42569 <li>Fixes in binary compatibility for ancient NetBSD executables.</li>
42570 <li>iwm(4) driver for Intel Wireless 726x, 316x, 826x and 416x series added.</li>
42571 <li>Support for Raspberry Pi 3 added.</li>
42572 <li>Fix interrupt setup on Hyper-V VMs with Legacy Network Adapter.</li>
42573 <li>SVR4 and IBCS2 compatibility subsystems have been disabled by default (besides IBCS2 on VAX). These subsystems also do not auto-load their modules any more.</li>
42574 <li>Various USB stability enhancements.</li>
42575 <li>Numerous bug fixes and stability improvements.</li>
42576 </ul>
42577
42578 <blockquote>
42579 <p>Complete source and binaries for NetBSD 7.2 are available for download at many sites around the world. A list of download sites providing FTP, AnonCVS, SUP, and other services may be found at <a href="https://www.NetBSD.org/mirrors/">https://www.NetBSD.org/mirrors/</a>. We encourage users who wish to install via ISO or USB disk images to download via BitTorrent by using the torrent files supplied in the images area. A list of hashes for the NetBSD 7.2 distribution has been signed with the well-connected PGP key for the NetBSD Security Officer: <a href="https://cdn.NetBSD.org/pub/NetBSD/security/hashes/NetBSD-7.2_hashes.asc">https://cdn.NetBSD.org/pub/NetBSD/security/hashes/NetBSD-7.2_hashes.asc</a><br>
42580 NetBSD is free. All of the code is under non-restrictive licenses, and may be used without paying royalties to anyone. Free support services are available via our mailing lists and website. Commercial support is available from a variety of sources. More extensive information on NetBSD is available from our website:</p>
42581 </blockquote>
42582
42583 <p><hr></p>
42584
42585 <p>##News Roundup<br>
42586 ###<a href="https://farhan.codes/2018/08/16/including-optimized-out-kernel-symbols-in-dtrace-on-freebsd/">Including optimized-out kernel symbols in dtrace on FreeBSD</a></p>
42587
42588 <blockquote>
42589 <p>Have you ever had dtrace(1) on FreeBSD fail to list a probe that should exist in the kernel? This is because Clang will optimize-out some functions. The result is ctfconvert(1) will not generate debugging symbols that dtrace(1) uses to identify probes. I have a quick solution to getting those probes visible to dtrace(1).</p>
42590 </blockquote>
42591
42592 <blockquote>
42593 <p>In my case, I was trying to instrument on ieee80211_ioctl_get80211, whose sister function ieee80211_ioctl_set80211 has a dtrace(1) probe in the generic FreeBSD 11 and 12 kernels. Both functions are located in /usr/src/sys/net80211/ieee80211_ioctl.c.</p>
42594 </blockquote>
42595
42596 <blockquote>
42597 <p>My first attempt was to add to /etc/make.conf as follows and recompile the kernel.</p>
42598 </blockquote>
42599
42600 <p><code>CFLAGS+=-O0 and -fno-inline-functions</code></p>
42601
42602 <blockquote>
42603 <p>This failed to produce the dtrace(1) probe. Several other attempts failed and I was getting inconsistent compilation results (Is it me or is ieee80211_ioctl.c compiled with different flags if NO_CLEAN=1 is set?). When I manually compiled the object file by copying the compilation line for the object file and adding -O0 -fno-inline-functions, nm(1) on both the object file and kernel demonstrated that the symbol was present. I installed the kernel, rebooted and it was listed as a dtrace probe. Great!</p>
42604 </blockquote>
42605
42606 <blockquote>
42607 <p>But as I continued to debug my WiFi driver (oh yeah, I’m very slowly extending rtwn(4)), I found myself rebuilding the kernel several times and frequently rebooting. Why not do this across the entire kernel?</p>
42608 </blockquote>
42609
42610 <blockquote>
42611 <p>After hacking around, my solution was to modify the build scripts. My solution was to edit /usr/src/sys/conf/kern.pre.mk and modify all optimization level 2 to optimization level 0. The following is my diff(1) on FreeBSD 12.0-CURRENT.</p>
42612 </blockquote>
42613
42614 <ul>
42615 <li>A few thoughts:</li>
42616 </ul>
42617
42618 <blockquote>
42619 <p>This seems like a hack rather than a long-term solution. Either the problem is with the hard-coded optimization flags, or the inability to overwrite them in all places in make.conf.<br>
42620 Removing optimizations is only something I would do in a non-production kernel, so its as if I have to choose between optimizations for a production kernel or having dtrace probes. But dtrace explicitly markets itself as not impactful on production.<br>
42621 Using the dtrace pony as your featured image on WordPress does not render properly and must be rotated and modified. Blame Bryan Cantrill.<br>
42622 If you have a better solution, please let me know and I will update the article, but this works for me!</p>
42623 </blockquote>
42624
42625 <p><hr></p>
42626
42627 <p>###<a href="https://www.neelc.org/freebsd-uefi-on-asus-motherboards/">FreeBSD: UEFI Bootloader stuck on BootCurrent/BootOrder/BootInfo on Asus Motherboards (and fix!)</a></p>
42628
42629 <blockquote>
42630 <p>Starting with FreeBSD CURRENT from about a few weeks of posting date, but including FreeBSD 12 alpha releases (not related to DEC Alpha), I noticed one thing: When I boot FreeBSD from UEFI on a homebuilt desktop with a Asus H87M-E motherboard, and have Root on ZFS, the bootloader gets stuck on lines like BootCurrent, BootOrder, and BootInfo. This issue occurs when I try to boot directly to efi\boot\bootx64.efi.</p>
42631 </blockquote>
42632
42633 <blockquote>
42634 <p>One person had a similar issue on a Asus H87I-PLUS motherboard. This issue may or may not exist on other Asus motherboards, desktops, or laptops. This may be specific to Asus motherboards for Intel’s Haswell, but may also exist on newer systems (e.g. Skylake) or older (e.g. Ivy Bridge) with Asus motherboards, as well as Asus desktops or laptops.</p>
42635 </blockquote>
42636
42637 <ul>
42638 <li>There are two solutions to this problem:</li>
42639 <li>Use Legacy BIOS mode instead of UEFI mode</li>
42640 <li>Install a FreeBSD UEFI Boot entry</li>
42641 </ul>
42642
42643 <blockquote>
42644 <p>Keep in mind that I am not going to talk about this issue and third-party UEFI boot managers such as rEFInd here.<br>
42645 The first option is rather straightforward: you need to make sure your computer has “Secure Boot” disabled and “Legacy Boot” or “CSM” enabled. Then, you need to make sure FreeBSD is installed in BIOS mode. However, this solution is (in my opinion) suboptimal. Why? Because:<br>
42646 You won’t be able to use hard drives bigger than 2TB<br>
42647 You are limited to MBR Partitioning on Asus motherboards with UEFI as Asus motherboards refuse to boot GPT partitioned disks in BIOS mode<br>
42648 Legacy BIOS mode may not exist on future computers or motherboards (although those systems may not have this issue, and this issue may get fixed by then)<br>
42649 The second option, however, is less straightforward, but will let you keep UEFI. Many UEFI systems, including affected Asus motherboards described here, include a boot manager built into the UEFI. FreeBSD includes a tool called efibootmgr to manage this, similar to the similarly-named tool in Linux, but with a different syntax.</p>
42650 </blockquote>
42651
42652 <p><hr></p>
42653
42654 <p>###<a href="https://utcc.utoronto.ca/~cks/space/blog/unix/EdNoLongerGoodEditor">Why ed(1) is not a good editor today</a></p>
42655
42656 <blockquote>
42657 <p>I’ll start with my tweet:</p>
42658 </blockquote>
42659
42660 <p><code>Heretical Unix opinion time: ed(1) may be the 'standard Unix editor', but it is not a particularly good editor outside of a limited environment that almost never applies today.</code></p>
42661
42662 <blockquote>
42663 <p>There is a certain portion of Unixdom that really likes ed(1), the ‘standard Unix editor’. Having actually used ed for a not insignificant amount of time (although it was the friendlier ‘UofT ed’ variant), I have some reactions to what I feel is sometimes overzealous praise of it. One of these is what I tweeted.<br>
42664 The fundamental limitation of ed is that it is what I call an indirect manipulation interface, in contrast to the explicit manipulation interfaces of screen editors like vi and graphical editors like sam (which are generally lumped together as ‘visual’ editors, so called because they actually show you the text you’re editing). When you edit text in ed, you have some problems that you don’t have in visual editors; you have to maintain in your head the context of what the text looks like (and where you are in it), you have to figure out how to address portions of that text in order to modify them, and finally you have to think about how your edit commands will change the context. Copious use of ed’s p command can help with the first problem, but nothing really deals with the other two. In order to use ed, you basically have to simulate parts of ed in your head.<br>
42665 Ed is a great editor in situations where the editor explicitly presenting this context is a very expensive or outright impossible operation. Ed works great on real teletypes, for example, or over extremely slow links where you want to send and receive as little data as possible (and on real teletypes you have some amount of context in the form of an actual printout that you can look back at). Back in the old days of Unix, this described a fairly large number of situations; you had actual teletypes, you had slow dialup links (and later slow, high latency network links), and you had slow and heavily overloaded systems.<br>
42666 However, that’s no longer the situation today (at least almost all of the time). Modern systems and links can easily support visual editors that continually show you the context of the text and generally let you more or less directly manipulate it (whether that is through cursoring around it or using a mouse). Such editors are easier and faster to use, and they leave you with more brainpower free to think about things like the program you’re writing (which is the important thing).<br>
42667 If you can use a visual editor, ed is not a particularly good editor to use instead; you will probably spend a lot of effort (and some amount of time) on doing by hand something that the visual editor will do for you. If you are very practiced at ed, maybe this partly goes away, but I maintain that you are still working harder than you need to be.<br>
42668 The people who say that ed is a quite powerful editor are correct; ed is quite capable (although sadly limited by only editing a single file). It’s just that it’s also a pain to use.<br>
42669 (They’re also correct that ed is the foundation of many other things in Unix, including sed and vi. But that doesn’t mean that the best way to learn or understand those things is to learn and use ed.)<br>
42670 This doesn’t make ed a useless, vestigial thing on modern Unix, though. There are uses for ed in non-interactive editing, for example. But on modern Unix, ed is a specialized tool, much like dc. It’s worth knowing that ed is there and roughly what it can do, but it’s probably not worth learning how to use it before you need it. And you’re unlikely to ever be in a situation where it’s the best choice for interactive editing (and if you are, something has generally gone wrong).<br>
42671 (But if you enjoy exploring the obscure corners of Unix, sure, go for it. Learn dc too, because it’s interesting in its own way and, like ed, it’s one of those classical old Unix programs.)</p>
42672 </blockquote>
42673
42674 <p><hr></p>
42675
42676 <p>##Beastie Bits</p>
42677
42678 <ul>
42679 <li><a href="https://twitter.com/DavieDavieDave/status/1040359656864903169">Is there any interest in a #BSD user group in #Montreal?</a></li>
42680 <li><a href="https://www.bsdjobs.com/people/hi.html">Tell your BSD story</a></li>
42681 <li><a href="https://blog.netbsd.org/tnf/entry/finishing_leftover_tasks_from_google">Finishing leftover tasks from Google Summer of Code</a></li>
42682 <li><a href="https://undeadly.org/cgi?action=article;sid=20180906072459">Fuzzing the OpenBSD Kernel</a></li>
42683 <li><a href="http://lists.nycbug.org/pipermail/talk/2018-August/017692.html">ARM - any Tier-1 *BSD options?</a></li>
42684 </ul>
42685
42686 <p><hr></p>
42687
42688 <p>##Feedback/Questions</p>
42689
42690 <ul>
42691 <li>Chris - <a href="http://dpaste.com/2Y6XBYN">byhve question</a></li>
42692 <li>Paulo - <a href="http://dpaste.com/1A88F2W">Topic suggestion</a></li>
42693 <li>Bostjan - <a href="http://dpaste.com/140ZHZD#wrap">How data gets to disk</a></li>
42694 </ul>
42695
42696 <p><hr></p>
42697
42698 <ul>
42699 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
42700 </ul>
42701
42702 <p><hr></p>]]>
42703 </content:encoded>
42704 <itunes:summary>
42705 <![CDATA[<p>FreeBSD and DragonflyBSD benchmarks on AMD’s Threadripper, NetBSD 7.2 has been released, optimized out DTrace kernel symbols, stuck UEFI bootloaders, why ed is not a good editor today, tell your BSD story, and more.</p>
42706
42707 <p>##Headlines<br>
42708 ###<a href="https://www.phoronix.com/scan.php?page=article&item=bsd-threadripper-2990wx&num=1">FreeBSD & DragonFlyBSD Put Up A Strong Fight On AMD’s Threadripper 2990WX, Benchmarks Against Linux</a></p>
42709
42710 <blockquote>
42711 <p>The past two weeks I have been delivering a great deal of AMD Threadripper 2990WX benchmarks on Linux as well as some against Windows and Windows Server. But recently I got around to trying out some of the BSD operating systems on this 32-core / 64-thread processor to see how they would run and to see whether they would have similar scaling issues or not like we’ve seen on the Windows side against Linux. In this article are FreeBSD and DragonFlyBSD benchmarks with the X399 + 2990WX compared to a few Linux distributions.<br>
42712 The BSDs I focused my testing on were FreeBSD 11.2-STABLE and 12.0-CURRENT/ALPHA1 (the version in development) as well as iX System’s TrueOS that is tracking FreeBSD 12.0-CURRENT. Also included were DragonFlyBSD, with FreeBSD and DragonFlyBSD being tied as my favorite operating systems when it comes to the BSDs. When it came to FreeBSD 11.2-STABLE and 12.0-ALPHA1 on the Threadripper 2990WX, it worked out surprisingly well. I encountered no real issues during my two days of benchmarking on FreeBSD (and TrueOS). It was a great experience and FreeBSD was happy to exploit the 64 threads on the system.<br>
42713 DragonFlyBSD was a bit of a different story… Last week when I started this BSD testing I tried DragonFly 5.2.2 as the latest stable release as well as a DragonFlyBSD 5.3 development snapshot from last week: both failed to boot in either BIOS or UEFI modes.<br>
42714 But then a few days ago DragonFlyBSD lead developer Matthew Dillon bought himself a 2990WX platform. He made the necessary changes to get DragonFlyBSD 5.3 working and he ended up finding really great performance and potential out of the platform. So I tried the latest DragonFlyBSD 5.3 daily ISO on 22 August and indeed it now booted successfully and we were off to the races. Thus there are some DragonFlyBSD 5.3 benchmarks included in this article too.<br>
42715 Just hours ago, Matthew Dillon landed some 2990WX topology and scheduler enhancements but that fell out of the scope of when DragonFly was installed on this system. But over the weekend or so I plan to re-test DragonFlyBSD 5.3 and see how those optimizations affect the overall 2990WX performance now on that BSD. DragonFlyBSD 5.4 stable should certainly be an interesting release on several fronts!<br>
42716 With FreeBSD 11.2-STABLE and 12.0-ALPHA1 I ran benchmarks when using their stock compiler (LLVM Clang 6.0) as well as GCC 7.3 obtained via GCC 7.3. That was done to rule out compiler differences in benchmarking against the GCC-based Linux distributions. On DragonFlyBSD 5.3 it defaults to the GCC 5.4.1 but via pkg I also did a secondary run when upgraded to GCC 7.3.<br>
42717 The hardware and BIOS/UEFI settings were maintained the same throughout the entire benchmarking process. The system was made up of the AMD Ryzen Threadripper 2990WX at stock speeds, the ASUS ROG ZENITH EXTREME motherboard, 4 x 8GB DDR4-3200MHz memory, Samsung 970 EVO 500GB NVMe SSD, and Radeon RX Vega 56 graphics card.<br>
42718 All of these Linux vs. BSD benchmarks were carried out in a fully-automated and reproducible manner using the open-source Phoronix Test Suite benchmarking framework.<br>
42719 While for the last of today’s BSD vs. Linux benchmarking on the Threadripper 2990WX, the Linux distributions came out slightly ahead of FreeBSD and DragonFlyBSD with GCC (another test having issues with Clang 6.0 on the BSDs).<br>
42720 Overall, I was quite taken away by the BSD performance on the Threadripper 2990WX – particularly FreeBSD. In a surprising number of benchmarks, the BSDs were outperforming the tested Linux distributions though often by incredibly thin margins. Still, quite an accomplishment for these BSD operating systems and considering how much better Linux is already doing than Windows 10 / Windows Server on this 32-core / 64-thread processor. Then again, the BSDs like Linux have a long history of running on high core/thread-count systems, super computers, and other HPC environments.<br>
42721 It will be interesting to see how much faster DragonFlyBSD can run given today’s commit to its kernel with scheduler and topology improvements for the 2990WX. Those additional DragonFlyBSD benchmarks will be published in the coming days once they are completed.</p>
42722 </blockquote>
42723
42724 <p><hr></p>
42725
42726 <p>###<a href="https://www.netbsd.org/releases/formal-7/NetBSD-7.2.html">NetBSD 7.2 released</a></p>
42727
42728 <blockquote>
42729 <p>The NetBSD Project is pleased to announce NetBSD 7.2, the second feature update of the NetBSD 7 release branch. It represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements.</p>
42730 </blockquote>
42731
42732 <ul>
42733 <li>General Security Note</li>
42734 </ul>
42735
42736 <p><code>The NetBSD 7.2 release is a maintenance release of the netbsd-7 branch, which had it's first major release, NetBSD 7.0 in September 2015. A lot of security features have been added to later NetBSD versions, and for new installations we highly recommend using our latest release, NetBSD 8.0 instead.</code></p>
42737
42738 <ul>
42739 <li>Some highlights of the 7.2 release are:</li>
42740 <li>Support for USB 3.0.</li>
42741 <li>Enhancements to the Linux emulation subsystem.</li>
42742 <li>Fixes in binary compatibility for ancient NetBSD executables.</li>
42743 <li>iwm(4) driver for Intel Wireless 726x, 316x, 826x and 416x series added.</li>
42744 <li>Support for Raspberry Pi 3 added.</li>
42745 <li>Fix interrupt setup on Hyper-V VMs with Legacy Network Adapter.</li>
42746 <li>SVR4 and IBCS2 compatibility subsystems have been disabled by default (besides IBCS2 on VAX). These subsystems also do not auto-load their modules any more.</li>
42747 <li>Various USB stability enhancements.</li>
42748 <li>Numerous bug fixes and stability improvements.</li>
42749 </ul>
42750
42751 <blockquote>
42752 <p>Complete source and binaries for NetBSD 7.2 are available for download at many sites around the world. A list of download sites providing FTP, AnonCVS, SUP, and other services may be found at <a href="https://www.NetBSD.org/mirrors/">https://www.NetBSD.org/mirrors/</a>. We encourage users who wish to install via ISO or USB disk images to download via BitTorrent by using the torrent files supplied in the images area. A list of hashes for the NetBSD 7.2 distribution has been signed with the well-connected PGP key for the NetBSD Security Officer: <a href="https://cdn.NetBSD.org/pub/NetBSD/security/hashes/NetBSD-7.2_hashes.asc">https://cdn.NetBSD.org/pub/NetBSD/security/hashes/NetBSD-7.2_hashes.asc</a><br>
42753 NetBSD is free. All of the code is under non-restrictive licenses, and may be used without paying royalties to anyone. Free support services are available via our mailing lists and website. Commercial support is available from a variety of sources. More extensive information on NetBSD is available from our website:</p>
42754 </blockquote>
42755
42756 <p><hr></p>
42757
42758 <p>##News Roundup<br>
42759 ###<a href="https://farhan.codes/2018/08/16/including-optimized-out-kernel-symbols-in-dtrace-on-freebsd/">Including optimized-out kernel symbols in dtrace on FreeBSD</a></p>
42760
42761 <blockquote>
42762 <p>Have you ever had dtrace(1) on FreeBSD fail to list a probe that should exist in the kernel? This is because Clang will optimize-out some functions. The result is ctfconvert(1) will not generate debugging symbols that dtrace(1) uses to identify probes. I have a quick solution to getting those probes visible to dtrace(1).</p>
42763 </blockquote>
42764
42765 <blockquote>
42766 <p>In my case, I was trying to instrument on ieee80211_ioctl_get80211, whose sister function ieee80211_ioctl_set80211 has a dtrace(1) probe in the generic FreeBSD 11 and 12 kernels. Both functions are located in /usr/src/sys/net80211/ieee80211_ioctl.c.</p>
42767 </blockquote>
42768
42769 <blockquote>
42770 <p>My first attempt was to add to /etc/make.conf as follows and recompile the kernel.</p>
42771 </blockquote>
42772
42773 <p><code>CFLAGS+=-O0 and -fno-inline-functions</code></p>
42774
42775 <blockquote>
42776 <p>This failed to produce the dtrace(1) probe. Several other attempts failed and I was getting inconsistent compilation results (Is it me or is ieee80211_ioctl.c compiled with different flags if NO_CLEAN=1 is set?). When I manually compiled the object file by copying the compilation line for the object file and adding -O0 -fno-inline-functions, nm(1) on both the object file and kernel demonstrated that the symbol was present. I installed the kernel, rebooted and it was listed as a dtrace probe. Great!</p>
42777 </blockquote>
42778
42779 <blockquote>
42780 <p>But as I continued to debug my WiFi driver (oh yeah, I’m very slowly extending rtwn(4)), I found myself rebuilding the kernel several times and frequently rebooting. Why not do this across the entire kernel?</p>
42781 </blockquote>
42782
42783 <blockquote>
42784 <p>After hacking around, my solution was to modify the build scripts. My solution was to edit /usr/src/sys/conf/kern.pre.mk and modify all optimization level 2 to optimization level 0. The following is my diff(1) on FreeBSD 12.0-CURRENT.</p>
42785 </blockquote>
42786
42787 <ul>
42788 <li>A few thoughts:</li>
42789 </ul>
42790
42791 <blockquote>
42792 <p>This seems like a hack rather than a long-term solution. Either the problem is with the hard-coded optimization flags, or the inability to overwrite them in all places in make.conf.<br>
42793 Removing optimizations is only something I would do in a non-production kernel, so its as if I have to choose between optimizations for a production kernel or having dtrace probes. But dtrace explicitly markets itself as not impactful on production.<br>
42794 Using the dtrace pony as your featured image on WordPress does not render properly and must be rotated and modified. Blame Bryan Cantrill.<br>
42795 If you have a better solution, please let me know and I will update the article, but this works for me!</p>
42796 </blockquote>
42797
42798 <p><hr></p>
42799
42800 <p>###<a href="https://www.neelc.org/freebsd-uefi-on-asus-motherboards/">FreeBSD: UEFI Bootloader stuck on BootCurrent/BootOrder/BootInfo on Asus Motherboards (and fix!)</a></p>
42801
42802 <blockquote>
42803 <p>Starting with FreeBSD CURRENT from about a few weeks of posting date, but including FreeBSD 12 alpha releases (not related to DEC Alpha), I noticed one thing: When I boot FreeBSD from UEFI on a homebuilt desktop with a Asus H87M-E motherboard, and have Root on ZFS, the bootloader gets stuck on lines like BootCurrent, BootOrder, and BootInfo. This issue occurs when I try to boot directly to efi\boot\bootx64.efi.</p>
42804 </blockquote>
42805
42806 <blockquote>
42807 <p>One person had a similar issue on a Asus H87I-PLUS motherboard. This issue may or may not exist on other Asus motherboards, desktops, or laptops. This may be specific to Asus motherboards for Intel’s Haswell, but may also exist on newer systems (e.g. Skylake) or older (e.g. Ivy Bridge) with Asus motherboards, as well as Asus desktops or laptops.</p>
42808 </blockquote>
42809
42810 <ul>
42811 <li>There are two solutions to this problem:</li>
42812 <li>Use Legacy BIOS mode instead of UEFI mode</li>
42813 <li>Install a FreeBSD UEFI Boot entry</li>
42814 </ul>
42815
42816 <blockquote>
42817 <p>Keep in mind that I am not going to talk about this issue and third-party UEFI boot managers such as rEFInd here.<br>
42818 The first option is rather straightforward: you need to make sure your computer has “Secure Boot” disabled and “Legacy Boot” or “CSM” enabled. Then, you need to make sure FreeBSD is installed in BIOS mode. However, this solution is (in my opinion) suboptimal. Why? Because:<br>
42819 You won’t be able to use hard drives bigger than 2TB<br>
42820 You are limited to MBR Partitioning on Asus motherboards with UEFI as Asus motherboards refuse to boot GPT partitioned disks in BIOS mode<br>
42821 Legacy BIOS mode may not exist on future computers or motherboards (although those systems may not have this issue, and this issue may get fixed by then)<br>
42822 The second option, however, is less straightforward, but will let you keep UEFI. Many UEFI systems, including affected Asus motherboards described here, include a boot manager built into the UEFI. FreeBSD includes a tool called efibootmgr to manage this, similar to the similarly-named tool in Linux, but with a different syntax.</p>
42823 </blockquote>
42824
42825 <p><hr></p>
42826
42827 <p>###<a href="https://utcc.utoronto.ca/~cks/space/blog/unix/EdNoLongerGoodEditor">Why ed(1) is not a good editor today</a></p>
42828
42829 <blockquote>
42830 <p>I’ll start with my tweet:</p>
42831 </blockquote>
42832
42833 <p><code>Heretical Unix opinion time: ed(1) may be the 'standard Unix editor', but it is not a particularly good editor outside of a limited environment that almost never applies today.</code></p>
42834
42835 <blockquote>
42836 <p>There is a certain portion of Unixdom that really likes ed(1), the ‘standard Unix editor’. Having actually used ed for a not insignificant amount of time (although it was the friendlier ‘UofT ed’ variant), I have some reactions to what I feel is sometimes overzealous praise of it. One of these is what I tweeted.<br>
42837 The fundamental limitation of ed is that it is what I call an indirect manipulation interface, in contrast to the explicit manipulation interfaces of screen editors like vi and graphical editors like sam (which are generally lumped together as ‘visual’ editors, so called because they actually show you the text you’re editing). When you edit text in ed, you have some problems that you don’t have in visual editors; you have to maintain in your head the context of what the text looks like (and where you are in it), you have to figure out how to address portions of that text in order to modify them, and finally you have to think about how your edit commands will change the context. Copious use of ed’s p command can help with the first problem, but nothing really deals with the other two. In order to use ed, you basically have to simulate parts of ed in your head.<br>
42838 Ed is a great editor in situations where the editor explicitly presenting this context is a very expensive or outright impossible operation. Ed works great on real teletypes, for example, or over extremely slow links where you want to send and receive as little data as possible (and on real teletypes you have some amount of context in the form of an actual printout that you can look back at). Back in the old days of Unix, this described a fairly large number of situations; you had actual teletypes, you had slow dialup links (and later slow, high latency network links), and you had slow and heavily overloaded systems.<br>
42839 However, that’s no longer the situation today (at least almost all of the time). Modern systems and links can easily support visual editors that continually show you the context of the text and generally let you more or less directly manipulate it (whether that is through cursoring around it or using a mouse). Such editors are easier and faster to use, and they leave you with more brainpower free to think about things like the program you’re writing (which is the important thing).<br>
42840 If you can use a visual editor, ed is not a particularly good editor to use instead; you will probably spend a lot of effort (and some amount of time) on doing by hand something that the visual editor will do for you. If you are very practiced at ed, maybe this partly goes away, but I maintain that you are still working harder than you need to be.<br>
42841 The people who say that ed is a quite powerful editor are correct; ed is quite capable (although sadly limited by only editing a single file). It’s just that it’s also a pain to use.<br>
42842 (They’re also correct that ed is the foundation of many other things in Unix, including sed and vi. But that doesn’t mean that the best way to learn or understand those things is to learn and use ed.)<br>
42843 This doesn’t make ed a useless, vestigial thing on modern Unix, though. There are uses for ed in non-interactive editing, for example. But on modern Unix, ed is a specialized tool, much like dc. It’s worth knowing that ed is there and roughly what it can do, but it’s probably not worth learning how to use it before you need it. And you’re unlikely to ever be in a situation where it’s the best choice for interactive editing (and if you are, something has generally gone wrong).<br>
42844 (But if you enjoy exploring the obscure corners of Unix, sure, go for it. Learn dc too, because it’s interesting in its own way and, like ed, it’s one of those classical old Unix programs.)</p>
42845 </blockquote>
42846
42847 <p><hr></p>
42848
42849 <p>##Beastie Bits</p>
42850
42851 <ul>
42852 <li><a href="https://twitter.com/DavieDavieDave/status/1040359656864903169">Is there any interest in a #BSD user group in #Montreal?</a></li>
42853 <li><a href="https://www.bsdjobs.com/people/hi.html">Tell your BSD story</a></li>
42854 <li><a href="https://blog.netbsd.org/tnf/entry/finishing_leftover_tasks_from_google">Finishing leftover tasks from Google Summer of Code</a></li>
42855 <li><a href="https://undeadly.org/cgi?action=article;sid=20180906072459">Fuzzing the OpenBSD Kernel</a></li>
42856 <li><a href="http://lists.nycbug.org/pipermail/talk/2018-August/017692.html">ARM - any Tier-1 *BSD options?</a></li>
42857 </ul>
42858
42859 <p><hr></p>
42860
42861 <p>##Feedback/Questions</p>
42862
42863 <ul>
42864 <li>Chris - <a href="http://dpaste.com/2Y6XBYN">byhve question</a></li>
42865 <li>Paulo - <a href="http://dpaste.com/1A88F2W">Topic suggestion</a></li>
42866 <li>Bostjan - <a href="http://dpaste.com/140ZHZD#wrap">How data gets to disk</a></li>
42867 </ul>
42868
42869 <p><hr></p>
42870
42871 <ul>
42872 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
42873 </ul>
42874
42875 <p><hr></p>]]>
42876 </itunes:summary>
42877 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+C2nfDNgj</fireside:playerURL>
42878 <fireside:playerEmbedCode>
42879 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+C2nfDNgj" width="740" height="200" frameborder="0" scrolling="no">]]>
42880 </fireside:playerEmbedCode>
42881 </item>
42882 <item>
42883 <title>Episode 263: Encrypt That Pool | BSD Now 263</title>
42884 <link>https://www.bsdnow.tv/263</link>
42885 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-2528</guid>
42886 <pubDate>Fri, 07 Sep 2018 11:00:00 -0700</pubDate>
42887 <author>Allan Jude</author>
42888 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/c8edc035-36d5-4699-a081-43c1e08686bf.mp3" length="38437869" type="audio/mp3"/>
42889 <itunes:episodeType>full</itunes:episodeType>
42890 <itunes:author>Allan Jude</itunes:author>
42891 <itunes:subtitle>Mitigating Spectre/Meltdown on HP Proliant servers, omniOS installation setup, debugging a memory corruption issue on OpenBSD, CfT for OpenZFS native encryption, Asigra TrueNAS backup appliance shown at VMworld, NetBSD 6 EoL, and more.</itunes:subtitle>
42892 <itunes:duration>1:03:45</itunes:duration>
42893 <itunes:explicit>no</itunes:explicit>
42894 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
42895 <description>Mitigating Spectre/Meltdown on HP Proliant servers, omniOS installation setup, debugging a memory corruption issue on OpenBSD, CfT for OpenZFS native encryption, Asigra TrueNAS backup appliance shown at VMworld, NetBSD 6 EoL, and more.
42896 <hr>
42897 <p>##Headlines<br>
42898 <a href="https://www.adminbyaccident.com/freebsd/how-to-freebsd/how-to-mitigate-spectre-and-meltdown-on-an-hp-proliant-server-with-freebsd/">How to mitigate Spectre and Meltdown on an HP Proliant server with FreeBSD</a></p>
42899 <blockquote>
42900 <p>As recently announced in a previous article I wanted to write a couple of guides on how to mitigate Spectre and Meltdown vulnerabilities in GNU/Linux and UNIX environments. It is always a good and I hope a standard practice to have your systems patched and if they aren’t for whatever the reason (that legacy thing you’re carrying on for ages) you may take the necessary extra steps to protect your environment. I never planned to do any article on patching anything. Nowadays it’s a no brainer and operating systems have provided the necessary tools for this to be easy and as smooth as possible. So why this article?<br>
42901 Spectre and Meltdown are both hardware vulnerabilities. Major ones. They are meaningful for several reasons among them the world wide impact since they affect Intel and AMD systems which are ubiquitous. And second because patching hardware is not as easy, for the manufacturer and for the users or administrators in charge of the systems. There is still no known exploit around left out in the open hitting servers or desktops anywhere. The question is not if it will ever happen. The question is when will it happen. And it may be sooner than later. This is why big companies, governments and people in charge of big deployments are patching or have already patched their systems. But have you done it to your system? I know you have a firewall. Have you thought about CVE-2018-3639? This particular one could make your browser being a vector to get into your system. So, no, there is no reason to skip this.<br>
42902 Patching these set of vulnerabilities implies some more steps and concerns than updating the operating system. If you are a regular Windows user I find rare you to be here and many of the things you will read may be foreign to you. I am not planning to do a guide on Windows systems since I believe someone else has or will do it and will do it better than me since I am not a pro Windows user. However there is one basic and common thing for all OS’s when dealing with Spectre and Meltdown and that is a microcode update is necessary for the OS patches to effectively work.<br>
42903 What is microcode? You can read the Wikipedia article but in short it is basically a layer of code that allows chip manufacturers to deal with modifications on the hardware they’ve produced and the operating systems that will manage that hardware. Since there’s been some issues (namely Spectre and Meltdown) Intel and AMD respectively have released a series of microcode updates to address those problems. First series did come with serious problems and some regressions, to the point GNU/Linux producers stopped releasing the microcode updates through their release channels for updates and placed the ball on Intel’s roof. Patching fast does always include risks, specially when dealing with hardware. OS vendors have resumed their microcode update releases so all seems to be fine now.<br>
42904 In order to update the microcode we’re faced with two options. Download the most recent BIOS release from our vendor, provided it patches the Spectre and Meltdown vulnerabilities, or patch it from the OS. If your hardware vendor has decided not to provide support on your hardware you are forced to use the latter solution. Yes, you can still keep your hardware. They usually come accompanied with a “release notes” file where there are some explanatory notes on what is fixed, what is new, etc. To make the search easy for you a news site collected the vendors list and linked the right support pages for anyone to look. In some scenarios it would be desirable not to replace the whole BIOS but just update the microcode from the OS side. In my case I should update an HP Proliant ML110 G7 box and the download link for that would be this.<br>
42905 Instead of using the full blown BIOS update path we’ll use the inner utilities to patch Spectre and Meltdown on FreeBSD. So let’s put our hands on it</p>
42906 </blockquote>
42907 <ul>
42908 <li>See the article for the technical breakdown</li>
42909 </ul>
42910 <hr>
42911 <p>###<a href="https://eerielinux.wordpress.com/2018/08/25/a-look-beyond-the-bsd-teacup-omnios-installation/">A look beyond the BSD teacup: OmniOS installation</a></p>
42912 <blockquote>
42913 <p>Five years ago I wrote a post about taking a look beyond the Linux teacup. I was an Arch Linux user back then and since there were projects like ArchBSD (called PacBSD today) and Arch Hurd, I decided to take a look at and write about them. Things have changed. Today I’m a happy FreeBSD user, but it’s time again to take a look beyond the teacup of operating systems that I’m familiar with.</p>
42914 </blockquote>
42915 <ul>
42916 <li>Why Illumos / OmniOS?</li>
42917 </ul>
42918 <blockquote>
42919 <p>There are a couple of reasons. The Solaris derivatives are the other big community in the *nix family besides Linux and the BSDs and we hadn’t met so far. Working with ZFS on FreeBSD, I now and then I read messages that contain a reference to Illumos which certainly helps to keep up the awareness. Of course there has also been a bit of curiosity – what might the OS be like that grew ZFS?<br>
42920 Also the Ravenports project that I participate in planned to support Solaris/Illumos right from the beginning. I wanted to at least be somewhat “prepared” when support for that platform would finally land. So I did a little research on the various derivatives available and settled on the one that I had heard a talk about at last year’s conference of the German Unix Users Group: “OmniOS – Solaris for the Rest of Us”. I would have chosen SmartOS as I admire what Bryan Cantrill does but for getting to know Illumos I prefer a traditional installation over a run-from-RAM system.<br>
42921 Of course FreeBSD is not run by corporations, especially when compared to the state of Linux. And when it comes to sponsoring, OpenBSD also takes the money… When it comes to FreeBSD developers, there’s probably some truth to the claim that some of them are using macOS as their desktop systems while OpenBSD devs are more likely to develop on their OS of choice. But then there’s the statement that “every innovation in the past decade comes from Solaris”. Bhyve alone proves this wrong. But let’s be honest: Two of the major technologies that make FreeBSD a great platform today – ZFS and DTrace – actually do come from Solaris. PAM originates there and a more modern way of managing services as well. Also you hear good things about their zones and a lot of small utilities in general.<br>
42922 In the end it was a lack of time that made me cheat and go down the easiest road: Create a Vagrantfile and just pull a VM image of the net that someone else had prepared… This worked to just make sure that the Raven packages work on OmniOS. I was determined to return, though – someday. You know how things go: “someday” is a pretty common alias for “probably never, actually.”<br>
42923 But then I heard about a forum post on the BSDNow! podcast. The title “Initial OmniOS impressions by a BSD user” caught my attention. I read that it was written by somebody who had used FreeBSD for years but loathed the new Code of Conduct enough to leave. I also oppose the Conduct and have made that pretty clear in my February post [ ! -z ${COC} ] &amp;&amp; exit 1. As stated there, I have stayed with my favorite OS and continue to advocate it. I decided to stop reading the post and try things out on my own instead. Now I’ve finally found the time to do so.</p>
42924 </blockquote>
42925 <ul>
42926 <li>What’s next?</li>
42927 </ul>
42928 <blockquote>
42929 <p>That’s it for part one. In part two I’ll try to make the system useful. So far I have run into a problem that I haven’t been able to solve. But I have some time now to figure things out for the next post. Let’s see if I manage to get it working or if I have to report failure!</p>
42930 </blockquote>
42931 <hr>
42932 <p>###<a href="https://wiki.freebsd.org/Memory">What are all these types of memory in top(1)?</a></p>
42933 <ul>
42934 <li>Earlier this week I convinced Mark Johnston, one of the FreeBSD VM experts to update a page on the FreeBSD wiki that I saw was being referenced on stackoverflow and similar sites</li>
42935 <li>Mark updated the explanations to be more correct, and to include more technical detail for inquiring minds</li>
42936 <li>He also added the new type that appeared in FreeBSD somewhat recently</li>
42937 </ul>
42938 <blockquote>
42939 <p>Active - Contains memory “actively” (recently) being used by applications<br>
42940 Inactive - Contains memory that has not been touched recently, or was released from the Buffer Cache<br>
42941 Laundry - Contains memory that Inactive but still potentially contains useful data that needs to be stored before this memory can be used again<br>
42942 Wired - Memory that cannot be swapped out, including the kernel, network stack, and the ZFS ARC<br>
42943 Buf - Buffer Cache, used my UFS and most filesystems except ZFS (which uses the ARC)<br>
42944 Free - Memory that is immediately available for use by the rest of the system</p>
42945 </blockquote>
42946 <hr>
42947 <p>##News Roundup<br>
42948 <a href="https://nanxiao.me/en/openbsd-saves-me-again-debug-a-memory-corruption-issue/">OpenBSD saves me again! — Debug a memory corruption issue</a></p>
42949 <blockquote>
42950 <p>Yesterday, I came across a third-part library issue, which crashes at allocating memory:</p>
42951 </blockquote>
42952 <p><code>Program terminated with signal SIGSEGV, Segmentation fault.</code><br>
42953 <code>#0 0x00007f594a5a9b6b in _int_malloc () from /usr/lib/libc.so.6</code><br>
42954 <code>(gdb) bt</code><br>
42955 <code>#0 0x00007f594a5a9b6b in _int_malloc () from /usr/lib/libc.so.6</code><br>
42956 <code>#1 0x00007f594a5ab503 in malloc () from /usr/lib/libc.so.6</code><br>
42957 <code>#2 0x00007f594b13f159 in operator new (sz=5767168) at /build/gcc/src/gcc/libstdc++-v3/libsupc++/new_op.cc:50</code></p>
42958 <blockquote>
42959 <p>It is obvious that the memory tags are corrupted, but who is the murder? Since the library involves a lot of maths computation, it is not an easy task to grasp the code quickly. So I need to find another way:<br>
42960 (1) Open all warnings during compilation: -Wall. Nothing found.<br>
42961 (2) Use valgrind, but unfortunately, valgrind crashes itself:</p>
42962 </blockquote>
42963 <p><code>valgrind: the 'impossible' happened:</code><br>
42964 <code>Killed by fatal signal</code><br>
42965 <code></code><br>
42966 <code>host stacktrace:</code><br>
42967 <code>==43326== at 0x58053139: get_bszB_as_is (m_mallocfree.c:303)</code><br>
42968 <code>==43326== by 0x58053139: get_bszB (m_mallocfree.c:315)</code><br>
42969 <code>==43326== by 0x58053139: vgPlain_arena_malloc (m_mallocfree.c:1799)</code><br>
42970 <code>==43326== by 0x5800BA84: vgMemCheck_new_block (mc_malloc_wrappers.c:372)</code><br>
42971 <code>==43326== by 0x5800BD39: vgMemCheck___builtin_vec_new (mc_malloc_wrappers.c:427)</code><br>
42972 <code>==43326== by 0x5809F785: do_client_request (scheduler.c:1866)</code><br>
42973 <code>==43326== by 0x5809F785: vgPlain_scheduler (scheduler.c:1433)</code><br>
42974 <code>==43326== by 0x580AED50: thread_wrapper (syswrap-linux.c:103)</code><br>
42975 <code>==43326== by 0x580AED50: run_a_thread_NORETURN (syswrap-linux.c:156)</code><br>
42976 <code></code><br>
42977 <code>sched status:</code><br>
42978 <code>running_tid=1</code></p>
42979 <blockquote>
42980 <p>(3) Change compiler, use clang instead of gcc, and hope it can give me some clues. Still no effect.<br>
42981 (4) Switch Operating System from Linux to OpenBSD, the program crashes again. But this time, it tells me where the memory corruption occurs:</p>
42982 </blockquote>
42983 <p><code>Program terminated with signal SIGSEGV, Segmentation fault.</code><br>
42984 <code>#0 0x000014b07f01e52d in addMod (r=&lt;error reading variable&gt;, a=4693443247995522, b=28622907746665631,</code></p>
42985 <blockquote>
42986 <p>I figure out the issue quickly, and not bother to understand the whole code. OpenBSD saves me again, thanks!</p>
42987 </blockquote>
42988 <hr>
42989 <p>###<a href="https://lists.freebsd.org/pipermail/freebsd-current/2018-August/070832.html">Native Encryption for ZFS on FreeBSD (Call for Testing)</a></p>
42990 <blockquote>
42991 <p>To anyone with an interest in native encryption in ZFS please test the projects/zfs-crypto-merge-0820 branch in my freebsd repo: <a href="https://github.com/mattmacy/networking.git">https://github.com/mattmacy/networking.git</a></p>
42992 </blockquote>
42993 <p><code>git clone https://github.com/mattmacy/networking.git -b projects/zfs-crypto-merge-0820</code></p>
42994 <blockquote>
42995 <p>The UI is quite close to the Oracle Solaris ZFS crypto with minor differences for specifying key location.<br>
42996 Please note that once a feature is enabled on a pool it can’t be disabled. This means that if you enable encryption support on a pool you will never be able to import it in to a ZFS without encryption support. For this reason I would strongly advise against using this on any pool that can’t be easily replaced until this change has made its way in to HEAD after the freeze has been lifted.<br>
42997 By way of background the original ZoL commit can be found at:</p>
42998 </blockquote>
42999 <ul>
43000 <li><a href="https://github.com/zfsonlinux/zfs/pull/5769/commits/5aef9bedc801830264428c64cd2242d1b786fd49">https://github.com/zfsonlinux/zfs/pull/5769/commits/5aef9bedc801830264428c64cd2242d1b786fd49</a></li>
43001 </ul>
43002 <hr>
43003 <p>###<a href="https://www.ixsystems.com/blog/vmworld2018/">VMworld 2018: Showcasing Hybrid Cloud, Persistent Memory and the Asigra TrueNAS Backup Appliance</a></p>
43004 <blockquote>
43005 <p>During its last year in Las Vegas before moving back to San Francisco, VMworld was abuzz with all the popular buzzwords, but the key focus was on supporting a more agile approach to hybrid cloud.<br>
43006 Surveys of IT stakeholders and analysts agree that most businesses have multiple clouds spanning both public cloud providers and private data centers. While the exact numbers vary, well over half of businesses have a hybrid cloud strategy consisting of at least three different clouds.<br>
43007 This focus on hybrid cloud provided the perfect timing for our announcement that iXsystems and Asigra are partnering to deliver the Asigra TrueNAS Backup Appliance, which combines Asigra Cloud Backup software backed by TrueNAS storage. Asigra TrueNAS Backup Appliances provide a self-healing and ransomware-resistent OpenZFS backup repository in your private cloud. The appliance can simultaneously be used as general-purpose file, block, and object storage. How does this tie in with the hybrid cloud? The Asigra Cloud Backup software can backup data from public cloud repositories – G Suite, Office 365, Salesforce, etc. – as well as intelligently move backed-up data to the public cloud for long-term retention.<br>
43008 Another major theme at the technical sessions was persistent memory, as vSphere 6.7 added support for persistent memory – either as a storage tier or virtualized and presented to a guest OS. As detailed in our blog post from SNIA’s Persistent Memory Summit 2018, persistent memory is rapidly becoming mainstream. Persistent memory bridges the gap between memory and flash storage – providing near-memory latency storage that persists across reboots or power loss. vSphere allows both legacy and persistent memory-aware applications to leverage this ultra-fast storage tier. We were excited to show off our newly-introduced TrueNAS M-Series at VMworld, as all TrueNAS M40 and M50 models leverage NVDIMM persistent memory technology to provide a super-fast write cache, or SLOG, without any of the limitations of Flash technology.<br>
43009 The iXsystems booth’s theme was “Enterprise Storage, Open Source Economics”. iXsystems leverages the power of Open Source software, combined with our enterprise-class hardware and support, to provide incredibly low TCO storage for virtualization environments. Our TrueNAS unified storage and server offerings are an ideal solution for your organization’s private cloud infrastructure. Combined with VMware NSX Hybrid Connect – formerly known as VMware Hybrid Cloud Extension – you can seamlessly shift running systems into a public cloud environment for a true hybrid cloud solution.<br>
43010 Another special treat at this year’s booth was iXsystems Vice President of Engineering Kris Moore giving demos of an early version of “Project TrueView”, a single-pane of glass management solution for administration of multiple FreeNAS and TrueNAS systems. In addition to simplified administration and enhanced monitoring, Project TrueView will also provide Role-Based Access Control for finer-grained permissions management. A beta version of Project TrueView is expected to be available at the end of this year.<br>
43011 Overall, we had a great week at VMworld 2018 with lots of good conversations with customers, press, analysts, and future customers about TrueNAS, the Asigra TrueNAS Backup Appliance, iXsystems servers, Project TrueView, and more – our booth was more popular than ever!</p>
43012 </blockquote>
43013 <hr>
43014 <p>###<a href="https://blog.netbsd.org/tnf/entry/end_of_life_for_netbsd1">End of life for NetBSD 6.x</a></p>
43015 <blockquote>
43016 <p>In keeping with NetBSD’s policy of supporting only the latest (8.x) and next most recent (7.x) major branches, the recent release of NetBSD 8.0 marks the end of life for NetBSD 6.x. As in the past, a month of overlapping support has been provided in order to ease the migration to newer releases.</p>
43017 </blockquote>
43018 <ul>
43019 <li>
43020 <p>As of now, the following branches are no longer maintained:</p>
43021 </li>
43022 <li>
43023 <p>netbsd-6-1</p>
43024 </li>
43025 <li>
43026 <p>netbsd-6-0</p>
43027 </li>
43028 <li>
43029 <p>netbsd-6</p>
43030 </li>
43031 <li>
43032 <p>This means:</p>
43033 </li>
43034 <li>
43035 <p>There will be no more pullups to those branches (even for security issues)</p>
43036 </li>
43037 <li>
43038 <p>There will be no security advisories made for any those branches</p>
43039 </li>
43040 <li>
43041 <p>The existing 6.x releases on <a href="http://ftp.NetBSD.org">ftp.NetBSD.org</a> will be moved into /pub/NetBSD-archive/</p>
43042 </li>
43043 <li>
43044 <p>May NetBSD 8.0 serve you well! (And if it doesn’t, please submit a PR!)</p>
43045 </li>
43046 </ul>
43047 <hr>
43048 <p>##Beastie Bits</p>
43049 <ul>
43050 <li><a href="https://imgur.com/a/fkzTwYm">Blast from the past: OpenBSD 3.7 CD artwork</a></li>
43051 <li><a href="https://twitter.com/romanzolotarev/status/1030345831751270400">People are asking about scale of BSD projects. Let’s figure it out…</a></li>
43052 <li><a href="https://mwl.io/archives/3642">Tuesday, 21 August 18: me, on ed(1), at SemiBUG</a></li>
43053 <li><a href="https://undeadly.org/cgi?action=article;sid=20180813133939">arm64 gains RETGUARD</a></li>
43054 <li><a href="https://fosdem.org/2019/news/2018-08-10-call-for-participation/">Call for participation</a></li>
43055 <li><a href="https://github.com/FreeBSD-UPB/bhyvearm64-utils">FreeBSD-UPB/bhyvearm64-utils</a></li>
43056 </ul>
43057 <hr>
43058 <p>##Feedback/Questions</p>
43059 <ul>
43060 <li>Eric - <a href="http://dpaste.com/2GY2S6T#wrap">FreeNAS for Vacation</a></li>
43061 <li>Patrick - <a href="http://dpaste.com/347WCR3">Long Live Unix</a></li>
43062 <li>Jason - <a href="http://dpaste.com/1B7E8F5#wrap">Jason - Full MP3 Recordings</a></li>
43063 <li>Bostjan - <a href="http://dpaste.com/34AQNSE#wrap">Question about jails and kernel</a></li>
43064 </ul>
43065 <hr>
43066 <ul>
43067 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
43068 </ul>
43069 <hr>
43070 </description>
43071 <itunes:keywords>freebsd,openbsd,netbsd,dragonflybsd,trueos,trident,hardenedbsd,tutorial,howto,guide,bsd,interview,vmworld,spectre,asigra</itunes:keywords>
43072 <content:encoded>
43073 <![CDATA[<p>Mitigating Spectre/Meltdown on HP Proliant servers, omniOS installation setup, debugging a memory corruption issue on OpenBSD, CfT for OpenZFS native encryption, Asigra TrueNAS backup appliance shown at VMworld, NetBSD 6 EoL, and more.<br>
43074 <hr></p>
43075
43076 <p>##Headlines<br>
43077 ###<a href="https://www.adminbyaccident.com/freebsd/how-to-freebsd/how-to-mitigate-spectre-and-meltdown-on-an-hp-proliant-server-with-freebsd/">How to mitigate Spectre and Meltdown on an HP Proliant server with FreeBSD</a></p>
43078
43079 <blockquote>
43080 <p>As recently announced in a previous article I wanted to write a couple of guides on how to mitigate Spectre and Meltdown vulnerabilities in GNU/Linux and UNIX environments. It is always a good and I hope a standard practice to have your systems patched and if they aren’t for whatever the reason (that legacy thing you’re carrying on for ages) you may take the necessary extra steps to protect your environment. I never planned to do any article on patching anything. Nowadays it’s a no brainer and operating systems have provided the necessary tools for this to be easy and as smooth as possible. So why this article?<br>
43081 Spectre and Meltdown are both hardware vulnerabilities. Major ones. They are meaningful for several reasons among them the world wide impact since they affect Intel and AMD systems which are ubiquitous. And second because patching hardware is not as easy, for the manufacturer and for the users or administrators in charge of the systems. There is still no known exploit around left out in the open hitting servers or desktops anywhere. The question is not if it will ever happen. The question is when will it happen. And it may be sooner than later. This is why big companies, governments and people in charge of big deployments are patching or have already patched their systems. But have you done it to your system? I know you have a firewall. Have you thought about CVE-2018-3639? This particular one could make your browser being a vector to get into your system. So, no, there is no reason to skip this.<br>
43082 Patching these set of vulnerabilities implies some more steps and concerns than updating the operating system. If you are a regular Windows user I find rare you to be here and many of the things you will read may be foreign to you. I am not planning to do a guide on Windows systems since I believe someone else has or will do it and will do it better than me since I am not a pro Windows user. However there is one basic and common thing for all OS’s when dealing with Spectre and Meltdown and that is a microcode update is necessary for the OS patches to effectively work.<br>
43083 What is microcode? You can read the Wikipedia article but in short it is basically a layer of code that allows chip manufacturers to deal with modifications on the hardware they’ve produced and the operating systems that will manage that hardware. Since there’s been some issues (namely Spectre and Meltdown) Intel and AMD respectively have released a series of microcode updates to address those problems. First series did come with serious problems and some regressions, to the point GNU/Linux producers stopped releasing the microcode updates through their release channels for updates and placed the ball on Intel’s roof. Patching fast does always include risks, specially when dealing with hardware. OS vendors have resumed their microcode update releases so all seems to be fine now.<br>
43084 In order to update the microcode we’re faced with two options. Download the most recent BIOS release from our vendor, provided it patches the Spectre and Meltdown vulnerabilities, or patch it from the OS. If your hardware vendor has decided not to provide support on your hardware you are forced to use the latter solution. Yes, you can still keep your hardware. They usually come accompanied with a “release notes” file where there are some explanatory notes on what is fixed, what is new, etc. To make the search easy for you a news site collected the vendors list and linked the right support pages for anyone to look. In some scenarios it would be desirable not to replace the whole BIOS but just update the microcode from the OS side. In my case I should update an HP Proliant ML110 G7 box and the download link for that would be this.<br>
43085 Instead of using the full blown BIOS update path we’ll use the inner utilities to patch Spectre and Meltdown on FreeBSD. So let’s put our hands on it</p>
43086 </blockquote>
43087
43088 <ul>
43089 <li>See the article for the technical breakdown</li>
43090 </ul>
43091
43092 <p><hr></p>
43093
43094 <p>###<a href="https://eerielinux.wordpress.com/2018/08/25/a-look-beyond-the-bsd-teacup-omnios-installation/">A look beyond the BSD teacup: OmniOS installation</a></p>
43095
43096 <blockquote>
43097 <p>Five years ago I wrote a post about taking a look beyond the Linux teacup. I was an Arch Linux user back then and since there were projects like ArchBSD (called PacBSD today) and Arch Hurd, I decided to take a look at and write about them. Things have changed. Today I’m a happy FreeBSD user, but it’s time again to take a look beyond the teacup of operating systems that I’m familiar with.</p>
43098 </blockquote>
43099
43100 <ul>
43101 <li>Why Illumos / OmniOS?</li>
43102 </ul>
43103
43104 <blockquote>
43105 <p>There are a couple of reasons. The Solaris derivatives are the other big community in the *nix family besides Linux and the BSDs and we hadn’t met so far. Working with ZFS on FreeBSD, I now and then I read messages that contain a reference to Illumos which certainly helps to keep up the awareness. Of course there has also been a bit of curiosity – what might the OS be like that grew ZFS?<br>
43106 Also the Ravenports project that I participate in planned to support Solaris/Illumos right from the beginning. I wanted to at least be somewhat “prepared” when support for that platform would finally land. So I did a little research on the various derivatives available and settled on the one that I had heard a talk about at last year’s conference of the German Unix Users Group: “OmniOS – Solaris for the Rest of Us”. I would have chosen SmartOS as I admire what Bryan Cantrill does but for getting to know Illumos I prefer a traditional installation over a run-from-RAM system.<br>
43107 Of course FreeBSD is not run by corporations, especially when compared to the state of Linux. And when it comes to sponsoring, OpenBSD also takes the money… When it comes to FreeBSD developers, there’s probably some truth to the claim that some of them are using macOS as their desktop systems while OpenBSD devs are more likely to develop on their OS of choice. But then there’s the statement that “every innovation in the past decade comes from Solaris”. Bhyve alone proves this wrong. But let’s be honest: Two of the major technologies that make FreeBSD a great platform today – ZFS and DTrace – actually do come from Solaris. PAM originates there and a more modern way of managing services as well. Also you hear good things about their zones and a lot of small utilities in general.<br>
43108 In the end it was a lack of time that made me cheat and go down the easiest road: Create a Vagrantfile and just pull a VM image of the net that someone else had prepared… This worked to just make sure that the Raven packages work on OmniOS. I was determined to return, though – someday. You know how things go: “someday” is a pretty common alias for “probably never, actually.”<br>
43109 But then I heard about a forum post on the BSDNow! podcast. The title “Initial OmniOS impressions by a BSD user” caught my attention. I read that it was written by somebody who had used FreeBSD for years but loathed the new Code of Conduct enough to leave. I also oppose the Conduct and have made that pretty clear in my February post [ ! -z ${COC} ] && exit 1. As stated there, I have stayed with my favorite OS and continue to advocate it. I decided to stop reading the post and try things out on my own instead. Now I’ve finally found the time to do so.</p>
43110 </blockquote>
43111
43112 <ul>
43113 <li>What’s next?</li>
43114 </ul>
43115
43116 <blockquote>
43117 <p>That’s it for part one. In part two I’ll try to make the system useful. So far I have run into a problem that I haven’t been able to solve. But I have some time now to figure things out for the next post. Let’s see if I manage to get it working or if I have to report failure!</p>
43118 </blockquote>
43119
43120 <p><hr></p>
43121
43122 <p>###<a href="https://wiki.freebsd.org/Memory">What are all these types of memory in top(1)?</a></p>
43123
43124 <ul>
43125 <li>Earlier this week I convinced Mark Johnston, one of the FreeBSD VM experts to update a page on the FreeBSD wiki that I saw was being referenced on stackoverflow and similar sites</li>
43126 <li>Mark updated the explanations to be more correct, and to include more technical detail for inquiring minds</li>
43127 <li>He also added the new type that appeared in FreeBSD somewhat recently</li>
43128 </ul>
43129
43130 <blockquote>
43131 <p>Active - Contains memory “actively” (recently) being used by applications<br>
43132 Inactive - Contains memory that has not been touched recently, or was released from the Buffer Cache<br>
43133 Laundry - Contains memory that Inactive but still potentially contains useful data that needs to be stored before this memory can be used again<br>
43134 Wired - Memory that cannot be swapped out, including the kernel, network stack, and the ZFS ARC<br>
43135 Buf - Buffer Cache, used my UFS and most filesystems except ZFS (which uses the ARC)<br>
43136 Free - Memory that is immediately available for use by the rest of the system</p>
43137 </blockquote>
43138
43139 <p><hr></p>
43140
43141 <p>##News Roundup<br>
43142 ###<a href="https://nanxiao.me/en/openbsd-saves-me-again-debug-a-memory-corruption-issue/">OpenBSD saves me again! — Debug a memory corruption issue</a></p>
43143
43144 <blockquote>
43145 <p>Yesterday, I came across a third-part library issue, which crashes at allocating memory:</p>
43146 </blockquote>
43147
43148 <p><code>Program terminated with signal SIGSEGV, Segmentation fault.</code><br>
43149 <code>#0 0x00007f594a5a9b6b in _int_malloc () from /usr/lib/libc.so.6</code><br>
43150 <code>(gdb) bt</code><br>
43151 <code>#0 0x00007f594a5a9b6b in _int_malloc () from /usr/lib/libc.so.6</code><br>
43152 <code>#1 0x00007f594a5ab503 in malloc () from /usr/lib/libc.so.6</code><br>
43153 <code>#2 0x00007f594b13f159 in operator new (sz=5767168) at /build/gcc/src/gcc/libstdc++-v3/libsupc++/new_op.cc:50</code></p>
43154
43155 <blockquote>
43156 <p>It is obvious that the memory tags are corrupted, but who is the murder? Since the library involves a lot of maths computation, it is not an easy task to grasp the code quickly. So I need to find another way:<br>
43157 (1) Open all warnings during compilation: -Wall. Nothing found.<br>
43158 (2) Use valgrind, but unfortunately, valgrind crashes itself:</p>
43159 </blockquote>
43160
43161 <p><code>valgrind: the 'impossible' happened:</code><br>
43162 <code>Killed by fatal signal</code><br>
43163 <code></code><br>
43164 <code>host stacktrace:</code><br>
43165 <code>==43326== at 0x58053139: get_bszB_as_is (m_mallocfree.c:303)</code><br>
43166 <code>==43326== by 0x58053139: get_bszB (m_mallocfree.c:315)</code><br>
43167 <code>==43326== by 0x58053139: vgPlain_arena_malloc (m_mallocfree.c:1799)</code><br>
43168 <code>==43326== by 0x5800BA84: vgMemCheck_new_block (mc_malloc_wrappers.c:372)</code><br>
43169 <code>==43326== by 0x5800BD39: vgMemCheck___builtin_vec_new (mc_malloc_wrappers.c:427)</code><br>
43170 <code>==43326== by 0x5809F785: do_client_request (scheduler.c:1866)</code><br>
43171 <code>==43326== by 0x5809F785: vgPlain_scheduler (scheduler.c:1433)</code><br>
43172 <code>==43326== by 0x580AED50: thread_wrapper (syswrap-linux.c:103)</code><br>
43173 <code>==43326== by 0x580AED50: run_a_thread_NORETURN (syswrap-linux.c:156)</code><br>
43174 <code></code><br>
43175 <code>sched status:</code><br>
43176 <code>running_tid=1</code></p>
43177
43178 <blockquote>
43179 <p>(3) Change compiler, use clang instead of gcc, and hope it can give me some clues. Still no effect.<br>
43180 (4) Switch Operating System from Linux to OpenBSD, the program crashes again. But this time, it tells me where the memory corruption occurs:</p>
43181 </blockquote>
43182
43183 <p><code>Program terminated with signal SIGSEGV, Segmentation fault.</code><br>
43184 <code>#0 0x000014b07f01e52d in addMod (r=<error reading variable>, a=4693443247995522, b=28622907746665631,</code></p>
43185
43186 <blockquote>
43187 <p>I figure out the issue quickly, and not bother to understand the whole code. OpenBSD saves me again, thanks!</p>
43188 </blockquote>
43189
43190 <p><hr></p>
43191
43192 <p>###<a href="https://lists.freebsd.org/pipermail/freebsd-current/2018-August/070832.html">Native Encryption for ZFS on FreeBSD (Call for Testing)</a></p>
43193
43194 <blockquote>
43195 <p>To anyone with an interest in native encryption in ZFS please test the projects/zfs-crypto-merge-0820 branch in my freebsd repo: <a href="https://github.com/mattmacy/networking.git">https://github.com/mattmacy/networking.git</a></p>
43196 </blockquote>
43197
43198 <p><code>git clone https://github.com/mattmacy/networking.git -b projects/zfs-crypto-merge-0820</code></p>
43199
43200 <blockquote>
43201 <p>The UI is quite close to the Oracle Solaris ZFS crypto with minor differences for specifying key location.<br>
43202 Please note that once a feature is enabled on a pool it can’t be disabled. This means that if you enable encryption support on a pool you will never be able to import it in to a ZFS without encryption support. For this reason I would strongly advise against using this on any pool that can’t be easily replaced until this change has made its way in to HEAD after the freeze has been lifted.<br>
43203 By way of background the original ZoL commit can be found at:</p>
43204 </blockquote>
43205
43206 <ul>
43207 <li><a href="https://github.com/zfsonlinux/zfs/pull/5769/commits/5aef9bedc801830264428c64cd2242d1b786fd49">https://github.com/zfsonlinux/zfs/pull/5769/commits/5aef9bedc801830264428c64cd2242d1b786fd49</a></li>
43208 </ul>
43209
43210 <p><hr></p>
43211
43212 <p>###<a href="https://www.ixsystems.com/blog/vmworld2018/">VMworld 2018: Showcasing Hybrid Cloud, Persistent Memory and the Asigra TrueNAS Backup Appliance</a></p>
43213
43214 <blockquote>
43215 <p>During its last year in Las Vegas before moving back to San Francisco, VMworld was abuzz with all the popular buzzwords, but the key focus was on supporting a more agile approach to hybrid cloud.<br>
43216 Surveys of IT stakeholders and analysts agree that most businesses have multiple clouds spanning both public cloud providers and private data centers. While the exact numbers vary, well over half of businesses have a hybrid cloud strategy consisting of at least three different clouds.<br>
43217 This focus on hybrid cloud provided the perfect timing for our announcement that iXsystems and Asigra are partnering to deliver the Asigra TrueNAS Backup Appliance, which combines Asigra Cloud Backup software backed by TrueNAS storage. Asigra TrueNAS Backup Appliances provide a self-healing and ransomware-resistent OpenZFS backup repository in your private cloud. The appliance can simultaneously be used as general-purpose file, block, and object storage. How does this tie in with the hybrid cloud? The Asigra Cloud Backup software can backup data from public cloud repositories – G Suite, Office 365, Salesforce, etc. – as well as intelligently move backed-up data to the public cloud for long-term retention.<br>
43218 Another major theme at the technical sessions was persistent memory, as vSphere 6.7 added support for persistent memory – either as a storage tier or virtualized and presented to a guest OS. As detailed in our blog post from SNIA’s Persistent Memory Summit 2018, persistent memory is rapidly becoming mainstream. Persistent memory bridges the gap between memory and flash storage – providing near-memory latency storage that persists across reboots or power loss. vSphere allows both legacy and persistent memory-aware applications to leverage this ultra-fast storage tier. We were excited to show off our newly-introduced TrueNAS M-Series at VMworld, as all TrueNAS M40 and M50 models leverage NVDIMM persistent memory technology to provide a super-fast write cache, or SLOG, without any of the limitations of Flash technology.<br>
43219 The iXsystems booth’s theme was “Enterprise Storage, Open Source Economics”. iXsystems leverages the power of Open Source software, combined with our enterprise-class hardware and support, to provide incredibly low TCO storage for virtualization environments. Our TrueNAS unified storage and server offerings are an ideal solution for your organization’s private cloud infrastructure. Combined with VMware NSX Hybrid Connect – formerly known as VMware Hybrid Cloud Extension – you can seamlessly shift running systems into a public cloud environment for a true hybrid cloud solution.<br>
43220 Another special treat at this year’s booth was iXsystems Vice President of Engineering Kris Moore giving demos of an early version of “Project TrueView”, a single-pane of glass management solution for administration of multiple FreeNAS and TrueNAS systems. In addition to simplified administration and enhanced monitoring, Project TrueView will also provide Role-Based Access Control for finer-grained permissions management. A beta version of Project TrueView is expected to be available at the end of this year.<br>
43221 Overall, we had a great week at VMworld 2018 with lots of good conversations with customers, press, analysts, and future customers about TrueNAS, the Asigra TrueNAS Backup Appliance, iXsystems servers, Project TrueView, and more – our booth was more popular than ever!</p>
43222 </blockquote>
43223
43224 <p><hr></p>
43225
43226 <p>###<a href="https://blog.netbsd.org/tnf/entry/end_of_life_for_netbsd1">End of life for NetBSD 6.x</a></p>
43227
43228 <blockquote>
43229 <p>In keeping with NetBSD’s policy of supporting only the latest (8.x) and next most recent (7.x) major branches, the recent release of NetBSD 8.0 marks the end of life for NetBSD 6.x. As in the past, a month of overlapping support has been provided in order to ease the migration to newer releases.</p>
43230 </blockquote>
43231
43232 <ul>
43233 <li>
43234 <p>As of now, the following branches are no longer maintained:</p>
43235 </li>
43236 <li>
43237 <p>netbsd-6-1</p>
43238 </li>
43239 <li>
43240 <p>netbsd-6-0</p>
43241 </li>
43242 <li>
43243 <p>netbsd-6</p>
43244 </li>
43245 <li>
43246 <p>This means:</p>
43247 </li>
43248 <li>
43249 <p>There will be no more pullups to those branches (even for security issues)</p>
43250 </li>
43251 <li>
43252 <p>There will be no security advisories made for any those branches</p>
43253 </li>
43254 <li>
43255 <p>The existing 6.x releases on <a href="http://ftp.NetBSD.org">ftp.NetBSD.org</a> will be moved into /pub/NetBSD-archive/</p>
43256 </li>
43257 <li>
43258 <p>May NetBSD 8.0 serve you well! (And if it doesn’t, please submit a PR!)</p>
43259 </li>
43260 </ul>
43261
43262 <p><hr></p>
43263
43264 <p>##Beastie Bits</p>
43265
43266 <ul>
43267 <li><a href="https://imgur.com/a/fkzTwYm">Blast from the past: OpenBSD 3.7 CD artwork</a></li>
43268 <li><a href="https://twitter.com/romanzolotarev/status/1030345831751270400">People are asking about scale of BSD projects. Let’s figure it out…</a></li>
43269 <li><a href="https://mwl.io/archives/3642">Tuesday, 21 August 18: me, on ed(1), at SemiBUG</a></li>
43270 <li><a href="https://undeadly.org/cgi?action=article;sid=20180813133939">arm64 gains RETGUARD</a></li>
43271 <li><a href="https://fosdem.org/2019/news/2018-08-10-call-for-participation/">Call for participation</a></li>
43272 <li><a href="https://github.com/FreeBSD-UPB/bhyvearm64-utils">FreeBSD-UPB/bhyvearm64-utils</a></li>
43273 </ul>
43274
43275 <p><hr></p>
43276
43277 <p>##Feedback/Questions</p>
43278
43279 <ul>
43280 <li>Eric - <a href="http://dpaste.com/2GY2S6T#wrap">FreeNAS for Vacation</a></li>
43281 <li>Patrick - <a href="http://dpaste.com/347WCR3">Long Live Unix</a></li>
43282 <li>Jason - <a href="http://dpaste.com/1B7E8F5#wrap">Jason - Full MP3 Recordings</a></li>
43283 <li>Bostjan - <a href="http://dpaste.com/34AQNSE#wrap">Question about jails and kernel</a></li>
43284 </ul>
43285
43286 <p><hr></p>
43287
43288 <ul>
43289 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
43290 </ul>
43291
43292 <p><hr></p>]]>
43293 </content:encoded>
43294 <itunes:summary>
43295 <![CDATA[<p>Mitigating Spectre/Meltdown on HP Proliant servers, omniOS installation setup, debugging a memory corruption issue on OpenBSD, CfT for OpenZFS native encryption, Asigra TrueNAS backup appliance shown at VMworld, NetBSD 6 EoL, and more.<br>
43296 <hr></p>
43297
43298 <p>##Headlines<br>
43299 ###<a href="https://www.adminbyaccident.com/freebsd/how-to-freebsd/how-to-mitigate-spectre-and-meltdown-on-an-hp-proliant-server-with-freebsd/">How to mitigate Spectre and Meltdown on an HP Proliant server with FreeBSD</a></p>
43300
43301 <blockquote>
43302 <p>As recently announced in a previous article I wanted to write a couple of guides on how to mitigate Spectre and Meltdown vulnerabilities in GNU/Linux and UNIX environments. It is always a good and I hope a standard practice to have your systems patched and if they aren’t for whatever the reason (that legacy thing you’re carrying on for ages) you may take the necessary extra steps to protect your environment. I never planned to do any article on patching anything. Nowadays it’s a no brainer and operating systems have provided the necessary tools for this to be easy and as smooth as possible. So why this article?<br>
43303 Spectre and Meltdown are both hardware vulnerabilities. Major ones. They are meaningful for several reasons among them the world wide impact since they affect Intel and AMD systems which are ubiquitous. And second because patching hardware is not as easy, for the manufacturer and for the users or administrators in charge of the systems. There is still no known exploit around left out in the open hitting servers or desktops anywhere. The question is not if it will ever happen. The question is when will it happen. And it may be sooner than later. This is why big companies, governments and people in charge of big deployments are patching or have already patched their systems. But have you done it to your system? I know you have a firewall. Have you thought about CVE-2018-3639? This particular one could make your browser being a vector to get into your system. So, no, there is no reason to skip this.<br>
43304 Patching these set of vulnerabilities implies some more steps and concerns than updating the operating system. If you are a regular Windows user I find rare you to be here and many of the things you will read may be foreign to you. I am not planning to do a guide on Windows systems since I believe someone else has or will do it and will do it better than me since I am not a pro Windows user. However there is one basic and common thing for all OS’s when dealing with Spectre and Meltdown and that is a microcode update is necessary for the OS patches to effectively work.<br>
43305 What is microcode? You can read the Wikipedia article but in short it is basically a layer of code that allows chip manufacturers to deal with modifications on the hardware they’ve produced and the operating systems that will manage that hardware. Since there’s been some issues (namely Spectre and Meltdown) Intel and AMD respectively have released a series of microcode updates to address those problems. First series did come with serious problems and some regressions, to the point GNU/Linux producers stopped releasing the microcode updates through their release channels for updates and placed the ball on Intel’s roof. Patching fast does always include risks, specially when dealing with hardware. OS vendors have resumed their microcode update releases so all seems to be fine now.<br>
43306 In order to update the microcode we’re faced with two options. Download the most recent BIOS release from our vendor, provided it patches the Spectre and Meltdown vulnerabilities, or patch it from the OS. If your hardware vendor has decided not to provide support on your hardware you are forced to use the latter solution. Yes, you can still keep your hardware. They usually come accompanied with a “release notes” file where there are some explanatory notes on what is fixed, what is new, etc. To make the search easy for you a news site collected the vendors list and linked the right support pages for anyone to look. In some scenarios it would be desirable not to replace the whole BIOS but just update the microcode from the OS side. In my case I should update an HP Proliant ML110 G7 box and the download link for that would be this.<br>
43307 Instead of using the full blown BIOS update path we’ll use the inner utilities to patch Spectre and Meltdown on FreeBSD. So let’s put our hands on it</p>
43308 </blockquote>
43309
43310 <ul>
43311 <li>See the article for the technical breakdown</li>
43312 </ul>
43313
43314 <p><hr></p>
43315
43316 <p>###<a href="https://eerielinux.wordpress.com/2018/08/25/a-look-beyond-the-bsd-teacup-omnios-installation/">A look beyond the BSD teacup: OmniOS installation</a></p>
43317
43318 <blockquote>
43319 <p>Five years ago I wrote a post about taking a look beyond the Linux teacup. I was an Arch Linux user back then and since there were projects like ArchBSD (called PacBSD today) and Arch Hurd, I decided to take a look at and write about them. Things have changed. Today I’m a happy FreeBSD user, but it’s time again to take a look beyond the teacup of operating systems that I’m familiar with.</p>
43320 </blockquote>
43321
43322 <ul>
43323 <li>Why Illumos / OmniOS?</li>
43324 </ul>
43325
43326 <blockquote>
43327 <p>There are a couple of reasons. The Solaris derivatives are the other big community in the *nix family besides Linux and the BSDs and we hadn’t met so far. Working with ZFS on FreeBSD, I now and then I read messages that contain a reference to Illumos which certainly helps to keep up the awareness. Of course there has also been a bit of curiosity – what might the OS be like that grew ZFS?<br>
43328 Also the Ravenports project that I participate in planned to support Solaris/Illumos right from the beginning. I wanted to at least be somewhat “prepared” when support for that platform would finally land. So I did a little research on the various derivatives available and settled on the one that I had heard a talk about at last year’s conference of the German Unix Users Group: “OmniOS – Solaris for the Rest of Us”. I would have chosen SmartOS as I admire what Bryan Cantrill does but for getting to know Illumos I prefer a traditional installation over a run-from-RAM system.<br>
43329 Of course FreeBSD is not run by corporations, especially when compared to the state of Linux. And when it comes to sponsoring, OpenBSD also takes the money… When it comes to FreeBSD developers, there’s probably some truth to the claim that some of them are using macOS as their desktop systems while OpenBSD devs are more likely to develop on their OS of choice. But then there’s the statement that “every innovation in the past decade comes from Solaris”. Bhyve alone proves this wrong. But let’s be honest: Two of the major technologies that make FreeBSD a great platform today – ZFS and DTrace – actually do come from Solaris. PAM originates there and a more modern way of managing services as well. Also you hear good things about their zones and a lot of small utilities in general.<br>
43330 In the end it was a lack of time that made me cheat and go down the easiest road: Create a Vagrantfile and just pull a VM image of the net that someone else had prepared… This worked to just make sure that the Raven packages work on OmniOS. I was determined to return, though – someday. You know how things go: “someday” is a pretty common alias for “probably never, actually.”<br>
43331 But then I heard about a forum post on the BSDNow! podcast. The title “Initial OmniOS impressions by a BSD user” caught my attention. I read that it was written by somebody who had used FreeBSD for years but loathed the new Code of Conduct enough to leave. I also oppose the Conduct and have made that pretty clear in my February post [ ! -z ${COC} ] && exit 1. As stated there, I have stayed with my favorite OS and continue to advocate it. I decided to stop reading the post and try things out on my own instead. Now I’ve finally found the time to do so.</p>
43332 </blockquote>
43333
43334 <ul>
43335 <li>What’s next?</li>
43336 </ul>
43337
43338 <blockquote>
43339 <p>That’s it for part one. In part two I’ll try to make the system useful. So far I have run into a problem that I haven’t been able to solve. But I have some time now to figure things out for the next post. Let’s see if I manage to get it working or if I have to report failure!</p>
43340 </blockquote>
43341
43342 <p><hr></p>
43343
43344 <p>###<a href="https://wiki.freebsd.org/Memory">What are all these types of memory in top(1)?</a></p>
43345
43346 <ul>
43347 <li>Earlier this week I convinced Mark Johnston, one of the FreeBSD VM experts to update a page on the FreeBSD wiki that I saw was being referenced on stackoverflow and similar sites</li>
43348 <li>Mark updated the explanations to be more correct, and to include more technical detail for inquiring minds</li>
43349 <li>He also added the new type that appeared in FreeBSD somewhat recently</li>
43350 </ul>
43351
43352 <blockquote>
43353 <p>Active - Contains memory “actively” (recently) being used by applications<br>
43354 Inactive - Contains memory that has not been touched recently, or was released from the Buffer Cache<br>
43355 Laundry - Contains memory that Inactive but still potentially contains useful data that needs to be stored before this memory can be used again<br>
43356 Wired - Memory that cannot be swapped out, including the kernel, network stack, and the ZFS ARC<br>
43357 Buf - Buffer Cache, used my UFS and most filesystems except ZFS (which uses the ARC)<br>
43358 Free - Memory that is immediately available for use by the rest of the system</p>
43359 </blockquote>
43360
43361 <p><hr></p>
43362
43363 <p>##News Roundup<br>
43364 ###<a href="https://nanxiao.me/en/openbsd-saves-me-again-debug-a-memory-corruption-issue/">OpenBSD saves me again! — Debug a memory corruption issue</a></p>
43365
43366 <blockquote>
43367 <p>Yesterday, I came across a third-part library issue, which crashes at allocating memory:</p>
43368 </blockquote>
43369
43370 <p><code>Program terminated with signal SIGSEGV, Segmentation fault.</code><br>
43371 <code>#0 0x00007f594a5a9b6b in _int_malloc () from /usr/lib/libc.so.6</code><br>
43372 <code>(gdb) bt</code><br>
43373 <code>#0 0x00007f594a5a9b6b in _int_malloc () from /usr/lib/libc.so.6</code><br>
43374 <code>#1 0x00007f594a5ab503 in malloc () from /usr/lib/libc.so.6</code><br>
43375 <code>#2 0x00007f594b13f159 in operator new (sz=5767168) at /build/gcc/src/gcc/libstdc++-v3/libsupc++/new_op.cc:50</code></p>
43376
43377 <blockquote>
43378 <p>It is obvious that the memory tags are corrupted, but who is the murder? Since the library involves a lot of maths computation, it is not an easy task to grasp the code quickly. So I need to find another way:<br>
43379 (1) Open all warnings during compilation: -Wall. Nothing found.<br>
43380 (2) Use valgrind, but unfortunately, valgrind crashes itself:</p>
43381 </blockquote>
43382
43383 <p><code>valgrind: the 'impossible' happened:</code><br>
43384 <code>Killed by fatal signal</code><br>
43385 <code></code><br>
43386 <code>host stacktrace:</code><br>
43387 <code>==43326== at 0x58053139: get_bszB_as_is (m_mallocfree.c:303)</code><br>
43388 <code>==43326== by 0x58053139: get_bszB (m_mallocfree.c:315)</code><br>
43389 <code>==43326== by 0x58053139: vgPlain_arena_malloc (m_mallocfree.c:1799)</code><br>
43390 <code>==43326== by 0x5800BA84: vgMemCheck_new_block (mc_malloc_wrappers.c:372)</code><br>
43391 <code>==43326== by 0x5800BD39: vgMemCheck___builtin_vec_new (mc_malloc_wrappers.c:427)</code><br>
43392 <code>==43326== by 0x5809F785: do_client_request (scheduler.c:1866)</code><br>
43393 <code>==43326== by 0x5809F785: vgPlain_scheduler (scheduler.c:1433)</code><br>
43394 <code>==43326== by 0x580AED50: thread_wrapper (syswrap-linux.c:103)</code><br>
43395 <code>==43326== by 0x580AED50: run_a_thread_NORETURN (syswrap-linux.c:156)</code><br>
43396 <code></code><br>
43397 <code>sched status:</code><br>
43398 <code>running_tid=1</code></p>
43399
43400 <blockquote>
43401 <p>(3) Change compiler, use clang instead of gcc, and hope it can give me some clues. Still no effect.<br>
43402 (4) Switch Operating System from Linux to OpenBSD, the program crashes again. But this time, it tells me where the memory corruption occurs:</p>
43403 </blockquote>
43404
43405 <p><code>Program terminated with signal SIGSEGV, Segmentation fault.</code><br>
43406 <code>#0 0x000014b07f01e52d in addMod (r=<error reading variable>, a=4693443247995522, b=28622907746665631,</code></p>
43407
43408 <blockquote>
43409 <p>I figure out the issue quickly, and not bother to understand the whole code. OpenBSD saves me again, thanks!</p>
43410 </blockquote>
43411
43412 <p><hr></p>
43413
43414 <p>###<a href="https://lists.freebsd.org/pipermail/freebsd-current/2018-August/070832.html">Native Encryption for ZFS on FreeBSD (Call for Testing)</a></p>
43415
43416 <blockquote>
43417 <p>To anyone with an interest in native encryption in ZFS please test the projects/zfs-crypto-merge-0820 branch in my freebsd repo: <a href="https://github.com/mattmacy/networking.git">https://github.com/mattmacy/networking.git</a></p>
43418 </blockquote>
43419
43420 <p><code>git clone https://github.com/mattmacy/networking.git -b projects/zfs-crypto-merge-0820</code></p>
43421
43422 <blockquote>
43423 <p>The UI is quite close to the Oracle Solaris ZFS crypto with minor differences for specifying key location.<br>
43424 Please note that once a feature is enabled on a pool it can’t be disabled. This means that if you enable encryption support on a pool you will never be able to import it in to a ZFS without encryption support. For this reason I would strongly advise against using this on any pool that can’t be easily replaced until this change has made its way in to HEAD after the freeze has been lifted.<br>
43425 By way of background the original ZoL commit can be found at:</p>
43426 </blockquote>
43427
43428 <ul>
43429 <li><a href="https://github.com/zfsonlinux/zfs/pull/5769/commits/5aef9bedc801830264428c64cd2242d1b786fd49">https://github.com/zfsonlinux/zfs/pull/5769/commits/5aef9bedc801830264428c64cd2242d1b786fd49</a></li>
43430 </ul>
43431
43432 <p><hr></p>
43433
43434 <p>###<a href="https://www.ixsystems.com/blog/vmworld2018/">VMworld 2018: Showcasing Hybrid Cloud, Persistent Memory and the Asigra TrueNAS Backup Appliance</a></p>
43435
43436 <blockquote>
43437 <p>During its last year in Las Vegas before moving back to San Francisco, VMworld was abuzz with all the popular buzzwords, but the key focus was on supporting a more agile approach to hybrid cloud.<br>
43438 Surveys of IT stakeholders and analysts agree that most businesses have multiple clouds spanning both public cloud providers and private data centers. While the exact numbers vary, well over half of businesses have a hybrid cloud strategy consisting of at least three different clouds.<br>
43439 This focus on hybrid cloud provided the perfect timing for our announcement that iXsystems and Asigra are partnering to deliver the Asigra TrueNAS Backup Appliance, which combines Asigra Cloud Backup software backed by TrueNAS storage. Asigra TrueNAS Backup Appliances provide a self-healing and ransomware-resistent OpenZFS backup repository in your private cloud. The appliance can simultaneously be used as general-purpose file, block, and object storage. How does this tie in with the hybrid cloud? The Asigra Cloud Backup software can backup data from public cloud repositories – G Suite, Office 365, Salesforce, etc. – as well as intelligently move backed-up data to the public cloud for long-term retention.<br>
43440 Another major theme at the technical sessions was persistent memory, as vSphere 6.7 added support for persistent memory – either as a storage tier or virtualized and presented to a guest OS. As detailed in our blog post from SNIA’s Persistent Memory Summit 2018, persistent memory is rapidly becoming mainstream. Persistent memory bridges the gap between memory and flash storage – providing near-memory latency storage that persists across reboots or power loss. vSphere allows both legacy and persistent memory-aware applications to leverage this ultra-fast storage tier. We were excited to show off our newly-introduced TrueNAS M-Series at VMworld, as all TrueNAS M40 and M50 models leverage NVDIMM persistent memory technology to provide a super-fast write cache, or SLOG, without any of the limitations of Flash technology.<br>
43441 The iXsystems booth’s theme was “Enterprise Storage, Open Source Economics”. iXsystems leverages the power of Open Source software, combined with our enterprise-class hardware and support, to provide incredibly low TCO storage for virtualization environments. Our TrueNAS unified storage and server offerings are an ideal solution for your organization’s private cloud infrastructure. Combined with VMware NSX Hybrid Connect – formerly known as VMware Hybrid Cloud Extension – you can seamlessly shift running systems into a public cloud environment for a true hybrid cloud solution.<br>
43442 Another special treat at this year’s booth was iXsystems Vice President of Engineering Kris Moore giving demos of an early version of “Project TrueView”, a single-pane of glass management solution for administration of multiple FreeNAS and TrueNAS systems. In addition to simplified administration and enhanced monitoring, Project TrueView will also provide Role-Based Access Control for finer-grained permissions management. A beta version of Project TrueView is expected to be available at the end of this year.<br>
43443 Overall, we had a great week at VMworld 2018 with lots of good conversations with customers, press, analysts, and future customers about TrueNAS, the Asigra TrueNAS Backup Appliance, iXsystems servers, Project TrueView, and more – our booth was more popular than ever!</p>
43444 </blockquote>
43445
43446 <p><hr></p>
43447
43448 <p>###<a href="https://blog.netbsd.org/tnf/entry/end_of_life_for_netbsd1">End of life for NetBSD 6.x</a></p>
43449
43450 <blockquote>
43451 <p>In keeping with NetBSD’s policy of supporting only the latest (8.x) and next most recent (7.x) major branches, the recent release of NetBSD 8.0 marks the end of life for NetBSD 6.x. As in the past, a month of overlapping support has been provided in order to ease the migration to newer releases.</p>
43452 </blockquote>
43453
43454 <ul>
43455 <li>
43456 <p>As of now, the following branches are no longer maintained:</p>
43457 </li>
43458 <li>
43459 <p>netbsd-6-1</p>
43460 </li>
43461 <li>
43462 <p>netbsd-6-0</p>
43463 </li>
43464 <li>
43465 <p>netbsd-6</p>
43466 </li>
43467 <li>
43468 <p>This means:</p>
43469 </li>
43470 <li>
43471 <p>There will be no more pullups to those branches (even for security issues)</p>
43472 </li>
43473 <li>
43474 <p>There will be no security advisories made for any those branches</p>
43475 </li>
43476 <li>
43477 <p>The existing 6.x releases on <a href="http://ftp.NetBSD.org">ftp.NetBSD.org</a> will be moved into /pub/NetBSD-archive/</p>
43478 </li>
43479 <li>
43480 <p>May NetBSD 8.0 serve you well! (And if it doesn’t, please submit a PR!)</p>
43481 </li>
43482 </ul>
43483
43484 <p><hr></p>
43485
43486 <p>##Beastie Bits</p>
43487
43488 <ul>
43489 <li><a href="https://imgur.com/a/fkzTwYm">Blast from the past: OpenBSD 3.7 CD artwork</a></li>
43490 <li><a href="https://twitter.com/romanzolotarev/status/1030345831751270400">People are asking about scale of BSD projects. Let’s figure it out…</a></li>
43491 <li><a href="https://mwl.io/archives/3642">Tuesday, 21 August 18: me, on ed(1), at SemiBUG</a></li>
43492 <li><a href="https://undeadly.org/cgi?action=article;sid=20180813133939">arm64 gains RETGUARD</a></li>
43493 <li><a href="https://fosdem.org/2019/news/2018-08-10-call-for-participation/">Call for participation</a></li>
43494 <li><a href="https://github.com/FreeBSD-UPB/bhyvearm64-utils">FreeBSD-UPB/bhyvearm64-utils</a></li>
43495 </ul>
43496
43497 <p><hr></p>
43498
43499 <p>##Feedback/Questions</p>
43500
43501 <ul>
43502 <li>Eric - <a href="http://dpaste.com/2GY2S6T#wrap">FreeNAS for Vacation</a></li>
43503 <li>Patrick - <a href="http://dpaste.com/347WCR3">Long Live Unix</a></li>
43504 <li>Jason - <a href="http://dpaste.com/1B7E8F5#wrap">Jason - Full MP3 Recordings</a></li>
43505 <li>Bostjan - <a href="http://dpaste.com/34AQNSE#wrap">Question about jails and kernel</a></li>
43506 </ul>
43507
43508 <p><hr></p>
43509
43510 <ul>
43511 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
43512 </ul>
43513
43514 <p><hr></p>]]>
43515 </itunes:summary>
43516 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+L-HizJqO</fireside:playerURL>
43517 <fireside:playerEmbedCode>
43518 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+L-HizJqO" width="740" height="200" frameborder="0" scrolling="no">]]>
43519 </fireside:playerEmbedCode>
43520 </item>
43521 <item>
43522 <title>Episode 262: OpenBSD Surfacing | BSD Now 262</title>
43523 <link>https://www.bsdnow.tv/262</link>
43524 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-2521</guid>
43525 <pubDate>Thu, 06 Sep 2018 02:00:00 -0700</pubDate>
43526 <author>Allan Jude</author>
43527 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/6aa244ea-c5e6-4c69-b8a9-aac9c652d4e1.mp3" length="44187309" type="audio/mp3"/>
43528 <itunes:episodeType>full</itunes:episodeType>
43529 <itunes:author>Allan Jude</itunes:author>
43530 <itunes:subtitle>OpenBSD on Microsoft Surface Go, FreeBSD Foundation August Update, What’s taking so long with Project Trident, pkgsrc config file versioning, and MacOS remnants in ZFS code.</itunes:subtitle>
43531 <itunes:duration>1:13:20</itunes:duration>
43532 <itunes:explicit>no</itunes:explicit>
43533 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
43534 <description>OpenBSD on Microsoft Surface Go, FreeBSD Foundation August Update, What’s taking so long with Project Trident, pkgsrc config file versioning, and MacOS remnants in ZFS code.
43535 <p>##Headlines<br>
43536 <a href="https://jcs.org/2018/08/31/surface_go">OpenBSD on the Microsoft Surface Go</a></p>
43537 <blockquote>
43538 <p>For some reason I like small laptops and the constraints they place on me (as long as they’re still usable). I used a Dell Mini 9 for a long time back in the netbook days and was recently using an 11&quot; MacBook Air as my primary development machine for many years. Recently Microsoft announced a smaller, cheaper version of its Surface tablets called Surface Go which piqued my interest.</p>
43539 </blockquote>
43540 <ul>
43541 <li>Hardware</li>
43542 </ul>
43543 <blockquote>
43544 <p>The Surface Go is available in two hardware configurations: one with 4Gb of RAM and a 64Gb eMMC, and another with 8Gb of RAM with a 128Gb NVMe SSD. (I went with the latter.) Both ship with an Intel Pentium Gold 4415Y processor which is not very fast, but it’s certainly usable.<br>
43545 The tablet measures 9.65&quot; across, 6.9&quot; tall, and 0.3&quot; thick. Its 10&quot; diagonal 3:2 touchscreen is covered with Gorilla Glass and has a resolution of 1800x1200. The bezel is quite large, especially for such a small screen, but it makes sense on a device that is meant to be held, to avoid accidental screen touches.<br>
43546 The keyboard and touchpad are located on a separate, removable slab called the Surface Go Signature Type Cover which is sold separately. I opted for the “cobalt blue” cover which has a soft, cloth-like alcantara material. The cover attaches magnetically along the bottom edge of the device and presents USB-attached keyboard and touchpad devices. When the cover is folded up against the screen, it sends an ACPI sleep signal and is held to the screen magnetically. During normal use, the cover can be positioned flat on a surface or slightly raised up about 3/4&quot; near the screen for better ergonomics. When using the device as a tablet, the cover can be rotated behind the screen which causes it to automatically stop sending keyboard and touchpad events until it is rotated back around.<br>
43547 The keyboard has a decent amount of key travel and a good layout, with Home/End/Page Up/Page Down being accessible via Fn+Left/Right/Up/Down but also dedicated Home/End/Page Up/Page Down keys on the F9-F12 keys which I find quite useful since the keyboard layout is somewhat small. By default, the F1-F12 keys do not send F1-F12 key codes and Fn must be used, either held down temporarily or Fn pressed by itself to enable Fn-lock which annoyingly keeps the bright Fn LED illuminated. The keys are backlit with three levels of adjustment, handled by the keyboard itself with the F7 key.<br>
43548 The touchpad on the Type Cover is a Windows Precision Touchpad connected via USB HID. It has a decent click feel but when the cover is angled up instead of flat on a surface, it sounds a bit hollow and cheap.</p>
43549 </blockquote>
43550 <ul>
43551 <li>Surface Go Pen</li>
43552 </ul>
43553 <blockquote>
43554 <p>The touchscreen is powered by an Elantech chip connected via HID-over-i2c, which also supports pen input. A Surface Pen digitizer is available separately from Microsoft and comes in the same colors as the Type Covers. The pen works without any pairing necessary, though the top button on it works over Bluetooth so it requires pairing to use. Either way, the pen requires an AAAA battery inside it to operate. The Surface Pen can attach magnetically to the left side of the screen when not in use.<br>
43555 A kickstand can swing out behind the display to use the tablet in a laptop form factor, which can adjust to any angle up to about 170 degrees. The kickstand stays firmly in place wherever it is positioned, which also means it requires a bit of force to pull it out when initially placing the Surface Go on a desk.<br>
43556 Along the top of the display are a power button and physical volume rocker buttons. Along the right side are the 3.5mm headphone jack, USB-C port, power port, and microSD card slot located behind the kickstand.<br>
43557 Charging can be done via USB-C or the dedicated charge port, which accommodates a magnetically-attached, thin barrel similar to Apple’s first generation MagSafe adapter. The charging cable has a white LED that glows when connected, which is kind of annoying since it’s near the mid-line of the screen rather than down by the keyboard. Unlike Apple’s MagSafe, the indicator light does not indicate whether the battery is charged or not. The barrel charger plug can be placed up or down, but in either direction I find it puts an awkward strain on the power cable coming out of it due to the vertical position of the port.<br>
43558 Wireless connectivity is provided by a Qualcomm Atheros QCA6174 802.11ac chip which also provides Bluetooth connectivity.<br>
43559 Most of the sensors on the device such as the gyroscope and ambient light sensor are connected behind an Intel Sensor Hub PCI device, which provides some power savings as the host CPU doesn’t have to poll the sensors all the time.</p>
43560 </blockquote>
43561 <ul>
43562 <li>Firmware</li>
43563 </ul>
43564 <blockquote>
43565 <p>The Surface Go’s BIOS/firmware menu can be entered by holding down the Volume Up button, then pressing and releasing the Power button, and releasing Volume Up when the menu appears. Secure Boot as well as various hardware components can be disabled in this menu. Boot order can also be adjusted. A temporary boot menu can be brought up the same way but using Volume Down instead.</p>
43566 </blockquote>
43567 <hr>
43568 <p>###<a href="https://www.freebsdfoundation.org/news-and-events/newsletter/freebsd-foundation-update-august-2018/">FreeBSD Foundation Update, August 2018</a></p>
43569 <ul>
43570 <li>MESSAGE FROM THE EXECUTIVE DIRECTOR</li>
43571 </ul>
43572 <blockquote>
43573 <p>Dear FreeBSD Community Member,<br>
43574 It’s been a busy summer for the Foundation. From traveling around the globe spreading the word about FreeBSD to bringing on new team members to improve the Project’s Continuous Integration work, we’re very excited about what we’ve accomplished. Take a minute to check out the latest updates within our Foundation sponsored projects; read more about our advocacy efforts in Bangladesh and community building in Cambridge; don’t miss upcoming Travel Grant deadlines, and new Developer Summits; and be sure to find out how your support will ensure our progress continues into 2019.<br>
43575 We can’t do this without you! Happy reading!! Deb</p>
43576 </blockquote>
43577 <ul>
43578 <li>August 2018 Development Projects Update</li>
43579 <li>Fundraising Update: Supporting the Project</li>
43580 <li>August 2018 Release Engineering Update</li>
43581 <li>BSDCam 2018 Recap</li>
43582 <li>October 2018 FreeBSD Developer Summit Call for Participation</li>
43583 <li>SANOG32 and COSCUP 2018 Recap</li>
43584 <li>MeetBSD 2018 Travel Grant Application Deadline: September 7</li>
43585 </ul>
43586 <hr>
43587 <p>##News Roundup<br>
43588 <a href="http://project-trident.org/post/2018-09-04_what_is_taking_so_long/">Project Trident: What’s taking so long?</a></p>
43589 <ul>
43590 <li>What is taking so long?</li>
43591 </ul>
43592 <blockquote>
43593 <p>The short answer is that it’s complicated.<br>
43594 Project Trident is quite literally a test of the new TrueOS build system. As expected, there have been quite a few bugs, undocumented features, and other optional bits that we discovered we needed that were not initially present. All of these things have to be addressed and retested in a constant back and forth process.<br>
43595 While Ken and JT are both experienced developers, neither has done this kind of release engineering before. JT has done some release engineering back in his Linux days, but the TrueOS and FreeBSD build system is very different. Both Ken and JT are learning a completely new way of building a FreeBSD/TrueOS distribution. Please keep in mind that no one has used this new TrueOS build system before, so Ken and JT want to not only provide a good Trident release, but also provide a model or template for other potential TrueOS distributions too!</p>
43596 </blockquote>
43597 <ul>
43598 <li>Where are we now?</li>
43599 </ul>
43600 <blockquote>
43601 <p>Through perseverance, trial and error, and a lot of head-scratching we have reached the point of having successful builds. It took a while to get there, but now we are simply working out a few bugs with the new installer that Ken wrote as well as finding and fixing all the new Xorg configuration options which recently landed in FreeBSD. We also found that a number of services have been removed or replaced between TrueOS 18.03 and 18.06 so we are needing to adjust what we consider the “base” services for the desktop. All of these issues are being resolved and we are continually rebuilding and pulling in new patches from TrueOS as soon as they are committed.<br>
43602 In the meantime we have made an early BETA release of Trident available to the users in our Telegram Channel for those who want to help out in testing these early versions.</p>
43603 </blockquote>
43604 <ul>
43605 <li>Do you foresee any other delays?</li>
43606 </ul>
43607 <blockquote>
43608 <p>At the moment we are doing many iterations of testing and tweaking the install ISO and package configurations in order to ensure that all the critical functionality works out-of-box (networking, sound, video, basic apps, etc). While we do not foresee any other major delays, sometimes things happen that our outside of our control. For an example, one of the recent delays that hit recently was completely unexpected: we had a hard drive failure on our build server. Up until recently, The aptly named “Poseidon” build server was running a Micron m500dc drive, but that drive is now constantly reporting errors. Despite ordering a replacement Western Digital Blue SSD several weeks ago, we just received it this past week. The drive is now installed with the builder back to full functionality, but we did lose many precious days with the delay.<br>
43609 The build server for Project Trident is very similar to the one that JT donated to the TrueOS project. JT had another DL580 G7, so he donated one to the Trident Project for their build server. Poseidon also has 256GB RAM (64 x 4GB sticks) which is a smidge higher than what the TrueOS builder has.<br>
43610 Since we are talking about hardware, we probably should address another question we get often, “What Hardware are the devs testing on?” So let’s go ahead and answer that one now.</p>
43611 </blockquote>
43612 <ul>
43613 <li>
43614 <p>Developer Hardware</p>
43615 </li>
43616 <li>
43617 <p>JT: His main test box is a custom-built Intel i7 7700K system running 32GB RAM, dual Intel Optane 900P drives, and an Nvidia 1070 GTX with four 4K Acer Monitors. He also uses a Lenovo x250 ThinkPad alongside a desk full of x230t and x220 ThinkPads. One of which he gave away at SouthEast LinuxFest this year, which you can read about here. However it’s not done there, being a complete hardware hoarder, JT also tests on several Intel NUCs and his second laptop a Fujitsu t904, not to mention a Plethora of HP DL580 servers, a DL980 server, and a stack of BL485c, BL460c, and BL490c Blades in his HP c7000 and c3000 Bladecenter chassis. (Maybe it’s time for an intervention for his hardware collecting habits)</p>
43618 </li>
43619 <li>
43620 <p>Ken: For a laptop, he primarily uses a 3rd generation X1 Carbon, but also has an old Eee PC T101MT Netbook (dual core 1GHz, 2GB of memory) which he uses for verifying how well Trident works on low-end hardware. As far as workstations go, his office computer is an Intel i7 with an NVIDIA Geforce GTX 960 running three 4K monitors and he has a couple other custom-built workstations (1 AMD, 1 Intel+NVIDIA) at his home. Generally he assembled random workstations based on hardware that was given to him or that he could acquire cheap.</p>
43621 </li>
43622 <li>
43623 <p>Tim: is using a third gen X1 Carbon and a custom built desktop with an Intel Core i5-4440 CPU, 16 GiB RAM, Nvidia GeForce GTX 750 Ti, and a RealTek 8168 / 8111 network card.</p>
43624 </li>
43625 <li>
43626 <p>Rod: Rod uses… No one knows what Rod uses, It’s kinda like how many licks does it take to get to the center of a Tootsie-Roll Tootsie-Pop… the world may just never know.</p>
43627 </li>
43628 </ul>
43629 <hr>
43630 <p>###NetBSD GSoC: pkgsrc config file versioning</p>
43631 <ul>
43632 <li>A series of reports from the course of the summer on this Google Summer of Code project</li>
43633 <li>The goal of the project is to integrate with a VCS (Version Control System) to make managing local changes to config files for packages easier</li>
43634 <li><a href="https://blog.netbsd.org/tnf/entry/gsoc_2018_reports_configuration_files">GSoC 2018 Reports: Configuration files versioning in pkgsrc, Part 1</a></li>
43635 </ul>
43636 <blockquote>
43637 <p>Packages may install code (both machine executable code and interpreted programs), documentation and manual pages, source headers, shared libraries and other resources such as graphic elements, sounds, fonts, document templates, translations and configuration files, or a combination of them.<br>
43638 Configuration files are usually the means through which the behaviour of software without a user interface is specified. This covers parts of the operating systems, network daemons and programs in general that don’t come with an interactive graphical or textual interface as the principal mean for setting options.<br>
43639 System wide configuration for operating system software tends to be kept under /etc, while configuration for software installed via pkgsrc ends up under LOCALBASE/etc (e.g., /usr/pkg/etc).<br>
43640 Software packaged as part of pkgsrc provides example configuration files, if any, which usually get extracted to LOCALBASE/share/examples/PKGBASE/.<br>
43641 Don’t worry: automatic merging is disabled by default, set $VCSAUTOMERGE to enable it.<br>
43642 In order to avoid breakage, installed configuration is backed up first in the VCS, separating user-modified files from files that have been already automatically merged in the past, in order to allow the administrator to easily restore the last manually edited file in case of breakage.<br>
43643 VCS functionality only applies to configuration files, not to rc.d scripts, and only if the environment variable $NOVCS is unset.<br>
43644 The version control system to be used as a backend can be set through $VCS. It default to RCS, the Revision Control System, which works only locally and doesn’t support atomic transactions.<br>
43645 Other backends such as CVS are supported and more will come; these, being used at the explicit request of the administrator, need to be already installed and placed in a directory part of $PATH.</p>
43646 </blockquote>
43647 <ul>
43648 <li><a href="https://blog.netbsd.org/tnf/entry/gsoc_2018_reports_configuration_files1">GSoC 2018 Reports: Configuration files versioning in pkgsrc, part 2: remote repositories (git and CVS)</a></li>
43649 </ul>
43650 <blockquote>
43651 <p>pkgsrc is now able to deploy configuration from packages being installed from a remote, site-specific vcs repository.<br>
43652 User modified files are always tracked even if automerge functionality is not enabled, and a new tool, pkgconftrack(1), exists to manually store user changes made outside of package upgrade time.<br>
43653 Version Control software is executed as the same user running pkgadd or make install, unless the user is “root”. In this case, a separate, unprivileged user, pkgvcsconf, gets created with its own home directory and a working login shell (but no password). The home directory is not strictly necessary, it exists to facilitate migrations betweens repositories and vcs changes; it also serves to store keys used to access remote repositories.<br>
43654 Using git instead of rcs is simply done by setting VCS=git in pkginstall.conf</p>
43655 </blockquote>
43656 <ul>
43657 <li><a href="https://blog.netbsd.org/tnf/entry/gsoc_2018_reports_configuration_files2">GSoC 2018 Reports: Configuration files versioning in pkgsrc, part 3: remote repositories (SVN and Mercurial)</a></li>
43658 <li><a href="https://blog.netbsd.org/tnf/entry/gsoc_2018_reports_configuration_files3">GSoC 2018 Reports: Configuration files versioning in pkgsrc, part 4: configuration deployment, pkgtools and future improvements</a></li>
43659 </ul>
43660 <blockquote>
43661 <p>Support for configuration tracking is in scripts, pkginstall scripts, that get built into binary packages and are run by pkgadd upon installation. The idea behind the proposal suggested that users of the new feature should be able to store revisions of their installed configuration files, and of package-provided default, both in local or remote repositories. With this capability in place, it doesn’t take much to make the scripts “pull” configuration from a VCS repository at installation time.<br>
43662 That’s what setting VCSCONFPULL=yes in pkginstall.conf after having enabled VCSTRACKCONF does: You are free to use official, third party prebuilt packages that have no customization in them, enable these options, and point pkgsrc to a private conf repository. If it contains custom configuration for the software you are installing, an attempt will be made to use it and install it on your system. If it fails, pkginstall will fall back to using the defaults that come inside the package. RC scripts are always deployed from the binary package, if existing and PKGRCDSCRIPTS=yes in pkginstall.conf or the environment.<br>
43663 This will be part of packages, not a separate solution like configuration management tools. It doesn’t support running scripts on the target system to customize the installation, it doesn’t come with its domain-specific language, it won’t run as a daemon or require remote logins to work. It’s quite limited in scope, but you can define a ROLE for your system in pkginstall.conf or in the environment, and pkgsrc will look for configuration you or your organization crafted for such a role (e.g., public, standalone webserver vs reverse proxy or node in a database cluster)</p>
43664 </blockquote>
43665 <hr>
43666 <p>###<a href="https://utcc.utoronto.ca/~cks/space/blog/solaris/ZFSDTypeAndMacOS">A little bit of the one-time MacOS version still lingers in ZFS</a></p>
43667 <blockquote>
43668 <p>Once upon a time, Apple came very close to releasing ZFS as part of MacOS. Apple did this work in its own copy of the ZFS source base (as far as I know), but the people in Sun knew about it and it turns out that even today there is one little lingering sign of this hoped-for and perhaps prepared-for ZFS port in the ZFS source code. Well, sort of, because it’s not quite in code.<br>
43669 Lurking in the function that reads ZFS directories to turn (ZFS) directory entries into the filesystem independent format that the kernel wants is the following comment:</p>
43670 </blockquote>
43671 <p><code>objnum = ZFSDIRENTOBJ(zap.zafirstinteger);</code><br>
43672 <code>/</code><br>
43673 <code> MacOS X can extract the object type here such as:</code><br>
43674 <code>* uint8t type = ZFSDIRENTTYPE(zap.zafirstinteger);</code><br>
43675 <code>*/</code></p>
43676 <ul>
43677 <li>Specifically, this is in zfsreaddir in zfsvnops.c .</li>
43678 </ul>
43679 <blockquote>
43680 <p>ZFS maintains file type information in directories. This information can’t be used on Solaris (and thus Illumos), where the overall kernel doesn’t have this in its filesystem independent directory entry format, but it could have been on MacOS (‘Darwin’), because MacOS is among the Unixes that support d_type. The comment itself dates all the way back to this 2007 commit, which includes the change ‘reserve bits in directory entry for file type’, which created the whole setup for this.<br>
43681 I don’t know if this file type support was added specifically to help out Apple’s MacOS X port of ZFS, but it’s certainly possible, and in 2007 it seems likely that this port was at least on the minds of ZFS developers. It’s interesting but understandable that FreeBSD didn’t seem to have influenced them in the same way, at least as far as comments in the source code go; this file type support is equally useful for FreeBSD, and the FreeBSD ZFS port dates to 2007 too (per this announcement).<br>
43682 Regardless of the exact reason that ZFS picked up maintaining file type information in directory entries, it’s quite useful for people on both FreeBSD and Linux that it does so. File type information is useful for any number of things and ZFS filesystems can (and do) provide this information on those Unixes, which helps make ZFS feel like a truly first class filesystem, one that supports all of the expected general system features.</p>
43683 </blockquote>
43684 <hr>
43685 <p>##Beastie Bits</p>
43686 <ul>
43687 <li><a href="http://trafyx.com/?p=2551">Mac-like FreeBSD Laptop</a></li>
43688 <li><a href="https://vermaden.wordpress.com/2018/08/21/syncthing-on-freebsd/">Syncthing on FreeBSD</a></li>
43689 <li><a href="https://vermaden.wordpress.com/2018/08/24/new-zfs-boot-environments-tool/">New ZFS Boot Environments Tool</a></li>
43690 <li><a href="http://anadoxin.org/blog/my-systems-time-was-so-wrong-that-even-ntpd-didnt-work.html">My system’s time was so wrong, that even ntpd didn’t work</a></li>
43691 <li><a href="https://www.openssh.com/releasenotes.html#7.8">OpenSSH 7.8/7.8p1 (2018-08-24)</a></li>
43692 <li><a href="https://2018.eurobsdcon.org/registration/">EuroBSD (Sept 20-23rd) registration Early Bird Period is coming to an end</a></li>
43693 <li><a href="https://www.meetbsd.com/">MeetBSD (Oct 18-20th) is coming up fast, hurry up and register!</a></li>
43694 <li><a href="https://2019.asiabsdcon.org/">AsiaBSDcon 2019 Dates</a></li>
43695 </ul>
43696 <hr>
43697 <p>##Feedback/Questions</p>
43698 <ul>
43699 <li>Will - <a href="http://dpaste.com/2EQMHXV">Kudos and a Question</a></li>
43700 <li>Peter - <a href="http://dpaste.com/2N6DC6P#wrap">Fanless Computers</a></li>
43701 <li>Ron - <a href="http://dpaste.com/0MRG11V#wrap">ZFS disk clone or replace or something</a></li>
43702 <li>Bostjan - <a href="http://dpaste.com/16B1WDB">ZFS Record Size</a></li>
43703 </ul>
43704 <hr>
43705 <ul>
43706 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
43707 </ul>
43708 <hr>
43709 </description>
43710 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview</itunes:keywords>
43711 <content:encoded>
43712 <![CDATA[<p>OpenBSD on Microsoft Surface Go, FreeBSD Foundation August Update, What’s taking so long with Project Trident, pkgsrc config file versioning, and MacOS remnants in ZFS code.</p>
43713
43714 <p>##Headlines<br>
43715 ###<a href="https://jcs.org/2018/08/31/surface_go">OpenBSD on the Microsoft Surface Go</a></p>
43716
43717 <blockquote>
43718 <p>For some reason I like small laptops and the constraints they place on me (as long as they’re still usable). I used a Dell Mini 9 for a long time back in the netbook days and was recently using an 11" MacBook Air as my primary development machine for many years. Recently Microsoft announced a smaller, cheaper version of its Surface tablets called Surface Go which piqued my interest.</p>
43719 </blockquote>
43720
43721 <ul>
43722 <li>Hardware</li>
43723 </ul>
43724
43725 <blockquote>
43726 <p>The Surface Go is available in two hardware configurations: one with 4Gb of RAM and a 64Gb eMMC, and another with 8Gb of RAM with a 128Gb NVMe SSD. (I went with the latter.) Both ship with an Intel Pentium Gold 4415Y processor which is not very fast, but it’s certainly usable.<br>
43727 The tablet measures 9.65" across, 6.9" tall, and 0.3" thick. Its 10" diagonal 3:2 touchscreen is covered with Gorilla Glass and has a resolution of 1800x1200. The bezel is quite large, especially for such a small screen, but it makes sense on a device that is meant to be held, to avoid accidental screen touches.<br>
43728 The keyboard and touchpad are located on a separate, removable slab called the Surface Go Signature Type Cover which is sold separately. I opted for the “cobalt blue” cover which has a soft, cloth-like alcantara material. The cover attaches magnetically along the bottom edge of the device and presents USB-attached keyboard and touchpad devices. When the cover is folded up against the screen, it sends an ACPI sleep signal and is held to the screen magnetically. During normal use, the cover can be positioned flat on a surface or slightly raised up about 3/4" near the screen for better ergonomics. When using the device as a tablet, the cover can be rotated behind the screen which causes it to automatically stop sending keyboard and touchpad events until it is rotated back around.<br>
43729 The keyboard has a decent amount of key travel and a good layout, with Home/End/Page Up/Page Down being accessible via Fn+Left/Right/Up/Down but also dedicated Home/End/Page Up/Page Down keys on the F9-F12 keys which I find quite useful since the keyboard layout is somewhat small. By default, the F1-F12 keys do not send F1-F12 key codes and Fn must be used, either held down temporarily or Fn pressed by itself to enable Fn-lock which annoyingly keeps the bright Fn LED illuminated. The keys are backlit with three levels of adjustment, handled by the keyboard itself with the F7 key.<br>
43730 The touchpad on the Type Cover is a Windows Precision Touchpad connected via USB HID. It has a decent click feel but when the cover is angled up instead of flat on a surface, it sounds a bit hollow and cheap.</p>
43731 </blockquote>
43732
43733 <ul>
43734 <li>Surface Go Pen</li>
43735 </ul>
43736
43737 <blockquote>
43738 <p>The touchscreen is powered by an Elantech chip connected via HID-over-i2c, which also supports pen input. A Surface Pen digitizer is available separately from Microsoft and comes in the same colors as the Type Covers. The pen works without any pairing necessary, though the top button on it works over Bluetooth so it requires pairing to use. Either way, the pen requires an AAAA battery inside it to operate. The Surface Pen can attach magnetically to the left side of the screen when not in use.<br>
43739 A kickstand can swing out behind the display to use the tablet in a laptop form factor, which can adjust to any angle up to about 170 degrees. The kickstand stays firmly in place wherever it is positioned, which also means it requires a bit of force to pull it out when initially placing the Surface Go on a desk.<br>
43740 Along the top of the display are a power button and physical volume rocker buttons. Along the right side are the 3.5mm headphone jack, USB-C port, power port, and microSD card slot located behind the kickstand.<br>
43741 Charging can be done via USB-C or the dedicated charge port, which accommodates a magnetically-attached, thin barrel similar to Apple’s first generation MagSafe adapter. The charging cable has a white LED that glows when connected, which is kind of annoying since it’s near the mid-line of the screen rather than down by the keyboard. Unlike Apple’s MagSafe, the indicator light does not indicate whether the battery is charged or not. The barrel charger plug can be placed up or down, but in either direction I find it puts an awkward strain on the power cable coming out of it due to the vertical position of the port.<br>
43742 Wireless connectivity is provided by a Qualcomm Atheros QCA6174 802.11ac chip which also provides Bluetooth connectivity.<br>
43743 Most of the sensors on the device such as the gyroscope and ambient light sensor are connected behind an Intel Sensor Hub PCI device, which provides some power savings as the host CPU doesn’t have to poll the sensors all the time.</p>
43744 </blockquote>
43745
43746 <ul>
43747 <li>Firmware</li>
43748 </ul>
43749
43750 <blockquote>
43751 <p>The Surface Go’s BIOS/firmware menu can be entered by holding down the Volume Up button, then pressing and releasing the Power button, and releasing Volume Up when the menu appears. Secure Boot as well as various hardware components can be disabled in this menu. Boot order can also be adjusted. A temporary boot menu can be brought up the same way but using Volume Down instead.</p>
43752 </blockquote>
43753
43754 <p><hr></p>
43755
43756 <p>###<a href="https://www.freebsdfoundation.org/news-and-events/newsletter/freebsd-foundation-update-august-2018/">FreeBSD Foundation Update, August 2018</a></p>
43757
43758 <ul>
43759 <li>MESSAGE FROM THE EXECUTIVE DIRECTOR</li>
43760 </ul>
43761
43762 <blockquote>
43763 <p>Dear FreeBSD Community Member,<br>
43764 It’s been a busy summer for the Foundation. From traveling around the globe spreading the word about FreeBSD to bringing on new team members to improve the Project’s Continuous Integration work, we’re very excited about what we’ve accomplished. Take a minute to check out the latest updates within our Foundation sponsored projects; read more about our advocacy efforts in Bangladesh and community building in Cambridge; don’t miss upcoming Travel Grant deadlines, and new Developer Summits; and be sure to find out how your support will ensure our progress continues into 2019.<br>
43765 We can’t do this without you! Happy reading!! Deb</p>
43766 </blockquote>
43767
43768 <ul>
43769 <li>August 2018 Development Projects Update</li>
43770 <li>Fundraising Update: Supporting the Project</li>
43771 <li>August 2018 Release Engineering Update</li>
43772 <li>BSDCam 2018 Recap</li>
43773 <li>October 2018 FreeBSD Developer Summit Call for Participation</li>
43774 <li>SANOG32 and COSCUP 2018 Recap</li>
43775 <li>MeetBSD 2018 Travel Grant Application Deadline: September 7</li>
43776 </ul>
43777
43778 <p><hr></p>
43779
43780 <p>##News Roundup<br>
43781 ###<a href="http://project-trident.org/post/2018-09-04_what_is_taking_so_long/">Project Trident: What’s taking so long?</a></p>
43782
43783 <ul>
43784 <li>What is taking so long?</li>
43785 </ul>
43786
43787 <blockquote>
43788 <p>The short answer is that it’s complicated.<br>
43789 Project Trident is quite literally a test of the new TrueOS build system. As expected, there have been quite a few bugs, undocumented features, and other optional bits that we discovered we needed that were not initially present. All of these things have to be addressed and retested in a constant back and forth process.<br>
43790 While Ken and JT are both experienced developers, neither has done this kind of release engineering before. JT has done some release engineering back in his Linux days, but the TrueOS and FreeBSD build system is very different. Both Ken and JT are learning a completely new way of building a FreeBSD/TrueOS distribution. Please keep in mind that no one has used this new TrueOS build system before, so Ken and JT want to not only provide a good Trident release, but also provide a model or template for other potential TrueOS distributions too!</p>
43791 </blockquote>
43792
43793 <ul>
43794 <li>Where are we now?</li>
43795 </ul>
43796
43797 <blockquote>
43798 <p>Through perseverance, trial and error, and a lot of head-scratching we have reached the point of having successful builds. It took a while to get there, but now we are simply working out a few bugs with the new installer that Ken wrote as well as finding and fixing all the new Xorg configuration options which recently landed in FreeBSD. We also found that a number of services have been removed or replaced between TrueOS 18.03 and 18.06 so we are needing to adjust what we consider the “base” services for the desktop. All of these issues are being resolved and we are continually rebuilding and pulling in new patches from TrueOS as soon as they are committed.<br>
43799 In the meantime we have made an early BETA release of Trident available to the users in our Telegram Channel for those who want to help out in testing these early versions.</p>
43800 </blockquote>
43801
43802 <ul>
43803 <li>Do you foresee any other delays?</li>
43804 </ul>
43805
43806 <blockquote>
43807 <p>At the moment we are doing many iterations of testing and tweaking the install ISO and package configurations in order to ensure that all the critical functionality works out-of-box (networking, sound, video, basic apps, etc). While we do not foresee any other major delays, sometimes things happen that our outside of our control. For an example, one of the recent delays that hit recently was completely unexpected: we had a hard drive failure on our build server. Up until recently, The aptly named “Poseidon” build server was running a Micron m500dc drive, but that drive is now constantly reporting errors. Despite ordering a replacement Western Digital Blue SSD several weeks ago, we just received it this past week. The drive is now installed with the builder back to full functionality, but we did lose many precious days with the delay.<br>
43808 The build server for Project Trident is very similar to the one that JT donated to the TrueOS project. JT had another DL580 G7, so he donated one to the Trident Project for their build server. Poseidon also has 256GB RAM (64 x 4GB sticks) which is a smidge higher than what the TrueOS builder has.<br>
43809 Since we are talking about hardware, we probably should address another question we get often, “What Hardware are the devs testing on?” So let’s go ahead and answer that one now.</p>
43810 </blockquote>
43811
43812 <ul>
43813 <li>
43814 <p>Developer Hardware</p>
43815 </li>
43816 <li>
43817 <p>JT: His main test box is a custom-built Intel i7 7700K system running 32GB RAM, dual Intel Optane 900P drives, and an Nvidia 1070 GTX with four 4K Acer Monitors. He also uses a Lenovo x250 ThinkPad alongside a desk full of x230t and x220 ThinkPads. One of which he gave away at SouthEast LinuxFest this year, which you can read about here. However it’s not done there, being a complete hardware hoarder, JT also tests on several Intel NUCs and his second laptop a Fujitsu t904, not to mention a Plethora of HP DL580 servers, a DL980 server, and a stack of BL485c, BL460c, and BL490c Blades in his HP c7000 and c3000 Bladecenter chassis. (Maybe it’s time for an intervention for his hardware collecting habits)</p>
43818 </li>
43819 <li>
43820 <p>Ken: For a laptop, he primarily uses a 3rd generation X1 Carbon, but also has an old Eee PC T101MT Netbook (dual core 1GHz, 2GB of memory) which he uses for verifying how well Trident works on low-end hardware. As far as workstations go, his office computer is an Intel i7 with an NVIDIA Geforce GTX 960 running three 4K monitors and he has a couple other custom-built workstations (1 AMD, 1 Intel+NVIDIA) at his home. Generally he assembled random workstations based on hardware that was given to him or that he could acquire cheap.</p>
43821 </li>
43822 <li>
43823 <p>Tim: is using a third gen X1 Carbon and a custom built desktop with an Intel Core i5-4440 CPU, 16 GiB RAM, Nvidia GeForce GTX 750 Ti, and a RealTek 8168 / 8111 network card.</p>
43824 </li>
43825 <li>
43826 <p>Rod: Rod uses… No one knows what Rod uses, It’s kinda like how many licks does it take to get to the center of a Tootsie-Roll Tootsie-Pop… the world may just never know.</p>
43827 </li>
43828 </ul>
43829
43830 <p><hr></p>
43831
43832 <p>###NetBSD GSoC: pkgsrc config file versioning</p>
43833
43834 <ul>
43835 <li>A series of reports from the course of the summer on this Google Summer of Code project</li>
43836 <li>The goal of the project is to integrate with a VCS (Version Control System) to make managing local changes to config files for packages easier</li>
43837 <li><a href="https://blog.netbsd.org/tnf/entry/gsoc_2018_reports_configuration_files">GSoC 2018 Reports: Configuration files versioning in pkgsrc, Part 1</a></li>
43838 </ul>
43839
43840 <blockquote>
43841 <p>Packages may install code (both machine executable code and interpreted programs), documentation and manual pages, source headers, shared libraries and other resources such as graphic elements, sounds, fonts, document templates, translations and configuration files, or a combination of them.<br>
43842 Configuration files are usually the means through which the behaviour of software without a user interface is specified. This covers parts of the operating systems, network daemons and programs in general that don’t come with an interactive graphical or textual interface as the principal mean for setting options.<br>
43843 System wide configuration for operating system software tends to be kept under /etc, while configuration for software installed via pkgsrc ends up under LOCALBASE/etc (e.g., /usr/pkg/etc).<br>
43844 Software packaged as part of pkgsrc provides example configuration files, if any, which usually get extracted to LOCALBASE/share/examples/PKGBASE/.<br>
43845 Don’t worry: automatic merging is disabled by default, set $VCSAUTOMERGE to enable it.<br>
43846 In order to avoid breakage, installed configuration is backed up first in the VCS, separating user-modified files from files that have been already automatically merged in the past, in order to allow the administrator to easily restore the last manually edited file in case of breakage.<br>
43847 VCS functionality only applies to configuration files, not to rc.d scripts, and only if the environment variable $NOVCS is unset.<br>
43848 The version control system to be used as a backend can be set through $VCS. It default to RCS, the Revision Control System, which works only locally and doesn’t support atomic transactions.<br>
43849 Other backends such as CVS are supported and more will come; these, being used at the explicit request of the administrator, need to be already installed and placed in a directory part of $PATH.</p>
43850 </blockquote>
43851
43852 <ul>
43853 <li><a href="https://blog.netbsd.org/tnf/entry/gsoc_2018_reports_configuration_files1">GSoC 2018 Reports: Configuration files versioning in pkgsrc, part 2: remote repositories (git and CVS)</a></li>
43854 </ul>
43855
43856 <blockquote>
43857 <p>pkgsrc is now able to deploy configuration from packages being installed from a remote, site-specific vcs repository.<br>
43858 User modified files are always tracked even if automerge functionality is not enabled, and a new tool, pkgconftrack(1), exists to manually store user changes made outside of package upgrade time.<br>
43859 Version Control software is executed as the same user running pkg_add or make install, unless the user is “root”. In this case, a separate, unprivileged user, pkgvcsconf, gets created with its own home directory and a working login shell (but no password). The home directory is not strictly necessary, it exists to facilitate migrations betweens repositories and vcs changes; it also serves to store keys used to access remote repositories.<br>
43860 Using git instead of rcs is simply done by setting VCS=git in pkg_install.conf</p>
43861 </blockquote>
43862
43863 <ul>
43864 <li><a href="https://blog.netbsd.org/tnf/entry/gsoc_2018_reports_configuration_files2">GSoC 2018 Reports: Configuration files versioning in pkgsrc, part 3: remote repositories (SVN and Mercurial)</a></li>
43865 <li><a href="https://blog.netbsd.org/tnf/entry/gsoc_2018_reports_configuration_files3">GSoC 2018 Reports: Configuration files versioning in pkgsrc, part 4: configuration deployment, pkgtools and future improvements</a></li>
43866 </ul>
43867
43868 <blockquote>
43869 <p>Support for configuration tracking is in scripts, pkginstall scripts, that get built into binary packages and are run by pkg_add upon installation. The idea behind the proposal suggested that users of the new feature should be able to store revisions of their installed configuration files, and of package-provided default, both in local or remote repositories. With this capability in place, it doesn’t take much to make the scripts “pull” configuration from a VCS repository at installation time.<br>
43870 That’s what setting VCSCONFPULL=yes in pkg_install.conf after having enabled VCSTRACK_CONF does: You are free to use official, third party prebuilt packages that have no customization in them, enable these options, and point pkgsrc to a private conf repository. If it contains custom configuration for the software you are installing, an attempt will be made to use it and install it on your system. If it fails, pkginstall will fall back to using the defaults that come inside the package. RC scripts are always deployed from the binary package, if existing and PKG_RCD_SCRIPTS=yes in pkg_install.conf or the environment.<br>
43871 This will be part of packages, not a separate solution like configuration management tools. It doesn’t support running scripts on the target system to customize the installation, it doesn’t come with its domain-specific language, it won’t run as a daemon or require remote logins to work. It’s quite limited in scope, but you can define a ROLE for your system in pkg_install.conf or in the environment, and pkgsrc will look for configuration you or your organization crafted for such a role (e.g., public, standalone webserver vs reverse proxy or node in a database cluster)</p>
43872 </blockquote>
43873
43874 <p><hr></p>
43875
43876 <p>###<a href="https://utcc.utoronto.ca/~cks/space/blog/solaris/ZFSDTypeAndMacOS">A little bit of the one-time MacOS version still lingers in ZFS</a></p>
43877
43878 <blockquote>
43879 <p>Once upon a time, Apple came very close to releasing ZFS as part of MacOS. Apple did this work in its own copy of the ZFS source base (as far as I know), but the people in Sun knew about it and it turns out that even today there is one little lingering sign of this hoped-for and perhaps prepared-for ZFS port in the ZFS source code. Well, sort of, because it’s not quite in code.<br>
43880 Lurking in the function that reads ZFS directories to turn (ZFS) directory entries into the filesystem independent format that the kernel wants is the following comment:</p>
43881 </blockquote>
43882
43883 <p><code>objnum = ZFS_DIRENT_OBJ(zap.za_first_integer);</code><br>
43884 <code>/*</code><br>
43885 <code>* MacOS X can extract the object type here such as:</code><br>
43886 <code>* uint8_t type = ZFS_DIRENT_TYPE(zap.za_first_integer);</code><br>
43887 <code>*/</code></p>
43888
43889 <ul>
43890 <li>Specifically, this is in zfs_readdir in zfs_vnops.c .</li>
43891 </ul>
43892
43893 <blockquote>
43894 <p>ZFS maintains file type information in directories. This information can’t be used on Solaris (and thus Illumos), where the overall kernel doesn’t have this in its filesystem independent directory entry format, but it could have been on MacOS (‘Darwin’), because MacOS is among the Unixes that support d_type. The comment itself dates all the way back to this 2007 commit, which includes the change ‘reserve bits in directory entry for file type’, which created the whole setup for this.<br>
43895 I don’t know if this file type support was added specifically to help out Apple’s MacOS X port of ZFS, but it’s certainly possible, and in 2007 it seems likely that this port was at least on the minds of ZFS developers. It’s interesting but understandable that FreeBSD didn’t seem to have influenced them in the same way, at least as far as comments in the source code go; this file type support is equally useful for FreeBSD, and the FreeBSD ZFS port dates to 2007 too (per this announcement).<br>
43896 Regardless of the exact reason that ZFS picked up maintaining file type information in directory entries, it’s quite useful for people on both FreeBSD and Linux that it does so. File type information is useful for any number of things and ZFS filesystems can (and do) provide this information on those Unixes, which helps make ZFS feel like a truly first class filesystem, one that supports all of the expected general system features.</p>
43897 </blockquote>
43898
43899 <p><hr></p>
43900
43901 <p>##Beastie Bits</p>
43902
43903 <ul>
43904 <li><a href="http://trafyx.com/?p=2551">Mac-like FreeBSD Laptop</a></li>
43905 <li><a href="https://vermaden.wordpress.com/2018/08/21/syncthing-on-freebsd/">Syncthing on FreeBSD</a></li>
43906 <li><a href="https://vermaden.wordpress.com/2018/08/24/new-zfs-boot-environments-tool/">New ZFS Boot Environments Tool</a></li>
43907 <li><a href="http://anadoxin.org/blog/my-systems-time-was-so-wrong-that-even-ntpd-didnt-work.html">My system’s time was so wrong, that even ntpd didn’t work</a></li>
43908 <li><a href="https://www.openssh.com/releasenotes.html#7.8">OpenSSH 7.8/7.8p1 (2018-08-24)</a></li>
43909 <li><a href="https://2018.eurobsdcon.org/registration/">EuroBSD (Sept 20-23rd) registration Early Bird Period is coming to an end</a></li>
43910 <li><a href="https://www.meetbsd.com/">MeetBSD (Oct 18-20th) is coming up fast, hurry up and register!</a></li>
43911 <li><a href="https://2019.asiabsdcon.org/">AsiaBSDcon 2019 Dates</a></li>
43912 </ul>
43913
43914 <p><hr></p>
43915
43916 <p>##Feedback/Questions</p>
43917
43918 <ul>
43919 <li>Will - <a href="http://dpaste.com/2EQMHXV">Kudos and a Question</a></li>
43920 <li>Peter - <a href="http://dpaste.com/2N6DC6P#wrap">Fanless Computers</a></li>
43921 <li>Ron - <a href="http://dpaste.com/0MRG11V#wrap">ZFS disk clone or replace or something</a></li>
43922 <li>Bostjan - <a href="http://dpaste.com/16B1WDB">ZFS Record Size</a></li>
43923 </ul>
43924
43925 <p><hr></p>
43926
43927 <ul>
43928 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
43929 </ul>
43930
43931 <p><hr></p>]]>
43932 </content:encoded>
43933 <itunes:summary>
43934 <![CDATA[<p>OpenBSD on Microsoft Surface Go, FreeBSD Foundation August Update, What’s taking so long with Project Trident, pkgsrc config file versioning, and MacOS remnants in ZFS code.</p>
43935
43936 <p>##Headlines<br>
43937 ###<a href="https://jcs.org/2018/08/31/surface_go">OpenBSD on the Microsoft Surface Go</a></p>
43938
43939 <blockquote>
43940 <p>For some reason I like small laptops and the constraints they place on me (as long as they’re still usable). I used a Dell Mini 9 for a long time back in the netbook days and was recently using an 11" MacBook Air as my primary development machine for many years. Recently Microsoft announced a smaller, cheaper version of its Surface tablets called Surface Go which piqued my interest.</p>
43941 </blockquote>
43942
43943 <ul>
43944 <li>Hardware</li>
43945 </ul>
43946
43947 <blockquote>
43948 <p>The Surface Go is available in two hardware configurations: one with 4Gb of RAM and a 64Gb eMMC, and another with 8Gb of RAM with a 128Gb NVMe SSD. (I went with the latter.) Both ship with an Intel Pentium Gold 4415Y processor which is not very fast, but it’s certainly usable.<br>
43949 The tablet measures 9.65" across, 6.9" tall, and 0.3" thick. Its 10" diagonal 3:2 touchscreen is covered with Gorilla Glass and has a resolution of 1800x1200. The bezel is quite large, especially for such a small screen, but it makes sense on a device that is meant to be held, to avoid accidental screen touches.<br>
43950 The keyboard and touchpad are located on a separate, removable slab called the Surface Go Signature Type Cover which is sold separately. I opted for the “cobalt blue” cover which has a soft, cloth-like alcantara material. The cover attaches magnetically along the bottom edge of the device and presents USB-attached keyboard and touchpad devices. When the cover is folded up against the screen, it sends an ACPI sleep signal and is held to the screen magnetically. During normal use, the cover can be positioned flat on a surface or slightly raised up about 3/4" near the screen for better ergonomics. When using the device as a tablet, the cover can be rotated behind the screen which causes it to automatically stop sending keyboard and touchpad events until it is rotated back around.<br>
43951 The keyboard has a decent amount of key travel and a good layout, with Home/End/Page Up/Page Down being accessible via Fn+Left/Right/Up/Down but also dedicated Home/End/Page Up/Page Down keys on the F9-F12 keys which I find quite useful since the keyboard layout is somewhat small. By default, the F1-F12 keys do not send F1-F12 key codes and Fn must be used, either held down temporarily or Fn pressed by itself to enable Fn-lock which annoyingly keeps the bright Fn LED illuminated. The keys are backlit with three levels of adjustment, handled by the keyboard itself with the F7 key.<br>
43952 The touchpad on the Type Cover is a Windows Precision Touchpad connected via USB HID. It has a decent click feel but when the cover is angled up instead of flat on a surface, it sounds a bit hollow and cheap.</p>
43953 </blockquote>
43954
43955 <ul>
43956 <li>Surface Go Pen</li>
43957 </ul>
43958
43959 <blockquote>
43960 <p>The touchscreen is powered by an Elantech chip connected via HID-over-i2c, which also supports pen input. A Surface Pen digitizer is available separately from Microsoft and comes in the same colors as the Type Covers. The pen works without any pairing necessary, though the top button on it works over Bluetooth so it requires pairing to use. Either way, the pen requires an AAAA battery inside it to operate. The Surface Pen can attach magnetically to the left side of the screen when not in use.<br>
43961 A kickstand can swing out behind the display to use the tablet in a laptop form factor, which can adjust to any angle up to about 170 degrees. The kickstand stays firmly in place wherever it is positioned, which also means it requires a bit of force to pull it out when initially placing the Surface Go on a desk.<br>
43962 Along the top of the display are a power button and physical volume rocker buttons. Along the right side are the 3.5mm headphone jack, USB-C port, power port, and microSD card slot located behind the kickstand.<br>
43963 Charging can be done via USB-C or the dedicated charge port, which accommodates a magnetically-attached, thin barrel similar to Apple’s first generation MagSafe adapter. The charging cable has a white LED that glows when connected, which is kind of annoying since it’s near the mid-line of the screen rather than down by the keyboard. Unlike Apple’s MagSafe, the indicator light does not indicate whether the battery is charged or not. The barrel charger plug can be placed up or down, but in either direction I find it puts an awkward strain on the power cable coming out of it due to the vertical position of the port.<br>
43964 Wireless connectivity is provided by a Qualcomm Atheros QCA6174 802.11ac chip which also provides Bluetooth connectivity.<br>
43965 Most of the sensors on the device such as the gyroscope and ambient light sensor are connected behind an Intel Sensor Hub PCI device, which provides some power savings as the host CPU doesn’t have to poll the sensors all the time.</p>
43966 </blockquote>
43967
43968 <ul>
43969 <li>Firmware</li>
43970 </ul>
43971
43972 <blockquote>
43973 <p>The Surface Go’s BIOS/firmware menu can be entered by holding down the Volume Up button, then pressing and releasing the Power button, and releasing Volume Up when the menu appears. Secure Boot as well as various hardware components can be disabled in this menu. Boot order can also be adjusted. A temporary boot menu can be brought up the same way but using Volume Down instead.</p>
43974 </blockquote>
43975
43976 <p><hr></p>
43977
43978 <p>###<a href="https://www.freebsdfoundation.org/news-and-events/newsletter/freebsd-foundation-update-august-2018/">FreeBSD Foundation Update, August 2018</a></p>
43979
43980 <ul>
43981 <li>MESSAGE FROM THE EXECUTIVE DIRECTOR</li>
43982 </ul>
43983
43984 <blockquote>
43985 <p>Dear FreeBSD Community Member,<br>
43986 It’s been a busy summer for the Foundation. From traveling around the globe spreading the word about FreeBSD to bringing on new team members to improve the Project’s Continuous Integration work, we’re very excited about what we’ve accomplished. Take a minute to check out the latest updates within our Foundation sponsored projects; read more about our advocacy efforts in Bangladesh and community building in Cambridge; don’t miss upcoming Travel Grant deadlines, and new Developer Summits; and be sure to find out how your support will ensure our progress continues into 2019.<br>
43987 We can’t do this without you! Happy reading!! Deb</p>
43988 </blockquote>
43989
43990 <ul>
43991 <li>August 2018 Development Projects Update</li>
43992 <li>Fundraising Update: Supporting the Project</li>
43993 <li>August 2018 Release Engineering Update</li>
43994 <li>BSDCam 2018 Recap</li>
43995 <li>October 2018 FreeBSD Developer Summit Call for Participation</li>
43996 <li>SANOG32 and COSCUP 2018 Recap</li>
43997 <li>MeetBSD 2018 Travel Grant Application Deadline: September 7</li>
43998 </ul>
43999
44000 <p><hr></p>
44001
44002 <p>##News Roundup<br>
44003 ###<a href="http://project-trident.org/post/2018-09-04_what_is_taking_so_long/">Project Trident: What’s taking so long?</a></p>
44004
44005 <ul>
44006 <li>What is taking so long?</li>
44007 </ul>
44008
44009 <blockquote>
44010 <p>The short answer is that it’s complicated.<br>
44011 Project Trident is quite literally a test of the new TrueOS build system. As expected, there have been quite a few bugs, undocumented features, and other optional bits that we discovered we needed that were not initially present. All of these things have to be addressed and retested in a constant back and forth process.<br>
44012 While Ken and JT are both experienced developers, neither has done this kind of release engineering before. JT has done some release engineering back in his Linux days, but the TrueOS and FreeBSD build system is very different. Both Ken and JT are learning a completely new way of building a FreeBSD/TrueOS distribution. Please keep in mind that no one has used this new TrueOS build system before, so Ken and JT want to not only provide a good Trident release, but also provide a model or template for other potential TrueOS distributions too!</p>
44013 </blockquote>
44014
44015 <ul>
44016 <li>Where are we now?</li>
44017 </ul>
44018
44019 <blockquote>
44020 <p>Through perseverance, trial and error, and a lot of head-scratching we have reached the point of having successful builds. It took a while to get there, but now we are simply working out a few bugs with the new installer that Ken wrote as well as finding and fixing all the new Xorg configuration options which recently landed in FreeBSD. We also found that a number of services have been removed or replaced between TrueOS 18.03 and 18.06 so we are needing to adjust what we consider the “base” services for the desktop. All of these issues are being resolved and we are continually rebuilding and pulling in new patches from TrueOS as soon as they are committed.<br>
44021 In the meantime we have made an early BETA release of Trident available to the users in our Telegram Channel for those who want to help out in testing these early versions.</p>
44022 </blockquote>
44023
44024 <ul>
44025 <li>Do you foresee any other delays?</li>
44026 </ul>
44027
44028 <blockquote>
44029 <p>At the moment we are doing many iterations of testing and tweaking the install ISO and package configurations in order to ensure that all the critical functionality works out-of-box (networking, sound, video, basic apps, etc). While we do not foresee any other major delays, sometimes things happen that our outside of our control. For an example, one of the recent delays that hit recently was completely unexpected: we had a hard drive failure on our build server. Up until recently, The aptly named “Poseidon” build server was running a Micron m500dc drive, but that drive is now constantly reporting errors. Despite ordering a replacement Western Digital Blue SSD several weeks ago, we just received it this past week. The drive is now installed with the builder back to full functionality, but we did lose many precious days with the delay.<br>
44030 The build server for Project Trident is very similar to the one that JT donated to the TrueOS project. JT had another DL580 G7, so he donated one to the Trident Project for their build server. Poseidon also has 256GB RAM (64 x 4GB sticks) which is a smidge higher than what the TrueOS builder has.<br>
44031 Since we are talking about hardware, we probably should address another question we get often, “What Hardware are the devs testing on?” So let’s go ahead and answer that one now.</p>
44032 </blockquote>
44033
44034 <ul>
44035 <li>
44036 <p>Developer Hardware</p>
44037 </li>
44038 <li>
44039 <p>JT: His main test box is a custom-built Intel i7 7700K system running 32GB RAM, dual Intel Optane 900P drives, and an Nvidia 1070 GTX with four 4K Acer Monitors. He also uses a Lenovo x250 ThinkPad alongside a desk full of x230t and x220 ThinkPads. One of which he gave away at SouthEast LinuxFest this year, which you can read about here. However it’s not done there, being a complete hardware hoarder, JT also tests on several Intel NUCs and his second laptop a Fujitsu t904, not to mention a Plethora of HP DL580 servers, a DL980 server, and a stack of BL485c, BL460c, and BL490c Blades in his HP c7000 and c3000 Bladecenter chassis. (Maybe it’s time for an intervention for his hardware collecting habits)</p>
44040 </li>
44041 <li>
44042 <p>Ken: For a laptop, he primarily uses a 3rd generation X1 Carbon, but also has an old Eee PC T101MT Netbook (dual core 1GHz, 2GB of memory) which he uses for verifying how well Trident works on low-end hardware. As far as workstations go, his office computer is an Intel i7 with an NVIDIA Geforce GTX 960 running three 4K monitors and he has a couple other custom-built workstations (1 AMD, 1 Intel+NVIDIA) at his home. Generally he assembled random workstations based on hardware that was given to him or that he could acquire cheap.</p>
44043 </li>
44044 <li>
44045 <p>Tim: is using a third gen X1 Carbon and a custom built desktop with an Intel Core i5-4440 CPU, 16 GiB RAM, Nvidia GeForce GTX 750 Ti, and a RealTek 8168 / 8111 network card.</p>
44046 </li>
44047 <li>
44048 <p>Rod: Rod uses… No one knows what Rod uses, It’s kinda like how many licks does it take to get to the center of a Tootsie-Roll Tootsie-Pop… the world may just never know.</p>
44049 </li>
44050 </ul>
44051
44052 <p><hr></p>
44053
44054 <p>###NetBSD GSoC: pkgsrc config file versioning</p>
44055
44056 <ul>
44057 <li>A series of reports from the course of the summer on this Google Summer of Code project</li>
44058 <li>The goal of the project is to integrate with a VCS (Version Control System) to make managing local changes to config files for packages easier</li>
44059 <li><a href="https://blog.netbsd.org/tnf/entry/gsoc_2018_reports_configuration_files">GSoC 2018 Reports: Configuration files versioning in pkgsrc, Part 1</a></li>
44060 </ul>
44061
44062 <blockquote>
44063 <p>Packages may install code (both machine executable code and interpreted programs), documentation and manual pages, source headers, shared libraries and other resources such as graphic elements, sounds, fonts, document templates, translations and configuration files, or a combination of them.<br>
44064 Configuration files are usually the means through which the behaviour of software without a user interface is specified. This covers parts of the operating systems, network daemons and programs in general that don’t come with an interactive graphical or textual interface as the principal mean for setting options.<br>
44065 System wide configuration for operating system software tends to be kept under /etc, while configuration for software installed via pkgsrc ends up under LOCALBASE/etc (e.g., /usr/pkg/etc).<br>
44066 Software packaged as part of pkgsrc provides example configuration files, if any, which usually get extracted to LOCALBASE/share/examples/PKGBASE/.<br>
44067 Don’t worry: automatic merging is disabled by default, set $VCSAUTOMERGE to enable it.<br>
44068 In order to avoid breakage, installed configuration is backed up first in the VCS, separating user-modified files from files that have been already automatically merged in the past, in order to allow the administrator to easily restore the last manually edited file in case of breakage.<br>
44069 VCS functionality only applies to configuration files, not to rc.d scripts, and only if the environment variable $NOVCS is unset.<br>
44070 The version control system to be used as a backend can be set through $VCS. It default to RCS, the Revision Control System, which works only locally and doesn’t support atomic transactions.<br>
44071 Other backends such as CVS are supported and more will come; these, being used at the explicit request of the administrator, need to be already installed and placed in a directory part of $PATH.</p>
44072 </blockquote>
44073
44074 <ul>
44075 <li><a href="https://blog.netbsd.org/tnf/entry/gsoc_2018_reports_configuration_files1">GSoC 2018 Reports: Configuration files versioning in pkgsrc, part 2: remote repositories (git and CVS)</a></li>
44076 </ul>
44077
44078 <blockquote>
44079 <p>pkgsrc is now able to deploy configuration from packages being installed from a remote, site-specific vcs repository.<br>
44080 User modified files are always tracked even if automerge functionality is not enabled, and a new tool, pkgconftrack(1), exists to manually store user changes made outside of package upgrade time.<br>
44081 Version Control software is executed as the same user running pkg_add or make install, unless the user is “root”. In this case, a separate, unprivileged user, pkgvcsconf, gets created with its own home directory and a working login shell (but no password). The home directory is not strictly necessary, it exists to facilitate migrations betweens repositories and vcs changes; it also serves to store keys used to access remote repositories.<br>
44082 Using git instead of rcs is simply done by setting VCS=git in pkg_install.conf</p>
44083 </blockquote>
44084
44085 <ul>
44086 <li><a href="https://blog.netbsd.org/tnf/entry/gsoc_2018_reports_configuration_files2">GSoC 2018 Reports: Configuration files versioning in pkgsrc, part 3: remote repositories (SVN and Mercurial)</a></li>
44087 <li><a href="https://blog.netbsd.org/tnf/entry/gsoc_2018_reports_configuration_files3">GSoC 2018 Reports: Configuration files versioning in pkgsrc, part 4: configuration deployment, pkgtools and future improvements</a></li>
44088 </ul>
44089
44090 <blockquote>
44091 <p>Support for configuration tracking is in scripts, pkginstall scripts, that get built into binary packages and are run by pkg_add upon installation. The idea behind the proposal suggested that users of the new feature should be able to store revisions of their installed configuration files, and of package-provided default, both in local or remote repositories. With this capability in place, it doesn’t take much to make the scripts “pull” configuration from a VCS repository at installation time.<br>
44092 That’s what setting VCSCONFPULL=yes in pkg_install.conf after having enabled VCSTRACK_CONF does: You are free to use official, third party prebuilt packages that have no customization in them, enable these options, and point pkgsrc to a private conf repository. If it contains custom configuration for the software you are installing, an attempt will be made to use it and install it on your system. If it fails, pkginstall will fall back to using the defaults that come inside the package. RC scripts are always deployed from the binary package, if existing and PKG_RCD_SCRIPTS=yes in pkg_install.conf or the environment.<br>
44093 This will be part of packages, not a separate solution like configuration management tools. It doesn’t support running scripts on the target system to customize the installation, it doesn’t come with its domain-specific language, it won’t run as a daemon or require remote logins to work. It’s quite limited in scope, but you can define a ROLE for your system in pkg_install.conf or in the environment, and pkgsrc will look for configuration you or your organization crafted for such a role (e.g., public, standalone webserver vs reverse proxy or node in a database cluster)</p>
44094 </blockquote>
44095
44096 <p><hr></p>
44097
44098 <p>###<a href="https://utcc.utoronto.ca/~cks/space/blog/solaris/ZFSDTypeAndMacOS">A little bit of the one-time MacOS version still lingers in ZFS</a></p>
44099
44100 <blockquote>
44101 <p>Once upon a time, Apple came very close to releasing ZFS as part of MacOS. Apple did this work in its own copy of the ZFS source base (as far as I know), but the people in Sun knew about it and it turns out that even today there is one little lingering sign of this hoped-for and perhaps prepared-for ZFS port in the ZFS source code. Well, sort of, because it’s not quite in code.<br>
44102 Lurking in the function that reads ZFS directories to turn (ZFS) directory entries into the filesystem independent format that the kernel wants is the following comment:</p>
44103 </blockquote>
44104
44105 <p><code>objnum = ZFS_DIRENT_OBJ(zap.za_first_integer);</code><br>
44106 <code>/*</code><br>
44107 <code>* MacOS X can extract the object type here such as:</code><br>
44108 <code>* uint8_t type = ZFS_DIRENT_TYPE(zap.za_first_integer);</code><br>
44109 <code>*/</code></p>
44110
44111 <ul>
44112 <li>Specifically, this is in zfs_readdir in zfs_vnops.c .</li>
44113 </ul>
44114
44115 <blockquote>
44116 <p>ZFS maintains file type information in directories. This information can’t be used on Solaris (and thus Illumos), where the overall kernel doesn’t have this in its filesystem independent directory entry format, but it could have been on MacOS (‘Darwin’), because MacOS is among the Unixes that support d_type. The comment itself dates all the way back to this 2007 commit, which includes the change ‘reserve bits in directory entry for file type’, which created the whole setup for this.<br>
44117 I don’t know if this file type support was added specifically to help out Apple’s MacOS X port of ZFS, but it’s certainly possible, and in 2007 it seems likely that this port was at least on the minds of ZFS developers. It’s interesting but understandable that FreeBSD didn’t seem to have influenced them in the same way, at least as far as comments in the source code go; this file type support is equally useful for FreeBSD, and the FreeBSD ZFS port dates to 2007 too (per this announcement).<br>
44118 Regardless of the exact reason that ZFS picked up maintaining file type information in directory entries, it’s quite useful for people on both FreeBSD and Linux that it does so. File type information is useful for any number of things and ZFS filesystems can (and do) provide this information on those Unixes, which helps make ZFS feel like a truly first class filesystem, one that supports all of the expected general system features.</p>
44119 </blockquote>
44120
44121 <p><hr></p>
44122
44123 <p>##Beastie Bits</p>
44124
44125 <ul>
44126 <li><a href="http://trafyx.com/?p=2551">Mac-like FreeBSD Laptop</a></li>
44127 <li><a href="https://vermaden.wordpress.com/2018/08/21/syncthing-on-freebsd/">Syncthing on FreeBSD</a></li>
44128 <li><a href="https://vermaden.wordpress.com/2018/08/24/new-zfs-boot-environments-tool/">New ZFS Boot Environments Tool</a></li>
44129 <li><a href="http://anadoxin.org/blog/my-systems-time-was-so-wrong-that-even-ntpd-didnt-work.html">My system’s time was so wrong, that even ntpd didn’t work</a></li>
44130 <li><a href="https://www.openssh.com/releasenotes.html#7.8">OpenSSH 7.8/7.8p1 (2018-08-24)</a></li>
44131 <li><a href="https://2018.eurobsdcon.org/registration/">EuroBSD (Sept 20-23rd) registration Early Bird Period is coming to an end</a></li>
44132 <li><a href="https://www.meetbsd.com/">MeetBSD (Oct 18-20th) is coming up fast, hurry up and register!</a></li>
44133 <li><a href="https://2019.asiabsdcon.org/">AsiaBSDcon 2019 Dates</a></li>
44134 </ul>
44135
44136 <p><hr></p>
44137
44138 <p>##Feedback/Questions</p>
44139
44140 <ul>
44141 <li>Will - <a href="http://dpaste.com/2EQMHXV">Kudos and a Question</a></li>
44142 <li>Peter - <a href="http://dpaste.com/2N6DC6P#wrap">Fanless Computers</a></li>
44143 <li>Ron - <a href="http://dpaste.com/0MRG11V#wrap">ZFS disk clone or replace or something</a></li>
44144 <li>Bostjan - <a href="http://dpaste.com/16B1WDB">ZFS Record Size</a></li>
44145 </ul>
44146
44147 <p><hr></p>
44148
44149 <ul>
44150 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
44151 </ul>
44152
44153 <p><hr></p>]]>
44154 </itunes:summary>
44155 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+engQNeDX</fireside:playerURL>
44156 <fireside:playerEmbedCode>
44157 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+engQNeDX" width="740" height="200" frameborder="0" scrolling="no">]]>
44158 </fireside:playerEmbedCode>
44159 </item>
44160 <item>
44161 <title>Episode 261: FreeBSDcon Flashback | BSD Now 261</title>
44162 <link>https://www.bsdnow.tv/261</link>
44163 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-2488</guid>
44164 <pubDate>Thu, 30 Aug 2018 00:00:00 -0700</pubDate>
44165 <author>Allan Jude</author>
44166 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/9bf2ff39-f045-4c19-8416-f1a6da6d3f84.mp3" length="65719133" type="audio/mp3"/>
44167 <itunes:episodeType>full</itunes:episodeType>
44168 <itunes:author>Allan Jude</itunes:author>
44169 <itunes:subtitle>Insight into TrueOS and Trident, stop evildoers with pf-badhost, Flashback to FreeBSDcon ‘99, OpenBSD’s measures against TLBleed, play Morrowind on OpenBSD in 5 steps, DragonflyBSD developers shocked at Threadripper performance, and more.</itunes:subtitle>
44170 <itunes:duration>1:49:13</itunes:duration>
44171 <itunes:explicit>no</itunes:explicit>
44172 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
44173 <description>Insight into TrueOS and Trident, stop evildoers with pf-badhost, Flashback to FreeBSDcon ‘99, OpenBSD’s measures against TLBleed, play Morrowind on OpenBSD in 5 steps, DragonflyBSD developers shocked at Threadripper performance, and more.
44174 <p>##Headlines<br>
44175 <a href="https://itsfoss.com/project-trident-interview/">An Insight into the Future of TrueOS BSD and Project Trident</a></p>
44176 <blockquote>
44177 <p>Last month, TrueOS announced that they would be spinning off their desktop offering. The team behind the new project, named Project Trident, have been working furiously towards their first release. They did take a few minutes to answer some of our question about Project Trident and TrueOS. I would like to thank JT and Ken for taking the time to compile these answers.</p>
44178 </blockquote>
44179 <ul>
44180 <li>It’s FOSS: What is Project Trident?</li>
44181 </ul>
44182 <blockquote>
44183 <p>Project Trident: Project Trident is the continuation of the TrueOS Desktop. Essentially, it is the continuation of the primary “TrueOS software” that people have been using for the past 2 years. The continuing evolution of the entire TrueOS project has reached a stage where it became necessary to reorganize the project. To understand this change, it is important to know the history of the TrueOS project.</p>
44184 </blockquote>
44185 <blockquote>
44186 <p>Originally, Kris Moore created PC-BSD. This was a Desktop release of FreeBSD focused on providing a simple and user-friendly graphical experience for FreeBSD. PC-BSD grew and matured over many years. During the evolution of PC-BSD, many users began asking for a server focused version of the software. Kris agreed, and TrueOS was born as a scaled down server version of PC-BSD. In late 2016, more contributors and growth resulted in significant changes to the PC-BSD codebase. Because the new development was so markedly different from the original PC-BSD design, it was decided to rebrand the project.</p>
44187 </blockquote>
44188 <blockquote>
44189 <p>TrueOS was chosen as the name for this new direction for PC-BSD as the project had grown beyond providing only a graphical front to FreeBSD and was beginning to make fundamental changes to the FreeBSD operating system. One of these changes was moving PC-BSD from being based on each FreeBSD Release to TrueOS being based on the active and less outdated FreeBSD Current. Other major changes are using OpenRC for service management and being more aggressive about addressing long-standing issues with the FreeBSD release process. TrueOS moved toward a rolling release cycle, twice a year, which tested and merged FreeBSD changes directly from the developer instead of waiting months or even years for the FreeBSD review process to finish. TrueOS also deprecated and removed obsolete technology much more regularly.</p>
44190 </blockquote>
44191 <blockquote>
44192 <p>As the TrueOS Project grew, the developers found these changes were needed by other FreeBSD-based projects. These projects began expressing interest in using TrueOS rather than FreeBSD as the base for their project. This demonstrated that TrueOS needed to again evolve into a distribution framework for any BSD project to use. This allows port maintainers and source developers from any BSD project to pool their resources and use the same source repositories while allowing every distribution to still customize, build, and release their own self-contained project. The result is a natural split of the traditional TrueOS team. There were now naturally two teams in the TrueOS project: those working on the build infrastructure and FreeBSD enhancements – the “core” part of the project, and those working on end-user experience and utility – the “desktop” part of the project.</p>
44193 </blockquote>
44194 <blockquote>
44195 <p>When the decision was made to formally split the projects, the obvious question that arose was what to call the “Desktop” project. As TrueOS was already positioned to be a BSD distribution platform, the developers agreed the desktop side should pick a new name. There were other considerations too, one notable being that we were concerned that if we continued to call the desktop project “TrueOS Desktop”, it would prevent people from considering TrueOS as the basis for their distribution because of misconceptions that TrueOS was a desktop-focused OS. It also helps to “level the playing field” for other desktop distributions like GhostBSD so that TrueOS is not viewed as having a single “blessed” desktop version.</p>
44196 </blockquote>
44197 <ul>
44198 <li>It’s FOSS: What features will TrueOS add to the FreeBSD base?</li>
44199 </ul>
44200 <blockquote>
44201 <p>Project Trident: TrueOS has already added a number of features to FreeBSD:<br>
44202 OpenRC replaces rc.d for service management<br>
44203 LibreSSL in base<br>
44204 Root NSS certificates out-of-box<br>
44205 Scriptable installations (pc-sysinstall)<br>
44206 The full list of changes can be seen on the TrueOS repository (<a href="https://github.com/trueos/trueos/blob/trueos-master/README.md">https://github.com/trueos/trueos/blob/trueos-master/README.md</a>). This list does change quite regularly as FreeBSD development itself changes.</p>
44207 </blockquote>
44208 <ul>
44209 <li>It’s FOSS: I understand that TrueOS will have a new feature that will make creating a desktop spin of TrueOS very easy. Could you explain that new feature?</li>
44210 </ul>
44211 <blockquote>
44212 <p>Project Trident: Historically, one of the biggest hurdles for creating a desktop version of FreeBSD is that the build options for packages are tuned for servers rather than desktops. This means a desktop distribution cannot use the pre-built packages from FreeBSD and must build, use, and maintain a custom package repository. Maintaining a fork of the FreeBSD ports tree is no trivial task. TrueOS has created a full distribution framework so now all it takes to create a custom build of FreeBSD is a single JSON manifest file. There is now a single “source of truth” for the source and ports repositories that is maintained by the TrueOS team and regularly tagged with “stable” build markers. All projects can use this framework, which makes updates trivial.</p>
44213 </blockquote>
44214 <ul>
44215 <li>It’s FOSS: Do you think that the new focus of TrueOS will lead to the creation of more desktop-centered BSDs?</li>
44216 </ul>
44217 <blockquote>
44218 <p>Project Trident: That is the hope. Historically, creating a desktop-centered BSD has required a lot of specialized knowledge. Not only do most people not have this knowledge, but many do not even know what they need to learn until they start troubleshooting. TrueOS is trying to drastically simplify this process to enable the wider Open Source community to experiment, contribute, and enjoy BSD-based projects.</p>
44219 </blockquote>
44220 <ul>
44221 <li>It’s FOSS: What is going to happen to TrueOS Pico? Will Project Trident have ARM support?</li>
44222 </ul>
44223 <blockquote>
44224 <p>Project Trident: Project Trident will be dependent on TrueOS for ARM support. The developers have talked about the possibility of supporting ARM64 and RISC-V architectures, but it is not possible at the current time. If more Open Source contributors want to help develop ARM and RISC-V support, the TrueOS project is definitely willing to help test and integrate that code.</p>
44225 </blockquote>
44226 <ul>
44227 <li>It’s FOSS: What does this change (splitting Trus OS into Project Trident) mean for the Lumina desktop environment?</li>
44228 </ul>
44229 <blockquote>
44230 <p>Project Trident: Long-term, almost nothing. Lumina is still the desktop environment for Project Trident and will continue to be developed and enhanced alongside Project Trident just as it was for TrueOS. Short-term, we will be delaying the release of Lumina 2.0 and will release an updated version of the 1.x branch (1.5.0) instead. This is simply due to all the extra overhead to get Project Trident up and running. When things settle down into a rhythm, the development of Lumina will pick up once again.</p>
44231 </blockquote>
44232 <ul>
44233 <li>It’s FOSS: Are you planning on including any desktop environments besides Lumina?</li>
44234 </ul>
44235 <blockquote>
44236 <p>Project Trident: While Lumina is included by default, all of the other popular desktop environments will be available in the package repo exactly as they had been before.</p>
44237 </blockquote>
44238 <ul>
44239 <li>It’s FOSS: Any plans to include Steam to increase the userbase?</li>
44240 </ul>
44241 <blockquote>
44242 <p>Project Trident: Steam is still unavailable natively on FreeBSD, so we do not have any plans to ship it out of the box currently. In the meantime, we highly recommend installing the Windows version of Steam through the PlayOnBSD utility.</p>
44243 </blockquote>
44244 <ul>
44245 <li>It’s FOSS: What will happen to the AppCafe?</li>
44246 </ul>
44247 <blockquote>
44248 <p>Project Trident: The AppCafe is the name of the graphical interface for the “pkg” utility integrated into the SysAdm client created by TrueOS. This hasn’t changed. SysAdm, the graphical client, and by extension AppCafe are still available for all TrueOS-based distributions to use.</p>
44249 </blockquote>
44250 <ul>
44251 <li>It’s FOSS: Does Project Trident have any corporate sponsors lined up? If not, would you be open to it or would you prefer that it be community supported?</li>
44252 </ul>
44253 <blockquote>
44254 <p>Project Trident: iXsystems is the first corporate sponsor of Project Trident and we are always open to other sponsorships as well. We would prefer smaller individual contributions from the community, but we understand that larger project needs or special-purpose goals are much more difficult to achieve without allowing larger corporate sponsorships as well. In either case, Project Trident is always looking out for the best interests of the community and will not allow intrusive or harmful code to enter the project even if a company or individual tries to make that code part of a sponsorship deal.</p>
44255 </blockquote>
44256 <ul>
44257 <li>It’s FOSS: BSD always seems to be lagging in terms of support for newer devices. Will TrueOS be able to remedy that with a quicker release cycle?</li>
44258 </ul>
44259 <blockquote>
44260 <p>Project Trident: Yes! That was a primary reason for TrueOS to start tracking the CURRENT branch of FreeBSD in 2016. This allows for the changes that FreeBSD developers are making, including new hardware support, to be available much sooner than if we followed the FreeBSD release cycle.</p>
44261 </blockquote>
44262 <ul>
44263 <li>It’s FOSS: Do you have any idea when Project Trident will have its first release?</li>
44264 </ul>
44265 <blockquote>
44266 <p>Project Trident: Right now we are targeting a late August release date. This is because Project Trident is “kicking the wheels” on the new TrueOS distribution system. We want to ensure everything is working smoothly before we release. Going forward, we plan on having regular package updates every week or two for the end-user packages and a new release of Trident with an updated OS version every 6 months. This will follow the TrueOS release schedule with a small time offset.</p>
44267 </blockquote>
44268 <hr>
44269 <p>###<a href="https://www.geoghegan.ca/pfbadhost.html">pf-badhost: Stop the evil doers in their tracks!</a></p>
44270 <blockquote>
44271 <p>pf-badhost is a simple, easy to use badhost blocker that uses the power of the pf firewall to block many of the internet’s biggest irritants. Annoyances such as ssh bruteforcers are largely eliminated. Shodan scans and bots looking for webservers to abuse are stopped dead in their tracks. When used to filter outbound traffic, pf-badhost blocks many seedy, spooky malware containing and/or compromised webhosts.<br>
44272 Filtering performance is exceptional, as the badhost list is stored in a pf table. To quote the OpenBSD FAQ page regarding tables: “the lookup time on a table holding 50,000 addresses is only slightly more than for one holding 50 addresses.”<br>
44273 pf-badhost is simple and powerful. The blocklists are pulled from quality, trusted sources. The ‘Firehol’, ‘Emerging Threats’ and ‘Binary Defense’ block lists are used as they are popular, regularly updated lists of the internet’s most egregious offenders. The <a href="http://pf-badhost.sh">pf-badhost.sh</a> script can easily be expanded to use additional or alternate blocklists.<br>
44274 pf-badhost works best when used in conjunction with unbound-adblock for the ultimate badhost blocking.</p>
44275 </blockquote>
44276 <ul>
44277 <li>Notes:</li>
44278 <li>If you are trying to run pf-badhost on a LAN or are using NAT, you will want to add a rule to your pf.conf appearing BEFORE the pf-badhost rules allowing traffic to and from your local subnet so that you can still access your gateway and any DNS servers.</li>
44279 <li>Conversely, adding a line to <a href="http://pf-badhost.sh">pf-badhost.sh</a> that removes your subnet range from the &lt;pfbadhost&gt; table should also work. Just make sure you choose a subnet range / CIDR block that is actually in the list. 192.168.0.0/16, 172.16.0.0/12 and 10.0.0.0/8 are the most common home/office subnet ranges.</li>
44280 </ul>
44281 <hr>
44282 <p><strong>DigitalOcean</strong><br>
44283 <a href="https://do.co/bsdnow">https://do.co/bsdnow</a></p>
44284 <p>###<a href="http://edition.cnn.com/TECH/computing/9911/01/freebsd.con99.idg/">FLASHBACK: FreeBSDCon’99: Fans of Linux’s lesser-known sibling gather for the first time</a></p>
44285 <blockquote>
44286 <p>FreeBSD, a port of BSD Unix to Intel, has been around almost as long as Linux has – but without the media hype. Its developer and user community recently got a chance to get together for the first time, and they did it in the city where BSD – the Berkeley Software Distribution – was born some 25 years ago.<br>
44287 October 17, 1999 marked a milestone in the history of FreeBSD – the first FreeBSD conference was held in the city where it all began, Berkeley, CA. Over 300 developers, users, and interested parties attended from around the globe.<br>
44288 This was easily 50 percent more people than the conference organizers had expected. This first conference was meant to be a gathering mostly for developers and FreeBSD advocates. The turnout was surprisingly (and gratifyingly) large.<br>
44289 In fact, attendance exceeded expectations so much that, for instance, Kirk McKusick had to add a second, identical tutorial on FreeBSD internals, because it was impossible for everyone to attend the first!<br>
44290 But for a first-ever conference, I was impressed by how smoothly everything seemed to go. Sessions started on time, and the sessions I attended were well-run; nothing seemed to be too cold, dark, loud, late, or off-center.<br>
44291 Of course, the best part about a conference such as this one is the opportunity to meet with other people who share similar interests. Lunches and breaks were a good time to meet people, as was the Tuesday night beer bash.<br>
44292 The Wednesday night reception was of a type unusual for the technical conferences I usually attend – a three-hour Hornblower dinner cruise on San Francisco Bay. Not only did we all enjoy excellent food and company, but we all got to go up on deck and watch the lights of San Francisco and Berkeley as we drifted by. Although it’s nice when a conference attracts thousands of attendees, there are some things that can only be done with smaller groups of people; this was one of them.<br>
44293 In short, this was a tiny conference, but a well-run one.</p>
44294 </blockquote>
44295 <ul>
44296 <li>Sessions</li>
44297 </ul>
44298 <blockquote>
44299 <p>Although it was a relatively small conference, the number and quality of the sessions belied the size. Each of the three days of the conference featured a different keynote speaker. In addition to Jordan Hubbard, Jeremy Allison spoke on “Samba Futures” on day two, and Brian Behlendorf gave a talk on “FreeBSD and Apache: A Perfect Combo” to start off the third day.<br>
44300 The conference sessions themselves were divided into six tracks: advocacy, business, development, networking, security, and panels. The panels track featured three different panels, made up of three different slices of the community: the FreeBSD core team, a press panel, and a prominent user panel with representatives from such prominent commercial users as Yahoo! and USWest.<br>
44301 I was especially interested in Apple Computer’s talk in the development track. Wilfredo Sanchez, technical lead for open source projects at Apple (no, that’s not an oxymoron!) spoke about Apple’s Darwin project, the company’s operating system road map, and the role of BSD (and, specifically, FreeBSD) in Apple’s plans.<br>
44302 Apple and Unix have had a long and uneasy history, from the Lisa through the A/UX project to today. Personally, I’m very optimistic about the chances for the Darwin project to succeed. Apple’s core OS kernel team has chosen FreeBSD as its reference platform. I’m looking forward to what this partnership will bring to both sides.<br>
44303 Other development track sessions included in-depth tutorials on writing device drivers, basics of the Vinum Volume Manager, Fibre Channel, development models (the open repository model), and the FreeBSD Documentation Project (FDP). If you’re interested in contributing to the FreeBSD project, the FDP is a good place to start.<br>
44304 Advocacy sessions included “How One Person Can Make a Difference” (a timeless topic that would find a home at any technical conference!) and “Starting and Managing A User Group” (trials and tribulations as well as rewards).<br>
44305 The business track featured speakers from three commercial users of FreeBSD: Cybernet, USWest, and Applix. Applix presented its port of Applixware Office for FreeBSD and explained how Applix has taken the core services of Applixware into open source.<br>
44306 Commercial applications and open source were once a rare combination; we can only hope the trend away from that state of affairs will continue.</p>
44307 </blockquote>
44308 <ul>
44309 <li>Commercial use of FreeBSD</li>
44310 </ul>
44311 <blockquote>
44312 <p>The use of FreeBSD in embedded applications is increasing as well – and it is increasing at the same rate that hardware power is. These days, even inexpensive systems are able to run a BSD kernel.<br>
44313 The BSD license and the solid TCP/IP stack prove significant enticements to this market as well. (Unlike the GNU Public License, the BSD license does not require that vendors make derivative works open source.)<br>
44314 Companies such as USWest and Verio use FreeBSD for a wide variety of different Internet services.<br>
44315 Yahoo! and Hotmail are examples of companies that use FreeBSD extensively for more specific purposes. Yahoo!, for example, has many hundreds of FreeBSD boxes, and Hotmail has almost 2000 FreeBSD machines at its data center in the San Francisco Bay area.<br>
44316 Hotmail is owned by Microsoft, so the fact that it runs FreeBSD is a secret. Don’t tell anyone…<br>
44317 When asked to comment on the increasing commercial interest in BSD, Hubbard said that FreeBSD is learning the Red Hat lesson. “Walnut Creek and others with business interests in FreeBSD have learned a few things from the Red Hat IPO,” he said, “and nobody is just sitting around now, content with business as usual. It’s clearly business as unusual in the open source world today.”<br>
44318 Hubbard had also singled out some of BSD’s commercial partners, such as Whistle Communications, for praise in his opening day keynote. These partners play a key role in moving the project forward, he said, by contributing various enhancements and major new systems, such as Netgraph, as well as by contributing paid employee time spent on FreeBSD.<br>
44319 Even short FreeBSD-related contacts can yield good results, Hubbard said. An example of this is the new jail() security code introduced in FreeBSD 3.x and 4.0, which was contributed by R &amp; D Associates. A number of ISPs are also now donating the hardware and bandwidth that allows the project to provide more resource mirrors and experimental development sites.</p>
44320 </blockquote>
44321 <ul>
44322 <li>See you next year</li>
44323 </ul>
44324 <blockquote>
44325 <p>And speaking of corporate sponsors, thanks go to Walnut Creek for sponsoring the conference, and to Yahoo! for covering all the expenses involved in bringing the entire FreeBSD core team to Berkeley.<br>
44326 As a fan of FreeBSD, I’m happy to see that the project has finally produced a conference. It was time: many of the 16 core team members had been working together on a regular basis for nearly seven years without actually meeting face to face.<br>
44327 It’s been an interesting year for open source projects. I’m looking forward to the next year – and the next BSD conference – to be even better.</p>
44328 </blockquote>
44329 <hr>
44330 <p>##News Roundup<br>
44331 <a href="https://marc.info/?l=openbsd-tech&amp;m=153504937925732&amp;w=2">OpenBSD Recommends: Disable SMT/Hyperthreading in all Intel BIOSes</a></p>
44332 <pre><code>Two recently disclosed hardware bugs affected Intel cpus:
44333
44334 - TLBleed
44335
44336 - T1TF (the name &quot;Foreshadow&quot; refers to 1 of 3 aspects of this
44337 bug, more aspects are surely on the way)
44338
44339 Solving these bugs requires new cpu microcode, a coding workaround,
44340 *AND* the disabling of SMT / Hyperthreading.
44341
44342 SMT is fundamentally broken because it shares resources between the two
44343 cpu instances and those shared resources lack security differentiators.
44344 Some of these side channel attacks aren't trivial, but we can expect
44345 most of them to eventually work and leak kernel or cross-VM memory in
44346 common usage circumstances, even such as javascript directly in a
44347 browser.
44348
44349 There will be more hardware bugs and artifacts disclosed. Due to the
44350 way SMT interacts with speculative execution on Intel cpus, I expect SMT
44351 to exacerbate most of the future problems.
44352
44353 A few months back, I urged people to disable hyperthreading on all
44354 Intel cpus. I need to repeat that:
44355
44356 DISABLE HYPERTHREADING ON ALL YOUR INTEL MACHINES IN THE BIOS.
44357
44358 Also, update your BIOS firmware, if you can.
44359
44360 OpenBSD -current (and therefore 6.4) will not use hyperthreading if it
44361 is enabled, and will update the cpu microcode if possible.
44362
44363 But what about 6.2 and 6.3?
44364
44365 The situation is very complex, continually evolving, and is taking too
44366 much manpower away from other tasks. Furthermore, Intel isn't telling
44367 us what is coming next, and are doing a terrible job by not publically
44368 documenting what operating systems must do to resolve the problems. We
44369 are having to do research by reading other operating systems. There is
44370 no time left to backport the changes -- we will not be issuing a
44371 complete set of errata and syspatches against 6.2 and 6.3 because it is
44372 turning into a distraction.
44373
44374 Rather than working on every required patch for 6.2/6.3, we will
44375 re-focus manpower and make sure 6.4 contains the best solutions
44376 possible.
44377
44378 So please try take responsibility for your own machines: Disable SMT in
44379 the BIOS menu, and upgrade your BIOS if you can.
44380
44381 I'm going to spend my money at a more trustworthy vendor in the future.
44382 </code></pre>
44383 <hr>
44384 <p>###<a href="https://medium.com/@enzuru/get-morrowind-running-on-openbsd-in-5-simple-steps-b65e20f3f0c">Get Morrowind running on OpenBSD in 5 simple steps</a></p>
44385 <blockquote>
44386 <p>This article contains brief instructions on how to get one of the greatest Western RPGs of all time, The Elder Scrolls III: Morrowind, running on OpenBSD using the OpenMW open source engine recreation. These instructions were tested on a ThinkPad X1 Carbon Gen 3. The information was adapted from this OpenMW forum thread: <a href="https://forum.openmw.org/viewtopic.php?t=3510">https://forum.openmw.org/viewtopic.php?t=3510</a></p>
44387 </blockquote>
44388 <ul>
44389 <li>
44390 <ol>
44391 <li>Purchase and download the DRM-free version from GOG (also considered the best version due to the high quality PDF guide that it comes with): <a href="https://www.gog.com/game/the_elder_scrolls_iii_morrowind_goty_edition">https://www.gog.com/game/theelderscrollsiiimorrowindgotyedition</a></li>
44392 </ol>
44393 </li>
44394 <li>
44395 <ol start="2">
44396 <li>Install the required packages built from the ports tree as root. openmw is the recreated game engine, and innoextract is how we will get the game data files out of the win32 executable.</li>
44397 </ol>
44398 </li>
44399 </ul>
44400 <p><code>pkgadd openmw innoextract</code></p>
44401 <ul>
44402 <li>
44403 <ol start="3">
44404 <li>Move the file from GOG setuptesmorrowindgoty2.0.0.7.exe into its own directory morrowind/ due to innoextract’s default behaviour of extracting into the current directory. Then type:</li>
44405 </ol>
44406 </li>
44407 </ul>
44408 <p><code>innoextract setuptesmorrowindgoty2.0.0.7.exe</code></p>
44409 <ul>
44410 <li>
44411 <ol start="4">
44412 <li>Type openmw-wizard and follow the straightforward instructions. Note that you have a pre-existing installation, and select the morrowind/app/Data Files folder that innoextract extracted.</li>
44413 </ol>
44414 </li>
44415 <li>
44416 <ol start="5">
44417 <li>Type in openmw-launcher, toggle the settings to your preferences, and then hit play!</li>
44418 </ol>
44419 </li>
44420 </ul>
44421 <hr>
44422 <p><strong>iXsystems</strong><br>
44423 <a href="https://twitter.com/allanjude/status/1034647571124367360">https://twitter.com/allanjude/status/1034647571124367360</a></p>
44424 <p>###<a href="https://euroquis.nl/bobulate/?p=1937">My First Clang Bug</a></p>
44425 <blockquote>
44426 <p>Part of the role of being a packager is compiling lots (and lots) of packages. That means compiling lots of code from interesting places and in a variety of styles. In my opinion, being a good packager also means providing feedback to upstream when things are bad. That means filing upstream bugs when possible, and upstreaming patches.<br>
44427 One of the “exciting” moments in packaging is when tools change. So each and every major CMake update is an exercise in recompiling 2400 or more packages and adjusting bits and pieces. When a software project was last released in 2013, adjusting it to modern tools can become quite a chore (e.g. Squid Report Generator). CMake is excellent for maintaining backwards compatibility, generally accommodating old software with new policies. The most recent 3.12 release candidate had three issues filed from the FreeBSD side, all from fallout with older software. I consider the hours put into good bug reports, part of being a good citizen of the Free Software world.<br>
44428 My most interesting bug this week, though, came from one line of code somewhere in Kleopatra: QUNUSED(gpgagentdata);<br>
44429 That one line triggered a really peculiar link error in KDE’s FreeBSD CI system. Yup … telling the compiler something is unused made it fall over. Commenting out that line got rid of the link error, but introduced a warning about an unused function. Working with KDE-PIM’s Volker Krause, we whittled the problem down to a six-line example program — two lines if you don’t care much for coding style. I’m glad, at that point, that I could throw it over the hedge to the LLVM team with some explanatory text. Watching the process on their side reminds me ever-so-strongly of how things work in KDE (or FreeBSD for that matter): Bugzilla, Phabricator, and git combine to be an effective workflow for developers (perhaps less so for end-users).<br>
44430 Today I got a note saying that the issue had been resolved. So brief a time for a bug. Live fast. Get squashed young.</p>
44431 </blockquote>
44432 <hr>
44433 <p>###<a href="https://www.phoronix.com/scan.php?page=newsitem&amp;px=Threadripper-2990WX-DragonFly">DragonFlyBSD Now Runs On The Threadripper 2990WX, Developer Shocked At Performance</a></p>
44434 <blockquote>
44435 <p>Last week I carried out some tests of BSD vs. Linux on the new 32-core / 64-thread Threadripper 2990WX. I tested FreeBSD 11, FreeBSD 12, and TrueOS – those benchmarks will be published in the next few days. I tried DragonFlyBSD, but at the time it wouldn’t boot with this AMD HEDT processor. But now the latest DragonFlyBSD development kernel can handle the 2990WX and the lead DragonFly developer calls this new processor “a real beast” and is stunned by its performance potential.</p>
44436 </blockquote>
44437 <blockquote>
44438 <p>When I tried last week, the DragonFlyBSD 5.2.2 stable release nor DragonFlyBSD 5.3 daily snapshot would boot on the 2990WX. But it turns out Matthew Dillon, the lead developer of DragonFlyBSD, picked up a rig and has it running now. So in time for the next 5.4 stable release or those using the daily snapshots can have this 32-core / 64-thread Zen+ CPU running on this operating system long ago forked from FreeBSD.</p>
44439 </blockquote>
44440 <blockquote>
44441 <p>In announcing his success in bringing up the 2990WX under DragonFlyBSD, which required a few minor changes, he shared his performance thoughts and hopes for the rig. “The cpu is a real beast, packing 32 cores and 64 threads. It blows away our dual-core Xeon to the tune of being +50% faster in concurrent compile tests, and it also blows away our older 4-socket Opteron (which we call ‘Monster’) by about the same margin. It’s an impressive CPU. For now the new beast is going to be used to help us improve I/O performance through the filesystem, further SMP work (but DFly scales pretty well to 64 threads already), and perhaps some driver to work to support the 10gbe on the mobo.”</p>
44442 </blockquote>
44443 <blockquote>
44444 <p>Dillon shared some results on the system as well. &quot; The Threadripper 2990WX is a beast. It is at <em>least</em> 50% faster than both the quad socket opteron and the dual socket Xeon system I tested against. The primary limitation for the 2990WX is likely its 4 channels of DDR4 memory, and like all Zen and Zen+ CPUs, memory performance matters more than CPU frequency (and costs almost no power to pump up the performance). That said, it still blow away a dual-socket Xeon with 3x the number of memory channels. That is impressive!&quot;</p>
44445 </blockquote>
44446 <blockquote>
44447 <p>The well known BSD developer also added, “This puts the 2990WX at par efficiency vs a dual-socket Xeon system, and better than the dual-socket Xeon with slower memory and a power cap. This is VERY impressive. I should note that the 2990WX is more specialized with its asymetric NUMA architecture and 32 cores. I think the sweet spot in terms of CPU pricing and efficiency is likely going to be with the 2950X (16-cores/32-threads). It is clear that the 2990WX (32-cores/64-threads) will max out 4-channel memory bandwidth for many workloads, making it a more specialized part. But still awesome…This thing is an incredible beast, I’m glad I got it.”</p>
44448 </blockquote>
44449 <blockquote>
44450 <p>While I have the FreeBSD vs. Linux benchmarks from a few days ago, it looks like now on my ever growing TODO list will be re-trying out the newest DragonFlyBSD daily snapshot for seeing how the performance compares in the mix. Stay tuned for the numbers that should be in the next day or two.</p>
44451 </blockquote>
44452 <hr>
44453 <p>##Beastie Bits</p>
44454 <ul>
44455 <li><a href="https://undeadly.org/cgi?action=article;sid=20180810075449">X11 on really small devices</a></li>
44456 <li><a href="https://undeadly.org/cgi?action=article;sid=20180810131231">mandoc-1.14.4 released</a></li>
44457 <li><a href="https://www.netgate.com/blog/pfSense-book-available-to-everyone.html">The pfSense Book is now available to everyone</a></li>
44458 <li><a href="https://mwl.io/archives/3619">MWL: Burn it down! Burn it all down!</a></li>
44459 <li><a href="https://github.com/begriffs/obsd">Configuring OpenBSD: System and user config files for a more pleasant laptop</a></li>
44460 <li><a href="https://www.freebsd.org/security/advisories/FreeBSD-SA-18:08.tcp.asc">FreeBSD Security Advisory: Resource exhaustion in TCP reassembly</a></li>
44461 <li><a href="https://discoverbsd.com/p/92d80d1497">OpenBSD Foundation gets first 2018 Iridium donation</a></li>
44462 <li><a href="https://svnweb.freebsd.org/base?view=revision&amp;revision=337653">New ZFS commit solves issue a few users reported in the feedback segment</a></li>
44463 <li><a href="https://twitter.com/TridentProject/status/1034620476553867264">Project Trident should have a beta release by the end of next week</a></li>
44464 <li><a href="https://www.meetup.com/BSD-Users-Stockholm/events/253447019/">Reminder about Stockholm BUG: September 5, 17:30-22:00</a></li>
44465 <li><a href="https://bsd-pl.org/en">BSD-PL User Group: September 13, 18:30-21:00</a></li>
44466 </ul>
44467 <hr>
44468 <p><strong>Tarsnap</strong></p>
44469 <p>##Feedback/Questions</p>
44470 <ul>
44471 <li>Malcom - <a href="http://dpaste.com/15VVVCP">Having different routes per interface</a></li>
44472 <li>Bostjan - <a href="http://dpaste.com/1Q14C6H#wrap">ZFS and integrity of data</a></li>
44473 <li>Michael - <a href="http://dpaste.com/2JD17BP#wrap">Suggestion for Monitoring</a></li>
44474 <li>Barry - <a href="http://dpaste.com/2GJ3RMG#wrap">Feedback</a></li>
44475 </ul>
44476 <hr>
44477 <ul>
44478 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
44479 </ul>
44480 </description>
44481 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, Hyperthreading, TLBleed, T1TF, Foreshadow, pf-badhost, Threadripper, X11</itunes:keywords>
44482 <content:encoded>
44483 <![CDATA[<p>Insight into TrueOS and Trident, stop evildoers with pf-badhost, Flashback to FreeBSDcon ‘99, OpenBSD’s measures against TLBleed, play Morrowind on OpenBSD in 5 steps, DragonflyBSD developers shocked at Threadripper performance, and more.</p>
44484
44485 <p>##Headlines<br>
44486 ###<a href="https://itsfoss.com/project-trident-interview/">An Insight into the Future of TrueOS BSD and Project Trident</a></p>
44487
44488 <blockquote>
44489 <p>Last month, TrueOS announced that they would be spinning off their desktop offering. The team behind the new project, named Project Trident, have been working furiously towards their first release. They did take a few minutes to answer some of our question about Project Trident and TrueOS. I would like to thank JT and Ken for taking the time to compile these answers.</p>
44490 </blockquote>
44491
44492 <ul>
44493 <li>It’s FOSS: What is Project Trident?</li>
44494 </ul>
44495
44496 <blockquote>
44497 <p>Project Trident: Project Trident is the continuation of the TrueOS Desktop. Essentially, it is the continuation of the primary “TrueOS software” that people have been using for the past 2 years. The continuing evolution of the entire TrueOS project has reached a stage where it became necessary to reorganize the project. To understand this change, it is important to know the history of the TrueOS project.</p>
44498 </blockquote>
44499
44500 <blockquote>
44501 <p>Originally, Kris Moore created PC-BSD. This was a Desktop release of FreeBSD focused on providing a simple and user-friendly graphical experience for FreeBSD. PC-BSD grew and matured over many years. During the evolution of PC-BSD, many users began asking for a server focused version of the software. Kris agreed, and TrueOS was born as a scaled down server version of PC-BSD. In late 2016, more contributors and growth resulted in significant changes to the PC-BSD codebase. Because the new development was so markedly different from the original PC-BSD design, it was decided to rebrand the project.</p>
44502 </blockquote>
44503
44504 <blockquote>
44505 <p>TrueOS was chosen as the name for this new direction for PC-BSD as the project had grown beyond providing only a graphical front to FreeBSD and was beginning to make fundamental changes to the FreeBSD operating system. One of these changes was moving PC-BSD from being based on each FreeBSD Release to TrueOS being based on the active and less outdated FreeBSD Current. Other major changes are using OpenRC for service management and being more aggressive about addressing long-standing issues with the FreeBSD release process. TrueOS moved toward a rolling release cycle, twice a year, which tested and merged FreeBSD changes directly from the developer instead of waiting months or even years for the FreeBSD review process to finish. TrueOS also deprecated and removed obsolete technology much more regularly.</p>
44506 </blockquote>
44507
44508 <blockquote>
44509 <p>As the TrueOS Project grew, the developers found these changes were needed by other FreeBSD-based projects. These projects began expressing interest in using TrueOS rather than FreeBSD as the base for their project. This demonstrated that TrueOS needed to again evolve into a distribution framework for any BSD project to use. This allows port maintainers and source developers from any BSD project to pool their resources and use the same source repositories while allowing every distribution to still customize, build, and release their own self-contained project. The result is a natural split of the traditional TrueOS team. There were now naturally two teams in the TrueOS project: those working on the build infrastructure and FreeBSD enhancements – the “core” part of the project, and those working on end-user experience and utility – the “desktop” part of the project.</p>
44510 </blockquote>
44511
44512 <blockquote>
44513 <p>When the decision was made to formally split the projects, the obvious question that arose was what to call the “Desktop” project. As TrueOS was already positioned to be a BSD distribution platform, the developers agreed the desktop side should pick a new name. There were other considerations too, one notable being that we were concerned that if we continued to call the desktop project “TrueOS Desktop”, it would prevent people from considering TrueOS as the basis for their distribution because of misconceptions that TrueOS was a desktop-focused OS. It also helps to “level the playing field” for other desktop distributions like GhostBSD so that TrueOS is not viewed as having a single “blessed” desktop version.</p>
44514 </blockquote>
44515
44516 <ul>
44517 <li>It’s FOSS: What features will TrueOS add to the FreeBSD base?</li>
44518 </ul>
44519
44520 <blockquote>
44521 <p>Project Trident: TrueOS has already added a number of features to FreeBSD:<br>
44522 OpenRC replaces rc.d for service management<br>
44523 LibreSSL in base<br>
44524 Root NSS certificates out-of-box<br>
44525 Scriptable installations (pc-sysinstall)<br>
44526 The full list of changes can be seen on the TrueOS repository (<a href="https://github.com/trueos/trueos/blob/trueos-master/README.md">https://github.com/trueos/trueos/blob/trueos-master/README.md</a>). This list does change quite regularly as FreeBSD development itself changes.</p>
44527 </blockquote>
44528
44529 <ul>
44530 <li>It’s FOSS: I understand that TrueOS will have a new feature that will make creating a desktop spin of TrueOS very easy. Could you explain that new feature?</li>
44531 </ul>
44532
44533 <blockquote>
44534 <p>Project Trident: Historically, one of the biggest hurdles for creating a desktop version of FreeBSD is that the build options for packages are tuned for servers rather than desktops. This means a desktop distribution cannot use the pre-built packages from FreeBSD and must build, use, and maintain a custom package repository. Maintaining a fork of the FreeBSD ports tree is no trivial task. TrueOS has created a full distribution framework so now all it takes to create a custom build of FreeBSD is a single JSON manifest file. There is now a single “source of truth” for the source and ports repositories that is maintained by the TrueOS team and regularly tagged with “stable” build markers. All projects can use this framework, which makes updates trivial.</p>
44535 </blockquote>
44536
44537 <ul>
44538 <li>It’s FOSS: Do you think that the new focus of TrueOS will lead to the creation of more desktop-centered BSDs?</li>
44539 </ul>
44540
44541 <blockquote>
44542 <p>Project Trident: That is the hope. Historically, creating a desktop-centered BSD has required a lot of specialized knowledge. Not only do most people not have this knowledge, but many do not even know what they need to learn until they start troubleshooting. TrueOS is trying to drastically simplify this process to enable the wider Open Source community to experiment, contribute, and enjoy BSD-based projects.</p>
44543 </blockquote>
44544
44545 <ul>
44546 <li>It’s FOSS: What is going to happen to TrueOS Pico? Will Project Trident have ARM support?</li>
44547 </ul>
44548
44549 <blockquote>
44550 <p>Project Trident: Project Trident will be dependent on TrueOS for ARM support. The developers have talked about the possibility of supporting ARM64 and RISC-V architectures, but it is not possible at the current time. If more Open Source contributors want to help develop ARM and RISC-V support, the TrueOS project is definitely willing to help test and integrate that code.</p>
44551 </blockquote>
44552
44553 <ul>
44554 <li>It’s FOSS: What does this change (splitting Trus OS into Project Trident) mean for the Lumina desktop environment?</li>
44555 </ul>
44556
44557 <blockquote>
44558 <p>Project Trident: Long-term, almost nothing. Lumina is still the desktop environment for Project Trident and will continue to be developed and enhanced alongside Project Trident just as it was for TrueOS. Short-term, we will be delaying the release of Lumina 2.0 and will release an updated version of the 1.x branch (1.5.0) instead. This is simply due to all the extra overhead to get Project Trident up and running. When things settle down into a rhythm, the development of Lumina will pick up once again.</p>
44559 </blockquote>
44560
44561 <ul>
44562 <li>It’s FOSS: Are you planning on including any desktop environments besides Lumina?</li>
44563 </ul>
44564
44565 <blockquote>
44566 <p>Project Trident: While Lumina is included by default, all of the other popular desktop environments will be available in the package repo exactly as they had been before.</p>
44567 </blockquote>
44568
44569 <ul>
44570 <li>It’s FOSS: Any plans to include Steam to increase the userbase?</li>
44571 </ul>
44572
44573 <blockquote>
44574 <p>Project Trident: Steam is still unavailable natively on FreeBSD, so we do not have any plans to ship it out of the box currently. In the meantime, we highly recommend installing the Windows version of Steam through the PlayOnBSD utility.</p>
44575 </blockquote>
44576
44577 <ul>
44578 <li>It’s FOSS: What will happen to the AppCafe?</li>
44579 </ul>
44580
44581 <blockquote>
44582 <p>Project Trident: The AppCafe is the name of the graphical interface for the “pkg” utility integrated into the SysAdm client created by TrueOS. This hasn’t changed. SysAdm, the graphical client, and by extension AppCafe are still available for all TrueOS-based distributions to use.</p>
44583 </blockquote>
44584
44585 <ul>
44586 <li>It’s FOSS: Does Project Trident have any corporate sponsors lined up? If not, would you be open to it or would you prefer that it be community supported?</li>
44587 </ul>
44588
44589 <blockquote>
44590 <p>Project Trident: iXsystems is the first corporate sponsor of Project Trident and we are always open to other sponsorships as well. We would prefer smaller individual contributions from the community, but we understand that larger project needs or special-purpose goals are much more difficult to achieve without allowing larger corporate sponsorships as well. In either case, Project Trident is always looking out for the best interests of the community and will not allow intrusive or harmful code to enter the project even if a company or individual tries to make that code part of a sponsorship deal.</p>
44591 </blockquote>
44592
44593 <ul>
44594 <li>It’s FOSS: BSD always seems to be lagging in terms of support for newer devices. Will TrueOS be able to remedy that with a quicker release cycle?</li>
44595 </ul>
44596
44597 <blockquote>
44598 <p>Project Trident: Yes! That was a primary reason for TrueOS to start tracking the CURRENT branch of FreeBSD in 2016. This allows for the changes that FreeBSD developers are making, including new hardware support, to be available much sooner than if we followed the FreeBSD release cycle.</p>
44599 </blockquote>
44600
44601 <ul>
44602 <li>It’s FOSS: Do you have any idea when Project Trident will have its first release?</li>
44603 </ul>
44604
44605 <blockquote>
44606 <p>Project Trident: Right now we are targeting a late August release date. This is because Project Trident is “kicking the wheels” on the new TrueOS distribution system. We want to ensure everything is working smoothly before we release. Going forward, we plan on having regular package updates every week or two for the end-user packages and a new release of Trident with an updated OS version every 6 months. This will follow the TrueOS release schedule with a small time offset.</p>
44607 </blockquote>
44608
44609 <p><hr></p>
44610
44611 <p>###<a href="https://www.geoghegan.ca/pfbadhost.html">pf-badhost: Stop the evil doers in their tracks!</a></p>
44612
44613 <blockquote>
44614 <p>pf-badhost is a simple, easy to use badhost blocker that uses the power of the pf firewall to block many of the internet’s biggest irritants. Annoyances such as ssh bruteforcers are largely eliminated. Shodan scans and bots looking for webservers to abuse are stopped dead in their tracks. When used to filter outbound traffic, pf-badhost blocks many seedy, spooky malware containing and/or compromised webhosts.<br>
44615 Filtering performance is exceptional, as the badhost list is stored in a pf table. To quote the OpenBSD FAQ page regarding tables: “the lookup time on a table holding 50,000 addresses is only slightly more than for one holding 50 addresses.”<br>
44616 pf-badhost is simple and powerful. The blocklists are pulled from quality, trusted sources. The ‘Firehol’, ‘Emerging Threats’ and ‘Binary Defense’ block lists are used as they are popular, regularly updated lists of the internet’s most egregious offenders. The <a href="http://pf-badhost.sh">pf-badhost.sh</a> script can easily be expanded to use additional or alternate blocklists.<br>
44617 pf-badhost works best when used in conjunction with unbound-adblock for the ultimate badhost blocking.</p>
44618 </blockquote>
44619
44620 <ul>
44621 <li>Notes:</li>
44622 <li>If you are trying to run pf-badhost on a LAN or are using NAT, you will want to add a rule to your pf.conf appearing BEFORE the pf-badhost rules allowing traffic to and from your local subnet so that you can still access your gateway and any DNS servers.</li>
44623 <li>Conversely, adding a line to <a href="http://pf-badhost.sh">pf-badhost.sh</a> that removes your subnet range from the <pfbadhost> table should also work. Just make sure you choose a subnet range / CIDR block that is actually in the list. 192.168.0.0/16, 172.16.0.0/12 and 10.0.0.0/8 are the most common home/office subnet ranges.</li>
44624 </ul>
44625
44626 <p><hr></p>
44627
44628 <p><strong>DigitalOcean</strong><br>
44629 <a href="https://do.co/bsdnow">https://do.co/bsdnow</a></p>
44630
44631 <p>###<a href="http://edition.cnn.com/TECH/computing/9911/01/freebsd.con99.idg/">FLASHBACK: FreeBSDCon’99: Fans of Linux’s lesser-known sibling gather for the first time</a></p>
44632
44633 <blockquote>
44634 <p>FreeBSD, a port of BSD Unix to Intel, has been around almost as long as Linux has – but without the media hype. Its developer and user community recently got a chance to get together for the first time, and they did it in the city where BSD – the Berkeley Software Distribution – was born some 25 years ago.<br>
44635 October 17, 1999 marked a milestone in the history of FreeBSD – the first FreeBSD conference was held in the city where it all began, Berkeley, CA. Over 300 developers, users, and interested parties attended from around the globe.<br>
44636 This was easily 50 percent more people than the conference organizers had expected. This first conference was meant to be a gathering mostly for developers and FreeBSD advocates. The turnout was surprisingly (and gratifyingly) large.<br>
44637 In fact, attendance exceeded expectations so much that, for instance, Kirk McKusick had to add a second, identical tutorial on FreeBSD internals, because it was impossible for everyone to attend the first!<br>
44638 But for a first-ever conference, I was impressed by how smoothly everything seemed to go. Sessions started on time, and the sessions I attended were well-run; nothing seemed to be too cold, dark, loud, late, or off-center.<br>
44639 Of course, the best part about a conference such as this one is the opportunity to meet with other people who share similar interests. Lunches and breaks were a good time to meet people, as was the Tuesday night beer bash.<br>
44640 The Wednesday night reception was of a type unusual for the technical conferences I usually attend – a three-hour Hornblower dinner cruise on San Francisco Bay. Not only did we all enjoy excellent food and company, but we all got to go up on deck and watch the lights of San Francisco and Berkeley as we drifted by. Although it’s nice when a conference attracts thousands of attendees, there are some things that can only be done with smaller groups of people; this was one of them.<br>
44641 In short, this was a tiny conference, but a well-run one.</p>
44642 </blockquote>
44643
44644 <ul>
44645 <li>Sessions</li>
44646 </ul>
44647
44648 <blockquote>
44649 <p>Although it was a relatively small conference, the number and quality of the sessions belied the size. Each of the three days of the conference featured a different keynote speaker. In addition to Jordan Hubbard, Jeremy Allison spoke on “Samba Futures” on day two, and Brian Behlendorf gave a talk on “FreeBSD and Apache: A Perfect Combo” to start off the third day.<br>
44650 The conference sessions themselves were divided into six tracks: advocacy, business, development, networking, security, and panels. The panels track featured three different panels, made up of three different slices of the community: the FreeBSD core team, a press panel, and a prominent user panel with representatives from such prominent commercial users as Yahoo! and USWest.<br>
44651 I was especially interested in Apple Computer’s talk in the development track. Wilfredo Sanchez, technical lead for open source projects at Apple (no, that’s not an oxymoron!) spoke about Apple’s Darwin project, the company’s operating system road map, and the role of BSD (and, specifically, FreeBSD) in Apple’s plans.<br>
44652 Apple and Unix have had a long and uneasy history, from the Lisa through the A/UX project to today. Personally, I’m very optimistic about the chances for the Darwin project to succeed. Apple’s core OS kernel team has chosen FreeBSD as its reference platform. I’m looking forward to what this partnership will bring to both sides.<br>
44653 Other development track sessions included in-depth tutorials on writing device drivers, basics of the Vinum Volume Manager, Fibre Channel, development models (the open repository model), and the FreeBSD Documentation Project (FDP). If you’re interested in contributing to the FreeBSD project, the FDP is a good place to start.<br>
44654 Advocacy sessions included “How One Person Can Make a Difference” (a timeless topic that would find a home at any technical conference!) and “Starting and Managing A User Group” (trials and tribulations as well as rewards).<br>
44655 The business track featured speakers from three commercial users of FreeBSD: Cybernet, USWest, and Applix. Applix presented its port of Applixware Office for FreeBSD and explained how Applix has taken the core services of Applixware into open source.<br>
44656 Commercial applications and open source were once a rare combination; we can only hope the trend away from that state of affairs will continue.</p>
44657 </blockquote>
44658
44659 <ul>
44660 <li>Commercial use of FreeBSD</li>
44661 </ul>
44662
44663 <blockquote>
44664 <p>The use of FreeBSD in embedded applications is increasing as well – and it is increasing at the same rate that hardware power is. These days, even inexpensive systems are able to run a BSD kernel.<br>
44665 The BSD license and the solid TCP/IP stack prove significant enticements to this market as well. (Unlike the GNU Public License, the BSD license does not require that vendors make derivative works open source.)<br>
44666 Companies such as USWest and Verio use FreeBSD for a wide variety of different Internet services.<br>
44667 Yahoo! and Hotmail are examples of companies that use FreeBSD extensively for more specific purposes. Yahoo!, for example, has many hundreds of FreeBSD boxes, and Hotmail has almost 2000 FreeBSD machines at its data center in the San Francisco Bay area.<br>
44668 Hotmail is owned by Microsoft, so the fact that it runs FreeBSD is a secret. Don’t tell anyone…<br>
44669 When asked to comment on the increasing commercial interest in BSD, Hubbard said that FreeBSD is learning the Red Hat lesson. “Walnut Creek and others with business interests in FreeBSD have learned a few things from the Red Hat IPO,” he said, “and nobody is just sitting around now, content with business as usual. It’s clearly business as unusual in the open source world today.”<br>
44670 Hubbard had also singled out some of BSD’s commercial partners, such as Whistle Communications, for praise in his opening day keynote. These partners play a key role in moving the project forward, he said, by contributing various enhancements and major new systems, such as Netgraph, as well as by contributing paid employee time spent on FreeBSD.<br>
44671 Even short FreeBSD-related contacts can yield good results, Hubbard said. An example of this is the new jail() security code introduced in FreeBSD 3.x and 4.0, which was contributed by R & D Associates. A number of ISPs are also now donating the hardware and bandwidth that allows the project to provide more resource mirrors and experimental development sites.</p>
44672 </blockquote>
44673
44674 <ul>
44675 <li>See you next year</li>
44676 </ul>
44677
44678 <blockquote>
44679 <p>And speaking of corporate sponsors, thanks go to Walnut Creek for sponsoring the conference, and to Yahoo! for covering all the expenses involved in bringing the entire FreeBSD core team to Berkeley.<br>
44680 As a fan of FreeBSD, I’m happy to see that the project has finally produced a conference. It was time: many of the 16 core team members had been working together on a regular basis for nearly seven years without actually meeting face to face.<br>
44681 It’s been an interesting year for open source projects. I’m looking forward to the next year – and the next BSD conference – to be even better.</p>
44682 </blockquote>
44683
44684 <p><hr></p>
44685
44686 <p>##News Roundup<br>
44687 ###<a href="https://marc.info/?l=openbsd-tech&m=153504937925732&w=2">OpenBSD Recommends: Disable SMT/Hyperthreading in all Intel BIOSes</a></p>
44688
44689 <pre><code>Two recently disclosed hardware bugs affected Intel cpus:
44690
44691 - TLBleed
44692
44693 - T1TF (the name "Foreshadow" refers to 1 of 3 aspects of this
44694 bug, more aspects are surely on the way)
44695
44696 Solving these bugs requires new cpu microcode, a coding workaround,
44697 *AND* the disabling of SMT / Hyperthreading.
44698
44699 SMT is fundamentally broken because it shares resources between the two
44700 cpu instances and those shared resources lack security differentiators.
44701 Some of these side channel attacks aren't trivial, but we can expect
44702 most of them to eventually work and leak kernel or cross-VM memory in
44703 common usage circumstances, even such as javascript directly in a
44704 browser.
44705
44706 There will be more hardware bugs and artifacts disclosed. Due to the
44707 way SMT interacts with speculative execution on Intel cpus, I expect SMT
44708 to exacerbate most of the future problems.
44709
44710 A few months back, I urged people to disable hyperthreading on all
44711 Intel cpus. I need to repeat that:
44712
44713 DISABLE HYPERTHREADING ON ALL YOUR INTEL MACHINES IN THE BIOS.
44714
44715 Also, update your BIOS firmware, if you can.
44716
44717 OpenBSD -current (and therefore 6.4) will not use hyperthreading if it
44718 is enabled, and will update the cpu microcode if possible.
44719
44720 But what about 6.2 and 6.3?
44721
44722 The situation is very complex, continually evolving, and is taking too
44723 much manpower away from other tasks. Furthermore, Intel isn't telling
44724 us what is coming next, and are doing a terrible job by not publically
44725 documenting what operating systems must do to resolve the problems. We
44726 are having to do research by reading other operating systems. There is
44727 no time left to backport the changes -- we will not be issuing a
44728 complete set of errata and syspatches against 6.2 and 6.3 because it is
44729 turning into a distraction.
44730
44731 Rather than working on every required patch for 6.2/6.3, we will
44732 re-focus manpower and make sure 6.4 contains the best solutions
44733 possible.
44734
44735 So please try take responsibility for your own machines: Disable SMT in
44736 the BIOS menu, and upgrade your BIOS if you can.
44737
44738 I'm going to spend my money at a more trustworthy vendor in the future.
44739 </code></pre>
44740
44741 <p><hr></p>
44742
44743 <p>###<a href="https://medium.com/@enzuru/get-morrowind-running-on-openbsd-in-5-simple-steps-b65e20f3f0c">Get Morrowind running on OpenBSD in 5 simple steps</a></p>
44744
44745 <blockquote>
44746 <p>This article contains brief instructions on how to get one of the greatest Western RPGs of all time, The Elder Scrolls III: Morrowind, running on OpenBSD using the OpenMW open source engine recreation. These instructions were tested on a ThinkPad X1 Carbon Gen 3. The information was adapted from this OpenMW forum thread: <a href="https://forum.openmw.org/viewtopic.php?t=3510">https://forum.openmw.org/viewtopic.php?t=3510</a></p>
44747 </blockquote>
44748
44749 <ul>
44750 <li>
44751 <ol>
44752 <li>Purchase and download the DRM-free version from GOG (also considered the best version due to the high quality PDF guide that it comes with): <a href="https://www.gog.com/game/the_elder_scrolls_iii_morrowind_goty_edition">https://www.gog.com/game/the_elder_scrolls_iii_morrowind_goty_edition</a></li>
44753 </ol>
44754 </li>
44755 <li>
44756 <ol start="2">
44757 <li>Install the required packages built from the ports tree as root. openmw is the recreated game engine, and innoextract is how we will get the game data files out of the win32 executable.</li>
44758 </ol>
44759 </li>
44760 </ul>
44761
44762 <p><code>pkg_add openmw innoextract</code></p>
44763
44764 <ul>
44765 <li>
44766 <ol start="3">
44767 <li>Move the file from GOG setup_tes_morrowind_goty_2.0.0.7.exe into its own directory morrowind/ due to innoextract’s default behaviour of extracting into the current directory. Then type:</li>
44768 </ol>
44769 </li>
44770 </ul>
44771
44772 <p><code>innoextract setup_tes_morrowind_goty_2.0.0.7.exe</code></p>
44773
44774 <ul>
44775 <li>
44776 <ol start="4">
44777 <li>Type openmw-wizard and follow the straightforward instructions. Note that you have a pre-existing installation, and select the morrowind/app/Data Files folder that innoextract extracted.</li>
44778 </ol>
44779 </li>
44780 <li>
44781 <ol start="5">
44782 <li>Type in openmw-launcher, toggle the settings to your preferences, and then hit play!</li>
44783 </ol>
44784 </li>
44785 </ul>
44786
44787 <p><hr></p>
44788
44789 <p><strong>iXsystems</strong><br>
44790 <a href="https://twitter.com/allanjude/status/1034647571124367360">https://twitter.com/allanjude/status/1034647571124367360</a></p>
44791
44792 <p>###<a href="https://euroquis.nl/bobulate/?p=1937">My First Clang Bug</a></p>
44793
44794 <blockquote>
44795 <p>Part of the role of being a packager is compiling lots (and lots) of packages. That means compiling lots of code from interesting places and in a variety of styles. In my opinion, being a good packager also means providing feedback to upstream when things are bad. That means filing upstream bugs when possible, and upstreaming patches.<br>
44796 One of the “exciting” moments in packaging is when tools change. So each and every major CMake update is an exercise in recompiling 2400 or more packages and adjusting bits and pieces. When a software project was last released in 2013, adjusting it to modern tools can become quite a chore (e.g. Squid Report Generator). CMake is excellent for maintaining backwards compatibility, generally accommodating old software with new policies. The most recent 3.12 release candidate had three issues filed from the FreeBSD side, all from fallout with older software. I consider the hours put into good bug reports, part of being a good citizen of the Free Software world.<br>
44797 My most interesting bug this week, though, came from one line of code somewhere in Kleopatra: Q_UNUSED(gpgagent_data);<br>
44798 That one line triggered a really peculiar link error in KDE’s FreeBSD CI system. Yup … telling the compiler something is unused made it fall over. Commenting out that line got rid of the link error, but introduced a warning about an unused function. Working with KDE-PIM’s Volker Krause, we whittled the problem down to a six-line example program — two lines if you don’t care much for coding style. I’m glad, at that point, that I could throw it over the hedge to the LLVM team with some explanatory text. Watching the process on their side reminds me ever-so-strongly of how things work in KDE (or FreeBSD for that matter): Bugzilla, Phabricator, and git combine to be an effective workflow for developers (perhaps less so for end-users).<br>
44799 Today I got a note saying that the issue had been resolved. So brief a time for a bug. Live fast. Get squashed young.</p>
44800 </blockquote>
44801
44802 <p><hr></p>
44803
44804 <p>###<a href="https://www.phoronix.com/scan.php?page=news_item&px=Threadripper-2990WX-DragonFly">DragonFlyBSD Now Runs On The Threadripper 2990WX, Developer Shocked At Performance</a></p>
44805
44806 <blockquote>
44807 <p>Last week I carried out some tests of BSD vs. Linux on the new 32-core / 64-thread Threadripper 2990WX. I tested FreeBSD 11, FreeBSD 12, and TrueOS – those benchmarks will be published in the next few days. I tried DragonFlyBSD, but at the time it wouldn’t boot with this AMD HEDT processor. But now the latest DragonFlyBSD development kernel can handle the 2990WX and the lead DragonFly developer calls this new processor “a real beast” and is stunned by its performance potential.</p>
44808 </blockquote>
44809
44810 <blockquote>
44811 <p>When I tried last week, the DragonFlyBSD 5.2.2 stable release nor DragonFlyBSD 5.3 daily snapshot would boot on the 2990WX. But it turns out Matthew Dillon, the lead developer of DragonFlyBSD, picked up a rig and has it running now. So in time for the next 5.4 stable release or those using the daily snapshots can have this 32-core / 64-thread Zen+ CPU running on this operating system long ago forked from FreeBSD.</p>
44812 </blockquote>
44813
44814 <blockquote>
44815 <p>In announcing his success in bringing up the 2990WX under DragonFlyBSD, which required a few minor changes, he shared his performance thoughts and hopes for the rig. “The cpu is a real beast, packing 32 cores and 64 threads. It blows away our dual-core Xeon to the tune of being +50% faster in concurrent compile tests, and it also blows away our older 4-socket Opteron (which we call ‘Monster’) by about the same margin. It’s an impressive CPU. For now the new beast is going to be used to help us improve I/O performance through the filesystem, further SMP work (but DFly scales pretty well to 64 threads already), and perhaps some driver to work to support the 10gbe on the mobo.”</p>
44816 </blockquote>
44817
44818 <blockquote>
44819 <p>Dillon shared some results on the system as well. " The Threadripper 2990WX is a beast. It is at <em>least</em> 50% faster than both the quad socket opteron and the dual socket Xeon system I tested against. The primary limitation for the 2990WX is likely its 4 channels of DDR4 memory, and like all Zen and Zen+ CPUs, memory performance matters more than CPU frequency (and costs almost no power to pump up the performance). That said, it still blow away a dual-socket Xeon with 3x the number of memory channels. That is impressive!"</p>
44820 </blockquote>
44821
44822 <blockquote>
44823 <p>The well known BSD developer also added, “This puts the 2990WX at par efficiency vs a dual-socket Xeon system, and better than the dual-socket Xeon with slower memory and a power cap. This is VERY impressive. I should note that the 2990WX is more specialized with its asymetric NUMA architecture and 32 cores. I think the sweet spot in terms of CPU pricing and efficiency is likely going to be with the 2950X (16-cores/32-threads). It is clear that the 2990WX (32-cores/64-threads) will max out 4-channel memory bandwidth for many workloads, making it a more specialized part. But still awesome…This thing is an incredible beast, I’m glad I got it.”</p>
44824 </blockquote>
44825
44826 <blockquote>
44827 <p>While I have the FreeBSD vs. Linux benchmarks from a few days ago, it looks like now on my ever growing TODO list will be re-trying out the newest DragonFlyBSD daily snapshot for seeing how the performance compares in the mix. Stay tuned for the numbers that should be in the next day or two.</p>
44828 </blockquote>
44829
44830 <p><hr></p>
44831
44832 <p>##Beastie Bits</p>
44833
44834 <ul>
44835 <li><a href="https://undeadly.org/cgi?action=article;sid=20180810075449">X11 on really small devices</a></li>
44836 <li><a href="https://undeadly.org/cgi?action=article;sid=20180810131231">mandoc-1.14.4 released</a></li>
44837 <li><a href="https://www.netgate.com/blog/pfSense-book-available-to-everyone.html">The pfSense Book is now available to everyone</a></li>
44838 <li><a href="https://mwl.io/archives/3619">MWL: Burn it down! Burn it all down!</a></li>
44839 <li><a href="https://github.com/begriffs/obsd">Configuring OpenBSD: System and user config files for a more pleasant laptop</a></li>
44840 <li><a href="https://www.freebsd.org/security/advisories/FreeBSD-SA-18:08.tcp.asc">FreeBSD Security Advisory: Resource exhaustion in TCP reassembly</a></li>
44841 <li><a href="https://discoverbsd.com/p/92d80d1497">OpenBSD Foundation gets first 2018 Iridium donation</a></li>
44842 <li><a href="https://svnweb.freebsd.org/base?view=revision&revision=337653">New ZFS commit solves issue a few users reported in the feedback segment</a></li>
44843 <li><a href="https://twitter.com/TridentProject/status/1034620476553867264">Project Trident should have a beta release by the end of next week</a></li>
44844 <li><a href="https://www.meetup.com/BSD-Users-Stockholm/events/253447019/">Reminder about Stockholm BUG: September 5, 17:30-22:00</a></li>
44845 <li><a href="https://bsd-pl.org/en">BSD-PL User Group: September 13, 18:30-21:00</a></li>
44846 </ul>
44847
44848 <p><hr></p>
44849
44850 <p><strong>Tarsnap</strong></p>
44851
44852 <p>##Feedback/Questions</p>
44853
44854 <ul>
44855 <li>Malcom - <a href="http://dpaste.com/15VVVCP">Having different routes per interface</a></li>
44856 <li>Bostjan - <a href="http://dpaste.com/1Q14C6H#wrap">ZFS and integrity of data</a></li>
44857 <li>Michael - <a href="http://dpaste.com/2JD17BP#wrap">Suggestion for Monitoring</a></li>
44858 <li>Barry - <a href="http://dpaste.com/2GJ3RMG#wrap">Feedback</a></li>
44859 </ul>
44860
44861 <p><hr></p>
44862
44863 <ul>
44864 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
44865 </ul>]]>
44866 </content:encoded>
44867 <itunes:summary>
44868 <![CDATA[<p>Insight into TrueOS and Trident, stop evildoers with pf-badhost, Flashback to FreeBSDcon ‘99, OpenBSD’s measures against TLBleed, play Morrowind on OpenBSD in 5 steps, DragonflyBSD developers shocked at Threadripper performance, and more.</p>
44869
44870 <p>##Headlines<br>
44871 ###<a href="https://itsfoss.com/project-trident-interview/">An Insight into the Future of TrueOS BSD and Project Trident</a></p>
44872
44873 <blockquote>
44874 <p>Last month, TrueOS announced that they would be spinning off their desktop offering. The team behind the new project, named Project Trident, have been working furiously towards their first release. They did take a few minutes to answer some of our question about Project Trident and TrueOS. I would like to thank JT and Ken for taking the time to compile these answers.</p>
44875 </blockquote>
44876
44877 <ul>
44878 <li>It’s FOSS: What is Project Trident?</li>
44879 </ul>
44880
44881 <blockquote>
44882 <p>Project Trident: Project Trident is the continuation of the TrueOS Desktop. Essentially, it is the continuation of the primary “TrueOS software” that people have been using for the past 2 years. The continuing evolution of the entire TrueOS project has reached a stage where it became necessary to reorganize the project. To understand this change, it is important to know the history of the TrueOS project.</p>
44883 </blockquote>
44884
44885 <blockquote>
44886 <p>Originally, Kris Moore created PC-BSD. This was a Desktop release of FreeBSD focused on providing a simple and user-friendly graphical experience for FreeBSD. PC-BSD grew and matured over many years. During the evolution of PC-BSD, many users began asking for a server focused version of the software. Kris agreed, and TrueOS was born as a scaled down server version of PC-BSD. In late 2016, more contributors and growth resulted in significant changes to the PC-BSD codebase. Because the new development was so markedly different from the original PC-BSD design, it was decided to rebrand the project.</p>
44887 </blockquote>
44888
44889 <blockquote>
44890 <p>TrueOS was chosen as the name for this new direction for PC-BSD as the project had grown beyond providing only a graphical front to FreeBSD and was beginning to make fundamental changes to the FreeBSD operating system. One of these changes was moving PC-BSD from being based on each FreeBSD Release to TrueOS being based on the active and less outdated FreeBSD Current. Other major changes are using OpenRC for service management and being more aggressive about addressing long-standing issues with the FreeBSD release process. TrueOS moved toward a rolling release cycle, twice a year, which tested and merged FreeBSD changes directly from the developer instead of waiting months or even years for the FreeBSD review process to finish. TrueOS also deprecated and removed obsolete technology much more regularly.</p>
44891 </blockquote>
44892
44893 <blockquote>
44894 <p>As the TrueOS Project grew, the developers found these changes were needed by other FreeBSD-based projects. These projects began expressing interest in using TrueOS rather than FreeBSD as the base for their project. This demonstrated that TrueOS needed to again evolve into a distribution framework for any BSD project to use. This allows port maintainers and source developers from any BSD project to pool their resources and use the same source repositories while allowing every distribution to still customize, build, and release their own self-contained project. The result is a natural split of the traditional TrueOS team. There were now naturally two teams in the TrueOS project: those working on the build infrastructure and FreeBSD enhancements – the “core” part of the project, and those working on end-user experience and utility – the “desktop” part of the project.</p>
44895 </blockquote>
44896
44897 <blockquote>
44898 <p>When the decision was made to formally split the projects, the obvious question that arose was what to call the “Desktop” project. As TrueOS was already positioned to be a BSD distribution platform, the developers agreed the desktop side should pick a new name. There were other considerations too, one notable being that we were concerned that if we continued to call the desktop project “TrueOS Desktop”, it would prevent people from considering TrueOS as the basis for their distribution because of misconceptions that TrueOS was a desktop-focused OS. It also helps to “level the playing field” for other desktop distributions like GhostBSD so that TrueOS is not viewed as having a single “blessed” desktop version.</p>
44899 </blockquote>
44900
44901 <ul>
44902 <li>It’s FOSS: What features will TrueOS add to the FreeBSD base?</li>
44903 </ul>
44904
44905 <blockquote>
44906 <p>Project Trident: TrueOS has already added a number of features to FreeBSD:<br>
44907 OpenRC replaces rc.d for service management<br>
44908 LibreSSL in base<br>
44909 Root NSS certificates out-of-box<br>
44910 Scriptable installations (pc-sysinstall)<br>
44911 The full list of changes can be seen on the TrueOS repository (<a href="https://github.com/trueos/trueos/blob/trueos-master/README.md">https://github.com/trueos/trueos/blob/trueos-master/README.md</a>). This list does change quite regularly as FreeBSD development itself changes.</p>
44912 </blockquote>
44913
44914 <ul>
44915 <li>It’s FOSS: I understand that TrueOS will have a new feature that will make creating a desktop spin of TrueOS very easy. Could you explain that new feature?</li>
44916 </ul>
44917
44918 <blockquote>
44919 <p>Project Trident: Historically, one of the biggest hurdles for creating a desktop version of FreeBSD is that the build options for packages are tuned for servers rather than desktops. This means a desktop distribution cannot use the pre-built packages from FreeBSD and must build, use, and maintain a custom package repository. Maintaining a fork of the FreeBSD ports tree is no trivial task. TrueOS has created a full distribution framework so now all it takes to create a custom build of FreeBSD is a single JSON manifest file. There is now a single “source of truth” for the source and ports repositories that is maintained by the TrueOS team and regularly tagged with “stable” build markers. All projects can use this framework, which makes updates trivial.</p>
44920 </blockquote>
44921
44922 <ul>
44923 <li>It’s FOSS: Do you think that the new focus of TrueOS will lead to the creation of more desktop-centered BSDs?</li>
44924 </ul>
44925
44926 <blockquote>
44927 <p>Project Trident: That is the hope. Historically, creating a desktop-centered BSD has required a lot of specialized knowledge. Not only do most people not have this knowledge, but many do not even know what they need to learn until they start troubleshooting. TrueOS is trying to drastically simplify this process to enable the wider Open Source community to experiment, contribute, and enjoy BSD-based projects.</p>
44928 </blockquote>
44929
44930 <ul>
44931 <li>It’s FOSS: What is going to happen to TrueOS Pico? Will Project Trident have ARM support?</li>
44932 </ul>
44933
44934 <blockquote>
44935 <p>Project Trident: Project Trident will be dependent on TrueOS for ARM support. The developers have talked about the possibility of supporting ARM64 and RISC-V architectures, but it is not possible at the current time. If more Open Source contributors want to help develop ARM and RISC-V support, the TrueOS project is definitely willing to help test and integrate that code.</p>
44936 </blockquote>
44937
44938 <ul>
44939 <li>It’s FOSS: What does this change (splitting Trus OS into Project Trident) mean for the Lumina desktop environment?</li>
44940 </ul>
44941
44942 <blockquote>
44943 <p>Project Trident: Long-term, almost nothing. Lumina is still the desktop environment for Project Trident and will continue to be developed and enhanced alongside Project Trident just as it was for TrueOS. Short-term, we will be delaying the release of Lumina 2.0 and will release an updated version of the 1.x branch (1.5.0) instead. This is simply due to all the extra overhead to get Project Trident up and running. When things settle down into a rhythm, the development of Lumina will pick up once again.</p>
44944 </blockquote>
44945
44946 <ul>
44947 <li>It’s FOSS: Are you planning on including any desktop environments besides Lumina?</li>
44948 </ul>
44949
44950 <blockquote>
44951 <p>Project Trident: While Lumina is included by default, all of the other popular desktop environments will be available in the package repo exactly as they had been before.</p>
44952 </blockquote>
44953
44954 <ul>
44955 <li>It’s FOSS: Any plans to include Steam to increase the userbase?</li>
44956 </ul>
44957
44958 <blockquote>
44959 <p>Project Trident: Steam is still unavailable natively on FreeBSD, so we do not have any plans to ship it out of the box currently. In the meantime, we highly recommend installing the Windows version of Steam through the PlayOnBSD utility.</p>
44960 </blockquote>
44961
44962 <ul>
44963 <li>It’s FOSS: What will happen to the AppCafe?</li>
44964 </ul>
44965
44966 <blockquote>
44967 <p>Project Trident: The AppCafe is the name of the graphical interface for the “pkg” utility integrated into the SysAdm client created by TrueOS. This hasn’t changed. SysAdm, the graphical client, and by extension AppCafe are still available for all TrueOS-based distributions to use.</p>
44968 </blockquote>
44969
44970 <ul>
44971 <li>It’s FOSS: Does Project Trident have any corporate sponsors lined up? If not, would you be open to it or would you prefer that it be community supported?</li>
44972 </ul>
44973
44974 <blockquote>
44975 <p>Project Trident: iXsystems is the first corporate sponsor of Project Trident and we are always open to other sponsorships as well. We would prefer smaller individual contributions from the community, but we understand that larger project needs or special-purpose goals are much more difficult to achieve without allowing larger corporate sponsorships as well. In either case, Project Trident is always looking out for the best interests of the community and will not allow intrusive or harmful code to enter the project even if a company or individual tries to make that code part of a sponsorship deal.</p>
44976 </blockquote>
44977
44978 <ul>
44979 <li>It’s FOSS: BSD always seems to be lagging in terms of support for newer devices. Will TrueOS be able to remedy that with a quicker release cycle?</li>
44980 </ul>
44981
44982 <blockquote>
44983 <p>Project Trident: Yes! That was a primary reason for TrueOS to start tracking the CURRENT branch of FreeBSD in 2016. This allows for the changes that FreeBSD developers are making, including new hardware support, to be available much sooner than if we followed the FreeBSD release cycle.</p>
44984 </blockquote>
44985
44986 <ul>
44987 <li>It’s FOSS: Do you have any idea when Project Trident will have its first release?</li>
44988 </ul>
44989
44990 <blockquote>
44991 <p>Project Trident: Right now we are targeting a late August release date. This is because Project Trident is “kicking the wheels” on the new TrueOS distribution system. We want to ensure everything is working smoothly before we release. Going forward, we plan on having regular package updates every week or two for the end-user packages and a new release of Trident with an updated OS version every 6 months. This will follow the TrueOS release schedule with a small time offset.</p>
44992 </blockquote>
44993
44994 <p><hr></p>
44995
44996 <p>###<a href="https://www.geoghegan.ca/pfbadhost.html">pf-badhost: Stop the evil doers in their tracks!</a></p>
44997
44998 <blockquote>
44999 <p>pf-badhost is a simple, easy to use badhost blocker that uses the power of the pf firewall to block many of the internet’s biggest irritants. Annoyances such as ssh bruteforcers are largely eliminated. Shodan scans and bots looking for webservers to abuse are stopped dead in their tracks. When used to filter outbound traffic, pf-badhost blocks many seedy, spooky malware containing and/or compromised webhosts.<br>
45000 Filtering performance is exceptional, as the badhost list is stored in a pf table. To quote the OpenBSD FAQ page regarding tables: “the lookup time on a table holding 50,000 addresses is only slightly more than for one holding 50 addresses.”<br>
45001 pf-badhost is simple and powerful. The blocklists are pulled from quality, trusted sources. The ‘Firehol’, ‘Emerging Threats’ and ‘Binary Defense’ block lists are used as they are popular, regularly updated lists of the internet’s most egregious offenders. The <a href="http://pf-badhost.sh">pf-badhost.sh</a> script can easily be expanded to use additional or alternate blocklists.<br>
45002 pf-badhost works best when used in conjunction with unbound-adblock for the ultimate badhost blocking.</p>
45003 </blockquote>
45004
45005 <ul>
45006 <li>Notes:</li>
45007 <li>If you are trying to run pf-badhost on a LAN or are using NAT, you will want to add a rule to your pf.conf appearing BEFORE the pf-badhost rules allowing traffic to and from your local subnet so that you can still access your gateway and any DNS servers.</li>
45008 <li>Conversely, adding a line to <a href="http://pf-badhost.sh">pf-badhost.sh</a> that removes your subnet range from the <pfbadhost> table should also work. Just make sure you choose a subnet range / CIDR block that is actually in the list. 192.168.0.0/16, 172.16.0.0/12 and 10.0.0.0/8 are the most common home/office subnet ranges.</li>
45009 </ul>
45010
45011 <p><hr></p>
45012
45013 <p><strong>DigitalOcean</strong><br>
45014 <a href="https://do.co/bsdnow">https://do.co/bsdnow</a></p>
45015
45016 <p>###<a href="http://edition.cnn.com/TECH/computing/9911/01/freebsd.con99.idg/">FLASHBACK: FreeBSDCon’99: Fans of Linux’s lesser-known sibling gather for the first time</a></p>
45017
45018 <blockquote>
45019 <p>FreeBSD, a port of BSD Unix to Intel, has been around almost as long as Linux has – but without the media hype. Its developer and user community recently got a chance to get together for the first time, and they did it in the city where BSD – the Berkeley Software Distribution – was born some 25 years ago.<br>
45020 October 17, 1999 marked a milestone in the history of FreeBSD – the first FreeBSD conference was held in the city where it all began, Berkeley, CA. Over 300 developers, users, and interested parties attended from around the globe.<br>
45021 This was easily 50 percent more people than the conference organizers had expected. This first conference was meant to be a gathering mostly for developers and FreeBSD advocates. The turnout was surprisingly (and gratifyingly) large.<br>
45022 In fact, attendance exceeded expectations so much that, for instance, Kirk McKusick had to add a second, identical tutorial on FreeBSD internals, because it was impossible for everyone to attend the first!<br>
45023 But for a first-ever conference, I was impressed by how smoothly everything seemed to go. Sessions started on time, and the sessions I attended were well-run; nothing seemed to be too cold, dark, loud, late, or off-center.<br>
45024 Of course, the best part about a conference such as this one is the opportunity to meet with other people who share similar interests. Lunches and breaks were a good time to meet people, as was the Tuesday night beer bash.<br>
45025 The Wednesday night reception was of a type unusual for the technical conferences I usually attend – a three-hour Hornblower dinner cruise on San Francisco Bay. Not only did we all enjoy excellent food and company, but we all got to go up on deck and watch the lights of San Francisco and Berkeley as we drifted by. Although it’s nice when a conference attracts thousands of attendees, there are some things that can only be done with smaller groups of people; this was one of them.<br>
45026 In short, this was a tiny conference, but a well-run one.</p>
45027 </blockquote>
45028
45029 <ul>
45030 <li>Sessions</li>
45031 </ul>
45032
45033 <blockquote>
45034 <p>Although it was a relatively small conference, the number and quality of the sessions belied the size. Each of the three days of the conference featured a different keynote speaker. In addition to Jordan Hubbard, Jeremy Allison spoke on “Samba Futures” on day two, and Brian Behlendorf gave a talk on “FreeBSD and Apache: A Perfect Combo” to start off the third day.<br>
45035 The conference sessions themselves were divided into six tracks: advocacy, business, development, networking, security, and panels. The panels track featured three different panels, made up of three different slices of the community: the FreeBSD core team, a press panel, and a prominent user panel with representatives from such prominent commercial users as Yahoo! and USWest.<br>
45036 I was especially interested in Apple Computer’s talk in the development track. Wilfredo Sanchez, technical lead for open source projects at Apple (no, that’s not an oxymoron!) spoke about Apple’s Darwin project, the company’s operating system road map, and the role of BSD (and, specifically, FreeBSD) in Apple’s plans.<br>
45037 Apple and Unix have had a long and uneasy history, from the Lisa through the A/UX project to today. Personally, I’m very optimistic about the chances for the Darwin project to succeed. Apple’s core OS kernel team has chosen FreeBSD as its reference platform. I’m looking forward to what this partnership will bring to both sides.<br>
45038 Other development track sessions included in-depth tutorials on writing device drivers, basics of the Vinum Volume Manager, Fibre Channel, development models (the open repository model), and the FreeBSD Documentation Project (FDP). If you’re interested in contributing to the FreeBSD project, the FDP is a good place to start.<br>
45039 Advocacy sessions included “How One Person Can Make a Difference” (a timeless topic that would find a home at any technical conference!) and “Starting and Managing A User Group” (trials and tribulations as well as rewards).<br>
45040 The business track featured speakers from three commercial users of FreeBSD: Cybernet, USWest, and Applix. Applix presented its port of Applixware Office for FreeBSD and explained how Applix has taken the core services of Applixware into open source.<br>
45041 Commercial applications and open source were once a rare combination; we can only hope the trend away from that state of affairs will continue.</p>
45042 </blockquote>
45043
45044 <ul>
45045 <li>Commercial use of FreeBSD</li>
45046 </ul>
45047
45048 <blockquote>
45049 <p>The use of FreeBSD in embedded applications is increasing as well – and it is increasing at the same rate that hardware power is. These days, even inexpensive systems are able to run a BSD kernel.<br>
45050 The BSD license and the solid TCP/IP stack prove significant enticements to this market as well. (Unlike the GNU Public License, the BSD license does not require that vendors make derivative works open source.)<br>
45051 Companies such as USWest and Verio use FreeBSD for a wide variety of different Internet services.<br>
45052 Yahoo! and Hotmail are examples of companies that use FreeBSD extensively for more specific purposes. Yahoo!, for example, has many hundreds of FreeBSD boxes, and Hotmail has almost 2000 FreeBSD machines at its data center in the San Francisco Bay area.<br>
45053 Hotmail is owned by Microsoft, so the fact that it runs FreeBSD is a secret. Don’t tell anyone…<br>
45054 When asked to comment on the increasing commercial interest in BSD, Hubbard said that FreeBSD is learning the Red Hat lesson. “Walnut Creek and others with business interests in FreeBSD have learned a few things from the Red Hat IPO,” he said, “and nobody is just sitting around now, content with business as usual. It’s clearly business as unusual in the open source world today.”<br>
45055 Hubbard had also singled out some of BSD’s commercial partners, such as Whistle Communications, for praise in his opening day keynote. These partners play a key role in moving the project forward, he said, by contributing various enhancements and major new systems, such as Netgraph, as well as by contributing paid employee time spent on FreeBSD.<br>
45056 Even short FreeBSD-related contacts can yield good results, Hubbard said. An example of this is the new jail() security code introduced in FreeBSD 3.x and 4.0, which was contributed by R & D Associates. A number of ISPs are also now donating the hardware and bandwidth that allows the project to provide more resource mirrors and experimental development sites.</p>
45057 </blockquote>
45058
45059 <ul>
45060 <li>See you next year</li>
45061 </ul>
45062
45063 <blockquote>
45064 <p>And speaking of corporate sponsors, thanks go to Walnut Creek for sponsoring the conference, and to Yahoo! for covering all the expenses involved in bringing the entire FreeBSD core team to Berkeley.<br>
45065 As a fan of FreeBSD, I’m happy to see that the project has finally produced a conference. It was time: many of the 16 core team members had been working together on a regular basis for nearly seven years without actually meeting face to face.<br>
45066 It’s been an interesting year for open source projects. I’m looking forward to the next year – and the next BSD conference – to be even better.</p>
45067 </blockquote>
45068
45069 <p><hr></p>
45070
45071 <p>##News Roundup<br>
45072 ###<a href="https://marc.info/?l=openbsd-tech&m=153504937925732&w=2">OpenBSD Recommends: Disable SMT/Hyperthreading in all Intel BIOSes</a></p>
45073
45074 <pre><code>Two recently disclosed hardware bugs affected Intel cpus:
45075
45076 - TLBleed
45077
45078 - T1TF (the name "Foreshadow" refers to 1 of 3 aspects of this
45079 bug, more aspects are surely on the way)
45080
45081 Solving these bugs requires new cpu microcode, a coding workaround,
45082 *AND* the disabling of SMT / Hyperthreading.
45083
45084 SMT is fundamentally broken because it shares resources between the two
45085 cpu instances and those shared resources lack security differentiators.
45086 Some of these side channel attacks aren't trivial, but we can expect
45087 most of them to eventually work and leak kernel or cross-VM memory in
45088 common usage circumstances, even such as javascript directly in a
45089 browser.
45090
45091 There will be more hardware bugs and artifacts disclosed. Due to the
45092 way SMT interacts with speculative execution on Intel cpus, I expect SMT
45093 to exacerbate most of the future problems.
45094
45095 A few months back, I urged people to disable hyperthreading on all
45096 Intel cpus. I need to repeat that:
45097
45098 DISABLE HYPERTHREADING ON ALL YOUR INTEL MACHINES IN THE BIOS.
45099
45100 Also, update your BIOS firmware, if you can.
45101
45102 OpenBSD -current (and therefore 6.4) will not use hyperthreading if it
45103 is enabled, and will update the cpu microcode if possible.
45104
45105 But what about 6.2 and 6.3?
45106
45107 The situation is very complex, continually evolving, and is taking too
45108 much manpower away from other tasks. Furthermore, Intel isn't telling
45109 us what is coming next, and are doing a terrible job by not publically
45110 documenting what operating systems must do to resolve the problems. We
45111 are having to do research by reading other operating systems. There is
45112 no time left to backport the changes -- we will not be issuing a
45113 complete set of errata and syspatches against 6.2 and 6.3 because it is
45114 turning into a distraction.
45115
45116 Rather than working on every required patch for 6.2/6.3, we will
45117 re-focus manpower and make sure 6.4 contains the best solutions
45118 possible.
45119
45120 So please try take responsibility for your own machines: Disable SMT in
45121 the BIOS menu, and upgrade your BIOS if you can.
45122
45123 I'm going to spend my money at a more trustworthy vendor in the future.
45124 </code></pre>
45125
45126 <p><hr></p>
45127
45128 <p>###<a href="https://medium.com/@enzuru/get-morrowind-running-on-openbsd-in-5-simple-steps-b65e20f3f0c">Get Morrowind running on OpenBSD in 5 simple steps</a></p>
45129
45130 <blockquote>
45131 <p>This article contains brief instructions on how to get one of the greatest Western RPGs of all time, The Elder Scrolls III: Morrowind, running on OpenBSD using the OpenMW open source engine recreation. These instructions were tested on a ThinkPad X1 Carbon Gen 3. The information was adapted from this OpenMW forum thread: <a href="https://forum.openmw.org/viewtopic.php?t=3510">https://forum.openmw.org/viewtopic.php?t=3510</a></p>
45132 </blockquote>
45133
45134 <ul>
45135 <li>
45136 <ol>
45137 <li>Purchase and download the DRM-free version from GOG (also considered the best version due to the high quality PDF guide that it comes with): <a href="https://www.gog.com/game/the_elder_scrolls_iii_morrowind_goty_edition">https://www.gog.com/game/the_elder_scrolls_iii_morrowind_goty_edition</a></li>
45138 </ol>
45139 </li>
45140 <li>
45141 <ol start="2">
45142 <li>Install the required packages built from the ports tree as root. openmw is the recreated game engine, and innoextract is how we will get the game data files out of the win32 executable.</li>
45143 </ol>
45144 </li>
45145 </ul>
45146
45147 <p><code>pkg_add openmw innoextract</code></p>
45148
45149 <ul>
45150 <li>
45151 <ol start="3">
45152 <li>Move the file from GOG setup_tes_morrowind_goty_2.0.0.7.exe into its own directory morrowind/ due to innoextract’s default behaviour of extracting into the current directory. Then type:</li>
45153 </ol>
45154 </li>
45155 </ul>
45156
45157 <p><code>innoextract setup_tes_morrowind_goty_2.0.0.7.exe</code></p>
45158
45159 <ul>
45160 <li>
45161 <ol start="4">
45162 <li>Type openmw-wizard and follow the straightforward instructions. Note that you have a pre-existing installation, and select the morrowind/app/Data Files folder that innoextract extracted.</li>
45163 </ol>
45164 </li>
45165 <li>
45166 <ol start="5">
45167 <li>Type in openmw-launcher, toggle the settings to your preferences, and then hit play!</li>
45168 </ol>
45169 </li>
45170 </ul>
45171
45172 <p><hr></p>
45173
45174 <p><strong>iXsystems</strong><br>
45175 <a href="https://twitter.com/allanjude/status/1034647571124367360">https://twitter.com/allanjude/status/1034647571124367360</a></p>
45176
45177 <p>###<a href="https://euroquis.nl/bobulate/?p=1937">My First Clang Bug</a></p>
45178
45179 <blockquote>
45180 <p>Part of the role of being a packager is compiling lots (and lots) of packages. That means compiling lots of code from interesting places and in a variety of styles. In my opinion, being a good packager also means providing feedback to upstream when things are bad. That means filing upstream bugs when possible, and upstreaming patches.<br>
45181 One of the “exciting” moments in packaging is when tools change. So each and every major CMake update is an exercise in recompiling 2400 or more packages and adjusting bits and pieces. When a software project was last released in 2013, adjusting it to modern tools can become quite a chore (e.g. Squid Report Generator). CMake is excellent for maintaining backwards compatibility, generally accommodating old software with new policies. The most recent 3.12 release candidate had three issues filed from the FreeBSD side, all from fallout with older software. I consider the hours put into good bug reports, part of being a good citizen of the Free Software world.<br>
45182 My most interesting bug this week, though, came from one line of code somewhere in Kleopatra: Q_UNUSED(gpgagent_data);<br>
45183 That one line triggered a really peculiar link error in KDE’s FreeBSD CI system. Yup … telling the compiler something is unused made it fall over. Commenting out that line got rid of the link error, but introduced a warning about an unused function. Working with KDE-PIM’s Volker Krause, we whittled the problem down to a six-line example program — two lines if you don’t care much for coding style. I’m glad, at that point, that I could throw it over the hedge to the LLVM team with some explanatory text. Watching the process on their side reminds me ever-so-strongly of how things work in KDE (or FreeBSD for that matter): Bugzilla, Phabricator, and git combine to be an effective workflow for developers (perhaps less so for end-users).<br>
45184 Today I got a note saying that the issue had been resolved. So brief a time for a bug. Live fast. Get squashed young.</p>
45185 </blockquote>
45186
45187 <p><hr></p>
45188
45189 <p>###<a href="https://www.phoronix.com/scan.php?page=news_item&px=Threadripper-2990WX-DragonFly">DragonFlyBSD Now Runs On The Threadripper 2990WX, Developer Shocked At Performance</a></p>
45190
45191 <blockquote>
45192 <p>Last week I carried out some tests of BSD vs. Linux on the new 32-core / 64-thread Threadripper 2990WX. I tested FreeBSD 11, FreeBSD 12, and TrueOS – those benchmarks will be published in the next few days. I tried DragonFlyBSD, but at the time it wouldn’t boot with this AMD HEDT processor. But now the latest DragonFlyBSD development kernel can handle the 2990WX and the lead DragonFly developer calls this new processor “a real beast” and is stunned by its performance potential.</p>
45193 </blockquote>
45194
45195 <blockquote>
45196 <p>When I tried last week, the DragonFlyBSD 5.2.2 stable release nor DragonFlyBSD 5.3 daily snapshot would boot on the 2990WX. But it turns out Matthew Dillon, the lead developer of DragonFlyBSD, picked up a rig and has it running now. So in time for the next 5.4 stable release or those using the daily snapshots can have this 32-core / 64-thread Zen+ CPU running on this operating system long ago forked from FreeBSD.</p>
45197 </blockquote>
45198
45199 <blockquote>
45200 <p>In announcing his success in bringing up the 2990WX under DragonFlyBSD, which required a few minor changes, he shared his performance thoughts and hopes for the rig. “The cpu is a real beast, packing 32 cores and 64 threads. It blows away our dual-core Xeon to the tune of being +50% faster in concurrent compile tests, and it also blows away our older 4-socket Opteron (which we call ‘Monster’) by about the same margin. It’s an impressive CPU. For now the new beast is going to be used to help us improve I/O performance through the filesystem, further SMP work (but DFly scales pretty well to 64 threads already), and perhaps some driver to work to support the 10gbe on the mobo.”</p>
45201 </blockquote>
45202
45203 <blockquote>
45204 <p>Dillon shared some results on the system as well. " The Threadripper 2990WX is a beast. It is at <em>least</em> 50% faster than both the quad socket opteron and the dual socket Xeon system I tested against. The primary limitation for the 2990WX is likely its 4 channels of DDR4 memory, and like all Zen and Zen+ CPUs, memory performance matters more than CPU frequency (and costs almost no power to pump up the performance). That said, it still blow away a dual-socket Xeon with 3x the number of memory channels. That is impressive!"</p>
45205 </blockquote>
45206
45207 <blockquote>
45208 <p>The well known BSD developer also added, “This puts the 2990WX at par efficiency vs a dual-socket Xeon system, and better than the dual-socket Xeon with slower memory and a power cap. This is VERY impressive. I should note that the 2990WX is more specialized with its asymetric NUMA architecture and 32 cores. I think the sweet spot in terms of CPU pricing and efficiency is likely going to be with the 2950X (16-cores/32-threads). It is clear that the 2990WX (32-cores/64-threads) will max out 4-channel memory bandwidth for many workloads, making it a more specialized part. But still awesome…This thing is an incredible beast, I’m glad I got it.”</p>
45209 </blockquote>
45210
45211 <blockquote>
45212 <p>While I have the FreeBSD vs. Linux benchmarks from a few days ago, it looks like now on my ever growing TODO list will be re-trying out the newest DragonFlyBSD daily snapshot for seeing how the performance compares in the mix. Stay tuned for the numbers that should be in the next day or two.</p>
45213 </blockquote>
45214
45215 <p><hr></p>
45216
45217 <p>##Beastie Bits</p>
45218
45219 <ul>
45220 <li><a href="https://undeadly.org/cgi?action=article;sid=20180810075449">X11 on really small devices</a></li>
45221 <li><a href="https://undeadly.org/cgi?action=article;sid=20180810131231">mandoc-1.14.4 released</a></li>
45222 <li><a href="https://www.netgate.com/blog/pfSense-book-available-to-everyone.html">The pfSense Book is now available to everyone</a></li>
45223 <li><a href="https://mwl.io/archives/3619">MWL: Burn it down! Burn it all down!</a></li>
45224 <li><a href="https://github.com/begriffs/obsd">Configuring OpenBSD: System and user config files for a more pleasant laptop</a></li>
45225 <li><a href="https://www.freebsd.org/security/advisories/FreeBSD-SA-18:08.tcp.asc">FreeBSD Security Advisory: Resource exhaustion in TCP reassembly</a></li>
45226 <li><a href="https://discoverbsd.com/p/92d80d1497">OpenBSD Foundation gets first 2018 Iridium donation</a></li>
45227 <li><a href="https://svnweb.freebsd.org/base?view=revision&revision=337653">New ZFS commit solves issue a few users reported in the feedback segment</a></li>
45228 <li><a href="https://twitter.com/TridentProject/status/1034620476553867264">Project Trident should have a beta release by the end of next week</a></li>
45229 <li><a href="https://www.meetup.com/BSD-Users-Stockholm/events/253447019/">Reminder about Stockholm BUG: September 5, 17:30-22:00</a></li>
45230 <li><a href="https://bsd-pl.org/en">BSD-PL User Group: September 13, 18:30-21:00</a></li>
45231 </ul>
45232
45233 <p><hr></p>
45234
45235 <p><strong>Tarsnap</strong></p>
45236
45237 <p>##Feedback/Questions</p>
45238
45239 <ul>
45240 <li>Malcom - <a href="http://dpaste.com/15VVVCP">Having different routes per interface</a></li>
45241 <li>Bostjan - <a href="http://dpaste.com/1Q14C6H#wrap">ZFS and integrity of data</a></li>
45242 <li>Michael - <a href="http://dpaste.com/2JD17BP#wrap">Suggestion for Monitoring</a></li>
45243 <li>Barry - <a href="http://dpaste.com/2GJ3RMG#wrap">Feedback</a></li>
45244 </ul>
45245
45246 <p><hr></p>
45247
45248 <ul>
45249 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
45250 </ul>]]>
45251 </itunes:summary>
45252 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+wqDVPHme</fireside:playerURL>
45253 <fireside:playerEmbedCode>
45254 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+wqDVPHme" width="740" height="200" frameborder="0" scrolling="no">]]>
45255 </fireside:playerEmbedCode>
45256 </item>
45257 <item>
45258 <title>Episode 260: Hacking Tour of Europe | BSD Now 260</title>
45259 <link>https://www.bsdnow.tv/260</link>
45260 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-2463</guid>
45261 <pubDate>Thu, 23 Aug 2018 02:00:00 -0700</pubDate>
45262 <author>Allan Jude</author>
45263 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/a3504e6e-2e15-4430-8917-d6a8782b461e.mp3" length="48332197" type="audio/mp3"/>
45264 <itunes:episodeType>full</itunes:episodeType>
45265 <itunes:author>Allan Jude</itunes:author>
45266 <itunes:subtitle>Trip reports from the Essen Hackathon and BSDCam, CfT: ZFS native encryption and UFS trim consolidation, ZFS performance benchmarks on a FreeBSD server, how to port your OS to EC2, Vint Cerf about traceability, Remote Access console to an RPi3 running FreeBSD, and more.</itunes:subtitle>
45267 <itunes:duration>1:20:14</itunes:duration>
45268 <itunes:explicit>no</itunes:explicit>
45269 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
45270 <description>Trip reports from the Essen Hackathon and BSDCam, CfT: ZFS native encryption and UFS trim consolidation, ZFS performance benchmarks on a FreeBSD server, how to port your OS to EC2, Vint Cerf about traceability, Remote Access console to an RPi3 running FreeBSD, and more.
45271 <p>##Headlines<br>
45272 <a href="https://wiki.freebsd.org/DevSummit/201808Hackathon">Essen Hackathon &amp; BSDCam 2018 trip report</a></p>
45273 <ul>
45274 <li>Allan and Benedict met at FRA airport and then headed to the Air Rail terminal for our train to Essen where the Hackathon would happen over the weekend of Aug 10 - 12, 2018. Once there, we did not have to wait long until other early-arrivals would show up and soon we had about 10 people gathered for lunch. After buying some take-out pizzas and bringing it back to the Linuxhotel (there was a training still going on there so we could not get into our rooms yet), we sat in the sunny park and talked. More and more people arrived and soon, people started hacking on their laptops. Some people would not arrive until a few hours before midnight, but we already had a record appearance of 20 people in total.</li>
45275 <li>On Saturday, we gathered everyone in one of the seminar rooms that had rooms and chairs for us. After some organizational infos, we did an introductory round and Benedict wrote down on the whiteboard what people were interested in. It was not long until groups formed to talk about SSL in base, weird ZFS scrubs that would go over 100% completion (fixed now). Other people started working on ports, fixing bugs, or wrote documentation. The day ended in a <a href="https://twitter.com/bsdbcr">BBQ in the Linuxhotel park</a>, which was well received by everyone.</li>
45276 <li>On Sunday, after attendees packed up their luggage and stored it in the seminar room, we continued hacking until lunchtime. After a quick group picture, we headed to a local restaurant for the social event (which was not open on Saturday, otherwise we would have had it then). In the afternoon, most people departed, a good half of them were heading for BSDCam.</li>
45277 <li><a href="http://freshbsd.org/search?q=Essen+hackathon">Commits from the hackathon (the ones from 2018)</a></li>
45278 <li>Overall, the hackathon was well received by attendees and a lot of them liked the fact that it was close to another BSD gathering so they could nicely combine the two. Also, people thought about doing their own hackathon in the future, which is an exciting prospect. Thanks to all who attended, helped out here and there when needed. Special Thanks to <a href="https://www.netzkommune.de/">Netzkommune GmbH</a> for sponsoring the social event and the <a href="http://linuxhotel.de/">Linuxhotel</a> for having us.</li>
45279 <li>Benedict was having a regular work day on Monday after coming back from the hackathon, but flew out to Heathrow on Tuesday. Allan was in London a day earlier and arrived a couple of hours before Benedict in Cambridge. He headed for the Computer Lab even though the main event would not start until Wednesday. Most people gathered at the Maypole pub on Tuesday evening for welcomes, food and drinks.</li>
45280 <li>On Wednesday, a lot of people met in the breakfast room of Churchill College where most people were staying and went to the Computer Lab, which served as the main venue for BSDCam, together. The morning was spend with introductions and collecting what most people were interested in talking. This unconference style has worked well in the past and soon we had 10 main sessions together for the rest of this and the following two days (<a href="https://bsdcam.cl.cam.ac.uk/">full schedule</a>).</li>
45281 <li>Most sessions took notes, which you can find on the <a href="https://wiki.freebsd.org/DevSummit/201808">FreeBSD wiki</a>.</li>
45282 <li>On Thursday evening, we had a nice formal dinner at Trinity Hall.</li>
45283 <li>BSDCam 2018 was a great success with a lot of fruitful discussions and planning sessions. We thank the organizers for BSDCam for making it happen.</li>
45284 <li>A special mentions goes out to Robert Watson and his family. Even though he was not there, he had a good reason to miss it: they had their first child born at the beginning of the week. Congratulations and best wishes to all three of them!</li>
45285 </ul>
45286 <hr>
45287 <p>###<a href="https://lists.freebsd.org/pipermail/freebsd-current/2018-August/070832.html">Call for Testing: ZFS Native Encryption for FreeBSD</a></p>
45288 <ul>
45289 <li>A port of the ZoL (ZFS-on-Linux) feature that provides native crypto support for ZFS is ready for testing on FreeBSD</li>
45290 <li>Most of the porting was done by <a href="mailto:sef@freebsd.org">sef@freebsd.org</a> (Sean Eric Fagan)</li>
45291 <li>The original ZoL commit is here: <a href="https://github.com/zfsonlinux/zfs/pull/5769/commits/5aef9bedc801830264428c64cd2242d1b786fd49">https://github.com/zfsonlinux/zfs/pull/5769/commits/5aef9bedc801830264428c64cd2242d1b786fd49</a></li>
45292 <li>For an overview, see Tom Caputi’s presentation from the OpenZFS Developers Summit in 2016</li>
45293 <li>Video: <a href="https://youtu.be/frnLiXclAMo">https://youtu.be/frnLiXclAMo</a></li>
45294 <li>Slides: <a href="https://drive.google.com/file/d/0B5hUzsxe4cdmU3ZTRXNxa2JIaDQ/view?usp=sharing">https://drive.google.com/file/d/0B5hUzsxe4cdmU3ZTRXNxa2JIaDQ/view?usp=sharing</a></li>
45295 <li>WARNING: test in VMs or with spare disks etc, pools created with this code, or upgraded to this version, will no longer be importable on systems that do not support this feature. The on-disk format or other things may change before the final version, so you will likely have to ‘zfs send | zfs recv’ the data on to a new pool</li>
45296 <li>Thanks for testing to help this feature land in FreeBSD</li>
45297 </ul>
45298 <hr>
45299 <p><strong>iXsystems</strong></p>
45300 <p>###<a href="https://lists.freebsd.org/pipermail/freebsd-current/2018-August/070797.html">Call for Testing: UFS TRIM Consolidation</a></p>
45301 <ul>
45302 <li>Kirk Mckusick posts to the FreeBSD mailing list looking for testers for the new UFS TRIM Consolidation code</li>
45303 </ul>
45304 <blockquote>
45305 <p>When deleting files on filesystems that are stored on flash-memory (solid-state) disk drives, the filesystem notifies the underlying disk of the blocks that it is no longer using. The notification allows the drive to avoid saving these blocks when it needs to flash (zero out) one of its flash pages. These notifications of no-longer-being-used blocks are referred to as TRIM notifications. In FreeBSD these TRIM notifications are sent from the filesystem to the drive using the BIODELETE command.<br>
45306 Until now, the filesystem would send a separate message to the drive for each block of the file that was deleted. Each Gigabyte of file size resulted in over 3000 TRIM messages being sent to the drive. This burst of messages can overwhelm the drive’s task queue causing multiple second delays for read and write requests.<br>
45307 This implementation collects runs of contiguous blocks in the file and then consolodates them into a single BIODELETE command to the drive. The BIODELETE command describes the run of blocks as a single large block being deleted. Each Gigabyte of file size can result in as few as two BIODELETE commands and is typically less than ten. Though these larger BIODELETE commands take longer to run, they do not clog the drive task queue, so read and write commands can intersperse effectively with them.<br>
45308 Though this new feature has been throughly reviewed and tested, it is being added disabled by default so as to minimize the possibility of disrupting the upcoming 12.0 release. It can be enabled by running `sysctl vfs.ffs.dotrimcons=1’’. Users are encouraged to test it. If no problems arise, we will consider requesting that it be enabled by default for 12.0.<br>
45309 This support is off by default, but I am hoping that I can get enough testing to ensure that it (a) works, and (b) is helpful that it will be reasonable to have it turned on by default in 12.0. The cutoff for turning it on by default in 12.0 is September 19th. So I am requesting your testing feedback in the near-term. Please let me know if you have managed to use it successfully (or not) and also if it provided any performance difference (good or bad).</p>
45310 </blockquote>
45311 <ul>
45312 <li>To enable TRIM consolidation usesysctl vfs.ffs.dotrimcons=1’</li>
45313 <li>There is also a diff that adds additional statistics: <a href="https://lists.freebsd.org/pipermail/freebsd-current/2018-August/070798.html">https://lists.freebsd.org/pipermail/freebsd-current/2018-August/070798.html</a></li>
45314 <li>You can also watch the volume and latency of BIODELETE commands by running <code>gstat</code> with the -d flag</li>
45315 </ul>
45316 <hr>
45317 <p>##News Roundup<br>
45318 <a href="https://aravindh.net/post/zfs_performance/">ZFS performance</a></p>
45319 <ul>
45320 <li>Aravindh Sampathkumar, a Performance Engineer and Sysadmin posts some simple benchmarks he did on a new ZFS server</li>
45321 </ul>
45322 <blockquote>
45323 <p>This is NOT an all-in post about ZFS performance. I built a FreeBSD+ZFS file server recently at work to serve as an offsite backup server. I wanted to run a few synthetic workloads on it and look at how it fares from performance perspective. Mostly for curiosity and learning purposes.<br>
45324 As stated in the notes about building this server, performance was not one of the priorities, as this server will never face our active workload. What I care about from this server is its ability to work with rsync and keep the data synchronised with our primary storage server. With that context, I ran a few write tests to see how good our solution is and what to expect from it in terms of performance.</p>
45325 </blockquote>
45326 <ul>
45327 <li>The article then uses FIO to do some benchmarks.</li>
45328 <li>As the author did, make sure you match the FIO block size to the ZFS record size to avoid write amplification. Either tune FIO or adjust the recordsize property in ZFS</li>
45329 <li>You also want to consider compression and cache effects</li>
45330 </ul>
45331 <blockquote>
45332 <p>Write Performance: Incompressible: 1600-2600 MB/s, Compressible: 2500-6600 MB/s<br>
45333 Another over 1200 MB/s is enough to keep your 10 gigabit network saturated</p>
45334 </blockquote>
45335 <ul>
45336 <li>The increased latency that is seen with higher number of writers working, may be the result of the ZFS backpressure system (the write throttle). There is some tuning that can be done there. Specifically, since this machine has 768 GB of ram, you might allow more than 4GB of dirty data, which would mean you’d be able to write larger batches and not have to push back while you wait for a transaction group to flush when dealing with gigabytes/sec of writes</li>
45337 </ul>
45338 <hr>
45339 <p>###<a href="http://www.daemonology.net/blog/2018-07-14-port-OS-to-EC2.html">How to port your OS to EC2</a></p>
45340 <ul>
45341 <li>Colin Percival reflects on his FreeBSD on EC2 maintainership efforts in his blog:</li>
45342 </ul>
45343 <blockquote>
45344 <p>I’ve been the maintainer of the FreeBSD/EC2 platform for about 7.5 years now, and as far as “running things in virtual machines” goes, that remains the only operating system and the only cloud which I work on. That said, from time to time I get questions from people who want to port other operating systems into EC2, and being a member of the open source community, I do my best to help them. I realized a few days ago that rather than replying to emails one by one it would be more efficient to post something publicly; so — for the benefit of the dozen or so people who want to port operating systems to run in EC2, and the curiosity of maybe a thousand more people who use EC2 but will never build AMIs themselves — here’s a rough guide to building EC2 images.<br>
45345 Before we can talk about building images, there are some things you need:<br>
45346 Your OS needs to run on x86 hardware. 64-bit (“amd64”, “x86-64”) is ideal, but I’ve managed to run 32-bit FreeBSD on “64-bit” EC2 instances so at least in some cases that’s not strictly necessary.<br>
45347 You almost certainly want to have drivers for Xen block devices (for all of the pre-Nitro EC2 instances) or for NVMe disks (for the most recent EC2 instances). Theoretically you could make do without these since there’s some ATA emulation available for bootstrapping, but if you want to do any disk I/O after the kernel finishes booting you’ll want to have a disk driver.<br>
45348 Similarly, you need support for the Xen network interface (older instances), Intel 10 GbE SR-IOV networking (some newer but pre-Nitro instances), or Amazon’s “ENA” network adapters (on Nitro instances), unless you plan on having instances which don’t communicate over the network. The ENA driver is probably the hardest thing to port, since as far as I know there’s no way to get your hands on the hardware directly, and it’s very difficult to do any debugging in EC2 without having a working network.<br>
45349 Finally, the obvious: You need to have an AWS account, and appropriate API access keys.<br>
45350 Building a disk image</p>
45351 <p>Building an AMI<br>
45352 I wrote a simple tool for converting disk images into EC2 instances: bsdec2-image-upload. It uploads a disk image to Amazon S3; makes an API call to import that disk image into an EBS volume; creates a snapshot of that volume; then registers an EC2 AMI using that snapshot.<br>
45353 To use bsdec2-image-upload, you’ll first need to create an S3 bucket for it to use as a staging area. You can call it anything you like, but I recommend that you</p>
45354 </blockquote>
45355 <blockquote>
45356 <p>Create it in a “nearby” region (for performance reasons), and<br>
45357 Set an S3 “lifecycle policy” which deletes objects automatically after 1 day (since bsdec2-image-upload doesn’t clean up the S3 bucket, and those objects are useless once you’ve finished creating an AMI).</p>
45358 </blockquote>
45359 <blockquote>
45360 <p>Boot configuration<br>
45361 Odds are that your instance started booting and got as far as the boot loader launching the kernel, but at some point after that things went sideways. Now we start the iterative process of building disk images, turning them into AMIs, launching said AMIs, and seeing where they break. Some things you’ll probably run into here:<br>
45362 EC2 instances have two types of console available to them: A serial console and an VGA console. (Or rather, emulated serial and emulated VGA.) If you can have your kernel output go to both consoles, I recommend doing that. If you have to pick one, the serial console (which shows up as the “System Log” in EC2) is probably more useful than the VGA console (which shows up as “instance screenshot”) since it lets you see more than one screen of logs at once; but there’s a catch: Due to some bizarre breakage in EC2 — which I’ve been complaining about for ten years — the serial console is very “laggy”. If you find that you’re not getting any output, wait five minutes and try again.<br>
45363 You may need to tell your kernel where to find the root filesystem. On FreeBSD we build our disk images using GPT labels, so we simply need to specify in /etc/fstab that the root filesystem is on /dev/gpt/rootfs; but if you can’t do this, you’ll probably need to have different AMIs for Nitro instances vs. non-Nitro instances since Xen block devices will typically show up with different device names from NVMe disks. On FreeBSD, I also needed to set the vfs.root.mountfrom kernel environment variable for a while; this also is no longer needed on FreeBSD but something similar may be needed on other systems.<br>
45364 You’ll need to enable networking, using DHCP. On FreeBSD, this means placing ifconfigDEFAULT=“SYNCDHCP” into /etc/rc.conf; other systems will have other ways of specifying network parameters, and it may be necessary to specify a setting for the Xen network device, Intel SR-IOV network, and the Amazon ENA interface so that you’ll have the necessary configuration across all EC2 instance types. (On FreeBSD, ifconfigDEFAULT takes care of specifying the network settings which should apply for whatever network interface the kernel finds at boot time.)<br>
45365 You’ll almost certainly want to turn on SSH, so that you can connect into newly launched instances and make use of them. Don’t worry about setting a password or creating a user to SSH into yet — we’ll take care of that later.<br>
45366 EC2 configuration<br>
45367 Now it’s time to make the AMI behave like an EC2 instance. To this end, I prepared a set of rc.d scripts for FreeBSD. Most importantly, they<br>
45368 Print the SSH host keys to the console, so that you can veriy that they are correct when you first SSH in. (Remember, Verifying SSH host keys is more important than flossing every day.)<br>
45369 Download the SSH public key you want to use for logging in, and create an account (by default, “ec2-user”) with that key set up for you.<br>
45370 Fetch EC2 user-data and process it via configinit to allow you to configure the system as part of the process of launching it.<br>
45371 If your OS has an rc system derived from NetBSD’s rc.d, you may be able to use these scripts without any changes by simply installing them and enabling them in /etc/rc.conf; otherwise you may need to write your own scripts using mine as a model.<br>
45372 Firstboot scripts<br>
45373 A feature I added to FreeBSD a few years ago is the concept of “firstboot” scripts: These startup scripts are only run the first time a system boots. The aforementioned configinit and SSH key fetching scripts are flagged this way — so if your OS doesn’t support the “firstboot” keyword on rc.d scripts you’ll need to hack around that — but EC2 instances also ship with other scripts set to run on the first boot:<br>
45374 FreeBSD Update will fetch and install security and critical errata updates, and then reboot the system if necessary.<br>
45375 The UFS filesystem on the “boot disk” will be automatically expanded to the full size of the disk — this makes it possible to specify a larger size of disk at EC2 instance launch time.<br>
45376 Third-party packages will be automatically fetched and installed, according to a list in /etc/rc.conf. This is most useful if configinit is used to edit /etc/rc.conf, since it allows you to specify packages to install via the EC2 user-data.<br>
45377 While none of these are strictly necessary, I find them to be extremely useful and highly recommend implementing similar functionality in your systems.<br>
45378 Support my work!<br>
45379 I hope you find this useful, or at very least interesting. Please consider supporting my work in this area; while I’m happy to contribute my time to supporting open source software, it would be nice if I had money coming in which I could use to cover incidental expenses (e.g., conference travel) so that I didn’t end up paying to contribute to FreeBSD.</p>
45380 </blockquote>
45381 <hr>
45382 <p><strong>Digital Ocean</strong><br>
45383 <a href="https://do.co/bsdnow">https://do.co/bsdnow</a></p>
45384 <p>###<a href="https://cacm.acm.org/magazines/2018/8/229771-traceability/fulltext">Traceability, by Vint Cerf</a></p>
45385 <ul>
45386 <li>A recent article from the August issue of the Communications of the ACM, for your contemplation:</li>
45387 </ul>
45388 <blockquote>
45389 <p>At a recent workshop on cybersecurity in the U.K., a primary topic of consideration was how to preserve the freedom and openness of the Internet while protecting against the harmful behaviors that have emerged in this global medium. That this is a significant challenge cannot be overstated. The bad behaviors range from social network bullying and misinformation to email spam, distributed denial of service attacks, direct cyberattacks against infrastructure, malware propagation, identity theft, and a host of other ills requiring a wide range of technical and legal considerations. That these harmful behaviors can and do cross international boundaries only makes it more difficult to fashion effective responses.<br>
45390 In other columns, I have argued for better software development tools to reduce the common mistakes that lead to vulnerabilities that are exploited. Here, I want to focus on another aspect of response related to law enforcement and tracking down perpetrators. Of course, not all harms are (or perhaps are not yet) illegal, but discovering those who cause them may still be warranted. The recent adoption and implementation of the General Data Protection Regulation (GDPR) in the European Union creates an interesting tension because it highlights the importance and value of privacy while those who do direct or indirect harm must be tracked down and their identities discovered.<br>
45391 In passing, I mention that cryptography has sometimes been blamed for protecting the identity or actions of criminals but it is also a tool for protecting privacy. Arguments have been made for “back doors” to cryptographic systems but I am of the opinion that such proposals carry extremely high risk to privacy and safety. It is not my intent to argue this question in this column.<br>
45392 What is of interest to me is a concept to which I was introduced at the Ditchley workshop, specifically, differential traceability. The ability to trace bad actors to bring them to justice seems to me an important goal in a civilized society. The tension with privacy protection leads to the idea that only under appropriate conditions can privacy be violated. By way of example, consider license plates on cars. They are usually arbitrary identifiers and special authority is needed to match them with the car owners (unless, of course, they are vanity plates like mine: “Cerfsup”). This is an example of differential traceability; the police department has the authority to demand ownership information from the Department of Motor Vehicles that issues the license plates. Ordinary citizens do not have this authority.<br>
45393 In the Internet environment there are a variety of identifiers associated with users (including corporate users). Domain names, IP addresses, email addresses, and public cryptography keys are examples among many others. Some of these identifiers are dynamic and thus ambiguous. For example, IP addresses are not always permanent and may change (for example, temporary IP addresses assigned at Wi-Fi hotspots) or may be ambiguous in the case of Network Address Translation. Information about the time of assignment and the party to whom an IP address was assigned may be needed to identify an individual user. There has been considerable debate and even a recent court case regarding requirements to register users in domain name WHOIS databases in the context of the adoption of GDPR. If we are to accomplish the simultaneous objectives of protecting privacy while apprehending those engaged in harmful or criminal behavior on the Internet, we must find some balance between conflicting but desirable outcomes.<br>
45394 This suggests to me that the notion of traceability under (internationally?) agreed circumstances (that is, differential traceability) might be a fruitful concept to explore. In most societies today, it is accepted that we must be identifiable to appropriate authorities under certain conditions (consider border crossings, traffic violation stops as examples). While there are conditions under which apparent anonymity is desirable and even justifiable (whistle-blowing, for example) absolute anonymity is actually quite difficult to achieve (another point made at the Ditchley workshop) and might not be absolutely desirable given the misbehaviors apparent anonymity invites. I expect this is a controversial conclusion and I look forward to subsequent discussion.</p>
45395 </blockquote>
45396 <hr>
45397 <p>###<a href="https://blackdot.be/2018/08/remote-access-console-using-raspberry-pi-3b-and-freebsd/">Remote Access Console using FreeBSD on an RPi3</a></p>
45398 <ul>
45399 <li>Our friend, and FOSDEM Booth Neighbour, Jorge, has posted a tutorial on how he created a remote access console for his SmartOS server and other machines in his homelab</li>
45400 <li>Parts:</li>
45401 <li>Raspberry Pi 3 B+</li>
45402 <li>NavoLabs micro POE Hat</li>
45403 <li>FT4232H based USB-to-RS232 (4x) adapter</li>
45404 <li>Official Raspberry Pi case (optional)</li>
45405 <li>Heat-sink kit (optional)</li>
45406 <li>USB-to-TTL adaptor (optional)</li>
45407 <li>Sandisk 16Gb microSD</li>
45408 </ul>
45409 <blockquote>
45410 <p>For the software I ended up using conserver. Below is a very brief tutorial on how to set everything up. I assume you have basic unix skills.</p>
45411 </blockquote>
45412 <ul>
45413 <li>Get an RPi3 image, make some minor modifications for RPi3+, and write it to the USB stick</li>
45414 <li>Configure FreeBSD on the RPi3
45415 <ul>
45416 <li>Load the ‘muge’ Ethernet Driver</li>
45417 <li>Load USB serial support</li>
45418 <li>Load the FTDI driver</li>
45419 <li>Enable SSHd and Conserver</li>
45420 <li>Configure Conserver</li>
45421 <li>Setup log rotation</li>
45422 <li>Start Conserver</li>
45423 </ul>
45424 </li>
45425 <li>And you’re good to go</li>
45426 </ul>
45427 <blockquote>
45428 <p>A small bonus script I wrote to turn on the 2nd LED on the rPI once the system is booted, it will then blink the LED if someone is connected to any of the consoles.</p>
45429 </blockquote>
45430 <ul>
45431 <li>There is also a followup post with some additional tips: <a href="https://blackdot.be/2018/08/freebsd-uart-and-raspberry-pi-3-b/">https://blackdot.be/2018/08/freebsd-uart-and-raspberry-pi-3-b/</a></li>
45432 </ul>
45433 <hr>
45434 <p>##Beastie Bits</p>
45435 <ul>
45436 <li><a href="https://twitter.com/ungleich/status/1031501391792156673">Annual Penguin Races</a></li>
45437 <li><a href="http://www.mcternan.me.uk/mscgen/">Mscgen - Message Sequence Chart generator</a></li>
45438 <li><a href="https://reviews.freebsd.org/D16723">This patch makes FreeBSD boot 500 - 800ms faster, please test on your hardware</a></li>
45439 <li><a href="https://svnweb.freebsd.org/base?view=revision&amp;revision=338059">FreeBSD’s arc4random() replaced with OpenBSD ChaCha20 implementation</a></li>
45440 <li><a href="https://twitter.com/freebsdfndation/status/1031590348768915456">MeetBSD Devsummit open for registrations</a></li>
45441 <li><a href="https://mwl.io/archives/3654">New Podcast interview with Michael W. Lucas</a></li>
45442 </ul>
45443 <hr>
45444 <p><strong>Tarsnap</strong></p>
45445 <p>##Feedback/Questions<br>
45446 We need more feedback emails. Please write to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></p>
45447 <p>Additionally, we are considering a new segment to be added to the end of the show (to make it skippable), where we have a ~15 minute deep dive on a topic. Some initial ideas are on the Virtual Memory subsystem, the Scheduler, Capsicum, and GEOM. What topics would you like to get very detailed explanations of? Many of the explanations may have accompanying graphics, and not be very suitable for audio only listeners, that is why we are planning to put it at the very end of the episode.</p>
45448 <hr>
45449 <ul>
45450 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
45451 </ul>
45452 </description>
45453 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, zfs, performance, encryption, remote access, rpi3, raspberry pi</itunes:keywords>
45454 <content:encoded>
45455 <![CDATA[<p>Trip reports from the Essen Hackathon and BSDCam, CfT: ZFS native encryption and UFS trim consolidation, ZFS performance benchmarks on a FreeBSD server, how to port your OS to EC2, Vint Cerf about traceability, Remote Access console to an RPi3 running FreeBSD, and more.</p>
45456
45457 <p>##Headlines<br>
45458 ###<a href="https://wiki.freebsd.org/DevSummit/201808Hackathon">Essen Hackathon & BSDCam 2018 trip report</a></p>
45459
45460 <ul>
45461 <li>Allan and Benedict met at FRA airport and then headed to the Air Rail terminal for our train to Essen where the Hackathon would happen over the weekend of Aug 10 - 12, 2018. Once there, we did not have to wait long until other early-arrivals would show up and soon we had about 10 people gathered for lunch. After buying some take-out pizzas and bringing it back to the Linuxhotel (there was a training still going on there so we could not get into our rooms yet), we sat in the sunny park and talked. More and more people arrived and soon, people started hacking on their laptops. Some people would not arrive until a few hours before midnight, but we already had a record appearance of 20 people in total.</li>
45462 <li>On Saturday, we gathered everyone in one of the seminar rooms that had rooms and chairs for us. After some organizational infos, we did an introductory round and Benedict wrote down on the whiteboard what people were interested in. It was not long until groups formed to talk about SSL in base, weird ZFS scrubs that would go over 100% completion (fixed now). Other people started working on ports, fixing bugs, or wrote documentation. The day ended in a <a href="https://twitter.com/bsdbcr">BBQ in the Linuxhotel park</a>, which was well received by everyone.</li>
45463 <li>On Sunday, after attendees packed up their luggage and stored it in the seminar room, we continued hacking until lunchtime. After a quick group picture, we headed to a local restaurant for the social event (which was not open on Saturday, otherwise we would have had it then). In the afternoon, most people departed, a good half of them were heading for BSDCam.</li>
45464 <li><a href="http://freshbsd.org/search?q=Essen+hackathon">Commits from the hackathon (the ones from 2018)</a></li>
45465 <li>Overall, the hackathon was well received by attendees and a lot of them liked the fact that it was close to another BSD gathering so they could nicely combine the two. Also, people thought about doing their own hackathon in the future, which is an exciting prospect. Thanks to all who attended, helped out here and there when needed. Special Thanks to <a href="https://www.netzkommune.de/">Netzkommune GmbH</a> for sponsoring the social event and the <a href="http://linuxhotel.de/">Linuxhotel</a> for having us.</li>
45466 <li>Benedict was having a regular work day on Monday after coming back from the hackathon, but flew out to Heathrow on Tuesday. Allan was in London a day earlier and arrived a couple of hours before Benedict in Cambridge. He headed for the Computer Lab even though the main event would not start until Wednesday. Most people gathered at the Maypole pub on Tuesday evening for welcomes, food and drinks.</li>
45467 <li>On Wednesday, a lot of people met in the breakfast room of Churchill College where most people were staying and went to the Computer Lab, which served as the main venue for BSDCam, together. The morning was spend with introductions and collecting what most people were interested in talking. This unconference style has worked well in the past and soon we had 10 main sessions together for the rest of this and the following two days (<a href="https://bsdcam.cl.cam.ac.uk/">full schedule</a>).</li>
45468 <li>Most sessions took notes, which you can find on the <a href="https://wiki.freebsd.org/DevSummit/201808">FreeBSD wiki</a>.</li>
45469 <li>On Thursday evening, we had a nice formal dinner at Trinity Hall.</li>
45470 <li>BSDCam 2018 was a great success with a lot of fruitful discussions and planning sessions. We thank the organizers for BSDCam for making it happen.</li>
45471 <li>A special mentions goes out to Robert Watson and his family. Even though he was not there, he had a good reason to miss it: they had their first child born at the beginning of the week. Congratulations and best wishes to all three of them!</li>
45472 </ul>
45473
45474 <p><hr></p>
45475
45476 <p>###<a href="https://lists.freebsd.org/pipermail/freebsd-current/2018-August/070832.html">Call for Testing: ZFS Native Encryption for FreeBSD</a></p>
45477
45478 <ul>
45479 <li>A port of the ZoL (ZFS-on-Linux) feature that provides native crypto support for ZFS is ready for testing on FreeBSD</li>
45480 <li>Most of the porting was done by <a href="mailto:sef@freebsd.org">sef@freebsd.org</a> (Sean Eric Fagan)</li>
45481 <li>The original ZoL commit is here: <a href="https://github.com/zfsonlinux/zfs/pull/5769/commits/5aef9bedc801830264428c64cd2242d1b786fd49">https://github.com/zfsonlinux/zfs/pull/5769/commits/5aef9bedc801830264428c64cd2242d1b786fd49</a></li>
45482 <li>For an overview, see Tom Caputi’s presentation from the OpenZFS Developers Summit in 2016</li>
45483 <li>Video: <a href="https://youtu.be/frnLiXclAMo">https://youtu.be/frnLiXclAMo</a></li>
45484 <li>Slides: <a href="https://drive.google.com/file/d/0B5hUzsxe4cdmU3ZTRXNxa2JIaDQ/view?usp=sharing">https://drive.google.com/file/d/0B5hUzsxe4cdmU3ZTRXNxa2JIaDQ/view?usp=sharing</a></li>
45485 <li>WARNING: test in VMs or with spare disks etc, pools created with this code, or upgraded to this version, will no longer be importable on systems that do not support this feature. The on-disk format or other things may change before the final version, so you will likely have to ‘zfs send | zfs recv’ the data on to a new pool</li>
45486 <li>Thanks for testing to help this feature land in FreeBSD</li>
45487 </ul>
45488
45489 <p><hr></p>
45490
45491 <p><strong>iXsystems</strong></p>
45492
45493 <p>###<a href="https://lists.freebsd.org/pipermail/freebsd-current/2018-August/070797.html">Call for Testing: UFS TRIM Consolidation</a></p>
45494
45495 <ul>
45496 <li>Kirk Mckusick posts to the FreeBSD mailing list looking for testers for the new UFS TRIM Consolidation code</li>
45497 </ul>
45498
45499 <blockquote>
45500 <p>When deleting files on filesystems that are stored on flash-memory (solid-state) disk drives, the filesystem notifies the underlying disk of the blocks that it is no longer using. The notification allows the drive to avoid saving these blocks when it needs to flash (zero out) one of its flash pages. These notifications of no-longer-being-used blocks are referred to as TRIM notifications. In FreeBSD these TRIM notifications are sent from the filesystem to the drive using the BIO_DELETE command.<br>
45501 Until now, the filesystem would send a separate message to the drive for each block of the file that was deleted. Each Gigabyte of file size resulted in over 3000 TRIM messages being sent to the drive. This burst of messages can overwhelm the drive’s task queue causing multiple second delays for read and write requests.<br>
45502 This implementation collects runs of contiguous blocks in the file and then consolodates them into a single BIO_DELETE command to the drive. The BIO_DELETE command describes the run of blocks as a single large block being deleted. Each Gigabyte of file size can result in as few as two BIO_DELETE commands and is typically less than ten. Though these larger BIO_DELETE commands take longer to run, they do not clog the drive task queue, so read and write commands can intersperse effectively with them.<br>
45503 Though this new feature has been throughly reviewed and tested, it is being added disabled by default so as to minimize the possibility of disrupting the upcoming 12.0 release. It can be enabled by running ``sysctl vfs.ffs.dotrimcons=1’’. Users are encouraged to test it. If no problems arise, we will consider requesting that it be enabled by default for 12.0.<br>
45504 This support is off by default, but I am hoping that I can get enough testing to ensure that it (a) works, and (b) is helpful that it will be reasonable to have it turned on by default in 12.0. The cutoff for turning it on by default in 12.0 is September 19th. So I am requesting your testing feedback in the near-term. Please let me know if you have managed to use it successfully (or not) and also if it provided any performance difference (good or bad).</p>
45505 </blockquote>
45506
45507 <ul>
45508 <li>To enable TRIM consolidation use `sysctl vfs.ffs.dotrimcons=1’</li>
45509 <li>There is also a diff that adds additional statistics: <a href="https://lists.freebsd.org/pipermail/freebsd-current/2018-August/070798.html">https://lists.freebsd.org/pipermail/freebsd-current/2018-August/070798.html</a></li>
45510 <li>You can also watch the volume and latency of BIO_DELETE commands by running <code>gstat</code> with the -d flag</li>
45511 </ul>
45512
45513 <p><hr></p>
45514
45515 <p>##News Roundup<br>
45516 ###<a href="https://aravindh.net/post/zfs_performance/">ZFS performance</a></p>
45517
45518 <ul>
45519 <li>Aravindh Sampathkumar, a Performance Engineer and Sysadmin posts some simple benchmarks he did on a new ZFS server</li>
45520 </ul>
45521
45522 <blockquote>
45523 <p>This is NOT an all-in post about ZFS performance. I built a FreeBSD+ZFS file server recently at work to serve as an offsite backup server. I wanted to run a few synthetic workloads on it and look at how it fares from performance perspective. Mostly for curiosity and learning purposes.<br>
45524 As stated in the notes about building this server, performance was not one of the priorities, as this server will never face our active workload. What I care about from this server is its ability to work with rsync and keep the data synchronised with our primary storage server. With that context, I ran a few write tests to see how good our solution is and what to expect from it in terms of performance.</p>
45525 </blockquote>
45526
45527 <ul>
45528 <li>The article then uses FIO to do some benchmarks.</li>
45529 <li>As the author did, make sure you match the FIO block size to the ZFS record size to avoid write amplification. Either tune FIO or adjust the recordsize property in ZFS</li>
45530 <li>You also want to consider compression and cache effects</li>
45531 </ul>
45532
45533 <blockquote>
45534 <p>Write Performance: Incompressible: 1600-2600 MB/s, Compressible: 2500-6600 MB/s<br>
45535 Another over 1200 MB/s is enough to keep your 10 gigabit network saturated</p>
45536 </blockquote>
45537
45538 <ul>
45539 <li>The increased latency that is seen with higher number of writers working, may be the result of the ZFS backpressure system (the write throttle). There is some tuning that can be done there. Specifically, since this machine has 768 GB of ram, you might allow more than 4GB of dirty data, which would mean you’d be able to write larger batches and not have to push back while you wait for a transaction group to flush when dealing with gigabytes/sec of writes</li>
45540 </ul>
45541
45542 <p><hr></p>
45543
45544 <p>###<a href="http://www.daemonology.net/blog/2018-07-14-port-OS-to-EC2.html">How to port your OS to EC2</a></p>
45545
45546 <ul>
45547 <li>Colin Percival reflects on his FreeBSD on EC2 maintainership efforts in his blog:</li>
45548 </ul>
45549
45550 <blockquote>
45551 <p>I’ve been the maintainer of the FreeBSD/EC2 platform for about 7.5 years now, and as far as “running things in virtual machines” goes, that remains the only operating system and the only cloud which I work on. That said, from time to time I get questions from people who want to port other operating systems into EC2, and being a member of the open source community, I do my best to help them. I realized a few days ago that rather than replying to emails one by one it would be more efficient to post something publicly; so — for the benefit of the dozen or so people who want to port operating systems to run in EC2, and the curiosity of maybe a thousand more people who use EC2 but will never build AMIs themselves — here’s a rough guide to building EC2 images.<br>
45552 Before we can talk about building images, there are some things you need:<br>
45553 Your OS needs to run on x86 hardware. 64-bit (“amd64”, “x86-64”) is ideal, but I’ve managed to run 32-bit FreeBSD on “64-bit” EC2 instances so at least in some cases that’s not strictly necessary.<br>
45554 You almost certainly want to have drivers for Xen block devices (for all of the pre-Nitro EC2 instances) or for NVMe disks (for the most recent EC2 instances). Theoretically you could make do without these since there’s some ATA emulation available for bootstrapping, but if you want to do any disk I/O after the kernel finishes booting you’ll want to have a disk driver.<br>
45555 Similarly, you need support for the Xen network interface (older instances), Intel 10 GbE SR-IOV networking (some newer but pre-Nitro instances), or Amazon’s “ENA” network adapters (on Nitro instances), unless you plan on having instances which don’t communicate over the network. The ENA driver is probably the hardest thing to port, since as far as I know there’s no way to get your hands on the hardware directly, and it’s very difficult to do any debugging in EC2 without having a working network.<br>
45556 Finally, the obvious: You need to have an AWS account, and appropriate API access keys.<br>
45557 Building a disk image</p>
45558 <p>Building an AMI<br>
45559 I wrote a simple tool for converting disk images into EC2 instances: bsdec2-image-upload. It uploads a disk image to Amazon S3; makes an API call to import that disk image into an EBS volume; creates a snapshot of that volume; then registers an EC2 AMI using that snapshot.<br>
45560 To use bsdec2-image-upload, you’ll first need to create an S3 bucket for it to use as a staging area. You can call it anything you like, but I recommend that you</p>
45561 </blockquote>
45562
45563 <blockquote>
45564 <p>Create it in a “nearby” region (for performance reasons), and<br>
45565 Set an S3 “lifecycle policy” which deletes objects automatically after 1 day (since bsdec2-image-upload doesn’t clean up the S3 bucket, and those objects are useless once you’ve finished creating an AMI).</p>
45566 </blockquote>
45567
45568 <blockquote>
45569 <p>Boot configuration<br>
45570 Odds are that your instance started booting and got as far as the boot loader launching the kernel, but at some point after that things went sideways. Now we start the iterative process of building disk images, turning them into AMIs, launching said AMIs, and seeing where they break. Some things you’ll probably run into here:<br>
45571 EC2 instances have two types of console available to them: A serial console and an VGA console. (Or rather, emulated serial and emulated VGA.) If you can have your kernel output go to both consoles, I recommend doing that. If you have to pick one, the serial console (which shows up as the “System Log” in EC2) is probably more useful than the VGA console (which shows up as “instance screenshot”) since it lets you see more than one screen of logs at once; but there’s a catch: Due to some bizarre breakage in EC2 — which I’ve been complaining about for ten years — the serial console is very “laggy”. If you find that you’re not getting any output, wait five minutes and try again.<br>
45572 You may need to tell your kernel where to find the root filesystem. On FreeBSD we build our disk images using GPT labels, so we simply need to specify in /etc/fstab that the root filesystem is on /dev/gpt/rootfs; but if you can’t do this, you’ll probably need to have different AMIs for Nitro instances vs. non-Nitro instances since Xen block devices will typically show up with different device names from NVMe disks. On FreeBSD, I also needed to set the vfs.root.mountfrom kernel environment variable for a while; this also is no longer needed on FreeBSD but something similar may be needed on other systems.<br>
45573 You’ll need to enable networking, using DHCP. On FreeBSD, this means placing ifconfig_DEFAULT=“SYNCDHCP” into /etc/rc.conf; other systems will have other ways of specifying network parameters, and it may be necessary to specify a setting for the Xen network device, Intel SR-IOV network, and the Amazon ENA interface so that you’ll have the necessary configuration across all EC2 instance types. (On FreeBSD, ifconfig_DEFAULT takes care of specifying the network settings which should apply for whatever network interface the kernel finds at boot time.)<br>
45574 You’ll almost certainly want to turn on SSH, so that you can connect into newly launched instances and make use of them. Don’t worry about setting a password or creating a user to SSH into yet — we’ll take care of that later.<br>
45575 EC2 configuration<br>
45576 Now it’s time to make the AMI behave like an EC2 instance. To this end, I prepared a set of rc.d scripts for FreeBSD. Most importantly, they<br>
45577 Print the SSH host keys to the console, so that you can veriy that they are correct when you first SSH in. (Remember, Verifying SSH host keys is more important than flossing every day.)<br>
45578 Download the SSH public key you want to use for logging in, and create an account (by default, “ec2-user”) with that key set up for you.<br>
45579 Fetch EC2 user-data and process it via configinit to allow you to configure the system as part of the process of launching it.<br>
45580 If your OS has an rc system derived from NetBSD’s rc.d, you may be able to use these scripts without any changes by simply installing them and enabling them in /etc/rc.conf; otherwise you may need to write your own scripts using mine as a model.<br>
45581 Firstboot scripts<br>
45582 A feature I added to FreeBSD a few years ago is the concept of “firstboot” scripts: These startup scripts are only run the first time a system boots. The aforementioned configinit and SSH key fetching scripts are flagged this way — so if your OS doesn’t support the “firstboot” keyword on rc.d scripts you’ll need to hack around that — but EC2 instances also ship with other scripts set to run on the first boot:<br>
45583 FreeBSD Update will fetch and install security and critical errata updates, and then reboot the system if necessary.<br>
45584 The UFS filesystem on the “boot disk” will be automatically expanded to the full size of the disk — this makes it possible to specify a larger size of disk at EC2 instance launch time.<br>
45585 Third-party packages will be automatically fetched and installed, according to a list in /etc/rc.conf. This is most useful if configinit is used to edit /etc/rc.conf, since it allows you to specify packages to install via the EC2 user-data.<br>
45586 While none of these are strictly necessary, I find them to be extremely useful and highly recommend implementing similar functionality in your systems.<br>
45587 Support my work!<br>
45588 I hope you find this useful, or at very least interesting. Please consider supporting my work in this area; while I’m happy to contribute my time to supporting open source software, it would be nice if I had money coming in which I could use to cover incidental expenses (e.g., conference travel) so that I didn’t end up paying to contribute to FreeBSD.</p>
45589 </blockquote>
45590
45591 <p><hr></p>
45592
45593 <p><strong>Digital Ocean</strong><br>
45594 <a href="https://do.co/bsdnow">https://do.co/bsdnow</a></p>
45595
45596 <p>###<a href="https://cacm.acm.org/magazines/2018/8/229771-traceability/fulltext">Traceability, by Vint Cerf</a></p>
45597
45598 <ul>
45599 <li>A recent article from the August issue of the Communications of the ACM, for your contemplation:</li>
45600 </ul>
45601
45602 <blockquote>
45603 <p>At a recent workshop on cybersecurity in the U.K., a primary topic of consideration was how to preserve the freedom and openness of the Internet while protecting against the harmful behaviors that have emerged in this global medium. That this is a significant challenge cannot be overstated. The bad behaviors range from social network bullying and misinformation to email spam, distributed denial of service attacks, direct cyberattacks against infrastructure, malware propagation, identity theft, and a host of other ills requiring a wide range of technical and legal considerations. That these harmful behaviors can and do cross international boundaries only makes it more difficult to fashion effective responses.<br>
45604 In other columns, I have argued for better software development tools to reduce the common mistakes that lead to vulnerabilities that are exploited. Here, I want to focus on another aspect of response related to law enforcement and tracking down perpetrators. Of course, not all harms are (or perhaps are not yet) illegal, but discovering those who cause them may still be warranted. The recent adoption and implementation of the General Data Protection Regulation (GDPR) in the European Union creates an interesting tension because it highlights the importance and value of privacy while those who do direct or indirect harm must be tracked down and their identities discovered.<br>
45605 In passing, I mention that cryptography has sometimes been blamed for protecting the identity or actions of criminals but it is also a tool for protecting privacy. Arguments have been made for “back doors” to cryptographic systems but I am of the opinion that such proposals carry extremely high risk to privacy and safety. It is not my intent to argue this question in this column.<br>
45606 What is of interest to me is a concept to which I was introduced at the Ditchley workshop, specifically, differential traceability. The ability to trace bad actors to bring them to justice seems to me an important goal in a civilized society. The tension with privacy protection leads to the idea that only under appropriate conditions can privacy be violated. By way of example, consider license plates on cars. They are usually arbitrary identifiers and special authority is needed to match them with the car owners (unless, of course, they are vanity plates like mine: “Cerfsup”). This is an example of differential traceability; the police department has the authority to demand ownership information from the Department of Motor Vehicles that issues the license plates. Ordinary citizens do not have this authority.<br>
45607 In the Internet environment there are a variety of identifiers associated with users (including corporate users). Domain names, IP addresses, email addresses, and public cryptography keys are examples among many others. Some of these identifiers are dynamic and thus ambiguous. For example, IP addresses are not always permanent and may change (for example, temporary IP addresses assigned at Wi-Fi hotspots) or may be ambiguous in the case of Network Address Translation. Information about the time of assignment and the party to whom an IP address was assigned may be needed to identify an individual user. There has been considerable debate and even a recent court case regarding requirements to register users in domain name WHOIS databases in the context of the adoption of GDPR. If we are to accomplish the simultaneous objectives of protecting privacy while apprehending those engaged in harmful or criminal behavior on the Internet, we must find some balance between conflicting but desirable outcomes.<br>
45608 This suggests to me that the notion of traceability under (internationally?) agreed circumstances (that is, differential traceability) might be a fruitful concept to explore. In most societies today, it is accepted that we must be identifiable to appropriate authorities under certain conditions (consider border crossings, traffic violation stops as examples). While there are conditions under which apparent anonymity is desirable and even justifiable (whistle-blowing, for example) absolute anonymity is actually quite difficult to achieve (another point made at the Ditchley workshop) and might not be absolutely desirable given the misbehaviors apparent anonymity invites. I expect this is a controversial conclusion and I look forward to subsequent discussion.</p>
45609 </blockquote>
45610
45611 <p><hr></p>
45612
45613 <p>###<a href="https://blackdot.be/2018/08/remote-access-console-using-raspberry-pi-3b-and-freebsd/">Remote Access Console using FreeBSD on an RPi3</a></p>
45614
45615 <ul>
45616 <li>Our friend, and FOSDEM Booth Neighbour, Jorge, has posted a tutorial on how he created a remote access console for his SmartOS server and other machines in his homelab</li>
45617 <li>Parts:</li>
45618 <li>Raspberry Pi 3 B+</li>
45619 <li>NavoLabs micro POE Hat</li>
45620 <li>FT4232H based USB-to-RS232 (4x) adapter</li>
45621 <li>Official Raspberry Pi case (optional)</li>
45622 <li>Heat-sink kit (optional)</li>
45623 <li>USB-to-TTL adaptor (optional)</li>
45624 <li>Sandisk 16Gb microSD</li>
45625 </ul>
45626
45627 <blockquote>
45628 <p>For the software I ended up using conserver. Below is a very brief tutorial on how to set everything up. I assume you have basic unix skills.</p>
45629 </blockquote>
45630
45631 <ul>
45632 <li>Get an RPi3 image, make some minor modifications for RPi3+, and write it to the USB stick</li>
45633 <li>Configure FreeBSD on the RPi3
45634 <ul>
45635 <li>Load the ‘muge’ Ethernet Driver</li>
45636 <li>Load USB serial support</li>
45637 <li>Load the FTDI driver</li>
45638 <li>Enable SSHd and Conserver</li>
45639 <li>Configure Conserver</li>
45640 <li>Setup log rotation</li>
45641 <li>Start Conserver</li>
45642 </ul>
45643
45644 <p></li><br>
45645 <li>And you’re good to go</li><br>
45646 </ul></p>
45647
45648 <blockquote>
45649 <p>A small bonus script I wrote to turn on the 2nd LED on the rPI once the system is booted, it will then blink the LED if someone is connected to any of the consoles.</p>
45650 </blockquote>
45651
45652 <ul>
45653 <li>There is also a followup post with some additional tips: <a href="https://blackdot.be/2018/08/freebsd-uart-and-raspberry-pi-3-b/">https://blackdot.be/2018/08/freebsd-uart-and-raspberry-pi-3-b/</a></li>
45654 </ul>
45655
45656 <p><hr></p>
45657
45658 <p>##Beastie Bits</p>
45659
45660 <ul>
45661 <li><a href="https://twitter.com/ungleich/status/1031501391792156673">Annual Penguin Races</a></li>
45662 <li><a href="http://www.mcternan.me.uk/mscgen/">Mscgen - Message Sequence Chart generator</a></li>
45663 <li><a href="https://reviews.freebsd.org/D16723">This patch makes FreeBSD boot 500 - 800ms faster, please test on your hardware</a></li>
45664 <li><a href="https://svnweb.freebsd.org/base?view=revision&revision=338059">FreeBSD’s arc4random() replaced with OpenBSD ChaCha20 implementation</a></li>
45665 <li><a href="https://twitter.com/freebsdfndation/status/1031590348768915456">MeetBSD Devsummit open for registrations</a></li>
45666 <li><a href="https://mwl.io/archives/3654">New Podcast interview with Michael W. Lucas</a></li>
45667 </ul>
45668
45669 <p><hr></p>
45670
45671 <p><strong>Tarsnap</strong></p>
45672
45673 <p>##Feedback/Questions<br>
45674 We need more feedback emails. Please write to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></p>
45675
45676 <p>Additionally, we are considering a new segment to be added to the end of the show (to make it skippable), where we have a ~15 minute deep dive on a topic. Some initial ideas are on the Virtual Memory subsystem, the Scheduler, Capsicum, and GEOM. What topics would you like to get very detailed explanations of? Many of the explanations may have accompanying graphics, and not be very suitable for audio only listeners, that is why we are planning to put it at the very end of the episode.</p>
45677
45678 <p><hr></p>
45679
45680 <ul>
45681 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
45682 </ul>]]>
45683 </content:encoded>
45684 <itunes:summary>
45685 <![CDATA[<p>Trip reports from the Essen Hackathon and BSDCam, CfT: ZFS native encryption and UFS trim consolidation, ZFS performance benchmarks on a FreeBSD server, how to port your OS to EC2, Vint Cerf about traceability, Remote Access console to an RPi3 running FreeBSD, and more.</p>
45686
45687 <p>##Headlines<br>
45688 ###<a href="https://wiki.freebsd.org/DevSummit/201808Hackathon">Essen Hackathon & BSDCam 2018 trip report</a></p>
45689
45690 <ul>
45691 <li>Allan and Benedict met at FRA airport and then headed to the Air Rail terminal for our train to Essen where the Hackathon would happen over the weekend of Aug 10 - 12, 2018. Once there, we did not have to wait long until other early-arrivals would show up and soon we had about 10 people gathered for lunch. After buying some take-out pizzas and bringing it back to the Linuxhotel (there was a training still going on there so we could not get into our rooms yet), we sat in the sunny park and talked. More and more people arrived and soon, people started hacking on their laptops. Some people would not arrive until a few hours before midnight, but we already had a record appearance of 20 people in total.</li>
45692 <li>On Saturday, we gathered everyone in one of the seminar rooms that had rooms and chairs for us. After some organizational infos, we did an introductory round and Benedict wrote down on the whiteboard what people were interested in. It was not long until groups formed to talk about SSL in base, weird ZFS scrubs that would go over 100% completion (fixed now). Other people started working on ports, fixing bugs, or wrote documentation. The day ended in a <a href="https://twitter.com/bsdbcr">BBQ in the Linuxhotel park</a>, which was well received by everyone.</li>
45693 <li>On Sunday, after attendees packed up their luggage and stored it in the seminar room, we continued hacking until lunchtime. After a quick group picture, we headed to a local restaurant for the social event (which was not open on Saturday, otherwise we would have had it then). In the afternoon, most people departed, a good half of them were heading for BSDCam.</li>
45694 <li><a href="http://freshbsd.org/search?q=Essen+hackathon">Commits from the hackathon (the ones from 2018)</a></li>
45695 <li>Overall, the hackathon was well received by attendees and a lot of them liked the fact that it was close to another BSD gathering so they could nicely combine the two. Also, people thought about doing their own hackathon in the future, which is an exciting prospect. Thanks to all who attended, helped out here and there when needed. Special Thanks to <a href="https://www.netzkommune.de/">Netzkommune GmbH</a> for sponsoring the social event and the <a href="http://linuxhotel.de/">Linuxhotel</a> for having us.</li>
45696 <li>Benedict was having a regular work day on Monday after coming back from the hackathon, but flew out to Heathrow on Tuesday. Allan was in London a day earlier and arrived a couple of hours before Benedict in Cambridge. He headed for the Computer Lab even though the main event would not start until Wednesday. Most people gathered at the Maypole pub on Tuesday evening for welcomes, food and drinks.</li>
45697 <li>On Wednesday, a lot of people met in the breakfast room of Churchill College where most people were staying and went to the Computer Lab, which served as the main venue for BSDCam, together. The morning was spend with introductions and collecting what most people were interested in talking. This unconference style has worked well in the past and soon we had 10 main sessions together for the rest of this and the following two days (<a href="https://bsdcam.cl.cam.ac.uk/">full schedule</a>).</li>
45698 <li>Most sessions took notes, which you can find on the <a href="https://wiki.freebsd.org/DevSummit/201808">FreeBSD wiki</a>.</li>
45699 <li>On Thursday evening, we had a nice formal dinner at Trinity Hall.</li>
45700 <li>BSDCam 2018 was a great success with a lot of fruitful discussions and planning sessions. We thank the organizers for BSDCam for making it happen.</li>
45701 <li>A special mentions goes out to Robert Watson and his family. Even though he was not there, he had a good reason to miss it: they had their first child born at the beginning of the week. Congratulations and best wishes to all three of them!</li>
45702 </ul>
45703
45704 <p><hr></p>
45705
45706 <p>###<a href="https://lists.freebsd.org/pipermail/freebsd-current/2018-August/070832.html">Call for Testing: ZFS Native Encryption for FreeBSD</a></p>
45707
45708 <ul>
45709 <li>A port of the ZoL (ZFS-on-Linux) feature that provides native crypto support for ZFS is ready for testing on FreeBSD</li>
45710 <li>Most of the porting was done by <a href="mailto:sef@freebsd.org">sef@freebsd.org</a> (Sean Eric Fagan)</li>
45711 <li>The original ZoL commit is here: <a href="https://github.com/zfsonlinux/zfs/pull/5769/commits/5aef9bedc801830264428c64cd2242d1b786fd49">https://github.com/zfsonlinux/zfs/pull/5769/commits/5aef9bedc801830264428c64cd2242d1b786fd49</a></li>
45712 <li>For an overview, see Tom Caputi’s presentation from the OpenZFS Developers Summit in 2016</li>
45713 <li>Video: <a href="https://youtu.be/frnLiXclAMo">https://youtu.be/frnLiXclAMo</a></li>
45714 <li>Slides: <a href="https://drive.google.com/file/d/0B5hUzsxe4cdmU3ZTRXNxa2JIaDQ/view?usp=sharing">https://drive.google.com/file/d/0B5hUzsxe4cdmU3ZTRXNxa2JIaDQ/view?usp=sharing</a></li>
45715 <li>WARNING: test in VMs or with spare disks etc, pools created with this code, or upgraded to this version, will no longer be importable on systems that do not support this feature. The on-disk format or other things may change before the final version, so you will likely have to ‘zfs send | zfs recv’ the data on to a new pool</li>
45716 <li>Thanks for testing to help this feature land in FreeBSD</li>
45717 </ul>
45718
45719 <p><hr></p>
45720
45721 <p><strong>iXsystems</strong></p>
45722
45723 <p>###<a href="https://lists.freebsd.org/pipermail/freebsd-current/2018-August/070797.html">Call for Testing: UFS TRIM Consolidation</a></p>
45724
45725 <ul>
45726 <li>Kirk Mckusick posts to the FreeBSD mailing list looking for testers for the new UFS TRIM Consolidation code</li>
45727 </ul>
45728
45729 <blockquote>
45730 <p>When deleting files on filesystems that are stored on flash-memory (solid-state) disk drives, the filesystem notifies the underlying disk of the blocks that it is no longer using. The notification allows the drive to avoid saving these blocks when it needs to flash (zero out) one of its flash pages. These notifications of no-longer-being-used blocks are referred to as TRIM notifications. In FreeBSD these TRIM notifications are sent from the filesystem to the drive using the BIO_DELETE command.<br>
45731 Until now, the filesystem would send a separate message to the drive for each block of the file that was deleted. Each Gigabyte of file size resulted in over 3000 TRIM messages being sent to the drive. This burst of messages can overwhelm the drive’s task queue causing multiple second delays for read and write requests.<br>
45732 This implementation collects runs of contiguous blocks in the file and then consolodates them into a single BIO_DELETE command to the drive. The BIO_DELETE command describes the run of blocks as a single large block being deleted. Each Gigabyte of file size can result in as few as two BIO_DELETE commands and is typically less than ten. Though these larger BIO_DELETE commands take longer to run, they do not clog the drive task queue, so read and write commands can intersperse effectively with them.<br>
45733 Though this new feature has been throughly reviewed and tested, it is being added disabled by default so as to minimize the possibility of disrupting the upcoming 12.0 release. It can be enabled by running ``sysctl vfs.ffs.dotrimcons=1’’. Users are encouraged to test it. If no problems arise, we will consider requesting that it be enabled by default for 12.0.<br>
45734 This support is off by default, but I am hoping that I can get enough testing to ensure that it (a) works, and (b) is helpful that it will be reasonable to have it turned on by default in 12.0. The cutoff for turning it on by default in 12.0 is September 19th. So I am requesting your testing feedback in the near-term. Please let me know if you have managed to use it successfully (or not) and also if it provided any performance difference (good or bad).</p>
45735 </blockquote>
45736
45737 <ul>
45738 <li>To enable TRIM consolidation use `sysctl vfs.ffs.dotrimcons=1’</li>
45739 <li>There is also a diff that adds additional statistics: <a href="https://lists.freebsd.org/pipermail/freebsd-current/2018-August/070798.html">https://lists.freebsd.org/pipermail/freebsd-current/2018-August/070798.html</a></li>
45740 <li>You can also watch the volume and latency of BIO_DELETE commands by running <code>gstat</code> with the -d flag</li>
45741 </ul>
45742
45743 <p><hr></p>
45744
45745 <p>##News Roundup<br>
45746 ###<a href="https://aravindh.net/post/zfs_performance/">ZFS performance</a></p>
45747
45748 <ul>
45749 <li>Aravindh Sampathkumar, a Performance Engineer and Sysadmin posts some simple benchmarks he did on a new ZFS server</li>
45750 </ul>
45751
45752 <blockquote>
45753 <p>This is NOT an all-in post about ZFS performance. I built a FreeBSD+ZFS file server recently at work to serve as an offsite backup server. I wanted to run a few synthetic workloads on it and look at how it fares from performance perspective. Mostly for curiosity and learning purposes.<br>
45754 As stated in the notes about building this server, performance was not one of the priorities, as this server will never face our active workload. What I care about from this server is its ability to work with rsync and keep the data synchronised with our primary storage server. With that context, I ran a few write tests to see how good our solution is and what to expect from it in terms of performance.</p>
45755 </blockquote>
45756
45757 <ul>
45758 <li>The article then uses FIO to do some benchmarks.</li>
45759 <li>As the author did, make sure you match the FIO block size to the ZFS record size to avoid write amplification. Either tune FIO or adjust the recordsize property in ZFS</li>
45760 <li>You also want to consider compression and cache effects</li>
45761 </ul>
45762
45763 <blockquote>
45764 <p>Write Performance: Incompressible: 1600-2600 MB/s, Compressible: 2500-6600 MB/s<br>
45765 Another over 1200 MB/s is enough to keep your 10 gigabit network saturated</p>
45766 </blockquote>
45767
45768 <ul>
45769 <li>The increased latency that is seen with higher number of writers working, may be the result of the ZFS backpressure system (the write throttle). There is some tuning that can be done there. Specifically, since this machine has 768 GB of ram, you might allow more than 4GB of dirty data, which would mean you’d be able to write larger batches and not have to push back while you wait for a transaction group to flush when dealing with gigabytes/sec of writes</li>
45770 </ul>
45771
45772 <p><hr></p>
45773
45774 <p>###<a href="http://www.daemonology.net/blog/2018-07-14-port-OS-to-EC2.html">How to port your OS to EC2</a></p>
45775
45776 <ul>
45777 <li>Colin Percival reflects on his FreeBSD on EC2 maintainership efforts in his blog:</li>
45778 </ul>
45779
45780 <blockquote>
45781 <p>I’ve been the maintainer of the FreeBSD/EC2 platform for about 7.5 years now, and as far as “running things in virtual machines” goes, that remains the only operating system and the only cloud which I work on. That said, from time to time I get questions from people who want to port other operating systems into EC2, and being a member of the open source community, I do my best to help them. I realized a few days ago that rather than replying to emails one by one it would be more efficient to post something publicly; so — for the benefit of the dozen or so people who want to port operating systems to run in EC2, and the curiosity of maybe a thousand more people who use EC2 but will never build AMIs themselves — here’s a rough guide to building EC2 images.<br>
45782 Before we can talk about building images, there are some things you need:<br>
45783 Your OS needs to run on x86 hardware. 64-bit (“amd64”, “x86-64”) is ideal, but I’ve managed to run 32-bit FreeBSD on “64-bit” EC2 instances so at least in some cases that’s not strictly necessary.<br>
45784 You almost certainly want to have drivers for Xen block devices (for all of the pre-Nitro EC2 instances) or for NVMe disks (for the most recent EC2 instances). Theoretically you could make do without these since there’s some ATA emulation available for bootstrapping, but if you want to do any disk I/O after the kernel finishes booting you’ll want to have a disk driver.<br>
45785 Similarly, you need support for the Xen network interface (older instances), Intel 10 GbE SR-IOV networking (some newer but pre-Nitro instances), or Amazon’s “ENA” network adapters (on Nitro instances), unless you plan on having instances which don’t communicate over the network. The ENA driver is probably the hardest thing to port, since as far as I know there’s no way to get your hands on the hardware directly, and it’s very difficult to do any debugging in EC2 without having a working network.<br>
45786 Finally, the obvious: You need to have an AWS account, and appropriate API access keys.<br>
45787 Building a disk image</p>
45788 <p>Building an AMI<br>
45789 I wrote a simple tool for converting disk images into EC2 instances: bsdec2-image-upload. It uploads a disk image to Amazon S3; makes an API call to import that disk image into an EBS volume; creates a snapshot of that volume; then registers an EC2 AMI using that snapshot.<br>
45790 To use bsdec2-image-upload, you’ll first need to create an S3 bucket for it to use as a staging area. You can call it anything you like, but I recommend that you</p>
45791 </blockquote>
45792
45793 <blockquote>
45794 <p>Create it in a “nearby” region (for performance reasons), and<br>
45795 Set an S3 “lifecycle policy” which deletes objects automatically after 1 day (since bsdec2-image-upload doesn’t clean up the S3 bucket, and those objects are useless once you’ve finished creating an AMI).</p>
45796 </blockquote>
45797
45798 <blockquote>
45799 <p>Boot configuration<br>
45800 Odds are that your instance started booting and got as far as the boot loader launching the kernel, but at some point after that things went sideways. Now we start the iterative process of building disk images, turning them into AMIs, launching said AMIs, and seeing where they break. Some things you’ll probably run into here:<br>
45801 EC2 instances have two types of console available to them: A serial console and an VGA console. (Or rather, emulated serial and emulated VGA.) If you can have your kernel output go to both consoles, I recommend doing that. If you have to pick one, the serial console (which shows up as the “System Log” in EC2) is probably more useful than the VGA console (which shows up as “instance screenshot”) since it lets you see more than one screen of logs at once; but there’s a catch: Due to some bizarre breakage in EC2 — which I’ve been complaining about for ten years — the serial console is very “laggy”. If you find that you’re not getting any output, wait five minutes and try again.<br>
45802 You may need to tell your kernel where to find the root filesystem. On FreeBSD we build our disk images using GPT labels, so we simply need to specify in /etc/fstab that the root filesystem is on /dev/gpt/rootfs; but if you can’t do this, you’ll probably need to have different AMIs for Nitro instances vs. non-Nitro instances since Xen block devices will typically show up with different device names from NVMe disks. On FreeBSD, I also needed to set the vfs.root.mountfrom kernel environment variable for a while; this also is no longer needed on FreeBSD but something similar may be needed on other systems.<br>
45803 You’ll need to enable networking, using DHCP. On FreeBSD, this means placing ifconfig_DEFAULT=“SYNCDHCP” into /etc/rc.conf; other systems will have other ways of specifying network parameters, and it may be necessary to specify a setting for the Xen network device, Intel SR-IOV network, and the Amazon ENA interface so that you’ll have the necessary configuration across all EC2 instance types. (On FreeBSD, ifconfig_DEFAULT takes care of specifying the network settings which should apply for whatever network interface the kernel finds at boot time.)<br>
45804 You’ll almost certainly want to turn on SSH, so that you can connect into newly launched instances and make use of them. Don’t worry about setting a password or creating a user to SSH into yet — we’ll take care of that later.<br>
45805 EC2 configuration<br>
45806 Now it’s time to make the AMI behave like an EC2 instance. To this end, I prepared a set of rc.d scripts for FreeBSD. Most importantly, they<br>
45807 Print the SSH host keys to the console, so that you can veriy that they are correct when you first SSH in. (Remember, Verifying SSH host keys is more important than flossing every day.)<br>
45808 Download the SSH public key you want to use for logging in, and create an account (by default, “ec2-user”) with that key set up for you.<br>
45809 Fetch EC2 user-data and process it via configinit to allow you to configure the system as part of the process of launching it.<br>
45810 If your OS has an rc system derived from NetBSD’s rc.d, you may be able to use these scripts without any changes by simply installing them and enabling them in /etc/rc.conf; otherwise you may need to write your own scripts using mine as a model.<br>
45811 Firstboot scripts<br>
45812 A feature I added to FreeBSD a few years ago is the concept of “firstboot” scripts: These startup scripts are only run the first time a system boots. The aforementioned configinit and SSH key fetching scripts are flagged this way — so if your OS doesn’t support the “firstboot” keyword on rc.d scripts you’ll need to hack around that — but EC2 instances also ship with other scripts set to run on the first boot:<br>
45813 FreeBSD Update will fetch and install security and critical errata updates, and then reboot the system if necessary.<br>
45814 The UFS filesystem on the “boot disk” will be automatically expanded to the full size of the disk — this makes it possible to specify a larger size of disk at EC2 instance launch time.<br>
45815 Third-party packages will be automatically fetched and installed, according to a list in /etc/rc.conf. This is most useful if configinit is used to edit /etc/rc.conf, since it allows you to specify packages to install via the EC2 user-data.<br>
45816 While none of these are strictly necessary, I find them to be extremely useful and highly recommend implementing similar functionality in your systems.<br>
45817 Support my work!<br>
45818 I hope you find this useful, or at very least interesting. Please consider supporting my work in this area; while I’m happy to contribute my time to supporting open source software, it would be nice if I had money coming in which I could use to cover incidental expenses (e.g., conference travel) so that I didn’t end up paying to contribute to FreeBSD.</p>
45819 </blockquote>
45820
45821 <p><hr></p>
45822
45823 <p><strong>Digital Ocean</strong><br>
45824 <a href="https://do.co/bsdnow">https://do.co/bsdnow</a></p>
45825
45826 <p>###<a href="https://cacm.acm.org/magazines/2018/8/229771-traceability/fulltext">Traceability, by Vint Cerf</a></p>
45827
45828 <ul>
45829 <li>A recent article from the August issue of the Communications of the ACM, for your contemplation:</li>
45830 </ul>
45831
45832 <blockquote>
45833 <p>At a recent workshop on cybersecurity in the U.K., a primary topic of consideration was how to preserve the freedom and openness of the Internet while protecting against the harmful behaviors that have emerged in this global medium. That this is a significant challenge cannot be overstated. The bad behaviors range from social network bullying and misinformation to email spam, distributed denial of service attacks, direct cyberattacks against infrastructure, malware propagation, identity theft, and a host of other ills requiring a wide range of technical and legal considerations. That these harmful behaviors can and do cross international boundaries only makes it more difficult to fashion effective responses.<br>
45834 In other columns, I have argued for better software development tools to reduce the common mistakes that lead to vulnerabilities that are exploited. Here, I want to focus on another aspect of response related to law enforcement and tracking down perpetrators. Of course, not all harms are (or perhaps are not yet) illegal, but discovering those who cause them may still be warranted. The recent adoption and implementation of the General Data Protection Regulation (GDPR) in the European Union creates an interesting tension because it highlights the importance and value of privacy while those who do direct or indirect harm must be tracked down and their identities discovered.<br>
45835 In passing, I mention that cryptography has sometimes been blamed for protecting the identity or actions of criminals but it is also a tool for protecting privacy. Arguments have been made for “back doors” to cryptographic systems but I am of the opinion that such proposals carry extremely high risk to privacy and safety. It is not my intent to argue this question in this column.<br>
45836 What is of interest to me is a concept to which I was introduced at the Ditchley workshop, specifically, differential traceability. The ability to trace bad actors to bring them to justice seems to me an important goal in a civilized society. The tension with privacy protection leads to the idea that only under appropriate conditions can privacy be violated. By way of example, consider license plates on cars. They are usually arbitrary identifiers and special authority is needed to match them with the car owners (unless, of course, they are vanity plates like mine: “Cerfsup”). This is an example of differential traceability; the police department has the authority to demand ownership information from the Department of Motor Vehicles that issues the license plates. Ordinary citizens do not have this authority.<br>
45837 In the Internet environment there are a variety of identifiers associated with users (including corporate users). Domain names, IP addresses, email addresses, and public cryptography keys are examples among many others. Some of these identifiers are dynamic and thus ambiguous. For example, IP addresses are not always permanent and may change (for example, temporary IP addresses assigned at Wi-Fi hotspots) or may be ambiguous in the case of Network Address Translation. Information about the time of assignment and the party to whom an IP address was assigned may be needed to identify an individual user. There has been considerable debate and even a recent court case regarding requirements to register users in domain name WHOIS databases in the context of the adoption of GDPR. If we are to accomplish the simultaneous objectives of protecting privacy while apprehending those engaged in harmful or criminal behavior on the Internet, we must find some balance between conflicting but desirable outcomes.<br>
45838 This suggests to me that the notion of traceability under (internationally?) agreed circumstances (that is, differential traceability) might be a fruitful concept to explore. In most societies today, it is accepted that we must be identifiable to appropriate authorities under certain conditions (consider border crossings, traffic violation stops as examples). While there are conditions under which apparent anonymity is desirable and even justifiable (whistle-blowing, for example) absolute anonymity is actually quite difficult to achieve (another point made at the Ditchley workshop) and might not be absolutely desirable given the misbehaviors apparent anonymity invites. I expect this is a controversial conclusion and I look forward to subsequent discussion.</p>
45839 </blockquote>
45840
45841 <p><hr></p>
45842
45843 <p>###<a href="https://blackdot.be/2018/08/remote-access-console-using-raspberry-pi-3b-and-freebsd/">Remote Access Console using FreeBSD on an RPi3</a></p>
45844
45845 <ul>
45846 <li>Our friend, and FOSDEM Booth Neighbour, Jorge, has posted a tutorial on how he created a remote access console for his SmartOS server and other machines in his homelab</li>
45847 <li>Parts:</li>
45848 <li>Raspberry Pi 3 B+</li>
45849 <li>NavoLabs micro POE Hat</li>
45850 <li>FT4232H based USB-to-RS232 (4x) adapter</li>
45851 <li>Official Raspberry Pi case (optional)</li>
45852 <li>Heat-sink kit (optional)</li>
45853 <li>USB-to-TTL adaptor (optional)</li>
45854 <li>Sandisk 16Gb microSD</li>
45855 </ul>
45856
45857 <blockquote>
45858 <p>For the software I ended up using conserver. Below is a very brief tutorial on how to set everything up. I assume you have basic unix skills.</p>
45859 </blockquote>
45860
45861 <ul>
45862 <li>Get an RPi3 image, make some minor modifications for RPi3+, and write it to the USB stick</li>
45863 <li>Configure FreeBSD on the RPi3
45864 <ul>
45865 <li>Load the ‘muge’ Ethernet Driver</li>
45866 <li>Load USB serial support</li>
45867 <li>Load the FTDI driver</li>
45868 <li>Enable SSHd and Conserver</li>
45869 <li>Configure Conserver</li>
45870 <li>Setup log rotation</li>
45871 <li>Start Conserver</li>
45872 </ul>
45873
45874 <p></li><br>
45875 <li>And you’re good to go</li><br>
45876 </ul></p>
45877
45878 <blockquote>
45879 <p>A small bonus script I wrote to turn on the 2nd LED on the rPI once the system is booted, it will then blink the LED if someone is connected to any of the consoles.</p>
45880 </blockquote>
45881
45882 <ul>
45883 <li>There is also a followup post with some additional tips: <a href="https://blackdot.be/2018/08/freebsd-uart-and-raspberry-pi-3-b/">https://blackdot.be/2018/08/freebsd-uart-and-raspberry-pi-3-b/</a></li>
45884 </ul>
45885
45886 <p><hr></p>
45887
45888 <p>##Beastie Bits</p>
45889
45890 <ul>
45891 <li><a href="https://twitter.com/ungleich/status/1031501391792156673">Annual Penguin Races</a></li>
45892 <li><a href="http://www.mcternan.me.uk/mscgen/">Mscgen - Message Sequence Chart generator</a></li>
45893 <li><a href="https://reviews.freebsd.org/D16723">This patch makes FreeBSD boot 500 - 800ms faster, please test on your hardware</a></li>
45894 <li><a href="https://svnweb.freebsd.org/base?view=revision&revision=338059">FreeBSD’s arc4random() replaced with OpenBSD ChaCha20 implementation</a></li>
45895 <li><a href="https://twitter.com/freebsdfndation/status/1031590348768915456">MeetBSD Devsummit open for registrations</a></li>
45896 <li><a href="https://mwl.io/archives/3654">New Podcast interview with Michael W. Lucas</a></li>
45897 </ul>
45898
45899 <p><hr></p>
45900
45901 <p><strong>Tarsnap</strong></p>
45902
45903 <p>##Feedback/Questions<br>
45904 We need more feedback emails. Please write to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></p>
45905
45906 <p>Additionally, we are considering a new segment to be added to the end of the show (to make it skippable), where we have a ~15 minute deep dive on a topic. Some initial ideas are on the Virtual Memory subsystem, the Scheduler, Capsicum, and GEOM. What topics would you like to get very detailed explanations of? Many of the explanations may have accompanying graphics, and not be very suitable for audio only listeners, that is why we are planning to put it at the very end of the episode.</p>
45907
45908 <p><hr></p>
45909
45910 <ul>
45911 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
45912 </ul>]]>
45913 </itunes:summary>
45914 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+83R7M4lm</fireside:playerURL>
45915 <fireside:playerEmbedCode>
45916 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+83R7M4lm" width="740" height="200" frameborder="0" scrolling="no">]]>
45917 </fireside:playerEmbedCode>
45918 </item>
45919 <item>
45920 <title>Episode 259: Long Live Unix | BSD Now 259</title>
45921 <link>https://www.bsdnow.tv/259</link>
45922 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-2433</guid>
45923 <pubDate>Thu, 16 Aug 2018 00:00:00 -0700</pubDate>
45924 <author>Allan Jude</author>
45925 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/f1dc9150-bd92-4004-9643-095d9da96886.mp3" length="64748796" type="audio/mp3"/>
45926 <itunes:episodeType>full</itunes:episodeType>
45927 <itunes:author>Allan Jude</itunes:author>
45928 <itunes:subtitle>The strange birth and long life of Unix, FreeBSD jail with a single public IP, EuroBSDcon 2018 talks and schedule, OpenBSD on G4 iBook, PAM template user, ZFS file server, and reflections on one year of OpenBSD use.</itunes:subtitle>
45929 <itunes:duration>1:47:36</itunes:duration>
45930 <itunes:explicit>no</itunes:explicit>
45931 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
45932 <description>The strange birth and long life of Unix, FreeBSD jail with a single public IP, EuroBSDcon 2018 talks and schedule, OpenBSD on G4 iBook, PAM template user, ZFS file server, and reflections on one year of OpenBSD use.
45933 <h3><a id="Picking_the_contest_winner_0"></a>Picking the contest winner</h3>
45934 <ol>
45935 <li>Vincent</li>
45936 <li>Bostjan</li>
45937 <li>Andrew</li>
45938 <li>Klaus-Hendrik</li>
45939 <li>Will</li>
45940 <li>Toby</li>
45941 <li>Johnny</li>
45942 <li>David</li>
45943 <li>manfrom</li>
45944 <li>Niclas</li>
45945 <li>Gary</li>
45946 <li>Eddy</li>
45947 <li>Bruce</li>
45948 <li>Lizz</li>
45949 <li>Jim</li>
45950 </ol>
45951 <p><a href="https://www.random.org/integers/?num=1&amp;min=0&amp;max=15&amp;col=1&amp;base=10&amp;format=html&amp;rnd=new">Random number generator</a></p>
45952 <p>##Headlines<br>
45953 ###<a href="https://spectrum.ieee.org/tech-history/cyberspace/the-strange-birth-and-long-life-of-unix">The Strange Birth and Long Life of Unix</a></p>
45954 <blockquote>
45955 <p>They say that when one door closes on you, another opens. People generally offer this bit of wisdom just to lend some solace after a misfortune. But sometimes it’s actually true. It certainly was for Ken Thompson and the late Dennis Ritchie, two of the greats of 20th-century information technology, when they created the Unix operating system, now considered one of the most inspiring and influential pieces of software ever written.<br>
45956 A door had slammed shut for Thompson and Ritchie in March of 1969, when their employer, the American Telephone &amp; Telegraph Co., withdrew from a collaborative project with the Massachusetts Institute of Technology and General Electric to create an interactive time-sharing system called Multics, which stood for “Multiplexed Information and Computing Service.” Time-sharing, a technique that lets multiple people use a single computer simultaneously, had been invented only a decade earlier. Multics was to combine time-sharing with other technological advances of the era, allowing users to phone a computer from remote terminals and then read e-mail, edit documents, run calculations, and so forth. It was to be a great leap forward from the way computers were mostly being used, with people tediously preparing and submitting batch jobs on punch cards to be run one by one.<br>
45957 Over five years, AT&amp;T invested millions in the Multics project, purchasing a GE-645 mainframe computer and dedicating to the effort many of the top researchers at the company’s renowned Bell Telephone Laboratories—including Thompson and Ritchie, Joseph F. Ossanna, Stuart Feldman, M. Douglas McIlroy, and the late Robert Morris. But the new system was too ambitious, and it fell troublingly behind schedule. In the end, AT&amp;T’s corporate leaders decided to pull the plug.<br>
45958 After AT&amp;T’s departure from the Multics project, managers at Bell Labs, in Murray Hill, N.J., became reluctant to allow any further work on computer operating systems, leaving some researchers there very frustrated. Although Multics hadn’t met many of its objectives, it had, as Ritchie later recalled, provided them with a “convenient interactive computing service, a good environment in which to do programming, [and] a system around which a fellowship could form.” Suddenly, it was gone.<br>
45959 With heavy hearts, the researchers returned to using their old batch system. At such an inauspicious moment, with management dead set against the idea, it surely would have seemed foolhardy to continue designing computer operating systems. But that’s exactly what Thompson, Ritchie, and many of their Bell Labs colleagues did. Now, some 40 years later, we should be thankful that these programmers ignored their bosses and continued their labor of love, which gave the world Unix, one of the greatest computer operating systems of all time.<br>
45960 The rogue project began in earnest when Thompson, Ritchie, and a third Bell Labs colleague, Rudd Canaday, began to sketch out on paper the design for a file system. Thompson then wrote the basics of a new operating system for the lab’s GE-645 mainframe. But with the Multics project ended, so too was the need for the GE-645. Thompson realized that any further programming he did on it was likely to go nowhere, so he dropped the effort.<br>
45961 Thompson had passed some of his time after the demise of Multics writing a computer game called Space Travel, which simulated all the major bodies in the solar system along with a spaceship that could fly around them. Written for the GE-645, Space Travel was clunky to play—and expensive: roughly US $75 a game for the CPU time. Hunting around, Thompson came across a dusty PDP-7, a minicomputer built by Digital Equipment Corp. that some of his Bell Labs colleagues had purchased earlier for a circuit-analysis project. Thompson rewrote Space Travel to run on it.<br>
45962 And with that little programming exercise, a second door cracked ajar. It was to swing wide open during the summer of 1969 when Thompson’s wife, Bonnie, spent a month visiting his parents to show off their newborn son. Thompson took advantage of his temporary bachelor existence to write a good chunk of what would become the Unix operating system for the discarded PDP‑7. The name Unix stems from a joke one of Thompson’s colleagues made: Because the new operating system supported only one user (Thompson), he saw it as an emasculated version of Multics and dubbed it “Un-multiplexed Information and Computing Service,” or Unics. The name later morphed into Unix.<br>
45963 Initially, Thompson used the GE-645 to compose and compile the software, which he then downloaded to the PDP‑7. But he soon weaned himself from the mainframe, and by the end of 1969 he was able to write operating-system code on the PDP-7 itself. That was a step in the right direction. But Thompson and the others helping him knew that the PDP‑7, which was already obsolete, would not be able to sustain their skunkworks for long. They also knew that the lab’s management wasn’t about to allow any more research on operating systems.<br>
45964 So Thompson and Ritchie got creative. They formulated a proposal to their bosses to buy one of DEC’s newer minicomputers, a PDP-11, but couched the request in especially palatable terms. They said they were aiming to create tools for editing and formatting text, what you might call a word-processing system today. The fact that they would also have to write an operating system for the new machine to support the editor and text formatter was almost a footnote.<br>
45965 Management took the bait, and an order for a PDP-11 was placed in May 1970. The machine itself arrived soon after, although the disk drives for it took more than six months to appear. During the interim, Thompson, Ritchie, and others continued to develop Unix on the PDP-7. After the PDP-11’s disks were installed, the researchers moved their increasingly complex operating system over to the new machine. Next they brought over the roff text formatter written by Ossanna and derived from the runoff program, which had been used in an earlier time-sharing system.<br>
45966 Unix was put to its first real-world test within Bell Labs when three typists from AT&amp;T’s patents department began using it to write, edit, and format patent applications. It was a hit. The patent department adopted the system wholeheartedly, which gave the researchers enough credibility to convince management to purchase another machine—a newer and more powerful PDP-11 model—allowing their stealth work on Unix to continue.<br>
45967 During its earliest days, Unix evolved constantly, so the idea of issuing named versions or releases seemed inappropriate. But the researchers did issue new editions of the programmer’s manual periodically, and the early Unix systems were named after each such edition. The first edition of the manual was completed in November 1971.<br>
45968 So what did the first edition of Unix offer that made it so great? For one thing, the system provided a hierarchical file system, which allowed something we all now take for granted: Files could be placed in directories—or equivalently, folders—that in turn could be put within other directories. Each file could contain no more than 64 kilobytes, and its name could be no more than six characters long. These restrictions seem awkwardly limiting now, but at the time they appeared perfectly adequate.<br>
45969 Although Unix was ostensibly created for word processing, the only editor available in 1971 was the line-oriented ed. Today, ed is still the only editor guaranteed to be present on all Unix systems. Apart from the text-processing and general system applications, the first edition of Unix included games such as blackjack, chess, and tic-tac-toe. For the system administrator, there were tools to dump and restore disk images to magnetic tape, to read and write paper tapes, and to create, check, mount, and unmount removable disk packs.<br>
45970 Most important, the system offered an interactive environment that by this time allowed time-sharing, so several people could use a single machine at once. Various programming languages were available to them, including BASIC, Fortran, the scripting of Unix commands, assembly language, and B. The last of these, a descendant of a BCPL (Basic Combined Programming Language), ultimately evolved into the immensely popular C language, which Ritchie created while also working on Unix.<br>
45971 The first edition of Unix let programmers call 34 different low-level routines built into the operating system. It’s a testament to the system’s enduring nature that nearly all of these system calls are still available—and still heavily used—on modern Unix and Linux systems four decades on. For its time, first-edition Unix provided a remarkably powerful environment for software development. Yet it contained just 4200 lines of code at its heart and occupied a measly 16 KB of main memory when it ran.<br>
45972 Unix’s great influence can be traced in part to its elegant design, simplicity, portability, and serendipitous timing. But perhaps even more important was the devoted user community that soon grew up around it. And that came about only by an accident of its unique history.<br>
45973 The story goes like this: For years Unix remained nothing more than a Bell Labs research project, but by 1973 its authors felt the system was mature enough for them to present a paper on its design and implementation at a symposium of the Association for Computing Machinery. That paper was published in 1974 in the Communications of the ACM. Its appearance brought a flurry of requests for copies of the software.<br>
45974 This put AT&amp;T in a bind. In 1956, AT&amp;T had agreed to a U.S government consent decree that prevented the company from selling products not directly related to telephones and telecommunications, in return for its legal monopoly status in running the country’s long-distance phone service. So Unix could not be sold as a product. Instead, AT&amp;T released the Unix source code under license to anyone who asked, charging only a nominal fee. The critical wrinkle here was that the consent decree prevented AT&amp;T from supporting Unix. Indeed, for many years Bell Labs researchers proudly displayed their Unix policy at conferences with a slide that read, “No advertising, no support, no bug fixes, payment in advance.”<br>
45975 With no other channels of support available to them, early Unix adopters banded together for mutual assistance, forming a loose network of user groups all over the world. They had the source code, which helped. And they didn’t view Unix as a standard software product, because nobody seemed to be looking after it. So these early Unix users themselves set about fixing bugs, writing new tools, and generally improving the system as they saw fit.<br>
45976 The Usenix user group acted as a clearinghouse for the exchange of Unix software in the United States. People could send in magnetic tapes with new software or fixes to the system and get back tapes with the software and fixes that Usenix had received from others. In Australia, the University of New South Wales and the University of Sydney produced a more robust version of Unix, the Australian Unix Share Accounting Method, which could cope with larger numbers of concurrent users and offered better performance.<br>
45977 By the mid-1970s, the environment of sharing that had sprung up around Unix resembled the open-source movement so prevalent today. Users far and wide were enthusiastically enhancing the system, and many of their improvements were being fed back to Bell Labs for incorporation in future releases. But as Unix became more popular, AT&amp;T’s lawyers began looking harder at what various licensees were doing with their systems.<br>
45978 One person who caught their eye was John Lions, a computer scientist then teaching at the University of New South Wales, in Australia. In 1977, he published what was probably the most famous computing book of the time, A Commentary on the Unix Operating System, which contained an annotated listing of the central source code for Unix.<br>
45979 Unix’s licensing conditions allowed for the exchange of source code, and initially, Lions’s book was sold to licensees. But by 1979, AT&amp;T’s lawyers had clamped down on the book’s distribution and use in academic classes. The antiauthoritarian Unix community reacted as you might expect, and samizdat copies of the book spread like wildfire. Many of us have nearly unreadable nth-generation photocopies of the original book.<br>
45980 End runs around AT&amp;T’s lawyers indeed became the norm—even at Bell Labs. For example, between the release of the sixth edition of Unix in 1975 and the seventh edition in 1979, Thompson collected dozens of important bug fixes to the system, coming both from within and outside of Bell Labs. He wanted these to filter out to the existing Unix user base, but the company’s lawyers felt that this would constitute a form of support and balked at their release. Nevertheless, those bug fixes soon became widely distributed through unofficial channels. For instance, Lou Katz, the founding president of Usenix, received a phone call one day telling him that if he went down to a certain spot on Mountain Avenue (where Bell Labs was located) at 2 p.m., he would find something of interest. Sure enough, Katz found a magnetic tape with the bug fixes, which were rapidly in the hands of countless users.<br>
45981 By the end of the 1970s, Unix, which had started a decade earlier as a reaction against the loss of a comfortable programming environment, was growing like a weed throughout academia and the IT industry. Unix would flower in the early 1980s before reaching the height of its popularity in the early 1990s.<br>
45982 For many reasons, Unix has since given way to other commercial and noncommercial systems. But its legacy, that of an elegant, well-designed, comfortable environment for software development, lives on. In recognition of their accomplishment, Thompson and Ritchie were given the Japan Prize earlier this year, adding to a collection of honors that includes the United States’ National Medal of Technology and Innovation and the Association of Computing Machinery’s Turing Award. Many other, often very personal, tributes to Ritchie and his enormous influence on computing were widely shared after his death this past October.<br>
45983 Unix is indeed one of the most influential operating systems ever invented. Its direct descendants now number in the hundreds. On one side of the family tree are various versions of Unix proper, which began to be commercialized in the 1980s after the Bell System monopoly was broken up, freeing AT&amp;T from the stipulations of the 1956 consent decree. On the other side are various Unix-like operating systems derived from the version of Unix developed at the University of California, Berkeley, including the one Apple uses today on its computers, OS X. I say “Unix-like” because the developers of the Berkeley Software Distribution (BSD) Unix on which these systems were based worked hard to remove all the original AT&amp;T code so that their software and its descendants would be freely distributable.<br>
45984 The effectiveness of those efforts were, however, called into question when the AT&amp;T subsidiary Unix System Laboratories filed suit against Berkeley Software Design and the Regents of the University of California in 1992 over intellectual property rights to this software. The university in turn filed a counterclaim against AT&amp;T for breaches to the license it provided AT&amp;T for the use of code developed at Berkeley. The ensuing legal quagmire slowed the development of free Unix-like clones, including 386BSD, which was designed for the Intel 386 chip, the CPU then found in many IBM PCs.<br>
45985 Had this operating system been available at the time, Linus Torvalds says he probably wouldn’t have created Linux, an open-source Unix-like operating system he developed from scratch for PCs in the early 1990s. Linux has carried the Unix baton forward into the 21st century, powering a wide range of digital gadgets including wireless routers, televisions, desktop PCs, and Android smartphones. It even runs some supercomputers.<br>
45986 Although AT&amp;T quickly settled its legal disputes with Berkeley Software Design and the University of California, legal wrangling over intellectual property claims to various parts of Unix and Linux have continued over the years, often involving byzantine corporate relations. By 2004, no fewer than five major lawsuits had been filed. Just this past August, a software company called the TSG Group (formerly known as the SCO Group), lost a bid in court to claim ownership of Unix copyrights that Novell had acquired when it purchased the Unix System Laboratories from AT&amp;T in 1993.<br>
45987 As a programmer and Unix historian, I can’t help but find all this legal sparring a bit sad. From the very start, the authors and users of Unix worked as best they could to build and share, even if that meant defying authority. That outpouring of selflessness stands in sharp contrast to the greed that has driven subsequent legal battles over the ownership of Unix.<br>
45988 The world of computer hardware and software moves forward startlingly fast. For IT professionals, the rapid pace of change is typically a wonderful thing. But it makes us susceptible to the loss of our own history, including important lessons from the past. To address this issue in a small way, in 1995 I started a mailing list of old-time Unix aficionados. That effort morphed into the Unix Heritage Society. Our goal is not only to save the history of Unix but also to collect and curate these old systems and, where possible, bring them back to life. With help from many talented members of this society, I was able to restore much of the old Unix software to working order, including Ritchie’s first C compiler from 1972 and the first Unix system to be written in C, dating from 1973.<br>
45989 One holy grail that eluded us for a long time was the first edition of Unix in any form, electronic or otherwise. Then, in 2006, Al Kossow from the Computer History Museum, in Mountain View, Calif., unearthed a printed study of Unix dated 1972, which not only covered the internal workings of Unix but also included a complete assembly listing of the kernel, the main component of this operating system. This was an amazing find—like discovering an old Ford Model T collecting dust in a corner of a barn. But we didn’t just want to admire the chrome work from afar. We wanted to see the thing run again.<br>
45990 In 2008, Tim Newsham, an independent programmer in Hawaii, and I assembled a team of like-minded Unix enthusiasts and set out to bring this ancient system back from the dead. The work was technically arduous and often frustrating, but in the end, we had a copy of the first edition of Unix running on an emulated PDP-11/20. We sent out messages announcing our success to all those we thought would be interested. Thompson, always succinct, simply replied, “Amazing.” Indeed, his brainchild was amazing, and I’ve been happy to do what I can to make it, and the story behind it, better known.</p>
45991 </blockquote>
45992 <hr>
45993 <p><strong>Digital Ocean</strong><br>
45994 <a href="http://do.co/bsdnow">http://do.co/bsdnow</a></p>
45995 <p>###<a href="https://www.davd.eu/posts-freebsd-jails-with-a-single-public-ip-address/">FreeBSD jails with a single public IP address</a></p>
45996 <blockquote>
45997 <p>Jails in FreeBSD provide a simple yet flexible way to set up a proper server layout. In the most setups the actual server only acts as the host system for the jails while the applications themselves run within those independent containers. Traditionally every jail has it’s own IP for the user to be able to address the individual services. But if you’re still using IPv4 this might get you in trouble as the most hosters don’t offer more than one single public IP address per server.</p>
45998 </blockquote>
45999 <ul>
46000 <li>Create the internal network</li>
46001 </ul>
46002 <blockquote>
46003 <p>In this case NAT (“Network Address Translation”) is a good way to expose services in different jails using the same IP address.<br>
46004 First, let’s create an internal network (“NAT network”) at 192.168.0.0/24. You could generally use any private IPv4 address space as specified in RFC 1918. Here’s an overview: <a href="https://en.wikipedia.org/wiki/Private_network">https://en.wikipedia.org/wiki/Privatenetwork</a>. Using pf, FreeBSD’s firewall, we will map requests on different ports of the same public IP address to our individual jails as well as provide network access to the jails themselves.<br>
46005 First let’s check which network devices are available. In my case there’s em0 which provides connectivity to the internet and lo0, the local loopback device.</p>
46006 </blockquote>
46007 <pre><code class="language-em0:"> options=209b&lt;RXCSUM,TXCSUM,VLANMTU,VLANHWTAGGING,VLANHWCSUM,WOLMAGIC&gt;
46008 [...]
46009 inet 172.31.1.100 netmask 0xffffff00 broadcast 172.31.1.255
46010 nd6 options=23&lt;PERFORMNUD,ACCEPTRTADV,AUTO_LINKLOCAL&gt;
46011 media: Ethernet autoselect (1000baseT &lt;full-duplex&gt;)
46012 status: active
46013 lo0: flags=8049&lt;UP,LOOPBACK,RUNNING,MULTICAST&gt; metric 0 mtu 16384
46014 options=600003&lt;RXCSUM,TXCSUM,RXCSUMIPV6,TXCSUMIPV6&gt;
46015 inet6 ::1 prefixlen 128
46016 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
46017 inet 127.0.0.1 netmask 0xff000000
46018 nd6 options=21&lt;PERFORMNUD,AUTO_LINKLOCAL&gt;```
46019 &gt; For our internal network, we create a cloned loopback device called lo1. Therefore we need to customize the /etc/rc.conf file, adding the following two lines:
46020 cloned_interfaces=&quot;lo1&quot;
46021 ipv4_addrs_lo1=&quot;192.168.0.1-9/29&quot;
46022 &gt; This defines a /29 network, offering IP addresses for a maximum of 6 jails:
46023 ipcalc 192.168.0.1/29
46024 Address: 192.168.0.1 11000000.10101000.00000000.00000 001
46025 Netmask: 255.255.255.248 = 29 11111111.11111111.11111111.11111 000
46026 Wildcard: 0.0.0.7 00000000.00000000.00000000.00000 111
46027 =&gt;
46028 Network: 192.168.0.0/29 11000000.10101000.00000000.00000 000
46029 HostMin: 192.168.0.1 11000000.10101000.00000000.00000 001
46030 HostMax: 192.168.0.6 11000000.10101000.00000000.00000 110
46031 Broadcast: 192.168.0.7 11000000.10101000.00000000.00000 111
46032 Hosts/Net: 6 Class C, Private Internet
46033 &gt; Then we need to restart the network. Please be aware of currently active SSH sessions as they might be dropped during restart. It’s a good moment to ensure you have KVM access to that server ;-)
46034 service netif restart
46035 &gt; After reconnecting, our newly created loopback device is active:
46036 lo1: flags=8049&lt;UP,LOOPBACK,RUNNING,MULTICAST&gt; metric 0 mtu 16384
46037 options=600003&lt;RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6&gt;
46038 inet 192.168.0.1 netmask 0xfffffff8
46039 inet 192.168.0.2 netmask 0xffffffff
46040 inet 192.168.0.3 netmask 0xffffffff
46041 inet 192.168.0.4 netmask 0xffffffff
46042 inet 192.168.0.5 netmask 0xffffffff
46043 inet 192.168.0.6 netmask 0xffffffff
46044 inet 192.168.0.7 netmask 0xffffffff
46045 inet 192.168.0.8 netmask 0xffffffff
46046 inet 192.168.0.9 netmask 0xffffffff
46047 nd6 options=29&lt;PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL&gt;
46048 Setting up
46049 &gt; pf part of the FreeBSD base system, so we only have to configure and enable it. By this moment you should already have a clue of which services you want to expose. If this is not the case, just fix that file later on. In my example configuration, I have a jail running a webserver and another jail running a mailserver:
46050 Public IP address
46051 IP_PUB=&quot;1.2.3.4&quot;
46052 Packet normalization
46053 scrub in all
46054 Allow outbound connections from within the jails
46055 nat on em0 from lo1:network to any -&gt; (em0)
46056 webserver jail at 192.168.0.2
46057 rdr on em0 proto tcp from any to $IP_PUB port 443 -&gt; 192.168.0.2
46058 just an example in case you want to redirect to another port within your jail
46059 rdr on em0 proto tcp from any to $IP_PUB port 80 -&gt; 192.168.0.2 port 8080
46060 mailserver jail at 192.168.0.3
46061 rdr on em0 proto tcp from any to $IP_PUB port 25 -&gt; 192.168.0.3
46062 rdr on em0 proto tcp from any to $IP_PUB port 587 -&gt; 192.168.0.3
46063 rdr on em0 proto tcp from any to $IP_PUB port 143 -&gt; 192.168.0.3
46064 rdr on em0 proto tcp from any to $IP_PUB port 993 -&gt; 192.168.0.3
46065 &gt; Now just enable pf like this (which is the equivalent of adding pf_enable=YES to /etc/rc.conf):
46066 sysrc pf_enable=&quot;YES&quot;
46067 &gt; and start it:
46068 service pf start
46069 Install ezjail
46070 &gt; Ezjail is a collection of scripts by erdgeist that allow you to easily manage your jails.
46071 pkg install ezjail
46072 &gt; As an alternative, you could install ezjail from the ports tree. Now we need to set up the basejail which contains the shared base system for our jails. In fact, every jail that you create get’s will use that basejail to symlink directories related to the base system like /bin and /sbin. This can be accomplished by running
46073 ezjail-admin install
46074 &gt; In the next step, we’ll copy the /etc/resolv.conf file from our host to the newjail, which is the template for newly created jails (the parts that are not provided by basejail), to ensure that domain resolution will work properly within our jails later on:
46075 cp /etc/resolv.conf /usr/jails/newjail/etc/
46076 &gt; Last but not least, we enable ezjail and start it:
46077 sysrc ezjail_enable=&quot;YES&quot;
46078 service ezjail start
46079 Create a jail
46080 &gt; Creating a jail is as easy as it could probably be:
46081 ezjail-admin create webserver 192.168.0.2
46082 ezjail-admin start webserver
46083 &gt; Now you can access your jail using:
46084 ezjail-admin console webserver
46085 &gt; Each jail contains a vanilla FreeBSD installation.
46086 Deploy services
46087 &gt; Now you can spin up as many jails as you want to set up your services like web, mail or file shares. You should take care not to enable sshd within your jails, because that would cause problems with the service’s IP bindings. But this is not a problem, just SSH to the host and enter your jail using ezjail-admin console.
46088 EuroBSDcon 2018 Talks &amp; Schedule (https://2018.eurobsdcon.org/talks-schedule/)
46089 News Roundup
46090 OpenBSD on an iBook G4 (https://bobstechsite.com/openbsd-on-an-ibook-g4/)
46091 &gt; I've mentioned on social media and on the BTS podcast a few times that I wanted to try installing OpenBSD onto an old &quot;snow white&quot; iBook G4 I acquired last summer to see if I could make it a useful machine again in the year 2018. This particular eBay purchase came with a 14&quot; 1024x768 TFT screen, 1.07GHz PowerPC G4 processor, 1.5GB RAM, 100GB of HDD space and an ATI Radeon 9200 graphics card with 32 MB of SDRAM. The optical drive, ethernet port, battery &amp; USB slots are also fully-functional. The only thing that doesn't work is the CMOS battery, but that's not unexpected for a device that was originally released in 2004.
46092 Initial experiments
46093 &gt; This iBook originally arrived at my door running Apple Mac OSX Leopard and came with the original install disk, the iLife &amp; iWork suites for 2008, various instruction manuals, a working power cable and a spare keyboard. As you'll see in the pictures I took for this post the characters on the buttons have started to wear away from 14 years of intensive use, but the replacement needs a very good clean before I decide to swap it in!
46094 &gt; After spending some time exploring the last version of OSX to support the IBM PowerPC processor architecture I tried to see if the hardware was capable of modern computing with Linux. Something I knew ahead of trying this was that the WiFi adapter was unlikely to work because it's a highly proprietary component designed by Apple to work specifically with OSX and nothing else, but I figured I could probably use a wireless USB dongle later to get around this limitation.
46095 &gt; Unfortunately I found that no recent versions of mainstream Linux distributions would boot off this machine. Debian has dropped support 32-bit PowerPC architectures and the PowerPC variants of Ubuntu 16.04 LTS (vanilla, MATE and Lubuntu) wouldn't even boot the installer! The only distribution I could reliably install on the hardware was Lubuntu 14.04 LTS.
46096 &gt; Unfortunately I'm not the biggest fan of the LXDE desktop for regular work and a lot of ported applications were old and broken because it clearly wasn't being maintained by people that use the hardware anymore. Ubuntu 14.04 is also approaching the end of its support life in early 2019, so this limited solution also has a limited shelf-life.
46097 Over to BSD
46098 &gt; I discussed this problem with a few people on Mastodon and it was pointed out to me that OSX is built on the Darwin kernel, which happens to be a variant of BSD. NetBSD and OpenBSD fans in particular convinced me that their communities still saw the value of supporting these old pieces of kit and that I should give BSD a try.
46099 &gt; So yesterday evening I finally downloaded the &quot;macppc&quot; version of OpenBSD 6.3 with no idea what to expect. I hoped for the best but feared the worst because my last experience with this operating system was trying out PC-BSD in 2008 and discovering with disappointment that it didn't support any of the hardware on my Toshiba laptop.
46100 &gt; When I initially booted OpenBSD I was a little surprised to find the login screen provided no visual feedback when I typed in my password, but I can understand the security reasons for doing that. The initial desktop environment that was loaded was very basic. All I could see was a console output window, a terminal and a desktop switcher in the X11 environment the system had loaded.
46101 &gt; After a little Googling I found this blog post had some fantastic instructions to follow for the post-installation steps: https://sohcahtoa.org.uk/openbsd.html. I did have to adjust them slightly though because my iBook only has 1.5GB RAM and not every package that page suggests is available on macppc by default. You can see a full list here: https://ftp.openbsd.org/pub/OpenBSD/6.3/packages/powerpc/.
46102 Final thoughts
46103 &gt; I was really impressed with the performance of OpenBSD's &quot;macppc&quot; port. It boots much faster than OSX Leopard on the same hardware and unlike Lubuntu 14.04 it doesn't randomly hang for no reason or crash if you launch something demanding like the GIMP.
46104 &gt; I was pleased to see that the command line tools I'm used to using on Linux have been ported across too. OpenBSD also had no issues with me performing basic desktop tasks on XFCE like browsing the web with NetSurf, playing audio files with VLC and editing images with the GIMP. Limited gaming is also theoretically possible if you're willing to build them (or an emulator) from source with SDL support.
46105 &gt; If I wanted to use this system for heavy duty work then I'd probably be inclined to run key applications like LibreOffice on a Raspberry Pi and then connect my iBook G4 to those using VNC or an SSH connection with X11 forwarding. BSD is UNIX after all, so using my ancient laptop as a dumb terminal should work reasonably well.
46106 &gt; In summary I was impressed with OpenBSD and its ability to breathe new life into this old Apple Mac. I'm genuinely excited about the idea of trying BSD with other devices on my network such as an old Asus Eee PC 900 netbook and at least one of the many Raspberry Pi devices I use. Whether I go the whole hog and replace Fedora on my main production laptop though remains to be seen!
46107 The template user with PAM and login(1) (http://oshogbo.vexillium.org/blog/48)
46108 &gt; When you build a new service (or an appliance) you need your users to be able to configure it from the command line. To accomplish this you can create system accounts for all registered users in your service and assign them a special login shell which provides such limited functionality. This can be painful if you have a dynamic user database.
46109 &gt; Another challenge is authentication via remote services such as RADIUS. How can we implement services when we authenticate through it and log into it as a different user? Furthermore, imagine a scenario when RADIUS decides on which account we have the right to access by sending an additional attribute.
46110 &gt; To address these two problems we can use a &quot;template&quot; user. Any of the PAM modules can set the value of the PAM_USER item. The value of this item will be used to determine which account we want to login. Only the &quot;template&quot; user must exist on the local password database, but the credential check can be omitted by the module.
46111 &gt; This functionality exists in the login(1) used by FreeBSD, HardenedBSD, DragonFlyBSD and illumos. The functionality doesn't exist in the login(1) used in NetBSD, and OpenBSD doesn't support PAM modules at all. In addition what is also noteworthy is that such functionality was also in the OpenSSH but they decided to remove it and call it a security vulnerability (CVE 2015-6563). I can see how some people may have seen it that way, that’s why I recommend reading this article from an OpenPAM author and a FreeBSD security officer at the time.
46112 &gt; Knowing the background let's take a look at an example.
46113 ```PAMEXTERN int
46114 pamsmauthenticate(pamhandlet *pamh, int flags _unused,
46115 int argc _unused, const char *argv[] _unused)
46116 {
46117 const char *user, *password;
46118 int err;
46119 err = pam_get_user(pamh, &amp;user, NULL);
46120 if (err != PAM_SUCCESS)
46121 return (err);
46122
46123 err = pam_get_authtok(pamh, PAM_AUTHTOK, &amp;password, NULL);
46124 if (err == PAM_CONV_ERR)
46125 return (err);
46126 if (err != PAM_SUCCESS)
46127 return (PAM_AUTH_ERR);
46128
46129 err = authenticate(user, password);
46130 if (err != PAM_SUCCESS) {
46131 return (err);
46132 }
46133
46134 return (pam_set_item(pamh, PAM_USER, &quot;template&quot;));
46135 }
46136 </code></pre>
46137 <blockquote>
46138 <p>In the listing above we have an example of a PAM module. The pamgetuser(3) provides a username. The pamgetauthtok(3) shows us a secret given by the user. Both functions allow us to give an optional prompt which should be shown to the user. The authenticate function is our crafted function which authenticates the user. In our first scenario we wanted to keep all users in an external database. If authentication is successful we then switch to a template user which has a shell set up for a script allowing us to configure the machine. In our second scenario the authenticate function authenticates the user in RADIUS.</p>
46139 </blockquote>
46140 <blockquote>
46141 <p>Another step is to add our PAM module to the /etc/pam.d/system or to the /etc/pam.d/login configuration:</p>
46142 </blockquote>
46143 <p><code>auth sufficient pamtemplate.so nowarn allowlocal</code></p>
46144 <blockquote>
46145 <p>Unfortunately the description of all these options goes beyond this article - if you would like to know more about it you can find them in the PAM manual. The last thing we need to do is to add our template user to the system which you can do by the adduser(8) command or just simply modifying the /etc/master.passwd file and use pwdmkdb(8) program:</p>
46146 </blockquote>
46147 <p><code>$ tail -n /etc/master.passwd</code><br>
46148 <code>template::1000:1000::0:0:User &amp;:/:/usr/local/bin/templatesh</code><br>
46149 <code>$ sudo pwdmkdb /etc/master.passwd</code></p>
46150 <blockquote>
46151 <p>As you can see,the template user can be locked and we still can use it in our PAM module (the * character after login).<br>
46152 I would like to thank Dag-Erling Smørgrav for pointing this functionality out to me when I was looking for it some time ago.</p>
46153 </blockquote>
46154 <hr>
46155 <p><strong>iXsystems</strong><br>
46156 <a href="https://www.ixsystems.com/blog/vmworld2018-countdown/">iXsystems @ VMWorld</a></p>
46157 <p>###<a href="https://aravindh.net/posts/zfsfileserver/">ZFS file server</a></p>
46158 <ul>
46159 <li>What is the need?</li>
46160 </ul>
46161 <blockquote>
46162 <p>At work, we run a compute cluster that uses an Isilon cluster as primary NAS storage. Excluding snapshots, we have about 200TB of research data, some of them in compressed formats, and others not. We needed an offsite backup file server that would constantly mirror our primary NAS and serve as a quick recovery source in case of a data loss in the the primary NAS. This offsite file server would be passive - will never face the wrath of the primary cluster workload.<br>
46163 In addition to the role of a passive backup server, this solution would take on some passive report generation workloads as an ideal way of offloading some work from the primary NAS. The passive work is read-only.<br>
46164 The backup server would keep snapshots in a best effort basis dating back to 10 years. However, this data on this backup server would be archived to tapes periodically.</p>
46165 </blockquote>
46166 <ul>
46167 <li>
46168 <p>A simple guidance of priorities:</p>
46169 </li>
46170 <li>
46171 <p>Data integrity &gt; Cost of solution &gt; Storage capacity &gt; Performance.</p>
46172 </li>
46173 <li>
46174 <p>Why not enterprise NAS? NetApp FAS or EMC Isilon or the like?</p>
46175 </li>
46176 </ul>
46177 <blockquote>
46178 <p>We decided that enterprise grade NAS like NetAPP FAS or EMC Isilon are prohibitively expensive and an overkill for our needs.<br>
46179 An open source &amp; cheaper alternative to enterprise grade filesystem with the level of durability we expect turned up to be ZFS. We’re already spoilt from using snapshots by a clever Copy-on-Write Filesystem(WAFL) by NetApp. ZFS providing snapshots in almost identical way was a big influence in the choice. This is also why we did not consider just a CentOS box with the default XFS filesystem.</p>
46180 </blockquote>
46181 <ul>
46182 <li>FreeBSD vs Debian for ZFS</li>
46183 </ul>
46184 <blockquote>
46185 <p>This is a backup server, a long-term solution. Stability and reliability are key requirements. ZFS on Linux may be popular at this time, but there is a lot of churn around its development, which means there is a higher probability of bugs like this to occur. We’re not looking for cutting edge features here. Perhaps, Linux would be considered in the future.</p>
46186 </blockquote>
46187 <ul>
46188 <li>FreeBSD + ZFS</li>
46189 </ul>
46190 <blockquote>
46191 <p>We already utilize FreeBSD and OpenBSD for infrastructure services and we have nothing but praises for the stability that the BSDs have provided us. We’d gladly use FreeBSD and OpenBSD wherever possible.</p>
46192 </blockquote>
46193 <ul>
46194 <li>Okay, ZFS, but why not FreeNAS?</li>
46195 </ul>
46196 <blockquote>
46197 <p>IMHO, FreeNAS provides a integrated GUI management tool over FreeBSD for a novice user to setup and configure FreeBSD, ZFS, Jails and many other features. But, this user facing abstraction adds an extra layer of complexity to maintain that is just not worth it in simpler use cases like ours. For someone that appreciates the commandline interface, and understands FreeBSD enough to administer it, plain FreeBSD + ZFS is simpler and more robust than FreeNAS.</p>
46198 </blockquote>
46199 <ul>
46200 <li>Specifications</li>
46201 <li>Lenovo SR630 Rackserver</li>
46202 <li>2 X Intel Xeon silver 4110 CPUs</li>
46203 <li>768 GB of DDR4 ECC 2666 MHz RAM</li>
46204 <li>4 port SAS card configured in passthrough mode(JBOD)</li>
46205 <li>Intel network card with 10 Gb SFP+ ports</li>
46206 <li>128GB M.2 SSD for use as boot drive</li>
46207 <li>2 X HGST 4U60 JBOD</li>
46208 <li>120(2 X 60) X 10TB SAS disks</li>
46209 </ul>
46210 <hr>
46211 <p>###<a href="https://nanxiao.me/en/reflection-on-one-year-usage-of-openbsd/">Reflection on one-year usage of OpenBSD</a></p>
46212 <blockquote>
46213 <p>I have used OpenBSD for more than one year, and it is time to give a summary of the experience:</p>
46214 </blockquote>
46215 <ul>
46216 <li>(1) What do I get from OpenBSD?</li>
46217 </ul>
46218 <blockquote>
46219 <p>a) A good UNIX tutorial. When I am curious about some UNIXcommands’ implementation, I will refer to OpenBSD source code, and I actually gain something every time. E.g., refresh socket programming skills from nc; know how to process file efficiently from cat.</p>
46220 </blockquote>
46221 <blockquote>
46222 <p>b) A better test bed. Although my work focus on developing programs on Linux, I will try to compile and run applications on OpenBSD if it is possible. One reason is OpenBSD usually gives more helpful warnings. E.g., hint like this:</p>
46223 </blockquote>
46224 <p><code>......</code><br>
46225 <code>warning: sprintf() is often misused, please use snprintf()</code><br>
46226 <code>......</code></p>
46227 <blockquote>
46228 <p>Or you can refer this post which I wrote before. The other is sometimes program run well on Linux may crash on OpenBSD, and OpenBSD can help you find hidden bugs.</p>
46229 </blockquote>
46230 <blockquote>
46231 <p>c) Some handy tools. E.g. I find tcpbench is useful, so I ported it into Linux for my own usage (project is here).</p>
46232 </blockquote>
46233 <ul>
46234 <li>(2) What I give back to OpenBSD?</li>
46235 </ul>
46236 <blockquote>
46237 <p>a) Patches. Although most of them are trivial modifications, they are still my contributions.</p>
46238 </blockquote>
46239 <blockquote>
46240 <p>b) Write blog posts to share experience about using OpenBSD.</p>
46241 </blockquote>
46242 <blockquote>
46243 <p>c) Develop programs for OpenBSD/BSD: lscpu and free.</p>
46244 </blockquote>
46245 <blockquote>
46246 <p>d) Porting programs into OpenBSD: E.g., I find google/benchmark is a nifty tool, but lacks OpenBSD support, I submitted PR and it is accepted. So you can use google/benchmark on OpenBSD now.</p>
46247 </blockquote>
46248 <ul>
46249 <li>Generally speaking, the time invested on OpenBSD is rewarding. If you are still hesitating, why not give a shot?</li>
46250 </ul>
46251 <hr>
46252 <p>##Beastie Bits</p>
46253 <ul>
46254 <li><a href="https://www.meetup.com/BSD-Users-Stockholm/events/253447019/">BSD Users Stockholm Meetup</a></li>
46255 <li><a href="https://www.youtube.com/playlist?list=PLeF8ZihVdpFfkICtA2HFsZecdC28_mrQh">BSDCan 2018 Playlist</a></li>
46256 <li><a href="https://forum.opnsense.org/index.php?PHPSESSID=hvuv2kg4js2nlfpm73ut5ro8p2&amp;topic=9280.0">OPNsense 18.7 released</a></li>
46257 <li><a href="https://youtu.be/WLgdJwd5zcQ">Testing TrueOS (FreeBSD derivative) on real hardware ThinkPad T410</a></li>
46258 <li><a href="https://lists.freebsd.org/pipermail/freebsd-jobs/2018-July/000946.html">Kernel Hacker Wanted!</a></li>
46259 <li><a href="https://svnweb.freebsd.org/changeset/base/337411">Replace a pair of 8-bit writes to VGA memory with a single 16-bit write</a></li>
46260 <li><a href="https://svnweb.freebsd.org/changeset/base/337229">Reduce taskq and context-switch cost of zio pipe</a></li>
46261 <li><a href="https://reviews.freebsd.org/D16606">Proposed FreeBSD Memory Management change, expected to improve ZFS ARC interactions</a></li>
46262 </ul>
46263 <hr>
46264 <p><strong>Tarsnap</strong></p>
46265 <p>##Feedback/Questions</p>
46266 <ul>
46267 <li>Anian_Z - <a href="http://dpaste.com/093FC8R#wrap">Question</a></li>
46268 <li>Robert - <a href="http://dpaste.com/0GG7Q2A#wrap">Pool question</a></li>
46269 <li>Lain - <a href="http://dpaste.com/2BWPX9C">Congratulations</a></li>
46270 <li>Thomas - <a href="http://dpaste.com/25NGAP3#wrap">L2arc</a></li>
46271 </ul>
46272 <hr>
46273 <ul>
46274 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
46275 </ul>
46276 <hr>
46277 </description>
46278 <itunes:keywords>freebsd,openbsd,netbsd,dragonflybsd,trueos,trident,hardenedbsd,tutorial,howto,guide,bsd,interview,eurobsdcon,pam,zfs</itunes:keywords>
46279 <content:encoded>
46280 <![CDATA[<p>The strange birth and long life of Unix, FreeBSD jail with a single public IP, EuroBSDcon 2018 talks and schedule, OpenBSD on G4 iBook, PAM template user, ZFS file server, and reflections on one year of OpenBSD use.</p>
46281
46282 <h3><a id="Picking_the_contest_winner_0"></a>Picking the contest winner</h3>
46283
46284 <ol>
46285 <li>Vincent</li>
46286 <li>Bostjan</li>
46287 <li>Andrew</li>
46288 <li>Klaus-Hendrik</li>
46289 <li>Will</li>
46290 <li>Toby</li>
46291 <li>Johnny</li>
46292 <li>David</li>
46293 <li>manfrom</li>
46294 <li>Niclas</li>
46295 <li>Gary</li>
46296 <li>Eddy</li>
46297 <li>Bruce</li>
46298 <li>Lizz</li>
46299 <li>Jim</li>
46300 </ol>
46301
46302 <p><a href="https://www.random.org/integers/?num=1&min=0&max=15&col=1&base=10&format=html&rnd=new">Random number generator</a></p>
46303
46304 <p>##Headlines<br>
46305 ###<a href="https://spectrum.ieee.org/tech-history/cyberspace/the-strange-birth-and-long-life-of-unix">The Strange Birth and Long Life of Unix</a></p>
46306
46307 <blockquote>
46308 <p>They say that when one door closes on you, another opens. People generally offer this bit of wisdom just to lend some solace after a misfortune. But sometimes it’s actually true. It certainly was for Ken Thompson and the late Dennis Ritchie, two of the greats of 20th-century information technology, when they created the Unix operating system, now considered one of the most inspiring and influential pieces of software ever written.<br>
46309 A door had slammed shut for Thompson and Ritchie in March of 1969, when their employer, the American Telephone & Telegraph Co., withdrew from a collaborative project with the Massachusetts Institute of Technology and General Electric to create an interactive time-sharing system called Multics, which stood for “Multiplexed Information and Computing Service.” Time-sharing, a technique that lets multiple people use a single computer simultaneously, had been invented only a decade earlier. Multics was to combine time-sharing with other technological advances of the era, allowing users to phone a computer from remote terminals and then read e-mail, edit documents, run calculations, and so forth. It was to be a great leap forward from the way computers were mostly being used, with people tediously preparing and submitting batch jobs on punch cards to be run one by one.<br>
46310 Over five years, AT&T invested millions in the Multics project, purchasing a GE-645 mainframe computer and dedicating to the effort many of the top researchers at the company’s renowned Bell Telephone Laboratories—including Thompson and Ritchie, Joseph F. Ossanna, Stuart Feldman, M. Douglas McIlroy, and the late Robert Morris. But the new system was too ambitious, and it fell troublingly behind schedule. In the end, AT&T’s corporate leaders decided to pull the plug.<br>
46311 After AT&T’s departure from the Multics project, managers at Bell Labs, in Murray Hill, N.J., became reluctant to allow any further work on computer operating systems, leaving some researchers there very frustrated. Although Multics hadn’t met many of its objectives, it had, as Ritchie later recalled, provided them with a “convenient interactive computing service, a good environment in which to do programming, [and] a system around which a fellowship could form.” Suddenly, it was gone.<br>
46312 With heavy hearts, the researchers returned to using their old batch system. At such an inauspicious moment, with management dead set against the idea, it surely would have seemed foolhardy to continue designing computer operating systems. But that’s exactly what Thompson, Ritchie, and many of their Bell Labs colleagues did. Now, some 40 years later, we should be thankful that these programmers ignored their bosses and continued their labor of love, which gave the world Unix, one of the greatest computer operating systems of all time.<br>
46313 The rogue project began in earnest when Thompson, Ritchie, and a third Bell Labs colleague, Rudd Canaday, began to sketch out on paper the design for a file system. Thompson then wrote the basics of a new operating system for the lab’s GE-645 mainframe. But with the Multics project ended, so too was the need for the GE-645. Thompson realized that any further programming he did on it was likely to go nowhere, so he dropped the effort.<br>
46314 Thompson had passed some of his time after the demise of Multics writing a computer game called Space Travel, which simulated all the major bodies in the solar system along with a spaceship that could fly around them. Written for the GE-645, Space Travel was clunky to play—and expensive: roughly US $75 a game for the CPU time. Hunting around, Thompson came across a dusty PDP-7, a minicomputer built by Digital Equipment Corp. that some of his Bell Labs colleagues had purchased earlier for a circuit-analysis project. Thompson rewrote Space Travel to run on it.<br>
46315 And with that little programming exercise, a second door cracked ajar. It was to swing wide open during the summer of 1969 when Thompson’s wife, Bonnie, spent a month visiting his parents to show off their newborn son. Thompson took advantage of his temporary bachelor existence to write a good chunk of what would become the Unix operating system for the discarded PDP‑7. The name Unix stems from a joke one of Thompson’s colleagues made: Because the new operating system supported only one user (Thompson), he saw it as an emasculated version of Multics and dubbed it “Un-multiplexed Information and Computing Service,” or Unics. The name later morphed into Unix.<br>
46316 Initially, Thompson used the GE-645 to compose and compile the software, which he then downloaded to the PDP‑7. But he soon weaned himself from the mainframe, and by the end of 1969 he was able to write operating-system code on the PDP-7 itself. That was a step in the right direction. But Thompson and the others helping him knew that the PDP‑7, which was already obsolete, would not be able to sustain their skunkworks for long. They also knew that the lab’s management wasn’t about to allow any more research on operating systems.<br>
46317 So Thompson and Ritchie got creative. They formulated a proposal to their bosses to buy one of DEC’s newer minicomputers, a PDP-11, but couched the request in especially palatable terms. They said they were aiming to create tools for editing and formatting text, what you might call a word-processing system today. The fact that they would also have to write an operating system for the new machine to support the editor and text formatter was almost a footnote.<br>
46318 Management took the bait, and an order for a PDP-11 was placed in May 1970. The machine itself arrived soon after, although the disk drives for it took more than six months to appear. During the interim, Thompson, Ritchie, and others continued to develop Unix on the PDP-7. After the PDP-11’s disks were installed, the researchers moved their increasingly complex operating system over to the new machine. Next they brought over the roff text formatter written by Ossanna and derived from the runoff program, which had been used in an earlier time-sharing system.<br>
46319 Unix was put to its first real-world test within Bell Labs when three typists from AT&T’s patents department began using it to write, edit, and format patent applications. It was a hit. The patent department adopted the system wholeheartedly, which gave the researchers enough credibility to convince management to purchase another machine—a newer and more powerful PDP-11 model—allowing their stealth work on Unix to continue.<br>
46320 During its earliest days, Unix evolved constantly, so the idea of issuing named versions or releases seemed inappropriate. But the researchers did issue new editions of the programmer’s manual periodically, and the early Unix systems were named after each such edition. The first edition of the manual was completed in November 1971.<br>
46321 So what did the first edition of Unix offer that made it so great? For one thing, the system provided a hierarchical file system, which allowed something we all now take for granted: Files could be placed in directories—or equivalently, folders—that in turn could be put within other directories. Each file could contain no more than 64 kilobytes, and its name could be no more than six characters long. These restrictions seem awkwardly limiting now, but at the time they appeared perfectly adequate.<br>
46322 Although Unix was ostensibly created for word processing, the only editor available in 1971 was the line-oriented ed. Today, ed is still the only editor guaranteed to be present on all Unix systems. Apart from the text-processing and general system applications, the first edition of Unix included games such as blackjack, chess, and tic-tac-toe. For the system administrator, there were tools to dump and restore disk images to magnetic tape, to read and write paper tapes, and to create, check, mount, and unmount removable disk packs.<br>
46323 Most important, the system offered an interactive environment that by this time allowed time-sharing, so several people could use a single machine at once. Various programming languages were available to them, including BASIC, Fortran, the scripting of Unix commands, assembly language, and B. The last of these, a descendant of a BCPL (Basic Combined Programming Language), ultimately evolved into the immensely popular C language, which Ritchie created while also working on Unix.<br>
46324 The first edition of Unix let programmers call 34 different low-level routines built into the operating system. It’s a testament to the system’s enduring nature that nearly all of these system calls are still available—and still heavily used—on modern Unix and Linux systems four decades on. For its time, first-edition Unix provided a remarkably powerful environment for software development. Yet it contained just 4200 lines of code at its heart and occupied a measly 16 KB of main memory when it ran.<br>
46325 Unix’s great influence can be traced in part to its elegant design, simplicity, portability, and serendipitous timing. But perhaps even more important was the devoted user community that soon grew up around it. And that came about only by an accident of its unique history.<br>
46326 The story goes like this: For years Unix remained nothing more than a Bell Labs research project, but by 1973 its authors felt the system was mature enough for them to present a paper on its design and implementation at a symposium of the Association for Computing Machinery. That paper was published in 1974 in the Communications of the ACM. Its appearance brought a flurry of requests for copies of the software.<br>
46327 This put AT&T in a bind. In 1956, AT&T had agreed to a U.S government consent decree that prevented the company from selling products not directly related to telephones and telecommunications, in return for its legal monopoly status in running the country’s long-distance phone service. So Unix could not be sold as a product. Instead, AT&T released the Unix source code under license to anyone who asked, charging only a nominal fee. The critical wrinkle here was that the consent decree prevented AT&T from supporting Unix. Indeed, for many years Bell Labs researchers proudly displayed their Unix policy at conferences with a slide that read, “No advertising, no support, no bug fixes, payment in advance.”<br>
46328 With no other channels of support available to them, early Unix adopters banded together for mutual assistance, forming a loose network of user groups all over the world. They had the source code, which helped. And they didn’t view Unix as a standard software product, because nobody seemed to be looking after it. So these early Unix users themselves set about fixing bugs, writing new tools, and generally improving the system as they saw fit.<br>
46329 The Usenix user group acted as a clearinghouse for the exchange of Unix software in the United States. People could send in magnetic tapes with new software or fixes to the system and get back tapes with the software and fixes that Usenix had received from others. In Australia, the University of New South Wales and the University of Sydney produced a more robust version of Unix, the Australian Unix Share Accounting Method, which could cope with larger numbers of concurrent users and offered better performance.<br>
46330 By the mid-1970s, the environment of sharing that had sprung up around Unix resembled the open-source movement so prevalent today. Users far and wide were enthusiastically enhancing the system, and many of their improvements were being fed back to Bell Labs for incorporation in future releases. But as Unix became more popular, AT&T’s lawyers began looking harder at what various licensees were doing with their systems.<br>
46331 One person who caught their eye was John Lions, a computer scientist then teaching at the University of New South Wales, in Australia. In 1977, he published what was probably the most famous computing book of the time, A Commentary on the Unix Operating System, which contained an annotated listing of the central source code for Unix.<br>
46332 Unix’s licensing conditions allowed for the exchange of source code, and initially, Lions’s book was sold to licensees. But by 1979, AT&T’s lawyers had clamped down on the book’s distribution and use in academic classes. The antiauthoritarian Unix community reacted as you might expect, and samizdat copies of the book spread like wildfire. Many of us have nearly unreadable nth-generation photocopies of the original book.<br>
46333 End runs around AT&T’s lawyers indeed became the norm—even at Bell Labs. For example, between the release of the sixth edition of Unix in 1975 and the seventh edition in 1979, Thompson collected dozens of important bug fixes to the system, coming both from within and outside of Bell Labs. He wanted these to filter out to the existing Unix user base, but the company’s lawyers felt that this would constitute a form of support and balked at their release. Nevertheless, those bug fixes soon became widely distributed through unofficial channels. For instance, Lou Katz, the founding president of Usenix, received a phone call one day telling him that if he went down to a certain spot on Mountain Avenue (where Bell Labs was located) at 2 p.m., he would find something of interest. Sure enough, Katz found a magnetic tape with the bug fixes, which were rapidly in the hands of countless users.<br>
46334 By the end of the 1970s, Unix, which had started a decade earlier as a reaction against the loss of a comfortable programming environment, was growing like a weed throughout academia and the IT industry. Unix would flower in the early 1980s before reaching the height of its popularity in the early 1990s.<br>
46335 For many reasons, Unix has since given way to other commercial and noncommercial systems. But its legacy, that of an elegant, well-designed, comfortable environment for software development, lives on. In recognition of their accomplishment, Thompson and Ritchie were given the Japan Prize earlier this year, adding to a collection of honors that includes the United States’ National Medal of Technology and Innovation and the Association of Computing Machinery’s Turing Award. Many other, often very personal, tributes to Ritchie and his enormous influence on computing were widely shared after his death this past October.<br>
46336 Unix is indeed one of the most influential operating systems ever invented. Its direct descendants now number in the hundreds. On one side of the family tree are various versions of Unix proper, which began to be commercialized in the 1980s after the Bell System monopoly was broken up, freeing AT&T from the stipulations of the 1956 consent decree. On the other side are various Unix-like operating systems derived from the version of Unix developed at the University of California, Berkeley, including the one Apple uses today on its computers, OS X. I say “Unix-like” because the developers of the Berkeley Software Distribution (BSD) Unix on which these systems were based worked hard to remove all the original AT&T code so that their software and its descendants would be freely distributable.<br>
46337 The effectiveness of those efforts were, however, called into question when the AT&T subsidiary Unix System Laboratories filed suit against Berkeley Software Design and the Regents of the University of California in 1992 over intellectual property rights to this software. The university in turn filed a counterclaim against AT&T for breaches to the license it provided AT&T for the use of code developed at Berkeley. The ensuing legal quagmire slowed the development of free Unix-like clones, including 386BSD, which was designed for the Intel 386 chip, the CPU then found in many IBM PCs.<br>
46338 Had this operating system been available at the time, Linus Torvalds says he probably wouldn’t have created Linux, an open-source Unix-like operating system he developed from scratch for PCs in the early 1990s. Linux has carried the Unix baton forward into the 21st century, powering a wide range of digital gadgets including wireless routers, televisions, desktop PCs, and Android smartphones. It even runs some supercomputers.<br>
46339 Although AT&T quickly settled its legal disputes with Berkeley Software Design and the University of California, legal wrangling over intellectual property claims to various parts of Unix and Linux have continued over the years, often involving byzantine corporate relations. By 2004, no fewer than five major lawsuits had been filed. Just this past August, a software company called the TSG Group (formerly known as the SCO Group), lost a bid in court to claim ownership of Unix copyrights that Novell had acquired when it purchased the Unix System Laboratories from AT&T in 1993.<br>
46340 As a programmer and Unix historian, I can’t help but find all this legal sparring a bit sad. From the very start, the authors and users of Unix worked as best they could to build and share, even if that meant defying authority. That outpouring of selflessness stands in sharp contrast to the greed that has driven subsequent legal battles over the ownership of Unix.<br>
46341 The world of computer hardware and software moves forward startlingly fast. For IT professionals, the rapid pace of change is typically a wonderful thing. But it makes us susceptible to the loss of our own history, including important lessons from the past. To address this issue in a small way, in 1995 I started a mailing list of old-time Unix aficionados. That effort morphed into the Unix Heritage Society. Our goal is not only to save the history of Unix but also to collect and curate these old systems and, where possible, bring them back to life. With help from many talented members of this society, I was able to restore much of the old Unix software to working order, including Ritchie’s first C compiler from 1972 and the first Unix system to be written in C, dating from 1973.<br>
46342 One holy grail that eluded us for a long time was the first edition of Unix in any form, electronic or otherwise. Then, in 2006, Al Kossow from the Computer History Museum, in Mountain View, Calif., unearthed a printed study of Unix dated 1972, which not only covered the internal workings of Unix but also included a complete assembly listing of the kernel, the main component of this operating system. This was an amazing find—like discovering an old Ford Model T collecting dust in a corner of a barn. But we didn’t just want to admire the chrome work from afar. We wanted to see the thing run again.<br>
46343 In 2008, Tim Newsham, an independent programmer in Hawaii, and I assembled a team of like-minded Unix enthusiasts and set out to bring this ancient system back from the dead. The work was technically arduous and often frustrating, but in the end, we had a copy of the first edition of Unix running on an emulated PDP-11/20. We sent out messages announcing our success to all those we thought would be interested. Thompson, always succinct, simply replied, “Amazing.” Indeed, his brainchild was amazing, and I’ve been happy to do what I can to make it, and the story behind it, better known.</p>
46344 </blockquote>
46345
46346 <p><hr></p>
46347
46348 <p><strong>Digital Ocean</strong><br>
46349 <a href="http://do.co/bsdnow">http://do.co/bsdnow</a></p>
46350
46351 <p>###<a href="https://www.davd.eu/posts-freebsd-jails-with-a-single-public-ip-address/">FreeBSD jails with a single public IP address</a></p>
46352
46353 <blockquote>
46354 <p>Jails in FreeBSD provide a simple yet flexible way to set up a proper server layout. In the most setups the actual server only acts as the host system for the jails while the applications themselves run within those independent containers. Traditionally every jail has it’s own IP for the user to be able to address the individual services. But if you’re still using IPv4 this might get you in trouble as the most hosters don’t offer more than one single public IP address per server.</p>
46355 </blockquote>
46356
46357 <ul>
46358 <li>Create the internal network</li>
46359 </ul>
46360
46361 <blockquote>
46362 <p>In this case NAT (“Network Address Translation”) is a good way to expose services in different jails using the same IP address.<br>
46363 First, let’s create an internal network (“NAT network”) at 192.168.0.0/24. You could generally use any private IPv4 address space as specified in RFC 1918. Here’s an overview: <a href="https://en.wikipedia.org/wiki/Private_network">https://en.wikipedia.org/wiki/Private_network</a>. Using pf, FreeBSD’s firewall, we will map requests on different ports of the same public IP address to our individual jails as well as provide network access to the jails themselves.<br>
46364 First let’s check which network devices are available. In my case there’s em0 which provides connectivity to the internet and lo0, the local loopback device.</p>
46365 </blockquote>
46366
46367 <pre><code class="language-em0:"> options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC>
46368 [...]
46369 inet 172.31.1.100 netmask 0xffffff00 broadcast 172.31.1.255
46370 nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
46371 media: Ethernet autoselect (1000baseT <full-duplex>)
46372 status: active
46373
46374 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
46375 options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
46376 inet6 ::1 prefixlen 128
46377 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
46378 inet 127.0.0.1 netmask 0xff000000
46379 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>```
46380
46381 > For our internal network, we create a cloned loopback device called lo1. Therefore we need to customize the /etc/rc.conf file, adding the following two lines:
46382
46383 ```cloned_interfaces="lo1"
46384 ipv4_addrs_lo1="192.168.0.1-9/29"```
46385
46386 > This defines a /29 network, offering IP addresses for a maximum of 6 jails:
46387
46388 ```ipcalc 192.168.0.1/29
46389 Address: 192.168.0.1 11000000.10101000.00000000.00000 001
46390 Netmask: 255.255.255.248 = 29 11111111.11111111.11111111.11111 000
46391 Wildcard: 0.0.0.7 00000000.00000000.00000000.00000 111
46392 =>
46393 Network: 192.168.0.0/29 11000000.10101000.00000000.00000 000
46394 HostMin: 192.168.0.1 11000000.10101000.00000000.00000 001
46395 HostMax: 192.168.0.6 11000000.10101000.00000000.00000 110
46396 Broadcast: 192.168.0.7 11000000.10101000.00000000.00000 111
46397 Hosts/Net: 6 Class C, Private Internet```
46398
46399 > Then we need to restart the network. Please be aware of currently active SSH sessions as they might be dropped during restart. It’s a good moment to ensure you have KVM access to that server ;-)
46400
46401 ```service netif restart```
46402
46403 > After reconnecting, our newly created loopback device is active:
46404
46405 ```lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
46406 options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
46407 inet 192.168.0.1 netmask 0xfffffff8
46408 inet 192.168.0.2 netmask 0xffffffff
46409 inet 192.168.0.3 netmask 0xffffffff
46410 inet 192.168.0.4 netmask 0xffffffff
46411 inet 192.168.0.5 netmask 0xffffffff
46412 inet 192.168.0.6 netmask 0xffffffff
46413 inet 192.168.0.7 netmask 0xffffffff
46414 inet 192.168.0.8 netmask 0xffffffff
46415 inet 192.168.0.9 netmask 0xffffffff
46416 nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>```
46417
46418 + Setting up
46419
46420 > pf part of the FreeBSD base system, so we only have to configure and enable it. By this moment you should already have a clue of which services you want to expose. If this is not the case, just fix that file later on. In my example configuration, I have a jail running a webserver and another jail running a mailserver:
46421
46422 + Public IP address
46423 ```IP_PUB="1.2.3.4"```
46424
46425 + Packet normalization
46426 ```scrub in all```
46427
46428 + Allow outbound connections from within the jails
46429 ```nat on em0 from lo1:network to any -> (em0)```
46430
46431 + webserver jail at 192.168.0.2
46432 ```rdr on em0 proto tcp from any to $IP_PUB port 443 -> 192.168.0.2```
46433
46434 + just an example in case you want to redirect to another port within your jail
46435 ```rdr on em0 proto tcp from any to $IP_PUB port 80 -> 192.168.0.2 port 8080```
46436
46437 + mailserver jail at 192.168.0.3
46438 ```rdr on em0 proto tcp from any to $IP_PUB port 25 -> 192.168.0.3```
46439 ```rdr on em0 proto tcp from any to $IP_PUB port 587 -> 192.168.0.3```
46440 ```rdr on em0 proto tcp from any to $IP_PUB port 143 -> 192.168.0.3```
46441 ```rdr on em0 proto tcp from any to $IP_PUB port 993 -> 192.168.0.3```
46442
46443 > Now just enable pf like this (which is the equivalent of adding pf_enable=YES to /etc/rc.conf):
46444
46445 ```sysrc pf_enable="YES"```
46446
46447 > and start it:
46448
46449 ```service pf start```
46450
46451 + Install ezjail
46452
46453 > Ezjail is a collection of scripts by erdgeist that allow you to easily manage your jails.
46454
46455 ```pkg install ezjail```
46456
46457 > As an alternative, you could install ezjail from the ports tree. Now we need to set up the basejail which contains the shared base system for our jails. In fact, every jail that you create get’s will use that basejail to symlink directories related to the base system like /bin and /sbin. This can be accomplished by running
46458
46459 ```ezjail-admin install```
46460
46461 > In the next step, we’ll copy the /etc/resolv.conf file from our host to the newjail, which is the template for newly created jails (the parts that are not provided by basejail), to ensure that domain resolution will work properly within our jails later on:
46462
46463 ```cp /etc/resolv.conf /usr/jails/newjail/etc/```
46464
46465 > Last but not least, we enable ezjail and start it:
46466
46467 ```sysrc ezjail_enable="YES"```
46468 ```service ezjail start```
46469
46470 + Create a jail
46471
46472 > Creating a jail is as easy as it could probably be:
46473
46474 ```ezjail-admin create webserver 192.168.0.2```
46475 ```ezjail-admin start webserver```
46476
46477 > Now you can access your jail using:
46478
46479 ```ezjail-admin console webserver```
46480
46481 > Each jail contains a vanilla FreeBSD installation.
46482
46483 + Deploy services
46484
46485 > Now you can spin up as many jails as you want to set up your services like web, mail or file shares. You should take care not to enable sshd within your jails, because that would cause problems with the service’s IP bindings. But this is not a problem, just SSH to the host and enter your jail using ezjail-admin console.
46486 ***
46487
46488 ###[EuroBSDcon 2018 Talks & Schedule](https://2018.eurobsdcon.org/talks-schedule/)
46489 ***
46490
46491
46492
46493
46494 ##News Roundup
46495 ###[OpenBSD on an iBook G4](https://bobstechsite.com/openbsd-on-an-ibook-g4/)
46496 > I've mentioned on social media and on the BTS podcast a few times that I wanted to try installing OpenBSD onto an old "snow white" iBook G4 I acquired last summer to see if I could make it a useful machine again in the year 2018. This particular eBay purchase came with a 14" 1024x768 TFT screen, 1.07GHz PowerPC G4 processor, 1.5GB RAM, 100GB of HDD space and an ATI Radeon 9200 graphics card with 32 MB of SDRAM. The optical drive, ethernet port, battery & USB slots are also fully-functional. The only thing that doesn't work is the CMOS battery, but that's not unexpected for a device that was originally released in 2004.
46497
46498 + Initial experiments
46499
46500 > This iBook originally arrived at my door running Apple Mac OSX Leopard and came with the original install disk, the iLife & iWork suites for 2008, various instruction manuals, a working power cable and a spare keyboard. As you'll see in the pictures I took for this post the characters on the buttons have started to wear away from 14 years of intensive use, but the replacement needs a very good clean before I decide to swap it in!
46501
46502 > After spending some time exploring the last version of OSX to support the IBM PowerPC processor architecture I tried to see if the hardware was capable of modern computing with Linux. Something I knew ahead of trying this was that the WiFi adapter was unlikely to work because it's a highly proprietary component designed by Apple to work specifically with OSX and nothing else, but I figured I could probably use a wireless USB dongle later to get around this limitation.
46503
46504 > Unfortunately I found that no recent versions of mainstream Linux distributions would boot off this machine. Debian has dropped support 32-bit PowerPC architectures and the PowerPC variants of Ubuntu 16.04 LTS (vanilla, MATE and Lubuntu) wouldn't even boot the installer! The only distribution I could reliably install on the hardware was Lubuntu 14.04 LTS.
46505
46506 > Unfortunately I'm not the biggest fan of the LXDE desktop for regular work and a lot of ported applications were old and broken because it clearly wasn't being maintained by people that use the hardware anymore. Ubuntu 14.04 is also approaching the end of its support life in early 2019, so this limited solution also has a limited shelf-life.
46507
46508 + Over to BSD
46509
46510 > I discussed this problem with a few people on Mastodon and it was pointed out to me that OSX is built on the Darwin kernel, which happens to be a variant of BSD. NetBSD and OpenBSD fans in particular convinced me that their communities still saw the value of supporting these old pieces of kit and that I should give BSD a try.
46511
46512 > So yesterday evening I finally downloaded the "macppc" version of OpenBSD 6.3 with no idea what to expect. I hoped for the best but feared the worst because my last experience with this operating system was trying out PC-BSD in 2008 and discovering with disappointment that it didn't support any of the hardware on my Toshiba laptop.
46513
46514 > When I initially booted OpenBSD I was a little surprised to find the login screen provided no visual feedback when I typed in my password, but I can understand the security reasons for doing that. The initial desktop environment that was loaded was very basic. All I could see was a console output window, a terminal and a desktop switcher in the X11 environment the system had loaded.
46515
46516 > After a little Googling I found this blog post had some fantastic instructions to follow for the post-installation steps: https://sohcahtoa.org.uk/openbsd.html. I did have to adjust them slightly though because my iBook only has 1.5GB RAM and not every package that page suggests is available on macppc by default. You can see a full list here: https://ftp.openbsd.org/pub/OpenBSD/6.3/packages/powerpc/.
46517
46518 + Final thoughts
46519
46520 > I was really impressed with the performance of OpenBSD's "macppc" port. It boots much faster than OSX Leopard on the same hardware and unlike Lubuntu 14.04 it doesn't randomly hang for no reason or crash if you launch something demanding like the GIMP.
46521
46522 > I was pleased to see that the command line tools I'm used to using on Linux have been ported across too. OpenBSD also had no issues with me performing basic desktop tasks on XFCE like browsing the web with NetSurf, playing audio files with VLC and editing images with the GIMP. Limited gaming is also theoretically possible if you're willing to build them (or an emulator) from source with SDL support.
46523
46524 > If I wanted to use this system for heavy duty work then I'd probably be inclined to run key applications like LibreOffice on a Raspberry Pi and then connect my iBook G4 to those using VNC or an SSH connection with X11 forwarding. BSD is UNIX after all, so using my ancient laptop as a dumb terminal should work reasonably well.
46525
46526 > In summary I was impressed with OpenBSD and its ability to breathe new life into this old Apple Mac. I'm genuinely excited about the idea of trying BSD with other devices on my network such as an old Asus Eee PC 900 netbook and at least one of the many Raspberry Pi devices I use. Whether I go the whole hog and replace Fedora on my main production laptop though remains to be seen!
46527
46528 ***
46529
46530 ###[The template user with PAM and login(1)](http://oshogbo.vexillium.org/blog/48)
46531 > When you build a new service (or an appliance) you need your users to be able to configure it from the command line. To accomplish this you can create system accounts for all registered users in your service and assign them a special login shell which provides such limited functionality. This can be painful if you have a dynamic user database.
46532 > Another challenge is authentication via remote services such as RADIUS. How can we implement services when we authenticate through it and log into it as a different user? Furthermore, imagine a scenario when RADIUS decides on which account we have the right to access by sending an additional attribute.
46533 > To address these two problems we can use a "template" user. Any of the PAM modules can set the value of the PAM_USER item. The value of this item will be used to determine which account we want to login. Only the "template" user must exist on the local password database, but the credential check can be omitted by the module.
46534 > This functionality exists in the login(1) used by FreeBSD, HardenedBSD, DragonFlyBSD and illumos. The functionality doesn't exist in the login(1) used in NetBSD, and OpenBSD doesn't support PAM modules at all. In addition what is also noteworthy is that such functionality was also in the OpenSSH but they decided to remove it and call it a security vulnerability (CVE 2015-6563). I can see how some people may have seen it that way, that’s why I recommend reading this article from an OpenPAM author and a FreeBSD security officer at the time.
46535 > Knowing the background let's take a look at an example.
46536
46537 ```PAM_EXTERN int
46538 pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
46539 int argc __unused, const char *argv[] __unused)
46540 {
46541 const char *user, *password;
46542 int err;
46543
46544 err = pam_get_user(pamh, &user, NULL);
46545 if (err != PAM_SUCCESS)
46546 return (err);
46547
46548 err = pam_get_authtok(pamh, PAM_AUTHTOK, &password, NULL);
46549 if (err == PAM_CONV_ERR)
46550 return (err);
46551 if (err != PAM_SUCCESS)
46552 return (PAM_AUTH_ERR);
46553
46554 err = authenticate(user, password);
46555 if (err != PAM_SUCCESS) {
46556 return (err);
46557 }
46558
46559 return (pam_set_item(pamh, PAM_USER, "template"));
46560 }
46561 </code></pre>
46562
46563 <blockquote>
46564 <p>In the listing above we have an example of a PAM module. The pam_get_user(3) provides a username. The pam_get_authtok(3) shows us a secret given by the user. Both functions allow us to give an optional prompt which should be shown to the user. The authenticate function is our crafted function which authenticates the user. In our first scenario we wanted to keep all users in an external database. If authentication is successful we then switch to a template user which has a shell set up for a script allowing us to configure the machine. In our second scenario the authenticate function authenticates the user in RADIUS.</p>
46565 </blockquote>
46566
46567 <blockquote>
46568 <p>Another step is to add our PAM module to the /etc/pam.d/system or to the /etc/pam.d/login configuration:</p>
46569 </blockquote>
46570
46571 <p><code>auth sufficient pam_template.so no_warn allow_local</code></p>
46572
46573 <blockquote>
46574 <p>Unfortunately the description of all these options goes beyond this article - if you would like to know more about it you can find them in the PAM manual. The last thing we need to do is to add our template user to the system which you can do by the adduser(8) command or just simply modifying the /etc/master.passwd file and use pwd_mkdb(8) program:</p>
46575 </blockquote>
46576
46577 <p><code>$ tail -n /etc/master.passwd</code><br>
46578 <code>template:*:1000:1000::0:0:User &:/:/usr/local/bin/templatesh</code><br>
46579 <code>$ sudo pwd_mkdb /etc/master.passwd</code></p>
46580
46581 <blockquote>
46582 <p>As you can see,the template user can be locked and we still can use it in our PAM module (the * character after login).<br>
46583 I would like to thank Dag-Erling Smørgrav for pointing this functionality out to me when I was looking for it some time ago.</p>
46584 </blockquote>
46585
46586 <p><hr></p>
46587
46588 <p><strong>iXsystems</strong><br>
46589 <a href="https://www.ixsystems.com/blog/vmworld2018-countdown/">iXsystems @ VMWorld</a></p>
46590
46591 <p>###<a href="https://aravindh.net/posts/zfs_fileserver/">ZFS file server</a></p>
46592
46593 <ul>
46594 <li>What is the need?</li>
46595 </ul>
46596
46597 <blockquote>
46598 <p>At work, we run a compute cluster that uses an Isilon cluster as primary NAS storage. Excluding snapshots, we have about 200TB of research data, some of them in compressed formats, and others not. We needed an offsite backup file server that would constantly mirror our primary NAS and serve as a quick recovery source in case of a data loss in the the primary NAS. This offsite file server would be passive - will never face the wrath of the primary cluster workload.<br>
46599 In addition to the role of a passive backup server, this solution would take on some passive report generation workloads as an ideal way of offloading some work from the primary NAS. The passive work is read-only.<br>
46600 The backup server would keep snapshots in a best effort basis dating back to 10 years. However, this data on this backup server would be archived to tapes periodically.</p>
46601 </blockquote>
46602
46603 <ul>
46604 <li>
46605 <p>A simple guidance of priorities:</p>
46606 </li>
46607 <li>
46608 <p>Data integrity > Cost of solution > Storage capacity > Performance.</p>
46609 </li>
46610 <li>
46611 <p>Why not enterprise NAS? NetApp FAS or EMC Isilon or the like?</p>
46612 </li>
46613 </ul>
46614
46615 <blockquote>
46616 <p>We decided that enterprise grade NAS like NetAPP FAS or EMC Isilon are prohibitively expensive and an overkill for our needs.<br>
46617 An open source & cheaper alternative to enterprise grade filesystem with the level of durability we expect turned up to be ZFS. We’re already spoilt from using snapshots by a clever Copy-on-Write Filesystem(WAFL) by NetApp. ZFS providing snapshots in almost identical way was a big influence in the choice. This is also why we did not consider just a CentOS box with the default XFS filesystem.</p>
46618 </blockquote>
46619
46620 <ul>
46621 <li>FreeBSD vs Debian for ZFS</li>
46622 </ul>
46623
46624 <blockquote>
46625 <p>This is a backup server, a long-term solution. Stability and reliability are key requirements. ZFS on Linux may be popular at this time, but there is a lot of churn around its development, which means there is a higher probability of bugs like this to occur. We’re not looking for cutting edge features here. Perhaps, Linux would be considered in the future.</p>
46626 </blockquote>
46627
46628 <ul>
46629 <li>FreeBSD + ZFS</li>
46630 </ul>
46631
46632 <blockquote>
46633 <p>We already utilize FreeBSD and OpenBSD for infrastructure services and we have nothing but praises for the stability that the BSDs have provided us. We’d gladly use FreeBSD and OpenBSD wherever possible.</p>
46634 </blockquote>
46635
46636 <ul>
46637 <li>Okay, ZFS, but why not FreeNAS?</li>
46638 </ul>
46639
46640 <blockquote>
46641 <p>IMHO, FreeNAS provides a integrated GUI management tool over FreeBSD for a novice user to setup and configure FreeBSD, ZFS, Jails and many other features. But, this user facing abstraction adds an extra layer of complexity to maintain that is just not worth it in simpler use cases like ours. For someone that appreciates the commandline interface, and understands FreeBSD enough to administer it, plain FreeBSD + ZFS is simpler and more robust than FreeNAS.</p>
46642 </blockquote>
46643
46644 <ul>
46645 <li>Specifications</li>
46646 <li>Lenovo SR630 Rackserver</li>
46647 <li>2 X Intel Xeon silver 4110 CPUs</li>
46648 <li>768 GB of DDR4 ECC 2666 MHz RAM</li>
46649 <li>4 port SAS card configured in passthrough mode(JBOD)</li>
46650 <li>Intel network card with 10 Gb SFP+ ports</li>
46651 <li>128GB M.2 SSD for use as boot drive</li>
46652 <li>2 X HGST 4U60 JBOD</li>
46653 <li>120(2 X 60) X 10TB SAS disks</li>
46654 </ul>
46655
46656 <p><hr></p>
46657
46658 <p>###<a href="https://nanxiao.me/en/reflection-on-one-year-usage-of-openbsd/">Reflection on one-year usage of OpenBSD</a></p>
46659
46660 <blockquote>
46661 <p>I have used OpenBSD for more than one year, and it is time to give a summary of the experience:</p>
46662 </blockquote>
46663
46664 <ul>
46665 <li>(1) What do I get from OpenBSD?</li>
46666 </ul>
46667
46668 <blockquote>
46669 <p>a) A good UNIX tutorial. When I am curious about some UNIXcommands’ implementation, I will refer to OpenBSD source code, and I actually gain something every time. E.g., refresh socket programming skills from nc; know how to process file efficiently from cat.</p>
46670 </blockquote>
46671
46672 <blockquote>
46673 <p>b) A better test bed. Although my work focus on developing programs on Linux, I will try to compile and run applications on OpenBSD if it is possible. One reason is OpenBSD usually gives more helpful warnings. E.g., hint like this:</p>
46674 </blockquote>
46675
46676 <p><code>......</code><br>
46677 <code>warning: sprintf() is often misused, please use snprintf()</code><br>
46678 <code>......</code></p>
46679
46680 <blockquote>
46681 <p>Or you can refer this post which I wrote before. The other is sometimes program run well on Linux may crash on OpenBSD, and OpenBSD can help you find hidden bugs.</p>
46682 </blockquote>
46683
46684 <blockquote>
46685 <p>c) Some handy tools. E.g. I find tcpbench is useful, so I ported it into Linux for my own usage (project is here).</p>
46686 </blockquote>
46687
46688 <ul>
46689 <li>(2) What I give back to OpenBSD?</li>
46690 </ul>
46691
46692 <blockquote>
46693 <p>a) Patches. Although most of them are trivial modifications, they are still my contributions.</p>
46694 </blockquote>
46695
46696 <blockquote>
46697 <p>b) Write blog posts to share experience about using OpenBSD.</p>
46698 </blockquote>
46699
46700 <blockquote>
46701 <p>c) Develop programs for OpenBSD/*BSD: lscpu and free.</p>
46702 </blockquote>
46703
46704 <blockquote>
46705 <p>d) Porting programs into OpenBSD: E.g., I find google/benchmark is a nifty tool, but lacks OpenBSD support, I submitted PR and it is accepted. So you can use google/benchmark on OpenBSD now.</p>
46706 </blockquote>
46707
46708 <ul>
46709 <li>Generally speaking, the time invested on OpenBSD is rewarding. If you are still hesitating, why not give a shot?</li>
46710 </ul>
46711
46712 <p><hr></p>
46713
46714 <p>##Beastie Bits</p>
46715
46716 <ul>
46717 <li><a href="https://www.meetup.com/BSD-Users-Stockholm/events/253447019/">BSD Users Stockholm Meetup</a></li>
46718 <li><a href="https://www.youtube.com/playlist?list=PLeF8ZihVdpFfkICtA2HFsZecdC28_mrQh">BSDCan 2018 Playlist</a></li>
46719 <li><a href="https://forum.opnsense.org/index.php?PHPSESSID=hvuv2kg4js2nlfpm73ut5ro8p2&topic=9280.0">OPNsense 18.7 released</a></li>
46720 <li><a href="https://youtu.be/WLgdJwd5zcQ">Testing TrueOS (FreeBSD derivative) on real hardware ThinkPad T410</a></li>
46721 <li><a href="https://lists.freebsd.org/pipermail/freebsd-jobs/2018-July/000946.html">Kernel Hacker Wanted!</a></li>
46722 <li><a href="https://svnweb.freebsd.org/changeset/base/337411">Replace a pair of 8-bit writes to VGA memory with a single 16-bit write</a></li>
46723 <li><a href="https://svnweb.freebsd.org/changeset/base/337229">Reduce taskq and context-switch cost of zio pipe</a></li>
46724 <li><a href="https://reviews.freebsd.org/D16606">Proposed FreeBSD Memory Management change, expected to improve ZFS ARC interactions</a></li>
46725 </ul>
46726
46727 <p><hr></p>
46728
46729 <p><strong>Tarsnap</strong></p>
46730
46731 <p>##Feedback/Questions</p>
46732
46733 <ul>
46734 <li>Anian_Z - <a href="http://dpaste.com/093FC8R#wrap">Question</a></li>
46735 <li>Robert - <a href="http://dpaste.com/0GG7Q2A#wrap">Pool question</a></li>
46736 <li>Lain - <a href="http://dpaste.com/2BWPX9C">Congratulations</a></li>
46737 <li>Thomas - <a href="http://dpaste.com/25NGAP3#wrap">L2arc</a></li>
46738 </ul>
46739
46740 <p><hr></p>
46741
46742 <ul>
46743 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
46744 </ul>
46745
46746 <p><hr></p>]]>
46747 </content:encoded>
46748 <itunes:summary>
46749 <![CDATA[<p>The strange birth and long life of Unix, FreeBSD jail with a single public IP, EuroBSDcon 2018 talks and schedule, OpenBSD on G4 iBook, PAM template user, ZFS file server, and reflections on one year of OpenBSD use.</p>
46750
46751 <h3><a id="Picking_the_contest_winner_0"></a>Picking the contest winner</h3>
46752
46753 <ol>
46754 <li>Vincent</li>
46755 <li>Bostjan</li>
46756 <li>Andrew</li>
46757 <li>Klaus-Hendrik</li>
46758 <li>Will</li>
46759 <li>Toby</li>
46760 <li>Johnny</li>
46761 <li>David</li>
46762 <li>manfrom</li>
46763 <li>Niclas</li>
46764 <li>Gary</li>
46765 <li>Eddy</li>
46766 <li>Bruce</li>
46767 <li>Lizz</li>
46768 <li>Jim</li>
46769 </ol>
46770
46771 <p><a href="https://www.random.org/integers/?num=1&min=0&max=15&col=1&base=10&format=html&rnd=new">Random number generator</a></p>
46772
46773 <p>##Headlines<br>
46774 ###<a href="https://spectrum.ieee.org/tech-history/cyberspace/the-strange-birth-and-long-life-of-unix">The Strange Birth and Long Life of Unix</a></p>
46775
46776 <blockquote>
46777 <p>They say that when one door closes on you, another opens. People generally offer this bit of wisdom just to lend some solace after a misfortune. But sometimes it’s actually true. It certainly was for Ken Thompson and the late Dennis Ritchie, two of the greats of 20th-century information technology, when they created the Unix operating system, now considered one of the most inspiring and influential pieces of software ever written.<br>
46778 A door had slammed shut for Thompson and Ritchie in March of 1969, when their employer, the American Telephone & Telegraph Co., withdrew from a collaborative project with the Massachusetts Institute of Technology and General Electric to create an interactive time-sharing system called Multics, which stood for “Multiplexed Information and Computing Service.” Time-sharing, a technique that lets multiple people use a single computer simultaneously, had been invented only a decade earlier. Multics was to combine time-sharing with other technological advances of the era, allowing users to phone a computer from remote terminals and then read e-mail, edit documents, run calculations, and so forth. It was to be a great leap forward from the way computers were mostly being used, with people tediously preparing and submitting batch jobs on punch cards to be run one by one.<br>
46779 Over five years, AT&T invested millions in the Multics project, purchasing a GE-645 mainframe computer and dedicating to the effort many of the top researchers at the company’s renowned Bell Telephone Laboratories—including Thompson and Ritchie, Joseph F. Ossanna, Stuart Feldman, M. Douglas McIlroy, and the late Robert Morris. But the new system was too ambitious, and it fell troublingly behind schedule. In the end, AT&T’s corporate leaders decided to pull the plug.<br>
46780 After AT&T’s departure from the Multics project, managers at Bell Labs, in Murray Hill, N.J., became reluctant to allow any further work on computer operating systems, leaving some researchers there very frustrated. Although Multics hadn’t met many of its objectives, it had, as Ritchie later recalled, provided them with a “convenient interactive computing service, a good environment in which to do programming, [and] a system around which a fellowship could form.” Suddenly, it was gone.<br>
46781 With heavy hearts, the researchers returned to using their old batch system. At such an inauspicious moment, with management dead set against the idea, it surely would have seemed foolhardy to continue designing computer operating systems. But that’s exactly what Thompson, Ritchie, and many of their Bell Labs colleagues did. Now, some 40 years later, we should be thankful that these programmers ignored their bosses and continued their labor of love, which gave the world Unix, one of the greatest computer operating systems of all time.<br>
46782 The rogue project began in earnest when Thompson, Ritchie, and a third Bell Labs colleague, Rudd Canaday, began to sketch out on paper the design for a file system. Thompson then wrote the basics of a new operating system for the lab’s GE-645 mainframe. But with the Multics project ended, so too was the need for the GE-645. Thompson realized that any further programming he did on it was likely to go nowhere, so he dropped the effort.<br>
46783 Thompson had passed some of his time after the demise of Multics writing a computer game called Space Travel, which simulated all the major bodies in the solar system along with a spaceship that could fly around them. Written for the GE-645, Space Travel was clunky to play—and expensive: roughly US $75 a game for the CPU time. Hunting around, Thompson came across a dusty PDP-7, a minicomputer built by Digital Equipment Corp. that some of his Bell Labs colleagues had purchased earlier for a circuit-analysis project. Thompson rewrote Space Travel to run on it.<br>
46784 And with that little programming exercise, a second door cracked ajar. It was to swing wide open during the summer of 1969 when Thompson’s wife, Bonnie, spent a month visiting his parents to show off their newborn son. Thompson took advantage of his temporary bachelor existence to write a good chunk of what would become the Unix operating system for the discarded PDP‑7. The name Unix stems from a joke one of Thompson’s colleagues made: Because the new operating system supported only one user (Thompson), he saw it as an emasculated version of Multics and dubbed it “Un-multiplexed Information and Computing Service,” or Unics. The name later morphed into Unix.<br>
46785 Initially, Thompson used the GE-645 to compose and compile the software, which he then downloaded to the PDP‑7. But he soon weaned himself from the mainframe, and by the end of 1969 he was able to write operating-system code on the PDP-7 itself. That was a step in the right direction. But Thompson and the others helping him knew that the PDP‑7, which was already obsolete, would not be able to sustain their skunkworks for long. They also knew that the lab’s management wasn’t about to allow any more research on operating systems.<br>
46786 So Thompson and Ritchie got creative. They formulated a proposal to their bosses to buy one of DEC’s newer minicomputers, a PDP-11, but couched the request in especially palatable terms. They said they were aiming to create tools for editing and formatting text, what you might call a word-processing system today. The fact that they would also have to write an operating system for the new machine to support the editor and text formatter was almost a footnote.<br>
46787 Management took the bait, and an order for a PDP-11 was placed in May 1970. The machine itself arrived soon after, although the disk drives for it took more than six months to appear. During the interim, Thompson, Ritchie, and others continued to develop Unix on the PDP-7. After the PDP-11’s disks were installed, the researchers moved their increasingly complex operating system over to the new machine. Next they brought over the roff text formatter written by Ossanna and derived from the runoff program, which had been used in an earlier time-sharing system.<br>
46788 Unix was put to its first real-world test within Bell Labs when three typists from AT&T’s patents department began using it to write, edit, and format patent applications. It was a hit. The patent department adopted the system wholeheartedly, which gave the researchers enough credibility to convince management to purchase another machine—a newer and more powerful PDP-11 model—allowing their stealth work on Unix to continue.<br>
46789 During its earliest days, Unix evolved constantly, so the idea of issuing named versions or releases seemed inappropriate. But the researchers did issue new editions of the programmer’s manual periodically, and the early Unix systems were named after each such edition. The first edition of the manual was completed in November 1971.<br>
46790 So what did the first edition of Unix offer that made it so great? For one thing, the system provided a hierarchical file system, which allowed something we all now take for granted: Files could be placed in directories—or equivalently, folders—that in turn could be put within other directories. Each file could contain no more than 64 kilobytes, and its name could be no more than six characters long. These restrictions seem awkwardly limiting now, but at the time they appeared perfectly adequate.<br>
46791 Although Unix was ostensibly created for word processing, the only editor available in 1971 was the line-oriented ed. Today, ed is still the only editor guaranteed to be present on all Unix systems. Apart from the text-processing and general system applications, the first edition of Unix included games such as blackjack, chess, and tic-tac-toe. For the system administrator, there were tools to dump and restore disk images to magnetic tape, to read and write paper tapes, and to create, check, mount, and unmount removable disk packs.<br>
46792 Most important, the system offered an interactive environment that by this time allowed time-sharing, so several people could use a single machine at once. Various programming languages were available to them, including BASIC, Fortran, the scripting of Unix commands, assembly language, and B. The last of these, a descendant of a BCPL (Basic Combined Programming Language), ultimately evolved into the immensely popular C language, which Ritchie created while also working on Unix.<br>
46793 The first edition of Unix let programmers call 34 different low-level routines built into the operating system. It’s a testament to the system’s enduring nature that nearly all of these system calls are still available—and still heavily used—on modern Unix and Linux systems four decades on. For its time, first-edition Unix provided a remarkably powerful environment for software development. Yet it contained just 4200 lines of code at its heart and occupied a measly 16 KB of main memory when it ran.<br>
46794 Unix’s great influence can be traced in part to its elegant design, simplicity, portability, and serendipitous timing. But perhaps even more important was the devoted user community that soon grew up around it. And that came about only by an accident of its unique history.<br>
46795 The story goes like this: For years Unix remained nothing more than a Bell Labs research project, but by 1973 its authors felt the system was mature enough for them to present a paper on its design and implementation at a symposium of the Association for Computing Machinery. That paper was published in 1974 in the Communications of the ACM. Its appearance brought a flurry of requests for copies of the software.<br>
46796 This put AT&T in a bind. In 1956, AT&T had agreed to a U.S government consent decree that prevented the company from selling products not directly related to telephones and telecommunications, in return for its legal monopoly status in running the country’s long-distance phone service. So Unix could not be sold as a product. Instead, AT&T released the Unix source code under license to anyone who asked, charging only a nominal fee. The critical wrinkle here was that the consent decree prevented AT&T from supporting Unix. Indeed, for many years Bell Labs researchers proudly displayed their Unix policy at conferences with a slide that read, “No advertising, no support, no bug fixes, payment in advance.”<br>
46797 With no other channels of support available to them, early Unix adopters banded together for mutual assistance, forming a loose network of user groups all over the world. They had the source code, which helped. And they didn’t view Unix as a standard software product, because nobody seemed to be looking after it. So these early Unix users themselves set about fixing bugs, writing new tools, and generally improving the system as they saw fit.<br>
46798 The Usenix user group acted as a clearinghouse for the exchange of Unix software in the United States. People could send in magnetic tapes with new software or fixes to the system and get back tapes with the software and fixes that Usenix had received from others. In Australia, the University of New South Wales and the University of Sydney produced a more robust version of Unix, the Australian Unix Share Accounting Method, which could cope with larger numbers of concurrent users and offered better performance.<br>
46799 By the mid-1970s, the environment of sharing that had sprung up around Unix resembled the open-source movement so prevalent today. Users far and wide were enthusiastically enhancing the system, and many of their improvements were being fed back to Bell Labs for incorporation in future releases. But as Unix became more popular, AT&T’s lawyers began looking harder at what various licensees were doing with their systems.<br>
46800 One person who caught their eye was John Lions, a computer scientist then teaching at the University of New South Wales, in Australia. In 1977, he published what was probably the most famous computing book of the time, A Commentary on the Unix Operating System, which contained an annotated listing of the central source code for Unix.<br>
46801 Unix’s licensing conditions allowed for the exchange of source code, and initially, Lions’s book was sold to licensees. But by 1979, AT&T’s lawyers had clamped down on the book’s distribution and use in academic classes. The antiauthoritarian Unix community reacted as you might expect, and samizdat copies of the book spread like wildfire. Many of us have nearly unreadable nth-generation photocopies of the original book.<br>
46802 End runs around AT&T’s lawyers indeed became the norm—even at Bell Labs. For example, between the release of the sixth edition of Unix in 1975 and the seventh edition in 1979, Thompson collected dozens of important bug fixes to the system, coming both from within and outside of Bell Labs. He wanted these to filter out to the existing Unix user base, but the company’s lawyers felt that this would constitute a form of support and balked at their release. Nevertheless, those bug fixes soon became widely distributed through unofficial channels. For instance, Lou Katz, the founding president of Usenix, received a phone call one day telling him that if he went down to a certain spot on Mountain Avenue (where Bell Labs was located) at 2 p.m., he would find something of interest. Sure enough, Katz found a magnetic tape with the bug fixes, which were rapidly in the hands of countless users.<br>
46803 By the end of the 1970s, Unix, which had started a decade earlier as a reaction against the loss of a comfortable programming environment, was growing like a weed throughout academia and the IT industry. Unix would flower in the early 1980s before reaching the height of its popularity in the early 1990s.<br>
46804 For many reasons, Unix has since given way to other commercial and noncommercial systems. But its legacy, that of an elegant, well-designed, comfortable environment for software development, lives on. In recognition of their accomplishment, Thompson and Ritchie were given the Japan Prize earlier this year, adding to a collection of honors that includes the United States’ National Medal of Technology and Innovation and the Association of Computing Machinery’s Turing Award. Many other, often very personal, tributes to Ritchie and his enormous influence on computing were widely shared after his death this past October.<br>
46805 Unix is indeed one of the most influential operating systems ever invented. Its direct descendants now number in the hundreds. On one side of the family tree are various versions of Unix proper, which began to be commercialized in the 1980s after the Bell System monopoly was broken up, freeing AT&T from the stipulations of the 1956 consent decree. On the other side are various Unix-like operating systems derived from the version of Unix developed at the University of California, Berkeley, including the one Apple uses today on its computers, OS X. I say “Unix-like” because the developers of the Berkeley Software Distribution (BSD) Unix on which these systems were based worked hard to remove all the original AT&T code so that their software and its descendants would be freely distributable.<br>
46806 The effectiveness of those efforts were, however, called into question when the AT&T subsidiary Unix System Laboratories filed suit against Berkeley Software Design and the Regents of the University of California in 1992 over intellectual property rights to this software. The university in turn filed a counterclaim against AT&T for breaches to the license it provided AT&T for the use of code developed at Berkeley. The ensuing legal quagmire slowed the development of free Unix-like clones, including 386BSD, which was designed for the Intel 386 chip, the CPU then found in many IBM PCs.<br>
46807 Had this operating system been available at the time, Linus Torvalds says he probably wouldn’t have created Linux, an open-source Unix-like operating system he developed from scratch for PCs in the early 1990s. Linux has carried the Unix baton forward into the 21st century, powering a wide range of digital gadgets including wireless routers, televisions, desktop PCs, and Android smartphones. It even runs some supercomputers.<br>
46808 Although AT&T quickly settled its legal disputes with Berkeley Software Design and the University of California, legal wrangling over intellectual property claims to various parts of Unix and Linux have continued over the years, often involving byzantine corporate relations. By 2004, no fewer than five major lawsuits had been filed. Just this past August, a software company called the TSG Group (formerly known as the SCO Group), lost a bid in court to claim ownership of Unix copyrights that Novell had acquired when it purchased the Unix System Laboratories from AT&T in 1993.<br>
46809 As a programmer and Unix historian, I can’t help but find all this legal sparring a bit sad. From the very start, the authors and users of Unix worked as best they could to build and share, even if that meant defying authority. That outpouring of selflessness stands in sharp contrast to the greed that has driven subsequent legal battles over the ownership of Unix.<br>
46810 The world of computer hardware and software moves forward startlingly fast. For IT professionals, the rapid pace of change is typically a wonderful thing. But it makes us susceptible to the loss of our own history, including important lessons from the past. To address this issue in a small way, in 1995 I started a mailing list of old-time Unix aficionados. That effort morphed into the Unix Heritage Society. Our goal is not only to save the history of Unix but also to collect and curate these old systems and, where possible, bring them back to life. With help from many talented members of this society, I was able to restore much of the old Unix software to working order, including Ritchie’s first C compiler from 1972 and the first Unix system to be written in C, dating from 1973.<br>
46811 One holy grail that eluded us for a long time was the first edition of Unix in any form, electronic or otherwise. Then, in 2006, Al Kossow from the Computer History Museum, in Mountain View, Calif., unearthed a printed study of Unix dated 1972, which not only covered the internal workings of Unix but also included a complete assembly listing of the kernel, the main component of this operating system. This was an amazing find—like discovering an old Ford Model T collecting dust in a corner of a barn. But we didn’t just want to admire the chrome work from afar. We wanted to see the thing run again.<br>
46812 In 2008, Tim Newsham, an independent programmer in Hawaii, and I assembled a team of like-minded Unix enthusiasts and set out to bring this ancient system back from the dead. The work was technically arduous and often frustrating, but in the end, we had a copy of the first edition of Unix running on an emulated PDP-11/20. We sent out messages announcing our success to all those we thought would be interested. Thompson, always succinct, simply replied, “Amazing.” Indeed, his brainchild was amazing, and I’ve been happy to do what I can to make it, and the story behind it, better known.</p>
46813 </blockquote>
46814
46815 <p><hr></p>
46816
46817 <p><strong>Digital Ocean</strong><br>
46818 <a href="http://do.co/bsdnow">http://do.co/bsdnow</a></p>
46819
46820 <p>###<a href="https://www.davd.eu/posts-freebsd-jails-with-a-single-public-ip-address/">FreeBSD jails with a single public IP address</a></p>
46821
46822 <blockquote>
46823 <p>Jails in FreeBSD provide a simple yet flexible way to set up a proper server layout. In the most setups the actual server only acts as the host system for the jails while the applications themselves run within those independent containers. Traditionally every jail has it’s own IP for the user to be able to address the individual services. But if you’re still using IPv4 this might get you in trouble as the most hosters don’t offer more than one single public IP address per server.</p>
46824 </blockquote>
46825
46826 <ul>
46827 <li>Create the internal network</li>
46828 </ul>
46829
46830 <blockquote>
46831 <p>In this case NAT (“Network Address Translation”) is a good way to expose services in different jails using the same IP address.<br>
46832 First, let’s create an internal network (“NAT network”) at 192.168.0.0/24. You could generally use any private IPv4 address space as specified in RFC 1918. Here’s an overview: <a href="https://en.wikipedia.org/wiki/Private_network">https://en.wikipedia.org/wiki/Private_network</a>. Using pf, FreeBSD’s firewall, we will map requests on different ports of the same public IP address to our individual jails as well as provide network access to the jails themselves.<br>
46833 First let’s check which network devices are available. In my case there’s em0 which provides connectivity to the internet and lo0, the local loopback device.</p>
46834 </blockquote>
46835
46836 <pre><code class="language-em0:"> options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC>
46837 [...]
46838 inet 172.31.1.100 netmask 0xffffff00 broadcast 172.31.1.255
46839 nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
46840 media: Ethernet autoselect (1000baseT <full-duplex>)
46841 status: active
46842
46843 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
46844 options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
46845 inet6 ::1 prefixlen 128
46846 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
46847 inet 127.0.0.1 netmask 0xff000000
46848 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>```
46849
46850 > For our internal network, we create a cloned loopback device called lo1. Therefore we need to customize the /etc/rc.conf file, adding the following two lines:
46851
46852 ```cloned_interfaces="lo1"
46853 ipv4_addrs_lo1="192.168.0.1-9/29"```
46854
46855 > This defines a /29 network, offering IP addresses for a maximum of 6 jails:
46856
46857 ```ipcalc 192.168.0.1/29
46858 Address: 192.168.0.1 11000000.10101000.00000000.00000 001
46859 Netmask: 255.255.255.248 = 29 11111111.11111111.11111111.11111 000
46860 Wildcard: 0.0.0.7 00000000.00000000.00000000.00000 111
46861 =>
46862 Network: 192.168.0.0/29 11000000.10101000.00000000.00000 000
46863 HostMin: 192.168.0.1 11000000.10101000.00000000.00000 001
46864 HostMax: 192.168.0.6 11000000.10101000.00000000.00000 110
46865 Broadcast: 192.168.0.7 11000000.10101000.00000000.00000 111
46866 Hosts/Net: 6 Class C, Private Internet```
46867
46868 > Then we need to restart the network. Please be aware of currently active SSH sessions as they might be dropped during restart. It’s a good moment to ensure you have KVM access to that server ;-)
46869
46870 ```service netif restart```
46871
46872 > After reconnecting, our newly created loopback device is active:
46873
46874 ```lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
46875 options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
46876 inet 192.168.0.1 netmask 0xfffffff8
46877 inet 192.168.0.2 netmask 0xffffffff
46878 inet 192.168.0.3 netmask 0xffffffff
46879 inet 192.168.0.4 netmask 0xffffffff
46880 inet 192.168.0.5 netmask 0xffffffff
46881 inet 192.168.0.6 netmask 0xffffffff
46882 inet 192.168.0.7 netmask 0xffffffff
46883 inet 192.168.0.8 netmask 0xffffffff
46884 inet 192.168.0.9 netmask 0xffffffff
46885 nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>```
46886
46887 + Setting up
46888
46889 > pf part of the FreeBSD base system, so we only have to configure and enable it. By this moment you should already have a clue of which services you want to expose. If this is not the case, just fix that file later on. In my example configuration, I have a jail running a webserver and another jail running a mailserver:
46890
46891 + Public IP address
46892 ```IP_PUB="1.2.3.4"```
46893
46894 + Packet normalization
46895 ```scrub in all```
46896
46897 + Allow outbound connections from within the jails
46898 ```nat on em0 from lo1:network to any -> (em0)```
46899
46900 + webserver jail at 192.168.0.2
46901 ```rdr on em0 proto tcp from any to $IP_PUB port 443 -> 192.168.0.2```
46902
46903 + just an example in case you want to redirect to another port within your jail
46904 ```rdr on em0 proto tcp from any to $IP_PUB port 80 -> 192.168.0.2 port 8080```
46905
46906 + mailserver jail at 192.168.0.3
46907 ```rdr on em0 proto tcp from any to $IP_PUB port 25 -> 192.168.0.3```
46908 ```rdr on em0 proto tcp from any to $IP_PUB port 587 -> 192.168.0.3```
46909 ```rdr on em0 proto tcp from any to $IP_PUB port 143 -> 192.168.0.3```
46910 ```rdr on em0 proto tcp from any to $IP_PUB port 993 -> 192.168.0.3```
46911
46912 > Now just enable pf like this (which is the equivalent of adding pf_enable=YES to /etc/rc.conf):
46913
46914 ```sysrc pf_enable="YES"```
46915
46916 > and start it:
46917
46918 ```service pf start```
46919
46920 + Install ezjail
46921
46922 > Ezjail is a collection of scripts by erdgeist that allow you to easily manage your jails.
46923
46924 ```pkg install ezjail```
46925
46926 > As an alternative, you could install ezjail from the ports tree. Now we need to set up the basejail which contains the shared base system for our jails. In fact, every jail that you create get’s will use that basejail to symlink directories related to the base system like /bin and /sbin. This can be accomplished by running
46927
46928 ```ezjail-admin install```
46929
46930 > In the next step, we’ll copy the /etc/resolv.conf file from our host to the newjail, which is the template for newly created jails (the parts that are not provided by basejail), to ensure that domain resolution will work properly within our jails later on:
46931
46932 ```cp /etc/resolv.conf /usr/jails/newjail/etc/```
46933
46934 > Last but not least, we enable ezjail and start it:
46935
46936 ```sysrc ezjail_enable="YES"```
46937 ```service ezjail start```
46938
46939 + Create a jail
46940
46941 > Creating a jail is as easy as it could probably be:
46942
46943 ```ezjail-admin create webserver 192.168.0.2```
46944 ```ezjail-admin start webserver```
46945
46946 > Now you can access your jail using:
46947
46948 ```ezjail-admin console webserver```
46949
46950 > Each jail contains a vanilla FreeBSD installation.
46951
46952 + Deploy services
46953
46954 > Now you can spin up as many jails as you want to set up your services like web, mail or file shares. You should take care not to enable sshd within your jails, because that would cause problems with the service’s IP bindings. But this is not a problem, just SSH to the host and enter your jail using ezjail-admin console.
46955 ***
46956
46957 ###[EuroBSDcon 2018 Talks & Schedule](https://2018.eurobsdcon.org/talks-schedule/)
46958 ***
46959
46960
46961
46962
46963 ##News Roundup
46964 ###[OpenBSD on an iBook G4](https://bobstechsite.com/openbsd-on-an-ibook-g4/)
46965 > I've mentioned on social media and on the BTS podcast a few times that I wanted to try installing OpenBSD onto an old "snow white" iBook G4 I acquired last summer to see if I could make it a useful machine again in the year 2018. This particular eBay purchase came with a 14" 1024x768 TFT screen, 1.07GHz PowerPC G4 processor, 1.5GB RAM, 100GB of HDD space and an ATI Radeon 9200 graphics card with 32 MB of SDRAM. The optical drive, ethernet port, battery & USB slots are also fully-functional. The only thing that doesn't work is the CMOS battery, but that's not unexpected for a device that was originally released in 2004.
46966
46967 + Initial experiments
46968
46969 > This iBook originally arrived at my door running Apple Mac OSX Leopard and came with the original install disk, the iLife & iWork suites for 2008, various instruction manuals, a working power cable and a spare keyboard. As you'll see in the pictures I took for this post the characters on the buttons have started to wear away from 14 years of intensive use, but the replacement needs a very good clean before I decide to swap it in!
46970
46971 > After spending some time exploring the last version of OSX to support the IBM PowerPC processor architecture I tried to see if the hardware was capable of modern computing with Linux. Something I knew ahead of trying this was that the WiFi adapter was unlikely to work because it's a highly proprietary component designed by Apple to work specifically with OSX and nothing else, but I figured I could probably use a wireless USB dongle later to get around this limitation.
46972
46973 > Unfortunately I found that no recent versions of mainstream Linux distributions would boot off this machine. Debian has dropped support 32-bit PowerPC architectures and the PowerPC variants of Ubuntu 16.04 LTS (vanilla, MATE and Lubuntu) wouldn't even boot the installer! The only distribution I could reliably install on the hardware was Lubuntu 14.04 LTS.
46974
46975 > Unfortunately I'm not the biggest fan of the LXDE desktop for regular work and a lot of ported applications were old and broken because it clearly wasn't being maintained by people that use the hardware anymore. Ubuntu 14.04 is also approaching the end of its support life in early 2019, so this limited solution also has a limited shelf-life.
46976
46977 + Over to BSD
46978
46979 > I discussed this problem with a few people on Mastodon and it was pointed out to me that OSX is built on the Darwin kernel, which happens to be a variant of BSD. NetBSD and OpenBSD fans in particular convinced me that their communities still saw the value of supporting these old pieces of kit and that I should give BSD a try.
46980
46981 > So yesterday evening I finally downloaded the "macppc" version of OpenBSD 6.3 with no idea what to expect. I hoped for the best but feared the worst because my last experience with this operating system was trying out PC-BSD in 2008 and discovering with disappointment that it didn't support any of the hardware on my Toshiba laptop.
46982
46983 > When I initially booted OpenBSD I was a little surprised to find the login screen provided no visual feedback when I typed in my password, but I can understand the security reasons for doing that. The initial desktop environment that was loaded was very basic. All I could see was a console output window, a terminal and a desktop switcher in the X11 environment the system had loaded.
46984
46985 > After a little Googling I found this blog post had some fantastic instructions to follow for the post-installation steps: https://sohcahtoa.org.uk/openbsd.html. I did have to adjust them slightly though because my iBook only has 1.5GB RAM and not every package that page suggests is available on macppc by default. You can see a full list here: https://ftp.openbsd.org/pub/OpenBSD/6.3/packages/powerpc/.
46986
46987 + Final thoughts
46988
46989 > I was really impressed with the performance of OpenBSD's "macppc" port. It boots much faster than OSX Leopard on the same hardware and unlike Lubuntu 14.04 it doesn't randomly hang for no reason or crash if you launch something demanding like the GIMP.
46990
46991 > I was pleased to see that the command line tools I'm used to using on Linux have been ported across too. OpenBSD also had no issues with me performing basic desktop tasks on XFCE like browsing the web with NetSurf, playing audio files with VLC and editing images with the GIMP. Limited gaming is also theoretically possible if you're willing to build them (or an emulator) from source with SDL support.
46992
46993 > If I wanted to use this system for heavy duty work then I'd probably be inclined to run key applications like LibreOffice on a Raspberry Pi and then connect my iBook G4 to those using VNC or an SSH connection with X11 forwarding. BSD is UNIX after all, so using my ancient laptop as a dumb terminal should work reasonably well.
46994
46995 > In summary I was impressed with OpenBSD and its ability to breathe new life into this old Apple Mac. I'm genuinely excited about the idea of trying BSD with other devices on my network such as an old Asus Eee PC 900 netbook and at least one of the many Raspberry Pi devices I use. Whether I go the whole hog and replace Fedora on my main production laptop though remains to be seen!
46996
46997 ***
46998
46999 ###[The template user with PAM and login(1)](http://oshogbo.vexillium.org/blog/48)
47000 > When you build a new service (or an appliance) you need your users to be able to configure it from the command line. To accomplish this you can create system accounts for all registered users in your service and assign them a special login shell which provides such limited functionality. This can be painful if you have a dynamic user database.
47001 > Another challenge is authentication via remote services such as RADIUS. How can we implement services when we authenticate through it and log into it as a different user? Furthermore, imagine a scenario when RADIUS decides on which account we have the right to access by sending an additional attribute.
47002 > To address these two problems we can use a "template" user. Any of the PAM modules can set the value of the PAM_USER item. The value of this item will be used to determine which account we want to login. Only the "template" user must exist on the local password database, but the credential check can be omitted by the module.
47003 > This functionality exists in the login(1) used by FreeBSD, HardenedBSD, DragonFlyBSD and illumos. The functionality doesn't exist in the login(1) used in NetBSD, and OpenBSD doesn't support PAM modules at all. In addition what is also noteworthy is that such functionality was also in the OpenSSH but they decided to remove it and call it a security vulnerability (CVE 2015-6563). I can see how some people may have seen it that way, that’s why I recommend reading this article from an OpenPAM author and a FreeBSD security officer at the time.
47004 > Knowing the background let's take a look at an example.
47005
47006 ```PAM_EXTERN int
47007 pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
47008 int argc __unused, const char *argv[] __unused)
47009 {
47010 const char *user, *password;
47011 int err;
47012
47013 err = pam_get_user(pamh, &user, NULL);
47014 if (err != PAM_SUCCESS)
47015 return (err);
47016
47017 err = pam_get_authtok(pamh, PAM_AUTHTOK, &password, NULL);
47018 if (err == PAM_CONV_ERR)
47019 return (err);
47020 if (err != PAM_SUCCESS)
47021 return (PAM_AUTH_ERR);
47022
47023 err = authenticate(user, password);
47024 if (err != PAM_SUCCESS) {
47025 return (err);
47026 }
47027
47028 return (pam_set_item(pamh, PAM_USER, "template"));
47029 }
47030 </code></pre>
47031
47032 <blockquote>
47033 <p>In the listing above we have an example of a PAM module. The pam_get_user(3) provides a username. The pam_get_authtok(3) shows us a secret given by the user. Both functions allow us to give an optional prompt which should be shown to the user. The authenticate function is our crafted function which authenticates the user. In our first scenario we wanted to keep all users in an external database. If authentication is successful we then switch to a template user which has a shell set up for a script allowing us to configure the machine. In our second scenario the authenticate function authenticates the user in RADIUS.</p>
47034 </blockquote>
47035
47036 <blockquote>
47037 <p>Another step is to add our PAM module to the /etc/pam.d/system or to the /etc/pam.d/login configuration:</p>
47038 </blockquote>
47039
47040 <p><code>auth sufficient pam_template.so no_warn allow_local</code></p>
47041
47042 <blockquote>
47043 <p>Unfortunately the description of all these options goes beyond this article - if you would like to know more about it you can find them in the PAM manual. The last thing we need to do is to add our template user to the system which you can do by the adduser(8) command or just simply modifying the /etc/master.passwd file and use pwd_mkdb(8) program:</p>
47044 </blockquote>
47045
47046 <p><code>$ tail -n /etc/master.passwd</code><br>
47047 <code>template:*:1000:1000::0:0:User &:/:/usr/local/bin/templatesh</code><br>
47048 <code>$ sudo pwd_mkdb /etc/master.passwd</code></p>
47049
47050 <blockquote>
47051 <p>As you can see,the template user can be locked and we still can use it in our PAM module (the * character after login).<br>
47052 I would like to thank Dag-Erling Smørgrav for pointing this functionality out to me when I was looking for it some time ago.</p>
47053 </blockquote>
47054
47055 <p><hr></p>
47056
47057 <p><strong>iXsystems</strong><br>
47058 <a href="https://www.ixsystems.com/blog/vmworld2018-countdown/">iXsystems @ VMWorld</a></p>
47059
47060 <p>###<a href="https://aravindh.net/posts/zfs_fileserver/">ZFS file server</a></p>
47061
47062 <ul>
47063 <li>What is the need?</li>
47064 </ul>
47065
47066 <blockquote>
47067 <p>At work, we run a compute cluster that uses an Isilon cluster as primary NAS storage. Excluding snapshots, we have about 200TB of research data, some of them in compressed formats, and others not. We needed an offsite backup file server that would constantly mirror our primary NAS and serve as a quick recovery source in case of a data loss in the the primary NAS. This offsite file server would be passive - will never face the wrath of the primary cluster workload.<br>
47068 In addition to the role of a passive backup server, this solution would take on some passive report generation workloads as an ideal way of offloading some work from the primary NAS. The passive work is read-only.<br>
47069 The backup server would keep snapshots in a best effort basis dating back to 10 years. However, this data on this backup server would be archived to tapes periodically.</p>
47070 </blockquote>
47071
47072 <ul>
47073 <li>
47074 <p>A simple guidance of priorities:</p>
47075 </li>
47076 <li>
47077 <p>Data integrity > Cost of solution > Storage capacity > Performance.</p>
47078 </li>
47079 <li>
47080 <p>Why not enterprise NAS? NetApp FAS or EMC Isilon or the like?</p>
47081 </li>
47082 </ul>
47083
47084 <blockquote>
47085 <p>We decided that enterprise grade NAS like NetAPP FAS or EMC Isilon are prohibitively expensive and an overkill for our needs.<br>
47086 An open source & cheaper alternative to enterprise grade filesystem with the level of durability we expect turned up to be ZFS. We’re already spoilt from using snapshots by a clever Copy-on-Write Filesystem(WAFL) by NetApp. ZFS providing snapshots in almost identical way was a big influence in the choice. This is also why we did not consider just a CentOS box with the default XFS filesystem.</p>
47087 </blockquote>
47088
47089 <ul>
47090 <li>FreeBSD vs Debian for ZFS</li>
47091 </ul>
47092
47093 <blockquote>
47094 <p>This is a backup server, a long-term solution. Stability and reliability are key requirements. ZFS on Linux may be popular at this time, but there is a lot of churn around its development, which means there is a higher probability of bugs like this to occur. We’re not looking for cutting edge features here. Perhaps, Linux would be considered in the future.</p>
47095 </blockquote>
47096
47097 <ul>
47098 <li>FreeBSD + ZFS</li>
47099 </ul>
47100
47101 <blockquote>
47102 <p>We already utilize FreeBSD and OpenBSD for infrastructure services and we have nothing but praises for the stability that the BSDs have provided us. We’d gladly use FreeBSD and OpenBSD wherever possible.</p>
47103 </blockquote>
47104
47105 <ul>
47106 <li>Okay, ZFS, but why not FreeNAS?</li>
47107 </ul>
47108
47109 <blockquote>
47110 <p>IMHO, FreeNAS provides a integrated GUI management tool over FreeBSD for a novice user to setup and configure FreeBSD, ZFS, Jails and many other features. But, this user facing abstraction adds an extra layer of complexity to maintain that is just not worth it in simpler use cases like ours. For someone that appreciates the commandline interface, and understands FreeBSD enough to administer it, plain FreeBSD + ZFS is simpler and more robust than FreeNAS.</p>
47111 </blockquote>
47112
47113 <ul>
47114 <li>Specifications</li>
47115 <li>Lenovo SR630 Rackserver</li>
47116 <li>2 X Intel Xeon silver 4110 CPUs</li>
47117 <li>768 GB of DDR4 ECC 2666 MHz RAM</li>
47118 <li>4 port SAS card configured in passthrough mode(JBOD)</li>
47119 <li>Intel network card with 10 Gb SFP+ ports</li>
47120 <li>128GB M.2 SSD for use as boot drive</li>
47121 <li>2 X HGST 4U60 JBOD</li>
47122 <li>120(2 X 60) X 10TB SAS disks</li>
47123 </ul>
47124
47125 <p><hr></p>
47126
47127 <p>###<a href="https://nanxiao.me/en/reflection-on-one-year-usage-of-openbsd/">Reflection on one-year usage of OpenBSD</a></p>
47128
47129 <blockquote>
47130 <p>I have used OpenBSD for more than one year, and it is time to give a summary of the experience:</p>
47131 </blockquote>
47132
47133 <ul>
47134 <li>(1) What do I get from OpenBSD?</li>
47135 </ul>
47136
47137 <blockquote>
47138 <p>a) A good UNIX tutorial. When I am curious about some UNIXcommands’ implementation, I will refer to OpenBSD source code, and I actually gain something every time. E.g., refresh socket programming skills from nc; know how to process file efficiently from cat.</p>
47139 </blockquote>
47140
47141 <blockquote>
47142 <p>b) A better test bed. Although my work focus on developing programs on Linux, I will try to compile and run applications on OpenBSD if it is possible. One reason is OpenBSD usually gives more helpful warnings. E.g., hint like this:</p>
47143 </blockquote>
47144
47145 <p><code>......</code><br>
47146 <code>warning: sprintf() is often misused, please use snprintf()</code><br>
47147 <code>......</code></p>
47148
47149 <blockquote>
47150 <p>Or you can refer this post which I wrote before. The other is sometimes program run well on Linux may crash on OpenBSD, and OpenBSD can help you find hidden bugs.</p>
47151 </blockquote>
47152
47153 <blockquote>
47154 <p>c) Some handy tools. E.g. I find tcpbench is useful, so I ported it into Linux for my own usage (project is here).</p>
47155 </blockquote>
47156
47157 <ul>
47158 <li>(2) What I give back to OpenBSD?</li>
47159 </ul>
47160
47161 <blockquote>
47162 <p>a) Patches. Although most of them are trivial modifications, they are still my contributions.</p>
47163 </blockquote>
47164
47165 <blockquote>
47166 <p>b) Write blog posts to share experience about using OpenBSD.</p>
47167 </blockquote>
47168
47169 <blockquote>
47170 <p>c) Develop programs for OpenBSD/*BSD: lscpu and free.</p>
47171 </blockquote>
47172
47173 <blockquote>
47174 <p>d) Porting programs into OpenBSD: E.g., I find google/benchmark is a nifty tool, but lacks OpenBSD support, I submitted PR and it is accepted. So you can use google/benchmark on OpenBSD now.</p>
47175 </blockquote>
47176
47177 <ul>
47178 <li>Generally speaking, the time invested on OpenBSD is rewarding. If you are still hesitating, why not give a shot?</li>
47179 </ul>
47180
47181 <p><hr></p>
47182
47183 <p>##Beastie Bits</p>
47184
47185 <ul>
47186 <li><a href="https://www.meetup.com/BSD-Users-Stockholm/events/253447019/">BSD Users Stockholm Meetup</a></li>
47187 <li><a href="https://www.youtube.com/playlist?list=PLeF8ZihVdpFfkICtA2HFsZecdC28_mrQh">BSDCan 2018 Playlist</a></li>
47188 <li><a href="https://forum.opnsense.org/index.php?PHPSESSID=hvuv2kg4js2nlfpm73ut5ro8p2&topic=9280.0">OPNsense 18.7 released</a></li>
47189 <li><a href="https://youtu.be/WLgdJwd5zcQ">Testing TrueOS (FreeBSD derivative) on real hardware ThinkPad T410</a></li>
47190 <li><a href="https://lists.freebsd.org/pipermail/freebsd-jobs/2018-July/000946.html">Kernel Hacker Wanted!</a></li>
47191 <li><a href="https://svnweb.freebsd.org/changeset/base/337411">Replace a pair of 8-bit writes to VGA memory with a single 16-bit write</a></li>
47192 <li><a href="https://svnweb.freebsd.org/changeset/base/337229">Reduce taskq and context-switch cost of zio pipe</a></li>
47193 <li><a href="https://reviews.freebsd.org/D16606">Proposed FreeBSD Memory Management change, expected to improve ZFS ARC interactions</a></li>
47194 </ul>
47195
47196 <p><hr></p>
47197
47198 <p><strong>Tarsnap</strong></p>
47199
47200 <p>##Feedback/Questions</p>
47201
47202 <ul>
47203 <li>Anian_Z - <a href="http://dpaste.com/093FC8R#wrap">Question</a></li>
47204 <li>Robert - <a href="http://dpaste.com/0GG7Q2A#wrap">Pool question</a></li>
47205 <li>Lain - <a href="http://dpaste.com/2BWPX9C">Congratulations</a></li>
47206 <li>Thomas - <a href="http://dpaste.com/25NGAP3#wrap">L2arc</a></li>
47207 </ul>
47208
47209 <p><hr></p>
47210
47211 <ul>
47212 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
47213 </ul>
47214
47215 <p><hr></p>]]>
47216 </itunes:summary>
47217 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+dhqeLgyb</fireside:playerURL>
47218 <fireside:playerEmbedCode>
47219 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+dhqeLgyb" width="740" height="200" frameborder="0" scrolling="no">]]>
47220 </fireside:playerEmbedCode>
47221 </item>
47222 <item>
47223 <title>Episode 258: OS Foundations | BSD Now 258</title>
47224 <link>https://www.bsdnow.tv/258</link>
47225 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-2390</guid>
47226 <pubDate>Tue, 07 Aug 2018 22:00:00 -0700</pubDate>
47227 <author>Allan Jude</author>
47228 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/2975f51c-21d4-41df-bae9-4e3616147a50.mp3" length="52903277" type="audio/mp3"/>
47229 <itunes:episodeType>full</itunes:episodeType>
47230 <itunes:author>Allan Jude</itunes:author>
47231 <itunes:subtitle>FreeBSD Foundation July Newsletter, a bunch of BSDCan trip reports, HardenedBSD Foundation status, FreeBSD and OSPFd, ZFS disk structure overview, and more Spectre mitigations in OpenBSD.</itunes:subtitle>
47232 <itunes:duration>1:27:52</itunes:duration>
47233 <itunes:explicit>no</itunes:explicit>
47234 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
47235 <description>FreeBSD Foundation July Newsletter, a bunch of BSDCan trip reports, HardenedBSD Foundation status, FreeBSD and OSPFd, ZFS disk structure overview, and more Spectre mitigations in OpenBSD.
47236 <p>##Headlines<br>
47237 <a href="https://www.freebsdfoundation.org/news-and-events/newsletter/freebsd-foundation-update-july-2018/">FreeBSD Foundation Update, July 2018</a></p>
47238 <ul>
47239 <li>MESSAGE FROM THE EXECUTIVE DIRECTOR</li>
47240 </ul>
47241 <blockquote>
47242 <p>We’re in the middle of summer here, in Boulder, CO. While the days are typically hot, they can also be quite unpredictable. Thanks to the Rocky Mountains, waking up to 50-degree (~10 C) foggy weather is not surprising. In spite of the unpredictable weather, many of us took some vacation this month. Whether it was extending the Fourth of July celebration, spending time with family, or relaxing and enjoying the summer weather, we appreciated our time off, while still managing to accomplish a lot!<br>
47243 In this newsletter, Glen Barber enlightens us about the upcoming 12.0 release. I gave a recap of OSCON, that Ed Maste and I attended, and Mark Johnston explains the work on his improved microcode loading project, that we are funding. Finally, Anne Dickison gives us a rundown on upcoming events and information on submitting a talk for MeetBSD.<br>
47244 Your support helps us continue this work. Please consider making a donation today. We can’t do it without you. Happy reading!!</p>
47245 </blockquote>
47246 <ul>
47247 <li>June 2018 Development Projects Update</li>
47248 <li>Fundraising Update: Supporting the Project</li>
47249 <li>July 2018 Release Engineering Update</li>
47250 <li>OSCON 2018 Recap</li>
47251 <li>Submit Your Work: MeetBSD 2018</li>
47252 <li>FreeBSD Discount for 2018 SNIA Developer Conference</li>
47253 <li>EuroBSDcon 2018 Travel Grant Application Deadline: August 2</li>
47254 </ul>
47255 <hr>
47256 <p><strong>iXsystems</strong></p>
47257 <p>###BSDCan Trip Reports</p>
47258 <ul>
47259 <li><a href="https://www.freebsdfoundation.org/blog/bsdcan-2018-trip-report-constantin-stan/">BSDCan 2018 Trip Report: Constantin Stan</a></li>
47260 <li><a href="https://www.freebsdfoundation.org/blog/bsdcan-2018-trip-report-danilo-g-baio/">BSDCan 2018 Trip Report: Danilo G. Baio</a></li>
47261 <li><a href="https://www.freebsdfoundation.org/blog/bsdcan-2018-trip-report-rodrigo-osorio/">BSDCan 2018 Trip Report: Rodrigo Osorio</a></li>
47262 <li><a href="https://www.freebsdfoundation.org/blog/bsdcan-2018-trip-report-dhananjay-balan/">BSDCan 2018 Trip Report: Dhananjay Balan</a></li>
47263 <li><a href="https://www.freebsdfoundation.org/blog/bsdcan-2018-trip-report-kyle-evans/">BSDCan 2018 Trip Report: Kyle Evans</a></li>
47264 </ul>
47265 <hr>
47266 <p>##News Roundup<br>
47267 <a href="https://blog.haraschak.com/freebsd-and-ospfd/">FreeBSD and OSPFd</a></p>
47268 <blockquote>
47269 <p>With FreeBSD jails deployed around the world, static routing was getting a bit out of hand. Plus, when I needed to move a jail from one data center to another, I would have to update routing tables across multiple sites. Not ideal. Enter dynamic routing…</p>
47270 </blockquote>
47271 <blockquote>
47272 <p>OSPF (open shortest path first) is an internal dynamic routing protocol that provides the autonomy that I needed and it’s fairly easy to setup. This article does not cover configuration of VPN links, ZFS, or Freebsd jails, however it’s recommended that you use seperate ZFS datasets per jail so that migration between hosts can be done with zfs send &amp; receive.</p>
47273 </blockquote>
47274 <blockquote>
47275 <p>In this scenario, we have five FreeBSD servers in two different data centers. Each physical server runs anywhere between three to ten jails. When jails are deployed, they are assigned a /32 IP on lo2. From here, pf handles inbound port forwarding and outbound NAT. Links between each server are provided by OpenVPN TAP interfaces. (I used TAP to pass layer 2 traffic. I seem to remember that I needed TAP interfaces due to needing GRE tunnels on top of TUN interfaces to get OSPF to communicate. I’ve heard TAP is slower than TUN so I may revisit this.)</p>
47276 </blockquote>
47277 <blockquote>
47278 <p>In this example, we will use 172.16.2.0/24 as the range for OpenVPN P2P links and 172.16.3.0/24 as the range of IPs available for assignment to each jail. Previously, when deploying a jail, I assigned IPs based on the following groups:</p>
47279 </blockquote>
47280 <p><code>Server 1: 172.16.3.0/28</code><br>
47281 <code>Server 2: 172.16.3.16/28</code><br>
47282 <code>Server 3: 172.16.3.32/28</code><br>
47283 <code>Server 4: 172.16.3.48/28</code><br>
47284 <code>Server 5: 172.16.3.64/28</code></p>
47285 <blockquote>
47286 <p>When statically routing, this made routing tables a bit smaller and easier to manage. However, when I needed to migrate a jail to a new host, I had to add a new /32 to all routing tables. Now, with OSPF, this is no longer an issue, nor is it required.</p>
47287 </blockquote>
47288 <ul>
47289 <li>
47290 <p>To get started, first we install the Quagga package.</p>
47291 </li>
47292 <li>
47293 <p>The two configuration files needed to get OSPFv2 running are /usr/local/etc/quagga/zebra.conf and /usr/local/etc/quagga/ospfd.conf.</p>
47294 </li>
47295 <li>
47296 <p>Starting with zebra.conf, we’ll define the hostname and a management password.</p>
47297 </li>
47298 <li>
47299 <p>Second, we will populate the ospfd.conf file.</p>
47300 </li>
47301 <li>
47302 <p>To break this down:</p>
47303 </li>
47304 <li>
47305 <p>service advanced-vty allows you to skip the en or enable command. Since I’m the only one who uses this service, it’s one less command to type.</p>
47306 </li>
47307 <li>
47308 <p>ip ospf authentication message-digest and ip ospf message-diget-key… ignores non-authenticated OSPF communication. This is useful when communicating over the WAN and to prevent a replay attack. Since I’m using a VPN to communicate, I could exclude these.</p>
47309 </li>
47310 <li>
47311 <p>passive-interface default turns off the active communication of OSPF messages on all interfaces except for the interfaces listed as no passive-interface [interface name]. Since my ospf communication needs to leverage the VPNs, this prevents the servers from trying to send ospf data out the WAN interface (a firewall would work too).</p>
47312 </li>
47313 <li>
47314 <p>network 172.16.2.0/23 area 0.0.0.0 lists a supernet of both 172.16.2.0/24 and 172.16.3.0/24. This ensures routes for the jails are advertised along with the P2P links used by OpenVPN. The OpenVPN links are not required but can provide another IP to access your server if one of the links goes down. (See the suggested tasks below).</p>
47315 </li>
47316 <li>
47317 <p>At this point, we can enable the services in rc.conf.local and start them.</p>
47318 </li>
47319 <li>
47320 <p>We bind the management interface to 127.0.0.1 so that it’s only accessable to local telnet sessions. If you want to access this service remotely, you can bind to a remotely accessable IP. Remember telnet is not secure. If you need remote access, use a VPN.</p>
47321 </li>
47322 <li>
47323 <p>To manage the services, you can telnet to your host’s localhost address.</p>
47324 </li>
47325 <li>
47326 <p>Use 2604 for the ospf service.</p>
47327 </li>
47328 <li>
47329 <p>Remember, this is accessible by non-root users so set a good password.</p>
47330 </li>
47331 </ul>
47332 <hr>
47333 <p>###<a href="https://utcc.utoronto.ca/~cks/space/blog/solaris/ZFSBroadDiskStructure">A broad overview of how ZFS is structured on disk</a></p>
47334 <blockquote>
47335 <p>When I wrote yesterday’s entry, it became clear that I didn’t understand as much about how ZFS is structured on disk (and that this matters, since I thought that ZFS copy on write updates updated a lot more than they do). So today I want to write down my new broad understanding of how this works. (All of this can be dug out of the old, draft ZFS on-disk format specification, but that spec is written in a very detailed way and things aren’t always immediately clear from it.)</p>
47336 </blockquote>
47337 <blockquote>
47338 <p>Almost everything in ZFS is in DMU object. All objects are defined by a dnode, and object dnodes are almost always grouped together in an object set. Object sets are themselves DMU objects; they store dnodes as basically a giant array in a ‘file’, which uses data blocks and indirect blocks and so on, just like anything else. Within a single object set, dnodes have an object number, which is the index of their position in the object set’s array of dnodes. (Because an object number is just the index of the object’s dnode in its object set’s array of dnodes, object numbers are basically always going to be duplicated between object sets (and they’re always relative to an object set). For instance, pretty much every object set is going to have an object number ten, although not all object sets may have enough objects that they have an object number ten thousand. One corollary of this is that if you ask zdb to tell you about a given object number, you have to tell zdb what object set you’re talking about. Usually you do this by telling zdb which ZFS filesystem or dataset you mean.)</p>
47339 </blockquote>
47340 <blockquote>
47341 <p>Each ZFS filesystem has its own object set for objects (and thus dnodes) used in the filesystem. As I discovered yesterday, every ZFS filesystem has a directory hierarchy and it may go many levels deep, but all of this directory hierarchy refers to directories and files using their object number.</p>
47342 </blockquote>
47343 <blockquote>
47344 <p>ZFS organizes and keeps track of filesystems, clones, and snapshots through the DSL (Dataset and Snapshot Layer). The DSL has all sorts of things; DSL directories, DSL datasets, and so on, all of which are objects and many of which refer to object sets (for example, every ZFS filesystem must refer to its current object set somehow). All of these DSL objects are themselves stored as dnodes in another object set, the Meta Object Set, which the uberblock points to. To my surprise, object sets are not stored in the MOS (and as a result do not have ‘object numbers’). Object sets are always referred to directly, without indirection, using a block pointer to the object set’s dnode. (I think object sets are referred to directly so that snapshots can freeze their object set very simply.)</p>
47345 </blockquote>
47346 <blockquote>
47347 <p>The DSL directories and datasets for your pool’s set of filesystems form a tree themselves (each filesystem has a DSL directory and at least one DSL dataset). However, just like in ZFS filesystems, all of the objects in this second tree refer to each other indirectly, by their MOS object number. Just as with files in ZFS filesystems, this level of indirection limits the amount of copy on write updates that ZFS had to do when something changes.</p>
47348 </blockquote>
47349 <blockquote>
47350 <p>PS: If you want to examine MOS objects with zdb, I think you do it with something like ‘zdb -vvv -d ssddata 1’, which will get you object number 1 of the MOS, which is the MOS object directory. If you want to ask zdb about an object in the pool’s root filesystem, use ‘zdb -vvv -d ssddata/ 1’. You can tell which one you’re getting depending on what zdb prints out. If it says ‘Dataset mos [META]’ you’re looking at objects from the MOS; if it says ‘Dataset ssddata [ZPL]’, you’re looking at the pool’s root filesystem (where object number 1 is the ZFS master node).</p>
47351 </blockquote>
47352 <blockquote>
47353 <p>PPS: I was going to write up what changed on a filesystem write, but then I realized that I didn’t know how blocks being allocated and freed are reflected in pool structures. So I’ll just say that I think that ignoring free space management, only four DMU objects get updated; the file itself, the filesystem’s object set, the filesystem’s DSL dataset object, and the MOS.</p>
47354 </blockquote>
47355 <ul>
47356 <li>(As usual, doing the research to write this up taught me things that I didn’t know about ZFS.)</li>
47357 </ul>
47358 <hr>
47359 <p><strong>Digital Ocean</strong></p>
47360 <p>###<a href="https://hardenedbsd.org/article/shawn-webb/2018-07-11/mid-july-hardenedbsd-foundation-status">HardenedBSD Foundation Status</a></p>
47361 <blockquote>
47362 <p>On 09 July 2018, the HardenedBSD Foundation Board of Directors held the kick-off meeting to start organizing the Foundation. The following people attended the kick-off meeting:</p>
47363 </blockquote>
47364 <ul>
47365 <li>
47366 <ol>
47367 <li>Shawn Webb (in person)</li>
47368 </ol>
47369 </li>
47370 <li>
47371 <ol start="2">
47372 <li>George Saylor (in person)</li>
47373 </ol>
47374 </li>
47375 <li>
47376 <ol start="3">
47377 <li>Ben Welch (in person)</li>
47378 </ol>
47379 </li>
47380 <li>
47381 <ol start="4">
47382 <li>Virginia Suydan (in person)</li>
47383 </ol>
47384 </li>
47385 <li>
47386 <ol start="5">
47387 <li>Ben La Monica (phone)</li>
47388 </ol>
47389 </li>
47390 <li>
47391 <ol start="6">
47392 <li>Dean Freeman (phone)</li>
47393 </ol>
47394 </li>
47395 <li>
47396 <ol start="7">
47397 <li>Christian Severt (phone)</li>
47398 </ol>
47399 </li>
47400 </ul>
47401 <blockquote>
47402 <p>We discussed the very first steps that need to be taken to organize the HardenedBSD Foundation as a 501©(3) not-for-profit organization in the US. We determined we could file a 1023EZ instead of the full-blown 1023. This will help speed the process up drastically.</p>
47403 </blockquote>
47404 <ul>
47405 <li>The steps are laid out as follows:</li>
47406 <li>Register a Post Office Box (PO Box) (completed on 10 Jul 2018).</li>
47407 <li>Register The HardenedBSD Foundation as a tax-exempt nonstock corporation in the state of Maryland (started on 10 Jul 2018, submitted on 18 Jul 2018, granted 20 Jul 2018).</li>
47408 <li>Obtain a federal tax ID (obtained 20 Jul 2018).</li>
47409 <li>Close the current bank account and create a new one using the federal tax ID (completed on 20 Jul 2018).</li>
47410 <li>File the 1023EZ paperwork with the federal government (started on 20 Jul 2018).</li>
47411 <li>Hire an attorney to help draft the organization bylaws.</li>
47412 <li>Each of the steps must be done serially and in order.</li>
47413 </ul>
47414 <blockquote>
47415 <p>We added Christian Severt, who is on Emerald Onion’s Board of Directors, to the HardenedBSD Foundation Board of Directors as an advisor. He was foundational in getting Emerald Onion their 501©(3) tax-exempt, not-for-profit status and has really good insight. Additionally, he’s going to help HardenedBSD coordinate hosting services, figuring out the best deals for us.</p>
47416 </blockquote>
47417 <blockquote>
47418 <p>We promoted George Saylor to Vice President and changed Shawn Webb’s title to President and Director. This is to help resolve potential concerns both the state and federal agencies might have with an organization having only a single President role.</p>
47419 </blockquote>
47420 <blockquote>
47421 <p>We hope to be granted our 501©(3) status before the end of the year, though that may be subject to change. We are excited for the formation of the HardenedBSD Foundation, which will open up new opportunities not otherwise available to HardenedBSD.</p>
47422 </blockquote>
47423 <hr>
47424 <p>###<a href="https://undeadly.org/cgi?action=article;sid=20180724072257">More mitigations against speculative execution vulnerabilities</a></p>
47425 <blockquote>
47426 <p>Philip Guenther (guenther@) and Bryan Steele (brynet@) have added more mitigations against speculative execution CPU vulnerabilities on the amd64 platform.</p>
47427 </blockquote>
47428 <pre><code class="language-For">
47429 CVSROOT: /cvs
47430 Module name: src
47431 Changes by: guenther@cvs.openbsd.org 2018/07/23 11:54:04
47432 Modified files:
47433 sys/arch/amd64/amd64: locore.S
47434 sys/arch/amd64/include: asm.h cpufunc.h frameasm.h
47435 Log message:
47436 Do &quot;Return stack refilling&quot;, based on the &quot;Return stack underflow&quot; discussion
47437 and its associated appendix at https://support.google.com/faqs/answer/7625886
47438 This should address at least some cases of &quot;SpectreRSB&quot; and earlier
47439 Spectre variants; more commits to follow.
47440 The refilling is done in the enter-kernel-from-userspace and
47441 return-to-userspace-from-kernel paths, making sure to do it before
47442 unblocking interrupts so that a successive interrupt can't get the
47443 CPU to C code without doing this refill. Per the link above, it
47444 also does it immediately after mwait, apparently in case the low-power
47445 CPU states of idle-via-mwait flush the RSB.
47446 ok mlarkin@ deraadt@```
47447 and:
47448 ```CVSROOT: /cvs
47449 Module name: src
47450 Changes by: guenther@cvs.openbsd.org 2018/07/23 20:42:25
47451 Modified files:
47452 sys/arch/amd64/amd64: locore.S vector.S vmm_support.S
47453 sys/arch/amd64/include: asm.h cpufunc.h
47454 Log message:
47455 Also do RSB refilling when context switching, after vmexits, and
47456 when vmlaunch or vmresume fails.
47457 Follow the lead of clang and the intel recommendation and do an lfence
47458 after the pause in the speculation-stop path for retpoline, RSB refill,
47459 and meltover ASM bits.
47460 ok kettenis@ deraadt@```
47461 &quot;Mitigation G-2&quot; for AMD processors:
47462 ```CVSROOT: /cvs
47463 Module name: src
47464 Changes by: brynet@cvs.openbsd.org 2018/07/23 17:25:03
47465 Modified files:
47466 sys/arch/amd64/amd64: identcpu.c
47467 sys/arch/amd64/include: specialreg.h
47468 Log message:
47469 Add &quot;Mitigation G-2&quot; per AMD's Whitepaper &quot;Software Techniques for
47470 Managing Speculation on AMD Processors&quot;
47471 By setting MSR C001_1029[1]=1, LFENCE becomes a dispatch serializing
47472 instruction.
47473 Tested on AMD FX-4100 &quot;Bulldozer&quot;, and Linux guest in SVM vmd(8)
47474 ok deraadt@ mlarkin@```
47475 Beastie Bits
47476 HardenedBSD will stop supporting 10-STABLE on 10 August 2018 (https://groups.google.com/a/hardenedbsd.org/forum/#!topic/users/xvU0g-g1l5U)
47477 GSoC 2018 Reports: Integrate libFuzzer with the Basesystem, Part 2 (https://blog.netbsd.org/tnf/entry/gsoc_2018_reports_integrate_libfuzzer1)
47478 ZFS Boot Environments at PBUG (https://vermaden.wordpress.com/2018/07/30/zfs-boot-environments-at-pbug/)
47479 Second Editions versus the Publishing Business (https://blather.michaelwlucas.com/archives/3229)
47480 Theo de Raadt on &quot;unveil(2) usage in base&quot; (https://undeadly.org/cgi?action=article;sid=20180728063716)
47481 rtadvd(8) has been replaced by rad(8) (https://undeadly.org/cgi?action=article;sid=20180724072205)
47482 BSD Users Stockholm Meetup #3 (https://www.meetup.com/BSD-Users-Stockholm/events/253447019/)
47483 Changes to NetBSD release support policy (https://blog.netbsd.org/tnf/entry/changes_to_netbsd_release_support)
47484 The future of HAMMER1 (http://lists.dragonflybsd.org/pipermail/users/2018-July/357832.html)
47485 ***
47486 Tarsnap
47487 Feedback/Questions
47488 Rodriguez - A Question (http://dpaste.com/0Y1B75Q#wrap)
47489 Shane - About ZFS Mostly (http://dpaste.com/32YGNBY#wrap)
47490 Leif - ZFS less than 8gb (http://dpaste.com/2GY6HHC#wrap)
47491 Wayne - ZFS vs EMC (http://dpaste.com/17PSCXC#wrap)
47492 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
47493 </code></pre>
47494 </description>
47495 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, spectre, ospfd, zfs</itunes:keywords>
47496 <content:encoded>
47497 <![CDATA[<p>FreeBSD Foundation July Newsletter, a bunch of BSDCan trip reports, HardenedBSD Foundation status, FreeBSD and OSPFd, ZFS disk structure overview, and more Spectre mitigations in OpenBSD.</p>
47498
47499 <p>##Headlines<br>
47500 ###<a href="https://www.freebsdfoundation.org/news-and-events/newsletter/freebsd-foundation-update-july-2018/">FreeBSD Foundation Update, July 2018</a></p>
47501
47502 <ul>
47503 <li>MESSAGE FROM THE EXECUTIVE DIRECTOR</li>
47504 </ul>
47505
47506 <blockquote>
47507 <p>We’re in the middle of summer here, in Boulder, CO. While the days are typically hot, they can also be quite unpredictable. Thanks to the Rocky Mountains, waking up to 50-degree (~10 C) foggy weather is not surprising. In spite of the unpredictable weather, many of us took some vacation this month. Whether it was extending the Fourth of July celebration, spending time with family, or relaxing and enjoying the summer weather, we appreciated our time off, while still managing to accomplish a lot!<br>
47508 In this newsletter, Glen Barber enlightens us about the upcoming 12.0 release. I gave a recap of OSCON, that Ed Maste and I attended, and Mark Johnston explains the work on his improved microcode loading project, that we are funding. Finally, Anne Dickison gives us a rundown on upcoming events and information on submitting a talk for MeetBSD.<br>
47509 Your support helps us continue this work. Please consider making a donation today. We can’t do it without you. Happy reading!!</p>
47510 </blockquote>
47511
47512 <ul>
47513 <li>June 2018 Development Projects Update</li>
47514 <li>Fundraising Update: Supporting the Project</li>
47515 <li>July 2018 Release Engineering Update</li>
47516 <li>OSCON 2018 Recap</li>
47517 <li>Submit Your Work: MeetBSD 2018</li>
47518 <li>FreeBSD Discount for 2018 SNIA Developer Conference</li>
47519 <li>EuroBSDcon 2018 Travel Grant Application Deadline: August 2</li>
47520 </ul>
47521
47522 <p><hr></p>
47523
47524 <p><strong>iXsystems</strong></p>
47525
47526 <p>###BSDCan Trip Reports</p>
47527
47528 <ul>
47529 <li><a href="https://www.freebsdfoundation.org/blog/bsdcan-2018-trip-report-constantin-stan/">BSDCan 2018 Trip Report: Constantin Stan</a></li>
47530 <li><a href="https://www.freebsdfoundation.org/blog/bsdcan-2018-trip-report-danilo-g-baio/">BSDCan 2018 Trip Report: Danilo G. Baio</a></li>
47531 <li><a href="https://www.freebsdfoundation.org/blog/bsdcan-2018-trip-report-rodrigo-osorio/">BSDCan 2018 Trip Report: Rodrigo Osorio</a></li>
47532 <li><a href="https://www.freebsdfoundation.org/blog/bsdcan-2018-trip-report-dhananjay-balan/">BSDCan 2018 Trip Report: Dhananjay Balan</a></li>
47533 <li><a href="https://www.freebsdfoundation.org/blog/bsdcan-2018-trip-report-kyle-evans/">BSDCan 2018 Trip Report: Kyle Evans</a></li>
47534 </ul>
47535
47536 <p><hr></p>
47537
47538 <p>##News Roundup<br>
47539 ###<a href="https://blog.haraschak.com/freebsd-and-ospfd/">FreeBSD and OSPFd</a></p>
47540
47541 <blockquote>
47542 <p>With FreeBSD jails deployed around the world, static routing was getting a bit out of hand. Plus, when I needed to move a jail from one data center to another, I would have to update routing tables across multiple sites. Not ideal. Enter dynamic routing…</p>
47543 </blockquote>
47544
47545 <blockquote>
47546 <p>OSPF (open shortest path first) is an internal dynamic routing protocol that provides the autonomy that I needed and it’s fairly easy to setup. This article does not cover configuration of VPN links, ZFS, or Freebsd jails, however it’s recommended that you use seperate ZFS datasets per jail so that migration between hosts can be done with zfs send & receive.</p>
47547 </blockquote>
47548
47549 <blockquote>
47550 <p>In this scenario, we have five FreeBSD servers in two different data centers. Each physical server runs anywhere between three to ten jails. When jails are deployed, they are assigned a /32 IP on lo2. From here, pf handles inbound port forwarding and outbound NAT. Links between each server are provided by OpenVPN TAP interfaces. (I used TAP to pass layer 2 traffic. I seem to remember that I needed TAP interfaces due to needing GRE tunnels on top of TUN interfaces to get OSPF to communicate. I’ve heard TAP is slower than TUN so I may revisit this.)</p>
47551 </blockquote>
47552
47553 <blockquote>
47554 <p>In this example, we will use 172.16.2.0/24 as the range for OpenVPN P2P links and 172.16.3.0/24 as the range of IPs available for assignment to each jail. Previously, when deploying a jail, I assigned IPs based on the following groups:</p>
47555 </blockquote>
47556
47557 <p><code>Server 1: 172.16.3.0/28</code><br>
47558 <code>Server 2: 172.16.3.16/28</code><br>
47559 <code>Server 3: 172.16.3.32/28</code><br>
47560 <code>Server 4: 172.16.3.48/28</code><br>
47561 <code>Server 5: 172.16.3.64/28</code></p>
47562
47563 <blockquote>
47564 <p>When statically routing, this made routing tables a bit smaller and easier to manage. However, when I needed to migrate a jail to a new host, I had to add a new /32 to all routing tables. Now, with OSPF, this is no longer an issue, nor is it required.</p>
47565 </blockquote>
47566
47567 <ul>
47568 <li>
47569 <p>To get started, first we install the Quagga package.</p>
47570 </li>
47571 <li>
47572 <p>The two configuration files needed to get OSPFv2 running are /usr/local/etc/quagga/zebra.conf and /usr/local/etc/quagga/ospfd.conf.</p>
47573 </li>
47574 <li>
47575 <p>Starting with zebra.conf, we’ll define the hostname and a management password.</p>
47576 </li>
47577 <li>
47578 <p>Second, we will populate the ospfd.conf file.</p>
47579 </li>
47580 <li>
47581 <p>To break this down:</p>
47582 </li>
47583 <li>
47584 <p>service advanced-vty allows you to skip the en or enable command. Since I’m the only one who uses this service, it’s one less command to type.</p>
47585 </li>
47586 <li>
47587 <p>ip ospf authentication message-digest and ip ospf message-diget-key… ignores non-authenticated OSPF communication. This is useful when communicating over the WAN and to prevent a replay attack. Since I’m using a VPN to communicate, I could exclude these.</p>
47588 </li>
47589 <li>
47590 <p>passive-interface default turns off the active communication of OSPF messages on all interfaces except for the interfaces listed as no passive-interface [interface name]. Since my ospf communication needs to leverage the VPNs, this prevents the servers from trying to send ospf data out the WAN interface (a firewall would work too).</p>
47591 </li>
47592 <li>
47593 <p>network 172.16.2.0/23 area 0.0.0.0 lists a supernet of both 172.16.2.0/24 and 172.16.3.0/24. This ensures routes for the jails are advertised along with the P2P links used by OpenVPN. The OpenVPN links are not required but can provide another IP to access your server if one of the links goes down. (See the suggested tasks below).</p>
47594 </li>
47595 <li>
47596 <p>At this point, we can enable the services in rc.conf.local and start them.</p>
47597 </li>
47598 <li>
47599 <p>We bind the management interface to 127.0.0.1 so that it’s only accessable to local telnet sessions. If you want to access this service remotely, you can bind to a remotely accessable IP. Remember telnet is not secure. If you need remote access, use a VPN.</p>
47600 </li>
47601 <li>
47602 <p>To manage the services, you can telnet to your host’s localhost address.</p>
47603 </li>
47604 <li>
47605 <p>Use 2604 for the ospf service.</p>
47606 </li>
47607 <li>
47608 <p>Remember, this is accessible by non-root users so set a good password.</p>
47609 </li>
47610 </ul>
47611
47612 <p><hr></p>
47613
47614 <p>###<a href="https://utcc.utoronto.ca/~cks/space/blog/solaris/ZFSBroadDiskStructure">A broad overview of how ZFS is structured on disk</a></p>
47615
47616 <blockquote>
47617 <p>When I wrote yesterday’s entry, it became clear that I didn’t understand as much about how ZFS is structured on disk (and that this matters, since I thought that ZFS copy on write updates updated a lot more than they do). So today I want to write down my new broad understanding of how this works. (All of this can be dug out of the old, draft ZFS on-disk format specification, but that spec is written in a very detailed way and things aren’t always immediately clear from it.)</p>
47618 </blockquote>
47619
47620 <blockquote>
47621 <p>Almost everything in ZFS is in DMU object. All objects are defined by a dnode, and object dnodes are almost always grouped together in an object set. Object sets are themselves DMU objects; they store dnodes as basically a giant array in a ‘file’, which uses data blocks and indirect blocks and so on, just like anything else. Within a single object set, dnodes have an object number, which is the index of their position in the object set’s array of dnodes. (Because an object number is just the index of the object’s dnode in its object set’s array of dnodes, object numbers are basically always going to be duplicated between object sets (and they’re always relative to an object set). For instance, pretty much every object set is going to have an object number ten, although not all object sets may have enough objects that they have an object number ten thousand. One corollary of this is that if you ask zdb to tell you about a given object number, you have to tell zdb what object set you’re talking about. Usually you do this by telling zdb which ZFS filesystem or dataset you mean.)</p>
47622 </blockquote>
47623
47624 <blockquote>
47625 <p>Each ZFS filesystem has its own object set for objects (and thus dnodes) used in the filesystem. As I discovered yesterday, every ZFS filesystem has a directory hierarchy and it may go many levels deep, but all of this directory hierarchy refers to directories and files using their object number.</p>
47626 </blockquote>
47627
47628 <blockquote>
47629 <p>ZFS organizes and keeps track of filesystems, clones, and snapshots through the DSL (Dataset and Snapshot Layer). The DSL has all sorts of things; DSL directories, DSL datasets, and so on, all of which are objects and many of which refer to object sets (for example, every ZFS filesystem must refer to its current object set somehow). All of these DSL objects are themselves stored as dnodes in another object set, the Meta Object Set, which the uberblock points to. To my surprise, object sets are not stored in the MOS (and as a result do not have ‘object numbers’). Object sets are always referred to directly, without indirection, using a block pointer to the object set’s dnode. (I think object sets are referred to directly so that snapshots can freeze their object set very simply.)</p>
47630 </blockquote>
47631
47632 <blockquote>
47633 <p>The DSL directories and datasets for your pool’s set of filesystems form a tree themselves (each filesystem has a DSL directory and at least one DSL dataset). However, just like in ZFS filesystems, all of the objects in this second tree refer to each other indirectly, by their MOS object number. Just as with files in ZFS filesystems, this level of indirection limits the amount of copy on write updates that ZFS had to do when something changes.</p>
47634 </blockquote>
47635
47636 <blockquote>
47637 <p>PS: If you want to examine MOS objects with zdb, I think you do it with something like ‘zdb -vvv -d ssddata 1’, which will get you object number 1 of the MOS, which is the MOS object directory. If you want to ask zdb about an object in the pool’s root filesystem, use ‘zdb -vvv -d ssddata/ 1’. You can tell which one you’re getting depending on what zdb prints out. If it says ‘Dataset mos [META]’ you’re looking at objects from the MOS; if it says ‘Dataset ssddata [ZPL]’, you’re looking at the pool’s root filesystem (where object number 1 is the ZFS master node).</p>
47638 </blockquote>
47639
47640 <blockquote>
47641 <p>PPS: I was going to write up what changed on a filesystem write, but then I realized that I didn’t know how blocks being allocated and freed are reflected in pool structures. So I’ll just say that I think that ignoring free space management, only four DMU objects get updated; the file itself, the filesystem’s object set, the filesystem’s DSL dataset object, and the MOS.</p>
47642 </blockquote>
47643
47644 <ul>
47645 <li>(As usual, doing the research to write this up taught me things that I didn’t know about ZFS.)</li>
47646 </ul>
47647
47648 <p><hr></p>
47649
47650 <p><strong>Digital Ocean</strong></p>
47651
47652 <p>###<a href="https://hardenedbsd.org/article/shawn-webb/2018-07-11/mid-july-hardenedbsd-foundation-status">HardenedBSD Foundation Status</a></p>
47653
47654 <blockquote>
47655 <p>On 09 July 2018, the HardenedBSD Foundation Board of Directors held the kick-off meeting to start organizing the Foundation. The following people attended the kick-off meeting:</p>
47656 </blockquote>
47657
47658 <ul>
47659 <li>
47660 <ol>
47661 <li>Shawn Webb (in person)</li>
47662 </ol>
47663 </li>
47664 <li>
47665 <ol start="2">
47666 <li>George Saylor (in person)</li>
47667 </ol>
47668 </li>
47669 <li>
47670 <ol start="3">
47671 <li>Ben Welch (in person)</li>
47672 </ol>
47673 </li>
47674 <li>
47675 <ol start="4">
47676 <li>Virginia Suydan (in person)</li>
47677 </ol>
47678 </li>
47679 <li>
47680 <ol start="5">
47681 <li>Ben La Monica (phone)</li>
47682 </ol>
47683 </li>
47684 <li>
47685 <ol start="6">
47686 <li>Dean Freeman (phone)</li>
47687 </ol>
47688 </li>
47689 <li>
47690 <ol start="7">
47691 <li>Christian Severt (phone)</li>
47692 </ol>
47693 </li>
47694 </ul>
47695
47696 <blockquote>
47697 <p>We discussed the very first steps that need to be taken to organize the HardenedBSD Foundation as a 501©(3) not-for-profit organization in the US. We determined we could file a 1023EZ instead of the full-blown 1023. This will help speed the process up drastically.</p>
47698 </blockquote>
47699
47700 <ul>
47701 <li>The steps are laid out as follows:</li>
47702 <li>Register a Post Office Box (PO Box) (completed on 10 Jul 2018).</li>
47703 <li>Register The HardenedBSD Foundation as a tax-exempt nonstock corporation in the state of Maryland (started on 10 Jul 2018, submitted on 18 Jul 2018, granted 20 Jul 2018).</li>
47704 <li>Obtain a federal tax ID (obtained 20 Jul 2018).</li>
47705 <li>Close the current bank account and create a new one using the federal tax ID (completed on 20 Jul 2018).</li>
47706 <li>File the 1023EZ paperwork with the federal government (started on 20 Jul 2018).</li>
47707 <li>Hire an attorney to help draft the organization bylaws.</li>
47708 <li>Each of the steps must be done serially and in order.</li>
47709 </ul>
47710
47711 <blockquote>
47712 <p>We added Christian Severt, who is on Emerald Onion’s Board of Directors, to the HardenedBSD Foundation Board of Directors as an advisor. He was foundational in getting Emerald Onion their 501©(3) tax-exempt, not-for-profit status and has really good insight. Additionally, he’s going to help HardenedBSD coordinate hosting services, figuring out the best deals for us.</p>
47713 </blockquote>
47714
47715 <blockquote>
47716 <p>We promoted George Saylor to Vice President and changed Shawn Webb’s title to President and Director. This is to help resolve potential concerns both the state and federal agencies might have with an organization having only a single President role.</p>
47717 </blockquote>
47718
47719 <blockquote>
47720 <p>We hope to be granted our 501©(3) status before the end of the year, though that may be subject to change. We are excited for the formation of the HardenedBSD Foundation, which will open up new opportunities not otherwise available to HardenedBSD.</p>
47721 </blockquote>
47722
47723 <p><hr></p>
47724
47725 <p>###<a href="https://undeadly.org/cgi?action=article;sid=20180724072257">More mitigations against speculative execution vulnerabilities</a></p>
47726
47727 <blockquote>
47728 <p>Philip Guenther (guenther@) and Bryan Steele (brynet@) have added more mitigations against speculative execution CPU vulnerabilities on the amd64 platform.</p>
47729 </blockquote>
47730
47731 <pre><code class="language-For">
47732 CVSROOT: /cvs
47733 Module name: src
47734 Changes by: guenther@cvs.openbsd.org 2018/07/23 11:54:04
47735
47736 Modified files:
47737 sys/arch/amd64/amd64: locore.S
47738 sys/arch/amd64/include: asm.h cpufunc.h frameasm.h
47739
47740 Log message:
47741 Do "Return stack refilling", based on the "Return stack underflow" discussion
47742 and its associated appendix at https://support.google.com/faqs/answer/7625886
47743 This should address at least some cases of "SpectreRSB" and earlier
47744 Spectre variants; more commits to follow.
47745
47746 The refilling is done in the enter-kernel-from-userspace and
47747 return-to-userspace-from-kernel paths, making sure to do it before
47748 unblocking interrupts so that a successive interrupt can't get the
47749 CPU to C code without doing this refill. Per the link above, it
47750 also does it immediately after mwait, apparently in case the low-power
47751 CPU states of idle-via-mwait flush the RSB.
47752
47753 ok mlarkin@ deraadt@```
47754
47755 + and:
47756
47757 ```CVSROOT: /cvs
47758 Module name: src
47759 Changes by: guenther@cvs.openbsd.org 2018/07/23 20:42:25
47760
47761 Modified files:
47762 sys/arch/amd64/amd64: locore.S vector.S vmm_support.S
47763 sys/arch/amd64/include: asm.h cpufunc.h
47764
47765 Log message:
47766 Also do RSB refilling when context switching, after vmexits, and
47767 when vmlaunch or vmresume fails.
47768
47769 Follow the lead of clang and the intel recommendation and do an lfence
47770 after the pause in the speculation-stop path for retpoline, RSB refill,
47771 and meltover ASM bits.
47772
47773 ok kettenis@ deraadt@```
47774
47775 + "Mitigation G-2" for AMD processors:
47776
47777 ```CVSROOT: /cvs
47778 Module name: src
47779 Changes by: brynet@cvs.openbsd.org 2018/07/23 17:25:03
47780
47781 Modified files:
47782 sys/arch/amd64/amd64: identcpu.c
47783 sys/arch/amd64/include: specialreg.h
47784
47785 Log message:
47786 Add "Mitigation G-2" per AMD's Whitepaper "Software Techniques for
47787 Managing Speculation on AMD Processors"
47788
47789 By setting MSR C001_1029[1]=1, LFENCE becomes a dispatch serializing
47790 instruction.
47791
47792 Tested on AMD FX-4100 "Bulldozer", and Linux guest in SVM vmd(8)
47793
47794 ok deraadt@ mlarkin@```
47795 ***
47796
47797
47798 ##Beastie Bits
47799 + [HardenedBSD will stop supporting 10-STABLE on 10 August 2018](https://groups.google.com/a/hardenedbsd.org/forum/#!topic/users/xvU0g-g1l5U)
47800 + [GSoC 2018 Reports: Integrate libFuzzer with the Basesystem, Part 2](https://blog.netbsd.org/tnf/entry/gsoc_2018_reports_integrate_libfuzzer1)
47801 + [ZFS Boot Environments at PBUG](https://vermaden.wordpress.com/2018/07/30/zfs-boot-environments-at-pbug/)
47802 + [Second Editions versus the Publishing Business](https://blather.michaelwlucas.com/archives/3229)
47803 + [Theo de Raadt on "unveil(2) usage in base"](https://undeadly.org/cgi?action=article;sid=20180728063716)
47804 + [rtadvd(8) has been replaced by rad(8)](https://undeadly.org/cgi?action=article;sid=20180724072205)
47805 + [BSD Users Stockholm Meetup #3](https://www.meetup.com/BSD-Users-Stockholm/events/253447019/)
47806 + [Changes to NetBSD release support policy](https://blog.netbsd.org/tnf/entry/changes_to_netbsd_release_support)
47807 + [The future of HAMMER1](http://lists.dragonflybsd.org/pipermail/users/2018-July/357832.html)
47808 ***
47809
47810 **Tarsnap**
47811
47812 ##Feedback/Questions
47813 + Rodriguez - [A Question](http://dpaste.com/0Y1B75Q#wrap)
47814 + Shane - [About ZFS Mostly](http://dpaste.com/32YGNBY#wrap)
47815 + Leif - [ZFS less than 8gb](http://dpaste.com/2GY6HHC#wrap)
47816 + Wayne - [ZFS vs EMC](http://dpaste.com/17PSCXC#wrap)
47817 ***
47818
47819 - Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [feedback@bsdnow.tv](mailto:feedback@bsdnow.tv)
47820 </code></pre>]]>
47821 </content:encoded>
47822 <itunes:summary>
47823 <![CDATA[<p>FreeBSD Foundation July Newsletter, a bunch of BSDCan trip reports, HardenedBSD Foundation status, FreeBSD and OSPFd, ZFS disk structure overview, and more Spectre mitigations in OpenBSD.</p>
47824
47825 <p>##Headlines<br>
47826 ###<a href="https://www.freebsdfoundation.org/news-and-events/newsletter/freebsd-foundation-update-july-2018/">FreeBSD Foundation Update, July 2018</a></p>
47827
47828 <ul>
47829 <li>MESSAGE FROM THE EXECUTIVE DIRECTOR</li>
47830 </ul>
47831
47832 <blockquote>
47833 <p>We’re in the middle of summer here, in Boulder, CO. While the days are typically hot, they can also be quite unpredictable. Thanks to the Rocky Mountains, waking up to 50-degree (~10 C) foggy weather is not surprising. In spite of the unpredictable weather, many of us took some vacation this month. Whether it was extending the Fourth of July celebration, spending time with family, or relaxing and enjoying the summer weather, we appreciated our time off, while still managing to accomplish a lot!<br>
47834 In this newsletter, Glen Barber enlightens us about the upcoming 12.0 release. I gave a recap of OSCON, that Ed Maste and I attended, and Mark Johnston explains the work on his improved microcode loading project, that we are funding. Finally, Anne Dickison gives us a rundown on upcoming events and information on submitting a talk for MeetBSD.<br>
47835 Your support helps us continue this work. Please consider making a donation today. We can’t do it without you. Happy reading!!</p>
47836 </blockquote>
47837
47838 <ul>
47839 <li>June 2018 Development Projects Update</li>
47840 <li>Fundraising Update: Supporting the Project</li>
47841 <li>July 2018 Release Engineering Update</li>
47842 <li>OSCON 2018 Recap</li>
47843 <li>Submit Your Work: MeetBSD 2018</li>
47844 <li>FreeBSD Discount for 2018 SNIA Developer Conference</li>
47845 <li>EuroBSDcon 2018 Travel Grant Application Deadline: August 2</li>
47846 </ul>
47847
47848 <p><hr></p>
47849
47850 <p><strong>iXsystems</strong></p>
47851
47852 <p>###BSDCan Trip Reports</p>
47853
47854 <ul>
47855 <li><a href="https://www.freebsdfoundation.org/blog/bsdcan-2018-trip-report-constantin-stan/">BSDCan 2018 Trip Report: Constantin Stan</a></li>
47856 <li><a href="https://www.freebsdfoundation.org/blog/bsdcan-2018-trip-report-danilo-g-baio/">BSDCan 2018 Trip Report: Danilo G. Baio</a></li>
47857 <li><a href="https://www.freebsdfoundation.org/blog/bsdcan-2018-trip-report-rodrigo-osorio/">BSDCan 2018 Trip Report: Rodrigo Osorio</a></li>
47858 <li><a href="https://www.freebsdfoundation.org/blog/bsdcan-2018-trip-report-dhananjay-balan/">BSDCan 2018 Trip Report: Dhananjay Balan</a></li>
47859 <li><a href="https://www.freebsdfoundation.org/blog/bsdcan-2018-trip-report-kyle-evans/">BSDCan 2018 Trip Report: Kyle Evans</a></li>
47860 </ul>
47861
47862 <p><hr></p>
47863
47864 <p>##News Roundup<br>
47865 ###<a href="https://blog.haraschak.com/freebsd-and-ospfd/">FreeBSD and OSPFd</a></p>
47866
47867 <blockquote>
47868 <p>With FreeBSD jails deployed around the world, static routing was getting a bit out of hand. Plus, when I needed to move a jail from one data center to another, I would have to update routing tables across multiple sites. Not ideal. Enter dynamic routing…</p>
47869 </blockquote>
47870
47871 <blockquote>
47872 <p>OSPF (open shortest path first) is an internal dynamic routing protocol that provides the autonomy that I needed and it’s fairly easy to setup. This article does not cover configuration of VPN links, ZFS, or Freebsd jails, however it’s recommended that you use seperate ZFS datasets per jail so that migration between hosts can be done with zfs send & receive.</p>
47873 </blockquote>
47874
47875 <blockquote>
47876 <p>In this scenario, we have five FreeBSD servers in two different data centers. Each physical server runs anywhere between three to ten jails. When jails are deployed, they are assigned a /32 IP on lo2. From here, pf handles inbound port forwarding and outbound NAT. Links between each server are provided by OpenVPN TAP interfaces. (I used TAP to pass layer 2 traffic. I seem to remember that I needed TAP interfaces due to needing GRE tunnels on top of TUN interfaces to get OSPF to communicate. I’ve heard TAP is slower than TUN so I may revisit this.)</p>
47877 </blockquote>
47878
47879 <blockquote>
47880 <p>In this example, we will use 172.16.2.0/24 as the range for OpenVPN P2P links and 172.16.3.0/24 as the range of IPs available for assignment to each jail. Previously, when deploying a jail, I assigned IPs based on the following groups:</p>
47881 </blockquote>
47882
47883 <p><code>Server 1: 172.16.3.0/28</code><br>
47884 <code>Server 2: 172.16.3.16/28</code><br>
47885 <code>Server 3: 172.16.3.32/28</code><br>
47886 <code>Server 4: 172.16.3.48/28</code><br>
47887 <code>Server 5: 172.16.3.64/28</code></p>
47888
47889 <blockquote>
47890 <p>When statically routing, this made routing tables a bit smaller and easier to manage. However, when I needed to migrate a jail to a new host, I had to add a new /32 to all routing tables. Now, with OSPF, this is no longer an issue, nor is it required.</p>
47891 </blockquote>
47892
47893 <ul>
47894 <li>
47895 <p>To get started, first we install the Quagga package.</p>
47896 </li>
47897 <li>
47898 <p>The two configuration files needed to get OSPFv2 running are /usr/local/etc/quagga/zebra.conf and /usr/local/etc/quagga/ospfd.conf.</p>
47899 </li>
47900 <li>
47901 <p>Starting with zebra.conf, we’ll define the hostname and a management password.</p>
47902 </li>
47903 <li>
47904 <p>Second, we will populate the ospfd.conf file.</p>
47905 </li>
47906 <li>
47907 <p>To break this down:</p>
47908 </li>
47909 <li>
47910 <p>service advanced-vty allows you to skip the en or enable command. Since I’m the only one who uses this service, it’s one less command to type.</p>
47911 </li>
47912 <li>
47913 <p>ip ospf authentication message-digest and ip ospf message-diget-key… ignores non-authenticated OSPF communication. This is useful when communicating over the WAN and to prevent a replay attack. Since I’m using a VPN to communicate, I could exclude these.</p>
47914 </li>
47915 <li>
47916 <p>passive-interface default turns off the active communication of OSPF messages on all interfaces except for the interfaces listed as no passive-interface [interface name]. Since my ospf communication needs to leverage the VPNs, this prevents the servers from trying to send ospf data out the WAN interface (a firewall would work too).</p>
47917 </li>
47918 <li>
47919 <p>network 172.16.2.0/23 area 0.0.0.0 lists a supernet of both 172.16.2.0/24 and 172.16.3.0/24. This ensures routes for the jails are advertised along with the P2P links used by OpenVPN. The OpenVPN links are not required but can provide another IP to access your server if one of the links goes down. (See the suggested tasks below).</p>
47920 </li>
47921 <li>
47922 <p>At this point, we can enable the services in rc.conf.local and start them.</p>
47923 </li>
47924 <li>
47925 <p>We bind the management interface to 127.0.0.1 so that it’s only accessable to local telnet sessions. If you want to access this service remotely, you can bind to a remotely accessable IP. Remember telnet is not secure. If you need remote access, use a VPN.</p>
47926 </li>
47927 <li>
47928 <p>To manage the services, you can telnet to your host’s localhost address.</p>
47929 </li>
47930 <li>
47931 <p>Use 2604 for the ospf service.</p>
47932 </li>
47933 <li>
47934 <p>Remember, this is accessible by non-root users so set a good password.</p>
47935 </li>
47936 </ul>
47937
47938 <p><hr></p>
47939
47940 <p>###<a href="https://utcc.utoronto.ca/~cks/space/blog/solaris/ZFSBroadDiskStructure">A broad overview of how ZFS is structured on disk</a></p>
47941
47942 <blockquote>
47943 <p>When I wrote yesterday’s entry, it became clear that I didn’t understand as much about how ZFS is structured on disk (and that this matters, since I thought that ZFS copy on write updates updated a lot more than they do). So today I want to write down my new broad understanding of how this works. (All of this can be dug out of the old, draft ZFS on-disk format specification, but that spec is written in a very detailed way and things aren’t always immediately clear from it.)</p>
47944 </blockquote>
47945
47946 <blockquote>
47947 <p>Almost everything in ZFS is in DMU object. All objects are defined by a dnode, and object dnodes are almost always grouped together in an object set. Object sets are themselves DMU objects; they store dnodes as basically a giant array in a ‘file’, which uses data blocks and indirect blocks and so on, just like anything else. Within a single object set, dnodes have an object number, which is the index of their position in the object set’s array of dnodes. (Because an object number is just the index of the object’s dnode in its object set’s array of dnodes, object numbers are basically always going to be duplicated between object sets (and they’re always relative to an object set). For instance, pretty much every object set is going to have an object number ten, although not all object sets may have enough objects that they have an object number ten thousand. One corollary of this is that if you ask zdb to tell you about a given object number, you have to tell zdb what object set you’re talking about. Usually you do this by telling zdb which ZFS filesystem or dataset you mean.)</p>
47948 </blockquote>
47949
47950 <blockquote>
47951 <p>Each ZFS filesystem has its own object set for objects (and thus dnodes) used in the filesystem. As I discovered yesterday, every ZFS filesystem has a directory hierarchy and it may go many levels deep, but all of this directory hierarchy refers to directories and files using their object number.</p>
47952 </blockquote>
47953
47954 <blockquote>
47955 <p>ZFS organizes and keeps track of filesystems, clones, and snapshots through the DSL (Dataset and Snapshot Layer). The DSL has all sorts of things; DSL directories, DSL datasets, and so on, all of which are objects and many of which refer to object sets (for example, every ZFS filesystem must refer to its current object set somehow). All of these DSL objects are themselves stored as dnodes in another object set, the Meta Object Set, which the uberblock points to. To my surprise, object sets are not stored in the MOS (and as a result do not have ‘object numbers’). Object sets are always referred to directly, without indirection, using a block pointer to the object set’s dnode. (I think object sets are referred to directly so that snapshots can freeze their object set very simply.)</p>
47956 </blockquote>
47957
47958 <blockquote>
47959 <p>The DSL directories and datasets for your pool’s set of filesystems form a tree themselves (each filesystem has a DSL directory and at least one DSL dataset). However, just like in ZFS filesystems, all of the objects in this second tree refer to each other indirectly, by their MOS object number. Just as with files in ZFS filesystems, this level of indirection limits the amount of copy on write updates that ZFS had to do when something changes.</p>
47960 </blockquote>
47961
47962 <blockquote>
47963 <p>PS: If you want to examine MOS objects with zdb, I think you do it with something like ‘zdb -vvv -d ssddata 1’, which will get you object number 1 of the MOS, which is the MOS object directory. If you want to ask zdb about an object in the pool’s root filesystem, use ‘zdb -vvv -d ssddata/ 1’. You can tell which one you’re getting depending on what zdb prints out. If it says ‘Dataset mos [META]’ you’re looking at objects from the MOS; if it says ‘Dataset ssddata [ZPL]’, you’re looking at the pool’s root filesystem (where object number 1 is the ZFS master node).</p>
47964 </blockquote>
47965
47966 <blockquote>
47967 <p>PPS: I was going to write up what changed on a filesystem write, but then I realized that I didn’t know how blocks being allocated and freed are reflected in pool structures. So I’ll just say that I think that ignoring free space management, only four DMU objects get updated; the file itself, the filesystem’s object set, the filesystem’s DSL dataset object, and the MOS.</p>
47968 </blockquote>
47969
47970 <ul>
47971 <li>(As usual, doing the research to write this up taught me things that I didn’t know about ZFS.)</li>
47972 </ul>
47973
47974 <p><hr></p>
47975
47976 <p><strong>Digital Ocean</strong></p>
47977
47978 <p>###<a href="https://hardenedbsd.org/article/shawn-webb/2018-07-11/mid-july-hardenedbsd-foundation-status">HardenedBSD Foundation Status</a></p>
47979
47980 <blockquote>
47981 <p>On 09 July 2018, the HardenedBSD Foundation Board of Directors held the kick-off meeting to start organizing the Foundation. The following people attended the kick-off meeting:</p>
47982 </blockquote>
47983
47984 <ul>
47985 <li>
47986 <ol>
47987 <li>Shawn Webb (in person)</li>
47988 </ol>
47989 </li>
47990 <li>
47991 <ol start="2">
47992 <li>George Saylor (in person)</li>
47993 </ol>
47994 </li>
47995 <li>
47996 <ol start="3">
47997 <li>Ben Welch (in person)</li>
47998 </ol>
47999 </li>
48000 <li>
48001 <ol start="4">
48002 <li>Virginia Suydan (in person)</li>
48003 </ol>
48004 </li>
48005 <li>
48006 <ol start="5">
48007 <li>Ben La Monica (phone)</li>
48008 </ol>
48009 </li>
48010 <li>
48011 <ol start="6">
48012 <li>Dean Freeman (phone)</li>
48013 </ol>
48014 </li>
48015 <li>
48016 <ol start="7">
48017 <li>Christian Severt (phone)</li>
48018 </ol>
48019 </li>
48020 </ul>
48021
48022 <blockquote>
48023 <p>We discussed the very first steps that need to be taken to organize the HardenedBSD Foundation as a 501©(3) not-for-profit organization in the US. We determined we could file a 1023EZ instead of the full-blown 1023. This will help speed the process up drastically.</p>
48024 </blockquote>
48025
48026 <ul>
48027 <li>The steps are laid out as follows:</li>
48028 <li>Register a Post Office Box (PO Box) (completed on 10 Jul 2018).</li>
48029 <li>Register The HardenedBSD Foundation as a tax-exempt nonstock corporation in the state of Maryland (started on 10 Jul 2018, submitted on 18 Jul 2018, granted 20 Jul 2018).</li>
48030 <li>Obtain a federal tax ID (obtained 20 Jul 2018).</li>
48031 <li>Close the current bank account and create a new one using the federal tax ID (completed on 20 Jul 2018).</li>
48032 <li>File the 1023EZ paperwork with the federal government (started on 20 Jul 2018).</li>
48033 <li>Hire an attorney to help draft the organization bylaws.</li>
48034 <li>Each of the steps must be done serially and in order.</li>
48035 </ul>
48036
48037 <blockquote>
48038 <p>We added Christian Severt, who is on Emerald Onion’s Board of Directors, to the HardenedBSD Foundation Board of Directors as an advisor. He was foundational in getting Emerald Onion their 501©(3) tax-exempt, not-for-profit status and has really good insight. Additionally, he’s going to help HardenedBSD coordinate hosting services, figuring out the best deals for us.</p>
48039 </blockquote>
48040
48041 <blockquote>
48042 <p>We promoted George Saylor to Vice President and changed Shawn Webb’s title to President and Director. This is to help resolve potential concerns both the state and federal agencies might have with an organization having only a single President role.</p>
48043 </blockquote>
48044
48045 <blockquote>
48046 <p>We hope to be granted our 501©(3) status before the end of the year, though that may be subject to change. We are excited for the formation of the HardenedBSD Foundation, which will open up new opportunities not otherwise available to HardenedBSD.</p>
48047 </blockquote>
48048
48049 <p><hr></p>
48050
48051 <p>###<a href="https://undeadly.org/cgi?action=article;sid=20180724072257">More mitigations against speculative execution vulnerabilities</a></p>
48052
48053 <blockquote>
48054 <p>Philip Guenther (guenther@) and Bryan Steele (brynet@) have added more mitigations against speculative execution CPU vulnerabilities on the amd64 platform.</p>
48055 </blockquote>
48056
48057 <pre><code class="language-For">
48058 CVSROOT: /cvs
48059 Module name: src
48060 Changes by: guenther@cvs.openbsd.org 2018/07/23 11:54:04
48061
48062 Modified files:
48063 sys/arch/amd64/amd64: locore.S
48064 sys/arch/amd64/include: asm.h cpufunc.h frameasm.h
48065
48066 Log message:
48067 Do "Return stack refilling", based on the "Return stack underflow" discussion
48068 and its associated appendix at https://support.google.com/faqs/answer/7625886
48069 This should address at least some cases of "SpectreRSB" and earlier
48070 Spectre variants; more commits to follow.
48071
48072 The refilling is done in the enter-kernel-from-userspace and
48073 return-to-userspace-from-kernel paths, making sure to do it before
48074 unblocking interrupts so that a successive interrupt can't get the
48075 CPU to C code without doing this refill. Per the link above, it
48076 also does it immediately after mwait, apparently in case the low-power
48077 CPU states of idle-via-mwait flush the RSB.
48078
48079 ok mlarkin@ deraadt@```
48080
48081 + and:
48082
48083 ```CVSROOT: /cvs
48084 Module name: src
48085 Changes by: guenther@cvs.openbsd.org 2018/07/23 20:42:25
48086
48087 Modified files:
48088 sys/arch/amd64/amd64: locore.S vector.S vmm_support.S
48089 sys/arch/amd64/include: asm.h cpufunc.h
48090
48091 Log message:
48092 Also do RSB refilling when context switching, after vmexits, and
48093 when vmlaunch or vmresume fails.
48094
48095 Follow the lead of clang and the intel recommendation and do an lfence
48096 after the pause in the speculation-stop path for retpoline, RSB refill,
48097 and meltover ASM bits.
48098
48099 ok kettenis@ deraadt@```
48100
48101 + "Mitigation G-2" for AMD processors:
48102
48103 ```CVSROOT: /cvs
48104 Module name: src
48105 Changes by: brynet@cvs.openbsd.org 2018/07/23 17:25:03
48106
48107 Modified files:
48108 sys/arch/amd64/amd64: identcpu.c
48109 sys/arch/amd64/include: specialreg.h
48110
48111 Log message:
48112 Add "Mitigation G-2" per AMD's Whitepaper "Software Techniques for
48113 Managing Speculation on AMD Processors"
48114
48115 By setting MSR C001_1029[1]=1, LFENCE becomes a dispatch serializing
48116 instruction.
48117
48118 Tested on AMD FX-4100 "Bulldozer", and Linux guest in SVM vmd(8)
48119
48120 ok deraadt@ mlarkin@```
48121 ***
48122
48123
48124 ##Beastie Bits
48125 + [HardenedBSD will stop supporting 10-STABLE on 10 August 2018](https://groups.google.com/a/hardenedbsd.org/forum/#!topic/users/xvU0g-g1l5U)
48126 + [GSoC 2018 Reports: Integrate libFuzzer with the Basesystem, Part 2](https://blog.netbsd.org/tnf/entry/gsoc_2018_reports_integrate_libfuzzer1)
48127 + [ZFS Boot Environments at PBUG](https://vermaden.wordpress.com/2018/07/30/zfs-boot-environments-at-pbug/)
48128 + [Second Editions versus the Publishing Business](https://blather.michaelwlucas.com/archives/3229)
48129 + [Theo de Raadt on "unveil(2) usage in base"](https://undeadly.org/cgi?action=article;sid=20180728063716)
48130 + [rtadvd(8) has been replaced by rad(8)](https://undeadly.org/cgi?action=article;sid=20180724072205)
48131 + [BSD Users Stockholm Meetup #3](https://www.meetup.com/BSD-Users-Stockholm/events/253447019/)
48132 + [Changes to NetBSD release support policy](https://blog.netbsd.org/tnf/entry/changes_to_netbsd_release_support)
48133 + [The future of HAMMER1](http://lists.dragonflybsd.org/pipermail/users/2018-July/357832.html)
48134 ***
48135
48136 **Tarsnap**
48137
48138 ##Feedback/Questions
48139 + Rodriguez - [A Question](http://dpaste.com/0Y1B75Q#wrap)
48140 + Shane - [About ZFS Mostly](http://dpaste.com/32YGNBY#wrap)
48141 + Leif - [ZFS less than 8gb](http://dpaste.com/2GY6HHC#wrap)
48142 + Wayne - [ZFS vs EMC](http://dpaste.com/17PSCXC#wrap)
48143 ***
48144
48145 - Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [feedback@bsdnow.tv](mailto:feedback@bsdnow.tv)
48146 </code></pre>]]>
48147 </itunes:summary>
48148 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+gaY1HKEj</fireside:playerURL>
48149 <fireside:playerEmbedCode>
48150 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+gaY1HKEj" width="740" height="200" frameborder="0" scrolling="no">]]>
48151 </fireside:playerEmbedCode>
48152 </item>
48153 <item>
48154 <title>Episode 257: Great NetBSD 8 | BSD Now 257</title>
48155 <link>https://www.bsdnow.tv/257</link>
48156 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-2354</guid>
48157 <pubDate>Thu, 02 Aug 2018 00:00:00 -0700</pubDate>
48158 <author>Allan Jude</author>
48159 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/7928575b-6648-4fac-ba50-4d24e56a7b9b.mp3" length="50094426" type="audio/mp3"/>
48160 <itunes:episodeType>full</itunes:episodeType>
48161 <itunes:author>Allan Jude</itunes:author>
48162 <itunes:subtitle>NetBSD 8.0 available, FreeBSD on Scaleway’s ARM64 VPS, encrypted backups with OpenBSD, Dragonfly server storage upgrade, zpool checkpoints, g2k18 hackathon reports, and more.</itunes:subtitle>
48163 <itunes:duration>1:23:11</itunes:duration>
48164 <itunes:explicit>no</itunes:explicit>
48165 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
48166 <description>NetBSD 8.0 available, FreeBSD on Scaleway’s ARM64 VPS, encrypted backups with OpenBSD, Dragonfly server storage upgrade, zpool checkpoints, g2k18 hackathon reports, and more.
48167 <hr>
48168 <p>##Headlines<br>
48169 <a href="https://www.netbsd.org/releases/formal-8/NetBSD-8.0.html">NetBSD v8.0 Released</a></p>
48170 <blockquote>
48171 <p>The NetBSD Project is pleased to announce NetBSD 8.0, the sixteenth major release of the NetBSD operating system.</p>
48172 </blockquote>
48173 <blockquote>
48174 <p>This release brings stability improvements, hundreds of bug fixes, and many new features.</p>
48175 </blockquote>
48176 <ul>
48177 <li>
48178 <p>Some highlights of the NetBSD 8.0 release are:</p>
48179 </li>
48180 <li>
48181 <p>USB stack rework, USB3 support added.</p>
48182 </li>
48183 <li>
48184 <p>In-kernel audio mixer (audio_system(9)).</p>
48185 </li>
48186 <li>
48187 <p>Reproducible builds (MKREPRO, see mk.conf(5)).</p>
48188 </li>
48189 <li>
48190 <p>Full userland debug information (MKDEBUG, see mk.conf(5)) available. While most install media do not come with them (for size reasons), the debug and xdebug sets can be downloaded and extracted as needed later. They provide full symbol information for all base system and X binaries and libraries and allow better error reporting and (userland) crash analysis.</p>
48191 </li>
48192 <li>
48193 <p>PaX MPROTECT (W^X) memory protection enforced by default on some architectures with fine-grained memory protection and suitable ELF formats: i386, amd64, evbarm, landisk.</p>
48194 </li>
48195 <li>
48196 <p>PaX ASLR (Address Space Layout Randomization) enabled by default on: i386, amd64, evbarm, landisk, sparc64.</p>
48197 </li>
48198 <li>
48199 <p>Position independent executables by default for userland on: i386, amd64, arm, m68k, mips, sh3, sparc64.</p>
48200 </li>
48201 <li>
48202 <p>A new socket layer can(4) has been added for communication of devices on a CAN bus.</p>
48203 </li>
48204 <li>
48205 <p>A special pseudo interface ipsecif(4) for route-based VPNs has been added.</p>
48206 </li>
48207 <li>
48208 <p>Parts of the network stack have been made MP-safe. The kernel option NET_MPSAFE is required to enable this.</p>
48209 </li>
48210 <li>
48211 <p>Hardening of the network stack in general.</p>
48212 </li>
48213 <li>
48214 <p>Various WAPBL (the NetBSD file system “log” option) stability and performance improvements.</p>
48215 </li>
48216 <li>
48217 <p>Specific to i386 and amd64 CPUs:</p>
48218 </li>
48219 <li>
48220 <p>Meltdown mitigation: SVS (Separate Virtual Space), enabled by default.</p>
48221 </li>
48222 <li>
48223 <p>SpectreV2 mitigation: retpoline (support in gcc), used by default for kernels. Other hardware mitigations are also available.</p>
48224 </li>
48225 <li>
48226 <p>SpectreV4 mitigations available for Intel and AMD.</p>
48227 </li>
48228 <li>
48229 <p>PopSS workaround: user access to debug registers is turned off by default.</p>
48230 </li>
48231 <li>
48232 <p>Lazy FPU saving disabled on vulnerable Intel CPUs (“eagerfpu”).</p>
48233 </li>
48234 <li>
48235 <p>SMAP support.</p>
48236 </li>
48237 <li>
48238 <p>Improvement and hardening of the memory layout: W^X, fewer writable pages, better consistency, better performance.</p>
48239 </li>
48240 <li>
48241 <p>(U)EFI bootloader.</p>
48242 </li>
48243 <li>
48244 <p>Many evbarm kernels now use FDT (flat device tree) information (loadable at boot time from an external file) for device configuration, the number of kernels has decreased but the number of boards has vastly increased.</p>
48245 </li>
48246 <li>
48247 <p>Lots of updates to 3rd party software included:</p>
48248 </li>
48249 <li>
48250 <p>GCC 5.5 with support for Address Sanitizer and Undefined Behavior Sanitizer</p>
48251 </li>
48252 <li>
48253 <p>GDB 7.12</p>
48254 </li>
48255 <li>
48256 <p>GNU binutils 2.27</p>
48257 </li>
48258 <li>
48259 <p>Clang/LLVM 3.8.1</p>
48260 </li>
48261 <li>
48262 <p>OpenSSH 7.6</p>
48263 </li>
48264 <li>
48265 <p>OpenSSL 1.0.2k</p>
48266 </li>
48267 <li>
48268 <p>mdocml 1.14.1</p>
48269 </li>
48270 <li>
48271 <p>acpica 20170303</p>
48272 </li>
48273 <li>
48274 <p>ntp 4.2.8p11-o</p>
48275 </li>
48276 <li>
48277 <p>dhcpcd 7.0.6</p>
48278 </li>
48279 <li>
48280 <p>Lua 5.3.4</p>
48281 </li>
48282 </ul>
48283 <hr>
48284 <p>###<a href="https://community.online.net/t/freebsd-on-arm64/6678">Running FreeBSD on the ARM64 VPS from Scaleway</a></p>
48285 <blockquote>
48286 <p>I’ve been thinking about this 6 since 2017, but only yesterday signed up for an account and played around with the ARM64 offering.<br>
48287 Turns out it’s pretty great! KVM boots into UEFI, there’s a local VirtIO disk attached, no NBD junk required. So we can definitely run FreeBSD.<br>
48288 I managed to “depenguinate” a running instance, the notes are below. Would be great if Scaleway offered an official image instead :wink:<br>
48289 For some reason, unlike on x86 4, mounting additional volumes is not allowed 4 on ARM64 instances. So we’ll have to move the running Linux to a ramdisk using pivotroot and then we can do whatever to our one and only disk.<br>
48290 Spin up an instance with Ubuntu Zesty and ssh in.</p>
48291 </blockquote>
48292 <ul>
48293 <li>Prepare the system and change the root to a tmpfs:</li>
48294 </ul>
48295 <pre><code>apt install gdisk
48296 mount -t tmpfs tmpfs /tmp
48297 cp -r /bin /sbin /etc /dev /root /home /lib /run /usr /var /tmp
48298 mkdir /tmp/proc /tmp/sys /tmp/oldroot
48299 mount /dev/vda /tmp/oldroot
48300 mount --make-rprivate /
48301 pivotroot /tmp /tmp/oldroot
48302 for i in dev proc sys run; do mount --move /oldroot/$i /$i; done
48303 systemctl daemon-reload
48304 systemctl restart sshd
48305 </code></pre>
48306 <blockquote>
48307 <p>Now reconnect to ssh from a second terminal (note: rm the connection file if you use ControlPersist in ssh config), then exit the old session. Kill the old sshd process, restart or stop the rest of the stuff using the old disk:</p>
48308 </blockquote>
48309 <pre><code>pkill -f notty
48310 sed -ibak 's/RefuseManualStart.$//g' /lib/systemd/system/dbus.service
48311 systemctl daemon-reload
48312 systemctl restart dbus
48313 systemctl daemon-reexec
48314 systemctl stop user@0 ntp cron systemd-logind
48315 systemctl restart systemd-journald systemd-udevd
48316 pkill agetty
48317 pkill rsyslogd
48318 </code></pre>
48319 <blockquote>
48320 <p>Check that nothing is touching /oldroot:</p>
48321 </blockquote>
48322 <pre><code>lsof | grep oldroot
48323 </code></pre>
48324 <blockquote>
48325 <p>There will probably be an old dbus-daemon, kill it.<br>
48326 And finally, unmount the old root and overwrite the hard disk with a memstick image:</p>
48327 </blockquote>
48328 <pre><code>umount -R /oldroot
48329 wget https://download.freebsd.org/ftp/snapshots/arm64/aarch64/ISO-IMAGES/12.0/FreeBSD-12.0-CURRENT-arm64-aarch64-20180719-r336479-mini-memstick.img.xz
48330 xzcat FreeBSD-12.0-CURRENT-arm64-aarch64-20180719-r336479-mini-memstick.img.xz | dd if=/dev/stdin of=/dev/vda bs=1M
48331 </code></pre>
48332 <blockquote>
48333 <p>(Look for the newest snapshot, don’t copy paste the July 19 link above if you’re reading this in the future. Actually maybe use a release instead of CURRENT…)<br>
48334 Now, fix the GPT: move the secondary table to the end of the disk and resize the table.<br>
48335 It’s important to resize here, as FreeBSD does not do that and silently creates partitions that won’t persist across reboots</p>
48336 </blockquote>
48337 <pre><code>gdisk /dev/vda
48338 x
48339 e
48340 s
48341 4
48342 w
48343 y
48344 </code></pre>
48345 <p>And reboot. (You might actually want to hard reboot here: for some reason on the first reboot from Linux, pressing the any-key to enter the prompt in the loader hangs the console for me.)</p>
48346 <p>I didn’t have to go into the ESC menu and choose the local disk in the boot manager, it seems to boot from disk automatically.</p>
48347 <p>Now we’re in the FreeBSD EFI loader.<br>
48348 For some reason, the (recently fixed? 2) serial autodetection from EFI is not working correctly. Or something.<br>
48349 So you don’t get console output by default.<br>
48350 To fix, you have to run these commands in the boot loader command prompt:</p>
48351 <pre><code>set console=comconsole,efi
48352 boot
48353 </code></pre>
48354 <p>Ignore the warning about comconsole not being a valid console.<br>
48355 Since there’s at least one (efi) that the loader thinks is valid, it sets the whole variable.)</p>
48356 <p>(UPD: shouldn’t be necessary in the next snapshot)</p>
48357 <p>Now it’s a regular installation process!<br>
48358 When asked about partitioning, choose Shell, and manually add a partition and set up a root filesystem:</p>
48359 <pre><code>gpart add -t freebsd-zfs -a 4k -l zroot vtbd0
48360 zpool create -R /mnt -O mountpoint=none -O atime=off zroot /dev/gpt/zroot
48361 zfs create -o canmount=off -o mountpoint=none zroot/ROOT
48362 zfs create -o mountpoint=/ zroot/ROOT/default
48363 zfs create -o mountpoint=/usr zroot/ROOT/default/usr
48364 zfs create -o mountpoint=/var zroot/ROOT/default/var
48365 zfs create -o mountpoint=/var/log zroot/ROOT/default/var/log
48366 zfs create -o mountpoint=/usr/home zroot/home
48367 zpool set bootfs=zroot/ROOT/default zroot
48368 exit
48369 </code></pre>
48370 <p>(In this example, I set up ZFS with a beadm-compatible layout which allows me to use Boot Environments.)</p>
48371 <p>In the post-install chroot shell, fix some configs like so:</p>
48372 <pre><code>echo 'zfsload=&quot;YES&quot;' &gt;&gt; /boot/loader.conf
48373 echo 'console=&quot;comconsole,efi&quot;' &gt;&gt; /boot/loader.conf
48374 echo 'vfs.zfs.arcmax=&quot;512M&quot;' &gt;&gt; /boot/loader.conf
48375 sysrc zfsenable=YES
48376 exit
48377 </code></pre>
48378 <p>(Yeah, for some reason, the loader does not load zfs.ko’s dependency opensolaris.ko automatically here. idk what even. It does on my desktop and laptop.)</p>
48379 <p>Now you can reboot into the installed system!!</p>
48380 <p>Here’s how you can set up IPv6 (and root’s ssh key) auto configuration on boot:</p>
48381 <pre><code>Pkg bootstrap
48382 pkg install curl
48383 curl https://raw.githubusercontent.com/scaleway/image-tools/master/bases/overlay-common/usr/local/bin/scw-metadata &gt; /usr/local/bin/scw-metadata
48384 chmod +x /usr/local/bin/scw-metadata
48385 echo '#!/bin/sh' &gt; /etc/rc.local
48386 echo 'PATH=/usr/local/bin:$PATH' &gt;&gt; /etc/rc.local
48387 echo 'eval $(scw-metadata)' &gt;&gt; /etc/rc.local
48388 echo 'echo $SSHPUBLICKEYS0KEY &gt; /root/.ssh/authorizedkeys' &gt;&gt; /etc/rc.local
48389 echo 'chmod 0400 /root/.ssh/authorizedkeys' &gt;&gt; /etc/rc.local
48390 echo 'ifconfig vtnet0 inet6 $IPV6ADDRESS/$IPV6NETMASK' &gt;&gt; /etc/rc.local
48391 echo 'route -6 add default $IPV6GATEWAY' &gt;&gt; /etc/rc.local
48392 mkdir /run
48393 mkdir /root/.ssh
48394 sh /etc/rc.local
48395 </code></pre>
48396 <blockquote>
48397 <p>And to fix incoming TCP connections, configure the DHCP client to change the broadcast address:</p>
48398 </blockquote>
48399 <p><code>echo 'interface &quot;vtnet0&quot; { supersede broadcast-address 255.255.255.255; }' &gt;&gt; /etc/dhclient.conf</code><br>
48400 <code>killall dhclient</code><br>
48401 <code>dhclient vtnet0</code></p>
48402 <ul>
48403 <li>Other random notes:</li>
48404 <li>keep in mind that -CURRENT snapshots come with a debugging kernel by default, which limits syscall performance by a lot, you might want to build your own 2 with config GENERIC-NODEBUG</li>
48405 <li>also disable heavy malloc debugging features by running ln -s ‘abort:false,junk:false’ /etc/malloc.conf (yes that’s storing config in a symlink)</li>
48406 <li>you can reuse the installer’s partition for swap</li>
48407 </ul>
48408 <hr>
48409 <p>* Digital Ocean **<br>
48410 <a href="http://do.co/bsdnow">http://do.co/bsdnow</a></p>
48411 <p>###<a href="https://dataswamp.org/~solene/2018-06-26-openbsd-easy-backup.html">Easy encrypted backups on OpenBSD with base tools</a></p>
48412 <blockquote>
48413 <p>Today’s topic is “Encrypted backups” using only OpenBSD base tools. I am planning to write a bigger article later about backups but it’s a wide topic with a lot of software to cover and a lot of explanations about the differents uses cases, needs, issues an solutions. Here I will stick on explaining how to make reliable backups for an OpenBSD system (my laptop).<br>
48414 What we need is the dump command (see man 8 dump for its man page). It’s an utility to make a backup for a filesystem, it can only make a backup of one filesystem at a time. On my laptop I only backup /home partition so this solution is suitable for me while still being easy.<br>
48415 Dump can do incremental backups, it means that it will only save what changed since the last backup of lower level. If you do not understand this, please refer to the dump man page.<br>
48416 What is very interesting with dump is that it honors nodump flag which is an extended attribute of a FFS filesystem. One can use the command chflags nodump /home/solene/Downloads to tells dump not do save that folder (under some circumstances). By default, dump will not save thoses files, EXCEPT for a level 0 backup.</p>
48417 </blockquote>
48418 <ul>
48419 <li>Important features of this backup solution:</li>
48420 <li>save files with attributes, permissions and flags</li>
48421 <li>can recreate a partition from a dump, restore files interactively, from a list or from its inode number (useful when you have files in lost+found)</li>
48422 <li>one dump = one file</li>
48423 </ul>
48424 <blockquote>
48425 <p>My process is to make a huge dump of level 0 and keep it on a remote server, then, once a week I make a level 1 backup which will contain everything changed since the last dump of level 0, and everyday I do a level 2 backup of my files. The level 2 will contain latest files and the files changing a lot, which are often the most interesting. The level 1 backup is important because it will offload a lot of changes for the level 2.<br>
48426 Let me explain: let says my full backup is 60 GB, full of pictures, sources files, GUI applications data files etc… A level 1 backup will contain every new picture, new projects, new GUI files etc… since the full backup, which will produce bigger and bigger dump over time, usually it is only 100 MB to 1GB. As I don’t add new pictures everyday or use new software everyday, the level 2 will take care of most littles changes to my data, like source code edited, little works on files etc… The level 2 backup is really small, I try to keep it under 50 MB so I can easily send it on my remote server everyday.<br>
48427 One could you more dump level, up to level 9, but keep in mind that those are incremental. In my case, if I need to restore all my partition, I will need to use level 0, 1 and 2 to get up to latest backup state. If you want to restore a file deleted a few days ago, you need to remember in which level its latest version is.<br>
48428 History note: dump was designed to be used with magnetic tapes.</p>
48429 </blockquote>
48430 <ul>
48431 <li>See the article for the remainder of the article</li>
48432 </ul>
48433 <hr>
48434 <p>##News Roundup<br>
48435 <a href="http://lists.dragonflybsd.org/pipermail/users/2018-July/357809.html">Status of DFly server storage upgrades (Matt Dillon)</a></p>
48436 <blockquote>
48437 <p>Last month we did some storage upgrades, particularly of internet-facing machines for package and OS distribution. Yesterday we did a number of additional upgrades, described below. All using funds generously donated by everyone!</p>
48438 </blockquote>
48439 <blockquote>
48440 <p>The main repository server received a 2TB SSD to replace the HDDs it was using before. This will improve access to a number of things maintained by this server, including the mail archives, and gives the main repo server more breathing room for repository expansion. Space was at a premium before. Now there’s plenty.</p>
48441 </blockquote>
48442 <blockquote>
48443 <p>Monster, the quad socket opteron which we currently use as the database builder and repository that we export to our public grok service (<a href="http://grok.dragonflybsd.org">grok.dragonflybsd.org</a>) received a 512G SSD to add swap space for swapcache, to help cache the grok meta-data. It now has 600GB of swapcache configured. Over the next few weeks we will also be changing the grok updates to ping-pong between the two 4TB data drives it received in the last upgrade so we can do concurrent updates and web accesses without them tripping over each other performance-wise.</p>
48444 </blockquote>
48445 <blockquote>
48446 <p>The main developer box, Leaf, received a 2TB SSD and we are currently in the midst of migrating all the developer accounts in /home and /build from its old HDDs to its new SSD. This machine serves developer repos, developer web stuff, our home page and wiki, etc, so those will become snappier as well.</p>
48447 </blockquote>
48448 <blockquote>
48449 <p>Hard drives are becoming real dinosaurs. We still have a few left from the old days but in terms of active use the only HDDs we feel we really need to keep now are the ones we use for backups and grok data, owing to the amount of storage needed for those functions.</p>
48450 </blockquote>
48451 <blockquote>
48452 <p>Five years ago when we received the blade server that now sits in the colo, we had a small 256G SSD for root on every blade, and everything else used HDDs. To make things operate smoothly, most of that 256G root SSD was assigned to swapcache (200G of it, in fact, in most cases). Even just 2 years ago replacing all those HDDs with SSDs, even just the ones being used to actively serve data and support developers, would have been cost prohibitive. But today it isn’t and the only HDDs we really need anywhere are for backups or certain very large bits of bulk data (aka the grok source repository and index). The way things are going, even the backup drives will probably become SSDs over the next two years.</p>
48453 </blockquote>
48454 <hr>
48455 <p>###iX ad spot<br>
48456 <a href="https://www.ixsystems.com/blog/oscon2018/">OSCON 2018 Recap</a></p>
48457 <hr>
48458 <p>###<a href="http://oshogbo.vexillium.org/blog/46/">zpool checkpoints</a></p>
48459 <blockquote>
48460 <p>In March, to FreeBSD landed a very interesting feature called ‘zpool checkpoints’. Before we jump straight into the topic, let’s take a step back and look at another ZFS feature called ‘snapshot’. Snapshot allows us to create an image of our single file systems. This gives us the option to modify data on the dataset without the fear of losing some data.</p>
48461 </blockquote>
48462 <blockquote>
48463 <p>A very good example of how to use ZFS snapshot is during an upgrade of database schema. Let us consider a situation where we have a few scripts which change our schema. Sometimes we are unable to upgrade in one transaction (for example, when we attempt to alter a table and then update it in single transaction). If our database is on dataset, we can just snapshot it, and if something goes wrong, simply rollback the file system to its previous state.</p>
48464 </blockquote>
48465 <blockquote>
48466 <p>The problem with snapshot is that it works only on a single dataset. If we added some dataset, we wouldn’t then be able to create the snapshot which would rollback that operation. The same with changing the attributes of a dataset. If we change the compression on the dataset, we cannot rollback it. We would need to change that manually.</p>
48467 </blockquote>
48468 <blockquote>
48469 <p>Another interesting problem involves upgrading the whole operating system when we upgrade system with a new ZFS version. What if we start upgrading our dataset and our kernel begins to crash? (If you use FreeBSD, I doubt you will ever have had that experience but still…). If we rollback to the old kernel, there is a chance the dataset will stop working because the new kernel doesn’t know how to use the new features.</p>
48470 </blockquote>
48471 <blockquote>
48472 <p>Zpool checkpoints is the solution to all those problems. Instead of taking a single snapshot of the dataset, we can now take a snapshot of the whole pool. That means we will not only rollback the data but also all the metadata. If we rewind to the checkpoint, all our ZFS properties will be rolled back; the upgrade will be rolledback, and even the creation/deletion of the dataset, and the snapshot, will be rolledback.</p>
48473 </blockquote>
48474 <ul>
48475 <li>Zpool Checkpoint has introduced a few simple functions:</li>
48476 <li>For a creating checkpoint:</li>
48477 </ul>
48478 <p><code>zpool checkpoint &lt;pool&gt;</code></p>
48479 <ul>
48480 <li>Rollbacks state to checkpoint and remove the checkpoint:</li>
48481 </ul>
48482 <p><code>zpool import -- rewind-to-checkpoint &lt;pool&gt;</code></p>
48483 <ul>
48484 <li>Mount the pool read only - this does not rollback the data:</li>
48485 </ul>
48486 <p><code>zpool import --read-only=on --rewind-to-checkpoint</code></p>
48487 <ul>
48488 <li>Remove the checkpoint</li>
48489 </ul>
48490 <p><code>zpool checkpoint --discard &lt;pool&gt; or zpool checkpoint -d &lt;pool&gt;</code></p>
48491 <ul>
48492 <li>With this powerful feature we need to remember some safety rules:</li>
48493 <li>Scrub will work only on data that isn’t in checkpool.</li>
48494 <li>You can’t remove vdev if you have a checkpoint.</li>
48495 <li>You can’t split mirror.</li>
48496 <li>Reguid will not work either.</li>
48497 <li>Create a checkpoint when one of the disks is removed…</li>
48498 </ul>
48499 <blockquote>
48500 <p>For me, this feature is incredibly useful, especially when upgrading an operating system, or when I need to experiment with additional data sets. If you speak Polish, I have some additional information for you. During the first Polish BSD user group meeting, I had the opportunity to give a short talk about this feature. Here you find the video of that talk, and here is the slideshow.</p>
48501 </blockquote>
48502 <blockquote>
48503 <p>I would like to offer my thanks to Serapheim Dimitropoulos for developing this feature, and for being so kind in sharing with me so many of its intricacies. If you are interested in knowing more about the technical details of this feature, you should check out Serapheim’s blog, and his video about checkpoints.</p>
48504 </blockquote>
48505 <hr>
48506 <p>###g2k18 Reports</p>
48507 <ul>
48508 <li><a href="https://undeadly.org/cgi?action=article;sid=20180728110010">g2k18 hackathon report: Ingo Schwarze on sed(1) bugfixing with Martijn van Duren, and about other small userland stuff</a></li>
48509 <li><a href="https://undeadly.org/cgi?action=article;sid=20180726184322">g2k18 hackathon report: Kenneth Westerback on dhcpd(8) fixes, disklabel(8) refactoring and more</a></li>
48510 <li><a href="https://undeadly.org/cgi?action=article;sid=20180716193511">g2k18 Hackathon Report: Marc Espie on ports and packages progress</a></li>
48511 <li><a href="https://undeadly.org/cgi?action=article;sid=20180716202456">g2k18 hackathon report: Antoine Jacoutot on porting</a></li>
48512 <li><a href="https://undeadly.org/cgi?action=article;sid=20180717074543">g2k18 hackathon report: Matthieu Herrb on font caches and xenodm</a></li>
48513 <li><a href="https://undeadly.org/cgi?action=article;sid=20180718060313">g2k18 hackathon report: Florian Obser on rtadvd(8) -&gt; rad(8) progress (actually, rewrite)</a></li>
48514 <li><a href="https://undeadly.org/cgi?action=article;sid=20180719100833">g2k18 Hackathon Report: Klemens Nanni on improvements to route(8), pfctl(8), and mount(2)</a></li>
48515 <li><a href="https://undeadly.org/cgi?action=article;sid=20180721053002">g2k18 hackathon report: Carlos Cardenas on vmm/vmd progress, LACP</a></li>
48516 <li><a href="https://undeadly.org/cgi?action=article;sid=20180721053011">g2k18 hackathon report: Claudio Jeker on OpenBGPD developments</a></li>
48517 <li><a href="https://i.imgur.com/3t3cJF6.jpg">Picture of the last day of the g2k18 hackathon in Ljubljana, Slovenia</a></li>
48518 </ul>
48519 <hr>
48520 <p>##Beastie Bits</p>
48521 <ul>
48522 <li><a href="https://www.geeklan.co.uk/?p=2266">Something blogged (on pkgsrcCon 2018)</a></li>
48523 <li><a href="https://blog.netbsd.org/tnf/entry/gsoc_2018_reports_configuration_files">GSoC 2018 Reports: Configuration files versioning in pkgsrc, Part 1</a></li>
48524 <li><a href="https://bsd.network/@mulander/100390180499807877">There should be a global ‘awareness’ week for developers</a></li>
48525 <li><a href="https://bsd-pl.org/en">Polish BSD User Group – Upcoming Meeting: Aug 9th 2018</a></li>
48526 <li><a href="http://ukopenbsdusers.saneusergroup.org.uk/pipermail/uk-openbsd-users/2018-July/000430.html">London BSD User Group – Upcoming Meeting: Aug 14th 2018</a></li>
48527 <li><a href="http://whyzfsisbetter.com/">Phillip Smith’s collection of reasons why ZFS is better so that he does not have to repeat<br>
48528 himself all the time</a></li>
48529 <li><a href="https://2018.eurobsdcon.org/registration-is-open/">EuroBSDCon 2018: Sept 20-23rd in Romania – Register NOW!</a></li>
48530 <li><a href="https://www.meetbsd.com/call-for-papers/">MeetBSD 2018: Oct 19-20 in Santa Clara, California. Call for Papers closes on Aug 12</a></li>
48531 </ul>
48532 <hr>
48533 <p><strong>Tarsnap</strong></p>
48534 <p>##Feedback/Questions</p>
48535 <ul>
48536 <li>Dale - <a href="http://dpaste.com/1K452Y7#wrap">L2ARC recommendations &amp; drive age question</a></li>
48537 <li>Todd - <a href="http://dpaste.com/0WWHZ3E#wrap">ZFS &amp; S3</a></li>
48538 <li>efraim - <a href="http://dpaste.com/36YP39B#wrap">License Poem</a></li>
48539 <li>Henrick - <a href="http://dpaste.com/21D1KWA#wrap">Yet another ZFS question</a></li>
48540 </ul>
48541 <hr>
48542 <ul>
48543 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
48544 </ul>
48545 <hr>
48546 </description>
48547 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, arm64, encrypted backups, zpool checkpoints, g2k18 reports</itunes:keywords>
48548 <content:encoded>
48549 <![CDATA[<p>NetBSD 8.0 available, FreeBSD on Scaleway’s ARM64 VPS, encrypted backups with OpenBSD, Dragonfly server storage upgrade, zpool checkpoints, g2k18 hackathon reports, and more.<br>
48550 <hr></p>
48551
48552 <p>##Headlines<br>
48553 ###<a href="https://www.netbsd.org/releases/formal-8/NetBSD-8.0.html">NetBSD v8.0 Released</a></p>
48554
48555 <blockquote>
48556 <p>The NetBSD Project is pleased to announce NetBSD 8.0, the sixteenth major release of the NetBSD operating system.</p>
48557 </blockquote>
48558
48559 <blockquote>
48560 <p>This release brings stability improvements, hundreds of bug fixes, and many new features.</p>
48561 </blockquote>
48562
48563 <ul>
48564 <li>
48565 <p>Some highlights of the NetBSD 8.0 release are:</p>
48566 </li>
48567 <li>
48568 <p>USB stack rework, USB3 support added.</p>
48569 </li>
48570 <li>
48571 <p>In-kernel audio mixer (audio_system(9)).</p>
48572 </li>
48573 <li>
48574 <p>Reproducible builds (MKREPRO, see mk.conf(5)).</p>
48575 </li>
48576 <li>
48577 <p>Full userland debug information (MKDEBUG, see mk.conf(5)) available. While most install media do not come with them (for size reasons), the debug and xdebug sets can be downloaded and extracted as needed later. They provide full symbol information for all base system and X binaries and libraries and allow better error reporting and (userland) crash analysis.</p>
48578 </li>
48579 <li>
48580 <p>PaX MPROTECT (W^X) memory protection enforced by default on some architectures with fine-grained memory protection and suitable ELF formats: i386, amd64, evbarm, landisk.</p>
48581 </li>
48582 <li>
48583 <p>PaX ASLR (Address Space Layout Randomization) enabled by default on: i386, amd64, evbarm, landisk, sparc64.</p>
48584 </li>
48585 <li>
48586 <p>Position independent executables by default for userland on: i386, amd64, arm, m68k, mips, sh3, sparc64.</p>
48587 </li>
48588 <li>
48589 <p>A new socket layer can(4) has been added for communication of devices on a CAN bus.</p>
48590 </li>
48591 <li>
48592 <p>A special pseudo interface ipsecif(4) for route-based VPNs has been added.</p>
48593 </li>
48594 <li>
48595 <p>Parts of the network stack have been made MP-safe. The kernel option NET_MPSAFE is required to enable this.</p>
48596 </li>
48597 <li>
48598 <p>Hardening of the network stack in general.</p>
48599 </li>
48600 <li>
48601 <p>Various WAPBL (the NetBSD file system “log” option) stability and performance improvements.</p>
48602 </li>
48603 <li>
48604 <p>Specific to i386 and amd64 CPUs:</p>
48605 </li>
48606 <li>
48607 <p>Meltdown mitigation: SVS (Separate Virtual Space), enabled by default.</p>
48608 </li>
48609 <li>
48610 <p>SpectreV2 mitigation: retpoline (support in gcc), used by default for kernels. Other hardware mitigations are also available.</p>
48611 </li>
48612 <li>
48613 <p>SpectreV4 mitigations available for Intel and AMD.</p>
48614 </li>
48615 <li>
48616 <p>PopSS workaround: user access to debug registers is turned off by default.</p>
48617 </li>
48618 <li>
48619 <p>Lazy FPU saving disabled on vulnerable Intel CPUs (“eagerfpu”).</p>
48620 </li>
48621 <li>
48622 <p>SMAP support.</p>
48623 </li>
48624 <li>
48625 <p>Improvement and hardening of the memory layout: W^X, fewer writable pages, better consistency, better performance.</p>
48626 </li>
48627 <li>
48628 <p>(U)EFI bootloader.</p>
48629 </li>
48630 <li>
48631 <p>Many evbarm kernels now use FDT (flat device tree) information (loadable at boot time from an external file) for device configuration, the number of kernels has decreased but the number of boards has vastly increased.</p>
48632 </li>
48633 <li>
48634 <p>Lots of updates to 3rd party software included:</p>
48635 </li>
48636 <li>
48637 <p>GCC 5.5 with support for Address Sanitizer and Undefined Behavior Sanitizer</p>
48638 </li>
48639 <li>
48640 <p>GDB 7.12</p>
48641 </li>
48642 <li>
48643 <p>GNU binutils 2.27</p>
48644 </li>
48645 <li>
48646 <p>Clang/LLVM 3.8.1</p>
48647 </li>
48648 <li>
48649 <p>OpenSSH 7.6</p>
48650 </li>
48651 <li>
48652 <p>OpenSSL 1.0.2k</p>
48653 </li>
48654 <li>
48655 <p>mdocml 1.14.1</p>
48656 </li>
48657 <li>
48658 <p>acpica 20170303</p>
48659 </li>
48660 <li>
48661 <p>ntp 4.2.8p11-o</p>
48662 </li>
48663 <li>
48664 <p>dhcpcd 7.0.6</p>
48665 </li>
48666 <li>
48667 <p>Lua 5.3.4</p>
48668 </li>
48669 </ul>
48670
48671 <p><hr></p>
48672
48673 <p>###<a href="https://community.online.net/t/freebsd-on-arm64/6678">Running FreeBSD on the ARM64 VPS from Scaleway</a></p>
48674
48675 <blockquote>
48676 <p>I’ve been thinking about this 6 since 2017, but only yesterday signed up for an account and played around with the ARM64 offering.<br>
48677 Turns out it’s pretty great! KVM boots into UEFI, there’s a local VirtIO disk attached, no NBD junk required. So we can definitely run FreeBSD.<br>
48678 I managed to “depenguinate” a running instance, the notes are below. Would be great if Scaleway offered an official image instead :wink:<br>
48679 For some reason, unlike on x86 4, mounting additional volumes is not allowed 4 on ARM64 instances. So we’ll have to move the running Linux to a ramdisk using pivot_root and then we can do whatever to our one and only disk.<br>
48680 Spin up an instance with Ubuntu Zesty and ssh in.</p>
48681 </blockquote>
48682
48683 <ul>
48684 <li>Prepare the system and change the root to a tmpfs:</li>
48685 </ul>
48686
48687 <pre><code>apt install gdisk
48688 mount -t tmpfs tmpfs /tmp
48689 cp -r /bin /sbin /etc /dev /root /home /lib /run /usr /var /tmp
48690 mkdir /tmp/proc /tmp/sys /tmp/oldroot
48691 mount /dev/vda /tmp/oldroot
48692 mount --make-rprivate /
48693 pivot_root /tmp /tmp/oldroot
48694 for i in dev proc sys run; do mount --move /oldroot/$i /$i; done
48695 systemctl daemon-reload
48696 systemctl restart sshd
48697 </code></pre>
48698
48699 <blockquote>
48700 <p>Now reconnect to ssh from a second terminal (note: rm the connection file if you use ControlPersist in ssh config), then exit the old session. Kill the old sshd process, restart or stop the rest of the stuff using the old disk:</p>
48701 </blockquote>
48702
48703 <pre><code>pkill -f notty
48704 sed -ibak 's/RefuseManualStart.*$//g' /lib/systemd/system/dbus.service
48705 systemctl daemon-reload
48706 systemctl restart dbus
48707 systemctl daemon-reexec
48708 systemctl stop user@0 ntp cron systemd-logind
48709 systemctl restart systemd-journald systemd-udevd
48710 pkill agetty
48711 pkill rsyslogd
48712 </code></pre>
48713
48714 <blockquote>
48715 <p>Check that nothing is touching /oldroot:</p>
48716 </blockquote>
48717
48718 <pre><code>lsof | grep oldroot
48719 </code></pre>
48720
48721 <blockquote>
48722 <p>There will probably be an old dbus-daemon, kill it.<br>
48723 And finally, unmount the old root and overwrite the hard disk with a memstick image:</p>
48724 </blockquote>
48725
48726 <pre><code>umount -R /oldroot
48727 wget https://download.freebsd.org/ftp/snapshots/arm64/aarch64/ISO-IMAGES/12.0/FreeBSD-12.0-CURRENT-arm64-aarch64-20180719-r336479-mini-memstick.img.xz
48728 xzcat FreeBSD-12.0-CURRENT-arm64-aarch64-20180719-r336479-mini-memstick.img.xz | dd if=/dev/stdin of=/dev/vda bs=1M
48729 </code></pre>
48730
48731 <blockquote>
48732 <p>(Look for the newest snapshot, don’t copy paste the July 19 link above if you’re reading this in the future. Actually maybe use a release instead of CURRENT…)<br>
48733 Now, fix the GPT: move the secondary table to the end of the disk and resize the table.<br>
48734 It’s important to resize here, as FreeBSD does not do that and silently creates partitions that won’t persist across reboots</p>
48735 </blockquote>
48736
48737 <pre><code>gdisk /dev/vda
48738 x
48739 e
48740 s
48741 4
48742 w
48743 y
48744 </code></pre>
48745
48746 <p>And reboot. (You might actually want to hard reboot here: for some reason on the first reboot from Linux, pressing the any-key to enter the prompt in the loader hangs the console for me.)</p>
48747
48748 <p>I didn’t have to go into the ESC menu and choose the local disk in the boot manager, it seems to boot from disk automatically.</p>
48749
48750 <p>Now we’re in the FreeBSD EFI loader.<br>
48751 For some reason, the (recently fixed? 2) serial autodetection from EFI is not working correctly. Or something.<br>
48752 So you don’t get console output by default.<br>
48753 To fix, you have to run these commands in the boot loader command prompt:</p>
48754
48755 <pre><code>set console=comconsole,efi
48756 boot
48757 </code></pre>
48758
48759 <p>Ignore the warning about comconsole not being a valid console.<br>
48760 Since there’s at least one (efi) that the loader thinks is valid, it sets the whole variable.)</p>
48761
48762 <p>(UPD: shouldn’t be necessary in the next snapshot)</p>
48763
48764 <p>Now it’s a regular installation process!<br>
48765 When asked about partitioning, choose Shell, and manually add a partition and set up a root filesystem:</p>
48766
48767 <pre><code>gpart add -t freebsd-zfs -a 4k -l zroot vtbd0
48768 zpool create -R /mnt -O mountpoint=none -O atime=off zroot /dev/gpt/zroot
48769 zfs create -o canmount=off -o mountpoint=none zroot/ROOT
48770 zfs create -o mountpoint=/ zroot/ROOT/default
48771 zfs create -o mountpoint=/usr zroot/ROOT/default/usr
48772 zfs create -o mountpoint=/var zroot/ROOT/default/var
48773 zfs create -o mountpoint=/var/log zroot/ROOT/default/var/log
48774 zfs create -o mountpoint=/usr/home zroot/home
48775 zpool set bootfs=zroot/ROOT/default zroot
48776 exit
48777 </code></pre>
48778
48779 <p>(In this example, I set up ZFS with a beadm-compatible layout which allows me to use Boot Environments.)</p>
48780
48781 <p>In the post-install chroot shell, fix some configs like so:</p>
48782
48783 <pre><code>echo 'zfs_load="YES"' >> /boot/loader.conf
48784 echo 'console="comconsole,efi"' >> /boot/loader.conf
48785 echo 'vfs.zfs.arc_max="512M"' >> /boot/loader.conf
48786 sysrc zfs_enable=YES
48787 exit
48788 </code></pre>
48789
48790 <p>(Yeah, for some reason, the loader does not load zfs.ko’s dependency opensolaris.ko automatically here. idk what even. It does on my desktop and laptop.)</p>
48791
48792 <p>Now you can reboot into the installed system!!</p>
48793
48794 <p>Here’s how you can set up IPv6 (and root’s ssh key) auto configuration on boot:</p>
48795
48796 <pre><code>Pkg bootstrap
48797 pkg install curl
48798 curl https://raw.githubusercontent.com/scaleway/image-tools/master/bases/overlay-common/usr/local/bin/scw-metadata > /usr/local/bin/scw-metadata
48799 chmod +x /usr/local/bin/scw-metadata
48800 echo '#\!/bin/sh' > /etc/rc.local
48801 echo 'PATH=/usr/local/bin:$PATH' >> /etc/rc.local
48802 echo 'eval $(scw-metadata)' >> /etc/rc.local
48803 echo 'echo $SSH_PUBLIC_KEYS_0_KEY > /root/.ssh/authorized_keys' >> /etc/rc.local
48804 echo 'chmod 0400 /root/.ssh/authorized_keys' >> /etc/rc.local
48805 echo 'ifconfig vtnet0 inet6 $IPV6_ADDRESS/$IPV6_NETMASK' >> /etc/rc.local
48806 echo 'route -6 add default $IPV6_GATEWAY' >> /etc/rc.local
48807 mkdir /run
48808 mkdir /root/.ssh
48809 sh /etc/rc.local
48810 </code></pre>
48811
48812 <blockquote>
48813 <p>And to fix incoming TCP connections, configure the DHCP client to change the broadcast address:</p>
48814 </blockquote>
48815
48816 <p><code>echo 'interface "vtnet0" { supersede broadcast-address 255.255.255.255; }' >> /etc/dhclient.conf</code><br>
48817 <code>killall dhclient</code><br>
48818 <code>dhclient vtnet0</code></p>
48819
48820 <ul>
48821 <li>Other random notes:</li>
48822 <li>keep in mind that -CURRENT snapshots come with a debugging kernel by default, which limits syscall performance by a lot, you might want to build your own 2 with config GENERIC-NODEBUG</li>
48823 <li>also disable heavy malloc debugging features by running ln -s ‘abort:false,junk:false’ /etc/malloc.conf (yes that’s storing config in a symlink)</li>
48824 <li>you can reuse the installer’s partition for swap</li>
48825 </ul>
48826
48827 <p><hr></p>
48828
48829 <p>** Digital Ocean **<br>
48830 <a href="http://do.co/bsdnow">http://do.co/bsdnow</a></p>
48831
48832 <p>###<a href="https://dataswamp.org/~solene/2018-06-26-openbsd-easy-backup.html">Easy encrypted backups on OpenBSD with base tools</a></p>
48833
48834 <blockquote>
48835 <p>Today’s topic is “Encrypted backups” using only OpenBSD base tools. I am planning to write a bigger article later about backups but it’s a wide topic with a lot of software to cover and a lot of explanations about the differents uses cases, needs, issues an solutions. Here I will stick on explaining how to make reliable backups for an OpenBSD system (my laptop).<br>
48836 What we need is the dump command (see man 8 dump for its man page). It’s an utility to make a backup for a filesystem, it can only make a backup of one filesystem at a time. On my laptop I only backup /home partition so this solution is suitable for me while still being easy.<br>
48837 Dump can do incremental backups, it means that it will only save what changed since the last backup of lower level. If you do not understand this, please refer to the dump man page.<br>
48838 What is very interesting with dump is that it honors nodump flag which is an extended attribute of a FFS filesystem. One can use the command chflags nodump /home/solene/Downloads to tells dump not do save that folder (under some circumstances). By default, dump will not save thoses files, EXCEPT for a level 0 backup.</p>
48839 </blockquote>
48840
48841 <ul>
48842 <li>Important features of this backup solution:</li>
48843 <li>save files with attributes, permissions and flags</li>
48844 <li>can recreate a partition from a dump, restore files interactively, from a list or from its inode number (useful when you have files in lost+found)</li>
48845 <li>one dump = one file</li>
48846 </ul>
48847
48848 <blockquote>
48849 <p>My process is to make a huge dump of level 0 and keep it on a remote server, then, once a week I make a level 1 backup which will contain everything changed since the last dump of level 0, and everyday I do a level 2 backup of my files. The level 2 will contain latest files and the files changing a lot, which are often the most interesting. The level 1 backup is important because it will offload a lot of changes for the level 2.<br>
48850 Let me explain: let says my full backup is 60 GB, full of pictures, sources files, GUI applications data files etc… A level 1 backup will contain every new picture, new projects, new GUI files etc… since the full backup, which will produce bigger and bigger dump over time, usually it is only 100 MB to 1GB. As I don’t add new pictures everyday or use new software everyday, the level 2 will take care of most littles changes to my data, like source code edited, little works on files etc… The level 2 backup is really small, I try to keep it under 50 MB so I can easily send it on my remote server everyday.<br>
48851 One could you more dump level, up to level 9, but keep in mind that those are incremental. In my case, if I need to restore all my partition, I will need to use level 0, 1 and 2 to get up to latest backup state. If you want to restore a file deleted a few days ago, you need to remember in which level its latest version is.<br>
48852 History note: dump was designed to be used with magnetic tapes.</p>
48853 </blockquote>
48854
48855 <ul>
48856 <li>See the article for the remainder of the article</li>
48857 </ul>
48858
48859 <p><hr></p>
48860
48861 <p>##News Roundup<br>
48862 ###<a href="http://lists.dragonflybsd.org/pipermail/users/2018-July/357809.html">Status of DFly server storage upgrades (Matt Dillon)</a></p>
48863
48864 <blockquote>
48865 <p>Last month we did some storage upgrades, particularly of internet-facing machines for package and OS distribution. Yesterday we did a number of additional upgrades, described below. All using funds generously donated by everyone!</p>
48866 </blockquote>
48867
48868 <blockquote>
48869 <p>The main repository server received a 2TB SSD to replace the HDDs it was using before. This will improve access to a number of things maintained by this server, including the mail archives, and gives the main repo server more breathing room for repository expansion. Space was at a premium before. Now there’s plenty.</p>
48870 </blockquote>
48871
48872 <blockquote>
48873 <p>Monster, the quad socket opteron which we currently use as the database builder and repository that we export to our public grok service (<a href="http://grok.dragonflybsd.org">grok.dragonflybsd.org</a>) received a 512G SSD to add swap space for swapcache, to help cache the grok meta-data. It now has 600GB of swapcache configured. Over the next few weeks we will also be changing the grok updates to ping-pong between the two 4TB data drives it received in the last upgrade so we can do concurrent updates and web accesses without them tripping over each other performance-wise.</p>
48874 </blockquote>
48875
48876 <blockquote>
48877 <p>The main developer box, Leaf, received a 2TB SSD and we are currently in the midst of migrating all the developer accounts in /home and /build from its old HDDs to its new SSD. This machine serves developer repos, developer web stuff, our home page and wiki, etc, so those will become snappier as well.</p>
48878 </blockquote>
48879
48880 <blockquote>
48881 <p>Hard drives are becoming real dinosaurs. We still have a few left from the old days but in terms of active use the only HDDs we feel we really need to keep now are the ones we use for backups and grok data, owing to the amount of storage needed for those functions.</p>
48882 </blockquote>
48883
48884 <blockquote>
48885 <p>Five years ago when we received the blade server that now sits in the colo, we had a small 256G SSD for root on every blade, and everything else used HDDs. To make things operate smoothly, most of that 256G root SSD was assigned to swapcache (200G of it, in fact, in most cases). Even just 2 years ago replacing all those HDDs with SSDs, even just the ones being used to actively serve data and support developers, would have been cost prohibitive. But today it isn’t and the only HDDs we really need anywhere are for backups or certain very large bits of bulk data (aka the grok source repository and index). The way things are going, even the backup drives will probably become SSDs over the next two years.</p>
48886 </blockquote>
48887
48888 <p><hr></p>
48889
48890 <p>###iX ad spot<br>
48891 <a href="https://www.ixsystems.com/blog/oscon2018/">OSCON 2018 Recap</a></p>
48892
48893 <p><hr></p>
48894
48895 <p>###<a href="http://oshogbo.vexillium.org/blog/46/">zpool checkpoints</a></p>
48896
48897 <blockquote>
48898 <p>In March, to FreeBSD landed a very interesting feature called ‘zpool checkpoints’. Before we jump straight into the topic, let’s take a step back and look at another ZFS feature called ‘snapshot’. Snapshot allows us to create an image of our single file systems. This gives us the option to modify data on the dataset without the fear of losing some data.</p>
48899 </blockquote>
48900
48901 <blockquote>
48902 <p>A very good example of how to use ZFS snapshot is during an upgrade of database schema. Let us consider a situation where we have a few scripts which change our schema. Sometimes we are unable to upgrade in one transaction (for example, when we attempt to alter a table and then update it in single transaction). If our database is on dataset, we can just snapshot it, and if something goes wrong, simply rollback the file system to its previous state.</p>
48903 </blockquote>
48904
48905 <blockquote>
48906 <p>The problem with snapshot is that it works only on a single dataset. If we added some dataset, we wouldn’t then be able to create the snapshot which would rollback that operation. The same with changing the attributes of a dataset. If we change the compression on the dataset, we cannot rollback it. We would need to change that manually.</p>
48907 </blockquote>
48908
48909 <blockquote>
48910 <p>Another interesting problem involves upgrading the whole operating system when we upgrade system with a new ZFS version. What if we start upgrading our dataset and our kernel begins to crash? (If you use FreeBSD, I doubt you will ever have had that experience but still…). If we rollback to the old kernel, there is a chance the dataset will stop working because the new kernel doesn’t know how to use the new features.</p>
48911 </blockquote>
48912
48913 <blockquote>
48914 <p>Zpool checkpoints is the solution to all those problems. Instead of taking a single snapshot of the dataset, we can now take a snapshot of the whole pool. That means we will not only rollback the data but also all the metadata. If we rewind to the checkpoint, all our ZFS properties will be rolled back; the upgrade will be rolledback, and even the creation/deletion of the dataset, and the snapshot, will be rolledback.</p>
48915 </blockquote>
48916
48917 <ul>
48918 <li>Zpool Checkpoint has introduced a few simple functions:</li>
48919 <li>For a creating checkpoint:</li>
48920 </ul>
48921
48922 <p><code>zpool checkpoint <pool></code></p>
48923
48924 <ul>
48925 <li>Rollbacks state to checkpoint and remove the checkpoint:</li>
48926 </ul>
48927
48928 <p><code>zpool import -- rewind-to-checkpoint <pool></code></p>
48929
48930 <ul>
48931 <li>Mount the pool read only - this does not rollback the data:</li>
48932 </ul>
48933
48934 <p><code>zpool import --read-only=on --rewind-to-checkpoint</code></p>
48935
48936 <ul>
48937 <li>Remove the checkpoint</li>
48938 </ul>
48939
48940 <p><code>zpool checkpoint --discard <pool> or zpool checkpoint -d <pool></code></p>
48941
48942 <ul>
48943 <li>With this powerful feature we need to remember some safety rules:</li>
48944 <li>Scrub will work only on data that isn’t in checkpool.</li>
48945 <li>You can’t remove vdev if you have a checkpoint.</li>
48946 <li>You can’t split mirror.</li>
48947 <li>Reguid will not work either.</li>
48948 <li>Create a checkpoint when one of the disks is removed…</li>
48949 </ul>
48950
48951 <blockquote>
48952 <p>For me, this feature is incredibly useful, especially when upgrading an operating system, or when I need to experiment with additional data sets. If you speak Polish, I have some additional information for you. During the first Polish BSD user group meeting, I had the opportunity to give a short talk about this feature. Here you find the video of that talk, and here is the slideshow.</p>
48953 </blockquote>
48954
48955 <blockquote>
48956 <p>I would like to offer my thanks to Serapheim Dimitropoulos for developing this feature, and for being so kind in sharing with me so many of its intricacies. If you are interested in knowing more about the technical details of this feature, you should check out Serapheim’s blog, and his video about checkpoints.</p>
48957 </blockquote>
48958
48959 <p><hr></p>
48960
48961 <p>###g2k18 Reports</p>
48962
48963 <ul>
48964 <li><a href="https://undeadly.org/cgi?action=article;sid=20180728110010">g2k18 hackathon report: Ingo Schwarze on sed(1) bugfixing with Martijn van Duren, and about other small userland stuff</a></li>
48965 <li><a href="https://undeadly.org/cgi?action=article;sid=20180726184322">g2k18 hackathon report: Kenneth Westerback on dhcpd(8) fixes, disklabel(8) refactoring and more</a></li>
48966 <li><a href="https://undeadly.org/cgi?action=article;sid=20180716193511">g2k18 Hackathon Report: Marc Espie on ports and packages progress</a></li>
48967 <li><a href="https://undeadly.org/cgi?action=article;sid=20180716202456">g2k18 hackathon report: Antoine Jacoutot on porting</a></li>
48968 <li><a href="https://undeadly.org/cgi?action=article;sid=20180717074543">g2k18 hackathon report: Matthieu Herrb on font caches and xenodm</a></li>
48969 <li><a href="https://undeadly.org/cgi?action=article;sid=20180718060313">g2k18 hackathon report: Florian Obser on rtadvd(8) -> rad(8) progress (actually, rewrite)</a></li>
48970 <li><a href="https://undeadly.org/cgi?action=article;sid=20180719100833">g2k18 Hackathon Report: Klemens Nanni on improvements to route(8), pfctl(8), and mount(2)</a></li>
48971 <li><a href="https://undeadly.org/cgi?action=article;sid=20180721053002">g2k18 hackathon report: Carlos Cardenas on vmm/vmd progress, LACP</a></li>
48972 <li><a href="https://undeadly.org/cgi?action=article;sid=20180721053011">g2k18 hackathon report: Claudio Jeker on OpenBGPD developments</a></li>
48973 <li><a href="https://i.imgur.com/3t3cJF6.jpg">Picture of the last day of the g2k18 hackathon in Ljubljana, Slovenia</a></li>
48974 </ul>
48975
48976 <p><hr></p>
48977
48978 <p>##Beastie Bits</p>
48979
48980 <ul>
48981 <li><a href="https://www.geeklan.co.uk/?p=2266">Something blogged (on pkgsrcCon 2018)</a></li>
48982 <li><a href="https://blog.netbsd.org/tnf/entry/gsoc_2018_reports_configuration_files">GSoC 2018 Reports: Configuration files versioning in pkgsrc, Part 1</a></li>
48983 <li><a href="https://bsd.network/@mulander/100390180499807877">There should be a global ‘awareness’ week for developers</a></li>
48984 <li><a href="https://bsd-pl.org/en">Polish BSD User Group – Upcoming Meeting: Aug 9th 2018</a></li>
48985 <li><a href="http://ukopenbsdusers.saneusergroup.org.uk/pipermail/uk-openbsd-users/2018-July/000430.html">London BSD User Group – Upcoming Meeting: Aug 14th 2018</a></li>
48986 <li><a href="http://whyzfsisbetter.com/">Phillip Smith’s collection of reasons why ZFS is better so that he does not have to repeat<br>
48987 himself all the time</a></li>
48988 <li><a href="https://2018.eurobsdcon.org/registration-is-open/">EuroBSDCon 2018: Sept 20-23rd in Romania – Register NOW!</a></li>
48989 <li><a href="https://www.meetbsd.com/call-for-papers/">MeetBSD 2018: Oct 19-20 in Santa Clara, California. Call for Papers closes on Aug 12</a></li>
48990 </ul>
48991
48992 <p><hr></p>
48993
48994 <p><strong>Tarsnap</strong></p>
48995
48996 <p>##Feedback/Questions</p>
48997
48998 <ul>
48999 <li>Dale - <a href="http://dpaste.com/1K452Y7#wrap">L2ARC recommendations & drive age question</a></li>
49000 <li>Todd - <a href="http://dpaste.com/0WWHZ3E#wrap">ZFS & S3</a></li>
49001 <li>efraim - <a href="http://dpaste.com/36YP39B#wrap">License Poem</a></li>
49002 <li>Henrick - <a href="http://dpaste.com/21D1KWA#wrap">Yet another ZFS question</a></li>
49003 </ul>
49004
49005 <p><hr></p>
49006
49007 <ul>
49008 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
49009 </ul>
49010
49011 <p><hr></p>]]>
49012 </content:encoded>
49013 <itunes:summary>
49014 <![CDATA[<p>NetBSD 8.0 available, FreeBSD on Scaleway’s ARM64 VPS, encrypted backups with OpenBSD, Dragonfly server storage upgrade, zpool checkpoints, g2k18 hackathon reports, and more.<br>
49015 <hr></p>
49016
49017 <p>##Headlines<br>
49018 ###<a href="https://www.netbsd.org/releases/formal-8/NetBSD-8.0.html">NetBSD v8.0 Released</a></p>
49019
49020 <blockquote>
49021 <p>The NetBSD Project is pleased to announce NetBSD 8.0, the sixteenth major release of the NetBSD operating system.</p>
49022 </blockquote>
49023
49024 <blockquote>
49025 <p>This release brings stability improvements, hundreds of bug fixes, and many new features.</p>
49026 </blockquote>
49027
49028 <ul>
49029 <li>
49030 <p>Some highlights of the NetBSD 8.0 release are:</p>
49031 </li>
49032 <li>
49033 <p>USB stack rework, USB3 support added.</p>
49034 </li>
49035 <li>
49036 <p>In-kernel audio mixer (audio_system(9)).</p>
49037 </li>
49038 <li>
49039 <p>Reproducible builds (MKREPRO, see mk.conf(5)).</p>
49040 </li>
49041 <li>
49042 <p>Full userland debug information (MKDEBUG, see mk.conf(5)) available. While most install media do not come with them (for size reasons), the debug and xdebug sets can be downloaded and extracted as needed later. They provide full symbol information for all base system and X binaries and libraries and allow better error reporting and (userland) crash analysis.</p>
49043 </li>
49044 <li>
49045 <p>PaX MPROTECT (W^X) memory protection enforced by default on some architectures with fine-grained memory protection and suitable ELF formats: i386, amd64, evbarm, landisk.</p>
49046 </li>
49047 <li>
49048 <p>PaX ASLR (Address Space Layout Randomization) enabled by default on: i386, amd64, evbarm, landisk, sparc64.</p>
49049 </li>
49050 <li>
49051 <p>Position independent executables by default for userland on: i386, amd64, arm, m68k, mips, sh3, sparc64.</p>
49052 </li>
49053 <li>
49054 <p>A new socket layer can(4) has been added for communication of devices on a CAN bus.</p>
49055 </li>
49056 <li>
49057 <p>A special pseudo interface ipsecif(4) for route-based VPNs has been added.</p>
49058 </li>
49059 <li>
49060 <p>Parts of the network stack have been made MP-safe. The kernel option NET_MPSAFE is required to enable this.</p>
49061 </li>
49062 <li>
49063 <p>Hardening of the network stack in general.</p>
49064 </li>
49065 <li>
49066 <p>Various WAPBL (the NetBSD file system “log” option) stability and performance improvements.</p>
49067 </li>
49068 <li>
49069 <p>Specific to i386 and amd64 CPUs:</p>
49070 </li>
49071 <li>
49072 <p>Meltdown mitigation: SVS (Separate Virtual Space), enabled by default.</p>
49073 </li>
49074 <li>
49075 <p>SpectreV2 mitigation: retpoline (support in gcc), used by default for kernels. Other hardware mitigations are also available.</p>
49076 </li>
49077 <li>
49078 <p>SpectreV4 mitigations available for Intel and AMD.</p>
49079 </li>
49080 <li>
49081 <p>PopSS workaround: user access to debug registers is turned off by default.</p>
49082 </li>
49083 <li>
49084 <p>Lazy FPU saving disabled on vulnerable Intel CPUs (“eagerfpu”).</p>
49085 </li>
49086 <li>
49087 <p>SMAP support.</p>
49088 </li>
49089 <li>
49090 <p>Improvement and hardening of the memory layout: W^X, fewer writable pages, better consistency, better performance.</p>
49091 </li>
49092 <li>
49093 <p>(U)EFI bootloader.</p>
49094 </li>
49095 <li>
49096 <p>Many evbarm kernels now use FDT (flat device tree) information (loadable at boot time from an external file) for device configuration, the number of kernels has decreased but the number of boards has vastly increased.</p>
49097 </li>
49098 <li>
49099 <p>Lots of updates to 3rd party software included:</p>
49100 </li>
49101 <li>
49102 <p>GCC 5.5 with support for Address Sanitizer and Undefined Behavior Sanitizer</p>
49103 </li>
49104 <li>
49105 <p>GDB 7.12</p>
49106 </li>
49107 <li>
49108 <p>GNU binutils 2.27</p>
49109 </li>
49110 <li>
49111 <p>Clang/LLVM 3.8.1</p>
49112 </li>
49113 <li>
49114 <p>OpenSSH 7.6</p>
49115 </li>
49116 <li>
49117 <p>OpenSSL 1.0.2k</p>
49118 </li>
49119 <li>
49120 <p>mdocml 1.14.1</p>
49121 </li>
49122 <li>
49123 <p>acpica 20170303</p>
49124 </li>
49125 <li>
49126 <p>ntp 4.2.8p11-o</p>
49127 </li>
49128 <li>
49129 <p>dhcpcd 7.0.6</p>
49130 </li>
49131 <li>
49132 <p>Lua 5.3.4</p>
49133 </li>
49134 </ul>
49135
49136 <p><hr></p>
49137
49138 <p>###<a href="https://community.online.net/t/freebsd-on-arm64/6678">Running FreeBSD on the ARM64 VPS from Scaleway</a></p>
49139
49140 <blockquote>
49141 <p>I’ve been thinking about this 6 since 2017, but only yesterday signed up for an account and played around with the ARM64 offering.<br>
49142 Turns out it’s pretty great! KVM boots into UEFI, there’s a local VirtIO disk attached, no NBD junk required. So we can definitely run FreeBSD.<br>
49143 I managed to “depenguinate” a running instance, the notes are below. Would be great if Scaleway offered an official image instead :wink:<br>
49144 For some reason, unlike on x86 4, mounting additional volumes is not allowed 4 on ARM64 instances. So we’ll have to move the running Linux to a ramdisk using pivot_root and then we can do whatever to our one and only disk.<br>
49145 Spin up an instance with Ubuntu Zesty and ssh in.</p>
49146 </blockquote>
49147
49148 <ul>
49149 <li>Prepare the system and change the root to a tmpfs:</li>
49150 </ul>
49151
49152 <pre><code>apt install gdisk
49153 mount -t tmpfs tmpfs /tmp
49154 cp -r /bin /sbin /etc /dev /root /home /lib /run /usr /var /tmp
49155 mkdir /tmp/proc /tmp/sys /tmp/oldroot
49156 mount /dev/vda /tmp/oldroot
49157 mount --make-rprivate /
49158 pivot_root /tmp /tmp/oldroot
49159 for i in dev proc sys run; do mount --move /oldroot/$i /$i; done
49160 systemctl daemon-reload
49161 systemctl restart sshd
49162 </code></pre>
49163
49164 <blockquote>
49165 <p>Now reconnect to ssh from a second terminal (note: rm the connection file if you use ControlPersist in ssh config), then exit the old session. Kill the old sshd process, restart or stop the rest of the stuff using the old disk:</p>
49166 </blockquote>
49167
49168 <pre><code>pkill -f notty
49169 sed -ibak 's/RefuseManualStart.*$//g' /lib/systemd/system/dbus.service
49170 systemctl daemon-reload
49171 systemctl restart dbus
49172 systemctl daemon-reexec
49173 systemctl stop user@0 ntp cron systemd-logind
49174 systemctl restart systemd-journald systemd-udevd
49175 pkill agetty
49176 pkill rsyslogd
49177 </code></pre>
49178
49179 <blockquote>
49180 <p>Check that nothing is touching /oldroot:</p>
49181 </blockquote>
49182
49183 <pre><code>lsof | grep oldroot
49184 </code></pre>
49185
49186 <blockquote>
49187 <p>There will probably be an old dbus-daemon, kill it.<br>
49188 And finally, unmount the old root and overwrite the hard disk with a memstick image:</p>
49189 </blockquote>
49190
49191 <pre><code>umount -R /oldroot
49192 wget https://download.freebsd.org/ftp/snapshots/arm64/aarch64/ISO-IMAGES/12.0/FreeBSD-12.0-CURRENT-arm64-aarch64-20180719-r336479-mini-memstick.img.xz
49193 xzcat FreeBSD-12.0-CURRENT-arm64-aarch64-20180719-r336479-mini-memstick.img.xz | dd if=/dev/stdin of=/dev/vda bs=1M
49194 </code></pre>
49195
49196 <blockquote>
49197 <p>(Look for the newest snapshot, don’t copy paste the July 19 link above if you’re reading this in the future. Actually maybe use a release instead of CURRENT…)<br>
49198 Now, fix the GPT: move the secondary table to the end of the disk and resize the table.<br>
49199 It’s important to resize here, as FreeBSD does not do that and silently creates partitions that won’t persist across reboots</p>
49200 </blockquote>
49201
49202 <pre><code>gdisk /dev/vda
49203 x
49204 e
49205 s
49206 4
49207 w
49208 y
49209 </code></pre>
49210
49211 <p>And reboot. (You might actually want to hard reboot here: for some reason on the first reboot from Linux, pressing the any-key to enter the prompt in the loader hangs the console for me.)</p>
49212
49213 <p>I didn’t have to go into the ESC menu and choose the local disk in the boot manager, it seems to boot from disk automatically.</p>
49214
49215 <p>Now we’re in the FreeBSD EFI loader.<br>
49216 For some reason, the (recently fixed? 2) serial autodetection from EFI is not working correctly. Or something.<br>
49217 So you don’t get console output by default.<br>
49218 To fix, you have to run these commands in the boot loader command prompt:</p>
49219
49220 <pre><code>set console=comconsole,efi
49221 boot
49222 </code></pre>
49223
49224 <p>Ignore the warning about comconsole not being a valid console.<br>
49225 Since there’s at least one (efi) that the loader thinks is valid, it sets the whole variable.)</p>
49226
49227 <p>(UPD: shouldn’t be necessary in the next snapshot)</p>
49228
49229 <p>Now it’s a regular installation process!<br>
49230 When asked about partitioning, choose Shell, and manually add a partition and set up a root filesystem:</p>
49231
49232 <pre><code>gpart add -t freebsd-zfs -a 4k -l zroot vtbd0
49233 zpool create -R /mnt -O mountpoint=none -O atime=off zroot /dev/gpt/zroot
49234 zfs create -o canmount=off -o mountpoint=none zroot/ROOT
49235 zfs create -o mountpoint=/ zroot/ROOT/default
49236 zfs create -o mountpoint=/usr zroot/ROOT/default/usr
49237 zfs create -o mountpoint=/var zroot/ROOT/default/var
49238 zfs create -o mountpoint=/var/log zroot/ROOT/default/var/log
49239 zfs create -o mountpoint=/usr/home zroot/home
49240 zpool set bootfs=zroot/ROOT/default zroot
49241 exit
49242 </code></pre>
49243
49244 <p>(In this example, I set up ZFS with a beadm-compatible layout which allows me to use Boot Environments.)</p>
49245
49246 <p>In the post-install chroot shell, fix some configs like so:</p>
49247
49248 <pre><code>echo 'zfs_load="YES"' >> /boot/loader.conf
49249 echo 'console="comconsole,efi"' >> /boot/loader.conf
49250 echo 'vfs.zfs.arc_max="512M"' >> /boot/loader.conf
49251 sysrc zfs_enable=YES
49252 exit
49253 </code></pre>
49254
49255 <p>(Yeah, for some reason, the loader does not load zfs.ko’s dependency opensolaris.ko automatically here. idk what even. It does on my desktop and laptop.)</p>
49256
49257 <p>Now you can reboot into the installed system!!</p>
49258
49259 <p>Here’s how you can set up IPv6 (and root’s ssh key) auto configuration on boot:</p>
49260
49261 <pre><code>Pkg bootstrap
49262 pkg install curl
49263 curl https://raw.githubusercontent.com/scaleway/image-tools/master/bases/overlay-common/usr/local/bin/scw-metadata > /usr/local/bin/scw-metadata
49264 chmod +x /usr/local/bin/scw-metadata
49265 echo '#\!/bin/sh' > /etc/rc.local
49266 echo 'PATH=/usr/local/bin:$PATH' >> /etc/rc.local
49267 echo 'eval $(scw-metadata)' >> /etc/rc.local
49268 echo 'echo $SSH_PUBLIC_KEYS_0_KEY > /root/.ssh/authorized_keys' >> /etc/rc.local
49269 echo 'chmod 0400 /root/.ssh/authorized_keys' >> /etc/rc.local
49270 echo 'ifconfig vtnet0 inet6 $IPV6_ADDRESS/$IPV6_NETMASK' >> /etc/rc.local
49271 echo 'route -6 add default $IPV6_GATEWAY' >> /etc/rc.local
49272 mkdir /run
49273 mkdir /root/.ssh
49274 sh /etc/rc.local
49275 </code></pre>
49276
49277 <blockquote>
49278 <p>And to fix incoming TCP connections, configure the DHCP client to change the broadcast address:</p>
49279 </blockquote>
49280
49281 <p><code>echo 'interface "vtnet0" { supersede broadcast-address 255.255.255.255; }' >> /etc/dhclient.conf</code><br>
49282 <code>killall dhclient</code><br>
49283 <code>dhclient vtnet0</code></p>
49284
49285 <ul>
49286 <li>Other random notes:</li>
49287 <li>keep in mind that -CURRENT snapshots come with a debugging kernel by default, which limits syscall performance by a lot, you might want to build your own 2 with config GENERIC-NODEBUG</li>
49288 <li>also disable heavy malloc debugging features by running ln -s ‘abort:false,junk:false’ /etc/malloc.conf (yes that’s storing config in a symlink)</li>
49289 <li>you can reuse the installer’s partition for swap</li>
49290 </ul>
49291
49292 <p><hr></p>
49293
49294 <p>** Digital Ocean **<br>
49295 <a href="http://do.co/bsdnow">http://do.co/bsdnow</a></p>
49296
49297 <p>###<a href="https://dataswamp.org/~solene/2018-06-26-openbsd-easy-backup.html">Easy encrypted backups on OpenBSD with base tools</a></p>
49298
49299 <blockquote>
49300 <p>Today’s topic is “Encrypted backups” using only OpenBSD base tools. I am planning to write a bigger article later about backups but it’s a wide topic with a lot of software to cover and a lot of explanations about the differents uses cases, needs, issues an solutions. Here I will stick on explaining how to make reliable backups for an OpenBSD system (my laptop).<br>
49301 What we need is the dump command (see man 8 dump for its man page). It’s an utility to make a backup for a filesystem, it can only make a backup of one filesystem at a time. On my laptop I only backup /home partition so this solution is suitable for me while still being easy.<br>
49302 Dump can do incremental backups, it means that it will only save what changed since the last backup of lower level. If you do not understand this, please refer to the dump man page.<br>
49303 What is very interesting with dump is that it honors nodump flag which is an extended attribute of a FFS filesystem. One can use the command chflags nodump /home/solene/Downloads to tells dump not do save that folder (under some circumstances). By default, dump will not save thoses files, EXCEPT for a level 0 backup.</p>
49304 </blockquote>
49305
49306 <ul>
49307 <li>Important features of this backup solution:</li>
49308 <li>save files with attributes, permissions and flags</li>
49309 <li>can recreate a partition from a dump, restore files interactively, from a list or from its inode number (useful when you have files in lost+found)</li>
49310 <li>one dump = one file</li>
49311 </ul>
49312
49313 <blockquote>
49314 <p>My process is to make a huge dump of level 0 and keep it on a remote server, then, once a week I make a level 1 backup which will contain everything changed since the last dump of level 0, and everyday I do a level 2 backup of my files. The level 2 will contain latest files and the files changing a lot, which are often the most interesting. The level 1 backup is important because it will offload a lot of changes for the level 2.<br>
49315 Let me explain: let says my full backup is 60 GB, full of pictures, sources files, GUI applications data files etc… A level 1 backup will contain every new picture, new projects, new GUI files etc… since the full backup, which will produce bigger and bigger dump over time, usually it is only 100 MB to 1GB. As I don’t add new pictures everyday or use new software everyday, the level 2 will take care of most littles changes to my data, like source code edited, little works on files etc… The level 2 backup is really small, I try to keep it under 50 MB so I can easily send it on my remote server everyday.<br>
49316 One could you more dump level, up to level 9, but keep in mind that those are incremental. In my case, if I need to restore all my partition, I will need to use level 0, 1 and 2 to get up to latest backup state. If you want to restore a file deleted a few days ago, you need to remember in which level its latest version is.<br>
49317 History note: dump was designed to be used with magnetic tapes.</p>
49318 </blockquote>
49319
49320 <ul>
49321 <li>See the article for the remainder of the article</li>
49322 </ul>
49323
49324 <p><hr></p>
49325
49326 <p>##News Roundup<br>
49327 ###<a href="http://lists.dragonflybsd.org/pipermail/users/2018-July/357809.html">Status of DFly server storage upgrades (Matt Dillon)</a></p>
49328
49329 <blockquote>
49330 <p>Last month we did some storage upgrades, particularly of internet-facing machines for package and OS distribution. Yesterday we did a number of additional upgrades, described below. All using funds generously donated by everyone!</p>
49331 </blockquote>
49332
49333 <blockquote>
49334 <p>The main repository server received a 2TB SSD to replace the HDDs it was using before. This will improve access to a number of things maintained by this server, including the mail archives, and gives the main repo server more breathing room for repository expansion. Space was at a premium before. Now there’s plenty.</p>
49335 </blockquote>
49336
49337 <blockquote>
49338 <p>Monster, the quad socket opteron which we currently use as the database builder and repository that we export to our public grok service (<a href="http://grok.dragonflybsd.org">grok.dragonflybsd.org</a>) received a 512G SSD to add swap space for swapcache, to help cache the grok meta-data. It now has 600GB of swapcache configured. Over the next few weeks we will also be changing the grok updates to ping-pong between the two 4TB data drives it received in the last upgrade so we can do concurrent updates and web accesses without them tripping over each other performance-wise.</p>
49339 </blockquote>
49340
49341 <blockquote>
49342 <p>The main developer box, Leaf, received a 2TB SSD and we are currently in the midst of migrating all the developer accounts in /home and /build from its old HDDs to its new SSD. This machine serves developer repos, developer web stuff, our home page and wiki, etc, so those will become snappier as well.</p>
49343 </blockquote>
49344
49345 <blockquote>
49346 <p>Hard drives are becoming real dinosaurs. We still have a few left from the old days but in terms of active use the only HDDs we feel we really need to keep now are the ones we use for backups and grok data, owing to the amount of storage needed for those functions.</p>
49347 </blockquote>
49348
49349 <blockquote>
49350 <p>Five years ago when we received the blade server that now sits in the colo, we had a small 256G SSD for root on every blade, and everything else used HDDs. To make things operate smoothly, most of that 256G root SSD was assigned to swapcache (200G of it, in fact, in most cases). Even just 2 years ago replacing all those HDDs with SSDs, even just the ones being used to actively serve data and support developers, would have been cost prohibitive. But today it isn’t and the only HDDs we really need anywhere are for backups or certain very large bits of bulk data (aka the grok source repository and index). The way things are going, even the backup drives will probably become SSDs over the next two years.</p>
49351 </blockquote>
49352
49353 <p><hr></p>
49354
49355 <p>###iX ad spot<br>
49356 <a href="https://www.ixsystems.com/blog/oscon2018/">OSCON 2018 Recap</a></p>
49357
49358 <p><hr></p>
49359
49360 <p>###<a href="http://oshogbo.vexillium.org/blog/46/">zpool checkpoints</a></p>
49361
49362 <blockquote>
49363 <p>In March, to FreeBSD landed a very interesting feature called ‘zpool checkpoints’. Before we jump straight into the topic, let’s take a step back and look at another ZFS feature called ‘snapshot’. Snapshot allows us to create an image of our single file systems. This gives us the option to modify data on the dataset without the fear of losing some data.</p>
49364 </blockquote>
49365
49366 <blockquote>
49367 <p>A very good example of how to use ZFS snapshot is during an upgrade of database schema. Let us consider a situation where we have a few scripts which change our schema. Sometimes we are unable to upgrade in one transaction (for example, when we attempt to alter a table and then update it in single transaction). If our database is on dataset, we can just snapshot it, and if something goes wrong, simply rollback the file system to its previous state.</p>
49368 </blockquote>
49369
49370 <blockquote>
49371 <p>The problem with snapshot is that it works only on a single dataset. If we added some dataset, we wouldn’t then be able to create the snapshot which would rollback that operation. The same with changing the attributes of a dataset. If we change the compression on the dataset, we cannot rollback it. We would need to change that manually.</p>
49372 </blockquote>
49373
49374 <blockquote>
49375 <p>Another interesting problem involves upgrading the whole operating system when we upgrade system with a new ZFS version. What if we start upgrading our dataset and our kernel begins to crash? (If you use FreeBSD, I doubt you will ever have had that experience but still…). If we rollback to the old kernel, there is a chance the dataset will stop working because the new kernel doesn’t know how to use the new features.</p>
49376 </blockquote>
49377
49378 <blockquote>
49379 <p>Zpool checkpoints is the solution to all those problems. Instead of taking a single snapshot of the dataset, we can now take a snapshot of the whole pool. That means we will not only rollback the data but also all the metadata. If we rewind to the checkpoint, all our ZFS properties will be rolled back; the upgrade will be rolledback, and even the creation/deletion of the dataset, and the snapshot, will be rolledback.</p>
49380 </blockquote>
49381
49382 <ul>
49383 <li>Zpool Checkpoint has introduced a few simple functions:</li>
49384 <li>For a creating checkpoint:</li>
49385 </ul>
49386
49387 <p><code>zpool checkpoint <pool></code></p>
49388
49389 <ul>
49390 <li>Rollbacks state to checkpoint and remove the checkpoint:</li>
49391 </ul>
49392
49393 <p><code>zpool import -- rewind-to-checkpoint <pool></code></p>
49394
49395 <ul>
49396 <li>Mount the pool read only - this does not rollback the data:</li>
49397 </ul>
49398
49399 <p><code>zpool import --read-only=on --rewind-to-checkpoint</code></p>
49400
49401 <ul>
49402 <li>Remove the checkpoint</li>
49403 </ul>
49404
49405 <p><code>zpool checkpoint --discard <pool> or zpool checkpoint -d <pool></code></p>
49406
49407 <ul>
49408 <li>With this powerful feature we need to remember some safety rules:</li>
49409 <li>Scrub will work only on data that isn’t in checkpool.</li>
49410 <li>You can’t remove vdev if you have a checkpoint.</li>
49411 <li>You can’t split mirror.</li>
49412 <li>Reguid will not work either.</li>
49413 <li>Create a checkpoint when one of the disks is removed…</li>
49414 </ul>
49415
49416 <blockquote>
49417 <p>For me, this feature is incredibly useful, especially when upgrading an operating system, or when I need to experiment with additional data sets. If you speak Polish, I have some additional information for you. During the first Polish BSD user group meeting, I had the opportunity to give a short talk about this feature. Here you find the video of that talk, and here is the slideshow.</p>
49418 </blockquote>
49419
49420 <blockquote>
49421 <p>I would like to offer my thanks to Serapheim Dimitropoulos for developing this feature, and for being so kind in sharing with me so many of its intricacies. If you are interested in knowing more about the technical details of this feature, you should check out Serapheim’s blog, and his video about checkpoints.</p>
49422 </blockquote>
49423
49424 <p><hr></p>
49425
49426 <p>###g2k18 Reports</p>
49427
49428 <ul>
49429 <li><a href="https://undeadly.org/cgi?action=article;sid=20180728110010">g2k18 hackathon report: Ingo Schwarze on sed(1) bugfixing with Martijn van Duren, and about other small userland stuff</a></li>
49430 <li><a href="https://undeadly.org/cgi?action=article;sid=20180726184322">g2k18 hackathon report: Kenneth Westerback on dhcpd(8) fixes, disklabel(8) refactoring and more</a></li>
49431 <li><a href="https://undeadly.org/cgi?action=article;sid=20180716193511">g2k18 Hackathon Report: Marc Espie on ports and packages progress</a></li>
49432 <li><a href="https://undeadly.org/cgi?action=article;sid=20180716202456">g2k18 hackathon report: Antoine Jacoutot on porting</a></li>
49433 <li><a href="https://undeadly.org/cgi?action=article;sid=20180717074543">g2k18 hackathon report: Matthieu Herrb on font caches and xenodm</a></li>
49434 <li><a href="https://undeadly.org/cgi?action=article;sid=20180718060313">g2k18 hackathon report: Florian Obser on rtadvd(8) -> rad(8) progress (actually, rewrite)</a></li>
49435 <li><a href="https://undeadly.org/cgi?action=article;sid=20180719100833">g2k18 Hackathon Report: Klemens Nanni on improvements to route(8), pfctl(8), and mount(2)</a></li>
49436 <li><a href="https://undeadly.org/cgi?action=article;sid=20180721053002">g2k18 hackathon report: Carlos Cardenas on vmm/vmd progress, LACP</a></li>
49437 <li><a href="https://undeadly.org/cgi?action=article;sid=20180721053011">g2k18 hackathon report: Claudio Jeker on OpenBGPD developments</a></li>
49438 <li><a href="https://i.imgur.com/3t3cJF6.jpg">Picture of the last day of the g2k18 hackathon in Ljubljana, Slovenia</a></li>
49439 </ul>
49440
49441 <p><hr></p>
49442
49443 <p>##Beastie Bits</p>
49444
49445 <ul>
49446 <li><a href="https://www.geeklan.co.uk/?p=2266">Something blogged (on pkgsrcCon 2018)</a></li>
49447 <li><a href="https://blog.netbsd.org/tnf/entry/gsoc_2018_reports_configuration_files">GSoC 2018 Reports: Configuration files versioning in pkgsrc, Part 1</a></li>
49448 <li><a href="https://bsd.network/@mulander/100390180499807877">There should be a global ‘awareness’ week for developers</a></li>
49449 <li><a href="https://bsd-pl.org/en">Polish BSD User Group – Upcoming Meeting: Aug 9th 2018</a></li>
49450 <li><a href="http://ukopenbsdusers.saneusergroup.org.uk/pipermail/uk-openbsd-users/2018-July/000430.html">London BSD User Group – Upcoming Meeting: Aug 14th 2018</a></li>
49451 <li><a href="http://whyzfsisbetter.com/">Phillip Smith’s collection of reasons why ZFS is better so that he does not have to repeat<br>
49452 himself all the time</a></li>
49453 <li><a href="https://2018.eurobsdcon.org/registration-is-open/">EuroBSDCon 2018: Sept 20-23rd in Romania – Register NOW!</a></li>
49454 <li><a href="https://www.meetbsd.com/call-for-papers/">MeetBSD 2018: Oct 19-20 in Santa Clara, California. Call for Papers closes on Aug 12</a></li>
49455 </ul>
49456
49457 <p><hr></p>
49458
49459 <p><strong>Tarsnap</strong></p>
49460
49461 <p>##Feedback/Questions</p>
49462
49463 <ul>
49464 <li>Dale - <a href="http://dpaste.com/1K452Y7#wrap">L2ARC recommendations & drive age question</a></li>
49465 <li>Todd - <a href="http://dpaste.com/0WWHZ3E#wrap">ZFS & S3</a></li>
49466 <li>efraim - <a href="http://dpaste.com/36YP39B#wrap">License Poem</a></li>
49467 <li>Henrick - <a href="http://dpaste.com/21D1KWA#wrap">Yet another ZFS question</a></li>
49468 </ul>
49469
49470 <p><hr></p>
49471
49472 <ul>
49473 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
49474 </ul>
49475
49476 <p><hr></p>]]>
49477 </itunes:summary>
49478 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+5IrHtRfA</fireside:playerURL>
49479 <fireside:playerEmbedCode>
49480 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+5IrHtRfA" width="740" height="200" frameborder="0" scrolling="no">]]>
49481 </fireside:playerEmbedCode>
49482 </item>
49483 <item>
49484 <title>Episode 256: Because Computers | BSD Now 2^8</title>
49485 <link>https://www.bsdnow.tv/256</link>
49486 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-2304</guid>
49487 <pubDate>Tue, 24 Jul 2018 22:00:00 -0700</pubDate>
49488 <author>Allan Jude</author>
49489 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/d5ca53c5-7144-4ce4-9189-591a8ac5767b.mp3" length="63008930" type="audio/mp3"/>
49490 <itunes:episodeType>full</itunes:episodeType>
49491 <itunes:author>Allan Jude</itunes:author>
49492 <itunes:subtitle>FreeBSD ULE vs. Linux CFS, OpenBSD on Tuxedo InfinityBook, how zfs diff reports filenames efficiently, why choose FreeBSD over Linux, PS4 double free exploit, OpenBSD’s wifi autojoin, and FreeBSD jails the hard way.</itunes:subtitle>
49493 <itunes:duration>1:44:42</itunes:duration>
49494 <itunes:explicit>no</itunes:explicit>
49495 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
49496 <description>FreeBSD ULE vs. Linux CFS, OpenBSD on Tuxedo InfinityBook, how zfs diff reports filenames efficiently, why choose FreeBSD over Linux, PS4 double free exploit, OpenBSD’s wifi autojoin, and FreeBSD jails the hard way.
49497 Win
49498 Celebrate our 256th episode with us. You can win a Mogics Power Bagel (not sponsored).
49499 To enter, go find the 4 episodes we did in December of 2017. In the opening, find the 4 letters in the bookshelf behind me. They spell different words in each of the 4 episodes. Send us these words in order to feedback@bsdnow.tv with the subject “bsdnow256” until August 8th, 2018 18:00 UTC and we’ll randomly draw the winner on the live show. We’ll then contact you to ship the item.
49500 Only one item to win. All decisions are final. Better luck next time.
49501 Headlines
49502 Battle of the Schedulers: FreeBSD ULE vs. Linux CFS
49503 Introduction
49504 This paper analyzes the impact on application performance of the design and implementation choices made in two widely used open-source schedulers: ULE, the default FreeBSD scheduler, and CFS, the default Linux scheduler. We compare ULE and CFS in otherwise identical circumstances. We have ported ULE to Linux, and use it to schedule all threads that are normally scheduled by CFS. We compare the performance of a large suite of applications on the modified kernel running ULE and on the standard Linux kernel running CFS. The observed performance differences are solely the result of scheduling decisions, and do not reflect differences in other subsystems between FreeBSD and Linux. There is no overall winner. On many workloads the two schedulers perform similarly, but for some workloads there are significant and even surprising differences. ULE may cause starvation, even when executing a single application with identical threads, but this starvation may actually lead to better application performance for some workloads. The more complex load balancing mechanism of CFS reacts more quickly to workload changes, but ULE achieves better load balance in the long run.
49505 Operating system kernel schedulers are responsible for maintaining high utilization of hardware resources (CPU cores, memory, I/O devices) while providing fast response time to latency-sensitive applications. They have to react to workload changes, and handle large numbers of cores and threads with minimal overhead [12]. This paper provides a comparison between the default schedulers of two of the most widely deployed open-source operating systems: the Completely Fair Scheduler (CFS) used in Linux, and the ULE scheduler used in FreeBSD. Our goal is not to declare an overall winner.
49506 In fact, we find that for some workloads ULE is better and for others CFS is better. Instead, our goal is to illustrate how differences in the design and the implementation of the two schedulers are reflected in application performance under different workloads. ULE and CFS are both designed to schedule large numbers of threads on large multicore machines. Scalability considerations have led both schedulers to adopt per-core run-queues. On a context switch, a core accesses only its local run-queue to find the next thread to run. Periodically and at select times, e.g., when a thread wakes up, both ULE and CFS perform load balancing, i.e., they try to balance the amount of work waiting in the run-queues of different cores.
49507 ULE and CFS, however, differ greatly in their design and implementation choices. FreeBSD ULE is a simple scheduler (2,950 lines of code in FreeBSD 11.1), while Linux CFS is much more complex (17,900 lines of code in the latest LTS Linux kernel, Linux 4.9). FreeBSD run-queues are FIFO. For load balancing, FreeBSD strives to even out the number of threads per core. In Linux, a core decides which thread to run next based on prior execution time, priority, and perceived cache behavior of the threads in its runqueue. Instead of evening out the number of threads between cores, Linux strives to even out the average amount of pending work.
49508 Performance analysis
49509 We now analyze the impact of the per-core scheduling on the performance of 37 applications. We define “performance” as follows: for database workloads and NAS applications, we compare the number of operations per second, and for the other applications we compare “execution time”. The higher the “performance”, the better a scheduler performs. Figure 5 presents the performance difference between CFS and ULE on a single core, with percentages above 0 meaning that the application executes faster with ULE than CFS.
49510 Overall, the scheduler has little influence on most workloads. Indeed, most applications use threads that all perform the same work, thus both CFS and ULE endup scheduling all of the threads in a round-robin fashion. The average performance difference is 1.5%, in favor of ULE. Still, scimark is 36% slower on ULE than CFS, and apache is 40% faster on ULE than CFS. Scimark is a single-threaded Java application. It launches one compute thread, and the Java runtime executes other Java system threads in the background (for the garbage collector, I/O, etc.).
49511 When the application is executed with ULE, the compute thread can be delayed, because Java system threads are considered interactive and get priority over the computation thread. The apache workload consists of two applications: the main server (httpd) running 100 threads, and ab, a single-threaded load injector.
49512 The performance difference between ULE and CFS is explained by different choices regarding thread preemption. In ULE, full preemption is disabled, while CFS preempts the running thread when the thread that has just been woken up has a vruntime that is much smaller than the vruntime of the currently executing thread (1ms difference in practice). In CFS, ab is preempted 2 million times during the benchmark, while it never preempted with ULE.
49513 This behavior is explained as follows: ab starts by sending 100 requests to the httpd server, and then waits for the server to answer. When ab is woken up, it checks which requests have been processed and sends new requests to the server. Since ab is single-threaded, all requests sent to the server are sent sequentially. In ULE, ab is able to send as many new requests as it has received responses. In CFS, every request sent by ab wakes up a httpd thread, which preempts ab.
49514 Conclusion
49515 Scheduling threads on a multicore machine is hard. In this paper, we perform a fair comparison of the design choices of two widely used schedulers: the ULE scheduler from FreeBSD and CFS from Linux. We show that they behave differently even on simple workloads, and that no scheduler performs better than the other on all workloads.
49516 OpenBSD 6.3 on Tuxedo InfinityBook
49517 Disclaimer:
49518 I came across the Tuxedo Computers InfinityBook last year at the Open! Conference where Tuxedo had a small booth. Previously they came to my attention since they’re a member of the OSB Alliance on whose board I’m a member. Furthermore Tuxedo Computers are a sponsor of the OSBAR which I’m part of the organizational team.
49519 OpenBSD on the Tuxedo InfinityBook
49520 I’ve asked the guys over at Tuxedo Computers whether they would be interested to have some tests with *BSD done and that I could test drive one of their machines and give feedback on what works and what does not - and possibly look into it.+
49521 Within a few weeks they shipped me a machine and last week the InfinityBook Pro 14” arrived. Awesome. Thanks already to the folks at Tuxedo Computers. The machine arrived accompanied by lot’s of swag :)
49522 The InfinityBook is a very nice machine and allows a wide range of configuration. The configuration that was shipped to me:
49523 Intel Core i7-8550U
49524 1x 16GB RAM 2400Mhz Crucial Ballistix Sport LT
49525 250 GB Samsung 860 EVO (M.2 SATAIII)
49526 I used a USB-stick to boot install63.fs and re-installed the machine with OpenBSD. Full dmesg.
49527 The installation went flawlessly, the needed intel firmware is being installed after installation automatically via fw_update(1).
49528 Out of the box the graphics works and once installed the machine presents the login.
49529 Video
49530 When X starts the display is turned off for some reason. You will need to hit fn+f12 (the key with the moon on it) then the display will go on. Aside from that little nit, X works just fine and presents one the expected resolution.
49531 External video is working just fine as well. Either via hdmi output or via the mini displayport connector.
49532 The buttons for adjusting brightness (fn+f8 and fn+f9) are not working. Instead one has to use wsconsctl(8) to adjust the brightness.
49533 Networking
49534 The infinityBook has built-in ethernet, driven by re(4) And for the wireless interface the iwm(4) driver is being used. Both work as expected.
49535 ACPI
49536 Neither suspend nor hibernate work. Reporting of battery status is bogus as well. Some of the keyboard function keys work:
49537 LCD on/off works (fn+f2)
49538 Keyboard backlight dimming works (fn+f4)
49539 Volume (fn+f5 / fn+f6) works
49540 Sound
49541 The azalia chipset is being used for audio processing. Works as expected, volume can be controlled via buttons (fn+f5, fn+f6) or via mixerctl.
49542 Touchpad
49543 Can be controlled via wsconsctl(8).
49544 So far I must say, that the InfinityBook makes a nice machine - and I’m enjoying working with it.
49545 iXsystems
49546 iXsystems - Its all NAS
49547 How ZFS makes things like ‘zfs diff’ report filenames efficiently
49548 As a copy on write (file)system, ZFS can use the transaction group (txg) numbers that are embedded in ZFS block pointers to efficiently find the differences between two txgs; this is used in, for example, ZFS bookmarks. However, as I noted at the end of my entry on block pointers, this doesn’t give us a filesystem level difference; instead, it essentially gives us a list of inodes (okay, dnodes) that changed.
49549 In theory, turning an inode or dnode number into the path to a file is an expensive operation; you basically have to search the entire filesystem until you find it. In practice, if you’ve ever run ‘zfs diff’, you’ve likely noticed that it runs pretty fast. Nor is this the only place that ZFS quickly turns dnode numbers into full paths, as it comes up in ‘zpool status’ reports about permanent errors. At one level, zfs diff and zpool status do this so rapidly because they ask the ZFS code in the kernel to do it for them. At another level, the question is how the kernel’s ZFS code can be so fast.
49550 The interesting and surprising answer is that ZFS cheats, in a way that makes things very fast when it works and almost always works in normal filesystems and with normal usage patterns. The cheat is that ZFS dnodes record their parent’s object number.
49551 If you’re familiar with the twists and turns of Unix filesystems, you’re now wondering how ZFS deals with hardlinks, which can cause a file to be in several directories at once and so have several parents (and then it can be removed from some of the directories). The answer is that ZFS doesn’t; a dnode only ever tracks a single parent, and ZFS accepts that this parent information can be inaccurate. I’ll quote the comment in zfsobjto_pobj:
49552 When a link is removed [the file’s] parent pointer is not changed and will be invalid. There are two cases where a link is removed but the file stays around, when it goes to the delete queue and when there are additional links.
49553 Before I get into the details, I want to say that I appreciate the brute force elegance of this cheat. The practical reality is that most Unix files today don’t have extra hardlinks, and when they do most hardlinks are done in ways that won’t break ZFS’s parent stuff. The result is that ZFS has picked an efficient implementation that works almost all of the time; in my opinion, the great benefit we get from having it around are more than worth the infrequent cases where it fails or malfunctions. Both zfs diff and having filenames show up in zpool status permanent error reports are very useful (and there may be other cases where this gets used).
49554 The current details are that any time you hardlink a file to somewhere or rename it, ZFS updates the file’s parent to point to the new directory. Often this will wind up with a correct parent even after all of the dust settles; for example, a common pattern is to write a file to an initial location, hardlink it to its final destination, and then remove the initial location version. In this case, the parent will be correct and you’ll get the right name.
49555 News Roundup
49556 What is FreeBSD? Why Should You Choose It Over Linux?
49557 Not too long ago I wondered if and in what situations FreeBSD could be faster than Linux and we received a good amount of informative feedback. So far, Linux rules the desktop space and FreeBSD rules the server space.
49558 In the meantime, though, what exactly is FreeBSD? And at what times should you choose it over a GNU/Linux installation? Let’s tackle these questions.
49559 FreeBSD is a free and open source derivative of BSD (Berkeley Software Distribution) with a focus on speed, stability, security, and consistency, among other features. It has been developed and maintained by a large community ever since its initial release many years ago on November 1, 1993.
49560 BSD is the version of UNIX® that was developed at the University of California in Berkeley. And being a free and open source version, “Free” being a prefix to BSD is a no-brainer.
49561 What’s FreeBSD Good For?
49562 FreeBSD offers a plethora of advanced features and even boasts some not available in some commercial Operating Systems. It makes an excellent Internet and Intranet server thanks to its robust network services that allow it to maximize memory and work with heavy loads to deliver and maintain good response times for thousands of simultaneous user processes.
49563 FreeBSD runs a huge number of applications with ease. At the moment, it has over 32,000 ported applications and libraries with support for desktop, server, and embedded environments. with that being said, let me also add that FreeBSD is excellent for working with advanced embedded platforms. Mail and web appliances, timer servers, routers, MIPS hardware platforms, etc. You name it!
49564 FreeBSD is available to install in several ways and there are directions to follow for any method you want to use; be it via CD-ROM, over a network using NFS or FTP, or DVD.
49565 FreeBSD is easy to contribute to and all you have to do is to locate the section of the FreeBSD code base to modify and carefully do a neat job. Potential contributors are also free to improve on its artwork and documentation, among other project aspects.
49566 FreeBSD is backed by the FreeBSD Foundation, a non-profit organization that you can contribute to financially and all direct contributions are tax deductible.
49567 FreeBSD’s license allows users to incorporate the use of proprietary software which is ideal for companies interested in generating revenues. Netflix, for example, could cite this as one of the reasons for using FreeBSD servers.
49568 Why Should You Choose It over Linux?
49569 From what I’ve gathered about both FreeBSD and Linux, FreeBSD has a better performance on servers than Linux does. Yes, its packaged applications are configured to offer better a performance than Linux and it is usually running fewer services by default, there really isn’t a way to certify which is faster because the answer is dependent on the running hardware and applications and how the system is tuned.
49570 FreeBSD is reportedly more secure than Linux because of the way the whole project is developed and maintained.
49571 Unlike with Linux, the FreeBSD project is controlled by a large community of developers around the world who fall into any of these categories; core team, contributors, and committers.
49572 FreeBSD is much easier to learn and use because there aren’t a thousand and one distros to choose from with different package managers, DEs, etc.
49573 FreeBSD is more convenient to contribute to because it is the entire OS that is preserved and not just the kernel and a repo as is the case with Linux. You can easily access all of its versions since they are sorted by release numbers.
49574 Apart from the many documentations and guides that you can find online, FreeBSD has a single official documentation wherein you can find the solution to virtually any issue you will come across. So, you’re sure to find it resourceful.
49575 FreeBSD has close to no software issues compared to Linux because it has Java, is capable of running Windows programs using Wine, and can run .NET programs using Mono.
49576 FreeBSD’s ports/packages system allows you to compile software with specific configurations, thereby avoiding conflicting dependency and version issues.
49577 Both the FreeBSD and GNU/Linux project are always receiving updates. The platform you decide to go with is largely dependent on what you want to use it for, your technical know-how, willingness to learn new stuff, and ultimately your preference.
49578 What is your take on the topic? For what reasons would you choose FreeBSD over Linux if you would? Let us know what you think about both platforms in the comments section below.
49579 PS4 5.05 BPF Double Free Kernel Exploit Writeup
49580 Introduction
49581 Welcome to the 5.0x kernel exploit write-up. A few months ago, a kernel vulnerability was discovered by qwertyoruiopz and an exploit was released for BPF which involved crafting an out-of-bounds (OOB) write via use-after-free (UAF) due to the lack of proper locking. It was a fun bug, and a very trivial exploit. Sony then removed the write functionality from BPF, so that exploit was patched. However, the core issue still remained (being the lack of locking). A very similar race condition still exists in BPF past 4.55, which we will go into detail below on. The full source of the exploit can be found here.
49582 This bug is no longer accessible however past 5.05 firmware, because the BPF driver has finally been blocked from unprivileged processes - WebKit can no longer open it. Sony also introduced a new security mitigation in 5.0x firmwares to prevent the stack pointer from pointing into user space, however we’ll go more in detail on this a bit further down.
49583 Assumptions
49584 Some assumptions are made of the reader’s knowledge for the writeup. The avid reader should have a basic understanding of how memory allocators work - more specifically, how malloc() and free() allocate and deallocate memory respectively. They should also be aware that devices can be issued commands concurrently, as in, one command could be received while another one is being processed via threading. An understanding of C, x86, and exploitation basics is also very helpful, though not necessarily required.
49585 Background
49586 This section contains some helpful information to those newer to exploitation, or are unfamiliar with device drivers, or various exploit techniques such as heap spraying and race conditions. Feel free to skip to the “A Tale of Two Free()'s” section if you’re already familiar with this material.
49587 What Are Drivers?
49588 There are a few ways that applications can directly communicate with the operating system. One of which is system calls, which there are over 600 of in the PS4 kernel, ~500 of which are FreeBSD - the rest are Sony-implemented. Another method is through something called “Device Drivers”. Drivers are typically used to bridge the gap between software and hardware devices (usb drives, keyboard/mouse, webcams, etc) - though they can also be used just for software purposes.
49589 There are a few operations that a userland application can perform on a driver (if it has sufficient permissions) to interface with it after opening it. In some instances, one can read from it, write to it, or in some cases, issue more complex commands to it via the ioctl() system call. The handlers for these commands are implemented in kernel space - this is important, because any bugs that could be exploited in an ioctl handler can be used as a privilege escalation straight to ring0 - typically the most privileged state.
49590 Drivers are often the more weaker points of an operating system for attackers, because sometimes these drivers are written by developers who don’t understand how the kernel works, or the drivers are older and thus not wise to newer attack methods.
49591 The BPF Device Driver
49592 If we take a look around inside of WebKit’s sandbox, we’ll find a /dev directory. While this may seem like the root device driver path, it’s a lie. Many of the drivers that the PS4 has are not exposed to this directory, but rather only ones that are needed for WebKit’s operation (for the most part). For some reason though, BPF (aka. the “Berkely Packet Filter”) device is not only exposed to WebKit’s sandbox - it also has the privileges to open the device as R/W. This is very odd, because on most systems this driver is root-only (and for good reason). If you want to read more into this, refer to my previous write-up with 4.55FW.
49593 What Are Packet Filters?
49594 Below is an excerpt from the 4.55 bpfwrite writeup.
49595 Since the bug is directly in the filter system, it is important to know the basics of what packet filters are. Filters are essentially sets of pseudo-instructions that are parsed by bpf_filter() (which are ran when packets are received). While the pseudo-instruction set is fairly minimal, it allows you to do things like perform basic arithmetic operations and copy values around inside it’s buffer. Breaking down the BPF VM in it’s entirety is far beyond the scope of this write-up, just know that the code produced by it is ran in kernel mode - this is why read/write access to /dev/bpf should be privileged.
49596 Race Conditions
49597 Race conditions occur when two processes/threads try to access a shared resource at the same time without mutual exclusion. The problem was ultimately solved by introducing concepts such as the “mutex” or “lock”. The idea is when one thread/process tries to access a resource, it will first acquire a lock, access it, then unlock it once it’s finished. If another thread/process tries to access it while the other has the lock, it will wait until the other thread is finished. This works fairly well - when it’s used properly.
49598 Locking is hard to get right, especially when you try to implement fine-grained locking for performance. One single instruction or line of code outside the locking window could introduce a race condition. Not all race conditions are exploitable, but some are (such as this one) - and they can give an attacker very powerful bugs to work with.
49599 Heap Spraying
49600 The process of heap spraying is fairly simple - allocate a bunch of memory and fill it with controlled data in a loop and pray your allocation doesn’t get stolen from underneath you. It’s a very useful technique when exploiting something such as a use-after-free(), as you can use it to get controlled data into your target object’s backing memory.
49601 By extension, it’s useful to do this for a double free() as well, because once we have a stale reference, we can use a heap spray to control the data. Since the object will be marked “free” - the allocator will eventually provide us with control over this memory, even though something else is still using it. That is, unless, something else has already stolen the pointer from you and corrupts it - then you’ll likely get a system crash, and that’s no fun. This is one factor that adds to the variance of exploits, and typically, the smaller the object, the more likely this is to happen.
49602 Follow the link to read more of the article
49603 DigitalOcean
49604 http://do.co/bsdnow
49605 OpenBSD gains Wi-Fi “auto-join”
49606 In a change which is bound to be welcomed widely, -current has gained “auto-join” for Wi-Fi networks. Peter Hessler (phessler@) has been working on this for quite some time and he wrote about it in his p2k18 hackathon report. He has committed the work from the g2k18 hackathon in Ljubljana:
49607 CVSROOT: /cvs
49608 Module name: src
49609 Changes by: phessler@cvs.openbsd.org 2018/07/11 14:18:09
49610 Modified files:
49611 sbin/ifconfig : ifconfig.8 ifconfig.c
49612 sys/net80211 : ieee80211ioctl.c ieee80211ioctl.h
49613 ieee80211node.c ieee80211node.h
49614 ieee80211_var.h
49615 Log message:
49616 Introduce 'auto-join' to the wifi 802.11 stack.
49617 This allows a system to remember which ESSIDs it wants to connect to, any
49618 relevant security configuration, and switch to it when the network we are
49619 currently connected to is no longer available.
49620 Works when connecting and switching between WPA2/WPA1/WEP/clear encryptions.
49621 example hostname.if:
49622 join home wpakey password
49623 join work wpakey mekmitasdigoat
49624 join open-lounge
49625 join cafe wpakey cafe2018
49626 join "wepnetwork" nwkey "12345"
49627 dhcp
49628 inet6 autoconf
49629 up
49630 OK stsp@ reyk@
49631 and enthusiasm from every hackroom I've been in for the last 3 years
49632 The usage should be clear from the commit message, but basically you ‘join’ all the networks you want to auto-join as you would previously use ‘nwid’ to connect to one specific network. Then the kernel will join the network that’s actually in range and do the rest automagically for you. When you move out of range of that network you lose connectivity until you come in range of the original (where things will continue to work as you’ve been used to) or one of the other networks (where you will associate and then get a new lease).
49633 Thanks to Peter for working on this feature - something many a Wi-Fi using OpenBSD user will be able to benefit from.
49634 FreeBSD Jails the hard way
49635 There are many great options for managing FreeBSD Jails. iocage, warden and ez-jail aim to streamline the process and make it quick an easy to get going. But sometimes the tools built right into the OS are overlooked.
49636 This post goes over what is involved in creating and managing jails using only the tools built into FreeBSD.
49637 For this guide, I’m going to be putting my jails in /usr/local/jails.
49638 I’ll start with a very simple, isolated jail. Then I’ll go over how to use ZFS snapshots, and lastly nullfs mounts to share the FreeBSD base files with multiple jails.
49639 I’ll also show some examples of how to use the templating power of jail.conf to apply similar settings to all your jails.
49640 Full Jail
49641 Make a directory for the jail, or a zfs dataset if you prefer.
49642 Download the FreeBSD base files, and any other parts of FreeBSD you want. In this example I’ll include the 32 bit libraries as well.
49643 Update your FreeBSD base install.
49644 Verify your download. We’re downloading these archives over FTP after all, we should confirm that this download is valid and not tampered with. The freebsd-update IDS command verifies the installation using a PGP key which is in your base system, which was presumably installed with an ISO that you verified using the FreeBSD signed checksums. Admittedly this step is a bit of paranoia, but I think it’s prudent.
49645 Make sure you jail has the right timezone and dns servers and a hostname in rc.conf.
49646 Edit jail.conf with the details about your jail.
49647 Start and login to your jail.
49648 11 commands and a config file, but this is the most tedious way to make a jail. With a little bit of templating it can be even easier. So I’ll start by making a template. Making a template is basically the same as steps 1, 2 and 3 above, but with a different destination folder, I’ll condense them here.
49649 Creating a template
49650 Create a template or a ZFS dataset. If you’d like to use the zfs clone method of deploying templates, you’ll need to create a zfs dataset instead of a folder.
49651 Update your template with freebsd-update.
49652 Verify your install
49653 And that’s it, now you have a fully up to date jail template. If you’ve made this template with zfs, you can easily deploy it using zfs snapshots.
49654 Deploying a template with ZFS snapshots
49655 Create a snapshot. My last freebsd-update to my template brought it to patch level 17, so I’ll call my snapshot p10.
49656 Clone the snapshot to a new jail.
49657 Configure the jail hostname.
49658 Add the jail definition to jail.conf, make sure you have the global jail settings from jail.conf listed in the fulljail example.
49659 Start the jail.
49660 The downside with the zfs approach is that each jail is now a fully independent, and if you need to update your jails, you have to update them all individually. By sharing a template using nullfs mounts you can have only one copy of the base system that only needs to be updated once.
49661 Follow the link to see the rest of the article about
49662 Thin jails using NullFS mounts
49663 Simplifying jail.conf
49664 Hopefully this has helped you understand the process of how to create and manage FreeBSD jails without tools that abstract away all the details. Those tools are often quite useful, but there is always benefit in learning to do things the hard way. And in this case, the hard way doesn’t seem to be that hard after all.
49665 Beastie Bits
49666 Meetup in Zurich #4, July edition (July 19) – Which you likely missed, but now you know to look for the August edition!
49667 The next two BSD-PL User group meetings in Warsaw have been scheduled for July 30th and Aug 9th @ 1830 CEST – Submit your topic proposals now
49668 Linux Geek Books - Humble Bundle
49669 Extend loader(8) geli support to all architectures and all disk-like devices
49670 Upgrading from a bootpool to a single encrypted pool – skip the gptzfsboot part, and manually update your EFI partition with loader.efi
49671 The pkgsrc 2018Q2 for Illumos is available with 18500+ binary packages
49672 NetBSD ARM64 Images Available with SMP for RPi3 / NanoPi / Pine64 Boards
49673 Recently released CDE 2.3.0 running on Tribblix (Illumos)
49674 An Interview With Tech & Science Fiction Author Michael W Lucas
49675 A reminder : MeetBSD CFP
49676 EuroBSDCon talk acceptances have gone out, and once the tutorials are confirmed, registration will open. That will likely have happened by time you see this episode, so go register! See you in Romania
49677 Tarsnap
49678 Feedback/Questions
49679 Wilyarti - Adblocked on FreeBSD Continued…
49680 Andrew - A Question and a Story
49681 Matthew - Thanks
49682 Brian - PCI-E Controller
49683 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
49684 </description>
49685 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, ule, cfs, tuxedo, infinitybook, ps4, jails</itunes:keywords>
49686 <content:encoded>
49687 <![CDATA[<p>FreeBSD ULE vs. Linux CFS, OpenBSD on Tuxedo InfinityBook, how zfs diff reports filenames efficiently, why choose FreeBSD over Linux, PS4 double free exploit, OpenBSD’s wifi autojoin, and FreeBSD jails the hard way.</p>
49688
49689 <h2>Win</h2>
49690
49691 <p>Celebrate our 256th episode with us. You can win a Mogics Power Bagel (not sponsored).</p>
49692
49693 <p>To enter, go find the 4 episodes we did in December of 2017. In the opening, find the 4 letters in the bookshelf behind me. They spell different words in each of the 4 episodes. Send us these words in order to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a> with the subject “bsdnow256” until August 8th, 2018 18:00 UTC and we’ll randomly draw the winner on the live show. We’ll then contact you to ship the item.<br>
49694 Only one item to win. All decisions are final. Better luck next time.</p>
49695
49696 <h2>Headlines</h2>
49697
49698 <h3>Battle of the Schedulers: FreeBSD ULE vs. Linux CFS</h3>
49699
49700 <p>Introduction<br>
49701 This paper analyzes the impact on application performance of the design and implementation choices made in two widely used open-source schedulers: ULE, the default FreeBSD scheduler, and CFS, the default Linux scheduler. We compare ULE and CFS in otherwise identical circumstances. We have ported ULE to Linux, and use it to schedule all threads that are normally scheduled by CFS. We compare the performance of a large suite of applications on the modified kernel running ULE and on the standard Linux kernel running CFS. The observed performance differences are solely the result of scheduling decisions, and do not reflect differences in other subsystems between FreeBSD and Linux. There is no overall winner. On many workloads the two schedulers perform similarly, but for some workloads there are significant and even surprising differences. ULE may cause starvation, even when executing a single application with identical threads, but this starvation may actually lead to better application performance for some workloads. The more complex load balancing mechanism of CFS reacts more quickly to workload changes, but ULE achieves better load balance in the long run.<br>
49702 Operating system kernel schedulers are responsible for maintaining high utilization of hardware resources (CPU cores, memory, I/O devices) while providing fast response time to latency-sensitive applications. They have to react to workload changes, and handle large numbers of cores and threads with minimal overhead [12]. This paper provides a comparison between the default schedulers of two of the most widely deployed open-source operating systems: the Completely Fair Scheduler (CFS) used in Linux, and the ULE scheduler used in FreeBSD. Our goal is not to declare an overall winner.<br>
49703 In fact, we find that for some workloads ULE is better and for others CFS is better. Instead, our goal is to illustrate how differences in the design and the implementation of the two schedulers are reflected in application performance under different workloads. ULE and CFS are both designed to schedule large numbers of threads on large multicore machines. Scalability considerations have led both schedulers to adopt per-core run-queues. On a context switch, a core accesses only its local run-queue to find the next thread to run. Periodically and at select times, e.g., when a thread wakes up, both ULE and CFS perform load balancing, i.e., they try to balance the amount of work waiting in the run-queues of different cores.<br>
49704 ULE and CFS, however, differ greatly in their design and implementation choices. FreeBSD ULE is a simple scheduler (2,950 lines of code in FreeBSD 11.1), while Linux CFS is much more complex (17,900 lines of code in the latest LTS Linux kernel, Linux 4.9). FreeBSD run-queues are FIFO. For load balancing, FreeBSD strives to even out the number of threads per core. In Linux, a core decides which thread to run next based on prior execution time, priority, and perceived cache behavior of the threads in its runqueue. Instead of evening out the number of threads between cores, Linux strives to even out the average amount of pending work.</p>
49705
49706 <p>Performance analysis<br>
49707 We now analyze the impact of the per-core scheduling on the performance of 37 applications. We define “performance” as follows: for database workloads and NAS applications, we compare the number of operations per second, and for the other applications we compare “execution time”. The higher the “performance”, the better a scheduler performs. Figure 5 presents the performance difference between CFS and ULE on a single core, with percentages above 0 meaning that the application executes faster with ULE than CFS.<br>
49708 Overall, the scheduler has little influence on most workloads. Indeed, most applications use threads that all perform the same work, thus both CFS and ULE endup scheduling all of the threads in a round-robin fashion. The average performance difference is 1.5%, in favor of ULE. Still, scimark is 36% slower on ULE than CFS, and apache is 40% faster on ULE than CFS. Scimark is a single-threaded Java application. It launches one compute thread, and the Java runtime executes other Java system threads in the background (for the garbage collector, I/O, etc.).<br>
49709 When the application is executed with ULE, the compute thread can be delayed, because Java system threads are considered interactive and get priority over the computation thread. The apache workload consists of two applications: the main server (httpd) running 100 threads, and ab, a single-threaded load injector.<br>
49710 The performance difference between ULE and CFS is explained by different choices regarding thread preemption. In ULE, full preemption is disabled, while CFS preempts the running thread when the thread that has just been woken up has a vruntime that is much smaller than the vruntime of the currently executing thread (1ms difference in practice). In CFS, ab is preempted 2 million times during the benchmark, while it never preempted with ULE.<br>
49711 This behavior is explained as follows: ab starts by sending 100 requests to the httpd server, and then waits for the server to answer. When ab is woken up, it checks which requests have been processed and sends new requests to the server. Since ab is single-threaded, all requests sent to the server are sent sequentially. In ULE, ab is able to send as many new requests as it has received responses. In CFS, every request sent by ab wakes up a httpd thread, which preempts ab.</p>
49712
49713 <p>Conclusion<br>
49714 Scheduling threads on a multicore machine is hard. In this paper, we perform a fair comparison of the design choices of two widely used schedulers: the ULE scheduler from FreeBSD and CFS from Linux. We show that they behave differently even on simple workloads, and that no scheduler performs better than the other on all workloads.</p>
49715
49716 <h3>OpenBSD 6.3 on Tuxedo InfinityBook</h3>
49717
49718 <p>Disclaimer:<br>
49719 I came across the Tuxedo Computers InfinityBook last year at the Open! Conference where Tuxedo had a small booth. Previously they came to my attention since they’re a member of the OSB Alliance on whose board I’m a member. Furthermore Tuxedo Computers are a sponsor of the OSBAR which I’m part of the organizational team.</p>
49720
49721 <p>OpenBSD on the Tuxedo InfinityBook<br>
49722 I’ve asked the guys over at Tuxedo Computers whether they would be interested to have some tests with *BSD done and that I could test drive one of their machines and give feedback on what works and what does not - and possibly look into it.+</p>
49723
49724 <p>Within a few weeks they shipped me a machine and last week the InfinityBook Pro 14” arrived. Awesome. Thanks already to the folks at Tuxedo Computers. The machine arrived accompanied by lot’s of swag :)</p>
49725
49726 <p>The InfinityBook is a very nice machine and allows a wide range of configuration. The configuration that was shipped to me:</p>
49727
49728 <p>Intel Core i7-8550U<br>
49729 1x 16GB RAM 2400Mhz Crucial Ballistix Sport LT<br>
49730 250 GB Samsung 860 EVO (M.2 SATAIII)</p>
49731
49732 <p>I used a USB-stick to boot install63.fs and re-installed the machine with OpenBSD. Full dmesg.</p>
49733
49734 <p>The installation went flawlessly, the needed intel firmware is being installed after installation automatically via fw_update(1).</p>
49735
49736 <p>Out of the box the graphics works and once installed the machine presents the login.</p>
49737
49738 <p>Video<br>
49739 When X starts the display is turned off for some reason. You will need to hit fn+f12 (the key with the moon on it) then the display will go on. Aside from that little nit, X works just fine and presents one the expected resolution.</p>
49740
49741 <p>External video is working just fine as well. Either via hdmi output or via the mini displayport connector.</p>
49742
49743 <p>The buttons for adjusting brightness (fn+f8 and fn+f9) are not working. Instead one has to use wsconsctl(8) to adjust the brightness.</p>
49744
49745 <p>Networking<br>
49746 The infinityBook has built-in ethernet, driven by re(4) And for the wireless interface the iwm(4) driver is being used. Both work as expected.</p>
49747
49748 <p>ACPI<br>
49749 Neither suspend nor hibernate work. Reporting of battery status is bogus as well. Some of the keyboard function keys work:</p>
49750
49751 <p>LCD on/off works (fn+f2)<br>
49752 Keyboard backlight dimming works (fn+f4)<br>
49753 Volume (fn+f5 / fn+f6) works</p>
49754
49755 <p>Sound<br>
49756 The azalia chipset is being used for audio processing. Works as expected, volume can be controlled via buttons (fn+f5, fn+f6) or via mixerctl.</p>
49757
49758 <p>Touchpad<br>
49759 Can be controlled via wsconsctl(8).<br>
49760 So far I must say, that the InfinityBook makes a nice machine - and I’m enjoying working with it.</p>
49761
49762 <p>iXsystems<br>
49763 iXsystems - Its all NAS</p>
49764
49765 <h3>How ZFS makes things like ‘zfs diff’ report filenames efficiently</h3>
49766
49767 <p>As a copy on write (file)system, ZFS can use the transaction group (txg) numbers that are embedded in ZFS block pointers to efficiently find the differences between two txgs; this is used in, for example, ZFS bookmarks. However, as I noted at the end of my entry on block pointers, this doesn’t give us a filesystem level difference; instead, it essentially gives us a list of inodes (okay, dnodes) that changed.<br>
49768 In theory, turning an inode or dnode number into the path to a file is an expensive operation; you basically have to search the entire filesystem until you find it. In practice, if you’ve ever run ‘zfs diff’, you’ve likely noticed that it runs pretty fast. Nor is this the only place that ZFS quickly turns dnode numbers into full paths, as it comes up in ‘zpool status’ reports about permanent errors. At one level, zfs diff and zpool status do this so rapidly because they ask the ZFS code in the kernel to do it for them. At another level, the question is how the kernel’s ZFS code can be so fast.<br>
49769 The interesting and surprising answer is that ZFS cheats, in a way that makes things very fast when it works and almost always works in normal filesystems and with normal usage patterns. The cheat is that ZFS dnodes record their parent’s object number.<br>
49770 If you’re familiar with the twists and turns of Unix filesystems, you’re now wondering how ZFS deals with hardlinks, which can cause a file to be in several directories at once and so have several parents (and then it can be removed from some of the directories). The answer is that ZFS doesn’t; a dnode only ever tracks a single parent, and ZFS accepts that this parent information can be inaccurate. I’ll quote the comment in zfs_obj_to_pobj:<br>
49771 When a link is removed [the file’s] parent pointer is not changed and will be invalid. There are two cases where a link is removed but the file stays around, when it goes to the delete queue and when there are additional links.<br>
49772 Before I get into the details, I want to say that I appreciate the brute force elegance of this cheat. The practical reality is that most Unix files today don’t have extra hardlinks, and when they do most hardlinks are done in ways that won’t break ZFS’s parent stuff. The result is that ZFS has picked an efficient implementation that works almost all of the time; in my opinion, the great benefit we get from having it around are more than worth the infrequent cases where it fails or malfunctions. Both zfs diff and having filenames show up in zpool status permanent error reports are very useful (and there may be other cases where this gets used).<br>
49773 The current details are that any time you hardlink a file to somewhere or rename it, ZFS updates the file’s parent to point to the new directory. Often this will wind up with a correct parent even after all of the dust settles; for example, a common pattern is to write a file to an initial location, hardlink it to its final destination, and then remove the initial location version. In this case, the parent will be correct and you’ll get the right name.</p>
49774
49775 <h2>News Roundup</h2>
49776
49777 <h3>What is FreeBSD? Why Should You Choose It Over Linux?</h3>
49778
49779 <p>Not too long ago I wondered if and in what situations FreeBSD could be faster than Linux and we received a good amount of informative feedback. So far, Linux rules the desktop space and FreeBSD rules the server space.</p>
49780
49781 <p>In the meantime, though, what exactly is FreeBSD? And at what times should you choose it over a GNU/Linux installation? Let’s tackle these questions.</p>
49782
49783 <p>FreeBSD is a free and open source derivative of BSD (Berkeley Software Distribution) with a focus on speed, stability, security, and consistency, among other features. It has been developed and maintained by a large community ever since its initial release many years ago on November 1, 1993.</p>
49784
49785 <p>BSD is the version of UNIX® that was developed at the University of California in Berkeley. And being a free and open source version, “Free” being a prefix to BSD is a no-brainer.</p>
49786
49787 <p>What’s FreeBSD Good For?</p>
49788
49789 <p>FreeBSD offers a plethora of advanced features and even boasts some not available in some commercial Operating Systems. It makes an excellent Internet and Intranet server thanks to its robust network services that allow it to maximize memory and work with heavy loads to deliver and maintain good response times for thousands of simultaneous user processes.</p>
49790
49791 <p>FreeBSD runs a huge number of applications with ease. At the moment, it has over 32,000 ported applications and libraries with support for desktop, server, and embedded environments. with that being said, let me also add that FreeBSD is excellent for working with advanced embedded platforms. Mail and web appliances, timer servers, routers, MIPS hardware platforms, etc. You name it!</p>
49792
49793 <p>FreeBSD is available to install in several ways and there are directions to follow for any method you want to use; be it via CD-ROM, over a network using NFS or FTP, or DVD.</p>
49794
49795 <p>FreeBSD is easy to contribute to and all you have to do is to locate the section of the FreeBSD code base to modify and carefully do a neat job. Potential contributors are also free to improve on its artwork and documentation, among other project aspects.</p>
49796
49797 <p>FreeBSD is backed by the FreeBSD Foundation, a non-profit organization that you can contribute to financially and all direct contributions are tax deductible.</p>
49798
49799 <p>FreeBSD’s license allows users to incorporate the use of proprietary software which is ideal for companies interested in generating revenues. Netflix, for example, could cite this as one of the reasons for using FreeBSD servers.</p>
49800
49801 <p>Why Should You Choose It over Linux?</p>
49802
49803 <p>From what I’ve gathered about both FreeBSD and Linux, FreeBSD has a better performance on servers than Linux does. Yes, its packaged applications are configured to offer better a performance than Linux and it is usually running fewer services by default, there really isn’t a way to certify which is faster because the answer is dependent on the running hardware and applications and how the system is tuned.</p>
49804
49805 <p>FreeBSD is reportedly more secure than Linux because of the way the whole project is developed and maintained.</p>
49806
49807 <p>Unlike with Linux, the FreeBSD project is controlled by a large community of developers around the world who fall into any of these categories; core team, contributors, and committers.</p>
49808
49809 <p>FreeBSD is much easier to learn and use because there aren’t a thousand and one distros to choose from with different package managers, DEs, etc.</p>
49810
49811 <p>FreeBSD is more convenient to contribute to because it is the entire OS that is preserved and not just the kernel and a repo as is the case with Linux. You can easily access all of its versions since they are sorted by release numbers.</p>
49812
49813 <p>Apart from the many documentations and guides that you can find online, FreeBSD has a single official documentation wherein you can find the solution to virtually any issue you will come across. So, you’re sure to find it resourceful.</p>
49814
49815 <p>FreeBSD has close to no software issues compared to Linux because it has Java, is capable of running Windows programs using Wine, and can run .NET programs using Mono.</p>
49816
49817 <p>FreeBSD’s ports/packages system allows you to compile software with specific configurations, thereby avoiding conflicting dependency and version issues.</p>
49818
49819 <p>Both the FreeBSD and GNU/Linux project are always receiving updates. The platform you decide to go with is largely dependent on what you want to use it for, your technical know-how, willingness to learn new stuff, and ultimately your preference.<br>
49820 What is your take on the topic? For what reasons would you choose FreeBSD over Linux if you would? Let us know what you think about both platforms in the comments section below.</p>
49821
49822 <h3>PS4 5.05 BPF Double Free Kernel Exploit Writeup</h3>
49823
49824 <p>Introduction<br>
49825 Welcome to the 5.0x kernel exploit write-up. A few months ago, a kernel vulnerability was discovered by qwertyoruiopz and an exploit was released for BPF which involved crafting an out-of-bounds (OOB) write via use-after-free (UAF) due to the lack of proper locking. It was a fun bug, and a very trivial exploit. Sony then removed the write functionality from BPF, so that exploit was patched. However, the core issue still remained (being the lack of locking). A very similar race condition still exists in BPF past 4.55, which we will go into detail below on. The full source of the exploit can be found here.<br>
49826 This bug is no longer accessible however past 5.05 firmware, because the BPF driver has finally been blocked from unprivileged processes - WebKit can no longer open it. Sony also introduced a new security mitigation in 5.0x firmwares to prevent the stack pointer from pointing into user space, however we’ll go more in detail on this a bit further down.</p>
49827
49828 <p>Assumptions<br>
49829 Some assumptions are made of the reader’s knowledge for the writeup. The avid reader should have a basic understanding of how memory allocators work - more specifically, how malloc() and free() allocate and deallocate memory respectively. They should also be aware that devices can be issued commands concurrently, as in, one command could be received while another one is being processed via threading. An understanding of C, x86, and exploitation basics is also very helpful, though not necessarily required.</p>
49830
49831 <p>Background<br>
49832 This section contains some helpful information to those newer to exploitation, or are unfamiliar with device drivers, or various exploit techniques such as heap spraying and race conditions. Feel free to skip to the “A Tale of Two Free()'s” section if you’re already familiar with this material.</p>
49833
49834 <p>What Are Drivers?<br>
49835 There are a few ways that applications can directly communicate with the operating system. One of which is system calls, which there are over 600 of in the PS4 kernel, ~500 of which are FreeBSD - the rest are Sony-implemented. Another method is through something called “Device Drivers”. Drivers are typically used to bridge the gap between software and hardware devices (usb drives, keyboard/mouse, webcams, etc) - though they can also be used just for software purposes.<br>
49836 There are a few operations that a userland application can perform on a driver (if it has sufficient permissions) to interface with it after opening it. In some instances, one can read from it, write to it, or in some cases, issue more complex commands to it via the ioctl() system call. The handlers for these commands are implemented in kernel space - this is important, because any bugs that could be exploited in an ioctl handler can be used as a privilege escalation straight to ring0 - typically the most privileged state.<br>
49837 Drivers are often the more weaker points of an operating system for attackers, because sometimes these drivers are written by developers who don’t understand how the kernel works, or the drivers are older and thus not wise to newer attack methods.</p>
49838
49839 <p>The BPF Device Driver<br>
49840 If we take a look around inside of WebKit’s sandbox, we’ll find a /dev directory. While this may seem like the root device driver path, it’s a lie. Many of the drivers that the PS4 has are not exposed to this directory, but rather only ones that are needed for WebKit’s operation (for the most part). For some reason though, BPF (aka. the “Berkely Packet Filter”) device is not only exposed to WebKit’s sandbox - it also has the privileges to open the device as R/W. This is very odd, because on most systems this driver is root-only (and for good reason). If you want to read more into this, refer to my previous write-up with 4.55FW.</p>
49841
49842 <p>What Are Packet Filters?<br>
49843 Below is an excerpt from the 4.55 bpfwrite writeup.<br>
49844 Since the bug is directly in the filter system, it is important to know the basics of what packet filters are. Filters are essentially sets of pseudo-instructions that are parsed by bpf_filter() (which are ran when packets are received). While the pseudo-instruction set is fairly minimal, it allows you to do things like perform basic arithmetic operations and copy values around inside it’s buffer. Breaking down the BPF VM in it’s entirety is far beyond the scope of this write-up, just know that the code produced by it is ran in kernel mode - this is why read/write access to /dev/bpf should be privileged.</p>
49845
49846 <p>Race Conditions<br>
49847 Race conditions occur when two processes/threads try to access a shared resource at the same time without mutual exclusion. The problem was ultimately solved by introducing concepts such as the “mutex” or “lock”. The idea is when one thread/process tries to access a resource, it will first acquire a lock, access it, then unlock it once it’s finished. If another thread/process tries to access it while the other has the lock, it will wait until the other thread is finished. This works fairly well - when it’s used properly.<br>
49848 Locking is hard to get right, especially when you try to implement fine-grained locking for performance. One single instruction or line of code outside the locking window could introduce a race condition. Not all race conditions are exploitable, but some are (such as this one) - and they can give an attacker very powerful bugs to work with.</p>
49849
49850 <p>Heap Spraying<br>
49851 The process of heap spraying is fairly simple - allocate a bunch of memory and fill it with controlled data in a loop and pray your allocation doesn’t get stolen from underneath you. It’s a very useful technique when exploiting something such as a use-after-free(), as you can use it to get controlled data into your target object’s backing memory.<br>
49852 By extension, it’s useful to do this for a double free() as well, because once we have a stale reference, we can use a heap spray to control the data. Since the object will be marked “free” - the allocator will eventually provide us with control over this memory, even though something else is still using it. That is, unless, something else has already stolen the pointer from you and corrupts it - then you’ll likely get a system crash, and that’s no fun. This is one factor that adds to the variance of exploits, and typically, the smaller the object, the more likely this is to happen.</p>
49853
49854 <p>Follow the link to read more of the article<br>
49855 DigitalOcean<br>
49856 <a href="http://do.co/bsdnow" rel="nofollow">http://do.co/bsdnow</a></p>
49857
49858 <h3>OpenBSD gains Wi-Fi “auto-join”</h3>
49859
49860 <p>In a change which is bound to be welcomed widely, -current has gained “auto-join” for Wi-Fi networks. Peter Hessler (phessler@) has been working on this for quite some time and he wrote about it in his p2k18 hackathon report. He has committed the work from the g2k18 hackathon in Ljubljana:</p>
49861
49862 <p>CVSROOT: /cvs<br>
49863 Module name: src<br>
49864 Changes by: <a href="mailto:phessler@cvs.openbsd.org" rel="nofollow">phessler@cvs.openbsd.org</a> 2018/07/11 14:18:09</p>
49865
49866 <p>Modified files:<br>
49867 sbin/ifconfig : ifconfig.8 ifconfig.c <br>
49868 sys/net80211 : ieee80211_ioctl.c ieee80211_ioctl.h <br>
49869 ieee80211_node.c ieee80211_node.h <br>
49870 ieee80211_var.h </p>
49871
49872 <p>Log message:<br>
49873 Introduce 'auto-join' to the wifi 802.11 stack.</p>
49874
49875 <p>This allows a system to remember which ESSIDs it wants to connect to, any<br>
49876 relevant security configuration, and switch to it when the network we are<br>
49877 currently connected to is no longer available.<br>
49878 Works when connecting and switching between WPA2/WPA1/WEP/clear encryptions.</p>
49879
49880 <p>example hostname.if:<br>
49881 join home wpakey password<br>
49882 join work wpakey mekmitasdigoat<br>
49883 join open-lounge<br>
49884 join cafe wpakey cafe2018<br>
49885 join "wepnetwork" nwkey "12345"<br>
49886 dhcp<br>
49887 inet6 autoconf<br>
49888 up</p>
49889
49890 <p>OK stsp@ reyk@<br>
49891 and enthusiasm from every hackroom I've been in for the last 3 years<br>
49892 The usage should be clear from the commit message, but basically you ‘join’ all the networks you want to auto-join as you would previously use ‘nwid’ to connect to one specific network. Then the kernel will join the network that’s actually in range and do the rest automagically for you. When you move out of range of that network you lose connectivity until you come in range of the original (where things will continue to work as you’ve been used to) or one of the other networks (where you will associate and then get a new lease).</p>
49893
49894 <p>Thanks to Peter for working on this feature - something many a Wi-Fi using OpenBSD user will be able to benefit from.</p>
49895
49896 <h3>FreeBSD Jails the hard way</h3>
49897
49898 <p>There are many great options for managing FreeBSD Jails. iocage, warden and ez-jail aim to streamline the process and make it quick an easy to get going. But sometimes the tools built right into the OS are overlooked.</p>
49899
49900 <p>This post goes over what is involved in creating and managing jails using only the tools built into FreeBSD.</p>
49901
49902 <p>For this guide, I’m going to be putting my jails in /usr/local/jails.</p>
49903
49904 <p>I’ll start with a very simple, isolated jail. Then I’ll go over how to use ZFS snapshots, and lastly nullfs mounts to share the FreeBSD base files with multiple jails.</p>
49905
49906 <p>I’ll also show some examples of how to use the templating power of jail.conf to apply similar settings to all your jails.</p>
49907
49908 <p>Full Jail<br>
49909 Make a directory for the jail, or a zfs dataset if you prefer.<br>
49910 Download the FreeBSD base files, and any other parts of FreeBSD you want. In this example I’ll include the 32 bit libraries as well.<br>
49911 Update your FreeBSD base install.<br>
49912 Verify your download. We’re downloading these archives over FTP after all, we should confirm that this download is valid and not tampered with. The freebsd-update IDS command verifies the installation using a PGP key which is in your base system, which was presumably installed with an ISO that you verified using the FreeBSD signed checksums. Admittedly this step is a bit of paranoia, but I think it’s prudent.<br>
49913 Make sure you jail has the right timezone and dns servers and a hostname in rc.conf.<br>
49914 Edit jail.conf with the details about your jail.<br>
49915 Start and login to your jail.<br>
49916 11 commands and a config file, but this is the most tedious way to make a jail. With a little bit of templating it can be even easier. So I’ll start by making a template. Making a template is basically the same as steps 1, 2 and 3 above, but with a different destination folder, I’ll condense them here.</p>
49917
49918 <p>Creating a template<br>
49919 Create a template or a ZFS dataset. If you’d like to use the zfs clone method of deploying templates, you’ll need to create a zfs dataset instead of a folder.<br>
49920 Update your template with freebsd-update.<br>
49921 Verify your install<br>
49922 And that’s it, now you have a fully up to date jail template. If you’ve made this template with zfs, you can easily deploy it using zfs snapshots.</p>
49923
49924 <p>Deploying a template with ZFS snapshots<br>
49925 Create a snapshot. My last freebsd-update to my template brought it to patch level 17, so I’ll call my snapshot p10.<br>
49926 Clone the snapshot to a new jail.<br>
49927 Configure the jail hostname.<br>
49928 Add the jail definition to jail.conf, make sure you have the global jail settings from jail.conf listed in the fulljail example.<br>
49929 Start the jail.<br>
49930 The downside with the zfs approach is that each jail is now a fully independent, and if you need to update your jails, you have to update them all individually. By sharing a template using nullfs mounts you can have only one copy of the base system that only needs to be updated once.</p>
49931
49932 <p>Follow the link to see the rest of the article about<br>
49933 Thin jails using NullFS mounts<br>
49934 Simplifying jail.conf<br>
49935 Hopefully this has helped you understand the process of how to create and manage FreeBSD jails without tools that abstract away all the details. Those tools are often quite useful, but there is always benefit in learning to do things the hard way. And in this case, the hard way doesn’t seem to be that hard after all.</p>
49936
49937 <h2>Beastie Bits</h2>
49938
49939 <p>Meetup in Zurich #4, July edition (July 19) – Which you likely missed, but now you know to look for the August edition!<br>
49940 The next two BSD-PL User group meetings in Warsaw have been scheduled for July 30th and Aug 9th @ 1830 CEST – Submit your topic proposals now<br>
49941 Linux Geek Books - Humble Bundle<br>
49942 Extend loader(8) geli support to all architectures and all disk-like devices<br>
49943 Upgrading from a bootpool to a single encrypted pool – skip the gptzfsboot part, and manually update your EFI partition with loader.efi<br>
49944 The pkgsrc 2018Q2 for Illumos is available with 18500+ binary packages<br>
49945 NetBSD ARM64 Images Available with SMP for RPi3 / NanoPi / Pine64 Boards<br>
49946 Recently released CDE 2.3.0 running on Tribblix (Illumos)<br>
49947 An Interview With Tech & Science Fiction Author Michael W Lucas<br>
49948 A reminder : MeetBSD CFP<br>
49949 EuroBSDCon talk acceptances have gone out, and once the tutorials are confirmed, registration will open. That will likely have happened by time you see this episode, so go register! See you in Romania<br>
49950 Tarsnap</p>
49951
49952 <h2>Feedback/Questions</h2>
49953
49954 <p>Wilyarti - Adblocked on FreeBSD Continued…<br>
49955 Andrew - A Question and a Story<br>
49956 Matthew - Thanks<br>
49957 Brian - PCI-E Controller<br>
49958 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></p>]]>
49959 </content:encoded>
49960 <itunes:summary>
49961 <![CDATA[<p>FreeBSD ULE vs. Linux CFS, OpenBSD on Tuxedo InfinityBook, how zfs diff reports filenames efficiently, why choose FreeBSD over Linux, PS4 double free exploit, OpenBSD’s wifi autojoin, and FreeBSD jails the hard way.</p>
49962
49963 <h2>Win</h2>
49964
49965 <p>Celebrate our 256th episode with us. You can win a Mogics Power Bagel (not sponsored).</p>
49966
49967 <p>To enter, go find the 4 episodes we did in December of 2017. In the opening, find the 4 letters in the bookshelf behind me. They spell different words in each of the 4 episodes. Send us these words in order to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a> with the subject “bsdnow256” until August 8th, 2018 18:00 UTC and we’ll randomly draw the winner on the live show. We’ll then contact you to ship the item.<br>
49968 Only one item to win. All decisions are final. Better luck next time.</p>
49969
49970 <h2>Headlines</h2>
49971
49972 <h3>Battle of the Schedulers: FreeBSD ULE vs. Linux CFS</h3>
49973
49974 <p>Introduction<br>
49975 This paper analyzes the impact on application performance of the design and implementation choices made in two widely used open-source schedulers: ULE, the default FreeBSD scheduler, and CFS, the default Linux scheduler. We compare ULE and CFS in otherwise identical circumstances. We have ported ULE to Linux, and use it to schedule all threads that are normally scheduled by CFS. We compare the performance of a large suite of applications on the modified kernel running ULE and on the standard Linux kernel running CFS. The observed performance differences are solely the result of scheduling decisions, and do not reflect differences in other subsystems between FreeBSD and Linux. There is no overall winner. On many workloads the two schedulers perform similarly, but for some workloads there are significant and even surprising differences. ULE may cause starvation, even when executing a single application with identical threads, but this starvation may actually lead to better application performance for some workloads. The more complex load balancing mechanism of CFS reacts more quickly to workload changes, but ULE achieves better load balance in the long run.<br>
49976 Operating system kernel schedulers are responsible for maintaining high utilization of hardware resources (CPU cores, memory, I/O devices) while providing fast response time to latency-sensitive applications. They have to react to workload changes, and handle large numbers of cores and threads with minimal overhead [12]. This paper provides a comparison between the default schedulers of two of the most widely deployed open-source operating systems: the Completely Fair Scheduler (CFS) used in Linux, and the ULE scheduler used in FreeBSD. Our goal is not to declare an overall winner.<br>
49977 In fact, we find that for some workloads ULE is better and for others CFS is better. Instead, our goal is to illustrate how differences in the design and the implementation of the two schedulers are reflected in application performance under different workloads. ULE and CFS are both designed to schedule large numbers of threads on large multicore machines. Scalability considerations have led both schedulers to adopt per-core run-queues. On a context switch, a core accesses only its local run-queue to find the next thread to run. Periodically and at select times, e.g., when a thread wakes up, both ULE and CFS perform load balancing, i.e., they try to balance the amount of work waiting in the run-queues of different cores.<br>
49978 ULE and CFS, however, differ greatly in their design and implementation choices. FreeBSD ULE is a simple scheduler (2,950 lines of code in FreeBSD 11.1), while Linux CFS is much more complex (17,900 lines of code in the latest LTS Linux kernel, Linux 4.9). FreeBSD run-queues are FIFO. For load balancing, FreeBSD strives to even out the number of threads per core. In Linux, a core decides which thread to run next based on prior execution time, priority, and perceived cache behavior of the threads in its runqueue. Instead of evening out the number of threads between cores, Linux strives to even out the average amount of pending work.</p>
49979
49980 <p>Performance analysis<br>
49981 We now analyze the impact of the per-core scheduling on the performance of 37 applications. We define “performance” as follows: for database workloads and NAS applications, we compare the number of operations per second, and for the other applications we compare “execution time”. The higher the “performance”, the better a scheduler performs. Figure 5 presents the performance difference between CFS and ULE on a single core, with percentages above 0 meaning that the application executes faster with ULE than CFS.<br>
49982 Overall, the scheduler has little influence on most workloads. Indeed, most applications use threads that all perform the same work, thus both CFS and ULE endup scheduling all of the threads in a round-robin fashion. The average performance difference is 1.5%, in favor of ULE. Still, scimark is 36% slower on ULE than CFS, and apache is 40% faster on ULE than CFS. Scimark is a single-threaded Java application. It launches one compute thread, and the Java runtime executes other Java system threads in the background (for the garbage collector, I/O, etc.).<br>
49983 When the application is executed with ULE, the compute thread can be delayed, because Java system threads are considered interactive and get priority over the computation thread. The apache workload consists of two applications: the main server (httpd) running 100 threads, and ab, a single-threaded load injector.<br>
49984 The performance difference between ULE and CFS is explained by different choices regarding thread preemption. In ULE, full preemption is disabled, while CFS preempts the running thread when the thread that has just been woken up has a vruntime that is much smaller than the vruntime of the currently executing thread (1ms difference in practice). In CFS, ab is preempted 2 million times during the benchmark, while it never preempted with ULE.<br>
49985 This behavior is explained as follows: ab starts by sending 100 requests to the httpd server, and then waits for the server to answer. When ab is woken up, it checks which requests have been processed and sends new requests to the server. Since ab is single-threaded, all requests sent to the server are sent sequentially. In ULE, ab is able to send as many new requests as it has received responses. In CFS, every request sent by ab wakes up a httpd thread, which preempts ab.</p>
49986
49987 <p>Conclusion<br>
49988 Scheduling threads on a multicore machine is hard. In this paper, we perform a fair comparison of the design choices of two widely used schedulers: the ULE scheduler from FreeBSD and CFS from Linux. We show that they behave differently even on simple workloads, and that no scheduler performs better than the other on all workloads.</p>
49989
49990 <h3>OpenBSD 6.3 on Tuxedo InfinityBook</h3>
49991
49992 <p>Disclaimer:<br>
49993 I came across the Tuxedo Computers InfinityBook last year at the Open! Conference where Tuxedo had a small booth. Previously they came to my attention since they’re a member of the OSB Alliance on whose board I’m a member. Furthermore Tuxedo Computers are a sponsor of the OSBAR which I’m part of the organizational team.</p>
49994
49995 <p>OpenBSD on the Tuxedo InfinityBook<br>
49996 I’ve asked the guys over at Tuxedo Computers whether they would be interested to have some tests with *BSD done and that I could test drive one of their machines and give feedback on what works and what does not - and possibly look into it.+</p>
49997
49998 <p>Within a few weeks they shipped me a machine and last week the InfinityBook Pro 14” arrived. Awesome. Thanks already to the folks at Tuxedo Computers. The machine arrived accompanied by lot’s of swag :)</p>
49999
50000 <p>The InfinityBook is a very nice machine and allows a wide range of configuration. The configuration that was shipped to me:</p>
50001
50002 <p>Intel Core i7-8550U<br>
50003 1x 16GB RAM 2400Mhz Crucial Ballistix Sport LT<br>
50004 250 GB Samsung 860 EVO (M.2 SATAIII)</p>
50005
50006 <p>I used a USB-stick to boot install63.fs and re-installed the machine with OpenBSD. Full dmesg.</p>
50007
50008 <p>The installation went flawlessly, the needed intel firmware is being installed after installation automatically via fw_update(1).</p>
50009
50010 <p>Out of the box the graphics works and once installed the machine presents the login.</p>
50011
50012 <p>Video<br>
50013 When X starts the display is turned off for some reason. You will need to hit fn+f12 (the key with the moon on it) then the display will go on. Aside from that little nit, X works just fine and presents one the expected resolution.</p>
50014
50015 <p>External video is working just fine as well. Either via hdmi output or via the mini displayport connector.</p>
50016
50017 <p>The buttons for adjusting brightness (fn+f8 and fn+f9) are not working. Instead one has to use wsconsctl(8) to adjust the brightness.</p>
50018
50019 <p>Networking<br>
50020 The infinityBook has built-in ethernet, driven by re(4) And for the wireless interface the iwm(4) driver is being used. Both work as expected.</p>
50021
50022 <p>ACPI<br>
50023 Neither suspend nor hibernate work. Reporting of battery status is bogus as well. Some of the keyboard function keys work:</p>
50024
50025 <p>LCD on/off works (fn+f2)<br>
50026 Keyboard backlight dimming works (fn+f4)<br>
50027 Volume (fn+f5 / fn+f6) works</p>
50028
50029 <p>Sound<br>
50030 The azalia chipset is being used for audio processing. Works as expected, volume can be controlled via buttons (fn+f5, fn+f6) or via mixerctl.</p>
50031
50032 <p>Touchpad<br>
50033 Can be controlled via wsconsctl(8).<br>
50034 So far I must say, that the InfinityBook makes a nice machine - and I’m enjoying working with it.</p>
50035
50036 <p>iXsystems<br>
50037 iXsystems - Its all NAS</p>
50038
50039 <h3>How ZFS makes things like ‘zfs diff’ report filenames efficiently</h3>
50040
50041 <p>As a copy on write (file)system, ZFS can use the transaction group (txg) numbers that are embedded in ZFS block pointers to efficiently find the differences between two txgs; this is used in, for example, ZFS bookmarks. However, as I noted at the end of my entry on block pointers, this doesn’t give us a filesystem level difference; instead, it essentially gives us a list of inodes (okay, dnodes) that changed.<br>
50042 In theory, turning an inode or dnode number into the path to a file is an expensive operation; you basically have to search the entire filesystem until you find it. In practice, if you’ve ever run ‘zfs diff’, you’ve likely noticed that it runs pretty fast. Nor is this the only place that ZFS quickly turns dnode numbers into full paths, as it comes up in ‘zpool status’ reports about permanent errors. At one level, zfs diff and zpool status do this so rapidly because they ask the ZFS code in the kernel to do it for them. At another level, the question is how the kernel’s ZFS code can be so fast.<br>
50043 The interesting and surprising answer is that ZFS cheats, in a way that makes things very fast when it works and almost always works in normal filesystems and with normal usage patterns. The cheat is that ZFS dnodes record their parent’s object number.<br>
50044 If you’re familiar with the twists and turns of Unix filesystems, you’re now wondering how ZFS deals with hardlinks, which can cause a file to be in several directories at once and so have several parents (and then it can be removed from some of the directories). The answer is that ZFS doesn’t; a dnode only ever tracks a single parent, and ZFS accepts that this parent information can be inaccurate. I’ll quote the comment in zfs_obj_to_pobj:<br>
50045 When a link is removed [the file’s] parent pointer is not changed and will be invalid. There are two cases where a link is removed but the file stays around, when it goes to the delete queue and when there are additional links.<br>
50046 Before I get into the details, I want to say that I appreciate the brute force elegance of this cheat. The practical reality is that most Unix files today don’t have extra hardlinks, and when they do most hardlinks are done in ways that won’t break ZFS’s parent stuff. The result is that ZFS has picked an efficient implementation that works almost all of the time; in my opinion, the great benefit we get from having it around are more than worth the infrequent cases where it fails or malfunctions. Both zfs diff and having filenames show up in zpool status permanent error reports are very useful (and there may be other cases where this gets used).<br>
50047 The current details are that any time you hardlink a file to somewhere or rename it, ZFS updates the file’s parent to point to the new directory. Often this will wind up with a correct parent even after all of the dust settles; for example, a common pattern is to write a file to an initial location, hardlink it to its final destination, and then remove the initial location version. In this case, the parent will be correct and you’ll get the right name.</p>
50048
50049 <h2>News Roundup</h2>
50050
50051 <h3>What is FreeBSD? Why Should You Choose It Over Linux?</h3>
50052
50053 <p>Not too long ago I wondered if and in what situations FreeBSD could be faster than Linux and we received a good amount of informative feedback. So far, Linux rules the desktop space and FreeBSD rules the server space.</p>
50054
50055 <p>In the meantime, though, what exactly is FreeBSD? And at what times should you choose it over a GNU/Linux installation? Let’s tackle these questions.</p>
50056
50057 <p>FreeBSD is a free and open source derivative of BSD (Berkeley Software Distribution) with a focus on speed, stability, security, and consistency, among other features. It has been developed and maintained by a large community ever since its initial release many years ago on November 1, 1993.</p>
50058
50059 <p>BSD is the version of UNIX® that was developed at the University of California in Berkeley. And being a free and open source version, “Free” being a prefix to BSD is a no-brainer.</p>
50060
50061 <p>What’s FreeBSD Good For?</p>
50062
50063 <p>FreeBSD offers a plethora of advanced features and even boasts some not available in some commercial Operating Systems. It makes an excellent Internet and Intranet server thanks to its robust network services that allow it to maximize memory and work with heavy loads to deliver and maintain good response times for thousands of simultaneous user processes.</p>
50064
50065 <p>FreeBSD runs a huge number of applications with ease. At the moment, it has over 32,000 ported applications and libraries with support for desktop, server, and embedded environments. with that being said, let me also add that FreeBSD is excellent for working with advanced embedded platforms. Mail and web appliances, timer servers, routers, MIPS hardware platforms, etc. You name it!</p>
50066
50067 <p>FreeBSD is available to install in several ways and there are directions to follow for any method you want to use; be it via CD-ROM, over a network using NFS or FTP, or DVD.</p>
50068
50069 <p>FreeBSD is easy to contribute to and all you have to do is to locate the section of the FreeBSD code base to modify and carefully do a neat job. Potential contributors are also free to improve on its artwork and documentation, among other project aspects.</p>
50070
50071 <p>FreeBSD is backed by the FreeBSD Foundation, a non-profit organization that you can contribute to financially and all direct contributions are tax deductible.</p>
50072
50073 <p>FreeBSD’s license allows users to incorporate the use of proprietary software which is ideal for companies interested in generating revenues. Netflix, for example, could cite this as one of the reasons for using FreeBSD servers.</p>
50074
50075 <p>Why Should You Choose It over Linux?</p>
50076
50077 <p>From what I’ve gathered about both FreeBSD and Linux, FreeBSD has a better performance on servers than Linux does. Yes, its packaged applications are configured to offer better a performance than Linux and it is usually running fewer services by default, there really isn’t a way to certify which is faster because the answer is dependent on the running hardware and applications and how the system is tuned.</p>
50078
50079 <p>FreeBSD is reportedly more secure than Linux because of the way the whole project is developed and maintained.</p>
50080
50081 <p>Unlike with Linux, the FreeBSD project is controlled by a large community of developers around the world who fall into any of these categories; core team, contributors, and committers.</p>
50082
50083 <p>FreeBSD is much easier to learn and use because there aren’t a thousand and one distros to choose from with different package managers, DEs, etc.</p>
50084
50085 <p>FreeBSD is more convenient to contribute to because it is the entire OS that is preserved and not just the kernel and a repo as is the case with Linux. You can easily access all of its versions since they are sorted by release numbers.</p>
50086
50087 <p>Apart from the many documentations and guides that you can find online, FreeBSD has a single official documentation wherein you can find the solution to virtually any issue you will come across. So, you’re sure to find it resourceful.</p>
50088
50089 <p>FreeBSD has close to no software issues compared to Linux because it has Java, is capable of running Windows programs using Wine, and can run .NET programs using Mono.</p>
50090
50091 <p>FreeBSD’s ports/packages system allows you to compile software with specific configurations, thereby avoiding conflicting dependency and version issues.</p>
50092
50093 <p>Both the FreeBSD and GNU/Linux project are always receiving updates. The platform you decide to go with is largely dependent on what you want to use it for, your technical know-how, willingness to learn new stuff, and ultimately your preference.<br>
50094 What is your take on the topic? For what reasons would you choose FreeBSD over Linux if you would? Let us know what you think about both platforms in the comments section below.</p>
50095
50096 <h3>PS4 5.05 BPF Double Free Kernel Exploit Writeup</h3>
50097
50098 <p>Introduction<br>
50099 Welcome to the 5.0x kernel exploit write-up. A few months ago, a kernel vulnerability was discovered by qwertyoruiopz and an exploit was released for BPF which involved crafting an out-of-bounds (OOB) write via use-after-free (UAF) due to the lack of proper locking. It was a fun bug, and a very trivial exploit. Sony then removed the write functionality from BPF, so that exploit was patched. However, the core issue still remained (being the lack of locking). A very similar race condition still exists in BPF past 4.55, which we will go into detail below on. The full source of the exploit can be found here.<br>
50100 This bug is no longer accessible however past 5.05 firmware, because the BPF driver has finally been blocked from unprivileged processes - WebKit can no longer open it. Sony also introduced a new security mitigation in 5.0x firmwares to prevent the stack pointer from pointing into user space, however we’ll go more in detail on this a bit further down.</p>
50101
50102 <p>Assumptions<br>
50103 Some assumptions are made of the reader’s knowledge for the writeup. The avid reader should have a basic understanding of how memory allocators work - more specifically, how malloc() and free() allocate and deallocate memory respectively. They should also be aware that devices can be issued commands concurrently, as in, one command could be received while another one is being processed via threading. An understanding of C, x86, and exploitation basics is also very helpful, though not necessarily required.</p>
50104
50105 <p>Background<br>
50106 This section contains some helpful information to those newer to exploitation, or are unfamiliar with device drivers, or various exploit techniques such as heap spraying and race conditions. Feel free to skip to the “A Tale of Two Free()'s” section if you’re already familiar with this material.</p>
50107
50108 <p>What Are Drivers?<br>
50109 There are a few ways that applications can directly communicate with the operating system. One of which is system calls, which there are over 600 of in the PS4 kernel, ~500 of which are FreeBSD - the rest are Sony-implemented. Another method is through something called “Device Drivers”. Drivers are typically used to bridge the gap between software and hardware devices (usb drives, keyboard/mouse, webcams, etc) - though they can also be used just for software purposes.<br>
50110 There are a few operations that a userland application can perform on a driver (if it has sufficient permissions) to interface with it after opening it. In some instances, one can read from it, write to it, or in some cases, issue more complex commands to it via the ioctl() system call. The handlers for these commands are implemented in kernel space - this is important, because any bugs that could be exploited in an ioctl handler can be used as a privilege escalation straight to ring0 - typically the most privileged state.<br>
50111 Drivers are often the more weaker points of an operating system for attackers, because sometimes these drivers are written by developers who don’t understand how the kernel works, or the drivers are older and thus not wise to newer attack methods.</p>
50112
50113 <p>The BPF Device Driver<br>
50114 If we take a look around inside of WebKit’s sandbox, we’ll find a /dev directory. While this may seem like the root device driver path, it’s a lie. Many of the drivers that the PS4 has are not exposed to this directory, but rather only ones that are needed for WebKit’s operation (for the most part). For some reason though, BPF (aka. the “Berkely Packet Filter”) device is not only exposed to WebKit’s sandbox - it also has the privileges to open the device as R/W. This is very odd, because on most systems this driver is root-only (and for good reason). If you want to read more into this, refer to my previous write-up with 4.55FW.</p>
50115
50116 <p>What Are Packet Filters?<br>
50117 Below is an excerpt from the 4.55 bpfwrite writeup.<br>
50118 Since the bug is directly in the filter system, it is important to know the basics of what packet filters are. Filters are essentially sets of pseudo-instructions that are parsed by bpf_filter() (which are ran when packets are received). While the pseudo-instruction set is fairly minimal, it allows you to do things like perform basic arithmetic operations and copy values around inside it’s buffer. Breaking down the BPF VM in it’s entirety is far beyond the scope of this write-up, just know that the code produced by it is ran in kernel mode - this is why read/write access to /dev/bpf should be privileged.</p>
50119
50120 <p>Race Conditions<br>
50121 Race conditions occur when two processes/threads try to access a shared resource at the same time without mutual exclusion. The problem was ultimately solved by introducing concepts such as the “mutex” or “lock”. The idea is when one thread/process tries to access a resource, it will first acquire a lock, access it, then unlock it once it’s finished. If another thread/process tries to access it while the other has the lock, it will wait until the other thread is finished. This works fairly well - when it’s used properly.<br>
50122 Locking is hard to get right, especially when you try to implement fine-grained locking for performance. One single instruction or line of code outside the locking window could introduce a race condition. Not all race conditions are exploitable, but some are (such as this one) - and they can give an attacker very powerful bugs to work with.</p>
50123
50124 <p>Heap Spraying<br>
50125 The process of heap spraying is fairly simple - allocate a bunch of memory and fill it with controlled data in a loop and pray your allocation doesn’t get stolen from underneath you. It’s a very useful technique when exploiting something such as a use-after-free(), as you can use it to get controlled data into your target object’s backing memory.<br>
50126 By extension, it’s useful to do this for a double free() as well, because once we have a stale reference, we can use a heap spray to control the data. Since the object will be marked “free” - the allocator will eventually provide us with control over this memory, even though something else is still using it. That is, unless, something else has already stolen the pointer from you and corrupts it - then you’ll likely get a system crash, and that’s no fun. This is one factor that adds to the variance of exploits, and typically, the smaller the object, the more likely this is to happen.</p>
50127
50128 <p>Follow the link to read more of the article<br>
50129 DigitalOcean<br>
50130 <a href="http://do.co/bsdnow" rel="nofollow">http://do.co/bsdnow</a></p>
50131
50132 <h3>OpenBSD gains Wi-Fi “auto-join”</h3>
50133
50134 <p>In a change which is bound to be welcomed widely, -current has gained “auto-join” for Wi-Fi networks. Peter Hessler (phessler@) has been working on this for quite some time and he wrote about it in his p2k18 hackathon report. He has committed the work from the g2k18 hackathon in Ljubljana:</p>
50135
50136 <p>CVSROOT: /cvs<br>
50137 Module name: src<br>
50138 Changes by: <a href="mailto:phessler@cvs.openbsd.org" rel="nofollow">phessler@cvs.openbsd.org</a> 2018/07/11 14:18:09</p>
50139
50140 <p>Modified files:<br>
50141 sbin/ifconfig : ifconfig.8 ifconfig.c <br>
50142 sys/net80211 : ieee80211_ioctl.c ieee80211_ioctl.h <br>
50143 ieee80211_node.c ieee80211_node.h <br>
50144 ieee80211_var.h </p>
50145
50146 <p>Log message:<br>
50147 Introduce 'auto-join' to the wifi 802.11 stack.</p>
50148
50149 <p>This allows a system to remember which ESSIDs it wants to connect to, any<br>
50150 relevant security configuration, and switch to it when the network we are<br>
50151 currently connected to is no longer available.<br>
50152 Works when connecting and switching between WPA2/WPA1/WEP/clear encryptions.</p>
50153
50154 <p>example hostname.if:<br>
50155 join home wpakey password<br>
50156 join work wpakey mekmitasdigoat<br>
50157 join open-lounge<br>
50158 join cafe wpakey cafe2018<br>
50159 join "wepnetwork" nwkey "12345"<br>
50160 dhcp<br>
50161 inet6 autoconf<br>
50162 up</p>
50163
50164 <p>OK stsp@ reyk@<br>
50165 and enthusiasm from every hackroom I've been in for the last 3 years<br>
50166 The usage should be clear from the commit message, but basically you ‘join’ all the networks you want to auto-join as you would previously use ‘nwid’ to connect to one specific network. Then the kernel will join the network that’s actually in range and do the rest automagically for you. When you move out of range of that network you lose connectivity until you come in range of the original (where things will continue to work as you’ve been used to) or one of the other networks (where you will associate and then get a new lease).</p>
50167
50168 <p>Thanks to Peter for working on this feature - something many a Wi-Fi using OpenBSD user will be able to benefit from.</p>
50169
50170 <h3>FreeBSD Jails the hard way</h3>
50171
50172 <p>There are many great options for managing FreeBSD Jails. iocage, warden and ez-jail aim to streamline the process and make it quick an easy to get going. But sometimes the tools built right into the OS are overlooked.</p>
50173
50174 <p>This post goes over what is involved in creating and managing jails using only the tools built into FreeBSD.</p>
50175
50176 <p>For this guide, I’m going to be putting my jails in /usr/local/jails.</p>
50177
50178 <p>I’ll start with a very simple, isolated jail. Then I’ll go over how to use ZFS snapshots, and lastly nullfs mounts to share the FreeBSD base files with multiple jails.</p>
50179
50180 <p>I’ll also show some examples of how to use the templating power of jail.conf to apply similar settings to all your jails.</p>
50181
50182 <p>Full Jail<br>
50183 Make a directory for the jail, or a zfs dataset if you prefer.<br>
50184 Download the FreeBSD base files, and any other parts of FreeBSD you want. In this example I’ll include the 32 bit libraries as well.<br>
50185 Update your FreeBSD base install.<br>
50186 Verify your download. We’re downloading these archives over FTP after all, we should confirm that this download is valid and not tampered with. The freebsd-update IDS command verifies the installation using a PGP key which is in your base system, which was presumably installed with an ISO that you verified using the FreeBSD signed checksums. Admittedly this step is a bit of paranoia, but I think it’s prudent.<br>
50187 Make sure you jail has the right timezone and dns servers and a hostname in rc.conf.<br>
50188 Edit jail.conf with the details about your jail.<br>
50189 Start and login to your jail.<br>
50190 11 commands and a config file, but this is the most tedious way to make a jail. With a little bit of templating it can be even easier. So I’ll start by making a template. Making a template is basically the same as steps 1, 2 and 3 above, but with a different destination folder, I’ll condense them here.</p>
50191
50192 <p>Creating a template<br>
50193 Create a template or a ZFS dataset. If you’d like to use the zfs clone method of deploying templates, you’ll need to create a zfs dataset instead of a folder.<br>
50194 Update your template with freebsd-update.<br>
50195 Verify your install<br>
50196 And that’s it, now you have a fully up to date jail template. If you’ve made this template with zfs, you can easily deploy it using zfs snapshots.</p>
50197
50198 <p>Deploying a template with ZFS snapshots<br>
50199 Create a snapshot. My last freebsd-update to my template brought it to patch level 17, so I’ll call my snapshot p10.<br>
50200 Clone the snapshot to a new jail.<br>
50201 Configure the jail hostname.<br>
50202 Add the jail definition to jail.conf, make sure you have the global jail settings from jail.conf listed in the fulljail example.<br>
50203 Start the jail.<br>
50204 The downside with the zfs approach is that each jail is now a fully independent, and if you need to update your jails, you have to update them all individually. By sharing a template using nullfs mounts you can have only one copy of the base system that only needs to be updated once.</p>
50205
50206 <p>Follow the link to see the rest of the article about<br>
50207 Thin jails using NullFS mounts<br>
50208 Simplifying jail.conf<br>
50209 Hopefully this has helped you understand the process of how to create and manage FreeBSD jails without tools that abstract away all the details. Those tools are often quite useful, but there is always benefit in learning to do things the hard way. And in this case, the hard way doesn’t seem to be that hard after all.</p>
50210
50211 <h2>Beastie Bits</h2>
50212
50213 <p>Meetup in Zurich #4, July edition (July 19) – Which you likely missed, but now you know to look for the August edition!<br>
50214 The next two BSD-PL User group meetings in Warsaw have been scheduled for July 30th and Aug 9th @ 1830 CEST – Submit your topic proposals now<br>
50215 Linux Geek Books - Humble Bundle<br>
50216 Extend loader(8) geli support to all architectures and all disk-like devices<br>
50217 Upgrading from a bootpool to a single encrypted pool – skip the gptzfsboot part, and manually update your EFI partition with loader.efi<br>
50218 The pkgsrc 2018Q2 for Illumos is available with 18500+ binary packages<br>
50219 NetBSD ARM64 Images Available with SMP for RPi3 / NanoPi / Pine64 Boards<br>
50220 Recently released CDE 2.3.0 running on Tribblix (Illumos)<br>
50221 An Interview With Tech & Science Fiction Author Michael W Lucas<br>
50222 A reminder : MeetBSD CFP<br>
50223 EuroBSDCon talk acceptances have gone out, and once the tutorials are confirmed, registration will open. That will likely have happened by time you see this episode, so go register! See you in Romania<br>
50224 Tarsnap</p>
50225
50226 <h2>Feedback/Questions</h2>
50227
50228 <p>Wilyarti - Adblocked on FreeBSD Continued…<br>
50229 Andrew - A Question and a Story<br>
50230 Matthew - Thanks<br>
50231 Brian - PCI-E Controller<br>
50232 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow">feedback@bsdnow.tv</a></p>]]>
50233 </itunes:summary>
50234 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+GBE4YxFB</fireside:playerURL>
50235 <fireside:playerEmbedCode>
50236 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+GBE4YxFB" width="740" height="200" frameborder="0" scrolling="no">]]>
50237 </fireside:playerEmbedCode>
50238 </item>
50239 <item>
50240 <title>Episode 255: What Are You Pointing At | BSD Now 255</title>
50241 <link>https://www.bsdnow.tv/255</link>
50242 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-2267</guid>
50243 <pubDate>Wed, 18 Jul 2018 00:00:00 -0700</pubDate>
50244 <author>Allan Jude</author>
50245 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ca9b19c1-e202-45d6-ac45-d0048a734c45.mp3" length="48457846" type="audio/mp3"/>
50246 <itunes:episodeType>full</itunes:episodeType>
50247 <itunes:author>Allan Jude</itunes:author>
50248 <itunes:subtitle>What ZFS blockpointers are, zero-day rewards offered, KDE on FreeBSD status, new FreeBSD core team, NetBSD WiFi refresh, poor man’s CI, and the power of Ctrl+T.</itunes:subtitle>
50249 <itunes:duration>1:20:27</itunes:duration>
50250 <itunes:explicit>no</itunes:explicit>
50251 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
50252 <description>What ZFS blockpointers are, zero-day rewards offered, KDE on FreeBSD status, new FreeBSD core team, NetBSD WiFi refresh, poor man’s CI, and the power of Ctrl+T.
50253 <p>##Headlines<br>
50254 <a href="https://utcc.utoronto.ca/~cks/space/blog/solaris/ZFSBlockPointers">What ZFS block pointers are and what’s in them</a></p>
50255 <blockquote>
50256 <p>I’ve mentioned ZFS block pointers in the past; for example, when I wrote about some details of ZFS DVAs, I said that DVAs are embedded in block pointers. But I’ve never really looked carefully at what is in block pointers and what that means and implies for ZFS.</p>
50257 </blockquote>
50258 <blockquote>
50259 <p>The very simple way to describe a ZFS block pointer is that it’s what ZFS uses in places where other filesystems would simply put a block number. Just like block numbers but unlike things like ZFS dnodes, a block pointer isn’t a separate on-disk entity; instead it’s an on disk data format and an in memory structure that shows up in other things. To quote from the (draft and old) ZFS on-disk specification (PDF):</p>
50260 </blockquote>
50261 <blockquote>
50262 <p>A block pointer (blkptr_t) is a 128 byte ZFS structure used to physically locate, verify, and describe blocks of data on disk.</p>
50263 </blockquote>
50264 <blockquote>
50265 <p>Block pointers are embedded in any ZFS on disk structure that points directly to other disk blocks, both for data and metadata. For instance, the dnode for a file contains block pointers that refer to either its data blocks (if it’s small enough) or indirect blocks, as I saw in this entry. However, as I discovered when I paid attention, most things in ZFS only point to dnodes indirectly, by giving their object number (either in a ZFS filesystem or in pool-wide metadata).</p>
50266 </blockquote>
50267 <blockquote>
50268 <p>So what’s in a block pointer itself? You can find the technical details for modern ZFS in spa.h, so I’m going to give a sort of summary. A regular block pointer contains:</p>
50269 </blockquote>
50270 <ul>
50271 <li>various metadata and flags about what the block pointer is for and what parts of it mean, including what type of object it points to.</li>
50272 <li>Up to three DVAs that say where to actually find the data on disk. There can be more than one DVA because you may have set the copies property to 2 or 3, or this may be metadata (which normally has two copies and may have more for sufficiently important metadata).</li>
50273 <li>The logical size (size before compression) and ‘physical’ size (the nominal size after compression) of the disk block. The physical size can do odd things and is not necessarily the asize (allocated size) for the DVA(s).</li>
50274 <li>The txgs that the block was born in, both logically and physically (the physical txg is apparently for dva[0]). The physical txg was added with ZFS deduplication but apparently also shows up in vdev removal.</li>
50275 <li>The checksum of the data the block pointer describes. This checksum implicitly covers the entire logical size of the data, and as a result you must read all of the data in order to verify it. This can be an issue on raidz vdevs or if the block had to use gang blocks.</li>
50276 </ul>
50277 <blockquote>
50278 <p>Just like basically everything else in ZFS, block pointers don’t have an explicit checksum of their contents. Instead they’re implicitly covered by the checksum of whatever they’re embedded in; the block pointers in a dnode are covered by the overall checksum of the dnode, for example. Block pointers must include a checksum for the data they point to because such data is ‘out of line’ for the containing object.</p>
50279 </blockquote>
50280 <blockquote>
50281 <p>(The block pointers in a dnode don’t necessarily point straight to data. If there’s more than a bit of data in whatever the dnode covers, the dnode’s block pointers will instead point to some level of indirect block, which itself has some number of block pointers.)</p>
50282 </blockquote>
50283 <blockquote>
50284 <p>There is a special type of block pointer called an embedded block pointer. Embedded block pointers directly contain up to 112 bytes of data; apart from the data, they contain only the metadata fields and a logical birth txg. As with conventional block pointers, this data is implicitly covered by the checksum of the containing object.</p>
50285 </blockquote>
50286 <blockquote>
50287 <p>Since block pointers directly contain the address of things on disk (in the form of DVAs), they have to change any time that address changes, which means any time ZFS does its copy on write thing. This forces a change in whatever contains the block pointer, which in turn ripples up to another block pointer (whatever points to said containing thing), and so on until we eventually reach the Meta Object Set and the uberblock. How this works is a bit complicated, but ZFS is designed to generally make this a relatively shallow change with not many levels of things involved (as I discovered recently).</p>
50288 </blockquote>
50289 <blockquote>
50290 <p>As far as I understand things, the logical birth txg of a block pointer is the transaction group in which the block pointer was allocated. Because of ZFS’s copy on write principle, this means that nothing underneath the block pointer has been updated or changed since that txg; if something changed, it would have been written to a new place on disk, which would have forced a change in at least one DVA and thus a ripple of updates that would update the logical birth txg.</p>
50291 </blockquote>
50292 <blockquote>
50293 <p>However, this doesn’t quite mean what I used to think it meant because of ZFS’s level of indirection. If you change a file by writing data to it, you will change some of the file’s block pointers, updating their logical birth txg, and you will change the file’s dnode. However, you won’t change any block pointers and thus any logical birth txgs for the filesystem directory the file is in (or anything else up the directory tree), because the directory refers to the file through its object number, not by directly pointing to its dnode. You can still use logical birth txgs to efficiently find changes from one txg to another, but you won’t necessarily get a filesystem level view of these changes; instead, as far as I can see, you will basically get a view of what object(s) in a filesystem changed (effectively, what inode numbers changed).</p>
50294 </blockquote>
50295 <blockquote>
50296 <p>(ZFS has an interesting hack to make things like ‘zfs diff’ work far more efficiently than you would expect in light of this, but that’s going to take yet another entry to cover.)</p>
50297 </blockquote>
50298 <hr>
50299 <p>###<a href="https://www.bleepingcomputer.com/news/security/rewards-of-up-to-500-000-offered-for-freebsd-openbsd-netbsd-linux-zero-days/">Rewards of Up to $500,000 Offered for FreeBSD, OpenBSD, NetBSD, Linux Zero-Days</a></p>
50300 <blockquote>
50301 <p>Exploit broker Zerodium is offering rewards of up to $500,000 for zero-days in UNIX-based operating systems like OpenBSD, FreeBSD, NetBSD, but also for Linux distros such as Ubuntu, CentOS, Debian, and Tails.<br>
50302 The offer, first advertised via Twitter earlier this week, is available as part of the company’s latest zero-day acquisition drive. Zerodium is known for buying zero-days and selling them to government agencies and law enforcement.<br>
50303 The company runs a regular zero-day acquisition program through its website, but it often holds special drives with more substantial rewards when it needs zero-days of a specific category.</p>
50304 </blockquote>
50305 <ul>
50306 <li>BSD zero-day rewards will be on par with Linux payouts</li>
50307 </ul>
50308 <blockquote>
50309 <p>The US-based company held a previous drive with increased rewards for Linux zero-days in February, with rewards going as high as $45,000.<br>
50310 In another zero-day acquisition drive announced on Twitter this week, the company said it was looking again for Linux zero-days, but also for exploits targeting BSD systems. This time around, rewards can go up to $500,000, for the right exploit.<br>
50311 Zerodium told Bleeping Computer they’ll be aligning the temporary rewards for BSD systems with their usual payouts for Linux distros.<br>
50312 The company’s usual payouts for Linux privilege escalation exploits can range from $10,000 to $30,000. Local privilege escalation (LPE) rewards can even reach $100,000 for “an exploit with an exceptional quality and coverage,” such as, for example, a Linux kernel exploit affecting all major distributions.<br>
50313 Payouts for Linux remote code execution (RCE) exploits can bring in from $50,000 to $500,000 depending on the targeted software/service and its market share. The highest rewards are usually awarded for LPEs and RCEs affecting CentOS and Ubuntu distros.</p>
50314 </blockquote>
50315 <ul>
50316 <li>Zero-day price varies based on exploitation chain</li>
50317 </ul>
50318 <blockquote>
50319 <p>The acquisition price of a submitted zero-day is directly tied to its requirements in terms of user interaction (no click, one click, two clicks, etc.), Zerodium said.<br>
50320 Other factors include the exploit reliability, its success rate, the number of vulnerabilities chained together for the final exploit to work (more chained bugs means more chances for the exploit to break unexpectedly), and the OS configuration needed for the exploit to work (exploits are valued more if they work against default OS configs).</p>
50321 </blockquote>
50322 <ul>
50323 <li>Zero-days in servers “can reach exceptional amounts”</li>
50324 </ul>
50325 <blockquote>
50326 <p>“Price difference between systems is mostly driven by market shares,” Zerodium founder Chaouki Bekrar told Bleeping Computer via email.<br>
50327 Asked about the logic behind these acquisition drives that pay increased rewards, Bekrar told Bleeping Computer the following:<br>
50328 &quot;Our aim is to always have, at any time, two or more fully functional exploits for every major software, hardware, or operating systems, meaning that from time to time we would promote a specific software/system on our social media to acquire new codes and strengthen our existing capabilities or extend them.”<br>
50329 “We may also react to customers’ requests and their operational needs,” Bekrar said.</p>
50330 </blockquote>
50331 <ul>
50332 <li>It’s becoming a crowded market</li>
50333 </ul>
50334 <blockquote>
50335 <p>Since Zerodium drew everyone’s attention to the exploit brokerage market in 2015, the market has gotten more and more crowded, but also more sleazy, with some companies being accused of selling zero-days to government agencies in countries with oppressive or dictatorial regimes, where they are often used against political oponents, journalists, and dissidents, instead of going after real criminals.<br>
50336 The latest company who broke into the zero-day brokerage market is Crowdfense, who recently launched an acquisition program with prizes of $10 million, of which it already paid $4.5 million to researchers.</p>
50337 </blockquote>
50338 <p><a href="https://twitter.com/Zerodium/status/1012007051466162177">Twitter Announcement</a></p>
50339 <hr>
50340 <p><strong>Digital Ocean</strong><br>
50341 <a href="http://do.co/bsdnow">http://do.co/bsdnow</a></p>
50342 <p>###<a href="https://euroquis.nl/bobulate/?p=1915">KDE on FreeBSD – June 2018</a></p>
50343 <blockquote>
50344 <p>The KDE-FreeBSD team (a half-dozen hardy individuals, with varying backgrounds and varying degrees of involvement depending on how employment is doing) has a status message in the #kde-freebsd channel on freenode. Right now it looks like this:</p>
50345 </blockquote>
50346 <pre><code>http://FreeBSD.kde.org | Bleeding edge
50347 http://FreeBSD.kde.org/area51.php | Released: Qt 5.10.1, KDE SC 4.14.3, KF5 5.46.0, Applications 18.04.1, Plasma-5.12.5, Kdevelop-5.2.1, Digikam-5.9.0
50348 </code></pre>
50349 <blockquote>
50350 <p>It’s been a while since I wrote about KDE on FreeBSD, what with Calamares and third-party software happening as well. We’re better at keeping the IRC topic up-to-date than a lot of other sources of information (e.g. the FreeBSD quarterly reports, or the f.k.o website, which I’ll just dash off and update after writing this).</p>
50351 </blockquote>
50352 <ul>
50353 <li>In no particular order:</li>
50354 <li>Qt 5.10 is here, in a FrankenEngine incarnation: we still use WebEnging from Qt 5.9 because — like I’ve said before — WebEngine is such a gigantic pain in the butt to update with all the necessary patches to get it to compile.</li>
50355 <li>Our collection of downstream patches to Qt 5.10 is growing, slowly. None of them are upstreamable (e.g. libressl support) though.</li>
50356 <li>KDE Frameworks releases are generally pushed to ports within a week or two of release. Actually, now that there is a bigger stack of KDE software in FreeBSD ports the updates take longer because we have to do exp-runs.</li>
50357 <li>Similarly, Applications and Plasma releases are reasonably up-to-date. We dodged a bullet by not jumping on Plasma 5.13 right away, I see. Tobias is the person doing almost all of the drudge-work of these updates, he deserves a pint of something in Vienna this summer.</li>
50358 <li>The <a href="http://freebsd.kde.org">freebsd.kde.org</a> website has been slightly updated; it was terribly out-of-date.</li>
50359 </ul>
50360 <blockquote>
50361 <p>So we’re mostly-up-to-date, and mostly all packaged up and ready to go. Much of my day is spent in VMs packaged by other people, but it’s good to have a full KDE developer environment outside of them as well. (PS. Gotta hand it to Tomasz for <a href="https://www.angrycane.com.br/wp-content/uploads/2018/06/download_flamingo_and_display.txt">the amazing application for downloading and displaying a flamingo</a> … niche usecases FTW)</p>
50362 </blockquote>
50363 <hr>
50364 <p>##News Roundup<br>
50365 <a href="https://lists.freebsd.org/pipermail/freebsd-announce/2018-July/001836.html">New FreeBSD Core Team Elected</a></p>
50366 <blockquote>
50367 <p>Active committers to the project have elected your tenth FreeBSD Core<br>
50368 Team.</p>
50369 </blockquote>
50370 <ul>
50371 <li>Allan Jude (allanjude)</li>
50372 <li>Benedict Reuschling (bcr)</li>
50373 <li>Brooks Davis (brooks)</li>
50374 <li>Hiroki Sato (hrs)</li>
50375 <li>Jeff Roberson (jeff)</li>
50376 <li>John Baldwin (jhb)</li>
50377 <li>Kris Moore (kmoore)</li>
50378 <li>Sean Chittenden (seanc)</li>
50379 <li>Warner Losh (imp)</li>
50380 </ul>
50381 <blockquote>
50382 <p>Let’s extend our gratitude to the outgoing Core Team members:</p>
50383 </blockquote>
50384 <ul>
50385 <li>Baptiste Daroussin (bapt)</li>
50386 <li>Benno Rice (benno)</li>
50387 <li>Ed Maste (emaste)</li>
50388 <li>George V. Neville-Neil (gnn)</li>
50389 <li>Matthew Seaman (matthew)</li>
50390 </ul>
50391 <blockquote>
50392 <p>Matthew, after having served as the Core Team Secretary for the past<br>
50393 four years, will be stepping down from that role.</p>
50394 </blockquote>
50395 <blockquote>
50396 <p>The Core Team would also like to thank Dag-Erling Smørgrav for running a<br>
50397 flawless election.</p>
50398 </blockquote>
50399 <ul>
50400 <li>To read about the responsibilities of the Core Team, refer to <a href="https://www.freebsd.org/administration.html#t-core">https://www.freebsd.org/administration.html#t-core</a>.</li>
50401 </ul>
50402 <hr>
50403 <p>###<a href="https://mail-index.netbsd.org/tech-net/2018/06/26/msg006943.html">NetBSD WiFi refresh</a></p>
50404 <blockquote>
50405 <p>The NetBSD Foundation is pleased to announce a summer 2018 contract with Philip Nelson (phil%<a href="http://NetBSD.org">NetBSD.org</a>@localhost) to update the IEEE 802.11 stack basing the update on the FreeBSD current code. The goals of the project are:</p>
50406 </blockquote>
50407 <ul>
50408 <li>Minimizing the differences between the FreeBSD and NetBSD IEEE 802.11 stack so future updates are easier.</li>
50409 <li>Adding support for the newer protocols 801.11/N and 802.11/AC.</li>
50410 <li>Improving SMP support in the IEEE 802.11 stack.</li>
50411 <li>Adding Virtual Access Point (VAP) support.</li>
50412 <li>Updating as many NIC drivers as time permits for the updated IEEE 802.11 stack and VAP changes.</li>
50413 </ul>
50414 <blockquote>
50415 <p>Status reports will be posted to tech-net%<a href="http://NetBSD.org">NetBSD.org</a>@localhost every other week<br>
50416 while the contract is active.</p>
50417 </blockquote>
50418 <hr>
50419 <p><strong>iXsystems</strong></p>
50420 <p>###<a href="https://github.com/billziss-gh/pmci">Poor Man’s CI - Hosted CI for BSD with shell scripting and duct tape</a></p>
50421 <blockquote>
50422 <p>Poor Man’s CI (PMCI - Poor Man’s Continuous Integration) is a collection of scripts that taken together work as a simple CI solution that runs on Google Cloud. While there are many advanced hosted CI systems today, and many of them are free for open source projects, none of them seem to offer a solution for the BSD operating systems (FreeBSD, NetBSD, OpenBSD, etc.)</p>
50423 </blockquote>
50424 <blockquote>
50425 <p>The architecture of Poor Man’s CI is system agnostic. However in the implementation provided in this repository the only supported systems are FreeBSD and NetBSD. Support for additional systems is possible.</p>
50426 </blockquote>
50427 <blockquote>
50428 <p>Poor Man’s CI runs on the Google Cloud. It is possible to set it up so that the service fits within the Google Cloud “Always Free” limits. In doing so the provided CI is not only hosted, but is also free! (Disclaimer: I am not affiliated with Google and do not otherwise endorse their products.)</p>
50429 </blockquote>
50430 <ul>
50431 <li>ARCHITECTURE</li>
50432 </ul>
50433 <blockquote>
50434 <p>A CI solution listens for “commit” (or more usually “push”) events, builds the associated repository at the appropriate place in its history and reports the results. Poor Man’s CI implements this very basic CI scenario using a simple architecture, which we present in this section.</p>
50435 </blockquote>
50436 <ul>
50437 <li>
50438 <p>Poor Man’s CI consists of the following components and their interactions:</p>
50439 </li>
50440 <li>
50441 <p>Controller: Controls the overall process of accepting GitHub push events and starting builds. The Controller runs in the Cloud Functions environment and is implemented by the files in the controller source directory. It consists of the following components:</p>
50442 <ul>
50443 <li>Listener: Listens for GitHub push events and posts them as work messages to the workq PubSub.</li>
50444 <li>Dispatcher: Receives work messages from the workq PubSub and a free instance name from the Builder Pool. It instantiates a builder instance named name in the Compute Engine environment and passes it the link of a repository to build.</li>
50445 <li>Collector: Receives done messages from the doneq PubSub and posts the freed instance name back to the Builder Pool.</li>
50446 </ul>
50447 </li>
50448 <li>
50449 <p>PubSub Topics:</p>
50450 <ul>
50451 <li>workq: Transports work messages that contain the link of the repository to build.</li>
50452 <li>poolq: Implements the Builder Pool, which contains the name’s of available builder instances. To acquire a builder name, pull a message from the poolq. To release a builder name, post it back into the poolq.</li>
50453 <li>doneq: Transports done messages (builder instance terminate and delete events). These message contain the name of freed builder instances.</li>
50454 </ul>
50455 </li>
50456 <li>
50457 <p>builder: A builder is a Compute Engine instance that performs a build of a repository and shuts down when the build is complete. A builder is instantiated from a VM image and a startx (startup-exit) script.</p>
50458 </li>
50459 <li>
50460 <p>Build Logs: A Storage bucket that contains the logs of builds performed by builder instances.</p>
50461 </li>
50462 <li>
50463 <p>Logging Sink: A Logging Sink captures builder instance terminate and delete events and posts them into the doneq.</p>
50464 </li>
50465 <li>
50466 <p>BUGS</p>
50467 </li>
50468 </ul>
50469 <blockquote>
50470 <p>The Builder Pool is currently implemented as a PubSub; messages in the PubSub contain the names of available builder instances. Unfortunately a PubSub retains its messages for a maximum of 7 days. It is therefore possible that messages will be discarded and that your PMCI deployment will suddenly find itself out of builder instances. If this happens you can reseed the Builder Pool by running the commands below. However this is a serious BUG that should be fixed. For a related discussion see <a href="https://tinyurl.com/ybkycuub">https://tinyurl.com/ybkycuub</a>.</p>
50471 </blockquote>
50472 <p><code>$ ./pmci queuepost poolq builder0</code><br>
50473 <code># ./pmci queuepost poolq builder1</code><br>
50474 <code># ... repeat for as many builders as you want</code></p>
50475 <blockquote>
50476 <p>The Dispatcher is implemented as a Retry Background Cloud Function. It accepts work messages from the workq and attempts to pull a free name from the poolq. If that fails it returns an error, which instructs the infrastructure to retry. Because the infrastructure does not provide any retry controls, this currently happens immediately and the Dispatcher spins unproductively. This is currently mitigated by a “sleep” (setTimeout), but the Cloud Functions system still counts the Function as running and charges it accordingly. While this fits within the “Always Free” limits, it is something that should eventually be fixed (perhaps by the PubSub team). For a related discussion see <a href="https://tinyurl.com/yb2vbwfd">https://tinyurl.com/yb2vbwfd</a>.</p>
50477 </blockquote>
50478 <hr>
50479 <p>###<a href="https://blog.danielisz.org/2018/06/21/the-power-of-ctrlt/">The Power of Ctrl-T</a></p>
50480 <blockquote>
50481 <p>Did you know that you can check what a process is doing by pressing CTRL+T?<br>
50482 Has it happened to you before that you were waiting for something to be finished that can take a lot of time, but there is no easy way to check the status. Like a dd, cp, mv and many others. All you have to do is press CTRL+T where the process is running. This will output what’s happening and will not interrupt or mess with it in any way. This causes the operating system to output the SIGINFO signal.<br>
50483 On FreeBSD it looks like this:</p>
50484 </blockquote>
50485 <pre><code>ping pingtest.com
50486 PING pingtest.com (5.22.149.135): 56 data bytes
50487 64 bytes from 5.22.149.135: icmpseq=0 ttl=51 time=86.232 ms
50488 64 bytes from 5.22.149.135: icmpseq=1 ttl=51 time=85.477 ms
50489 64 bytes from 5.22.149.135: icmpseq=2 ttl=51 time=85.493 ms
50490 64 bytes from 5.22.149.135: icmpseq=3 ttl=51 time=85.211 ms
50491 64 bytes from 5.22.149.135: icmpseq=4 ttl=51 time=86.002 ms
50492 load: 1.12 cmd: ping 94371 [select] 4.70r 0.00u 0.00s 0% 2500k
50493 5/5 packets received (100.0%) 85.211 min / 85.683 avg / 86.232 max
50494 64 bytes from 5.22.149.135: icmpseq=5 ttl=51 time=85.725 ms
50495 64 bytes from 5.22.149.135: icmp_seq=6 ttl=51 time=85.510 ms
50496 </code></pre>
50497 <blockquote>
50498 <p>As you can see it not only outputs the name of the running command but the following parameters as well:</p>
50499 </blockquote>
50500 <pre><code>94371 – PID
50501 4.70r – since when is the process running
50502 0.00u – user time
50503 0.00s – system time
50504 0% – CPU usage
50505 2500k – resident set size of the process or RSS
50506 ``
50507 &gt; An even better example is with the following cp command:
50508 </code></pre>
50509 <p>cp FreeBSD-11.1-RELEASE-amd64-dvd1.iso /dev/null<br>
50510 load: 0.99 cmd: cp 94412 [runnable] 1.61r 0.00u 0.39s 3% 3100k<br>
50511 FreeBSD-11.1-RELEASE-amd64-dvd1.iso -&gt; /dev/null 15%<br>
50512 load: 0.91 cmd: cp 94412 [runnable] 2.91r 0.00u 0.80s 6% 3104k<br>
50513 FreeBSD-11.1-RELEASE-amd64-dvd1.iso -&gt; /dev/null 32%<br>
50514 load: 0.91 cmd: cp 94412 [runnable] 4.20r 0.00u 1.23s 9% 3104k<br>
50515 FreeBSD-11.1-RELEASE-amd64-dvd1.iso -&gt; /dev/null 49%<br>
50516 load: 0.91 cmd: cp 94412 [runnable] 5.43r 0.00u 1.64s 11% 3104k<br>
50517 FreeBSD-11.1-RELEASE-amd64-dvd1.iso -&gt; /dev/null 64%<br>
50518 load: 1.07 cmd: cp 94412 [runnable] 6.65r 0.00u 2.05s 13% 3104k<br>
50519 FreeBSD-11.1-RELEASE-amd64-dvd1.iso -&gt; /dev/null 79%<br>
50520 load: 1.07 cmd: cp 94412 [runnable] 7.87r 0.00u 2.43s 15% 3104k<br>
50521 FreeBSD-11.1-RELEASE-amd64-dvd1.iso -&gt; /dev/null 95%</p>
50522 <pre><code>
50523 &gt; I prcessed CTRL+T six times. Without that, all the output would have been is the first line.
50524 &gt; Another example how the process is changing states:
50525 </code></pre>
50526 <p>wget <a href="https://download.freebsd.org/ftp/releases/amd64/amd64/ISO-IMAGES/11.1/FreeBSD-11.1-RELEASE-amd64-dvd1.iso">https://download.freebsd.org/ftp/releases/amd64/amd64/ISO-IMAGES/11.1/FreeBSD-11.1-RELEASE-amd64-dvd1.iso</a><br>
50527 –2018-06-17 18:47:48– <a href="https://download.freebsd.org/ftp/releases/amd64/amd64/ISO-IMAGES/11.1/FreeBSD-11.1-RELEASE-amd64-dvd1.iso">https://download.freebsd.org/ftp/releases/amd64/amd64/ISO-IMAGES/11.1/FreeBSD-11.1-RELEASE-amd64-dvd1.iso</a><br>
50528 Resolving <a href="http://download.freebsd.org">download.freebsd.org</a> (<a href="http://download.freebsd.org">download.freebsd.org</a>)… 96.47.72.72, 2610:1c1:1:606c::15:0<br>
50529 Connecting to <a href="http://download.freebsd.org">download.freebsd.org</a> (<a href="http://download.freebsd.org">download.freebsd.org</a>)|96.47.72.72|:443… connected.<br>
50530 HTTP request sent, awaiting response… 200 OK<br>
50531 Length: 3348465664 (3.1G) [application/octet-stream]<br>
50532 Saving to: ‘FreeBSD-11.1-RELEASE-amd64-dvd1.iso’</p>
50533 <p>FreeBSD-11.1-RELEASE-amd64-dvd1.iso 1%[&gt; ] 41.04M 527KB/s eta 26m 49sload: 4.95 cmd: wget 10152 waiting 0.48u 0.72s<br>
50534 FreeBSD-11.1-RELEASE-amd64-dvd1.iso 1%[&gt; ] 49.41M 659KB/s eta 25m 29sload: 12.64 cmd: wget 10152 waiting 0.55u 0.85s<br>
50535 FreeBSD-11.1-RELEASE-amd64-dvd1.iso 2%[=&gt; ] 75.58M 6.31MB/s eta 20m 6s load: 11.71 cmd: wget 10152 running 0.73u 1.19s<br>
50536 FreeBSD-11.1-RELEASE-amd64-dvd1.iso 2%[=&gt; ] 85.63M 6.83MB/s eta 18m 58sload: 11.71 cmd: wget 10152 waiting 0.80u 1.32s<br>
50537 FreeBSD-11.1-RELEASE-amd64-dvd1.iso 14%[==============&gt; ] 460.23M 7.01MB/s eta 9m 0s 1</p>
50538 <pre><code>
50539 &gt; The bad news is that CTRl+T doesn’t work with Linux kernel, but you can use it on MacOS/OS-X:
50540 </code></pre>
50541 <p>—&gt; Fetching distfiles for gmp<br>
50542 —&gt; Attempting to fetch gmp-6.1.2.tar.bz2 from <a href="https://distfiles.macports.org/gmp">https://distfiles.macports.org/gmp</a><br>
50543 —&gt; Verifying checksums for gmp<br>
50544 —&gt; Extracting gmp<br>
50545 —&gt; Applying patches to gmp<br>
50546 —&gt; Configuring gmp<br>
50547 load: 2.81 cmd: clang 74287 running 0.31u 0.28s</p>
50548 <pre><code>
50549 &gt; PS: If I recall correctly Feld showed me CTRL+T, thank you!
50550 Beastie Bits
50551 Half billion tries for a HAMMER2 bug (http://lists.dragonflybsd.org/pipermail/commits/2018-May/672263.html)
50552 OpenBSD with various Desktops
50553 OpenBSD 6.3 running twm window manager (https://youtu.be/v6XeC5wU2s4)
50554 OpenBSD 6.3 jwm and rox desktop (https://youtu.be/jlSK2oi7CBc)
50555 OpenBSD 6.3 cwm youtube video (https://youtu.be/mgqNyrP2CPs)
50556 pf: Increase default state table size (https://svnweb.freebsd.org/base?view=revision&amp;revision=336221)
50557 ***
50558 Tarsnap
50559 Feedback/Questions
50560 Ben Sims - Full feed? (http://dpaste.com/3XVH91T#wrap)
50561 Scott - Questions and Comments (http://dpaste.com/08P34YN#wrap)
50562 Troels - Features of FreeBSD 11.2 that deserve a mention (http://dpaste.com/3DDPEC2#wrap)
50563 Fred - Show Ideas (http://dpaste.com/296ZA0P#wrap)
50564 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
50565 iXsystems It's all NAS (https://www.ixsystems.com/blog/its-all-nas/)
50566 </code></pre>
50567 </description>
50568 <itunes:keywords>freebsd,openbsd,netbsd,dragonflybsd,trueos,trident,hardenedbsd,tutorial,howto,guide,bsd,interview,kde,zfs</itunes:keywords>
50569 <content:encoded>
50570 <![CDATA[<p>What ZFS blockpointers are, zero-day rewards offered, KDE on FreeBSD status, new FreeBSD core team, NetBSD WiFi refresh, poor man’s CI, and the power of Ctrl+T.</p>
50571
50572 <p>##Headlines<br>
50573 ###<a href="https://utcc.utoronto.ca/~cks/space/blog/solaris/ZFSBlockPointers">What ZFS block pointers are and what’s in them</a></p>
50574
50575 <blockquote>
50576 <p>I’ve mentioned ZFS block pointers in the past; for example, when I wrote about some details of ZFS DVAs, I said that DVAs are embedded in block pointers. But I’ve never really looked carefully at what is in block pointers and what that means and implies for ZFS.</p>
50577 </blockquote>
50578
50579 <blockquote>
50580 <p>The very simple way to describe a ZFS block pointer is that it’s what ZFS uses in places where other filesystems would simply put a block number. Just like block numbers but unlike things like ZFS dnodes, a block pointer isn’t a separate on-disk entity; instead it’s an on disk data format and an in memory structure that shows up in other things. To quote from the (draft and old) ZFS on-disk specification (PDF):</p>
50581 </blockquote>
50582
50583 <blockquote>
50584 <p>A block pointer (blkptr_t) is a 128 byte ZFS structure used to physically locate, verify, and describe blocks of data on disk.</p>
50585 </blockquote>
50586
50587 <blockquote>
50588 <p>Block pointers are embedded in any ZFS on disk structure that points directly to other disk blocks, both for data and metadata. For instance, the dnode for a file contains block pointers that refer to either its data blocks (if it’s small enough) or indirect blocks, as I saw in this entry. However, as I discovered when I paid attention, most things in ZFS only point to dnodes indirectly, by giving their object number (either in a ZFS filesystem or in pool-wide metadata).</p>
50589 </blockquote>
50590
50591 <blockquote>
50592 <p>So what’s in a block pointer itself? You can find the technical details for modern ZFS in spa.h, so I’m going to give a sort of summary. A regular block pointer contains:</p>
50593 </blockquote>
50594
50595 <ul>
50596 <li>various metadata and flags about what the block pointer is for and what parts of it mean, including what type of object it points to.</li>
50597 <li>Up to three DVAs that say where to actually find the data on disk. There can be more than one DVA because you may have set the copies property to 2 or 3, or this may be metadata (which normally has two copies and may have more for sufficiently important metadata).</li>
50598 <li>The logical size (size before compression) and ‘physical’ size (the nominal size after compression) of the disk block. The physical size can do odd things and is not necessarily the asize (allocated size) for the DVA(s).</li>
50599 <li>The txgs that the block was born in, both logically and physically (the physical txg is apparently for dva[0]). The physical txg was added with ZFS deduplication but apparently also shows up in vdev removal.</li>
50600 <li>The checksum of the data the block pointer describes. This checksum implicitly covers the entire logical size of the data, and as a result you must read all of the data in order to verify it. This can be an issue on raidz vdevs or if the block had to use gang blocks.</li>
50601 </ul>
50602
50603 <blockquote>
50604 <p>Just like basically everything else in ZFS, block pointers don’t have an explicit checksum of their contents. Instead they’re implicitly covered by the checksum of whatever they’re embedded in; the block pointers in a dnode are covered by the overall checksum of the dnode, for example. Block pointers must include a checksum for the data they point to because such data is ‘out of line’ for the containing object.</p>
50605 </blockquote>
50606
50607 <blockquote>
50608 <p>(The block pointers in a dnode don’t necessarily point straight to data. If there’s more than a bit of data in whatever the dnode covers, the dnode’s block pointers will instead point to some level of indirect block, which itself has some number of block pointers.)</p>
50609 </blockquote>
50610
50611 <blockquote>
50612 <p>There is a special type of block pointer called an embedded block pointer. Embedded block pointers directly contain up to 112 bytes of data; apart from the data, they contain only the metadata fields and a logical birth txg. As with conventional block pointers, this data is implicitly covered by the checksum of the containing object.</p>
50613 </blockquote>
50614
50615 <blockquote>
50616 <p>Since block pointers directly contain the address of things on disk (in the form of DVAs), they have to change any time that address changes, which means any time ZFS does its copy on write thing. This forces a change in whatever contains the block pointer, which in turn ripples up to another block pointer (whatever points to said containing thing), and so on until we eventually reach the Meta Object Set and the uberblock. How this works is a bit complicated, but ZFS is designed to generally make this a relatively shallow change with not many levels of things involved (as I discovered recently).</p>
50617 </blockquote>
50618
50619 <blockquote>
50620 <p>As far as I understand things, the logical birth txg of a block pointer is the transaction group in which the block pointer was allocated. Because of ZFS’s copy on write principle, this means that nothing underneath the block pointer has been updated or changed since that txg; if something changed, it would have been written to a new place on disk, which would have forced a change in at least one DVA and thus a ripple of updates that would update the logical birth txg.</p>
50621 </blockquote>
50622
50623 <blockquote>
50624 <p>However, this doesn’t quite mean what I used to think it meant because of ZFS’s level of indirection. If you change a file by writing data to it, you will change some of the file’s block pointers, updating their logical birth txg, and you will change the file’s dnode. However, you won’t change any block pointers and thus any logical birth txgs for the filesystem directory the file is in (or anything else up the directory tree), because the directory refers to the file through its object number, not by directly pointing to its dnode. You can still use logical birth txgs to efficiently find changes from one txg to another, but you won’t necessarily get a filesystem level view of these changes; instead, as far as I can see, you will basically get a view of what object(s) in a filesystem changed (effectively, what inode numbers changed).</p>
50625 </blockquote>
50626
50627 <blockquote>
50628 <p>(ZFS has an interesting hack to make things like ‘zfs diff’ work far more efficiently than you would expect in light of this, but that’s going to take yet another entry to cover.)</p>
50629 </blockquote>
50630
50631 <p><hr></p>
50632
50633 <p>###<a href="https://www.bleepingcomputer.com/news/security/rewards-of-up-to-500-000-offered-for-freebsd-openbsd-netbsd-linux-zero-days/">Rewards of Up to $500,000 Offered for FreeBSD, OpenBSD, NetBSD, Linux Zero-Days</a></p>
50634
50635 <blockquote>
50636 <p>Exploit broker Zerodium is offering rewards of up to $500,000 for zero-days in UNIX-based operating systems like OpenBSD, FreeBSD, NetBSD, but also for Linux distros such as Ubuntu, CentOS, Debian, and Tails.<br>
50637 The offer, first advertised via Twitter earlier this week, is available as part of the company’s latest zero-day acquisition drive. Zerodium is known for buying zero-days and selling them to government agencies and law enforcement.<br>
50638 The company runs a regular zero-day acquisition program through its website, but it often holds special drives with more substantial rewards when it needs zero-days of a specific category.</p>
50639 </blockquote>
50640
50641 <ul>
50642 <li>BSD zero-day rewards will be on par with Linux payouts</li>
50643 </ul>
50644
50645 <blockquote>
50646 <p>The US-based company held a previous drive with increased rewards for Linux zero-days in February, with rewards going as high as $45,000.<br>
50647 In another zero-day acquisition drive announced on Twitter this week, the company said it was looking again for Linux zero-days, but also for exploits targeting BSD systems. This time around, rewards can go up to $500,000, for the right exploit.<br>
50648 Zerodium told Bleeping Computer they’ll be aligning the temporary rewards for BSD systems with their usual payouts for Linux distros.<br>
50649 The company’s usual payouts for Linux privilege escalation exploits can range from $10,000 to $30,000. Local privilege escalation (LPE) rewards can even reach $100,000 for “an exploit with an exceptional quality and coverage,” such as, for example, a Linux kernel exploit affecting all major distributions.<br>
50650 Payouts for Linux remote code execution (RCE) exploits can bring in from $50,000 to $500,000 depending on the targeted software/service and its market share. The highest rewards are usually awarded for LPEs and RCEs affecting CentOS and Ubuntu distros.</p>
50651 </blockquote>
50652
50653 <ul>
50654 <li>Zero-day price varies based on exploitation chain</li>
50655 </ul>
50656
50657 <blockquote>
50658 <p>The acquisition price of a submitted zero-day is directly tied to its requirements in terms of user interaction (no click, one click, two clicks, etc.), Zerodium said.<br>
50659 Other factors include the exploit reliability, its success rate, the number of vulnerabilities chained together for the final exploit to work (more chained bugs means more chances for the exploit to break unexpectedly), and the OS configuration needed for the exploit to work (exploits are valued more if they work against default OS configs).</p>
50660 </blockquote>
50661
50662 <ul>
50663 <li>Zero-days in servers “can reach exceptional amounts”</li>
50664 </ul>
50665
50666 <blockquote>
50667 <p>“Price difference between systems is mostly driven by market shares,” Zerodium founder Chaouki Bekrar told Bleeping Computer via email.<br>
50668 Asked about the logic behind these acquisition drives that pay increased rewards, Bekrar told Bleeping Computer the following:<br>
50669 "Our aim is to always have, at any time, two or more fully functional exploits for every major software, hardware, or operating systems, meaning that from time to time we would promote a specific software/system on our social media to acquire new codes and strengthen our existing capabilities or extend them.”<br>
50670 “We may also react to customers’ requests and their operational needs,” Bekrar said.</p>
50671 </blockquote>
50672
50673 <ul>
50674 <li>It’s becoming a crowded market</li>
50675 </ul>
50676
50677 <blockquote>
50678 <p>Since Zerodium drew everyone’s attention to the exploit brokerage market in 2015, the market has gotten more and more crowded, but also more sleazy, with some companies being accused of selling zero-days to government agencies in countries with oppressive or dictatorial regimes, where they are often used against political oponents, journalists, and dissidents, instead of going after real criminals.<br>
50679 The latest company who broke into the zero-day brokerage market is Crowdfense, who recently launched an acquisition program with prizes of $10 million, of which it already paid $4.5 million to researchers.</p>
50680 </blockquote>
50681
50682 <p><a href="https://twitter.com/Zerodium/status/1012007051466162177">Twitter Announcement</a></p>
50683
50684 <p><hr></p>
50685
50686 <p><strong>Digital Ocean</strong><br>
50687 <a href="http://do.co/bsdnow">http://do.co/bsdnow</a></p>
50688
50689 <p>###<a href="https://euroquis.nl/bobulate/?p=1915">KDE on FreeBSD – June 2018</a></p>
50690
50691 <blockquote>
50692 <p>The KDE-FreeBSD team (a half-dozen hardy individuals, with varying backgrounds and varying degrees of involvement depending on how employment is doing) has a status message in the #kde-freebsd channel on freenode. Right now it looks like this:</p>
50693 </blockquote>
50694
50695 <pre><code>http://FreeBSD.kde.org | Bleeding edge
50696 http://FreeBSD.kde.org/area51.php | Released: Qt 5.10.1, KDE SC 4.14.3, KF5 5.46.0, Applications 18.04.1, Plasma-5.12.5, Kdevelop-5.2.1, Digikam-5.9.0
50697 </code></pre>
50698
50699 <blockquote>
50700 <p>It’s been a while since I wrote about KDE on FreeBSD, what with Calamares and third-party software happening as well. We’re better at keeping the IRC topic up-to-date than a lot of other sources of information (e.g. the FreeBSD quarterly reports, or the f.k.o website, which I’ll just dash off and update after writing this).</p>
50701 </blockquote>
50702
50703 <ul>
50704 <li>In no particular order:</li>
50705 <li>Qt 5.10 is here, in a FrankenEngine incarnation: we still use WebEnging from Qt 5.9 because — like I’ve said before — WebEngine is such a gigantic pain in the butt to update with all the necessary patches to get it to compile.</li>
50706 <li>Our collection of downstream patches to Qt 5.10 is growing, slowly. None of them are upstreamable (e.g. libressl support) though.</li>
50707 <li>KDE Frameworks releases are generally pushed to ports within a week or two of release. Actually, now that there is a bigger stack of KDE software in FreeBSD ports the updates take longer because we have to do exp-runs.</li>
50708 <li>Similarly, Applications and Plasma releases are reasonably up-to-date. We dodged a bullet by not jumping on Plasma 5.13 right away, I see. Tobias is the person doing almost all of the drudge-work of these updates, he deserves a pint of something in Vienna this summer.</li>
50709 <li>The <a href="http://freebsd.kde.org">freebsd.kde.org</a> website has been slightly updated; it was terribly out-of-date.</li>
50710 </ul>
50711
50712 <blockquote>
50713 <p>So we’re mostly-up-to-date, and mostly all packaged up and ready to go. Much of my day is spent in VMs packaged by other people, but it’s good to have a full KDE developer environment outside of them as well. (PS. Gotta hand it to Tomasz for <a href="https://www.angrycane.com.br/wp-content/uploads/2018/06/download_flamingo_and_display.txt">the amazing application for downloading and displaying a flamingo</a> … niche usecases FTW)</p>
50714 </blockquote>
50715
50716 <p><hr></p>
50717
50718 <p>##News Roundup<br>
50719 ###<a href="https://lists.freebsd.org/pipermail/freebsd-announce/2018-July/001836.html">New FreeBSD Core Team Elected</a></p>
50720
50721 <blockquote>
50722 <p>Active committers to the project have elected your tenth FreeBSD Core<br>
50723 Team.</p>
50724 </blockquote>
50725
50726 <ul>
50727 <li>Allan Jude (allanjude)</li>
50728 <li>Benedict Reuschling (bcr)</li>
50729 <li>Brooks Davis (brooks)</li>
50730 <li>Hiroki Sato (hrs)</li>
50731 <li>Jeff Roberson (jeff)</li>
50732 <li>John Baldwin (jhb)</li>
50733 <li>Kris Moore (kmoore)</li>
50734 <li>Sean Chittenden (seanc)</li>
50735 <li>Warner Losh (imp)</li>
50736 </ul>
50737
50738 <blockquote>
50739 <p>Let’s extend our gratitude to the outgoing Core Team members:</p>
50740 </blockquote>
50741
50742 <ul>
50743 <li>Baptiste Daroussin (bapt)</li>
50744 <li>Benno Rice (benno)</li>
50745 <li>Ed Maste (emaste)</li>
50746 <li>George V. Neville-Neil (gnn)</li>
50747 <li>Matthew Seaman (matthew)</li>
50748 </ul>
50749
50750 <blockquote>
50751 <p>Matthew, after having served as the Core Team Secretary for the past<br>
50752 four years, will be stepping down from that role.</p>
50753 </blockquote>
50754
50755 <blockquote>
50756 <p>The Core Team would also like to thank Dag-Erling Smørgrav for running a<br>
50757 flawless election.</p>
50758 </blockquote>
50759
50760 <ul>
50761 <li>To read about the responsibilities of the Core Team, refer to <a href="https://www.freebsd.org/administration.html#t-core">https://www.freebsd.org/administration.html#t-core</a>.</li>
50762 </ul>
50763
50764 <p><hr></p>
50765
50766 <p>###<a href="https://mail-index.netbsd.org/tech-net/2018/06/26/msg006943.html">NetBSD WiFi refresh</a></p>
50767
50768 <blockquote>
50769 <p>The NetBSD Foundation is pleased to announce a summer 2018 contract with Philip Nelson (phil%<a href="http://NetBSD.org">NetBSD.org</a>@localhost) to update the IEEE 802.11 stack basing the update on the FreeBSD current code. The goals of the project are:</p>
50770 </blockquote>
50771
50772 <ul>
50773 <li>Minimizing the differences between the FreeBSD and NetBSD IEEE 802.11 stack so future updates are easier.</li>
50774 <li>Adding support for the newer protocols 801.11/N and 802.11/AC.</li>
50775 <li>Improving SMP support in the IEEE 802.11 stack.</li>
50776 <li>Adding Virtual Access Point (VAP) support.</li>
50777 <li>Updating as many NIC drivers as time permits for the updated IEEE 802.11 stack and VAP changes.</li>
50778 </ul>
50779
50780 <blockquote>
50781 <p>Status reports will be posted to tech-net%<a href="http://NetBSD.org">NetBSD.org</a>@localhost every other week<br>
50782 while the contract is active.</p>
50783 </blockquote>
50784
50785 <p><hr></p>
50786
50787 <p><strong>iXsystems</strong></p>
50788
50789 <p>###<a href="https://github.com/billziss-gh/pmci">Poor Man’s CI - Hosted CI for BSD with shell scripting and duct tape</a></p>
50790
50791 <blockquote>
50792 <p>Poor Man’s CI (PMCI - Poor Man’s Continuous Integration) is a collection of scripts that taken together work as a simple CI solution that runs on Google Cloud. While there are many advanced hosted CI systems today, and many of them are free for open source projects, none of them seem to offer a solution for the BSD operating systems (FreeBSD, NetBSD, OpenBSD, etc.)</p>
50793 </blockquote>
50794
50795 <blockquote>
50796 <p>The architecture of Poor Man’s CI is system agnostic. However in the implementation provided in this repository the only supported systems are FreeBSD and NetBSD. Support for additional systems is possible.</p>
50797 </blockquote>
50798
50799 <blockquote>
50800 <p>Poor Man’s CI runs on the Google Cloud. It is possible to set it up so that the service fits within the Google Cloud “Always Free” limits. In doing so the provided CI is not only hosted, but is also free! (Disclaimer: I am not affiliated with Google and do not otherwise endorse their products.)</p>
50801 </blockquote>
50802
50803 <ul>
50804 <li>ARCHITECTURE</li>
50805 </ul>
50806
50807 <blockquote>
50808 <p>A CI solution listens for “commit” (or more usually “push”) events, builds the associated repository at the appropriate place in its history and reports the results. Poor Man’s CI implements this very basic CI scenario using a simple architecture, which we present in this section.</p>
50809 </blockquote>
50810
50811 <ul>
50812 <li>
50813 <p>Poor Man’s CI consists of the following components and their interactions:</p>
50814 </li>
50815 <li>
50816 <p>Controller: Controls the overall process of accepting GitHub push events and starting builds. The Controller runs in the Cloud Functions environment and is implemented by the files in the controller source directory. It consists of the following components:</p>
50817 <ul>
50818 <li>Listener: Listens for GitHub push events and posts them as work messages to the workq PubSub.</li>
50819 <li>Dispatcher: Receives work messages from the workq PubSub and a free instance name from the Builder Pool. It instantiates a builder instance named name in the Compute Engine environment and passes it the link of a repository to build.</li>
50820 <li>Collector: Receives done messages from the doneq PubSub and posts the freed instance name back to the Builder Pool.</li>
50821 </ul>
50822
50823 <p></li><br>
50824 <li></p>
50825
50826 <p>PubSub Topics:</p>
50827
50828 <ul>
50829 <li>workq: Transports work messages that contain the link of the repository to build.</li>
50830 <li>poolq: Implements the Builder Pool, which contains the name’s of available builder instances. To acquire a builder name, pull a message from the poolq. To release a builder name, post it back into the poolq.</li>
50831 <li>doneq: Transports done messages (builder instance terminate and delete events). These message contain the name of freed builder instances.</li>
50832 </ul>
50833
50834 <p></li><br>
50835 <li></p>
50836
50837 <p>builder: A builder is a Compute Engine instance that performs a build of a repository and shuts down when the build is complete. A builder is instantiated from a VM image and a startx (startup-exit) script.</p>
50838
50839 <p></li><br>
50840 <li></p>
50841
50842 <p>Build Logs: A Storage bucket that contains the logs of builds performed by builder instances.</p>
50843
50844 <p></li><br>
50845 <li></p>
50846
50847 <p>Logging Sink: A Logging Sink captures builder instance terminate and delete events and posts them into the doneq.</p>
50848
50849 <p></li><br>
50850 <li></p>
50851
50852 <p>BUGS</p>
50853
50854 <p></li><br>
50855 </ul></p>
50856
50857 <blockquote>
50858 <p>The Builder Pool is currently implemented as a PubSub; messages in the PubSub contain the names of available builder instances. Unfortunately a PubSub retains its messages for a maximum of 7 days. It is therefore possible that messages will be discarded and that your PMCI deployment will suddenly find itself out of builder instances. If this happens you can reseed the Builder Pool by running the commands below. However this is a serious BUG that should be fixed. For a related discussion see <a href="https://tinyurl.com/ybkycuub">https://tinyurl.com/ybkycuub</a>.</p>
50859 </blockquote>
50860
50861 <p><code>$ ./pmci queue_post poolq builder0</code><br>
50862 <code># ./pmci queue_post poolq builder1</code><br>
50863 <code># ... repeat for as many builders as you want</code></p>
50864
50865 <blockquote>
50866 <p>The Dispatcher is implemented as a Retry Background Cloud Function. It accepts work messages from the workq and attempts to pull a free name from the poolq. If that fails it returns an error, which instructs the infrastructure to retry. Because the infrastructure does not provide any retry controls, this currently happens immediately and the Dispatcher spins unproductively. This is currently mitigated by a “sleep” (setTimeout), but the Cloud Functions system still counts the Function as running and charges it accordingly. While this fits within the “Always Free” limits, it is something that should eventually be fixed (perhaps by the PubSub team). For a related discussion see <a href="https://tinyurl.com/yb2vbwfd">https://tinyurl.com/yb2vbwfd</a>.</p>
50867 </blockquote>
50868
50869 <p><hr></p>
50870
50871 <p>###<a href="https://blog.danielisz.org/2018/06/21/the-power-of-ctrlt/">The Power of Ctrl-T</a></p>
50872
50873 <blockquote>
50874 <p>Did you know that you can check what a process is doing by pressing CTRL+T?<br>
50875 Has it happened to you before that you were waiting for something to be finished that can take a lot of time, but there is no easy way to check the status. Like a dd, cp, mv and many others. All you have to do is press CTRL+T where the process is running. This will output what’s happening and will not interrupt or mess with it in any way. This causes the operating system to output the SIGINFO signal.<br>
50876 On FreeBSD it looks like this:</p>
50877 </blockquote>
50878
50879 <pre><code>ping pingtest.com
50880 PING pingtest.com (5.22.149.135): 56 data bytes
50881 64 bytes from 5.22.149.135: icmp_seq=0 ttl=51 time=86.232 ms
50882 64 bytes from 5.22.149.135: icmp_seq=1 ttl=51 time=85.477 ms
50883 64 bytes from 5.22.149.135: icmp_seq=2 ttl=51 time=85.493 ms
50884 64 bytes from 5.22.149.135: icmp_seq=3 ttl=51 time=85.211 ms
50885 64 bytes from 5.22.149.135: icmp_seq=4 ttl=51 time=86.002 ms
50886 load: 1.12 cmd: ping 94371 [select] 4.70r 0.00u 0.00s 0% 2500k
50887 5/5 packets received (100.0%) 85.211 min / 85.683 avg / 86.232 max
50888 64 bytes from 5.22.149.135: icmp_seq=5 ttl=51 time=85.725 ms
50889 64 bytes from 5.22.149.135: icmp_seq=6 ttl=51 time=85.510 ms
50890 </code></pre>
50891
50892 <blockquote>
50893 <p>As you can see it not only outputs the name of the running command but the following parameters as well:</p>
50894 </blockquote>
50895
50896 <pre><code>94371 – PID
50897 4.70r – since when is the process running
50898 0.00u – user time
50899 0.00s – system time
50900 0% – CPU usage
50901 2500k – resident set size of the process or RSS
50902 ``
50903
50904 > An even better example is with the following cp command:
50905
50906 </code></pre>
50907
50908 <p>cp FreeBSD-11.1-RELEASE-amd64-dvd1.iso /dev/null<br>
50909 load: 0.99 cmd: cp 94412 [runnable] 1.61r 0.00u 0.39s 3% 3100k<br>
50910 FreeBSD-11.1-RELEASE-amd64-dvd1.iso -> /dev/null 15%<br>
50911 load: 0.91 cmd: cp 94412 [runnable] 2.91r 0.00u 0.80s 6% 3104k<br>
50912 FreeBSD-11.1-RELEASE-amd64-dvd1.iso -> /dev/null 32%<br>
50913 load: 0.91 cmd: cp 94412 [runnable] 4.20r 0.00u 1.23s 9% 3104k<br>
50914 FreeBSD-11.1-RELEASE-amd64-dvd1.iso -> /dev/null 49%<br>
50915 load: 0.91 cmd: cp 94412 [runnable] 5.43r 0.00u 1.64s 11% 3104k<br>
50916 FreeBSD-11.1-RELEASE-amd64-dvd1.iso -> /dev/null 64%<br>
50917 load: 1.07 cmd: cp 94412 [runnable] 6.65r 0.00u 2.05s 13% 3104k<br>
50918 FreeBSD-11.1-RELEASE-amd64-dvd1.iso -> /dev/null 79%<br>
50919 load: 1.07 cmd: cp 94412 [runnable] 7.87r 0.00u 2.43s 15% 3104k<br>
50920 FreeBSD-11.1-RELEASE-amd64-dvd1.iso -> /dev/null 95%</p>
50921
50922 <pre><code>
50923 > I prcessed CTRL+T six times. Without that, all the output would have been is the first line.
50924
50925 > Another example how the process is changing states:
50926
50927 </code></pre>
50928
50929 <p>wget <a href="https://download.freebsd.org/ftp/releases/amd64/amd64/ISO-IMAGES/11.1/FreeBSD-11.1-RELEASE-amd64-dvd1.iso">https://download.freebsd.org/ftp/releases/amd64/amd64/ISO-IMAGES/11.1/FreeBSD-11.1-RELEASE-amd64-dvd1.iso</a><br>
50930 –2018-06-17 18:47:48– <a href="https://download.freebsd.org/ftp/releases/amd64/amd64/ISO-IMAGES/11.1/FreeBSD-11.1-RELEASE-amd64-dvd1.iso">https://download.freebsd.org/ftp/releases/amd64/amd64/ISO-IMAGES/11.1/FreeBSD-11.1-RELEASE-amd64-dvd1.iso</a><br>
50931 Resolving <a href="http://download.freebsd.org">download.freebsd.org</a> (<a href="http://download.freebsd.org">download.freebsd.org</a>)… 96.47.72.72, 2610:1c1:1:606c::15:0<br>
50932 Connecting to <a href="http://download.freebsd.org">download.freebsd.org</a> (<a href="http://download.freebsd.org">download.freebsd.org</a>)|96.47.72.72|:443… connected.<br>
50933 HTTP request sent, awaiting response… 200 OK<br>
50934 Length: 3348465664 (3.1G) [application/octet-stream]<br>
50935 Saving to: ‘FreeBSD-11.1-RELEASE-amd64-dvd1.iso’</p>
50936
50937 <p>FreeBSD-11.1-RELEASE-amd64-dvd1.iso 1%[> ] 41.04M 527KB/s eta 26m 49sload: 4.95 cmd: wget 10152 waiting 0.48u 0.72s<br>
50938 FreeBSD-11.1-RELEASE-amd64-dvd1.iso 1%[> ] 49.41M 659KB/s eta 25m 29sload: 12.64 cmd: wget 10152 waiting 0.55u 0.85s<br>
50939 FreeBSD-11.1-RELEASE-amd64-dvd1.iso 2%[=> ] 75.58M 6.31MB/s eta 20m 6s load: 11.71 cmd: wget 10152 running 0.73u 1.19s<br>
50940 FreeBSD-11.1-RELEASE-amd64-dvd1.iso 2%[=> ] 85.63M 6.83MB/s eta 18m 58sload: 11.71 cmd: wget 10152 waiting 0.80u 1.32s<br>
50941 FreeBSD-11.1-RELEASE-amd64-dvd1.iso 14%[==============> ] 460.23M 7.01MB/s eta 9m 0s 1</p>
50942
50943 <pre><code>
50944 > The bad news is that CTRl+T doesn’t work with Linux kernel, but you can use it on MacOS/OS-X:
50945
50946 </code></pre>
50947
50948 <p>—> Fetching distfiles for gmp<br>
50949 —> Attempting to fetch gmp-6.1.2.tar.bz2 from <a href="https://distfiles.macports.org/gmp">https://distfiles.macports.org/gmp</a><br>
50950 —> Verifying checksums for gmp<br>
50951 —> Extracting gmp<br>
50952 —> Applying patches to gmp<br>
50953 —> Configuring gmp<br>
50954 load: 2.81 cmd: clang 74287 running 0.31u 0.28s</p>
50955
50956 <pre><code>
50957 > PS: If I recall correctly Feld showed me CTRL+T, thank you!
50958
50959 ***
50960
50961
50962 ##Beastie Bits
50963 + [Half billion tries for a HAMMER2 bug](http://lists.dragonflybsd.org/pipermail/commits/2018-May/672263.html)
50964 + OpenBSD with various Desktops
50965 + [OpenBSD 6.3 running twm window manager](https://youtu.be/v6XeC5wU2s4)
50966 + [OpenBSD 6.3 jwm and rox desktop](https://youtu.be/jlSK2oi7CBc)
50967 + [OpenBSD 6.3 cwm youtube video](https://youtu.be/mgqNyrP2CPs)
50968 + [pf: Increase default state table size](https://svnweb.freebsd.org/base?view=revision&revision=336221)
50969 ***
50970
50971 **Tarsnap**
50972
50973 ##Feedback/Questions
50974 + Ben Sims - [Full feed?](http://dpaste.com/3XVH91T#wrap)
50975 + Scott - [Questions and Comments](http://dpaste.com/08P34YN#wrap)
50976 + Troels - [Features of FreeBSD 11.2 that deserve a mention](http://dpaste.com/3DDPEC2#wrap)
50977 + [Fred - Show Ideas](http://dpaste.com/296ZA0P#wrap)
50978 ***
50979
50980 - Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [feedback@bsdnow.tv](mailto:feedback@bsdnow.tv)
50981 ***
50982
50983 ***
50984
50985 iXsystems [It's all NAS](https://www.ixsystems.com/blog/its-all-nas/)
50986 </code></pre>]]>
50987 </content:encoded>
50988 <itunes:summary>
50989 <![CDATA[<p>What ZFS blockpointers are, zero-day rewards offered, KDE on FreeBSD status, new FreeBSD core team, NetBSD WiFi refresh, poor man’s CI, and the power of Ctrl+T.</p>
50990
50991 <p>##Headlines<br>
50992 ###<a href="https://utcc.utoronto.ca/~cks/space/blog/solaris/ZFSBlockPointers">What ZFS block pointers are and what’s in them</a></p>
50993
50994 <blockquote>
50995 <p>I’ve mentioned ZFS block pointers in the past; for example, when I wrote about some details of ZFS DVAs, I said that DVAs are embedded in block pointers. But I’ve never really looked carefully at what is in block pointers and what that means and implies for ZFS.</p>
50996 </blockquote>
50997
50998 <blockquote>
50999 <p>The very simple way to describe a ZFS block pointer is that it’s what ZFS uses in places where other filesystems would simply put a block number. Just like block numbers but unlike things like ZFS dnodes, a block pointer isn’t a separate on-disk entity; instead it’s an on disk data format and an in memory structure that shows up in other things. To quote from the (draft and old) ZFS on-disk specification (PDF):</p>
51000 </blockquote>
51001
51002 <blockquote>
51003 <p>A block pointer (blkptr_t) is a 128 byte ZFS structure used to physically locate, verify, and describe blocks of data on disk.</p>
51004 </blockquote>
51005
51006 <blockquote>
51007 <p>Block pointers are embedded in any ZFS on disk structure that points directly to other disk blocks, both for data and metadata. For instance, the dnode for a file contains block pointers that refer to either its data blocks (if it’s small enough) or indirect blocks, as I saw in this entry. However, as I discovered when I paid attention, most things in ZFS only point to dnodes indirectly, by giving their object number (either in a ZFS filesystem or in pool-wide metadata).</p>
51008 </blockquote>
51009
51010 <blockquote>
51011 <p>So what’s in a block pointer itself? You can find the technical details for modern ZFS in spa.h, so I’m going to give a sort of summary. A regular block pointer contains:</p>
51012 </blockquote>
51013
51014 <ul>
51015 <li>various metadata and flags about what the block pointer is for and what parts of it mean, including what type of object it points to.</li>
51016 <li>Up to three DVAs that say where to actually find the data on disk. There can be more than one DVA because you may have set the copies property to 2 or 3, or this may be metadata (which normally has two copies and may have more for sufficiently important metadata).</li>
51017 <li>The logical size (size before compression) and ‘physical’ size (the nominal size after compression) of the disk block. The physical size can do odd things and is not necessarily the asize (allocated size) for the DVA(s).</li>
51018 <li>The txgs that the block was born in, both logically and physically (the physical txg is apparently for dva[0]). The physical txg was added with ZFS deduplication but apparently also shows up in vdev removal.</li>
51019 <li>The checksum of the data the block pointer describes. This checksum implicitly covers the entire logical size of the data, and as a result you must read all of the data in order to verify it. This can be an issue on raidz vdevs or if the block had to use gang blocks.</li>
51020 </ul>
51021
51022 <blockquote>
51023 <p>Just like basically everything else in ZFS, block pointers don’t have an explicit checksum of their contents. Instead they’re implicitly covered by the checksum of whatever they’re embedded in; the block pointers in a dnode are covered by the overall checksum of the dnode, for example. Block pointers must include a checksum for the data they point to because such data is ‘out of line’ for the containing object.</p>
51024 </blockquote>
51025
51026 <blockquote>
51027 <p>(The block pointers in a dnode don’t necessarily point straight to data. If there’s more than a bit of data in whatever the dnode covers, the dnode’s block pointers will instead point to some level of indirect block, which itself has some number of block pointers.)</p>
51028 </blockquote>
51029
51030 <blockquote>
51031 <p>There is a special type of block pointer called an embedded block pointer. Embedded block pointers directly contain up to 112 bytes of data; apart from the data, they contain only the metadata fields and a logical birth txg. As with conventional block pointers, this data is implicitly covered by the checksum of the containing object.</p>
51032 </blockquote>
51033
51034 <blockquote>
51035 <p>Since block pointers directly contain the address of things on disk (in the form of DVAs), they have to change any time that address changes, which means any time ZFS does its copy on write thing. This forces a change in whatever contains the block pointer, which in turn ripples up to another block pointer (whatever points to said containing thing), and so on until we eventually reach the Meta Object Set and the uberblock. How this works is a bit complicated, but ZFS is designed to generally make this a relatively shallow change with not many levels of things involved (as I discovered recently).</p>
51036 </blockquote>
51037
51038 <blockquote>
51039 <p>As far as I understand things, the logical birth txg of a block pointer is the transaction group in which the block pointer was allocated. Because of ZFS’s copy on write principle, this means that nothing underneath the block pointer has been updated or changed since that txg; if something changed, it would have been written to a new place on disk, which would have forced a change in at least one DVA and thus a ripple of updates that would update the logical birth txg.</p>
51040 </blockquote>
51041
51042 <blockquote>
51043 <p>However, this doesn’t quite mean what I used to think it meant because of ZFS’s level of indirection. If you change a file by writing data to it, you will change some of the file’s block pointers, updating their logical birth txg, and you will change the file’s dnode. However, you won’t change any block pointers and thus any logical birth txgs for the filesystem directory the file is in (or anything else up the directory tree), because the directory refers to the file through its object number, not by directly pointing to its dnode. You can still use logical birth txgs to efficiently find changes from one txg to another, but you won’t necessarily get a filesystem level view of these changes; instead, as far as I can see, you will basically get a view of what object(s) in a filesystem changed (effectively, what inode numbers changed).</p>
51044 </blockquote>
51045
51046 <blockquote>
51047 <p>(ZFS has an interesting hack to make things like ‘zfs diff’ work far more efficiently than you would expect in light of this, but that’s going to take yet another entry to cover.)</p>
51048 </blockquote>
51049
51050 <p><hr></p>
51051
51052 <p>###<a href="https://www.bleepingcomputer.com/news/security/rewards-of-up-to-500-000-offered-for-freebsd-openbsd-netbsd-linux-zero-days/">Rewards of Up to $500,000 Offered for FreeBSD, OpenBSD, NetBSD, Linux Zero-Days</a></p>
51053
51054 <blockquote>
51055 <p>Exploit broker Zerodium is offering rewards of up to $500,000 for zero-days in UNIX-based operating systems like OpenBSD, FreeBSD, NetBSD, but also for Linux distros such as Ubuntu, CentOS, Debian, and Tails.<br>
51056 The offer, first advertised via Twitter earlier this week, is available as part of the company’s latest zero-day acquisition drive. Zerodium is known for buying zero-days and selling them to government agencies and law enforcement.<br>
51057 The company runs a regular zero-day acquisition program through its website, but it often holds special drives with more substantial rewards when it needs zero-days of a specific category.</p>
51058 </blockquote>
51059
51060 <ul>
51061 <li>BSD zero-day rewards will be on par with Linux payouts</li>
51062 </ul>
51063
51064 <blockquote>
51065 <p>The US-based company held a previous drive with increased rewards for Linux zero-days in February, with rewards going as high as $45,000.<br>
51066 In another zero-day acquisition drive announced on Twitter this week, the company said it was looking again for Linux zero-days, but also for exploits targeting BSD systems. This time around, rewards can go up to $500,000, for the right exploit.<br>
51067 Zerodium told Bleeping Computer they’ll be aligning the temporary rewards for BSD systems with their usual payouts for Linux distros.<br>
51068 The company’s usual payouts for Linux privilege escalation exploits can range from $10,000 to $30,000. Local privilege escalation (LPE) rewards can even reach $100,000 for “an exploit with an exceptional quality and coverage,” such as, for example, a Linux kernel exploit affecting all major distributions.<br>
51069 Payouts for Linux remote code execution (RCE) exploits can bring in from $50,000 to $500,000 depending on the targeted software/service and its market share. The highest rewards are usually awarded for LPEs and RCEs affecting CentOS and Ubuntu distros.</p>
51070 </blockquote>
51071
51072 <ul>
51073 <li>Zero-day price varies based on exploitation chain</li>
51074 </ul>
51075
51076 <blockquote>
51077 <p>The acquisition price of a submitted zero-day is directly tied to its requirements in terms of user interaction (no click, one click, two clicks, etc.), Zerodium said.<br>
51078 Other factors include the exploit reliability, its success rate, the number of vulnerabilities chained together for the final exploit to work (more chained bugs means more chances for the exploit to break unexpectedly), and the OS configuration needed for the exploit to work (exploits are valued more if they work against default OS configs).</p>
51079 </blockquote>
51080
51081 <ul>
51082 <li>Zero-days in servers “can reach exceptional amounts”</li>
51083 </ul>
51084
51085 <blockquote>
51086 <p>“Price difference between systems is mostly driven by market shares,” Zerodium founder Chaouki Bekrar told Bleeping Computer via email.<br>
51087 Asked about the logic behind these acquisition drives that pay increased rewards, Bekrar told Bleeping Computer the following:<br>
51088 "Our aim is to always have, at any time, two or more fully functional exploits for every major software, hardware, or operating systems, meaning that from time to time we would promote a specific software/system on our social media to acquire new codes and strengthen our existing capabilities or extend them.”<br>
51089 “We may also react to customers’ requests and their operational needs,” Bekrar said.</p>
51090 </blockquote>
51091
51092 <ul>
51093 <li>It’s becoming a crowded market</li>
51094 </ul>
51095
51096 <blockquote>
51097 <p>Since Zerodium drew everyone’s attention to the exploit brokerage market in 2015, the market has gotten more and more crowded, but also more sleazy, with some companies being accused of selling zero-days to government agencies in countries with oppressive or dictatorial regimes, where they are often used against political oponents, journalists, and dissidents, instead of going after real criminals.<br>
51098 The latest company who broke into the zero-day brokerage market is Crowdfense, who recently launched an acquisition program with prizes of $10 million, of which it already paid $4.5 million to researchers.</p>
51099 </blockquote>
51100
51101 <p><a href="https://twitter.com/Zerodium/status/1012007051466162177">Twitter Announcement</a></p>
51102
51103 <p><hr></p>
51104
51105 <p><strong>Digital Ocean</strong><br>
51106 <a href="http://do.co/bsdnow">http://do.co/bsdnow</a></p>
51107
51108 <p>###<a href="https://euroquis.nl/bobulate/?p=1915">KDE on FreeBSD – June 2018</a></p>
51109
51110 <blockquote>
51111 <p>The KDE-FreeBSD team (a half-dozen hardy individuals, with varying backgrounds and varying degrees of involvement depending on how employment is doing) has a status message in the #kde-freebsd channel on freenode. Right now it looks like this:</p>
51112 </blockquote>
51113
51114 <pre><code>http://FreeBSD.kde.org | Bleeding edge
51115 http://FreeBSD.kde.org/area51.php | Released: Qt 5.10.1, KDE SC 4.14.3, KF5 5.46.0, Applications 18.04.1, Plasma-5.12.5, Kdevelop-5.2.1, Digikam-5.9.0
51116 </code></pre>
51117
51118 <blockquote>
51119 <p>It’s been a while since I wrote about KDE on FreeBSD, what with Calamares and third-party software happening as well. We’re better at keeping the IRC topic up-to-date than a lot of other sources of information (e.g. the FreeBSD quarterly reports, or the f.k.o website, which I’ll just dash off and update after writing this).</p>
51120 </blockquote>
51121
51122 <ul>
51123 <li>In no particular order:</li>
51124 <li>Qt 5.10 is here, in a FrankenEngine incarnation: we still use WebEnging from Qt 5.9 because — like I’ve said before — WebEngine is such a gigantic pain in the butt to update with all the necessary patches to get it to compile.</li>
51125 <li>Our collection of downstream patches to Qt 5.10 is growing, slowly. None of them are upstreamable (e.g. libressl support) though.</li>
51126 <li>KDE Frameworks releases are generally pushed to ports within a week or two of release. Actually, now that there is a bigger stack of KDE software in FreeBSD ports the updates take longer because we have to do exp-runs.</li>
51127 <li>Similarly, Applications and Plasma releases are reasonably up-to-date. We dodged a bullet by not jumping on Plasma 5.13 right away, I see. Tobias is the person doing almost all of the drudge-work of these updates, he deserves a pint of something in Vienna this summer.</li>
51128 <li>The <a href="http://freebsd.kde.org">freebsd.kde.org</a> website has been slightly updated; it was terribly out-of-date.</li>
51129 </ul>
51130
51131 <blockquote>
51132 <p>So we’re mostly-up-to-date, and mostly all packaged up and ready to go. Much of my day is spent in VMs packaged by other people, but it’s good to have a full KDE developer environment outside of them as well. (PS. Gotta hand it to Tomasz for <a href="https://www.angrycane.com.br/wp-content/uploads/2018/06/download_flamingo_and_display.txt">the amazing application for downloading and displaying a flamingo</a> … niche usecases FTW)</p>
51133 </blockquote>
51134
51135 <p><hr></p>
51136
51137 <p>##News Roundup<br>
51138 ###<a href="https://lists.freebsd.org/pipermail/freebsd-announce/2018-July/001836.html">New FreeBSD Core Team Elected</a></p>
51139
51140 <blockquote>
51141 <p>Active committers to the project have elected your tenth FreeBSD Core<br>
51142 Team.</p>
51143 </blockquote>
51144
51145 <ul>
51146 <li>Allan Jude (allanjude)</li>
51147 <li>Benedict Reuschling (bcr)</li>
51148 <li>Brooks Davis (brooks)</li>
51149 <li>Hiroki Sato (hrs)</li>
51150 <li>Jeff Roberson (jeff)</li>
51151 <li>John Baldwin (jhb)</li>
51152 <li>Kris Moore (kmoore)</li>
51153 <li>Sean Chittenden (seanc)</li>
51154 <li>Warner Losh (imp)</li>
51155 </ul>
51156
51157 <blockquote>
51158 <p>Let’s extend our gratitude to the outgoing Core Team members:</p>
51159 </blockquote>
51160
51161 <ul>
51162 <li>Baptiste Daroussin (bapt)</li>
51163 <li>Benno Rice (benno)</li>
51164 <li>Ed Maste (emaste)</li>
51165 <li>George V. Neville-Neil (gnn)</li>
51166 <li>Matthew Seaman (matthew)</li>
51167 </ul>
51168
51169 <blockquote>
51170 <p>Matthew, after having served as the Core Team Secretary for the past<br>
51171 four years, will be stepping down from that role.</p>
51172 </blockquote>
51173
51174 <blockquote>
51175 <p>The Core Team would also like to thank Dag-Erling Smørgrav for running a<br>
51176 flawless election.</p>
51177 </blockquote>
51178
51179 <ul>
51180 <li>To read about the responsibilities of the Core Team, refer to <a href="https://www.freebsd.org/administration.html#t-core">https://www.freebsd.org/administration.html#t-core</a>.</li>
51181 </ul>
51182
51183 <p><hr></p>
51184
51185 <p>###<a href="https://mail-index.netbsd.org/tech-net/2018/06/26/msg006943.html">NetBSD WiFi refresh</a></p>
51186
51187 <blockquote>
51188 <p>The NetBSD Foundation is pleased to announce a summer 2018 contract with Philip Nelson (phil%<a href="http://NetBSD.org">NetBSD.org</a>@localhost) to update the IEEE 802.11 stack basing the update on the FreeBSD current code. The goals of the project are:</p>
51189 </blockquote>
51190
51191 <ul>
51192 <li>Minimizing the differences between the FreeBSD and NetBSD IEEE 802.11 stack so future updates are easier.</li>
51193 <li>Adding support for the newer protocols 801.11/N and 802.11/AC.</li>
51194 <li>Improving SMP support in the IEEE 802.11 stack.</li>
51195 <li>Adding Virtual Access Point (VAP) support.</li>
51196 <li>Updating as many NIC drivers as time permits for the updated IEEE 802.11 stack and VAP changes.</li>
51197 </ul>
51198
51199 <blockquote>
51200 <p>Status reports will be posted to tech-net%<a href="http://NetBSD.org">NetBSD.org</a>@localhost every other week<br>
51201 while the contract is active.</p>
51202 </blockquote>
51203
51204 <p><hr></p>
51205
51206 <p><strong>iXsystems</strong></p>
51207
51208 <p>###<a href="https://github.com/billziss-gh/pmci">Poor Man’s CI - Hosted CI for BSD with shell scripting and duct tape</a></p>
51209
51210 <blockquote>
51211 <p>Poor Man’s CI (PMCI - Poor Man’s Continuous Integration) is a collection of scripts that taken together work as a simple CI solution that runs on Google Cloud. While there are many advanced hosted CI systems today, and many of them are free for open source projects, none of them seem to offer a solution for the BSD operating systems (FreeBSD, NetBSD, OpenBSD, etc.)</p>
51212 </blockquote>
51213
51214 <blockquote>
51215 <p>The architecture of Poor Man’s CI is system agnostic. However in the implementation provided in this repository the only supported systems are FreeBSD and NetBSD. Support for additional systems is possible.</p>
51216 </blockquote>
51217
51218 <blockquote>
51219 <p>Poor Man’s CI runs on the Google Cloud. It is possible to set it up so that the service fits within the Google Cloud “Always Free” limits. In doing so the provided CI is not only hosted, but is also free! (Disclaimer: I am not affiliated with Google and do not otherwise endorse their products.)</p>
51220 </blockquote>
51221
51222 <ul>
51223 <li>ARCHITECTURE</li>
51224 </ul>
51225
51226 <blockquote>
51227 <p>A CI solution listens for “commit” (or more usually “push”) events, builds the associated repository at the appropriate place in its history and reports the results. Poor Man’s CI implements this very basic CI scenario using a simple architecture, which we present in this section.</p>
51228 </blockquote>
51229
51230 <ul>
51231 <li>
51232 <p>Poor Man’s CI consists of the following components and their interactions:</p>
51233 </li>
51234 <li>
51235 <p>Controller: Controls the overall process of accepting GitHub push events and starting builds. The Controller runs in the Cloud Functions environment and is implemented by the files in the controller source directory. It consists of the following components:</p>
51236 <ul>
51237 <li>Listener: Listens for GitHub push events and posts them as work messages to the workq PubSub.</li>
51238 <li>Dispatcher: Receives work messages from the workq PubSub and a free instance name from the Builder Pool. It instantiates a builder instance named name in the Compute Engine environment and passes it the link of a repository to build.</li>
51239 <li>Collector: Receives done messages from the doneq PubSub and posts the freed instance name back to the Builder Pool.</li>
51240 </ul>
51241
51242 <p></li><br>
51243 <li></p>
51244
51245 <p>PubSub Topics:</p>
51246
51247 <ul>
51248 <li>workq: Transports work messages that contain the link of the repository to build.</li>
51249 <li>poolq: Implements the Builder Pool, which contains the name’s of available builder instances. To acquire a builder name, pull a message from the poolq. To release a builder name, post it back into the poolq.</li>
51250 <li>doneq: Transports done messages (builder instance terminate and delete events). These message contain the name of freed builder instances.</li>
51251 </ul>
51252
51253 <p></li><br>
51254 <li></p>
51255
51256 <p>builder: A builder is a Compute Engine instance that performs a build of a repository and shuts down when the build is complete. A builder is instantiated from a VM image and a startx (startup-exit) script.</p>
51257
51258 <p></li><br>
51259 <li></p>
51260
51261 <p>Build Logs: A Storage bucket that contains the logs of builds performed by builder instances.</p>
51262
51263 <p></li><br>
51264 <li></p>
51265
51266 <p>Logging Sink: A Logging Sink captures builder instance terminate and delete events and posts them into the doneq.</p>
51267
51268 <p></li><br>
51269 <li></p>
51270
51271 <p>BUGS</p>
51272
51273 <p></li><br>
51274 </ul></p>
51275
51276 <blockquote>
51277 <p>The Builder Pool is currently implemented as a PubSub; messages in the PubSub contain the names of available builder instances. Unfortunately a PubSub retains its messages for a maximum of 7 days. It is therefore possible that messages will be discarded and that your PMCI deployment will suddenly find itself out of builder instances. If this happens you can reseed the Builder Pool by running the commands below. However this is a serious BUG that should be fixed. For a related discussion see <a href="https://tinyurl.com/ybkycuub">https://tinyurl.com/ybkycuub</a>.</p>
51278 </blockquote>
51279
51280 <p><code>$ ./pmci queue_post poolq builder0</code><br>
51281 <code># ./pmci queue_post poolq builder1</code><br>
51282 <code># ... repeat for as many builders as you want</code></p>
51283
51284 <blockquote>
51285 <p>The Dispatcher is implemented as a Retry Background Cloud Function. It accepts work messages from the workq and attempts to pull a free name from the poolq. If that fails it returns an error, which instructs the infrastructure to retry. Because the infrastructure does not provide any retry controls, this currently happens immediately and the Dispatcher spins unproductively. This is currently mitigated by a “sleep” (setTimeout), but the Cloud Functions system still counts the Function as running and charges it accordingly. While this fits within the “Always Free” limits, it is something that should eventually be fixed (perhaps by the PubSub team). For a related discussion see <a href="https://tinyurl.com/yb2vbwfd">https://tinyurl.com/yb2vbwfd</a>.</p>
51286 </blockquote>
51287
51288 <p><hr></p>
51289
51290 <p>###<a href="https://blog.danielisz.org/2018/06/21/the-power-of-ctrlt/">The Power of Ctrl-T</a></p>
51291
51292 <blockquote>
51293 <p>Did you know that you can check what a process is doing by pressing CTRL+T?<br>
51294 Has it happened to you before that you were waiting for something to be finished that can take a lot of time, but there is no easy way to check the status. Like a dd, cp, mv and many others. All you have to do is press CTRL+T where the process is running. This will output what’s happening and will not interrupt or mess with it in any way. This causes the operating system to output the SIGINFO signal.<br>
51295 On FreeBSD it looks like this:</p>
51296 </blockquote>
51297
51298 <pre><code>ping pingtest.com
51299 PING pingtest.com (5.22.149.135): 56 data bytes
51300 64 bytes from 5.22.149.135: icmp_seq=0 ttl=51 time=86.232 ms
51301 64 bytes from 5.22.149.135: icmp_seq=1 ttl=51 time=85.477 ms
51302 64 bytes from 5.22.149.135: icmp_seq=2 ttl=51 time=85.493 ms
51303 64 bytes from 5.22.149.135: icmp_seq=3 ttl=51 time=85.211 ms
51304 64 bytes from 5.22.149.135: icmp_seq=4 ttl=51 time=86.002 ms
51305 load: 1.12 cmd: ping 94371 [select] 4.70r 0.00u 0.00s 0% 2500k
51306 5/5 packets received (100.0%) 85.211 min / 85.683 avg / 86.232 max
51307 64 bytes from 5.22.149.135: icmp_seq=5 ttl=51 time=85.725 ms
51308 64 bytes from 5.22.149.135: icmp_seq=6 ttl=51 time=85.510 ms
51309 </code></pre>
51310
51311 <blockquote>
51312 <p>As you can see it not only outputs the name of the running command but the following parameters as well:</p>
51313 </blockquote>
51314
51315 <pre><code>94371 – PID
51316 4.70r – since when is the process running
51317 0.00u – user time
51318 0.00s – system time
51319 0% – CPU usage
51320 2500k – resident set size of the process or RSS
51321 ``
51322
51323 > An even better example is with the following cp command:
51324
51325 </code></pre>
51326
51327 <p>cp FreeBSD-11.1-RELEASE-amd64-dvd1.iso /dev/null<br>
51328 load: 0.99 cmd: cp 94412 [runnable] 1.61r 0.00u 0.39s 3% 3100k<br>
51329 FreeBSD-11.1-RELEASE-amd64-dvd1.iso -> /dev/null 15%<br>
51330 load: 0.91 cmd: cp 94412 [runnable] 2.91r 0.00u 0.80s 6% 3104k<br>
51331 FreeBSD-11.1-RELEASE-amd64-dvd1.iso -> /dev/null 32%<br>
51332 load: 0.91 cmd: cp 94412 [runnable] 4.20r 0.00u 1.23s 9% 3104k<br>
51333 FreeBSD-11.1-RELEASE-amd64-dvd1.iso -> /dev/null 49%<br>
51334 load: 0.91 cmd: cp 94412 [runnable] 5.43r 0.00u 1.64s 11% 3104k<br>
51335 FreeBSD-11.1-RELEASE-amd64-dvd1.iso -> /dev/null 64%<br>
51336 load: 1.07 cmd: cp 94412 [runnable] 6.65r 0.00u 2.05s 13% 3104k<br>
51337 FreeBSD-11.1-RELEASE-amd64-dvd1.iso -> /dev/null 79%<br>
51338 load: 1.07 cmd: cp 94412 [runnable] 7.87r 0.00u 2.43s 15% 3104k<br>
51339 FreeBSD-11.1-RELEASE-amd64-dvd1.iso -> /dev/null 95%</p>
51340
51341 <pre><code>
51342 > I prcessed CTRL+T six times. Without that, all the output would have been is the first line.
51343
51344 > Another example how the process is changing states:
51345
51346 </code></pre>
51347
51348 <p>wget <a href="https://download.freebsd.org/ftp/releases/amd64/amd64/ISO-IMAGES/11.1/FreeBSD-11.1-RELEASE-amd64-dvd1.iso">https://download.freebsd.org/ftp/releases/amd64/amd64/ISO-IMAGES/11.1/FreeBSD-11.1-RELEASE-amd64-dvd1.iso</a><br>
51349 –2018-06-17 18:47:48– <a href="https://download.freebsd.org/ftp/releases/amd64/amd64/ISO-IMAGES/11.1/FreeBSD-11.1-RELEASE-amd64-dvd1.iso">https://download.freebsd.org/ftp/releases/amd64/amd64/ISO-IMAGES/11.1/FreeBSD-11.1-RELEASE-amd64-dvd1.iso</a><br>
51350 Resolving <a href="http://download.freebsd.org">download.freebsd.org</a> (<a href="http://download.freebsd.org">download.freebsd.org</a>)… 96.47.72.72, 2610:1c1:1:606c::15:0<br>
51351 Connecting to <a href="http://download.freebsd.org">download.freebsd.org</a> (<a href="http://download.freebsd.org">download.freebsd.org</a>)|96.47.72.72|:443… connected.<br>
51352 HTTP request sent, awaiting response… 200 OK<br>
51353 Length: 3348465664 (3.1G) [application/octet-stream]<br>
51354 Saving to: ‘FreeBSD-11.1-RELEASE-amd64-dvd1.iso’</p>
51355
51356 <p>FreeBSD-11.1-RELEASE-amd64-dvd1.iso 1%[> ] 41.04M 527KB/s eta 26m 49sload: 4.95 cmd: wget 10152 waiting 0.48u 0.72s<br>
51357 FreeBSD-11.1-RELEASE-amd64-dvd1.iso 1%[> ] 49.41M 659KB/s eta 25m 29sload: 12.64 cmd: wget 10152 waiting 0.55u 0.85s<br>
51358 FreeBSD-11.1-RELEASE-amd64-dvd1.iso 2%[=> ] 75.58M 6.31MB/s eta 20m 6s load: 11.71 cmd: wget 10152 running 0.73u 1.19s<br>
51359 FreeBSD-11.1-RELEASE-amd64-dvd1.iso 2%[=> ] 85.63M 6.83MB/s eta 18m 58sload: 11.71 cmd: wget 10152 waiting 0.80u 1.32s<br>
51360 FreeBSD-11.1-RELEASE-amd64-dvd1.iso 14%[==============> ] 460.23M 7.01MB/s eta 9m 0s 1</p>
51361
51362 <pre><code>
51363 > The bad news is that CTRl+T doesn’t work with Linux kernel, but you can use it on MacOS/OS-X:
51364
51365 </code></pre>
51366
51367 <p>—> Fetching distfiles for gmp<br>
51368 —> Attempting to fetch gmp-6.1.2.tar.bz2 from <a href="https://distfiles.macports.org/gmp">https://distfiles.macports.org/gmp</a><br>
51369 —> Verifying checksums for gmp<br>
51370 —> Extracting gmp<br>
51371 —> Applying patches to gmp<br>
51372 —> Configuring gmp<br>
51373 load: 2.81 cmd: clang 74287 running 0.31u 0.28s</p>
51374
51375 <pre><code>
51376 > PS: If I recall correctly Feld showed me CTRL+T, thank you!
51377
51378 ***
51379
51380
51381 ##Beastie Bits
51382 + [Half billion tries for a HAMMER2 bug](http://lists.dragonflybsd.org/pipermail/commits/2018-May/672263.html)
51383 + OpenBSD with various Desktops
51384 + [OpenBSD 6.3 running twm window manager](https://youtu.be/v6XeC5wU2s4)
51385 + [OpenBSD 6.3 jwm and rox desktop](https://youtu.be/jlSK2oi7CBc)
51386 + [OpenBSD 6.3 cwm youtube video](https://youtu.be/mgqNyrP2CPs)
51387 + [pf: Increase default state table size](https://svnweb.freebsd.org/base?view=revision&revision=336221)
51388 ***
51389
51390 **Tarsnap**
51391
51392 ##Feedback/Questions
51393 + Ben Sims - [Full feed?](http://dpaste.com/3XVH91T#wrap)
51394 + Scott - [Questions and Comments](http://dpaste.com/08P34YN#wrap)
51395 + Troels - [Features of FreeBSD 11.2 that deserve a mention](http://dpaste.com/3DDPEC2#wrap)
51396 + [Fred - Show Ideas](http://dpaste.com/296ZA0P#wrap)
51397 ***
51398
51399 - Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [feedback@bsdnow.tv](mailto:feedback@bsdnow.tv)
51400 ***
51401
51402 ***
51403
51404 iXsystems [It's all NAS](https://www.ixsystems.com/blog/its-all-nas/)
51405 </code></pre>]]>
51406 </itunes:summary>
51407 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+9R-GgbfS</fireside:playerURL>
51408 <fireside:playerEmbedCode>
51409 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+9R-GgbfS" width="740" height="200" frameborder="0" scrolling="no">]]>
51410 </fireside:playerEmbedCode>
51411 </item>
51412 <item>
51413 <title>Episode 254: Bare the OS | BSD Now 254</title>
51414 <link>https://www.bsdnow.tv/254</link>
51415 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-2259</guid>
51416 <pubDate>Thu, 12 Jul 2018 08:00:00 -0700</pubDate>
51417 <author>Allan Jude</author>
51418 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/d28fb670-e841-4f88-b58f-768d8876f126.mp3" length="54900530" type="audio/mp3"/>
51419 <itunes:episodeType>full</itunes:episodeType>
51420 <itunes:author>Allan Jude</itunes:author>
51421 <itunes:subtitle>Control flow integrity with HardenedBSD, fixing bufferbloat with OpenBSD’s pf, Bareos Backup Server on FreeBSD, MeetBSD CfP, crypto simplified interface, twitter gems, interesting BSD commits, and more.</itunes:subtitle>
51422 <itunes:duration>1:31:23</itunes:duration>
51423 <itunes:explicit>no</itunes:explicit>
51424 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
51425 <description>Control flow integrity with HardenedBSD, fixing bufferbloat with OpenBSD’s pf, Bareos Backup Server on FreeBSD, MeetBSD CfP, crypto simplified interface, twitter gems, interesting BSD commits, and more.
51426 <p>##Headlines<br>
51427 <a href="https://vermaden.wordpress.com/2018/06/07/silent-fanless-freebsd-desktop-server/">Silent Fanless FreeBSD Desktop/Server</a></p>
51428 <blockquote>
51429 <p>Today I will write about silent fanless FreeBSD desktop or server computer … or NAS … or you name it, it can have multa##Headlines<br>
51430 ###<a href="https://github.com/lattera/articles/blob/master/hardenedbsd/2018-05-26_cross-dso-cfi/article.md">Cross-DSO CFI in HardenedBSD</a><br>
51431 Control Flow Integrity, or CFI, raises the bar for attackers aiming to hijack control flow and execute arbitrary code. The llvm compiler toolchain, included and used by default in HardenedBSD 12-CURRENT/amd64, supports forward-edge CFI. Backward-edge CFI support is gained via a tangential feature called SafeStack. Cross-DSO CFI builds upon ASLR and PaX NOEXEC for effectiveness.<br>
51432 HardenedBSD supports non-Cross-DSO CFI in base for 12-CURRENT/amd64 and has it enabled for a few individual ports. The term “non-Cross-DSO CFI” means that CFI is enabled for code within an application’s codebase, but not for the shared libraries it depends on. Supporting non-Cross-DSO CFI is an important initial milestone for supporting Cross-DSO CFI, or CFI applied to both shared libraries and applications.<br>
51433 This article discusses where HardenedBSD stands with regards to Cross-DSO CFI in base. We have made a lot of progress, yet we’re not even half-way there.<br>
51434 Brace yourself: This article is going to be full of references to “Cross-DSO CFI.” Make a drinking game out of it. Or don’t. It’s your call. ;)</p>
51435 </blockquote>
51436 <ul>
51437 <li>Using More llvm Toolchain Components</li>
51438 </ul>
51439 <blockquote>
51440 <p>CFI requires compiling source files with Link-Time Optimization (LTO). I remembered hearing a few years back that llvm developers were able to compile the entirety of FreeBSD’s source code with LTO. Compiling with LTO produces intermediate object files as LLVM IR bitcode instead of ELF objects.<br>
51441 In March of 2017, we started compiling all applications with LTO and non-Cross-DSO CFI. This also enabled ld.lld as the default linker in base since CFI requires lld. Commit f38b51668efcd53b8146789010611a4632cafade made the switch to ld.lld as the default linker while enabling non-Cross-DSO CFI at the same time.<br>
51442 Building libraries in base requires applications like ar, ranlib, nm, and objdump. In FreeBSD 12-CURRENT, ar and ranlib are known as “BSD ar” and “BSD ranlib.” In fact, ar and ranlib are the same applications. One is hardlinked to another and the application changes behavior depending on arvgv[0] ending in “ranlib”. The ar, nm, and objdump used in FreeBSD do not support LLVM IR bitcode object files.<br>
51443 In preparation for Cross-DSO CFI support, commit fe4bb0104fc75c7216a6dafe2d7db0e3f5fe8257 in October 2017 saw HardenedBSD switching ar, ranlib, nm, and objdump to their respective llvm components. The llvm versions due support LLVM IR bitcode object files (surprise!) There has been some fallout in the ports tree and we’ve added LLVM_AR_UNSAFE and friends to help transition those ports that dislike llvm-ar, llvm-ranlib, llvm-nm, and llvm-objdump.<br>
51444 With ld.lld, llvm-ar, llvm-ranlib, llvm-nm, and llvm-objdump the default, HardenedBSD has effectively switched to a full llvm compiler toolchain in 12-CURRENT/amd64.</p>
51445 </blockquote>
51446 <ul>
51447 <li>Building Libraries With LTO</li>
51448 </ul>
51449 <blockquote>
51450 <p>The primary 12-CURRENT development branch in HardenedBSD (hardened/current/master) only builds applications with LTO as mentioned in the secion above. My first attempt at building all static and shared libraries failed due to issues within llvm itself.<br>
51451 I reported these issues to FreeBSD. Ed Maste (emaste@), Dimitry Andric (dim@), and llvm’s Rafael Espindola expertly helped address these issues. Various commits within the llvm project by Rafael fully and quickly resolved the issues brought up privately in emails.<br>
51452 With llvm fixed, I could now build nearly every library in base with LTO. I noticed, however, that if I kept non-Cross-DSO CFI and SafeStack enabled, all applications would segfault. Even simplistic applications like /bin/ls.<br>
51453 Disabling both non-Cross-DSO CFI and SafeStack, but keeping LTO produced a fully functioning world! I have spent the last few months figuring out why enabling either non-Cross-DSO CFI or SafeStack caused issues. This brings us to today.</p>
51454 </blockquote>
51455 <ul>
51456 <li>The Sanitizers in FreeBSD</li>
51457 </ul>
51458 <blockquote>
51459 <p>FreeBSD brought in all the files required for SafeStack and CFI. When compiling with SafeStack, llvm statically links a full sanitization framework into the application. FreeBSD includes a full copy of the sanitization framework in SafeStack, including the common C++ sanization namespaces. Thus, libclang_rt.safestack included code meant to be shared among all the sanitizers, not just SafeStack.<br>
51460 I had naively taken a brute-force approach to setting up the libclang_rt.cfi static library. I copied the Makefile from libclang_rt.safestack and used that as a template for libclang_rt.cfi. This approach was incorrect due to breaking the One Definition Rule (ODR). Essentially, I ended up including a duplicate copy of the C++ classes and sanitizer runtime if both CFI and SafeStack were used.<br>
51461 In my Cross-DSO CFI development VM, I now have SafeStack disabled across-the-board and am only compiling in CFI. As of 26 May 2018, an LTO-ified world (libs + apps) works in my limited testing. /bin/ls does not crash anymore! The second major milestone for Cross-DSO CFI has now been reached.</p>
51462 </blockquote>
51463 <ul>
51464 <li>Known Issues And Limitations</li>
51465 </ul>
51466 <blockquote>
51467 <p>There are a few known issues and regressions. Note that this list of known issues essentially also constitutes a “work-in-progress” and every known issue will be fixed prior to the official launch of Cross-DSO CFI.<br>
51468 It seems llvm does not like statically compiling applications with LTO that have a mixture of C and C++ code. /sbin/devd is one of these applications. As such, when Cross-DSO CFI is enabled, devd is compiled as a Position-Independent Executable (PIE). Doing this breaks UFS systems where /usr is on a separate partition. We are currently looking into solving this issue to allow devd to be statically compiled again.<br>
51469 NO_SHARED is now unset in the tools build stage (aka, bootstrap-tools, cross-tools). This is related to the static compilation issue above. Unsetting NO_SHARED for to tools build stage is only a band-aid until we can resolve static compliation with LTO.<br>
51470 One goal of our Cross-DSO CFI integration work is to be able to support the cfi-icall scheme when dlopen(3) and dlsym(3)/dlfunc(3) is used. This means the runtime linker (RTLD), must be enhanced to know and care about the CFI runtime. This enhancement is not currently implemented, but is planned.<br>
51471 When Cross-DSO CFI is enabled, SafeStack is disabled. This is because compiling with Cross-DSO CFI brings in a second copy of the sanitizer runtime, violating the One Definition Rule (ODR). Resolving this issue should be straightforward: Unify the sanitizer runtime into a single common library that both Cross-DSO CFI and SafeStack can link against. When the installed world has Cross-DSO CFI enabled, performing a buildworld with Cross-DSO CFI disabled fails. This is somewhat related to the static compilation issue described above.</p>
51472 </blockquote>
51473 <ul>
51474 <li>Current Status</li>
51475 </ul>
51476 <blockquote>
51477 <p>I’ve managed to get a Cross-DSO CFI world booting on bare metal (my development laptop) and in a VM. Some applications failed to work. Curiously, Firefox still worked (which also means xorg works).<br>
51478 I’m now working through the known issues list, researching and learning.</p>
51479 </blockquote>
51480 <ul>
51481 <li>Future Work</li>
51482 </ul>
51483 <blockquote>
51484 <p>Fixing pretty much everything in the “Known Issues And Limitations” section. ;P<br>
51485 I need to create a static library that includes only a single copy of the common sanitizer framework code. Applications compiled with CFI or SafeStack will then only have a single copy of the framework.<br>
51486 Next I will need to integrate support in the RTLD for Cross-DSO CFI. Applications with the cfi-icall scheme enabled that call functions resolved through dlsym(3) currently crash due to the lack of RTLD support. I need to make a design decision as to whether to only support adding cfi-icall whitelist entries only with dlfunc(3) or to also whitelist cfi-icall entries with the more widely used dlsym(3).<br>
51487 There’s likely more items in the “TODO” bucket that I am not currently aware of. I’m treading in uncharted territory. I have no firm ETA for any bit of this work. We may gain Cross-DSO CFI support in 2018, but it’s looking like it will be later in either 2019 or 2020.</p>
51488 </blockquote>
51489 <ul>
51490 <li>Conclusion</li>
51491 </ul>
51492 <blockquote>
51493 <p>I have been working on Cross-DSO CFI support in HardenedBSD for a little over a year now. A lot of progress is being made, yet there’s still some major hurdles to overcome. This work has already helped improve llvm and I hope more commits upstream to both FreeBSD and llvm will happen.<br>
51494 We’re getting closer to being able to send out a preliminary Call For Testing (CFT). At the very least, I would like to solve the static linking issues prior to publishing the CFT. Expect it to be published before the end of 2018.<br>
51495 I would like to thank Ed Maste, Dimitry Andric, and Rafael Espindola for their help, guidance, and support.</p>
51496 </blockquote>
51497 <hr>
51498 <p><strong>iXsystems</strong><br>
51499 FreeNAS 11.2-BETAs are starting to appear</p>
51500 <p>###<a href="https://vermaden.wordpress.com/2018/05/01/bareos-backup-server-on-freebsd/">Bareos Backup Server on FreeBSD</a></p>
51501 <blockquote>
51502 <p>Ever heard about Bareos? Probably heard about Bacula. Read what is the difference here – Why Bareos forked from Bacula?<br>
51503 Bareos (Backup Archiving Recovery Open Sourced) is a network based open source backup solution. It is 100% open source fork of the backup project from <a href="http://bacula.org">bacula.org</a> site. The fork is in development since late 2010 and it has a lot of new features. The source is published on github and licensed under AGPLv3 license. Bareos supports ‘Always Incremental backup which is interesting especially for users with big data. The time and network capacity consuming full backups only have to be taken once. Bareos comes with WebUI for administration tasks and restore file browser. Bareos can backup data to disk and to tape drives as well as tape libraries. It supports compression and encryption both hardware-based (like on LTO tape drives) and software-based. You can also get professional services and support from Bareos as well as Bareos subscription service that provides you access to special quality assured installation packages.</p>
51504 </blockquote>
51505 <blockquote>
51506 <p>I started my sysadmin job with backup system as one of the new responsibilities, so it will be like going back to the roots. As I look on the ‘backup’ market it is more and more popular – especially in cloud oriented environments – to implement various levels of protection like GOLD, SILVER and BRONZE for example. They of course have different retention times, number of backups kept, different RTO and RPO. Below is a example implementation of BRONZE level backups in Bareos. I used 3 groups of A, B and C with FULL backup starting on DAY 0 (A group), DAY 1 (B group) and DAY 2 (C group).<br>
51507 This way you still have FULL backups quite often and with 3 groups you can balance the network load. I for the days that we will not be doing FULL backups we will be doing DIFFERENTIAL backups. People often confuse them with INCREMENTAL backups. The difference is that DIFFERENTIAL backups are always against FULL backup, so its always ‘one level of combining’. INCREMENTAL ones are done against last done backup TYPE, so its possible to have 100+ levels of combining against 99 earlier INCREMENTAL backups and the 1 FULL backup. That is why I prefer DIFFERENTIAL ones here, faster recovery. That is all backups is about generally, recovery, some people/companies tend to forget that.<br>
51508 The implementation of BRONZE in these three groups is not perfect, but ‘does the job’. I also made ‘simulation’ how these group will overlap at the end/beginning of the month, here is the result.<br>
51509 Not bad for my taste.</p>
51510 </blockquote>
51511 <blockquote>
51512 <p>Today I will show you how to install and configure Bareos Server based on FreeBSD operating system. It will be the most simplified setup with all services on single machine:</p>
51513 </blockquote>
51514 <ul>
51515 <li>bareos-dir</li>
51516 <li>bareos-sd</li>
51517 <li>bareos-webui</li>
51518 <li>bareos-fd</li>
51519 </ul>
51520 <blockquote>
51521 <p>I also assume that in order to provide storage space for the backup data itself You would mount resources from external NFS shares.</p>
51522 </blockquote>
51523 <blockquote>
51524 <p>To get in touch with Bareos terminology and technology check their great Manual in HTML or PDF version depending which format You prefer for reading documentation. Also their FAQ provides a lot of needed answers.</p>
51525 </blockquote>
51526 <blockquote>
51527 <p>Also this diagram may be useful for You to get some grip into the Bareos world.</p>
51528 </blockquote>
51529 <ul>
51530 <li>System</li>
51531 </ul>
51532 <blockquote>
51533 <p>As every system needs to have its name we will use latin word closest to backup here – replica – for our FreeBSD system hostname. The install would be generally the same as in the FreeBSD Desktop – Part 2 – Install article. Here is our installed FreeBSD system with login prompt.</p>
51534 </blockquote>
51535 </description>
51536 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview</itunes:keywords>
51537 <content:encoded>
51538 <![CDATA[<p>Control flow integrity with HardenedBSD, fixing bufferbloat with OpenBSD’s pf, Bareos Backup Server on FreeBSD, MeetBSD CfP, crypto simplified interface, twitter gems, interesting BSD commits, and more.</p>
51539
51540 <p>##Headlines<br>
51541 ###<a href="https://vermaden.wordpress.com/2018/06/07/silent-fanless-freebsd-desktop-server/">Silent Fanless FreeBSD Desktop/Server</a></p>
51542
51543 <blockquote>
51544 <p>Today I will write about silent fanless FreeBSD desktop or server computer … or NAS … or you name it, it can have multa##Headlines<br>
51545 ###<a href="https://github.com/lattera/articles/blob/master/hardenedbsd/2018-05-26_cross-dso-cfi/article.md">Cross-DSO CFI in HardenedBSD</a><br>
51546 Control Flow Integrity, or CFI, raises the bar for attackers aiming to hijack control flow and execute arbitrary code. The llvm compiler toolchain, included and used by default in HardenedBSD 12-CURRENT/amd64, supports forward-edge CFI. Backward-edge CFI support is gained via a tangential feature called SafeStack. Cross-DSO CFI builds upon ASLR and PaX NOEXEC for effectiveness.<br>
51547 HardenedBSD supports non-Cross-DSO CFI in base for 12-CURRENT/amd64 and has it enabled for a few individual ports. The term “non-Cross-DSO CFI” means that CFI is enabled for code within an application’s codebase, but not for the shared libraries it depends on. Supporting non-Cross-DSO CFI is an important initial milestone for supporting Cross-DSO CFI, or CFI applied to both shared libraries and applications.<br>
51548 This article discusses where HardenedBSD stands with regards to Cross-DSO CFI in base. We have made a lot of progress, yet we’re not even half-way there.<br>
51549 Brace yourself: This article is going to be full of references to “Cross-DSO CFI.” Make a drinking game out of it. Or don’t. It’s your call. ;)</p>
51550 </blockquote>
51551
51552 <ul>
51553 <li>Using More llvm Toolchain Components</li>
51554 </ul>
51555
51556 <blockquote>
51557 <p>CFI requires compiling source files with Link-Time Optimization (LTO). I remembered hearing a few years back that llvm developers were able to compile the entirety of FreeBSD’s source code with LTO. Compiling with LTO produces intermediate object files as LLVM IR bitcode instead of ELF objects.<br>
51558 In March of 2017, we started compiling all applications with LTO and non-Cross-DSO CFI. This also enabled ld.lld as the default linker in base since CFI requires lld. Commit f38b51668efcd53b8146789010611a4632cafade made the switch to ld.lld as the default linker while enabling non-Cross-DSO CFI at the same time.<br>
51559 Building libraries in base requires applications like ar, ranlib, nm, and objdump. In FreeBSD 12-CURRENT, ar and ranlib are known as “BSD ar” and “BSD ranlib.” In fact, ar and ranlib are the same applications. One is hardlinked to another and the application changes behavior depending on arvgv[0] ending in “ranlib”. The ar, nm, and objdump used in FreeBSD do not support LLVM IR bitcode object files.<br>
51560 In preparation for Cross-DSO CFI support, commit fe4bb0104fc75c7216a6dafe2d7db0e3f5fe8257 in October 2017 saw HardenedBSD switching ar, ranlib, nm, and objdump to their respective llvm components. The llvm versions due support LLVM IR bitcode object files (surprise!) There has been some fallout in the ports tree and we’ve added LLVM_AR_UNSAFE and friends to help transition those ports that dislike llvm-ar, llvm-ranlib, llvm-nm, and llvm-objdump.<br>
51561 With ld.lld, llvm-ar, llvm-ranlib, llvm-nm, and llvm-objdump the default, HardenedBSD has effectively switched to a full llvm compiler toolchain in 12-CURRENT/amd64.</p>
51562 </blockquote>
51563
51564 <ul>
51565 <li>Building Libraries With LTO</li>
51566 </ul>
51567
51568 <blockquote>
51569 <p>The primary 12-CURRENT development branch in HardenedBSD (hardened/current/master) only builds applications with LTO as mentioned in the secion above. My first attempt at building all static and shared libraries failed due to issues within llvm itself.<br>
51570 I reported these issues to FreeBSD. Ed Maste (emaste@), Dimitry Andric (dim@), and llvm’s Rafael Espindola expertly helped address these issues. Various commits within the llvm project by Rafael fully and quickly resolved the issues brought up privately in emails.<br>
51571 With llvm fixed, I could now build nearly every library in base with LTO. I noticed, however, that if I kept non-Cross-DSO CFI and SafeStack enabled, all applications would segfault. Even simplistic applications like /bin/ls.<br>
51572 Disabling both non-Cross-DSO CFI and SafeStack, but keeping LTO produced a fully functioning world! I have spent the last few months figuring out why enabling either non-Cross-DSO CFI or SafeStack caused issues. This brings us to today.</p>
51573 </blockquote>
51574
51575 <ul>
51576 <li>The Sanitizers in FreeBSD</li>
51577 </ul>
51578
51579 <blockquote>
51580 <p>FreeBSD brought in all the files required for SafeStack and CFI. When compiling with SafeStack, llvm statically links a full sanitization framework into the application. FreeBSD includes a full copy of the sanitization framework in SafeStack, including the common C++ sanization namespaces. Thus, libclang_rt.safestack included code meant to be shared among all the sanitizers, not just SafeStack.<br>
51581 I had naively taken a brute-force approach to setting up the libclang_rt.cfi static library. I copied the Makefile from libclang_rt.safestack and used that as a template for libclang_rt.cfi. This approach was incorrect due to breaking the One Definition Rule (ODR). Essentially, I ended up including a duplicate copy of the C++ classes and sanitizer runtime if both CFI and SafeStack were used.<br>
51582 In my Cross-DSO CFI development VM, I now have SafeStack disabled across-the-board and am only compiling in CFI. As of 26 May 2018, an LTO-ified world (libs + apps) works in my limited testing. /bin/ls does not crash anymore! The second major milestone for Cross-DSO CFI has now been reached.</p>
51583 </blockquote>
51584
51585 <ul>
51586 <li>Known Issues And Limitations</li>
51587 </ul>
51588
51589 <blockquote>
51590 <p>There are a few known issues and regressions. Note that this list of known issues essentially also constitutes a “work-in-progress” and every known issue will be fixed prior to the official launch of Cross-DSO CFI.<br>
51591 It seems llvm does not like statically compiling applications with LTO that have a mixture of C and C++ code. /sbin/devd is one of these applications. As such, when Cross-DSO CFI is enabled, devd is compiled as a Position-Independent Executable (PIE). Doing this breaks UFS systems where /usr is on a separate partition. We are currently looking into solving this issue to allow devd to be statically compiled again.<br>
51592 NO_SHARED is now unset in the tools build stage (aka, bootstrap-tools, cross-tools). This is related to the static compilation issue above. Unsetting NO_SHARED for to tools build stage is only a band-aid until we can resolve static compliation with LTO.<br>
51593 One goal of our Cross-DSO CFI integration work is to be able to support the cfi-icall scheme when dlopen(3) and dlsym(3)/dlfunc(3) is used. This means the runtime linker (RTLD), must be enhanced to know and care about the CFI runtime. This enhancement is not currently implemented, but is planned.<br>
51594 When Cross-DSO CFI is enabled, SafeStack is disabled. This is because compiling with Cross-DSO CFI brings in a second copy of the sanitizer runtime, violating the One Definition Rule (ODR). Resolving this issue should be straightforward: Unify the sanitizer runtime into a single common library that both Cross-DSO CFI and SafeStack can link against. When the installed world has Cross-DSO CFI enabled, performing a buildworld with Cross-DSO CFI disabled fails. This is somewhat related to the static compilation issue described above.</p>
51595 </blockquote>
51596
51597 <ul>
51598 <li>Current Status</li>
51599 </ul>
51600
51601 <blockquote>
51602 <p>I’ve managed to get a Cross-DSO CFI world booting on bare metal (my development laptop) and in a VM. Some applications failed to work. Curiously, Firefox still worked (which also means xorg works).<br>
51603 I’m now working through the known issues list, researching and learning.</p>
51604 </blockquote>
51605
51606 <ul>
51607 <li>Future Work</li>
51608 </ul>
51609
51610 <blockquote>
51611 <p>Fixing pretty much everything in the “Known Issues And Limitations” section. ;P<br>
51612 I need to create a static library that includes only a single copy of the common sanitizer framework code. Applications compiled with CFI or SafeStack will then only have a single copy of the framework.<br>
51613 Next I will need to integrate support in the RTLD for Cross-DSO CFI. Applications with the cfi-icall scheme enabled that call functions resolved through dlsym(3) currently crash due to the lack of RTLD support. I need to make a design decision as to whether to only support adding cfi-icall whitelist entries only with dlfunc(3) or to also whitelist cfi-icall entries with the more widely used dlsym(3).<br>
51614 There’s likely more items in the “TODO” bucket that I am not currently aware of. I’m treading in uncharted territory. I have no firm ETA for any bit of this work. We may gain Cross-DSO CFI support in 2018, but it’s looking like it will be later in either 2019 or 2020.</p>
51615 </blockquote>
51616
51617 <ul>
51618 <li>Conclusion</li>
51619 </ul>
51620
51621 <blockquote>
51622 <p>I have been working on Cross-DSO CFI support in HardenedBSD for a little over a year now. A lot of progress is being made, yet there’s still some major hurdles to overcome. This work has already helped improve llvm and I hope more commits upstream to both FreeBSD and llvm will happen.<br>
51623 We’re getting closer to being able to send out a preliminary Call For Testing (CFT). At the very least, I would like to solve the static linking issues prior to publishing the CFT. Expect it to be published before the end of 2018.<br>
51624 I would like to thank Ed Maste, Dimitry Andric, and Rafael Espindola for their help, guidance, and support.</p>
51625 </blockquote>
51626
51627 <p><hr></p>
51628
51629 <p><strong>iXsystems</strong><br>
51630 FreeNAS 11.2-BETAs are starting to appear</p>
51631
51632 <p>###<a href="https://vermaden.wordpress.com/2018/05/01/bareos-backup-server-on-freebsd/">Bareos Backup Server on FreeBSD</a></p>
51633
51634 <blockquote>
51635 <p>Ever heard about Bareos? Probably heard about Bacula. Read what is the difference here – Why Bareos forked from Bacula?<br>
51636 Bareos (Backup Archiving Recovery Open Sourced) is a network based open source backup solution. It is 100% open source fork of the backup project from <a href="http://bacula.org">bacula.org</a> site. The fork is in development since late 2010 and it has a lot of new features. The source is published on github and licensed under AGPLv3 license. Bareos supports ‘Always Incremental backup which is interesting especially for users with big data. The time and network capacity consuming full backups only have to be taken once. Bareos comes with WebUI for administration tasks and restore file browser. Bareos can backup data to disk and to tape drives as well as tape libraries. It supports compression and encryption both hardware-based (like on LTO tape drives) and software-based. You can also get professional services and support from Bareos as well as Bareos subscription service that provides you access to special quality assured installation packages.</p>
51637 </blockquote>
51638
51639 <blockquote>
51640 <p>I started my sysadmin job with backup system as one of the new responsibilities, so it will be like going back to the roots. As I look on the ‘backup’ market it is more and more popular – especially in cloud oriented environments – to implement various levels of protection like GOLD, SILVER and BRONZE for example. They of course have different retention times, number of backups kept, different RTO and RPO. Below is a example implementation of BRONZE level backups in Bareos. I used 3 groups of A, B and C with FULL backup starting on DAY 0 (A group), DAY 1 (B group) and DAY 2 (C group).<br>
51641 This way you still have FULL backups quite often and with 3 groups you can balance the network load. I for the days that we will not be doing FULL backups we will be doing DIFFERENTIAL backups. People often confuse them with INCREMENTAL backups. The difference is that DIFFERENTIAL backups are always against FULL backup, so its always ‘one level of combining’. INCREMENTAL ones are done against last done backup TYPE, so its possible to have 100+ levels of combining against 99 earlier INCREMENTAL backups and the 1 FULL backup. That is why I prefer DIFFERENTIAL ones here, faster recovery. That is all backups is about generally, recovery, some people/companies tend to forget that.<br>
51642 The implementation of BRONZE in these three groups is not perfect, but ‘does the job’. I also made ‘simulation’ how these group will overlap at the end/beginning of the month, here is the result.<br>
51643 Not bad for my taste.</p>
51644 </blockquote>
51645
51646 <blockquote>
51647 <p>Today I will show you how to install and configure Bareos Server based on FreeBSD operating system. It will be the most simplified setup with all services on single machine:</p>
51648 </blockquote>
51649
51650 <ul>
51651 <li>bareos-dir</li>
51652 <li>bareos-sd</li>
51653 <li>bareos-webui</li>
51654 <li>bareos-fd</li>
51655 </ul>
51656
51657 <blockquote>
51658 <p>I also assume that in order to provide storage space for the backup data itself You would mount resources from external NFS shares.</p>
51659 </blockquote>
51660
51661 <blockquote>
51662 <p>To get in touch with Bareos terminology and technology check their great Manual in HTML or PDF version depending which format You prefer for reading documentation. Also their FAQ provides a lot of needed answers.</p>
51663 </blockquote>
51664
51665 <blockquote>
51666 <p>Also this diagram may be useful for You to get some grip into the Bareos world.</p>
51667 </blockquote>
51668
51669 <ul>
51670 <li>System</li>
51671 </ul>
51672
51673 <blockquote>
51674 <p>As every system needs to have its name we will use latin word closest to backup here – replica – for our FreeBSD system hostname. The install would be generally the same as in the FreeBSD Desktop – Part 2 – Install article. Here is our installed FreeBSD system with login prompt.</p>
51675 </blockquote>]]>
51676 </content:encoded>
51677 <itunes:summary>
51678 <![CDATA[<p>Control flow integrity with HardenedBSD, fixing bufferbloat with OpenBSD’s pf, Bareos Backup Server on FreeBSD, MeetBSD CfP, crypto simplified interface, twitter gems, interesting BSD commits, and more.</p>
51679
51680 <p>##Headlines<br>
51681 ###<a href="https://vermaden.wordpress.com/2018/06/07/silent-fanless-freebsd-desktop-server/">Silent Fanless FreeBSD Desktop/Server</a></p>
51682
51683 <blockquote>
51684 <p>Today I will write about silent fanless FreeBSD desktop or server computer … or NAS … or you name it, it can have multa##Headlines<br>
51685 ###<a href="https://github.com/lattera/articles/blob/master/hardenedbsd/2018-05-26_cross-dso-cfi/article.md">Cross-DSO CFI in HardenedBSD</a><br>
51686 Control Flow Integrity, or CFI, raises the bar for attackers aiming to hijack control flow and execute arbitrary code. The llvm compiler toolchain, included and used by default in HardenedBSD 12-CURRENT/amd64, supports forward-edge CFI. Backward-edge CFI support is gained via a tangential feature called SafeStack. Cross-DSO CFI builds upon ASLR and PaX NOEXEC for effectiveness.<br>
51687 HardenedBSD supports non-Cross-DSO CFI in base for 12-CURRENT/amd64 and has it enabled for a few individual ports. The term “non-Cross-DSO CFI” means that CFI is enabled for code within an application’s codebase, but not for the shared libraries it depends on. Supporting non-Cross-DSO CFI is an important initial milestone for supporting Cross-DSO CFI, or CFI applied to both shared libraries and applications.<br>
51688 This article discusses where HardenedBSD stands with regards to Cross-DSO CFI in base. We have made a lot of progress, yet we’re not even half-way there.<br>
51689 Brace yourself: This article is going to be full of references to “Cross-DSO CFI.” Make a drinking game out of it. Or don’t. It’s your call. ;)</p>
51690 </blockquote>
51691
51692 <ul>
51693 <li>Using More llvm Toolchain Components</li>
51694 </ul>
51695
51696 <blockquote>
51697 <p>CFI requires compiling source files with Link-Time Optimization (LTO). I remembered hearing a few years back that llvm developers were able to compile the entirety of FreeBSD’s source code with LTO. Compiling with LTO produces intermediate object files as LLVM IR bitcode instead of ELF objects.<br>
51698 In March of 2017, we started compiling all applications with LTO and non-Cross-DSO CFI. This also enabled ld.lld as the default linker in base since CFI requires lld. Commit f38b51668efcd53b8146789010611a4632cafade made the switch to ld.lld as the default linker while enabling non-Cross-DSO CFI at the same time.<br>
51699 Building libraries in base requires applications like ar, ranlib, nm, and objdump. In FreeBSD 12-CURRENT, ar and ranlib are known as “BSD ar” and “BSD ranlib.” In fact, ar and ranlib are the same applications. One is hardlinked to another and the application changes behavior depending on arvgv[0] ending in “ranlib”. The ar, nm, and objdump used in FreeBSD do not support LLVM IR bitcode object files.<br>
51700 In preparation for Cross-DSO CFI support, commit fe4bb0104fc75c7216a6dafe2d7db0e3f5fe8257 in October 2017 saw HardenedBSD switching ar, ranlib, nm, and objdump to their respective llvm components. The llvm versions due support LLVM IR bitcode object files (surprise!) There has been some fallout in the ports tree and we’ve added LLVM_AR_UNSAFE and friends to help transition those ports that dislike llvm-ar, llvm-ranlib, llvm-nm, and llvm-objdump.<br>
51701 With ld.lld, llvm-ar, llvm-ranlib, llvm-nm, and llvm-objdump the default, HardenedBSD has effectively switched to a full llvm compiler toolchain in 12-CURRENT/amd64.</p>
51702 </blockquote>
51703
51704 <ul>
51705 <li>Building Libraries With LTO</li>
51706 </ul>
51707
51708 <blockquote>
51709 <p>The primary 12-CURRENT development branch in HardenedBSD (hardened/current/master) only builds applications with LTO as mentioned in the secion above. My first attempt at building all static and shared libraries failed due to issues within llvm itself.<br>
51710 I reported these issues to FreeBSD. Ed Maste (emaste@), Dimitry Andric (dim@), and llvm’s Rafael Espindola expertly helped address these issues. Various commits within the llvm project by Rafael fully and quickly resolved the issues brought up privately in emails.<br>
51711 With llvm fixed, I could now build nearly every library in base with LTO. I noticed, however, that if I kept non-Cross-DSO CFI and SafeStack enabled, all applications would segfault. Even simplistic applications like /bin/ls.<br>
51712 Disabling both non-Cross-DSO CFI and SafeStack, but keeping LTO produced a fully functioning world! I have spent the last few months figuring out why enabling either non-Cross-DSO CFI or SafeStack caused issues. This brings us to today.</p>
51713 </blockquote>
51714
51715 <ul>
51716 <li>The Sanitizers in FreeBSD</li>
51717 </ul>
51718
51719 <blockquote>
51720 <p>FreeBSD brought in all the files required for SafeStack and CFI. When compiling with SafeStack, llvm statically links a full sanitization framework into the application. FreeBSD includes a full copy of the sanitization framework in SafeStack, including the common C++ sanization namespaces. Thus, libclang_rt.safestack included code meant to be shared among all the sanitizers, not just SafeStack.<br>
51721 I had naively taken a brute-force approach to setting up the libclang_rt.cfi static library. I copied the Makefile from libclang_rt.safestack and used that as a template for libclang_rt.cfi. This approach was incorrect due to breaking the One Definition Rule (ODR). Essentially, I ended up including a duplicate copy of the C++ classes and sanitizer runtime if both CFI and SafeStack were used.<br>
51722 In my Cross-DSO CFI development VM, I now have SafeStack disabled across-the-board and am only compiling in CFI. As of 26 May 2018, an LTO-ified world (libs + apps) works in my limited testing. /bin/ls does not crash anymore! The second major milestone for Cross-DSO CFI has now been reached.</p>
51723 </blockquote>
51724
51725 <ul>
51726 <li>Known Issues And Limitations</li>
51727 </ul>
51728
51729 <blockquote>
51730 <p>There are a few known issues and regressions. Note that this list of known issues essentially also constitutes a “work-in-progress” and every known issue will be fixed prior to the official launch of Cross-DSO CFI.<br>
51731 It seems llvm does not like statically compiling applications with LTO that have a mixture of C and C++ code. /sbin/devd is one of these applications. As such, when Cross-DSO CFI is enabled, devd is compiled as a Position-Independent Executable (PIE). Doing this breaks UFS systems where /usr is on a separate partition. We are currently looking into solving this issue to allow devd to be statically compiled again.<br>
51732 NO_SHARED is now unset in the tools build stage (aka, bootstrap-tools, cross-tools). This is related to the static compilation issue above. Unsetting NO_SHARED for to tools build stage is only a band-aid until we can resolve static compliation with LTO.<br>
51733 One goal of our Cross-DSO CFI integration work is to be able to support the cfi-icall scheme when dlopen(3) and dlsym(3)/dlfunc(3) is used. This means the runtime linker (RTLD), must be enhanced to know and care about the CFI runtime. This enhancement is not currently implemented, but is planned.<br>
51734 When Cross-DSO CFI is enabled, SafeStack is disabled. This is because compiling with Cross-DSO CFI brings in a second copy of the sanitizer runtime, violating the One Definition Rule (ODR). Resolving this issue should be straightforward: Unify the sanitizer runtime into a single common library that both Cross-DSO CFI and SafeStack can link against. When the installed world has Cross-DSO CFI enabled, performing a buildworld with Cross-DSO CFI disabled fails. This is somewhat related to the static compilation issue described above.</p>
51735 </blockquote>
51736
51737 <ul>
51738 <li>Current Status</li>
51739 </ul>
51740
51741 <blockquote>
51742 <p>I’ve managed to get a Cross-DSO CFI world booting on bare metal (my development laptop) and in a VM. Some applications failed to work. Curiously, Firefox still worked (which also means xorg works).<br>
51743 I’m now working through the known issues list, researching and learning.</p>
51744 </blockquote>
51745
51746 <ul>
51747 <li>Future Work</li>
51748 </ul>
51749
51750 <blockquote>
51751 <p>Fixing pretty much everything in the “Known Issues And Limitations” section. ;P<br>
51752 I need to create a static library that includes only a single copy of the common sanitizer framework code. Applications compiled with CFI or SafeStack will then only have a single copy of the framework.<br>
51753 Next I will need to integrate support in the RTLD for Cross-DSO CFI. Applications with the cfi-icall scheme enabled that call functions resolved through dlsym(3) currently crash due to the lack of RTLD support. I need to make a design decision as to whether to only support adding cfi-icall whitelist entries only with dlfunc(3) or to also whitelist cfi-icall entries with the more widely used dlsym(3).<br>
51754 There’s likely more items in the “TODO” bucket that I am not currently aware of. I’m treading in uncharted territory. I have no firm ETA for any bit of this work. We may gain Cross-DSO CFI support in 2018, but it’s looking like it will be later in either 2019 or 2020.</p>
51755 </blockquote>
51756
51757 <ul>
51758 <li>Conclusion</li>
51759 </ul>
51760
51761 <blockquote>
51762 <p>I have been working on Cross-DSO CFI support in HardenedBSD for a little over a year now. A lot of progress is being made, yet there’s still some major hurdles to overcome. This work has already helped improve llvm and I hope more commits upstream to both FreeBSD and llvm will happen.<br>
51763 We’re getting closer to being able to send out a preliminary Call For Testing (CFT). At the very least, I would like to solve the static linking issues prior to publishing the CFT. Expect it to be published before the end of 2018.<br>
51764 I would like to thank Ed Maste, Dimitry Andric, and Rafael Espindola for their help, guidance, and support.</p>
51765 </blockquote>
51766
51767 <p><hr></p>
51768
51769 <p><strong>iXsystems</strong><br>
51770 FreeNAS 11.2-BETAs are starting to appear</p>
51771
51772 <p>###<a href="https://vermaden.wordpress.com/2018/05/01/bareos-backup-server-on-freebsd/">Bareos Backup Server on FreeBSD</a></p>
51773
51774 <blockquote>
51775 <p>Ever heard about Bareos? Probably heard about Bacula. Read what is the difference here – Why Bareos forked from Bacula?<br>
51776 Bareos (Backup Archiving Recovery Open Sourced) is a network based open source backup solution. It is 100% open source fork of the backup project from <a href="http://bacula.org">bacula.org</a> site. The fork is in development since late 2010 and it has a lot of new features. The source is published on github and licensed under AGPLv3 license. Bareos supports ‘Always Incremental backup which is interesting especially for users with big data. The time and network capacity consuming full backups only have to be taken once. Bareos comes with WebUI for administration tasks and restore file browser. Bareos can backup data to disk and to tape drives as well as tape libraries. It supports compression and encryption both hardware-based (like on LTO tape drives) and software-based. You can also get professional services and support from Bareos as well as Bareos subscription service that provides you access to special quality assured installation packages.</p>
51777 </blockquote>
51778
51779 <blockquote>
51780 <p>I started my sysadmin job with backup system as one of the new responsibilities, so it will be like going back to the roots. As I look on the ‘backup’ market it is more and more popular – especially in cloud oriented environments – to implement various levels of protection like GOLD, SILVER and BRONZE for example. They of course have different retention times, number of backups kept, different RTO and RPO. Below is a example implementation of BRONZE level backups in Bareos. I used 3 groups of A, B and C with FULL backup starting on DAY 0 (A group), DAY 1 (B group) and DAY 2 (C group).<br>
51781 This way you still have FULL backups quite often and with 3 groups you can balance the network load. I for the days that we will not be doing FULL backups we will be doing DIFFERENTIAL backups. People often confuse them with INCREMENTAL backups. The difference is that DIFFERENTIAL backups are always against FULL backup, so its always ‘one level of combining’. INCREMENTAL ones are done against last done backup TYPE, so its possible to have 100+ levels of combining against 99 earlier INCREMENTAL backups and the 1 FULL backup. That is why I prefer DIFFERENTIAL ones here, faster recovery. That is all backups is about generally, recovery, some people/companies tend to forget that.<br>
51782 The implementation of BRONZE in these three groups is not perfect, but ‘does the job’. I also made ‘simulation’ how these group will overlap at the end/beginning of the month, here is the result.<br>
51783 Not bad for my taste.</p>
51784 </blockquote>
51785
51786 <blockquote>
51787 <p>Today I will show you how to install and configure Bareos Server based on FreeBSD operating system. It will be the most simplified setup with all services on single machine:</p>
51788 </blockquote>
51789
51790 <ul>
51791 <li>bareos-dir</li>
51792 <li>bareos-sd</li>
51793 <li>bareos-webui</li>
51794 <li>bareos-fd</li>
51795 </ul>
51796
51797 <blockquote>
51798 <p>I also assume that in order to provide storage space for the backup data itself You would mount resources from external NFS shares.</p>
51799 </blockquote>
51800
51801 <blockquote>
51802 <p>To get in touch with Bareos terminology and technology check their great Manual in HTML or PDF version depending which format You prefer for reading documentation. Also their FAQ provides a lot of needed answers.</p>
51803 </blockquote>
51804
51805 <blockquote>
51806 <p>Also this diagram may be useful for You to get some grip into the Bareos world.</p>
51807 </blockquote>
51808
51809 <ul>
51810 <li>System</li>
51811 </ul>
51812
51813 <blockquote>
51814 <p>As every system needs to have its name we will use latin word closest to backup here – replica – for our FreeBSD system hostname. The install would be generally the same as in the FreeBSD Desktop – Part 2 – Install article. Here is our installed FreeBSD system with login prompt.</p>
51815 </blockquote>]]>
51816 </itunes:summary>
51817 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+qv9stJ5n</fireside:playerURL>
51818 <fireside:playerEmbedCode>
51819 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+qv9stJ5n" width="740" height="200" frameborder="0" scrolling="no">]]>
51820 </fireside:playerEmbedCode>
51821 </item>
51822 <item>
51823 <title>Episode 253: Silence of the Fans | BSD Now 253</title>
51824 <link>https://www.bsdnow.tv/253</link>
51825 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-2208</guid>
51826 <pubDate>Thu, 05 Jul 2018 04:00:00 -0700</pubDate>
51827 <author>Allan Jude</author>
51828 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/f597f732-405b-4f10-8d40-c00315bd064b.mp3" length="52181883" type="audio/mp3"/>
51829 <itunes:episodeType>full</itunes:episodeType>
51830 <itunes:author>Allan Jude</itunes:author>
51831 <itunes:subtitle>Fanless server setup with FreeBSD, NetBSD on pinebooks, another BSDCan trip report, transparent network audio, MirBSD's Korn Shell on Plan9, static site generators on OpenBSD, and more.</itunes:subtitle>
51832 <itunes:duration>1:26:51</itunes:duration>
51833 <itunes:explicit>no</itunes:explicit>
51834 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
51835 <description>Fanless server setup with FreeBSD, NetBSD on pinebooks, another BSDCan trip report, transparent network audio, MirBSD's Korn Shell on Plan9, static site generators on OpenBSD, and more.
51836 <p>##Headlines<br>
51837 <a href="https://vermaden.wordpress.com/2018/06/07/silent-fanless-freebsd-desktop-server/">Silent Fanless FreeBSD Desktop/Server</a></p>
51838 <blockquote>
51839 <p>Today I will write about silent fanless FreeBSD desktop or server computer … or NAS … or you name it, it can have multiple purposes. It also very low power solution, which also means that it will not overheat. Silent means no fans at all, even for the PSU. The format of the system should also be brought to minimum, so Mini-ITX seems best solution here.</p>
51840 </blockquote>
51841 <blockquote>
51842 <p>I have chosen Intel based solutions as they are very low power (6-10W), if you prefer AMD (as I often do) the closest solution in comparable price and power is Biostar A68N-2100 motherboard with AMD E1-2100 CPU and 9W power. Of course AMD has even more low power SoC solutions but finding the Mini-ITX motherboard with decent price is not an easy task. For comparison Intel has lots of such solutions below 6W whose can be nicely filtered on the <a href="http://ark.intel.com">ark.intel.com</a> page. Pity that AMD does not provide such filtration for their products. I also chosen AES instructions as storage encryption (GELI on FreeBSD) today seems as obvious as HTTPS for the web pages.</p>
51843 </blockquote>
51844 <ul>
51845 <li><a href="https://vermaden.files.wordpress.com/2018/06/itx-mobo.jpg">Here is how the system look powered up and working</a></li>
51846 </ul>
51847 <blockquote>
51848 <p>This motherboard uses Intel J3355 SoC which uses 10W and has AES instructions. It has two cores at your disposal but it also supports VT-x and EPT extensions so you can even run Bhyve on it.</p>
51849 </blockquote>
51850 <ul>
51851 <li>Components</li>
51852 </ul>
51853 <blockquote>
51854 <p>Now, an example system would look like that one below, here are the components with their prices.</p>
51855 </blockquote>
51856 <ul>
51857 <li>$49 CPU/Motherboard ASRock J3355B-ITX Mini-ITX</li>
51858 <li>$14 RAM Crucial 4 GB DDR3L 1.35V (low power)</li>
51859 <li>$17 PSU 12V 160W Pico (internal)</li>
51860 <li>$11 PSU 12V 96W FSP (external)</li>
51861 <li>$5 USB 2.0 Drive 16 GB ADATA</li>
51862 <li>$4 USB Wireless 802.11n</li>
51863 <li>$100 TOTAL</li>
51864 </ul>
51865 <blockquote>
51866 <p>The PSU 12V 160W Pico (internal) and PSU 12V 96W FSP can be purchased on <a href="http://aliexpress.com">aliexpress.com</a> or <a href="http://ebay.com">ebay.com</a> for example, at least I got them there. Here is the 12V 160W Pico (internal) PSU and its optional additional cables to power the optional HDDs. If course its one SATA power and one MOLEX power so additional MOLEX-SATA power adapter for about 1$ would be needed. Here is the 12V 96W FSP (external) PSU without the power cord.</p>
51867 </blockquote>
51868 <blockquote>
51869 <p>This gives as total silent fanless system price of about $120. Its about ONE TENTH OF THE COST of the cheapest FreeNAS hardware solution available – the FreeNAS Mini (Diskless) costs $1156 also without disks.</p>
51870 </blockquote>
51871 <blockquote>
51872 <p>You can put plain FreeBSD on top of it or Solaris/Illumos distribution OmniOSce which is server oriented. You can use prebuilt NAS solution based on FreeBSD like FreeNAS, NAS4Free, ZFSguru or even Solaris/Illumos based storage with napp-it appliance.</p>
51873 </blockquote>
51874 <hr>
51875 <p>###<a href="https://blog.netbsd.org/tnf/entry/pinebook">An annotated look at a NetBSD Pinebook’s startup</a></p>
51876 <ul>
51877 <li>Pinebook is an affordable 64-bit ARM notebook. Today we’re going to take a look at the kernel output at startup and talk about what hardware support is available on NetBSD.</li>
51878 <li><a href="https://twitter.com/jmcwhatever/status/998258710496628736/photo/1">Photo</a></li>
51879 <li>Pinebook comes with 2GB RAM standard. A small amount of this is reserved by the kernel and framebuffer.</li>
51880 <li>NetBSD uses flattened device-tree (FDT) to enumerate devices on all Allwinner based SoCs. On a running system, you can inspect the device tree using the ofctl(8) utility:</li>
51881 <li>Pinebook’s Allwinner A64 processor is based on the ARM Cortex-A53. It is designed to run at frequencies up to 1.2GHz.</li>
51882 <li>The A64 is a quad core design. NetBSD’s aarch64 pmap does not yet support SMP, so three cores are disabled for now.</li>
51883 <li>The interrupt controller is a standard ARM GIC-400 design.</li>
51884 <li>Clock drivers for managing PLLs, module clock dividers, clock gating, software resets, etc. Information about the clock tree is exported in the hw.clk sysctl namespace (root access required to read these values).</li>
51885 </ul>
51886 <pre><code># sysctl hw.clk.sun50ia64ccu0.mmc2
51887 hw.clk.sun50ia64ccu0.mmc2.rate = 200000000
51888 hw.clk.sun50ia64ccu0.mmc2.parent = pllperiph02x
51889 hw.clk.sun50ia64ccu0.mmc2.parent_domain = sun50ia64ccu0
51890 </code></pre>
51891 <hr>
51892 <p><strong>Digital Ocean</strong><br>
51893 <a href="http://do.co/bsdnow">http://do.co/bsdnow</a></p>
51894 <p>###<a href="https://www.freebsdfoundation.org/blog/bsdcan-2018-trip-report-mark-johnston/">BSDCan 2018 Trip Report: Mark Johnston</a></p>
51895 <blockquote>
51896 <p>BSDCan is a highlight of my summers: the ability to have face-to-face conversations with fellow developers and contributors is invaluable and always helps refresh my enthusiasm for FreeBSD. While in a perfect world we would all be able to communicate effectively over the Internet, it’s often noted that locking a group of developers together in a room can be a very efficient way to make progress on projects that otherwise get strung out over time, and to me this is one of the principal functions of BSD conferences. In my case I was able to fix some kgdb bugs that had been hindering me for months; get some opinions on the design of a feature I’ve been working on for FreeBSD 12.0; hear about some ongoing usage of code that I’ve worked on; and do some pair-debugging of an issue that has been affecting another developer.<br>
51897 As is tradition, on Tuesday night I dropped off my things at the university residence where I was staying, and headed straight to the Royal Oak. This year it didn’t seem quite as packed with BSD developers, but I did meet several long-time colleagues and get a chance to catch up. In particular, I chatted with Justin Hibbits and got to hear about the bring-up of FreeBSD on POWER9, a new CPU family released by IBM. Justin was able to acquire a workstation based upon this CPU, which is a great motivator for getting FreeBSD into shape on that platform. POWER9 also has some promise in the server market, so it’s important for FreeBSD to be a viable OS choice there.<br>
51898 Wednesday morning saw the beginning of the two-day FreeBSD developer summit, which precedes the conference proper. Gordon Tetlow led the summit and did an excellent job organizing things and keeping to the schedule. The first presentation was by Deb Goodkin of the FreeBSD Foundation, who gave an overview of the Foundation’s role and activities. After Deb’s presentation, present members of the FreeBSD core team discussed the work they had done over the past two years, as well as open tasks that would be handed over to the new core team upon completion of the ongoing election. Finally, Marius Strobl rounded off the day’s presentations by discussing the state and responsibilities of FreeBSD’s release engineering team.<br>
51899 One side discussion of interest to me was around the notion of tightening integration with our Bugzilla instance; at moment we do not have any good means to mark a given bug as blocking a release, making it easy for bugs to slip into releases and thus lowering our overall quality. With FreeBSD 12.0 upon us, I plan to help with the triage and fixes for known regressions before the release process begins.<br>
51900 After a break, the rest of the morning was devoted to plans for features in upcoming FreeBSD releases. This is one of my favorite discussion topics and typically takes the form of have/need/want, where developers collectively list features that they’ve developed and intend to upstream (have), features that they are missing (need), and nice-to-have features (want). This year, instead of the usual format, we listed features that are intended to ship in FreeBSD 12.0. The compiled list ended up being quite ambitious given how close we are to the beginning of the release cycle, but many individual developers (including myself) have signed up to deliver work. I’m hopeful that most, if not all of it, will make it into the release.<br>
51901 After lunch, I attended a discussion led by Matt Ahrens and Alexander Motin on OpenZFS. Of particular interest to me were some observations made regarding the relative quantity and quality of contributions made by different “camps” of OpenZFS users (illumos, FreeBSD and ZoL), and their respective track records of upstreaming enhancements to the OpenZFS project. In part due to the high pace of changes in ZoL, the definition of “upstream” for ZFS has become murky, and of late ZFS changes have been ported directly from ZoL. Alexander discussed some known problems with ZFS on FreeBSD that have been discovered through performance testing. While I’m not familiar with ZFS internals, Alexander noted that ZFS’ write path has poor SMP scalability on FreeBSD owing to some limitations in a certain kernel API called taskqueue(9). I would like to explore this problem further and perhaps integrate a relatively new alternative interface which should perform better.<br>
51902 Friday and Saturday were, of course, taken up by BSDCan talks. Friday’s keynote was by Benno Rice, who provided some history of UNIX boot systems as a precursor to some discussion of systemd and the difficulties presented by a user and developer community that actively resist change. The rest of the morning was consumed by talks and passed by quickly. First was Colin Percival’s detailed examination of where the FreeBSD kernel spends time during boot, together with an overview of some infrastructure he added to track boot times. He also provided a list of improvements that have been made since he started taking measurements, and some areas we can further improve. Colin’s existing work in this area has already brought about substantial reductions in boot time; amusingly, one of the remaining large delays comes from the keyboard driver, which contains a workaround for old PS/2 keyboards. While there seems to be general agreement that the workaround is probably no longer needed on most systems, the lingering uncertainty around this prevents us from removing the workaround. This is, sadly, a fairly typical example of an OS maintenance burden, and underscores the need to carefully document hardware bug workarounds. After this talk, I got to see some rather novel demonstrations of system tracing using dwatch, a new utility by Devin Teske, which aims to provide a user-friendly interface to DTrace. After lunch, I attended talks on netdump, a protocol for transmitting kernel dumps over a network after the system has panicked, and on a VPC implementation for FreeBSD. After the talks ended, I headed yet again to the hacker lounge and had some fruitful discussions on early microcode loading (one of my features for FreeBSD 12.0). These led me to reconsider some aspects of my approach and saved me a lot of time. Finally, I continued my debugging session from Wednesday with help from a couple of other developers.<br>
51903 Saturday’s talks included a very thorough account by Li-Wen Hsu of his work in organizing a BSD conference in Taipei last year. As one of the attendees, I had felt that the conference had gone quite smoothly and was taken aback by the number of details and pitfalls that Li-Wen enumerated during his talk. This was followed by an excellent talk by Baptiste Daroussin on the difficulties one encounters when deploying FreeBSD in new environments. Baptiste offered criticisms of a number of aspects of FreeBSD, some of which hit close to home as they involved portions of the system that I’ve worked on.<br>
51904 At the conclusion of the talks, we all gathered in the main lecture hall, where Dan led a traditional and quite lively auction for charity. I managed to snag a Pine64 board and will be getting FreeBSD installed on it the first chance I get. At the end of the auction, we all headed to ByWard for dinner, concluding yet another BSDCan.</p>
51905 </blockquote>
51906 <ul>
51907 <li>Thanks to Mark for sharing his experiences at this years BSDCan</li>
51908 </ul>
51909 <hr>
51910 <p>##News Roundup<br>
51911 <a href="https://undeadly.org/cgi?action=article&amp;sid=20180410063454">Transparent network audio with mpd &amp; sndiod</a></p>
51912 <blockquote>
51913 <p>Landry Breuil (landry@ when wearing his developer hat) wrote in…</p>
51914 </blockquote>
51915 <pre><code>I've been a huge fan of MPD over the years to centralize my audio collection, and i've been using it with the http output to stream the music as a radio on the computer i'm currently using…
51916
51917 audio_output {
51918 type &quot;sndio&quot;
51919 name &quot;Local speakers&quot;
51920 mixer_type &quot;software&quot;
51921 }
51922 audio_output {
51923 type &quot;httpd&quot;
51924 name &quot;HTTP stream&quot;
51925 mixer_type &quot;software&quot;
51926 encoder &quot;vorbis&quot;
51927 port &quot;8000&quot;
51928 format &quot;44100:16:2&quot;
51929 }
51930 this setup worked for years, allows me to stream my home radio to $work by tunnelling the port 8000 over ssh via LocalForward, but that still has some issues:
51931
51932 a distinct timing gap between the 'local output' (ie the speakers connected to the machine where MPD is running) and the 'http output' caused by the time it takes to reencode the stream, which is ugly when you walk through the house and have a 15s delay
51933 sometimes mplayer as a client doesn't detect the pauses in the stream and needs to be restarted
51934 i need to configure/start a client on each computer and point it at the sound server url (can do via gmpc shoutcast client plugin…)
51935 it's not that elegant to reencode the stream, and it wastes cpu cycles
51936 So the current scheme is:
51937
51938 mpd -&gt; http output -&gt; network -&gt; mplayer -&gt; sndiod on remote machine
51939 |
51940 -&gt; sndio output -&gt; sndiod on soundserver
51941 Fiddling a little bit with mpd outputs and reading the sndio output driver, i remembered sndiod has native network support… and the mpd sndio output allows you to specify a device (it uses SIO_DEVANY by default).
51942
51943 So in the end, it's super easy to:
51944
51945 enable network support in sndio on the remote machine i want the audio to play by adding -L&lt;local ip&gt; to sndiod_flags (i have two audio devices, with an input coming from the webcam):
51946 sndiod_flags=&quot;-L10.246.200.10 -f rsnd/0 -f rsnd/1&quot;
51947 open pf on port 11025 from the sound server ip:
51948 pass in proto tcp from 10.246.200.1 to any port 11025
51949 configure a new output in mpd:
51950 audio_output {
51951 type &quot;sndio&quot;
51952 name &quot;sndio on renton&quot;
51953 device &quot;snd@10.246.200.10/0&quot;
51954 mixer_type &quot;software&quot;
51955 }
51956 and enable the new output in mpd:
51957 $mpc enable 2
51958 Output 1 (Local speakers) is disabled
51959 Output 2 (sndio on renton) is enabled
51960 Output 3 (HTTP stream) is disabled
51961 Results in a big win: no gap anymore with the local speakers, no reencoding, no need to configure a client to play the stream, and i can still probably reproduce the same scheme over ssh from $work using a RemoteForward.
51962
51963 mpd -&gt; sndio output 2 -&gt; network -&gt; sndiod on remote machine
51964 |
51965 -&gt; sndio output 1 -&gt; sndiod on soundserver
51966 Thanks ratchov@ for sndiod :)
51967 </code></pre>
51968 <hr>
51969 <p>###<a href="https://www.mirbsd.org/permalinks/wlog-10_e20180415-tg.htm">MirBSD’s Korn Shell on Plan9 Jehanne</a></p>
51970 <blockquote>
51971 <p>Let start by saying that I’m not really a C programmer.<br>
51972 My last public contribution to a POSIX C program was a little improvement to the Snort’s react module back in 2008.<br>
51973 So while I know the C language well enough, I do not know anything about the subtleness of the standard library and I have little experience with POSIX semantics.<br>
51974 This is not a big issue with Plan 9, since the C library and compiler are not standard anyway, but with Jehanne (a Plan 9 derivative of my own) I want to build a simple, loosely coupled, system that can actually run useful free software ported from UNIX.<br>
51975 So I ported RedHat’s newlib to Jehanne on top of a new system library I wrote, LibPOSIX, that provides the necessary emulations. I wrote several test, checking they run the same on Linux and Jehanne, and then I begun looking for a real-world, battle tested, application to port first.<br>
51976 I approached MirBSD’s Korn Shell for several reason:</p>
51977 </blockquote>
51978 <ul>
51979 <li>it is simple, powerful and well written</li>
51980 <li>it has been ported to several different operating systems</li>
51981 <li>it has few dependencies</li>
51982 <li>it’s the default shell in Android, so it’s really battle tested</li>
51983 </ul>
51984 <blockquote>
51985 <p>I was very confident. I had read the POSIX standard after all! And I had a test suite!<br>
51986 I remember, I thought “Given newlib, how hard can it be?”<br>
51987 The porting begun on September 1, 2017. It was completed by tg on January 5, 2018. 125 nights later.<br>
51988 Turn out, my POSIX emulation was badly broken. Not just because of the usual bugs that any piece of C can have: I didn’t understood most POSIX semantics at all!</p>
51989 </blockquote>
51990 <hr>
51991 <p><strong>iXsystems</strong></p>
51992 <p>###<a href="https://www.romanzolotarev.com/ssg.html">Static site generator with rsync and lowdown on OpenBSD</a></p>
51993 <ul>
51994 <li>
51995 <p>ssg is a tiny POSIX-compliant shell script with few dependencies:</p>
51996 </li>
51997 <li>
51998 <p>lowdown(1) to parse markdown,</p>
51999 </li>
52000 <li>
52001 <p>rsync(1) to copy temporary files, and</p>
52002 </li>
52003 <li>
52004 <p>entr(1) to watch file changes.</p>
52005 </li>
52006 <li>
52007 <p>It generates Markdown articles to a static website.</p>
52008 </li>
52009 <li>
52010 <p>It copies the current directory to a temporary on in /tmp skipping .* and _*, renders all Markdown articles to HTML, generates RSS feed based on links from index.html, extracts the first &lt;h1&gt; tag from every article to generate a sitemap and use it as a page title, then wraps articles with a single HTML template, copies everything from the temporary directory to $DOCS/</p>
52011 </li>
52012 </ul>
52013 <blockquote>
52014 <p>Why not Jekyll or “$X”?</p>
52015 </blockquote>
52016 <ul>
52017 <li>ssg is one hundred times smaller than Jekyll.</li>
52018 </ul>
52019 <blockquote>
52020 <p>ssg and its dependencies are about 800KB combined. Compare that to 78MB of ruby with Jekyll and all the gems. So ssg can be installed in just few seconds on almost any Unix-like operating system.<br>
52021 Obviously, ssg is tailored for my needs, it has all features I need and only those I use.<br>
52022 Keeping ssg helps you to master your Unix-shell skills: awk, grep, sed, sh, cut, tr. As a web developer you work with lots of text: code and data. So you better master these wonderful tools.</p>
52023 </blockquote>
52024 <ul>
52025 <li>Performance</li>
52026 </ul>
52027 <blockquote>
52028 <p>100 pps. On modern computers ssg generates a hundred pages per second. Half of a time for markdown rendering and another half for wrapping articles into the template. I heard good static site generators work—twice as fast—at 200 pps, so there’s lots of performance that can be gained. ;)</p>
52029 </blockquote>
52030 <hr>
52031 <p>###<a href="https://www.quora.com/Why-does-FreeBSD-have-virtually-no-0-desktop-market-share/answer/Terry-Lambert">Why does FreeBSD have virtually no (0%) desktop market share?</a></p>
52032 <ul>
52033 <li>Because someone made a horrible design decision back in 1984.</li>
52034 </ul>
52035 <blockquote>
52036 <p>In absolute fairness to those involved, it was an understandable decision, both from a research perspective, and from an economic perspective, although likely not, from a technology perspective.</p>
52037 </blockquote>
52038 <ul>
52039 <li>Why and what.</li>
52040 </ul>
52041 <blockquote>
52042 <p>The decision was taken because the X Window System was intended to run on cheap hardware, and, at the time, that meant reduced functionality in the end-point device with the physical display attached to it.<br>
52043 At the same time, another force was acting to also limit X displays to display services only, rather than rolling in both window management and specific widget instances for common operational paradigms.<br>
52044 Mostly, common operational paradigms didn’t really exist for windowing systems because they also simply didn’t exist at the time, and no one really knew how people were going to use the things, and so researchers didn’t want to commit future research to a set of hard constraints.<br>
52045 So a decision was made: separate the display services from the application at the lowest level of graphics primitives currently in use at the time.</p>
52046 </blockquote>
52047 <ul>
52048 <li>The ramifications of this were pretty staggering.</li>
52049 </ul>
52050 <blockquote>
52051 <p>First, it guaranteed that all higher level graphics would live on the host side of the X protocol, instead of on the display device side of the protocol.<br>
52052 Despite a good understanding of Moore’s law, and the fact that, since no X Terminals existed at the time as hardware, but were instead running as emulations on workstations that had sufficient capability, this put the higher level GUI object libraries — referred to as “widgets” — in host libraries linked into the applications.<br>
52053 Second, it guaranteed that display organization and management paradigms would also live on the host side of the protocol — assumed, in contradiction to the previous decision, to be running on the workstation.<br>
52054 But, presumably, at some point, as lightweight X Terminals became available, to migrate to a particular host computer managing compute resource login/access services.</p>
52055 </blockquote>
52056 <ul>
52057 <li>Between these early decisions reigned chaos.</li>
52058 </ul>
52059 <blockquote>
52060 <p>Specifically, the consequences of these decisions have been with us ever since:<br>
52061 Look-and-feel are a consequence of the toolkit chosen by the application programmer, rather than a user decision which applies universally to all applications.<br>
52062 You could call this “lack of a theme”, and — although I personally despise the idea of customizing or “theming” desktops — this meant that one paradigm chosen by the user would not apply universally across all applications, no matter who had written them.<br>
52063 Window management style is a preference.<br>
52064 You could call this a more radical version of “theming” — which you will remember, I despise — but a consequence to this is that training is not universal across personnel using such systems, nor is it transferrable.<br>
52065 In other words, I can’t send someone to a class, and have them come back and use the computers in the office as a tool, with the computer itself — and the elements not specific to the application itself — disappearing into the background.<br>
52066 Both of these ultimately render an X-based system unsuitable for desktops.<br>
52067 I can’t pay once for training. Training that I do pay for does not easily and naturally translate between applications. Each new version may radically alter the desktop management paradigm into unrecognizability.</p>
52068 </blockquote>
52069 <ul>
52070 <li>Is there hope for the future?</li>
52071 </ul>
52072 <blockquote>
52073 <p>Well, the Linux community has been working on something called Wayland, and it is very promising…<br>
52074 …In the same way X was “very promising” in 1984, because, unfortunately, they are making exactly the same mistakes X made in 1984, rather than correcting them, now that we have 20/20 hindsight, and know what a mature widget library should look like.<br>
52075 So Wayland is screwing up again.<br>
52076 But hey, it only took us, what, 25 years to get from X in 1987 to Wayland in in 2012.<br>
52077 Maybe if we try again in 2037, we can get to where Windows was in 1995.</p>
52078 </blockquote>
52079 <hr>
52080 <p>##Beastie Bits</p>
52081 <ul>
52082 <li><a href="https://twitter.com/FranckPachot/status/1012606253338591232">New washing machine comes with 7 pages of open source licenses!</a></li>
52083 <li><a href="https://www.bsdjobs.com/">BSD Jobs Site</a></li>
52084 <li><a href="https://www.freebsdfoundation.org/wp-content/uploads/2018/05/FreeBSD-Foundation-May-2018-Update.pdf">FreeBSD Foundation Update, May 2018</a></li>
52085 <li><a href="http://freebsdjournal.org/">FreeBSD Journal looking for book reviewers</a></li>
52086 <li><a href="https://ramsdenj.com/2018/05/29/zedenv-zfs-boot-environment-manager.html">zedenv ZFS Boot Environment Manager</a></li>
52087 </ul>
52088 <hr>
52089 <p><strong>Tarsnap</strong></p>
52090 <p>##Feedback/Questions</p>
52091 <ul>
52092 <li>Wouter - <a href="http://dpaste.com/28959CK#wrap">Feedback</a></li>
52093 <li>Efraim - <a href="http://dpaste.com/2RZ16K8#wrap">OS Suggestion</a></li>
52094 <li>kevr - <a href="http://dpaste.com/2PX7KSP#wrap">Raspberry Pi2/FreeBSD/Router on a Stick</a></li>
52095 <li>Vanja - <a href="http://dpaste.com/0ARSVWE#wrap">Interview Suggestion</a></li>
52096 </ul>
52097 <hr>
52098 <ul>
52099 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
52100 </ul>
52101 </description>
52102 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, tutorial, howto, guide, bsd, interview, MirBSD, korn shell, Plan9 Jehanne, sndiod, bsdcan, PineBook</itunes:keywords>
52103 <content:encoded>
52104 <![CDATA[<p>Fanless server setup with FreeBSD, NetBSD on pinebooks, another BSDCan trip report, transparent network audio, MirBSD's Korn Shell on Plan9, static site generators on OpenBSD, and more.</p>
52105
52106 <p>##Headlines<br>
52107 ###<a href="https://vermaden.wordpress.com/2018/06/07/silent-fanless-freebsd-desktop-server/">Silent Fanless FreeBSD Desktop/Server</a></p>
52108
52109 <blockquote>
52110 <p>Today I will write about silent fanless FreeBSD desktop or server computer … or NAS … or you name it, it can have multiple purposes. It also very low power solution, which also means that it will not overheat. Silent means no fans at all, even for the PSU. The format of the system should also be brought to minimum, so Mini-ITX seems best solution here.</p>
52111 </blockquote>
52112
52113 <blockquote>
52114 <p>I have chosen Intel based solutions as they are very low power (6-10W), if you prefer AMD (as I often do) the closest solution in comparable price and power is Biostar A68N-2100 motherboard with AMD E1-2100 CPU and 9W power. Of course AMD has even more low power SoC solutions but finding the Mini-ITX motherboard with decent price is not an easy task. For comparison Intel has lots of such solutions below 6W whose can be nicely filtered on the <a href="http://ark.intel.com">ark.intel.com</a> page. Pity that AMD does not provide such filtration for their products. I also chosen AES instructions as storage encryption (GELI on FreeBSD) today seems as obvious as HTTPS for the web pages.</p>
52115 </blockquote>
52116
52117 <ul>
52118 <li><a href="https://vermaden.files.wordpress.com/2018/06/itx-mobo.jpg">Here is how the system look powered up and working</a></li>
52119 </ul>
52120
52121 <blockquote>
52122 <p>This motherboard uses Intel J3355 SoC which uses 10W and has AES instructions. It has two cores at your disposal but it also supports VT-x and EPT extensions so you can even run Bhyve on it.</p>
52123 </blockquote>
52124
52125 <ul>
52126 <li>Components</li>
52127 </ul>
52128
52129 <blockquote>
52130 <p>Now, an example system would look like that one below, here are the components with their prices.</p>
52131 </blockquote>
52132
52133 <ul>
52134 <li>$49 CPU/Motherboard ASRock J3355B-ITX Mini-ITX</li>
52135 <li>$14 RAM Crucial 4 GB DDR3L 1.35V (low power)</li>
52136 <li>$17 PSU 12V 160W Pico (internal)</li>
52137 <li>$11 PSU 12V 96W FSP (external)</li>
52138 <li>$5 USB 2.0 Drive 16 GB ADATA</li>
52139 <li>$4 USB Wireless 802.11n</li>
52140 <li>$100 TOTAL</li>
52141 </ul>
52142
52143 <blockquote>
52144 <p>The PSU 12V 160W Pico (internal) and PSU 12V 96W FSP can be purchased on <a href="http://aliexpress.com">aliexpress.com</a> or <a href="http://ebay.com">ebay.com</a> for example, at least I got them there. Here is the 12V 160W Pico (internal) PSU and its optional additional cables to power the optional HDDs. If course its one SATA power and one MOLEX power so additional MOLEX-SATA power adapter for about 1$ would be needed. Here is the 12V 96W FSP (external) PSU without the power cord.</p>
52145 </blockquote>
52146
52147 <blockquote>
52148 <p>This gives as total silent fanless system price of about $120. Its about ONE TENTH OF THE COST of the cheapest FreeNAS hardware solution available – the FreeNAS Mini (Diskless) costs $1156 also without disks.</p>
52149 </blockquote>
52150
52151 <blockquote>
52152 <p>You can put plain FreeBSD on top of it or Solaris/Illumos distribution OmniOSce which is server oriented. You can use prebuilt NAS solution based on FreeBSD like FreeNAS, NAS4Free, ZFSguru or even Solaris/Illumos based storage with napp-it appliance.</p>
52153 </blockquote>
52154
52155 <p><hr></p>
52156
52157 <p>###<a href="https://blog.netbsd.org/tnf/entry/pinebook">An annotated look at a NetBSD Pinebook’s startup</a></p>
52158
52159 <ul>
52160 <li>Pinebook is an affordable 64-bit ARM notebook. Today we’re going to take a look at the kernel output at startup and talk about what hardware support is available on NetBSD.</li>
52161 <li><a href="https://twitter.com/jmcwhatever/status/998258710496628736/photo/1">Photo</a></li>
52162 <li>Pinebook comes with 2GB RAM standard. A small amount of this is reserved by the kernel and framebuffer.</li>
52163 <li>NetBSD uses flattened device-tree (FDT) to enumerate devices on all Allwinner based SoCs. On a running system, you can inspect the device tree using the ofctl(8) utility:</li>
52164 <li>Pinebook’s Allwinner A64 processor is based on the ARM Cortex-A53. It is designed to run at frequencies up to 1.2GHz.</li>
52165 <li>The A64 is a quad core design. NetBSD’s aarch64 pmap does not yet support SMP, so three cores are disabled for now.</li>
52166 <li>The interrupt controller is a standard ARM GIC-400 design.</li>
52167 <li>Clock drivers for managing PLLs, module clock dividers, clock gating, software resets, etc. Information about the clock tree is exported in the hw.clk sysctl namespace (root access required to read these values).</li>
52168 </ul>
52169
52170 <pre><code># sysctl hw.clk.sun50ia64ccu0.mmc2
52171 hw.clk.sun50ia64ccu0.mmc2.rate = 200000000
52172 hw.clk.sun50ia64ccu0.mmc2.parent = pll_periph0_2x
52173 hw.clk.sun50ia64ccu0.mmc2.parent_domain = sun50ia64ccu0
52174 </code></pre>
52175
52176 <p><hr></p>
52177
52178 <p><strong>Digital Ocean</strong><br>
52179 <a href="http://do.co/bsdnow">http://do.co/bsdnow</a></p>
52180
52181 <p>###<a href="https://www.freebsdfoundation.org/blog/bsdcan-2018-trip-report-mark-johnston/">BSDCan 2018 Trip Report: Mark Johnston</a></p>
52182
52183 <blockquote>
52184 <p>BSDCan is a highlight of my summers: the ability to have face-to-face conversations with fellow developers and contributors is invaluable and always helps refresh my enthusiasm for FreeBSD. While in a perfect world we would all be able to communicate effectively over the Internet, it’s often noted that locking a group of developers together in a room can be a very efficient way to make progress on projects that otherwise get strung out over time, and to me this is one of the principal functions of BSD conferences. In my case I was able to fix some kgdb bugs that had been hindering me for months; get some opinions on the design of a feature I’ve been working on for FreeBSD 12.0; hear about some ongoing usage of code that I’ve worked on; and do some pair-debugging of an issue that has been affecting another developer.<br>
52185 As is tradition, on Tuesday night I dropped off my things at the university residence where I was staying, and headed straight to the Royal Oak. This year it didn’t seem quite as packed with BSD developers, but I did meet several long-time colleagues and get a chance to catch up. In particular, I chatted with Justin Hibbits and got to hear about the bring-up of FreeBSD on POWER9, a new CPU family released by IBM. Justin was able to acquire a workstation based upon this CPU, which is a great motivator for getting FreeBSD into shape on that platform. POWER9 also has some promise in the server market, so it’s important for FreeBSD to be a viable OS choice there.<br>
52186 Wednesday morning saw the beginning of the two-day FreeBSD developer summit, which precedes the conference proper. Gordon Tetlow led the summit and did an excellent job organizing things and keeping to the schedule. The first presentation was by Deb Goodkin of the FreeBSD Foundation, who gave an overview of the Foundation’s role and activities. After Deb’s presentation, present members of the FreeBSD core team discussed the work they had done over the past two years, as well as open tasks that would be handed over to the new core team upon completion of the ongoing election. Finally, Marius Strobl rounded off the day’s presentations by discussing the state and responsibilities of FreeBSD’s release engineering team.<br>
52187 One side discussion of interest to me was around the notion of tightening integration with our Bugzilla instance; at moment we do not have any good means to mark a given bug as blocking a release, making it easy for bugs to slip into releases and thus lowering our overall quality. With FreeBSD 12.0 upon us, I plan to help with the triage and fixes for known regressions before the release process begins.<br>
52188 After a break, the rest of the morning was devoted to plans for features in upcoming FreeBSD releases. This is one of my favorite discussion topics and typically takes the form of have/need/want, where developers collectively list features that they’ve developed and intend to upstream (have), features that they are missing (need), and nice-to-have features (want). This year, instead of the usual format, we listed features that are intended to ship in FreeBSD 12.0. The compiled list ended up being quite ambitious given how close we are to the beginning of the release cycle, but many individual developers (including myself) have signed up to deliver work. I’m hopeful that most, if not all of it, will make it into the release.<br>
52189 After lunch, I attended a discussion led by Matt Ahrens and Alexander Motin on OpenZFS. Of particular interest to me were some observations made regarding the relative quantity and quality of contributions made by different “camps” of OpenZFS users (illumos, FreeBSD and ZoL), and their respective track records of upstreaming enhancements to the OpenZFS project. In part due to the high pace of changes in ZoL, the definition of “upstream” for ZFS has become murky, and of late ZFS changes have been ported directly from ZoL. Alexander discussed some known problems with ZFS on FreeBSD that have been discovered through performance testing. While I’m not familiar with ZFS internals, Alexander noted that ZFS’ write path has poor SMP scalability on FreeBSD owing to some limitations in a certain kernel API called taskqueue(9). I would like to explore this problem further and perhaps integrate a relatively new alternative interface which should perform better.<br>
52190 Friday and Saturday were, of course, taken up by BSDCan talks. Friday’s keynote was by Benno Rice, who provided some history of UNIX boot systems as a precursor to some discussion of systemd and the difficulties presented by a user and developer community that actively resist change. The rest of the morning was consumed by talks and passed by quickly. First was Colin Percival’s detailed examination of where the FreeBSD kernel spends time during boot, together with an overview of some infrastructure he added to track boot times. He also provided a list of improvements that have been made since he started taking measurements, and some areas we can further improve. Colin’s existing work in this area has already brought about substantial reductions in boot time; amusingly, one of the remaining large delays comes from the keyboard driver, which contains a workaround for old PS/2 keyboards. While there seems to be general agreement that the workaround is probably no longer needed on most systems, the lingering uncertainty around this prevents us from removing the workaround. This is, sadly, a fairly typical example of an OS maintenance burden, and underscores the need to carefully document hardware bug workarounds. After this talk, I got to see some rather novel demonstrations of system tracing using dwatch, a new utility by Devin Teske, which aims to provide a user-friendly interface to DTrace. After lunch, I attended talks on netdump, a protocol for transmitting kernel dumps over a network after the system has panicked, and on a VPC implementation for FreeBSD. After the talks ended, I headed yet again to the hacker lounge and had some fruitful discussions on early microcode loading (one of my features for FreeBSD 12.0). These led me to reconsider some aspects of my approach and saved me a lot of time. Finally, I continued my debugging session from Wednesday with help from a couple of other developers.<br>
52191 Saturday’s talks included a very thorough account by Li-Wen Hsu of his work in organizing a BSD conference in Taipei last year. As one of the attendees, I had felt that the conference had gone quite smoothly and was taken aback by the number of details and pitfalls that Li-Wen enumerated during his talk. This was followed by an excellent talk by Baptiste Daroussin on the difficulties one encounters when deploying FreeBSD in new environments. Baptiste offered criticisms of a number of aspects of FreeBSD, some of which hit close to home as they involved portions of the system that I’ve worked on.<br>
52192 At the conclusion of the talks, we all gathered in the main lecture hall, where Dan led a traditional and quite lively auction for charity. I managed to snag a Pine64 board and will be getting FreeBSD installed on it the first chance I get. At the end of the auction, we all headed to ByWard for dinner, concluding yet another BSDCan.</p>
52193 </blockquote>
52194
52195 <ul>
52196 <li>Thanks to Mark for sharing his experiences at this years BSDCan</li>
52197 </ul>
52198
52199 <p><hr></p>
52200
52201 <p>##News Roundup<br>
52202 ###<a href="https://undeadly.org/cgi?action=article&sid=20180410063454">Transparent network audio with mpd & sndiod</a></p>
52203
52204 <blockquote>
52205 <p>Landry Breuil (landry@ when wearing his developer hat) wrote in…</p>
52206 </blockquote>
52207
52208 <pre><code>I've been a huge fan of MPD over the years to centralize my audio collection, and i've been using it with the http output to stream the music as a radio on the computer i'm currently using…
52209
52210 audio_output {
52211 type "sndio"
52212 name "Local speakers"
52213 mixer_type "software"
52214 }
52215 audio_output {
52216 type "httpd"
52217 name "HTTP stream"
52218 mixer_type "software"
52219 encoder "vorbis"
52220 port "8000"
52221 format "44100:16:2"
52222 }
52223 this setup worked for years, allows me to stream my home radio to $work by tunnelling the port 8000 over ssh via LocalForward, but that still has some issues:
52224
52225 a distinct timing gap between the 'local output' (ie the speakers connected to the machine where MPD is running) and the 'http output' caused by the time it takes to reencode the stream, which is ugly when you walk through the house and have a 15s delay
52226 sometimes mplayer as a client doesn't detect the pauses in the stream and needs to be restarted
52227 i need to configure/start a client on each computer and point it at the sound server url (can do via gmpc shoutcast client plugin…)
52228 it's not that elegant to reencode the stream, and it wastes cpu cycles
52229 So the current scheme is:
52230
52231 mpd -> http output -> network -> mplayer -> sndiod on remote machine
52232 |
52233 -> sndio output -> sndiod on soundserver
52234 Fiddling a little bit with mpd outputs and reading the sndio output driver, i remembered sndiod has native network support… and the mpd sndio output allows you to specify a device (it uses SIO_DEVANY by default).
52235
52236 So in the end, it's super easy to:
52237
52238 enable network support in sndio on the remote machine i want the audio to play by adding -L<local ip> to sndiod_flags (i have two audio devices, with an input coming from the webcam):
52239 sndiod_flags="-L10.246.200.10 -f rsnd/0 -f rsnd/1"
52240 open pf on port 11025 from the sound server ip:
52241 pass in proto tcp from 10.246.200.1 to any port 11025
52242 configure a new output in mpd:
52243 audio_output {
52244 type "sndio"
52245 name "sndio on renton"
52246 device "snd@10.246.200.10/0"
52247 mixer_type "software"
52248 }
52249 and enable the new output in mpd:
52250 $mpc enable 2
52251 Output 1 (Local speakers) is disabled
52252 Output 2 (sndio on renton) is enabled
52253 Output 3 (HTTP stream) is disabled
52254 Results in a big win: no gap anymore with the local speakers, no reencoding, no need to configure a client to play the stream, and i can still probably reproduce the same scheme over ssh from $work using a RemoteForward.
52255
52256 mpd -> sndio output 2 -> network -> sndiod on remote machine
52257 |
52258 -> sndio output 1 -> sndiod on soundserver
52259 Thanks ratchov@ for sndiod :)
52260 </code></pre>
52261
52262 <p><hr></p>
52263
52264 <p>###<a href="https://www.mirbsd.org/permalinks/wlog-10_e20180415-tg.htm">MirBSD’s Korn Shell on Plan9 Jehanne</a></p>
52265
52266 <blockquote>
52267 <p>Let start by saying that I’m not really a C programmer.<br>
52268 My last public contribution to a POSIX C program was a little improvement to the Snort’s react module back in 2008.<br>
52269 So while I know the C language well enough, I do not know anything about the subtleness of the standard library and I have little experience with POSIX semantics.<br>
52270 This is not a big issue with Plan 9, since the C library and compiler are not standard anyway, but with Jehanne (a Plan 9 derivative of my own) I want to build a simple, loosely coupled, system that can actually run useful free software ported from UNIX.<br>
52271 So I ported RedHat’s newlib to Jehanne on top of a new system library I wrote, LibPOSIX, that provides the necessary emulations. I wrote several test, checking they run the same on Linux and Jehanne, and then I begun looking for a real-world, battle tested, application to port first.<br>
52272 I approached MirBSD’s Korn Shell for several reason:</p>
52273 </blockquote>
52274
52275 <ul>
52276 <li>it is simple, powerful and well written</li>
52277 <li>it has been ported to several different operating systems</li>
52278 <li>it has few dependencies</li>
52279 <li>it’s the default shell in Android, so it’s really battle tested</li>
52280 </ul>
52281
52282 <blockquote>
52283 <p>I was very confident. I had read the POSIX standard after all! And I had a test suite!<br>
52284 I remember, I thought “Given newlib, how hard can it be?”<br>
52285 The porting begun on September 1, 2017. It was completed by tg on January 5, 2018. 125 nights later.<br>
52286 Turn out, my POSIX emulation was badly broken. Not just because of the usual bugs that any piece of C can have: I didn’t understood most POSIX semantics at all!</p>
52287 </blockquote>
52288
52289 <p><hr></p>
52290
52291 <p><strong>iXsystems</strong></p>
52292
52293 <p>###<a href="https://www.romanzolotarev.com/ssg.html">Static site generator with rsync and lowdown on OpenBSD</a></p>
52294
52295 <ul>
52296 <li>
52297 <p>ssg is a tiny POSIX-compliant shell script with few dependencies:</p>
52298 </li>
52299 <li>
52300 <p>lowdown(1) to parse markdown,</p>
52301 </li>
52302 <li>
52303 <p>rsync(1) to copy temporary files, and</p>
52304 </li>
52305 <li>
52306 <p>entr(1) to watch file changes.</p>
52307 </li>
52308 <li>
52309 <p>It generates Markdown articles to a static website.</p>
52310 </li>
52311 <li>
52312 <p>It copies the current directory to a temporary on in /tmp skipping .* and _*, renders all Markdown articles to HTML, generates RSS feed based on links from index.html, extracts the first <h1> tag from every article to generate a sitemap and use it as a page title, then wraps articles with a single HTML template, copies everything from the temporary directory to $DOCS/</p>
52313 </li>
52314 </ul>
52315
52316 <blockquote>
52317 <p>Why not Jekyll or “$X”?</p>
52318 </blockquote>
52319
52320 <ul>
52321 <li>ssg is one hundred times smaller than Jekyll.</li>
52322 </ul>
52323
52324 <blockquote>
52325 <p>ssg and its dependencies are about 800KB combined. Compare that to 78MB of ruby with Jekyll and all the gems. So ssg can be installed in just few seconds on almost any Unix-like operating system.<br>
52326 Obviously, ssg is tailored for my needs, it has all features I need and only those I use.<br>
52327 Keeping ssg helps you to master your Unix-shell skills: awk, grep, sed, sh, cut, tr. As a web developer you work with lots of text: code and data. So you better master these wonderful tools.</p>
52328 </blockquote>
52329
52330 <ul>
52331 <li>Performance</li>
52332 </ul>
52333
52334 <blockquote>
52335 <p>100 pps. On modern computers ssg generates a hundred pages per second. Half of a time for markdown rendering and another half for wrapping articles into the template. I heard good static site generators work—twice as fast—at 200 pps, so there’s lots of performance that can be gained. ;)</p>
52336 </blockquote>
52337
52338 <p><hr></p>
52339
52340 <p>###<a href="https://www.quora.com/Why-does-FreeBSD-have-virtually-no-0-desktop-market-share/answer/Terry-Lambert">Why does FreeBSD have virtually no (0%) desktop market share?</a></p>
52341
52342 <ul>
52343 <li>Because someone made a horrible design decision back in 1984.</li>
52344 </ul>
52345
52346 <blockquote>
52347 <p>In absolute fairness to those involved, it was an understandable decision, both from a research perspective, and from an economic perspective, although likely not, from a technology perspective.</p>
52348 </blockquote>
52349
52350 <ul>
52351 <li>Why and what.</li>
52352 </ul>
52353
52354 <blockquote>
52355 <p>The decision was taken because the X Window System was intended to run on cheap hardware, and, at the time, that meant reduced functionality in the end-point device with the physical display attached to it.<br>
52356 At the same time, another force was acting to also limit X displays to display services only, rather than rolling in both window management and specific widget instances for common operational paradigms.<br>
52357 Mostly, common operational paradigms didn’t really exist for windowing systems because they also simply didn’t exist at the time, and no one really knew how people were going to use the things, and so researchers didn’t want to commit future research to a set of hard constraints.<br>
52358 So a decision was made: separate the display services from the application at the lowest level of graphics primitives currently in use at the time.</p>
52359 </blockquote>
52360
52361 <ul>
52362 <li>The ramifications of this were pretty staggering.</li>
52363 </ul>
52364
52365 <blockquote>
52366 <p>First, it guaranteed that all higher level graphics would live on the host side of the X protocol, instead of on the display device side of the protocol.<br>
52367 Despite a good understanding of Moore’s law, and the fact that, since no X Terminals existed at the time as hardware, but were instead running as emulations on workstations that had sufficient capability, this put the higher level GUI object libraries — referred to as “widgets” — in host libraries linked into the applications.<br>
52368 Second, it guaranteed that display organization and management paradigms would also live on the host side of the protocol — assumed, in contradiction to the previous decision, to be running on the workstation.<br>
52369 But, presumably, at some point, as lightweight X Terminals became available, to migrate to a particular host computer managing compute resource login/access services.</p>
52370 </blockquote>
52371
52372 <ul>
52373 <li>Between these early decisions reigned chaos.</li>
52374 </ul>
52375
52376 <blockquote>
52377 <p>Specifically, the consequences of these decisions have been with us ever since:<br>
52378 Look-and-feel are a consequence of the toolkit chosen by the application programmer, rather than a user decision which applies universally to all applications.<br>
52379 You could call this “lack of a theme”, and — although I personally despise the idea of customizing or “theming” desktops — this meant that one paradigm chosen by the user would not apply universally across all applications, no matter who had written them.<br>
52380 Window management style is a preference.<br>
52381 You could call this a more radical version of “theming” — which you will remember, I despise — but a consequence to this is that training is not universal across personnel using such systems, nor is it transferrable.<br>
52382 In other words, I can’t send someone to a class, and have them come back and use the computers in the office as a tool, with the computer itself — and the elements not specific to the application itself — disappearing into the background.<br>
52383 Both of these ultimately render an X-based system unsuitable for desktops.<br>
52384 I can’t pay once for training. Training that I do pay for does not easily and naturally translate between applications. Each new version may radically alter the desktop management paradigm into unrecognizability.</p>
52385 </blockquote>
52386
52387 <ul>
52388 <li>Is there hope for the future?</li>
52389 </ul>
52390
52391 <blockquote>
52392 <p>Well, the Linux community has been working on something called Wayland, and it is very promising…<br>
52393 …In the same way X was “very promising” in 1984, because, unfortunately, they are making exactly the same mistakes X made in 1984, rather than correcting them, now that we have 20/20 hindsight, and know what a mature widget library should look like.<br>
52394 So Wayland is screwing up again.<br>
52395 But hey, it only took us, what, 25 years to get from X in 1987 to Wayland in in 2012.<br>
52396 Maybe if we try again in 2037, we can get to where Windows was in 1995.</p>
52397 </blockquote>
52398
52399 <p><hr></p>
52400
52401 <p>##Beastie Bits</p>
52402
52403 <ul>
52404 <li><a href="https://twitter.com/FranckPachot/status/1012606253338591232">New washing machine comes with 7 pages of open source licenses!</a></li>
52405 <li><a href="https://www.bsdjobs.com/">BSD Jobs Site</a></li>
52406 <li><a href="https://www.freebsdfoundation.org/wp-content/uploads/2018/05/FreeBSD-Foundation-May-2018-Update.pdf">FreeBSD Foundation Update, May 2018</a></li>
52407 <li><a href="http://freebsdjournal.org/">FreeBSD Journal looking for book reviewers</a></li>
52408 <li><a href="https://ramsdenj.com/2018/05/29/zedenv-zfs-boot-environment-manager.html">zedenv ZFS Boot Environment Manager</a></li>
52409 </ul>
52410
52411 <p><hr></p>
52412
52413 <p><strong>Tarsnap</strong></p>
52414
52415 <p>##Feedback/Questions</p>
52416
52417 <ul>
52418 <li>Wouter - <a href="http://dpaste.com/28959CK#wrap">Feedback</a></li>
52419 <li>Efraim - <a href="http://dpaste.com/2RZ16K8#wrap">OS Suggestion</a></li>
52420 <li>kevr - <a href="http://dpaste.com/2PX7KSP#wrap">Raspberry Pi2/FreeBSD/Router on a Stick</a></li>
52421 <li>Vanja - <a href="http://dpaste.com/0ARSVWE#wrap">Interview Suggestion</a></li>
52422 </ul>
52423
52424 <p><hr></p>
52425
52426 <ul>
52427 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
52428 </ul>]]>
52429 </content:encoded>
52430 <itunes:summary>
52431 <![CDATA[<p>Fanless server setup with FreeBSD, NetBSD on pinebooks, another BSDCan trip report, transparent network audio, MirBSD's Korn Shell on Plan9, static site generators on OpenBSD, and more.</p>
52432
52433 <p>##Headlines<br>
52434 ###<a href="https://vermaden.wordpress.com/2018/06/07/silent-fanless-freebsd-desktop-server/">Silent Fanless FreeBSD Desktop/Server</a></p>
52435
52436 <blockquote>
52437 <p>Today I will write about silent fanless FreeBSD desktop or server computer … or NAS … or you name it, it can have multiple purposes. It also very low power solution, which also means that it will not overheat. Silent means no fans at all, even for the PSU. The format of the system should also be brought to minimum, so Mini-ITX seems best solution here.</p>
52438 </blockquote>
52439
52440 <blockquote>
52441 <p>I have chosen Intel based solutions as they are very low power (6-10W), if you prefer AMD (as I often do) the closest solution in comparable price and power is Biostar A68N-2100 motherboard with AMD E1-2100 CPU and 9W power. Of course AMD has even more low power SoC solutions but finding the Mini-ITX motherboard with decent price is not an easy task. For comparison Intel has lots of such solutions below 6W whose can be nicely filtered on the <a href="http://ark.intel.com">ark.intel.com</a> page. Pity that AMD does not provide such filtration for their products. I also chosen AES instructions as storage encryption (GELI on FreeBSD) today seems as obvious as HTTPS for the web pages.</p>
52442 </blockquote>
52443
52444 <ul>
52445 <li><a href="https://vermaden.files.wordpress.com/2018/06/itx-mobo.jpg">Here is how the system look powered up and working</a></li>
52446 </ul>
52447
52448 <blockquote>
52449 <p>This motherboard uses Intel J3355 SoC which uses 10W and has AES instructions. It has two cores at your disposal but it also supports VT-x and EPT extensions so you can even run Bhyve on it.</p>
52450 </blockquote>
52451
52452 <ul>
52453 <li>Components</li>
52454 </ul>
52455
52456 <blockquote>
52457 <p>Now, an example system would look like that one below, here are the components with their prices.</p>
52458 </blockquote>
52459
52460 <ul>
52461 <li>$49 CPU/Motherboard ASRock J3355B-ITX Mini-ITX</li>
52462 <li>$14 RAM Crucial 4 GB DDR3L 1.35V (low power)</li>
52463 <li>$17 PSU 12V 160W Pico (internal)</li>
52464 <li>$11 PSU 12V 96W FSP (external)</li>
52465 <li>$5 USB 2.0 Drive 16 GB ADATA</li>
52466 <li>$4 USB Wireless 802.11n</li>
52467 <li>$100 TOTAL</li>
52468 </ul>
52469
52470 <blockquote>
52471 <p>The PSU 12V 160W Pico (internal) and PSU 12V 96W FSP can be purchased on <a href="http://aliexpress.com">aliexpress.com</a> or <a href="http://ebay.com">ebay.com</a> for example, at least I got them there. Here is the 12V 160W Pico (internal) PSU and its optional additional cables to power the optional HDDs. If course its one SATA power and one MOLEX power so additional MOLEX-SATA power adapter for about 1$ would be needed. Here is the 12V 96W FSP (external) PSU without the power cord.</p>
52472 </blockquote>
52473
52474 <blockquote>
52475 <p>This gives as total silent fanless system price of about $120. Its about ONE TENTH OF THE COST of the cheapest FreeNAS hardware solution available – the FreeNAS Mini (Diskless) costs $1156 also without disks.</p>
52476 </blockquote>
52477
52478 <blockquote>
52479 <p>You can put plain FreeBSD on top of it or Solaris/Illumos distribution OmniOSce which is server oriented. You can use prebuilt NAS solution based on FreeBSD like FreeNAS, NAS4Free, ZFSguru or even Solaris/Illumos based storage with napp-it appliance.</p>
52480 </blockquote>
52481
52482 <p><hr></p>
52483
52484 <p>###<a href="https://blog.netbsd.org/tnf/entry/pinebook">An annotated look at a NetBSD Pinebook’s startup</a></p>
52485
52486 <ul>
52487 <li>Pinebook is an affordable 64-bit ARM notebook. Today we’re going to take a look at the kernel output at startup and talk about what hardware support is available on NetBSD.</li>
52488 <li><a href="https://twitter.com/jmcwhatever/status/998258710496628736/photo/1">Photo</a></li>
52489 <li>Pinebook comes with 2GB RAM standard. A small amount of this is reserved by the kernel and framebuffer.</li>
52490 <li>NetBSD uses flattened device-tree (FDT) to enumerate devices on all Allwinner based SoCs. On a running system, you can inspect the device tree using the ofctl(8) utility:</li>
52491 <li>Pinebook’s Allwinner A64 processor is based on the ARM Cortex-A53. It is designed to run at frequencies up to 1.2GHz.</li>
52492 <li>The A64 is a quad core design. NetBSD’s aarch64 pmap does not yet support SMP, so three cores are disabled for now.</li>
52493 <li>The interrupt controller is a standard ARM GIC-400 design.</li>
52494 <li>Clock drivers for managing PLLs, module clock dividers, clock gating, software resets, etc. Information about the clock tree is exported in the hw.clk sysctl namespace (root access required to read these values).</li>
52495 </ul>
52496
52497 <pre><code># sysctl hw.clk.sun50ia64ccu0.mmc2
52498 hw.clk.sun50ia64ccu0.mmc2.rate = 200000000
52499 hw.clk.sun50ia64ccu0.mmc2.parent = pll_periph0_2x
52500 hw.clk.sun50ia64ccu0.mmc2.parent_domain = sun50ia64ccu0
52501 </code></pre>
52502
52503 <p><hr></p>
52504
52505 <p><strong>Digital Ocean</strong><br>
52506 <a href="http://do.co/bsdnow">http://do.co/bsdnow</a></p>
52507
52508 <p>###<a href="https://www.freebsdfoundation.org/blog/bsdcan-2018-trip-report-mark-johnston/">BSDCan 2018 Trip Report: Mark Johnston</a></p>
52509
52510 <blockquote>
52511 <p>BSDCan is a highlight of my summers: the ability to have face-to-face conversations with fellow developers and contributors is invaluable and always helps refresh my enthusiasm for FreeBSD. While in a perfect world we would all be able to communicate effectively over the Internet, it’s often noted that locking a group of developers together in a room can be a very efficient way to make progress on projects that otherwise get strung out over time, and to me this is one of the principal functions of BSD conferences. In my case I was able to fix some kgdb bugs that had been hindering me for months; get some opinions on the design of a feature I’ve been working on for FreeBSD 12.0; hear about some ongoing usage of code that I’ve worked on; and do some pair-debugging of an issue that has been affecting another developer.<br>
52512 As is tradition, on Tuesday night I dropped off my things at the university residence where I was staying, and headed straight to the Royal Oak. This year it didn’t seem quite as packed with BSD developers, but I did meet several long-time colleagues and get a chance to catch up. In particular, I chatted with Justin Hibbits and got to hear about the bring-up of FreeBSD on POWER9, a new CPU family released by IBM. Justin was able to acquire a workstation based upon this CPU, which is a great motivator for getting FreeBSD into shape on that platform. POWER9 also has some promise in the server market, so it’s important for FreeBSD to be a viable OS choice there.<br>
52513 Wednesday morning saw the beginning of the two-day FreeBSD developer summit, which precedes the conference proper. Gordon Tetlow led the summit and did an excellent job organizing things and keeping to the schedule. The first presentation was by Deb Goodkin of the FreeBSD Foundation, who gave an overview of the Foundation’s role and activities. After Deb’s presentation, present members of the FreeBSD core team discussed the work they had done over the past two years, as well as open tasks that would be handed over to the new core team upon completion of the ongoing election. Finally, Marius Strobl rounded off the day’s presentations by discussing the state and responsibilities of FreeBSD’s release engineering team.<br>
52514 One side discussion of interest to me was around the notion of tightening integration with our Bugzilla instance; at moment we do not have any good means to mark a given bug as blocking a release, making it easy for bugs to slip into releases and thus lowering our overall quality. With FreeBSD 12.0 upon us, I plan to help with the triage and fixes for known regressions before the release process begins.<br>
52515 After a break, the rest of the morning was devoted to plans for features in upcoming FreeBSD releases. This is one of my favorite discussion topics and typically takes the form of have/need/want, where developers collectively list features that they’ve developed and intend to upstream (have), features that they are missing (need), and nice-to-have features (want). This year, instead of the usual format, we listed features that are intended to ship in FreeBSD 12.0. The compiled list ended up being quite ambitious given how close we are to the beginning of the release cycle, but many individual developers (including myself) have signed up to deliver work. I’m hopeful that most, if not all of it, will make it into the release.<br>
52516 After lunch, I attended a discussion led by Matt Ahrens and Alexander Motin on OpenZFS. Of particular interest to me were some observations made regarding the relative quantity and quality of contributions made by different “camps” of OpenZFS users (illumos, FreeBSD and ZoL), and their respective track records of upstreaming enhancements to the OpenZFS project. In part due to the high pace of changes in ZoL, the definition of “upstream” for ZFS has become murky, and of late ZFS changes have been ported directly from ZoL. Alexander discussed some known problems with ZFS on FreeBSD that have been discovered through performance testing. While I’m not familiar with ZFS internals, Alexander noted that ZFS’ write path has poor SMP scalability on FreeBSD owing to some limitations in a certain kernel API called taskqueue(9). I would like to explore this problem further and perhaps integrate a relatively new alternative interface which should perform better.<br>
52517 Friday and Saturday were, of course, taken up by BSDCan talks. Friday’s keynote was by Benno Rice, who provided some history of UNIX boot systems as a precursor to some discussion of systemd and the difficulties presented by a user and developer community that actively resist change. The rest of the morning was consumed by talks and passed by quickly. First was Colin Percival’s detailed examination of where the FreeBSD kernel spends time during boot, together with an overview of some infrastructure he added to track boot times. He also provided a list of improvements that have been made since he started taking measurements, and some areas we can further improve. Colin’s existing work in this area has already brought about substantial reductions in boot time; amusingly, one of the remaining large delays comes from the keyboard driver, which contains a workaround for old PS/2 keyboards. While there seems to be general agreement that the workaround is probably no longer needed on most systems, the lingering uncertainty around this prevents us from removing the workaround. This is, sadly, a fairly typical example of an OS maintenance burden, and underscores the need to carefully document hardware bug workarounds. After this talk, I got to see some rather novel demonstrations of system tracing using dwatch, a new utility by Devin Teske, which aims to provide a user-friendly interface to DTrace. After lunch, I attended talks on netdump, a protocol for transmitting kernel dumps over a network after the system has panicked, and on a VPC implementation for FreeBSD. After the talks ended, I headed yet again to the hacker lounge and had some fruitful discussions on early microcode loading (one of my features for FreeBSD 12.0). These led me to reconsider some aspects of my approach and saved me a lot of time. Finally, I continued my debugging session from Wednesday with help from a couple of other developers.<br>
52518 Saturday’s talks included a very thorough account by Li-Wen Hsu of his work in organizing a BSD conference in Taipei last year. As one of the attendees, I had felt that the conference had gone quite smoothly and was taken aback by the number of details and pitfalls that Li-Wen enumerated during his talk. This was followed by an excellent talk by Baptiste Daroussin on the difficulties one encounters when deploying FreeBSD in new environments. Baptiste offered criticisms of a number of aspects of FreeBSD, some of which hit close to home as they involved portions of the system that I’ve worked on.<br>
52519 At the conclusion of the talks, we all gathered in the main lecture hall, where Dan led a traditional and quite lively auction for charity. I managed to snag a Pine64 board and will be getting FreeBSD installed on it the first chance I get. At the end of the auction, we all headed to ByWard for dinner, concluding yet another BSDCan.</p>
52520 </blockquote>
52521
52522 <ul>
52523 <li>Thanks to Mark for sharing his experiences at this years BSDCan</li>
52524 </ul>
52525
52526 <p><hr></p>
52527
52528 <p>##News Roundup<br>
52529 ###<a href="https://undeadly.org/cgi?action=article&sid=20180410063454">Transparent network audio with mpd & sndiod</a></p>
52530
52531 <blockquote>
52532 <p>Landry Breuil (landry@ when wearing his developer hat) wrote in…</p>
52533 </blockquote>
52534
52535 <pre><code>I've been a huge fan of MPD over the years to centralize my audio collection, and i've been using it with the http output to stream the music as a radio on the computer i'm currently using…
52536
52537 audio_output {
52538 type "sndio"
52539 name "Local speakers"
52540 mixer_type "software"
52541 }
52542 audio_output {
52543 type "httpd"
52544 name "HTTP stream"
52545 mixer_type "software"
52546 encoder "vorbis"
52547 port "8000"
52548 format "44100:16:2"
52549 }
52550 this setup worked for years, allows me to stream my home radio to $work by tunnelling the port 8000 over ssh via LocalForward, but that still has some issues:
52551
52552 a distinct timing gap between the 'local output' (ie the speakers connected to the machine where MPD is running) and the 'http output' caused by the time it takes to reencode the stream, which is ugly when you walk through the house and have a 15s delay
52553 sometimes mplayer as a client doesn't detect the pauses in the stream and needs to be restarted
52554 i need to configure/start a client on each computer and point it at the sound server url (can do via gmpc shoutcast client plugin…)
52555 it's not that elegant to reencode the stream, and it wastes cpu cycles
52556 So the current scheme is:
52557
52558 mpd -> http output -> network -> mplayer -> sndiod on remote machine
52559 |
52560 -> sndio output -> sndiod on soundserver
52561 Fiddling a little bit with mpd outputs and reading the sndio output driver, i remembered sndiod has native network support… and the mpd sndio output allows you to specify a device (it uses SIO_DEVANY by default).
52562
52563 So in the end, it's super easy to:
52564
52565 enable network support in sndio on the remote machine i want the audio to play by adding -L<local ip> to sndiod_flags (i have two audio devices, with an input coming from the webcam):
52566 sndiod_flags="-L10.246.200.10 -f rsnd/0 -f rsnd/1"
52567 open pf on port 11025 from the sound server ip:
52568 pass in proto tcp from 10.246.200.1 to any port 11025
52569 configure a new output in mpd:
52570 audio_output {
52571 type "sndio"
52572 name "sndio on renton"
52573 device "snd@10.246.200.10/0"
52574 mixer_type "software"
52575 }
52576 and enable the new output in mpd:
52577 $mpc enable 2
52578 Output 1 (Local speakers) is disabled
52579 Output 2 (sndio on renton) is enabled
52580 Output 3 (HTTP stream) is disabled
52581 Results in a big win: no gap anymore with the local speakers, no reencoding, no need to configure a client to play the stream, and i can still probably reproduce the same scheme over ssh from $work using a RemoteForward.
52582
52583 mpd -> sndio output 2 -> network -> sndiod on remote machine
52584 |
52585 -> sndio output 1 -> sndiod on soundserver
52586 Thanks ratchov@ for sndiod :)
52587 </code></pre>
52588
52589 <p><hr></p>
52590
52591 <p>###<a href="https://www.mirbsd.org/permalinks/wlog-10_e20180415-tg.htm">MirBSD’s Korn Shell on Plan9 Jehanne</a></p>
52592
52593 <blockquote>
52594 <p>Let start by saying that I’m not really a C programmer.<br>
52595 My last public contribution to a POSIX C program was a little improvement to the Snort’s react module back in 2008.<br>
52596 So while I know the C language well enough, I do not know anything about the subtleness of the standard library and I have little experience with POSIX semantics.<br>
52597 This is not a big issue with Plan 9, since the C library and compiler are not standard anyway, but with Jehanne (a Plan 9 derivative of my own) I want to build a simple, loosely coupled, system that can actually run useful free software ported from UNIX.<br>
52598 So I ported RedHat’s newlib to Jehanne on top of a new system library I wrote, LibPOSIX, that provides the necessary emulations. I wrote several test, checking they run the same on Linux and Jehanne, and then I begun looking for a real-world, battle tested, application to port first.<br>
52599 I approached MirBSD’s Korn Shell for several reason:</p>
52600 </blockquote>
52601
52602 <ul>
52603 <li>it is simple, powerful and well written</li>
52604 <li>it has been ported to several different operating systems</li>
52605 <li>it has few dependencies</li>
52606 <li>it’s the default shell in Android, so it’s really battle tested</li>
52607 </ul>
52608
52609 <blockquote>
52610 <p>I was very confident. I had read the POSIX standard after all! And I had a test suite!<br>
52611 I remember, I thought “Given newlib, how hard can it be?”<br>
52612 The porting begun on September 1, 2017. It was completed by tg on January 5, 2018. 125 nights later.<br>
52613 Turn out, my POSIX emulation was badly broken. Not just because of the usual bugs that any piece of C can have: I didn’t understood most POSIX semantics at all!</p>
52614 </blockquote>
52615
52616 <p><hr></p>
52617
52618 <p><strong>iXsystems</strong></p>
52619
52620 <p>###<a href="https://www.romanzolotarev.com/ssg.html">Static site generator with rsync and lowdown on OpenBSD</a></p>
52621
52622 <ul>
52623 <li>
52624 <p>ssg is a tiny POSIX-compliant shell script with few dependencies:</p>
52625 </li>
52626 <li>
52627 <p>lowdown(1) to parse markdown,</p>
52628 </li>
52629 <li>
52630 <p>rsync(1) to copy temporary files, and</p>
52631 </li>
52632 <li>
52633 <p>entr(1) to watch file changes.</p>
52634 </li>
52635 <li>
52636 <p>It generates Markdown articles to a static website.</p>
52637 </li>
52638 <li>
52639 <p>It copies the current directory to a temporary on in /tmp skipping .* and _*, renders all Markdown articles to HTML, generates RSS feed based on links from index.html, extracts the first <h1> tag from every article to generate a sitemap and use it as a page title, then wraps articles with a single HTML template, copies everything from the temporary directory to $DOCS/</p>
52640 </li>
52641 </ul>
52642
52643 <blockquote>
52644 <p>Why not Jekyll or “$X”?</p>
52645 </blockquote>
52646
52647 <ul>
52648 <li>ssg is one hundred times smaller than Jekyll.</li>
52649 </ul>
52650
52651 <blockquote>
52652 <p>ssg and its dependencies are about 800KB combined. Compare that to 78MB of ruby with Jekyll and all the gems. So ssg can be installed in just few seconds on almost any Unix-like operating system.<br>
52653 Obviously, ssg is tailored for my needs, it has all features I need and only those I use.<br>
52654 Keeping ssg helps you to master your Unix-shell skills: awk, grep, sed, sh, cut, tr. As a web developer you work with lots of text: code and data. So you better master these wonderful tools.</p>
52655 </blockquote>
52656
52657 <ul>
52658 <li>Performance</li>
52659 </ul>
52660
52661 <blockquote>
52662 <p>100 pps. On modern computers ssg generates a hundred pages per second. Half of a time for markdown rendering and another half for wrapping articles into the template. I heard good static site generators work—twice as fast—at 200 pps, so there’s lots of performance that can be gained. ;)</p>
52663 </blockquote>
52664
52665 <p><hr></p>
52666
52667 <p>###<a href="https://www.quora.com/Why-does-FreeBSD-have-virtually-no-0-desktop-market-share/answer/Terry-Lambert">Why does FreeBSD have virtually no (0%) desktop market share?</a></p>
52668
52669 <ul>
52670 <li>Because someone made a horrible design decision back in 1984.</li>
52671 </ul>
52672
52673 <blockquote>
52674 <p>In absolute fairness to those involved, it was an understandable decision, both from a research perspective, and from an economic perspective, although likely not, from a technology perspective.</p>
52675 </blockquote>
52676
52677 <ul>
52678 <li>Why and what.</li>
52679 </ul>
52680
52681 <blockquote>
52682 <p>The decision was taken because the X Window System was intended to run on cheap hardware, and, at the time, that meant reduced functionality in the end-point device with the physical display attached to it.<br>
52683 At the same time, another force was acting to also limit X displays to display services only, rather than rolling in both window management and specific widget instances for common operational paradigms.<br>
52684 Mostly, common operational paradigms didn’t really exist for windowing systems because they also simply didn’t exist at the time, and no one really knew how people were going to use the things, and so researchers didn’t want to commit future research to a set of hard constraints.<br>
52685 So a decision was made: separate the display services from the application at the lowest level of graphics primitives currently in use at the time.</p>
52686 </blockquote>
52687
52688 <ul>
52689 <li>The ramifications of this were pretty staggering.</li>
52690 </ul>
52691
52692 <blockquote>
52693 <p>First, it guaranteed that all higher level graphics would live on the host side of the X protocol, instead of on the display device side of the protocol.<br>
52694 Despite a good understanding of Moore’s law, and the fact that, since no X Terminals existed at the time as hardware, but were instead running as emulations on workstations that had sufficient capability, this put the higher level GUI object libraries — referred to as “widgets” — in host libraries linked into the applications.<br>
52695 Second, it guaranteed that display organization and management paradigms would also live on the host side of the protocol — assumed, in contradiction to the previous decision, to be running on the workstation.<br>
52696 But, presumably, at some point, as lightweight X Terminals became available, to migrate to a particular host computer managing compute resource login/access services.</p>
52697 </blockquote>
52698
52699 <ul>
52700 <li>Between these early decisions reigned chaos.</li>
52701 </ul>
52702
52703 <blockquote>
52704 <p>Specifically, the consequences of these decisions have been with us ever since:<br>
52705 Look-and-feel are a consequence of the toolkit chosen by the application programmer, rather than a user decision which applies universally to all applications.<br>
52706 You could call this “lack of a theme”, and — although I personally despise the idea of customizing or “theming” desktops — this meant that one paradigm chosen by the user would not apply universally across all applications, no matter who had written them.<br>
52707 Window management style is a preference.<br>
52708 You could call this a more radical version of “theming” — which you will remember, I despise — but a consequence to this is that training is not universal across personnel using such systems, nor is it transferrable.<br>
52709 In other words, I can’t send someone to a class, and have them come back and use the computers in the office as a tool, with the computer itself — and the elements not specific to the application itself — disappearing into the background.<br>
52710 Both of these ultimately render an X-based system unsuitable for desktops.<br>
52711 I can’t pay once for training. Training that I do pay for does not easily and naturally translate between applications. Each new version may radically alter the desktop management paradigm into unrecognizability.</p>
52712 </blockquote>
52713
52714 <ul>
52715 <li>Is there hope for the future?</li>
52716 </ul>
52717
52718 <blockquote>
52719 <p>Well, the Linux community has been working on something called Wayland, and it is very promising…<br>
52720 …In the same way X was “very promising” in 1984, because, unfortunately, they are making exactly the same mistakes X made in 1984, rather than correcting them, now that we have 20/20 hindsight, and know what a mature widget library should look like.<br>
52721 So Wayland is screwing up again.<br>
52722 But hey, it only took us, what, 25 years to get from X in 1987 to Wayland in in 2012.<br>
52723 Maybe if we try again in 2037, we can get to where Windows was in 1995.</p>
52724 </blockquote>
52725
52726 <p><hr></p>
52727
52728 <p>##Beastie Bits</p>
52729
52730 <ul>
52731 <li><a href="https://twitter.com/FranckPachot/status/1012606253338591232">New washing machine comes with 7 pages of open source licenses!</a></li>
52732 <li><a href="https://www.bsdjobs.com/">BSD Jobs Site</a></li>
52733 <li><a href="https://www.freebsdfoundation.org/wp-content/uploads/2018/05/FreeBSD-Foundation-May-2018-Update.pdf">FreeBSD Foundation Update, May 2018</a></li>
52734 <li><a href="http://freebsdjournal.org/">FreeBSD Journal looking for book reviewers</a></li>
52735 <li><a href="https://ramsdenj.com/2018/05/29/zedenv-zfs-boot-environment-manager.html">zedenv ZFS Boot Environment Manager</a></li>
52736 </ul>
52737
52738 <p><hr></p>
52739
52740 <p><strong>Tarsnap</strong></p>
52741
52742 <p>##Feedback/Questions</p>
52743
52744 <ul>
52745 <li>Wouter - <a href="http://dpaste.com/28959CK#wrap">Feedback</a></li>
52746 <li>Efraim - <a href="http://dpaste.com/2RZ16K8#wrap">OS Suggestion</a></li>
52747 <li>kevr - <a href="http://dpaste.com/2PX7KSP#wrap">Raspberry Pi2/FreeBSD/Router on a Stick</a></li>
52748 <li>Vanja - <a href="http://dpaste.com/0ARSVWE#wrap">Interview Suggestion</a></li>
52749 </ul>
52750
52751 <p><hr></p>
52752
52753 <ul>
52754 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
52755 </ul>]]>
52756 </itunes:summary>
52757 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+hsPCTMRf</fireside:playerURL>
52758 <fireside:playerEmbedCode>
52759 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+hsPCTMRf" width="740" height="200" frameborder="0" scrolling="no">]]>
52760 </fireside:playerEmbedCode>
52761 </item>
52762 <item>
52763 <title>Episode 252: Goes to 11.2 | BSD Now 252</title>
52764 <link>https://www.bsdnow.tv/252</link>
52765 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-2170</guid>
52766 <pubDate>Thu, 28 Jun 2018 00:00:00 -0700</pubDate>
52767 <author>Allan Jude</author>
52768 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ee4c7eca-8ae4-44bc-965b-9631a9d99865.mp3" length="56727001" type="audio/mp3"/>
52769 <itunes:episodeType>full</itunes:episodeType>
52770 <itunes:author>Allan Jude</itunes:author>
52771 <itunes:subtitle>FreeBSD 11.2 has been released, setting up an MTA behind Tor, running pfsense on DigitalOcean, one year of C, using OpenBGPD to announce VM networks, the power to serve, and a BSDCan trip report.</itunes:subtitle>
52772 <itunes:duration>1:34:26</itunes:duration>
52773 <itunes:explicit>no</itunes:explicit>
52774 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
52775 <description>FreeBSD 11.2 has been released, setting up an MTA behind Tor, running pfsense on DigitalOcean, one year of C, using OpenBGPD to announce VM networks, the power to serve, and a BSDCan trip report.
52776 <p>##Headlines<br>
52777 <a href="https://www.freebsd.org/releases/11.2R/announce.html">FreeBSD 11.2-RELEASE Available</a></p>
52778 <ul>
52779 <li>FreeBSD 11.2 was released today (June 27th) and is ready for download</li>
52780 <li>Highlights:</li>
52781 </ul>
52782 <blockquote>
52783 <p>OpenSSH has been updated to version 7.5p1.<br>
52784 OpenSSL has been updated to version 1.0.2o.<br>
52785 The clang, llvm, lldb and compiler-rt utilities have been updated to version 6.0.0.<br>
52786 The libarchive(3) library has been updated to version 3.3.2.<br>
52787 The libxo(3) library has been updated to version 0.9.0.<br>
52788 Major Device driver updates to:</p>
52789 </blockquote>
52790 <ul>
52791 <li>cxgbe(4) – Chelsio 10/25/40/50/100 gigabit NICs – version 1.16.63.0 supports T4, T5 and T6</li>
52792 <li>ixl(4) – Intel 10 and 40 gigabit NICs, updated to version 1.9.9-k</li>
52793 <li>ng_pppoe(4) – driver has been updated to add support for user-supplied Host-Uniq tags</li>
52794 </ul>
52795 <blockquote>
52796 <p>New drivers:<br>
52797 + drm-next-kmod driver supporting integrated Intel graphics with the i915 driver.</p>
52798 </blockquote>
52799 <ul>
52800 <li>mlx5io(4) – a new IOCTL interface for Mellanox ConnectX-4 and ConnectX-5 10/20/25/40/50/56/100 gigabit NICs</li>
52801 <li>ocs_fc(4) – Emulex Fibre Channel 8/16/32 gigabit Host Adapters</li>
52802 <li>smartpqi(4) – HP Gen10 Smart Array Controller Family</li>
52803 </ul>
52804 <blockquote>
52805 <p>The newsyslog(8) utility has been updated to support RFC5424-compliant messages when rotating system logs<br>
52806 The diskinfo(8) utility has been updated to include two new flags, -s which displays the disk identity (usually the serial number), and -p which displays the physical path to the disk in a storage controller.<br>
52807 The top(1) utility has been updated to allow filtering on multiple user names when the -U flag is used<br>
52808 The umount(8) utility has been updated to include a new flag, -N, which is used to forcefully unmount an NFS mounted filesystem.<br>
52809 The ps(1) utility has been updated to display if a process is running with capsicum(4) capability mode, indicated by the flag ‘C’<br>
52810 The service(8) utility has been updated to include a new flag, -j, which is used to interact with services running within a jail(8). The argument to -j can be either the name or numeric jail ID<br>
52811 The mlx5tool(8) utility has been added, which is used to manage Connect-X 4 and Connect-X 5 devices supported by mlx5io(4).<br>
52812 The ifconfig(8) utility has been updated to include a random option, which when used with the ether option, generates a random MAC address for an interface.<br>
52813 The dwatch(1) utility has been introduced<br>
52814 The efibootmgr(8) utility has been added, which is used to manipulate the EFI boot manager.<br>
52815 The etdump(1) utility has been added, which is used to view El Torito boot catalog information.<br>
52816 The linux(4) ABI compatibility layer has been updated to include support for musl consumers.<br>
52817 The fdescfs(5) filesystem has been updated to support Linux®-specific fd(4) /dev/fd and /proc/self/fd behavior<br>
52818 Support for virtio_console(4) has been added to bhyve(4).<br>
52819 The length of GELI passphrases entered when booting a system with encrypted disks is now hidden by default. See the configuration options in geli(8) to restore the previous behavior.</p>
52820 </blockquote>
52821 <ul>
52822 <li>In addition to the usual CD/DVD ISO, Memstick, and prebuilt VM images (raw, qcow2, vhd, and vmdk), FreeBSD 11.2 is also available on:
52823 <ul>
52824 <li>Amazon EC2</li>
52825 <li>Google Compute Engine</li>
52826 <li>Hashicorp/Atlas Vagrant</li>
52827 <li>Microsoft Azure</li>
52828 </ul>
52829 </li>
52830 <li>In addition to a generic ARM64 image for devices like the Pine64 and Raspberry Pi 3, specific images are provided for:
52831 <ul>
52832 <li>GUMSTIX</li>
52833 <li>BANANAPI</li>
52834 <li>BEAGLEBONE</li>
52835 <li>CUBIEBOARD</li>
52836 <li>CUBIEBOARD2</li>
52837 <li>CUBOX-HUMMINGBOARD</li>
52838 <li>RASPBERRY PI 2</li>
52839 <li>PANDABOARD</li>
52840 <li>WANDBOARD</li>
52841 </ul>
52842 </li>
52843 <li><a href="https://www.freebsd.org/releases/11.2R/relnotes.html">Full Release Notes</a></li>
52844 </ul>
52845 <hr>
52846 <p>###<a href="https://github.com/lattera/articles/blob/master/opsec/2018-05-08_torified_mta/article.md">Setting up an MTA Behind Tor</a></p>
52847 <blockquote>
52848 <p>This article will document how to set up OpenSMTPD behind a fully Tor-ified network. Given that Tor’s DNS resolver code does not support MX record lookups, care must be taken for setting up an MTA behind a fully Tor-ified network. OpenSMTPD was chosen because it was easy to modify to force it to fall back to A/AAAA lookups when MX lookups failed with a DNS result code of NOTIMP (4).</p>
52849 </blockquote>
52850 <blockquote>
52851 <p>Note that as of 08 May 2018, the OpenSMTPD project is planning a configuration file language change. The proposed change has not landed. Once it does, this article will be updated to reflect both the old language and new.</p>
52852 </blockquote>
52853 <blockquote>
52854 <p>The reason to use an MTA behing a fully Tor-ified network is to be able to support email behind the .onion TLD. This setup will only allow us to send and receive email to and from the .onion TLD.</p>
52855 </blockquote>
52856 <ul>
52857 <li>
52858 <p>Requirements:</p>
52859 </li>
52860 <li>
52861 <p>A fully Tor-ified network</p>
52862 </li>
52863 <li>
52864 <p>HardenedBSD as the operating system</p>
52865 </li>
52866 <li>
52867 <p>A server (or VM) running HardenedBSD behind the fully Tor-ified network.</p>
52868 </li>
52869 <li>
52870 <p>/usr/ports is empty</p>
52871 </li>
52872 <li>
52873 <p>Or is already pre-populated with the HardenedBSD Ports tree</p>
52874 </li>
52875 <li>
52876 <p>Why use HardenedBSD? We get all the features of FreeBSD (ZFS, DTrace, bhyve, and jails) with enhanced security through exploit mitigations and system hardening. Tor has a very unique threat landscape and using a hardened ecosystem is crucial to mitigating risks and threats.</p>
52877 </li>
52878 </ul>
52879 <blockquote>
52880 <p>Also note that this article reflects how I’ve set up my MTA. I’ve included configuration files verbatim. You will need to replace the text that refers to my .onion domain with yours.</p>
52881 </blockquote>
52882 <blockquote>
52883 <p>On 08 May 2018, HardenedBSD’s version of OpenSMTPD just gained support for running an MTA behind Tor. The package repositories do not yet contain the patch, so we will compile OpenSMTPD from ports.</p>
52884 </blockquote>
52885 <ul>
52886 <li>Steps</li>
52887 <li>Installation</li>
52888 <li>Generating Cryptographic Key Material</li>
52889 <li>Tor Configuration</li>
52890 <li>OpenSMTPD Configuration</li>
52891 <li>Dovecot Configuration</li>
52892 <li>Testing your configuration</li>
52893 <li>Optional: Webmail Access</li>
52894 </ul>
52895 <hr>
52896 <p><strong>iXsystems</strong><br>
52897 <a href="https://www.forbes.com/sites/forbestechcouncil/2018/06/21/strings-attached-knowing-when-and-when-not-to-accept-vc-funding/#30f9f18f46ec">https://www.forbes.com/sites/forbestechcouncil/2018/06/21/strings-attached-knowing-when-and-when-not-to-accept-vc-funding/#30f9f18f46ec</a><br>
52898 <a href="https://www.ixsystems.com/blog/self-2018-recap/">https://www.ixsystems.com/blog/self-2018-recap/</a></p>
52899 <p>###<a href="https://squigly.blogspot.com/2018/02/running-pfsense-on-digitalocean-droplet.html">Running pfSense on a Digital Ocean Droplet</a></p>
52900 <blockquote>
52901 <p>I love pfSense (and opnSense, no discrimination here). I use it for just about anything, from homelab to large scale deployments and I’ll give out on any fancy &lt;enter brand name fw appliance here&gt; for a pfSense setup on a decent hardware.</p>
52902 </blockquote>
52903 <blockquote>
52904 <p>I also love DigitalOcean, if you ever used them, you know why, if you never did, head over and try, you’ll understand why.<br>
52905 &lt;shameless plug: head over to <a href="http://JupiterBroadcasting.com">JupiterBroadcasting.com</a>, the <em>best</em> technology content out there, they have coupon codes to get you started with DO&gt;.</p>
52906 </blockquote>
52907 <blockquote>
52908 <p>Unfortunately, while DO offers tremendous amount of useful distros and applications, pfSense isn’t one of them. But, where there’s a will, there’s a way, and here’s how to get pfSense up and running on DO so you can have it as the gatekeeper to your kingdom.</p>
52909 </blockquote>
52910 <blockquote>
52911 <p>Start by creating a FreeBSD droplet, choose your droplet size (for modest setups, I find the 5$ to be quite awesome):</p>
52912 </blockquote>
52913 <blockquote>
52914 <p>There are many useful things you can do with pfSense on your droplet, from OpenVPN, squid, firewalling, fancy routing, url filtering, dns black listing and much much more.</p>
52915 </blockquote>
52916 <ul>
52917 <li>One note though, before we wrap up:</li>
52918 </ul>
52919 <blockquote>
52920 <p>You have two ways to initiate the initial setup wizard of the web-configurator:<br>
52921 Spin up another droplet, log into it and browse your way to the INTERNAL ip address of the internal NIC you’ve set up. This is the long and tedious way, but it’s also somewhat safer as it eliminates the small window of risk the second method poses.<br>
52922 or<br>
52923 Once your WAN address is all setup, your pfSense is ready to accept https connection to start the initial web-configurator setup.<br>
52924 Thing is, there’s a default, well known set of credential to this initial wizard (admin:pfsense), so, there is a slight window of opportunity that someone can swoop in (assuming they know you’ve installed pfsense + your wan IP address + the exact time window between setting up the WAN interface and completing the wizard) and do &lt;enter scary thing here&gt;.</p>
52925 </blockquote>
52926 <blockquote>
52927 <p>I leave it up to you which of the path you’d like to go, either way, once you’re done with the web-configurator wizard, you’ll have a shiny new pfSense installation at your disposal running on your favorite VPS.</p>
52928 </blockquote>
52929 <blockquote>
52930 <p>Hopefully this was helpful for someone, I hope to get a similar post soon detailing how to get FreeNAS up and running on DO.<br>
52931 Many thanks to Tubsta and his blogpost as well as to Allan Jude, Kris Moore and Benedict Reuschling for their AWESOME and inspiring podcast, BSD Now.</p>
52932 </blockquote>
52933 <hr>
52934 <p>##News Roundup<br>
52935 <a href="http://floooh.github.io/2018/06/02/one-year-of-c.html">One year of C</a></p>
52936 <blockquote>
52937 <p>It’s now nearly a year that I started writing non-trivial amounts of C code again (the first sokol_gfx.h commit was on the 14-Jul-2017), so I guess it’s time for a little retrospective.</p>
52938 </blockquote>
52939 <blockquote>
52940 <p>In the beginning it was more of an experiment: I wanted to see how much I would miss some of the more useful C++ features (for instance namespaces, function overloading, ‘simple’ template code for containers, …), and whether it is possible to write non-trivial codebases in C without going mad.</p>
52941 </blockquote>
52942 <blockquote>
52943 <p>Here are all the github projects I wrote in C:</p>
52944 </blockquote>
52945 <ul>
52946 <li>sokol: a slowly growing set of platform-abstraction headers</li>
52947 <li>sokol-samples - examples for Sokol</li>
52948 <li>chips - 8-bit chip emulators</li>
52949 <li>chips-test - tests and examples for the chip- emulators, including some complete home computer emulators (minus sound)</li>
52950 </ul>
52951 <blockquote>
52952 <p>All in all these are around 32k lines of code (not including 3rd party code like flextGL and HandmadeMath). I think I wrote more C code in the recent 10 months than any other language.</p>
52953 </blockquote>
52954 <blockquote>
52955 <p>So one thing seems to be clear: yes, it’s possible to write a non-trivial amount of C code that does something useful without going mad (and it’s even quite enjoyable I might add).</p>
52956 </blockquote>
52957 <ul>
52958 <li>
52959 <p>Here’s a few things I learned:</p>
52960 </li>
52961 <li>
52962 <p>Pick the right language for a problem</p>
52963 </li>
52964 <li>
52965 <p>C is a perfect match for WebAssembly</p>
52966 </li>
52967 <li>
52968 <p>C99 is a huge improvement over C89</p>
52969 </li>
52970 <li>
52971 <p>The dangers of pointers and explicit memory management are overrated</p>
52972 </li>
52973 <li>
52974 <p>Less Boilerplate Code</p>
52975 </li>
52976 <li>
52977 <p>Less Language Feature ‘Anxiety’</p>
52978 </li>
52979 <li>
52980 <p>Conclusion</p>
52981 </li>
52982 </ul>
52983 <blockquote>
52984 <p>All in all my “C experiment” is a success. For a lot of problems, picking C over C++ may be the better choice since C is a much simpler language (btw, did you notice how there are hardly any books, conferences or discussions about C despite being a fairly popular language? Apart from the neverending bickering about undefined behaviour from the compiler people of course ;) There simply isn’t much to discuss about a language that can be learned in an afternoon.</p>
52985 </blockquote>
52986 <blockquote>
52987 <p>I don’t like some of the old POSIX or Linux APIs as much as the next guy (e.g. ioctl(), the socket API or some of the CRT library functions), but that’s an API design problem, not a language problem. It’s possible to build friendly C APIs with a bit of care and thinking, especially when C99’s designated initialization can be used (C++ should really make sure that the full C99 language can be used from inside C++ instead of continuing to wander off into an entirely different direction).</p>
52988 </blockquote>
52989 <hr>
52990 <p>###<a href="https://empt1e.blogspot.com/2018/06/configuring-openbgpd-to-announce-vms.html">Configuring OpenBGPD to announce VM’s virtual networks</a></p>
52991 <blockquote>
52992 <p>We use BGP quite heavily at work, and even though I’m not interacting with that directly, it feels like it’s something very useful to learn at least on some basic level. The most effective and fun way of learning technology is finding some practical application, so I decided to see if it could help to improve networking management for my Virtual Machines.</p>
52993 </blockquote>
52994 <blockquote>
52995 <p>My setup is fairly simple: I have a host that runs bhyve VMs and I have a desktop system from where I ssh to VMs, both hosts run FreeBSD. All VMs are connected to each other through a bridge and have a common network 10.0.1/24. The point of this exercise is to be able to ssh to these VMs from desktop without adding static routes and without adding vmhost’s external interfaces to the VMs bridge.</p>
52996 </blockquote>
52997 <blockquote>
52998 <p>I’ve installed openbgpd on both hosts and configured it like this:</p>
52999 </blockquote>
53000 <pre><code>vmhost: /usr/local/etc/bgpd.conf
53001 AS 65002
53002 router-id 192.168.87.48
53003 fib-update no
53004 network 10.0.1.1/24
53005 neighbor 192.168.87.41 {
53006 descr &quot;desktop&quot;
53007 remote-as 65001
53008 }
53009 </code></pre>
53010 <blockquote>
53011 <p>Here, router-id is set vmhost’s IP address in my home network (192.168.87/24), fib-update no is set to forbid routing table update, which I initially set for testing, but keeping it as vmhost is not supposed to learn new routes from desktop anyway. network announces my VMs network and neighbor describes my desktop box. Now the desktop box:</p>
53012 </blockquote>
53013 <pre><code>desktop: /usr/local/etc/bgpd.conf
53014 AS 65001
53015 router-id 192.168.87.41
53016 fib-update yes
53017 neighbor 192.168.87.48 {
53018 descr &quot;vmhost&quot;
53019 remote-as 65002
53020 }
53021 </code></pre>
53022 <blockquote>
53023 <p>It’s pretty similar to vmhost’s bgpd.conf, but no networks are announced here, and fib-update is set to yes because the whole point is to get VM routes added. Both hosts have to have the openbgpd service enabled:</p>
53024 </blockquote>
53025 <pre><code>/etc/rc.conf.local
53026 openbgpdenable=&quot;YES&quot;
53027 </code></pre>
53028 <ul>
53029 <li>Conclusion</li>
53030 </ul>
53031 <blockquote>
53032 <p>As mentioned already, similar result could be achieved without using BGP by using either static routes or bridging interfaces differently, but the purpose of this exercise is to get some basic hands-on experience with BGP. Right now I’m looking into extending my setup in order to try more complex BGP schema. I’m thinking about adding some software switches in front of my VMs or maybe adding a second VM host (if budget allows). You’re welcome to comment if you have some ideas how to extend this setup for educational purposes in the context of BGP and networking.</p>
53033 </blockquote>
53034 <blockquote>
53035 <p>As a side note, I really like openbgpd so far. Its configuration file format is clean and simple, documentation is good, error and information messages are clear, and CLI has intuitive syntax.</p>
53036 </blockquote>
53037 <hr>
53038 <p><strong>Digital Ocean</strong></p>
53039 <p>###<a href="https://nocomplexity.com/the-power-to-serve/">The Power to Serve</a></p>
53040 <blockquote>
53041 <p>All people within the IT Industry should known where the slogan “The Power To Serve” is exposed every day to millions of people. But maybe too much wishful thinking from me. But without “The Power To Serve” the IT industry today will look totally different. Companies like Apple, Juniper, Cisco and even WatsApp would not exist in their current form.</p>
53042 </blockquote>
53043 <blockquote>
53044 <p>I provide IT architecture services to make your complex IT landscape manageable and I love to solve complex security and privacy challenges. Complex challenges where people, processes and systems are heavily interrelated. For this knowledge intensive work I often run some IT experiments. When you run experiments nowadays you have a choice:</p>
53045 </blockquote>
53046 <ul>
53047 <li>Rent some cloud based services or</li>
53048 <li>DIY (Do IT Yourself) on premise</li>
53049 </ul>
53050 <blockquote>
53051 <p>Running your own developments experiments on your own infrastructure can be time consuming. However smart automation saves time and money. And by creating your own CICD pipeline (Continuous Integration, Continuous Deployment) you stay on top of core infrastructure developments. Even hands-on. Knowing how things work from a technical ‘hands-on’ perspective gives great advantages when it comes to solving complex business IT problems. Making a clear distinguish between a business problem or IT problem is useless. Business and IT problems are related. Sometimes causal related, but more often indirect by one or more non linear feedback loops. Almost every business depends of IT systems. Bad IT means often that your customers will leave your business.</p>
53052 </blockquote>
53053 <blockquote>
53054 <p>One of the things of FeeBSD for me is still FreeBSD Jails. In 2015 I had luck to attend to a presentation of the legendary hacker Poul-Henning Kamp . Check his BSD bio to see what he has done for the FreeBSD community! FreeBSD jails are a light way to visualize your system without enormous overhead. Now that the development on Linux for LXD/LXD is more mature (lxd is the next generation system container manager on linux) there is finally again an alternative for a nice chroot Linux based system again. At least when you do not need the overhead and management complexity that comes with Kubernetes or Docker.</p>
53055 </blockquote>
53056 <blockquote>
53057 <p>FreeBSD means control and quality for me. When there is an open source package I need, I want to install it from source. It gives me more control and always some extra knowledge on how things work. So no precompiled binaries for me on my BSD systems! If a build on FreeBSD fails most of the time this is an alert regarding the quality for me.</p>
53058 </blockquote>
53059 <blockquote>
53060 <p>If a complex OSS package is not available at all in the FreeBSD ports collection there should be a reason for it. Is it really that nobody on the world wants to do this dirty maintenance work? Or is there another cause that running this software on FreeBSD is not possible…There are currently 32644 ports available on FreeBSD. So all the major programming language, databases and middleware libraries are present. The FreeBSD organization is a mature organization and since this is one of the largest OSS projects worldwide learning how this community manages to keep innovation and creates and maintains software is a good entrance for learning how complex IT systems function.</p>
53061 </blockquote>
53062 <blockquote>
53063 <p>FreeBSD is of course BSD licensed. It worked well! There is still a strong community with lots of strong commercial sponsors around the community. Of course: sometimes a GPL license makes more sense. So beside FreeBSD I also love GPL software and the rationale and principles behind it. So my hope is that maybe within the next 25 years the hard battle between BSD vs GPL churches will be more rationalized and normalized. Principles are good, but as all good IT architects know: With good principles alone you never make a good system. So use requirements and not only principles to figure out what OSS license fits your project. There is never one size fits all.</p>
53064 </blockquote>
53065 <blockquote>
53066 <p>June 19, 1993 was the day the official name for FreeBSD was agreed upon. So this blog is written to celebrate 25th anniversary of FreeBSD.</p>
53067 </blockquote>
53068 <hr>
53069 <p>###Dave’s BSDCan trip report</p>
53070 <ul>
53071 <li>So far, only one person has bothered to send in a BSDCan trip report. Our warmest thanks to Dave for doing his part.</li>
53072 </ul>
53073 <blockquote>
53074 <p>Hello guys! During the last show, you asked for a trip report regarding BSDCan 2018.<br>
53075 This was my first time attending BSDCan. However, BSDCan was my second BSD conference overall, my first being vBSDCon 2017 in Reston, VA.<br>
53076 Arriving early Thursday evening and after checking into the hotel, I headed straight to the Red Lion for the registration, picked up my badge and swag and then headed towards the ‘DMS’ building for the newbies talk. The only thing is, I couldn’t find the DMS building! Fortunately I found a BSDCan veteran who was heading there themselves. My only suggestion is to include the full building name and address on the BSDCan web site, or even a link to Google maps to help out with the navigation. The on-campus street maps didn’t have ‘DMS’ written on them anywhere. But I digress.<br>
53077 Once I made it to the newbies talk hosted by Dan Langille and Michael W Lucas, it highlighted places to meet, an overview of what is happening, details about the ‘BSDCan widow/widower tours’ and most importantly, the 6-2-1 rule!<br>
53078 The following morning, we were present with tea/coffee, muffins and other goodies to help prepare us for the day ahead.<br>
53079 The first talk, “The Tragedy of systemd” covered what systemd did wrong and how the BSD community could improve on the ideas behind it.<br>
53080 With the exception of Michael W Lucas, SSH Key Management and Kirk McKusick, The Evolution of FreeBSD Governance talk, I pretty much attended all of the ZFS talks including the lunchtime BoF session, hosted by Allan Jude. Coming from FreeNAS and being involved in the community, this is where my main interest and motivation lies. Since then I have been able to share some of that information with the FreeNAS community forums and chatroom.<br>
53081 I also attended the “Speculating about Intel” lunchtime BoF session hosted by Theo de Raddt, which proved to be “interesting”.<br>
53082 The talks ended with the wrap up session with a few words from Dan, covering the record attendance and made very clear there “was no cabal”. Followed by the the handing over of Groff the BSD goat to a new owner, thank you’s from the FreeBSD Foundation to various community committers and maintainers, finally ending with the charity auction, where a things like a Canadian $20 bill sold for $40, a signed FreeBSD Foundation shirt originally worn by George Neville-Neil, a lost laptop charger, Michael’s used gelato spoon, various books, the last cookie and more importantly, the second to last cookie!<br>
53083 After the auction, we all headed to the Red Lion for food and drinks, sponsored by iXsystems.<br>
53084 I would like to thank the BSDCan organizers, speakers and sponsors for a great conference. I will certainly hope to attend next year!<br>
53085 Regards,<br>
53086 Dave (aka m0nkey)</p>
53087 </blockquote>
53088 <ul>
53089 <li>Thanks to Dave for sharing his experiences with us and our viewers</li>
53090 </ul>
53091 <hr>
53092 <p>##Beastie Bits</p>
53093 <ul>
53094 <li><a href="https://lists.freebsd.org/pipermail/freebsd-advocacy/2008-August/003674.html">Robert Watson (from 2008) on how much FreeBSD is in Mac OS X </a></li>
53095 <li><a href="https://aloiskraus.wordpress.com/2018/06/16/why-skylakex-cpus-are-sometimes-50-slower-how-intel-has-broken-existing-code/">Why Intel Skylake CPUs are sometimes 50% slower than older CPUs</a></li>
53096 <li><a href="https://lobste.rs/s/bos5cr/practical_unix_manuals_mdoc">Kristaps Dzonsons is looking for somebody to maintain this as mentioned at this link</a></li>
53097 <li><a href="https://www.reddit.com/r/freebsd/comments/87rru4/formatting_floppy_disks_in_a_usb_floppy_disk_drive/">camcontrol(8) saves the day again! Formatting floppy disks in a USB floppy disk drive</a></li>
53098 <li><a href="https://www.reddit.com/r/openbsd_gaming/comments/898ey5/32_great_indie_games_now_playable_on_current_7/">32+ great indie games now playable on OpenBSD -current; 7 currently on sale!</a></li>
53099 <li><a href="https://bsd-pl.org/en">Warsaw BSD User Group. June 27 2018 18:30-21:00, Wheel Systems Office, Aleje Jerozolimskie 178, Warsaw</a></li>
53100 </ul>
53101 <p><strong>Tarsnap</strong></p>
53102 <p>##Feedback/Questions</p>
53103 <ul>
53104 <li>Ron - <a href="http://dpaste.com/2B6CWDM#wrap">Adding a disk to ZFS</a></li>
53105 <li>Marshall - <a href="http://dpaste.com/2W7VD6K#wrap">zfs question</a></li>
53106 <li>Thomas - <a href="http://dpaste.com/1FS7534#wrap">Allan, the myth perpetuator</a></li>
53107 <li>Ross - <a href="http://dpaste.com/1HWQWB6#wrap">ZFS IO stats per dataset</a></li>
53108 </ul>
53109 <hr>
53110 <ul>
53111 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
53112 </ul>
53113 </description>
53114 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, OpenBGPD, MTA, TOR, pfsense</itunes:keywords>
53115 <content:encoded>
53116 <![CDATA[<p>FreeBSD 11.2 has been released, setting up an MTA behind Tor, running pfsense on DigitalOcean, one year of C, using OpenBGPD to announce VM networks, the power to serve, and a BSDCan trip report.</p>
53117
53118 <p>##Headlines<br>
53119 ###<a href="https://www.freebsd.org/releases/11.2R/announce.html">FreeBSD 11.2-RELEASE Available</a></p>
53120
53121 <ul>
53122 <li>FreeBSD 11.2 was released today (June 27th) and is ready for download</li>
53123 <li>Highlights:</li>
53124 </ul>
53125
53126 <blockquote>
53127 <p>OpenSSH has been updated to version 7.5p1.<br>
53128 OpenSSL has been updated to version 1.0.2o.<br>
53129 The clang, llvm, lldb and compiler-rt utilities have been updated to version 6.0.0.<br>
53130 The libarchive(3) library has been updated to version 3.3.2.<br>
53131 The libxo(3) library has been updated to version 0.9.0.<br>
53132 Major Device driver updates to:</p>
53133 </blockquote>
53134
53135 <ul>
53136 <li>cxgbe(4) – Chelsio 10/25/40/50/100 gigabit NICs – version 1.16.63.0 supports T4, T5 and T6</li>
53137 <li>ixl(4) – Intel 10 and 40 gigabit NICs, updated to version 1.9.9-k</li>
53138 <li>ng_pppoe(4) – driver has been updated to add support for user-supplied Host-Uniq tags</li>
53139 </ul>
53140
53141 <blockquote>
53142 <p>New drivers:<br>
53143 + drm-next-kmod driver supporting integrated Intel graphics with the i915 driver.</p>
53144 </blockquote>
53145
53146 <ul>
53147 <li>mlx5io(4) – a new IOCTL interface for Mellanox ConnectX-4 and ConnectX-5 10/20/25/40/50/56/100 gigabit NICs</li>
53148 <li>ocs_fc(4) – Emulex Fibre Channel 8/16/32 gigabit Host Adapters</li>
53149 <li>smartpqi(4) – HP Gen10 Smart Array Controller Family</li>
53150 </ul>
53151
53152 <blockquote>
53153 <p>The newsyslog(8) utility has been updated to support RFC5424-compliant messages when rotating system logs<br>
53154 The diskinfo(8) utility has been updated to include two new flags, -s which displays the disk identity (usually the serial number), and -p which displays the physical path to the disk in a storage controller.<br>
53155 The top(1) utility has been updated to allow filtering on multiple user names when the -U flag is used<br>
53156 The umount(8) utility has been updated to include a new flag, -N, which is used to forcefully unmount an NFS mounted filesystem.<br>
53157 The ps(1) utility has been updated to display if a process is running with capsicum(4) capability mode, indicated by the flag ‘C’<br>
53158 The service(8) utility has been updated to include a new flag, -j, which is used to interact with services running within a jail(8). The argument to -j can be either the name or numeric jail ID<br>
53159 The mlx5tool(8) utility has been added, which is used to manage Connect-X 4 and Connect-X 5 devices supported by mlx5io(4).<br>
53160 The ifconfig(8) utility has been updated to include a random option, which when used with the ether option, generates a random MAC address for an interface.<br>
53161 The dwatch(1) utility has been introduced<br>
53162 The efibootmgr(8) utility has been added, which is used to manipulate the EFI boot manager.<br>
53163 The etdump(1) utility has been added, which is used to view El Torito boot catalog information.<br>
53164 The linux(4) ABI compatibility layer has been updated to include support for musl consumers.<br>
53165 The fdescfs(5) filesystem has been updated to support Linux®-specific fd(4) /dev/fd and /proc/self/fd behavior<br>
53166 Support for virtio_console(4) has been added to bhyve(4).<br>
53167 The length of GELI passphrases entered when booting a system with encrypted disks is now hidden by default. See the configuration options in geli(8) to restore the previous behavior.</p>
53168 </blockquote>
53169
53170 <ul>
53171 <li>In addition to the usual CD/DVD ISO, Memstick, and prebuilt VM images (raw, qcow2, vhd, and vmdk), FreeBSD 11.2 is also available on:
53172 <ul>
53173 <li>Amazon EC2</li>
53174 <li>Google Compute Engine</li>
53175 <li>Hashicorp/Atlas Vagrant</li>
53176 <li>Microsoft Azure</li>
53177 </ul>
53178
53179 <p></li><br>
53180 <li>In addition to a generic ARM64 image for devices like the Pine64 and Raspberry Pi 3, specific images are provided for:</p>
53181
53182 <ul>
53183 <li>GUMSTIX</li>
53184 <li>BANANAPI</li>
53185 <li>BEAGLEBONE</li>
53186 <li>CUBIEBOARD</li>
53187 <li>CUBIEBOARD2</li>
53188 <li>CUBOX-HUMMINGBOARD</li>
53189 <li>RASPBERRY PI 2</li>
53190 <li>PANDABOARD</li>
53191 <li>WANDBOARD</li>
53192 </ul>
53193
53194 <p></li><br>
53195 <li><a href="https://www.freebsd.org/releases/11.2R/relnotes.html">Full Release Notes</a></li><br>
53196 </ul><br>
53197 <hr></p>
53198
53199 <p>###<a href="https://github.com/lattera/articles/blob/master/opsec/2018-05-08_torified_mta/article.md">Setting up an MTA Behind Tor</a></p>
53200
53201 <blockquote>
53202 <p>This article will document how to set up OpenSMTPD behind a fully Tor-ified network. Given that Tor’s DNS resolver code does not support MX record lookups, care must be taken for setting up an MTA behind a fully Tor-ified network. OpenSMTPD was chosen because it was easy to modify to force it to fall back to A/AAAA lookups when MX lookups failed with a DNS result code of NOTIMP (4).</p>
53203 </blockquote>
53204
53205 <blockquote>
53206 <p>Note that as of 08 May 2018, the OpenSMTPD project is planning a configuration file language change. The proposed change has not landed. Once it does, this article will be updated to reflect both the old language and new.</p>
53207 </blockquote>
53208
53209 <blockquote>
53210 <p>The reason to use an MTA behing a fully Tor-ified network is to be able to support email behind the .onion TLD. This setup will only allow us to send and receive email to and from the .onion TLD.</p>
53211 </blockquote>
53212
53213 <ul>
53214 <li>
53215 <p>Requirements:</p>
53216 </li>
53217 <li>
53218 <p>A fully Tor-ified network</p>
53219 </li>
53220 <li>
53221 <p>HardenedBSD as the operating system</p>
53222 </li>
53223 <li>
53224 <p>A server (or VM) running HardenedBSD behind the fully Tor-ified network.</p>
53225 </li>
53226 <li>
53227 <p>/usr/ports is empty</p>
53228 </li>
53229 <li>
53230 <p>Or is already pre-populated with the HardenedBSD Ports tree</p>
53231 </li>
53232 <li>
53233 <p>Why use HardenedBSD? We get all the features of FreeBSD (ZFS, DTrace, bhyve, and jails) with enhanced security through exploit mitigations and system hardening. Tor has a very unique threat landscape and using a hardened ecosystem is crucial to mitigating risks and threats.</p>
53234 </li>
53235 </ul>
53236
53237 <blockquote>
53238 <p>Also note that this article reflects how I’ve set up my MTA. I’ve included configuration files verbatim. You will need to replace the text that refers to my .onion domain with yours.</p>
53239 </blockquote>
53240
53241 <blockquote>
53242 <p>On 08 May 2018, HardenedBSD’s version of OpenSMTPD just gained support for running an MTA behind Tor. The package repositories do not yet contain the patch, so we will compile OpenSMTPD from ports.</p>
53243 </blockquote>
53244
53245 <ul>
53246 <li>Steps</li>
53247 <li>Installation</li>
53248 <li>Generating Cryptographic Key Material</li>
53249 <li>Tor Configuration</li>
53250 <li>OpenSMTPD Configuration</li>
53251 <li>Dovecot Configuration</li>
53252 <li>Testing your configuration</li>
53253 <li>Optional: Webmail Access</li>
53254 </ul>
53255
53256 <p><hr></p>
53257
53258 <p><strong>iXsystems</strong><br>
53259 <a href="https://www.forbes.com/sites/forbestechcouncil/2018/06/21/strings-attached-knowing-when-and-when-not-to-accept-vc-funding/#30f9f18f46ec">https://www.forbes.com/sites/forbestechcouncil/2018/06/21/strings-attached-knowing-when-and-when-not-to-accept-vc-funding/#30f9f18f46ec</a><br>
53260 <a href="https://www.ixsystems.com/blog/self-2018-recap/">https://www.ixsystems.com/blog/self-2018-recap/</a></p>
53261
53262 <p>###<a href="https://squigly.blogspot.com/2018/02/running-pfsense-on-digitalocean-droplet.html">Running pfSense on a Digital Ocean Droplet</a></p>
53263
53264 <blockquote>
53265 <p>I love pfSense (and opnSense, no discrimination here). I use it for just about anything, from homelab to large scale deployments and I’ll give out on any fancy <enter brand name fw appliance here> for a pfSense setup on a decent hardware.</p>
53266 </blockquote>
53267
53268 <blockquote>
53269 <p>I also love DigitalOcean, if you ever used them, you know why, if you never did, head over and try, you’ll understand why.<br>
53270 <shameless plug: head over to <a href="http://JupiterBroadcasting.com">JupiterBroadcasting.com</a>, the <em>best</em> technology content out there, they have coupon codes to get you started with DO>.</p>
53271 </blockquote>
53272
53273 <blockquote>
53274 <p>Unfortunately, while DO offers tremendous amount of useful distros and applications, pfSense isn’t one of them. But, where there’s a will, there’s a way, and here’s how to get pfSense up and running on DO so you can have it as the gatekeeper to your kingdom.</p>
53275 </blockquote>
53276
53277 <blockquote>
53278 <p>Start by creating a FreeBSD droplet, choose your droplet size (for modest setups, I find the 5$ to be quite awesome):</p>
53279 </blockquote>
53280
53281 <blockquote>
53282 <p>There are many useful things you can do with pfSense on your droplet, from OpenVPN, squid, firewalling, fancy routing, url filtering, dns black listing and much much more.</p>
53283 </blockquote>
53284
53285 <ul>
53286 <li>One note though, before we wrap up:</li>
53287 </ul>
53288
53289 <blockquote>
53290 <p>You have two ways to initiate the initial setup wizard of the web-configurator:<br>
53291 Spin up another droplet, log into it and browse your way to the INTERNAL ip address of the internal NIC you’ve set up. This is the long and tedious way, but it’s also somewhat safer as it eliminates the small window of risk the second method poses.<br>
53292 or<br>
53293 Once your WAN address is all setup, your pfSense is ready to accept https connection to start the initial web-configurator setup.<br>
53294 Thing is, there’s a default, well known set of credential to this initial wizard (admin:pfsense), so, there is a slight window of opportunity that someone can swoop in (assuming they know you’ve installed pfsense + your wan IP address + the exact time window between setting up the WAN interface and completing the wizard) and do <enter scary thing here>.</p>
53295 </blockquote>
53296
53297 <blockquote>
53298 <p>I leave it up to you which of the path you’d like to go, either way, once you’re done with the web-configurator wizard, you’ll have a shiny new pfSense installation at your disposal running on your favorite VPS.</p>
53299 </blockquote>
53300
53301 <blockquote>
53302 <p>Hopefully this was helpful for someone, I hope to get a similar post soon detailing how to get FreeNAS up and running on DO.<br>
53303 Many thanks to Tubsta and his blogpost as well as to Allan Jude, Kris Moore and Benedict Reuschling for their AWESOME and inspiring podcast, BSD Now.</p>
53304 </blockquote>
53305
53306 <p><hr></p>
53307
53308 <p>##News Roundup<br>
53309 ###<a href="http://floooh.github.io/2018/06/02/one-year-of-c.html">One year of C</a></p>
53310
53311 <blockquote>
53312 <p>It’s now nearly a year that I started writing non-trivial amounts of C code again (the first sokol_gfx.h commit was on the 14-Jul-2017), so I guess it’s time for a little retrospective.</p>
53313 </blockquote>
53314
53315 <blockquote>
53316 <p>In the beginning it was more of an experiment: I wanted to see how much I would miss some of the more useful C++ features (for instance namespaces, function overloading, ‘simple’ template code for containers, …), and whether it is possible to write non-trivial codebases in C without going mad.</p>
53317 </blockquote>
53318
53319 <blockquote>
53320 <p>Here are all the github projects I wrote in C:</p>
53321 </blockquote>
53322
53323 <ul>
53324 <li>sokol: a slowly growing set of platform-abstraction headers</li>
53325 <li>sokol-samples - examples for Sokol</li>
53326 <li>chips - 8-bit chip emulators</li>
53327 <li>chips-test - tests and examples for the chip- emulators, including some complete home computer emulators (minus sound)</li>
53328 </ul>
53329
53330 <blockquote>
53331 <p>All in all these are around 32k lines of code (not including 3rd party code like flextGL and HandmadeMath). I think I wrote more C code in the recent 10 months than any other language.</p>
53332 </blockquote>
53333
53334 <blockquote>
53335 <p>So one thing seems to be clear: yes, it’s possible to write a non-trivial amount of C code that does something useful without going mad (and it’s even quite enjoyable I might add).</p>
53336 </blockquote>
53337
53338 <ul>
53339 <li>
53340 <p>Here’s a few things I learned:</p>
53341 </li>
53342 <li>
53343 <p>Pick the right language for a problem</p>
53344 </li>
53345 <li>
53346 <p>C is a perfect match for WebAssembly</p>
53347 </li>
53348 <li>
53349 <p>C99 is a huge improvement over C89</p>
53350 </li>
53351 <li>
53352 <p>The dangers of pointers and explicit memory management are overrated</p>
53353 </li>
53354 <li>
53355 <p>Less Boilerplate Code</p>
53356 </li>
53357 <li>
53358 <p>Less Language Feature ‘Anxiety’</p>
53359 </li>
53360 <li>
53361 <p>Conclusion</p>
53362 </li>
53363 </ul>
53364
53365 <blockquote>
53366 <p>All in all my “C experiment” is a success. For a lot of problems, picking C over C++ may be the better choice since C is a much simpler language (btw, did you notice how there are hardly any books, conferences or discussions about C despite being a fairly popular language? Apart from the neverending bickering about undefined behaviour from the compiler people of course ;) There simply isn’t much to discuss about a language that can be learned in an afternoon.</p>
53367 </blockquote>
53368
53369 <blockquote>
53370 <p>I don’t like some of the old POSIX or Linux APIs as much as the next guy (e.g. ioctl(), the socket API or some of the CRT library functions), but that’s an API design problem, not a language problem. It’s possible to build friendly C APIs with a bit of care and thinking, especially when C99’s designated initialization can be used (C++ should really make sure that the full C99 language can be used from inside C++ instead of continuing to wander off into an entirely different direction).</p>
53371 </blockquote>
53372
53373 <p><hr></p>
53374
53375 <p>###<a href="https://empt1e.blogspot.com/2018/06/configuring-openbgpd-to-announce-vms.html">Configuring OpenBGPD to announce VM’s virtual networks</a></p>
53376
53377 <blockquote>
53378 <p>We use BGP quite heavily at work, and even though I’m not interacting with that directly, it feels like it’s something very useful to learn at least on some basic level. The most effective and fun way of learning technology is finding some practical application, so I decided to see if it could help to improve networking management for my Virtual Machines.</p>
53379 </blockquote>
53380
53381 <blockquote>
53382 <p>My setup is fairly simple: I have a host that runs bhyve VMs and I have a desktop system from where I ssh to VMs, both hosts run FreeBSD. All VMs are connected to each other through a bridge and have a common network 10.0.1/24. The point of this exercise is to be able to ssh to these VMs from desktop without adding static routes and without adding vmhost’s external interfaces to the VMs bridge.</p>
53383 </blockquote>
53384
53385 <blockquote>
53386 <p>I’ve installed openbgpd on both hosts and configured it like this:</p>
53387 </blockquote>
53388
53389 <pre><code>vmhost: /usr/local/etc/bgpd.conf
53390 AS 65002
53391 router-id 192.168.87.48
53392 fib-update no
53393
53394 network 10.0.1.1/24
53395
53396 neighbor 192.168.87.41 {
53397 descr "desktop"
53398 remote-as 65001
53399 }
53400 </code></pre>
53401
53402 <blockquote>
53403 <p>Here, router-id is set vmhost’s IP address in my home network (192.168.87/24), fib-update no is set to forbid routing table update, which I initially set for testing, but keeping it as vmhost is not supposed to learn new routes from desktop anyway. network announces my VMs network and neighbor describes my desktop box. Now the desktop box:</p>
53404 </blockquote>
53405
53406 <pre><code>desktop: /usr/local/etc/bgpd.conf
53407 AS 65001
53408 router-id 192.168.87.41
53409 fib-update yes
53410
53411 neighbor 192.168.87.48 {
53412 descr "vmhost"
53413 remote-as 65002
53414 }
53415 </code></pre>
53416
53417 <blockquote>
53418 <p>It’s pretty similar to vmhost’s bgpd.conf, but no networks are announced here, and fib-update is set to yes because the whole point is to get VM routes added. Both hosts have to have the openbgpd service enabled:</p>
53419 </blockquote>
53420
53421 <pre><code>/etc/rc.conf.local
53422 openbgpd_enable="YES"
53423 </code></pre>
53424
53425 <ul>
53426 <li>Conclusion</li>
53427 </ul>
53428
53429 <blockquote>
53430 <p>As mentioned already, similar result could be achieved without using BGP by using either static routes or bridging interfaces differently, but the purpose of this exercise is to get some basic hands-on experience with BGP. Right now I’m looking into extending my setup in order to try more complex BGP schema. I’m thinking about adding some software switches in front of my VMs or maybe adding a second VM host (if budget allows). You’re welcome to comment if you have some ideas how to extend this setup for educational purposes in the context of BGP and networking.</p>
53431 </blockquote>
53432
53433 <blockquote>
53434 <p>As a side note, I really like openbgpd so far. Its configuration file format is clean and simple, documentation is good, error and information messages are clear, and CLI has intuitive syntax.</p>
53435 </blockquote>
53436
53437 <p><hr></p>
53438
53439 <p><strong>Digital Ocean</strong></p>
53440
53441 <p>###<a href="https://nocomplexity.com/the-power-to-serve/">The Power to Serve</a></p>
53442
53443 <blockquote>
53444 <p>All people within the IT Industry should known where the slogan “The Power To Serve” is exposed every day to millions of people. But maybe too much wishful thinking from me. But without “The Power To Serve” the IT industry today will look totally different. Companies like Apple, Juniper, Cisco and even WatsApp would not exist in their current form.</p>
53445 </blockquote>
53446
53447 <blockquote>
53448 <p>I provide IT architecture services to make your complex IT landscape manageable and I love to solve complex security and privacy challenges. Complex challenges where people, processes and systems are heavily interrelated. For this knowledge intensive work I often run some IT experiments. When you run experiments nowadays you have a choice:</p>
53449 </blockquote>
53450
53451 <ul>
53452 <li>Rent some cloud based services or</li>
53453 <li>DIY (Do IT Yourself) on premise</li>
53454 </ul>
53455
53456 <blockquote>
53457 <p>Running your own developments experiments on your own infrastructure can be time consuming. However smart automation saves time and money. And by creating your own CICD pipeline (Continuous Integration, Continuous Deployment) you stay on top of core infrastructure developments. Even hands-on. Knowing how things work from a technical ‘hands-on’ perspective gives great advantages when it comes to solving complex business IT problems. Making a clear distinguish between a business problem or IT problem is useless. Business and IT problems are related. Sometimes causal related, but more often indirect by one or more non linear feedback loops. Almost every business depends of IT systems. Bad IT means often that your customers will leave your business.</p>
53458 </blockquote>
53459
53460 <blockquote>
53461 <p>One of the things of FeeBSD for me is still FreeBSD Jails. In 2015 I had luck to attend to a presentation of the legendary hacker Poul-Henning Kamp . Check his BSD bio to see what he has done for the FreeBSD community! FreeBSD jails are a light way to visualize your system without enormous overhead. Now that the development on Linux for LXD/LXD is more mature (lxd is the next generation system container manager on linux) there is finally again an alternative for a nice chroot Linux based system again. At least when you do not need the overhead and management complexity that comes with Kubernetes or Docker.</p>
53462 </blockquote>
53463
53464 <blockquote>
53465 <p>FreeBSD means control and quality for me. When there is an open source package I need, I want to install it from source. It gives me more control and always some extra knowledge on how things work. So no precompiled binaries for me on my BSD systems! If a build on FreeBSD fails most of the time this is an alert regarding the quality for me.</p>
53466 </blockquote>
53467
53468 <blockquote>
53469 <p>If a complex OSS package is not available at all in the FreeBSD ports collection there should be a reason for it. Is it really that nobody on the world wants to do this dirty maintenance work? Or is there another cause that running this software on FreeBSD is not possible…There are currently 32644 ports available on FreeBSD. So all the major programming language, databases and middleware libraries are present. The FreeBSD organization is a mature organization and since this is one of the largest OSS projects worldwide learning how this community manages to keep innovation and creates and maintains software is a good entrance for learning how complex IT systems function.</p>
53470 </blockquote>
53471
53472 <blockquote>
53473 <p>FreeBSD is of course BSD licensed. It worked well! There is still a strong community with lots of strong commercial sponsors around the community. Of course: sometimes a GPL license makes more sense. So beside FreeBSD I also love GPL software and the rationale and principles behind it. So my hope is that maybe within the next 25 years the hard battle between BSD vs GPL churches will be more rationalized and normalized. Principles are good, but as all good IT architects know: With good principles alone you never make a good system. So use requirements and not only principles to figure out what OSS license fits your project. There is never one size fits all.</p>
53474 </blockquote>
53475
53476 <blockquote>
53477 <p>June 19, 1993 was the day the official name for FreeBSD was agreed upon. So this blog is written to celebrate 25th anniversary of FreeBSD.</p>
53478 </blockquote>
53479
53480 <p><hr></p>
53481
53482 <p>###Dave’s BSDCan trip report</p>
53483
53484 <ul>
53485 <li>So far, only one person has bothered to send in a BSDCan trip report. Our warmest thanks to Dave for doing his part.</li>
53486 </ul>
53487
53488 <blockquote>
53489 <p>Hello guys! During the last show, you asked for a trip report regarding BSDCan 2018.<br>
53490 This was my first time attending BSDCan. However, BSDCan was my second BSD conference overall, my first being vBSDCon 2017 in Reston, VA.<br>
53491 Arriving early Thursday evening and after checking into the hotel, I headed straight to the Red Lion for the registration, picked up my badge and swag and then headed towards the ‘DMS’ building for the newbies talk. The only thing is, I couldn’t find the DMS building! Fortunately I found a BSDCan veteran who was heading there themselves. My only suggestion is to include the full building name and address on the BSDCan web site, or even a link to Google maps to help out with the navigation. The on-campus street maps didn’t have ‘DMS’ written on them anywhere. But I digress.<br>
53492 Once I made it to the newbies talk hosted by Dan Langille and Michael W Lucas, it highlighted places to meet, an overview of what is happening, details about the ‘BSDCan widow/widower tours’ and most importantly, the 6-2-1 rule!<br>
53493 The following morning, we were present with tea/coffee, muffins and other goodies to help prepare us for the day ahead.<br>
53494 The first talk, “The Tragedy of systemd” covered what systemd did wrong and how the BSD community could improve on the ideas behind it.<br>
53495 With the exception of Michael W Lucas, SSH Key Management and Kirk McKusick, The Evolution of FreeBSD Governance talk, I pretty much attended all of the ZFS talks including the lunchtime BoF session, hosted by Allan Jude. Coming from FreeNAS and being involved in the community, this is where my main interest and motivation lies. Since then I have been able to share some of that information with the FreeNAS community forums and chatroom.<br>
53496 I also attended the “Speculating about Intel” lunchtime BoF session hosted by Theo de Raddt, which proved to be “interesting”.<br>
53497 The talks ended with the wrap up session with a few words from Dan, covering the record attendance and made very clear there “was no cabal”. Followed by the the handing over of Groff the BSD goat to a new owner, thank you’s from the FreeBSD Foundation to various community committers and maintainers, finally ending with the charity auction, where a things like a Canadian $20 bill sold for $40, a signed FreeBSD Foundation shirt originally worn by George Neville-Neil, a lost laptop charger, Michael’s used gelato spoon, various books, the last cookie and more importantly, the second to last cookie!<br>
53498 After the auction, we all headed to the Red Lion for food and drinks, sponsored by iXsystems.<br>
53499 I would like to thank the BSDCan organizers, speakers and sponsors for a great conference. I will certainly hope to attend next year!<br>
53500 Regards,<br>
53501 Dave (aka m0nkey_)</p>
53502 </blockquote>
53503
53504 <ul>
53505 <li>Thanks to Dave for sharing his experiences with us and our viewers</li>
53506 </ul>
53507
53508 <p><hr></p>
53509
53510 <p>##Beastie Bits</p>
53511
53512 <ul>
53513 <li><a href="https://lists.freebsd.org/pipermail/freebsd-advocacy/2008-August/003674.html">Robert Watson (from 2008) on how much FreeBSD is in Mac OS X </a></li>
53514 <li><a href="https://aloiskraus.wordpress.com/2018/06/16/why-skylakex-cpus-are-sometimes-50-slower-how-intel-has-broken-existing-code/">Why Intel Skylake CPUs are sometimes 50% slower than older CPUs</a></li>
53515 <li><a href="https://lobste.rs/s/bos5cr/practical_unix_manuals_mdoc">Kristaps Dzonsons is looking for somebody to maintain this as mentioned at this link</a></li>
53516 <li><a href="https://www.reddit.com/r/freebsd/comments/87rru4/formatting_floppy_disks_in_a_usb_floppy_disk_drive/">camcontrol(8) saves the day again! Formatting floppy disks in a USB floppy disk drive</a></li>
53517 <li><a href="https://www.reddit.com/r/openbsd_gaming/comments/898ey5/32_great_indie_games_now_playable_on_current_7/">32+ great indie games now playable on OpenBSD -current; 7 currently on sale!</a></li>
53518 <li><a href="https://bsd-pl.org/en">Warsaw BSD User Group. June 27 2018 18:30-21:00, Wheel Systems Office, Aleje Jerozolimskie 178, Warsaw</a></li>
53519 </ul>
53520
53521 <p><strong>Tarsnap</strong></p>
53522
53523 <p>##Feedback/Questions</p>
53524
53525 <ul>
53526 <li>Ron - <a href="http://dpaste.com/2B6CWDM#wrap">Adding a disk to ZFS</a></li>
53527 <li>Marshall - <a href="http://dpaste.com/2W7VD6K#wrap">zfs question</a></li>
53528 <li>Thomas - <a href="http://dpaste.com/1FS7534#wrap">Allan, the myth perpetuator</a></li>
53529 <li>Ross - <a href="http://dpaste.com/1HWQWB6#wrap">ZFS IO stats per dataset</a></li>
53530 </ul>
53531
53532 <p><hr></p>
53533
53534 <ul>
53535 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
53536 </ul>]]>
53537 </content:encoded>
53538 <itunes:summary>
53539 <![CDATA[<p>FreeBSD 11.2 has been released, setting up an MTA behind Tor, running pfsense on DigitalOcean, one year of C, using OpenBGPD to announce VM networks, the power to serve, and a BSDCan trip report.</p>
53540
53541 <p>##Headlines<br>
53542 ###<a href="https://www.freebsd.org/releases/11.2R/announce.html">FreeBSD 11.2-RELEASE Available</a></p>
53543
53544 <ul>
53545 <li>FreeBSD 11.2 was released today (June 27th) and is ready for download</li>
53546 <li>Highlights:</li>
53547 </ul>
53548
53549 <blockquote>
53550 <p>OpenSSH has been updated to version 7.5p1.<br>
53551 OpenSSL has been updated to version 1.0.2o.<br>
53552 The clang, llvm, lldb and compiler-rt utilities have been updated to version 6.0.0.<br>
53553 The libarchive(3) library has been updated to version 3.3.2.<br>
53554 The libxo(3) library has been updated to version 0.9.0.<br>
53555 Major Device driver updates to:</p>
53556 </blockquote>
53557
53558 <ul>
53559 <li>cxgbe(4) – Chelsio 10/25/40/50/100 gigabit NICs – version 1.16.63.0 supports T4, T5 and T6</li>
53560 <li>ixl(4) – Intel 10 and 40 gigabit NICs, updated to version 1.9.9-k</li>
53561 <li>ng_pppoe(4) – driver has been updated to add support for user-supplied Host-Uniq tags</li>
53562 </ul>
53563
53564 <blockquote>
53565 <p>New drivers:<br>
53566 + drm-next-kmod driver supporting integrated Intel graphics with the i915 driver.</p>
53567 </blockquote>
53568
53569 <ul>
53570 <li>mlx5io(4) – a new IOCTL interface for Mellanox ConnectX-4 and ConnectX-5 10/20/25/40/50/56/100 gigabit NICs</li>
53571 <li>ocs_fc(4) – Emulex Fibre Channel 8/16/32 gigabit Host Adapters</li>
53572 <li>smartpqi(4) – HP Gen10 Smart Array Controller Family</li>
53573 </ul>
53574
53575 <blockquote>
53576 <p>The newsyslog(8) utility has been updated to support RFC5424-compliant messages when rotating system logs<br>
53577 The diskinfo(8) utility has been updated to include two new flags, -s which displays the disk identity (usually the serial number), and -p which displays the physical path to the disk in a storage controller.<br>
53578 The top(1) utility has been updated to allow filtering on multiple user names when the -U flag is used<br>
53579 The umount(8) utility has been updated to include a new flag, -N, which is used to forcefully unmount an NFS mounted filesystem.<br>
53580 The ps(1) utility has been updated to display if a process is running with capsicum(4) capability mode, indicated by the flag ‘C’<br>
53581 The service(8) utility has been updated to include a new flag, -j, which is used to interact with services running within a jail(8). The argument to -j can be either the name or numeric jail ID<br>
53582 The mlx5tool(8) utility has been added, which is used to manage Connect-X 4 and Connect-X 5 devices supported by mlx5io(4).<br>
53583 The ifconfig(8) utility has been updated to include a random option, which when used with the ether option, generates a random MAC address for an interface.<br>
53584 The dwatch(1) utility has been introduced<br>
53585 The efibootmgr(8) utility has been added, which is used to manipulate the EFI boot manager.<br>
53586 The etdump(1) utility has been added, which is used to view El Torito boot catalog information.<br>
53587 The linux(4) ABI compatibility layer has been updated to include support for musl consumers.<br>
53588 The fdescfs(5) filesystem has been updated to support Linux®-specific fd(4) /dev/fd and /proc/self/fd behavior<br>
53589 Support for virtio_console(4) has been added to bhyve(4).<br>
53590 The length of GELI passphrases entered when booting a system with encrypted disks is now hidden by default. See the configuration options in geli(8) to restore the previous behavior.</p>
53591 </blockquote>
53592
53593 <ul>
53594 <li>In addition to the usual CD/DVD ISO, Memstick, and prebuilt VM images (raw, qcow2, vhd, and vmdk), FreeBSD 11.2 is also available on:
53595 <ul>
53596 <li>Amazon EC2</li>
53597 <li>Google Compute Engine</li>
53598 <li>Hashicorp/Atlas Vagrant</li>
53599 <li>Microsoft Azure</li>
53600 </ul>
53601
53602 <p></li><br>
53603 <li>In addition to a generic ARM64 image for devices like the Pine64 and Raspberry Pi 3, specific images are provided for:</p>
53604
53605 <ul>
53606 <li>GUMSTIX</li>
53607 <li>BANANAPI</li>
53608 <li>BEAGLEBONE</li>
53609 <li>CUBIEBOARD</li>
53610 <li>CUBIEBOARD2</li>
53611 <li>CUBOX-HUMMINGBOARD</li>
53612 <li>RASPBERRY PI 2</li>
53613 <li>PANDABOARD</li>
53614 <li>WANDBOARD</li>
53615 </ul>
53616
53617 <p></li><br>
53618 <li><a href="https://www.freebsd.org/releases/11.2R/relnotes.html">Full Release Notes</a></li><br>
53619 </ul><br>
53620 <hr></p>
53621
53622 <p>###<a href="https://github.com/lattera/articles/blob/master/opsec/2018-05-08_torified_mta/article.md">Setting up an MTA Behind Tor</a></p>
53623
53624 <blockquote>
53625 <p>This article will document how to set up OpenSMTPD behind a fully Tor-ified network. Given that Tor’s DNS resolver code does not support MX record lookups, care must be taken for setting up an MTA behind a fully Tor-ified network. OpenSMTPD was chosen because it was easy to modify to force it to fall back to A/AAAA lookups when MX lookups failed with a DNS result code of NOTIMP (4).</p>
53626 </blockquote>
53627
53628 <blockquote>
53629 <p>Note that as of 08 May 2018, the OpenSMTPD project is planning a configuration file language change. The proposed change has not landed. Once it does, this article will be updated to reflect both the old language and new.</p>
53630 </blockquote>
53631
53632 <blockquote>
53633 <p>The reason to use an MTA behing a fully Tor-ified network is to be able to support email behind the .onion TLD. This setup will only allow us to send and receive email to and from the .onion TLD.</p>
53634 </blockquote>
53635
53636 <ul>
53637 <li>
53638 <p>Requirements:</p>
53639 </li>
53640 <li>
53641 <p>A fully Tor-ified network</p>
53642 </li>
53643 <li>
53644 <p>HardenedBSD as the operating system</p>
53645 </li>
53646 <li>
53647 <p>A server (or VM) running HardenedBSD behind the fully Tor-ified network.</p>
53648 </li>
53649 <li>
53650 <p>/usr/ports is empty</p>
53651 </li>
53652 <li>
53653 <p>Or is already pre-populated with the HardenedBSD Ports tree</p>
53654 </li>
53655 <li>
53656 <p>Why use HardenedBSD? We get all the features of FreeBSD (ZFS, DTrace, bhyve, and jails) with enhanced security through exploit mitigations and system hardening. Tor has a very unique threat landscape and using a hardened ecosystem is crucial to mitigating risks and threats.</p>
53657 </li>
53658 </ul>
53659
53660 <blockquote>
53661 <p>Also note that this article reflects how I’ve set up my MTA. I’ve included configuration files verbatim. You will need to replace the text that refers to my .onion domain with yours.</p>
53662 </blockquote>
53663
53664 <blockquote>
53665 <p>On 08 May 2018, HardenedBSD’s version of OpenSMTPD just gained support for running an MTA behind Tor. The package repositories do not yet contain the patch, so we will compile OpenSMTPD from ports.</p>
53666 </blockquote>
53667
53668 <ul>
53669 <li>Steps</li>
53670 <li>Installation</li>
53671 <li>Generating Cryptographic Key Material</li>
53672 <li>Tor Configuration</li>
53673 <li>OpenSMTPD Configuration</li>
53674 <li>Dovecot Configuration</li>
53675 <li>Testing your configuration</li>
53676 <li>Optional: Webmail Access</li>
53677 </ul>
53678
53679 <p><hr></p>
53680
53681 <p><strong>iXsystems</strong><br>
53682 <a href="https://www.forbes.com/sites/forbestechcouncil/2018/06/21/strings-attached-knowing-when-and-when-not-to-accept-vc-funding/#30f9f18f46ec">https://www.forbes.com/sites/forbestechcouncil/2018/06/21/strings-attached-knowing-when-and-when-not-to-accept-vc-funding/#30f9f18f46ec</a><br>
53683 <a href="https://www.ixsystems.com/blog/self-2018-recap/">https://www.ixsystems.com/blog/self-2018-recap/</a></p>
53684
53685 <p>###<a href="https://squigly.blogspot.com/2018/02/running-pfsense-on-digitalocean-droplet.html">Running pfSense on a Digital Ocean Droplet</a></p>
53686
53687 <blockquote>
53688 <p>I love pfSense (and opnSense, no discrimination here). I use it for just about anything, from homelab to large scale deployments and I’ll give out on any fancy <enter brand name fw appliance here> for a pfSense setup on a decent hardware.</p>
53689 </blockquote>
53690
53691 <blockquote>
53692 <p>I also love DigitalOcean, if you ever used them, you know why, if you never did, head over and try, you’ll understand why.<br>
53693 <shameless plug: head over to <a href="http://JupiterBroadcasting.com">JupiterBroadcasting.com</a>, the <em>best</em> technology content out there, they have coupon codes to get you started with DO>.</p>
53694 </blockquote>
53695
53696 <blockquote>
53697 <p>Unfortunately, while DO offers tremendous amount of useful distros and applications, pfSense isn’t one of them. But, where there’s a will, there’s a way, and here’s how to get pfSense up and running on DO so you can have it as the gatekeeper to your kingdom.</p>
53698 </blockquote>
53699
53700 <blockquote>
53701 <p>Start by creating a FreeBSD droplet, choose your droplet size (for modest setups, I find the 5$ to be quite awesome):</p>
53702 </blockquote>
53703
53704 <blockquote>
53705 <p>There are many useful things you can do with pfSense on your droplet, from OpenVPN, squid, firewalling, fancy routing, url filtering, dns black listing and much much more.</p>
53706 </blockquote>
53707
53708 <ul>
53709 <li>One note though, before we wrap up:</li>
53710 </ul>
53711
53712 <blockquote>
53713 <p>You have two ways to initiate the initial setup wizard of the web-configurator:<br>
53714 Spin up another droplet, log into it and browse your way to the INTERNAL ip address of the internal NIC you’ve set up. This is the long and tedious way, but it’s also somewhat safer as it eliminates the small window of risk the second method poses.<br>
53715 or<br>
53716 Once your WAN address is all setup, your pfSense is ready to accept https connection to start the initial web-configurator setup.<br>
53717 Thing is, there’s a default, well known set of credential to this initial wizard (admin:pfsense), so, there is a slight window of opportunity that someone can swoop in (assuming they know you’ve installed pfsense + your wan IP address + the exact time window between setting up the WAN interface and completing the wizard) and do <enter scary thing here>.</p>
53718 </blockquote>
53719
53720 <blockquote>
53721 <p>I leave it up to you which of the path you’d like to go, either way, once you’re done with the web-configurator wizard, you’ll have a shiny new pfSense installation at your disposal running on your favorite VPS.</p>
53722 </blockquote>
53723
53724 <blockquote>
53725 <p>Hopefully this was helpful for someone, I hope to get a similar post soon detailing how to get FreeNAS up and running on DO.<br>
53726 Many thanks to Tubsta and his blogpost as well as to Allan Jude, Kris Moore and Benedict Reuschling for their AWESOME and inspiring podcast, BSD Now.</p>
53727 </blockquote>
53728
53729 <p><hr></p>
53730
53731 <p>##News Roundup<br>
53732 ###<a href="http://floooh.github.io/2018/06/02/one-year-of-c.html">One year of C</a></p>
53733
53734 <blockquote>
53735 <p>It’s now nearly a year that I started writing non-trivial amounts of C code again (the first sokol_gfx.h commit was on the 14-Jul-2017), so I guess it’s time for a little retrospective.</p>
53736 </blockquote>
53737
53738 <blockquote>
53739 <p>In the beginning it was more of an experiment: I wanted to see how much I would miss some of the more useful C++ features (for instance namespaces, function overloading, ‘simple’ template code for containers, …), and whether it is possible to write non-trivial codebases in C without going mad.</p>
53740 </blockquote>
53741
53742 <blockquote>
53743 <p>Here are all the github projects I wrote in C:</p>
53744 </blockquote>
53745
53746 <ul>
53747 <li>sokol: a slowly growing set of platform-abstraction headers</li>
53748 <li>sokol-samples - examples for Sokol</li>
53749 <li>chips - 8-bit chip emulators</li>
53750 <li>chips-test - tests and examples for the chip- emulators, including some complete home computer emulators (minus sound)</li>
53751 </ul>
53752
53753 <blockquote>
53754 <p>All in all these are around 32k lines of code (not including 3rd party code like flextGL and HandmadeMath). I think I wrote more C code in the recent 10 months than any other language.</p>
53755 </blockquote>
53756
53757 <blockquote>
53758 <p>So one thing seems to be clear: yes, it’s possible to write a non-trivial amount of C code that does something useful without going mad (and it’s even quite enjoyable I might add).</p>
53759 </blockquote>
53760
53761 <ul>
53762 <li>
53763 <p>Here’s a few things I learned:</p>
53764 </li>
53765 <li>
53766 <p>Pick the right language for a problem</p>
53767 </li>
53768 <li>
53769 <p>C is a perfect match for WebAssembly</p>
53770 </li>
53771 <li>
53772 <p>C99 is a huge improvement over C89</p>
53773 </li>
53774 <li>
53775 <p>The dangers of pointers and explicit memory management are overrated</p>
53776 </li>
53777 <li>
53778 <p>Less Boilerplate Code</p>
53779 </li>
53780 <li>
53781 <p>Less Language Feature ‘Anxiety’</p>
53782 </li>
53783 <li>
53784 <p>Conclusion</p>
53785 </li>
53786 </ul>
53787
53788 <blockquote>
53789 <p>All in all my “C experiment” is a success. For a lot of problems, picking C over C++ may be the better choice since C is a much simpler language (btw, did you notice how there are hardly any books, conferences or discussions about C despite being a fairly popular language? Apart from the neverending bickering about undefined behaviour from the compiler people of course ;) There simply isn’t much to discuss about a language that can be learned in an afternoon.</p>
53790 </blockquote>
53791
53792 <blockquote>
53793 <p>I don’t like some of the old POSIX or Linux APIs as much as the next guy (e.g. ioctl(), the socket API or some of the CRT library functions), but that’s an API design problem, not a language problem. It’s possible to build friendly C APIs with a bit of care and thinking, especially when C99’s designated initialization can be used (C++ should really make sure that the full C99 language can be used from inside C++ instead of continuing to wander off into an entirely different direction).</p>
53794 </blockquote>
53795
53796 <p><hr></p>
53797
53798 <p>###<a href="https://empt1e.blogspot.com/2018/06/configuring-openbgpd-to-announce-vms.html">Configuring OpenBGPD to announce VM’s virtual networks</a></p>
53799
53800 <blockquote>
53801 <p>We use BGP quite heavily at work, and even though I’m not interacting with that directly, it feels like it’s something very useful to learn at least on some basic level. The most effective and fun way of learning technology is finding some practical application, so I decided to see if it could help to improve networking management for my Virtual Machines.</p>
53802 </blockquote>
53803
53804 <blockquote>
53805 <p>My setup is fairly simple: I have a host that runs bhyve VMs and I have a desktop system from where I ssh to VMs, both hosts run FreeBSD. All VMs are connected to each other through a bridge and have a common network 10.0.1/24. The point of this exercise is to be able to ssh to these VMs from desktop without adding static routes and without adding vmhost’s external interfaces to the VMs bridge.</p>
53806 </blockquote>
53807
53808 <blockquote>
53809 <p>I’ve installed openbgpd on both hosts and configured it like this:</p>
53810 </blockquote>
53811
53812 <pre><code>vmhost: /usr/local/etc/bgpd.conf
53813 AS 65002
53814 router-id 192.168.87.48
53815 fib-update no
53816
53817 network 10.0.1.1/24
53818
53819 neighbor 192.168.87.41 {
53820 descr "desktop"
53821 remote-as 65001
53822 }
53823 </code></pre>
53824
53825 <blockquote>
53826 <p>Here, router-id is set vmhost’s IP address in my home network (192.168.87/24), fib-update no is set to forbid routing table update, which I initially set for testing, but keeping it as vmhost is not supposed to learn new routes from desktop anyway. network announces my VMs network and neighbor describes my desktop box. Now the desktop box:</p>
53827 </blockquote>
53828
53829 <pre><code>desktop: /usr/local/etc/bgpd.conf
53830 AS 65001
53831 router-id 192.168.87.41
53832 fib-update yes
53833
53834 neighbor 192.168.87.48 {
53835 descr "vmhost"
53836 remote-as 65002
53837 }
53838 </code></pre>
53839
53840 <blockquote>
53841 <p>It’s pretty similar to vmhost’s bgpd.conf, but no networks are announced here, and fib-update is set to yes because the whole point is to get VM routes added. Both hosts have to have the openbgpd service enabled:</p>
53842 </blockquote>
53843
53844 <pre><code>/etc/rc.conf.local
53845 openbgpd_enable="YES"
53846 </code></pre>
53847
53848 <ul>
53849 <li>Conclusion</li>
53850 </ul>
53851
53852 <blockquote>
53853 <p>As mentioned already, similar result could be achieved without using BGP by using either static routes or bridging interfaces differently, but the purpose of this exercise is to get some basic hands-on experience with BGP. Right now I’m looking into extending my setup in order to try more complex BGP schema. I’m thinking about adding some software switches in front of my VMs or maybe adding a second VM host (if budget allows). You’re welcome to comment if you have some ideas how to extend this setup for educational purposes in the context of BGP and networking.</p>
53854 </blockquote>
53855
53856 <blockquote>
53857 <p>As a side note, I really like openbgpd so far. Its configuration file format is clean and simple, documentation is good, error and information messages are clear, and CLI has intuitive syntax.</p>
53858 </blockquote>
53859
53860 <p><hr></p>
53861
53862 <p><strong>Digital Ocean</strong></p>
53863
53864 <p>###<a href="https://nocomplexity.com/the-power-to-serve/">The Power to Serve</a></p>
53865
53866 <blockquote>
53867 <p>All people within the IT Industry should known where the slogan “The Power To Serve” is exposed every day to millions of people. But maybe too much wishful thinking from me. But without “The Power To Serve” the IT industry today will look totally different. Companies like Apple, Juniper, Cisco and even WatsApp would not exist in their current form.</p>
53868 </blockquote>
53869
53870 <blockquote>
53871 <p>I provide IT architecture services to make your complex IT landscape manageable and I love to solve complex security and privacy challenges. Complex challenges where people, processes and systems are heavily interrelated. For this knowledge intensive work I often run some IT experiments. When you run experiments nowadays you have a choice:</p>
53872 </blockquote>
53873
53874 <ul>
53875 <li>Rent some cloud based services or</li>
53876 <li>DIY (Do IT Yourself) on premise</li>
53877 </ul>
53878
53879 <blockquote>
53880 <p>Running your own developments experiments on your own infrastructure can be time consuming. However smart automation saves time and money. And by creating your own CICD pipeline (Continuous Integration, Continuous Deployment) you stay on top of core infrastructure developments. Even hands-on. Knowing how things work from a technical ‘hands-on’ perspective gives great advantages when it comes to solving complex business IT problems. Making a clear distinguish between a business problem or IT problem is useless. Business and IT problems are related. Sometimes causal related, but more often indirect by one or more non linear feedback loops. Almost every business depends of IT systems. Bad IT means often that your customers will leave your business.</p>
53881 </blockquote>
53882
53883 <blockquote>
53884 <p>One of the things of FeeBSD for me is still FreeBSD Jails. In 2015 I had luck to attend to a presentation of the legendary hacker Poul-Henning Kamp . Check his BSD bio to see what he has done for the FreeBSD community! FreeBSD jails are a light way to visualize your system without enormous overhead. Now that the development on Linux for LXD/LXD is more mature (lxd is the next generation system container manager on linux) there is finally again an alternative for a nice chroot Linux based system again. At least when you do not need the overhead and management complexity that comes with Kubernetes or Docker.</p>
53885 </blockquote>
53886
53887 <blockquote>
53888 <p>FreeBSD means control and quality for me. When there is an open source package I need, I want to install it from source. It gives me more control and always some extra knowledge on how things work. So no precompiled binaries for me on my BSD systems! If a build on FreeBSD fails most of the time this is an alert regarding the quality for me.</p>
53889 </blockquote>
53890
53891 <blockquote>
53892 <p>If a complex OSS package is not available at all in the FreeBSD ports collection there should be a reason for it. Is it really that nobody on the world wants to do this dirty maintenance work? Or is there another cause that running this software on FreeBSD is not possible…There are currently 32644 ports available on FreeBSD. So all the major programming language, databases and middleware libraries are present. The FreeBSD organization is a mature organization and since this is one of the largest OSS projects worldwide learning how this community manages to keep innovation and creates and maintains software is a good entrance for learning how complex IT systems function.</p>
53893 </blockquote>
53894
53895 <blockquote>
53896 <p>FreeBSD is of course BSD licensed. It worked well! There is still a strong community with lots of strong commercial sponsors around the community. Of course: sometimes a GPL license makes more sense. So beside FreeBSD I also love GPL software and the rationale and principles behind it. So my hope is that maybe within the next 25 years the hard battle between BSD vs GPL churches will be more rationalized and normalized. Principles are good, but as all good IT architects know: With good principles alone you never make a good system. So use requirements and not only principles to figure out what OSS license fits your project. There is never one size fits all.</p>
53897 </blockquote>
53898
53899 <blockquote>
53900 <p>June 19, 1993 was the day the official name for FreeBSD was agreed upon. So this blog is written to celebrate 25th anniversary of FreeBSD.</p>
53901 </blockquote>
53902
53903 <p><hr></p>
53904
53905 <p>###Dave’s BSDCan trip report</p>
53906
53907 <ul>
53908 <li>So far, only one person has bothered to send in a BSDCan trip report. Our warmest thanks to Dave for doing his part.</li>
53909 </ul>
53910
53911 <blockquote>
53912 <p>Hello guys! During the last show, you asked for a trip report regarding BSDCan 2018.<br>
53913 This was my first time attending BSDCan. However, BSDCan was my second BSD conference overall, my first being vBSDCon 2017 in Reston, VA.<br>
53914 Arriving early Thursday evening and after checking into the hotel, I headed straight to the Red Lion for the registration, picked up my badge and swag and then headed towards the ‘DMS’ building for the newbies talk. The only thing is, I couldn’t find the DMS building! Fortunately I found a BSDCan veteran who was heading there themselves. My only suggestion is to include the full building name and address on the BSDCan web site, or even a link to Google maps to help out with the navigation. The on-campus street maps didn’t have ‘DMS’ written on them anywhere. But I digress.<br>
53915 Once I made it to the newbies talk hosted by Dan Langille and Michael W Lucas, it highlighted places to meet, an overview of what is happening, details about the ‘BSDCan widow/widower tours’ and most importantly, the 6-2-1 rule!<br>
53916 The following morning, we were present with tea/coffee, muffins and other goodies to help prepare us for the day ahead.<br>
53917 The first talk, “The Tragedy of systemd” covered what systemd did wrong and how the BSD community could improve on the ideas behind it.<br>
53918 With the exception of Michael W Lucas, SSH Key Management and Kirk McKusick, The Evolution of FreeBSD Governance talk, I pretty much attended all of the ZFS talks including the lunchtime BoF session, hosted by Allan Jude. Coming from FreeNAS and being involved in the community, this is where my main interest and motivation lies. Since then I have been able to share some of that information with the FreeNAS community forums and chatroom.<br>
53919 I also attended the “Speculating about Intel” lunchtime BoF session hosted by Theo de Raddt, which proved to be “interesting”.<br>
53920 The talks ended with the wrap up session with a few words from Dan, covering the record attendance and made very clear there “was no cabal”. Followed by the the handing over of Groff the BSD goat to a new owner, thank you’s from the FreeBSD Foundation to various community committers and maintainers, finally ending with the charity auction, where a things like a Canadian $20 bill sold for $40, a signed FreeBSD Foundation shirt originally worn by George Neville-Neil, a lost laptop charger, Michael’s used gelato spoon, various books, the last cookie and more importantly, the second to last cookie!<br>
53921 After the auction, we all headed to the Red Lion for food and drinks, sponsored by iXsystems.<br>
53922 I would like to thank the BSDCan organizers, speakers and sponsors for a great conference. I will certainly hope to attend next year!<br>
53923 Regards,<br>
53924 Dave (aka m0nkey_)</p>
53925 </blockquote>
53926
53927 <ul>
53928 <li>Thanks to Dave for sharing his experiences with us and our viewers</li>
53929 </ul>
53930
53931 <p><hr></p>
53932
53933 <p>##Beastie Bits</p>
53934
53935 <ul>
53936 <li><a href="https://lists.freebsd.org/pipermail/freebsd-advocacy/2008-August/003674.html">Robert Watson (from 2008) on how much FreeBSD is in Mac OS X </a></li>
53937 <li><a href="https://aloiskraus.wordpress.com/2018/06/16/why-skylakex-cpus-are-sometimes-50-slower-how-intel-has-broken-existing-code/">Why Intel Skylake CPUs are sometimes 50% slower than older CPUs</a></li>
53938 <li><a href="https://lobste.rs/s/bos5cr/practical_unix_manuals_mdoc">Kristaps Dzonsons is looking for somebody to maintain this as mentioned at this link</a></li>
53939 <li><a href="https://www.reddit.com/r/freebsd/comments/87rru4/formatting_floppy_disks_in_a_usb_floppy_disk_drive/">camcontrol(8) saves the day again! Formatting floppy disks in a USB floppy disk drive</a></li>
53940 <li><a href="https://www.reddit.com/r/openbsd_gaming/comments/898ey5/32_great_indie_games_now_playable_on_current_7/">32+ great indie games now playable on OpenBSD -current; 7 currently on sale!</a></li>
53941 <li><a href="https://bsd-pl.org/en">Warsaw BSD User Group. June 27 2018 18:30-21:00, Wheel Systems Office, Aleje Jerozolimskie 178, Warsaw</a></li>
53942 </ul>
53943
53944 <p><strong>Tarsnap</strong></p>
53945
53946 <p>##Feedback/Questions</p>
53947
53948 <ul>
53949 <li>Ron - <a href="http://dpaste.com/2B6CWDM#wrap">Adding a disk to ZFS</a></li>
53950 <li>Marshall - <a href="http://dpaste.com/2W7VD6K#wrap">zfs question</a></li>
53951 <li>Thomas - <a href="http://dpaste.com/1FS7534#wrap">Allan, the myth perpetuator</a></li>
53952 <li>Ross - <a href="http://dpaste.com/1HWQWB6#wrap">ZFS IO stats per dataset</a></li>
53953 </ul>
53954
53955 <p><hr></p>
53956
53957 <ul>
53958 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
53959 </ul>]]>
53960 </itunes:summary>
53961 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+pm_aSt0Q</fireside:playerURL>
53962 <fireside:playerEmbedCode>
53963 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+pm_aSt0Q" width="740" height="200" frameborder="0" scrolling="no">]]>
53964 </fireside:playerEmbedCode>
53965 </item>
53966 <item>
53967 <title>Episode 251: Crypto HAMMER | BSD Now 251</title>
53968 <link>https://www.bsdnow.tv/251</link>
53969 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-2136</guid>
53970 <pubDate>Thu, 21 Jun 2018 02:00:00 -0700</pubDate>
53971 <author>Allan Jude</author>
53972 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/034d5002-639f-4744-a773-9c000ce91d1c.mp3" length="53300210" type="audio/mp3"/>
53973 <itunes:episodeType>full</itunes:episodeType>
53974 <itunes:author>Allan Jude</itunes:author>
53975 <itunes:subtitle>DragonflyBSD’s hammer1 encrypted master/slave setup, second part of our BSDCan recap, NomadBSD 1.1-RC1 available, OpenBSD adds an LDAP client to base, FreeBSD gets pNFS support, Intel FPU Speculation Vulnerability confirmed, and what some Unix command names mean.</itunes:subtitle>
53976 <itunes:duration>1:28:43</itunes:duration>
53977 <itunes:explicit>no</itunes:explicit>
53978 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
53979 <description>DragonflyBSD’s hammer1 encrypted master/slave setup, second part of our BSDCan recap, NomadBSD 1.1-RC1 available, OpenBSD adds an LDAP client to base, FreeBSD gets pNFS support, Intel FPU Speculation Vulnerability confirmed, and what some Unix command names mean.
53980 <p>##Headlines<br>
53981 <a href="https://www.reddit.com/r/dragonflybsd/comments/8riwtx/towards_a_hammer1_masterslave_encrypted_setup/">DragonflyBSD: Towards a HAMMER1 master/slave encrypted setup with LUKS</a></p>
53982 <blockquote>
53983 <p>I just wanted to share my experience with setting up DragonFly master/slave HAMMER1 PFS’s on top of LUKS<br>
53984 So after a long time using an Synology for my NFS needs, I decided it was time to rethink my setup a little since I had several issues with it :</p>
53985 </blockquote>
53986 <ul>
53987 <li>You cannot run NFS on top of encrypted partitions easily</li>
53988 <li>I suspect I am having some some data corruption (bitrot) on the ext4 filesystem</li>
53989 <li>the NIC was stcuk to 100 Mbps instead of 1 Gbps even after swapping cables, switches, you name it</li>
53990 <li>It’s proprietary</li>
53991 </ul>
53992 <blockquote>
53993 <p>I have been playing with DragonFly in the past and knew about HAMMER, now I just had the perfect excuse to actually use it in production :) After setting up the OS, creating the LUKS partition and HAMMER FS was easy :</p>
53994 </blockquote>
53995 <p><code>kdload dm</code><br>
53996 <code>cryptsetup luksFormat /dev/serno/&lt;id1&gt;</code><br>
53997 <code>cryptsetup luksOpen /dev/serno/&lt;id1&gt; fort_knox</code><br>
53998 <code>newfs_hammer -L hammer1_secure_master /dev/mapper/fort_knox</code><br>
53999 <code>cryptsetup luksFormat /dev/serno/&lt;id2&gt;</code><br>
54000 <code>cryptsetup luksOpen /dev/serno/&lt;id2&gt; fort_knox_slave</code><br>
54001 <code>newfs_hammer -L hammer1_secure_slave /dev/mapper/fort_knox_slave</code></p>
54002 <ul>
54003 <li>Mount the 2 drives :</li>
54004 </ul>
54005 <p><code>mount /dev/mapper/fort_knox /fort_knox</code><br>
54006 <code>mount /dev/mapper_fort_know_slave /fort_knox_slave</code></p>
54007 <blockquote>
54008 <p>You can now put your data under /fort_knox<br>
54009 Now, off to setting up the replication, first get the shared-uuid of /fort_knox</p>
54010 </blockquote>
54011 <p><code>hammer pfs-status /fort_knox</code></p>
54012 <blockquote>
54013 <p>Create a PFS slave “linked” to the master</p>
54014 </blockquote>
54015 <p><code>hammer pfs-slave /fort_knox_slave/pfs/slave shared-uuid=f9e7cc0d-eb59-10e3-a5b5-01e6e7cefc12</code></p>
54016 <blockquote>
54017 <p>And then stream your data to the slave PFS !</p>
54018 </blockquote>
54019 <p><code>hammer mirror-stream /fort_knox /fort_knox_slave/pfs/slave</code></p>
54020 <blockquote>
54021 <p>After that, setting NFS is fairly trivial even though I had problem with the /etc/exports syntax which is different than Linux</p>
54022 </blockquote>
54023 <blockquote>
54024 <p>There’s a few things I wish would be better though but nothing too problematic or without workarounds :</p>
54025 </blockquote>
54026 <ul>
54027 <li>Cannot unlock LUKS partitions at boot time afaik (Acceptable tradeoff for the added security LUKS gives me vs my old Synology setup) but this force me to run a script to unlock LUKS, mount hammer and start mirror-stream at each boot</li>
54028 <li>No S1/S3 sleep so I made a script to shutdown the system when there’s no network neighborgs to serve the NFS</li>
54029 <li>As my system isn’t online 24/7 for energy reasons, I guess will have to run hammer cleanup myself from time to time</li>
54030 <li>Some uncertainty because hey, it’s kind of exotic but exciting too :)</li>
54031 </ul>
54032 <blockquote>
54033 <p>Overall, I am happy, HAMMER1 and PFS are looking really good, DragonFly is a neat Unix and the community is super friendly (Matthew Dillon actually provided me with a kernel patch to fix the broken ACPI on the PC holding this setup, many thanks!), the system is still a “work in progress” but it is already serving my files as I write this post.</p>
54034 </blockquote>
54035 <blockquote>
54036 <p>Let’s see in 6 months how it goes in the longer run !</p>
54037 </blockquote>
54038 <ul>
54039 <li>Helpful resources : <a href="https://www.dragonflybsd.org/docs/how_to_implement_hammer_pseudo_file_system__40___pfs___41___slave_mirroring_from_pfs_master/">https://www.dragonflybsd.org/docs/how_to_implement_hammer_pseudo_file_system__40___pfs___41___slave_mirroring_from_pfs_master/</a></li>
54040 </ul>
54041 <hr>
54042 <p>###BSDCan 2018 Recap</p>
54043 <ul>
54044 <li>As promised, here is our second part of our BSDCan report, covering the conference proper. The last tutorials/devsummit of that day lead directly into the conference, as people could pick up their registration packs at the Red Lion and have a drink with fellow BSD folks.</li>
54045 <li>Allan and I were there only briefly, as we wanted to get back to the “Newcomers orientation and mentorship” session lead by Michael W. Lucas. This session is intended for people that are new to BSDCan (maybe their first BSD conference ever?) and may have questions. Michael explained everything from the 6-2-1 rule (hours of sleep, meals per day, and number of showers that attendees should have at a minimum), to the partner and widowers program (lead by his wife Liz), to the sessions that people should not miss (opening, closing, and hallway track). Old-time BSDCan folks were asked to stand up so that people can recognize them and ask them any questions they might have during the conferences. The session was well attended. Afterwards, people went for dinner in groups, a big one lead by Michael Lucas to his favorite Shawarma place, followed by gelato (of course). This allowed newbies to mingle over dinner and ice cream, creating a welcoming atmosphere.</li>
54046 <li>The next day, after Dan Langille opened the conference, Benno Rice gave the keynote presentation about “The Tragedy of Systemd”.</li>
54047 <li>Benedict went to the following talks:</li>
54048 </ul>
54049 <blockquote>
54050 <p>“Automating Network Infrastructures with Ansible on FreeBSD” in the DevSummit track. A good talk that connected well with his Ansible tutorial and even allowed some discussions among participants.<br>
54051 “All along the dwatch tower”: Devin delivered a well prepared talk. I first thought that the number of slides would not fit into the time slot, but she even managed to give a demo of her work, which was well received. The dwatch tool she wrote should make it easy for people to get started with DTrace without learning too much about the syntax at first. The visualizations were certainly nice to see, combining different tools together in a new way.<br>
54052 ZFS BoF, lead by Allan and Matthew Ahrens<br>
54053 SSH Key Management by Michael W. Lucas. Yet another great talk where I learned a lot. I did not get to the SSH CA chapter in the new SSH Mastery book, so this was a good way to wet my appetite for it and motivated me to look into creating one for the cluster that I’m managing.<br>
54054 The rest of the day was spent at the FreeBSD Foundation table, talking to various folks. Then, Allan and I had an interview with Kirk McKusick for National FreeBSD Day, then we had a core meeting, followed by a core dinner.</p>
54055 </blockquote>
54056 <ul>
54057 <li>Day 2:
54058 <blockquote>
54059 <p>“Flexible Disk Use in OpenZFS”: Matthew Ahrens talking about the feature he is implementing to expand a RAID-Z with a single disk, as well as device removal.<br>
54060 Allan’s talk about his efforts to implement ZSTD in OpenZFS as another compression algorithm. I liked his overview slides with the numbers comparing the algorithms for their effectiveness and his personal story about the sometimes rocky road to get the feature implemented.<br>
54061 “zrepl - ZFS replication” by Christian Schwarz, was well prepared and even had a demo to show what his snapshot replication tool can do. We covered it on the show before and people can find it under sysutils/zrepl. Feedback and help is welcome.<br>
54062 “The Evolution of FreeBSD Governance” by Kirk McKusick was yet another great talk by him covering the early days of FreeBSD until today, detailing some of the progress and challenges the project faced over the years in terms of leadership and governance. This is an ongoing process that everyone in the community should participate in to keep the project healthy and infused with fresh blood.<br>
54063 Closing session and auction were funny and great as always.<br>
54064 All in all, yet another amazing BSDCan. Thank you Dan Langille and your organizing team for making it happen! Well done.</p>
54065 </blockquote>
54066 </li>
54067 </ul>
54068 <hr>
54069 <p><strong>Digital Ocean</strong></p>
54070 <p>###<a href="http://nomadbsd.org/index.html#rel1.1-rc1">NomadBSD 1.1-RC1 Released</a></p>
54071 <blockquote>
54072 <p>The first – and hopefully final – release candidate of NomadBSD 1.1 is available!</p>
54073 </blockquote>
54074 <ul>
54075 <li>Changes</li>
54076 <li>The base system has been upgraded to FreeBSD 11.2-RC3</li>
54077 <li>EFI booting has been fixed.</li>
54078 <li>Support for modern Intel GPUs has been added.</li>
54079 <li>Support for installing packages has been added.</li>
54080 <li>Improved setup menu.</li>
54081 <li>More software packages:</li>
54082 <li>benchmarks/bonnie++</li>
54083 <li>DSBDisplaySettings</li>
54084 <li>DSBExec</li>
54085 <li>DSBSu</li>
54086 <li>mail/thunderbird</li>
54087 <li>net/mosh</li>
54088 <li>ports-mgmt/octopkg</li>
54089 <li>print/qpdfview</li>
54090 <li>security/nmap</li>
54091 <li>sysutils/ddrescue</li>
54092 <li>sysutils/fusefs-hfsfuse</li>
54093 <li>sysutils/fusefs-sshfs</li>
54094 <li>sysutils/sleuthkit</li>
54095 <li>www/lynx</li>
54096 <li>x11-wm/compton</li>
54097 <li>x11/xev</li>
54098 <li>x11/xterm</li>
54099 <li>Many improvements and bugfixes<br>
54100 The image and instructions can be found <a href="http://nomadbsd.org/download.html">here</a>.</li>
54101 </ul>
54102 <hr>
54103 <p>##News Roundup<br>
54104 <a href="https://undeadly.org/cgi?action=article;sid=20180616115514">LDAP client added to -current</a></p>
54105 <pre><code>CVSROOT: /cvs
54106 Module name: src
54107 Changes by: reyk@cvs.openbsd.org 2018/06/13 09:45:58
54108
54109 Log message:
54110 Import ldap(1), a simple ldap search client.
54111 We have an ldapd(8) server and ypldap in base, so it makes sense to
54112 have a simple LDAP client without depending on the OpenLDAP package.
54113 This tool can be used in an ssh(1) AuthorizedKeysCommand script.
54114
54115 With feedback from many including millert@ schwarze@ gilles@ dlg@ jsing@
54116
54117 OK deraadt@
54118
54119 Status:
54120
54121 Vendor Tag: reyk
54122 Release Tags: ldap_20180613
54123
54124 N src/usr.bin/ldap/Makefile
54125 N src/usr.bin/ldap/aldap.c
54126 N src/usr.bin/ldap/aldap.h
54127 N src/usr.bin/ldap/ber.c
54128 N src/usr.bin/ldap/ber.h
54129 N src/usr.bin/ldap/ldap.1
54130 N src/usr.bin/ldap/ldapclient.c
54131 N src/usr.bin/ldap/log.c
54132 N src/usr.bin/ldap/log.h
54133
54134 No conflicts created by this import
54135 </code></pre>
54136 <hr>
54137 <p>###<a href="https://undeadly.org/cgi?action=article;sid=20180614064341">Intel® FPU Speculation Vulnerability Confirmed</a></p>
54138 <ul>
54139 <li>Earlier this month, Philip Guenther (guenther@) <a href="https://marc.info/?l=openbsd-cvs&amp;m=152818076013158&amp;w=2">committed</a> (to amd64 -current) a change from lazy to semi-eager FPU switching to mitigate against rumored FPU state leakage in Intel® CPUs.</li>
54140 <li>Theo de Raadt (deraadt@) discussed this in <a href="https://undeadly.org/cgi?action=article;sid=20180611101817">his BSDCan 2018 session</a>.</li>
54141 <li>Using information disclosed in Theo’s talk, <a href="https://twitter.com/cperciva/status/1007010583244230656">Colin Percival</a> developed a proof-of-concept exploit in around 5 hours. This seems to have prompted an early end to an embargo (in which OpenBSD was not involved), and the <a href="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html">official announcement</a> of the vulnerability.</li>
54142 <li><a href="https://svnweb.freebsd.org/base?view=revision&amp;revision=335072">FPU change in FreeBSD</a></li>
54143 </ul>
54144 <pre><code>Summary:
54145 System software may utilize the Lazy FP state restore technique to delay the restoring of state until an instruction operating on that state is actually executed by the new process. Systems using Intel® Core-based microprocessors may potentially allow a local process to infer data utilizing Lazy FP state restore from another process through a speculative execution side channel.
54146 Description:
54147 System software may opt to utilize Lazy FP state restore instead of eager save and restore of the state upon a context switch. Lazy restored states are potentially vulnerable to exploits where one process may infer register values of other processes through a speculative execution side channel that infers their value.
54148 · CVSS - 4.3 Medium CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
54149 Affected Products:
54150 Intel® Core-based microprocessors.
54151 Recommendations:
54152 If an XSAVE-enabled feature is disabled, then we recommend either its state component bitmap in the extended control register (XCR0) is set to 0 (e.g. XCR0[bit 2]=0 for AVX, XCR0[bits 7:5]=0 for AVX512) or the corresponding register states of the feature should be cleared prior to being disabled. Also for relevant states (e.g. x87, SSE, AVX, etc.), Intel recommends system software developers utilize Eager FP state restore in lieu of Lazy FP state restore.
54153 Acknowledgements:
54154 Intel would like to thank Julian Stecklina from Amazon Germany, Thomas Prescher from Cyberus Technology GmbH (https://www.cyberus-technology.de/), Zdenek Sojka from SYSGO AG (http://sysgo.com), and Colin Percival for reporting this issue and working with us on coordinated disclosure.
54155 </code></pre>
54156 <hr>
54157 <p><strong>iXsystems</strong><br>
54158 iX Ad Spot<br>
54159 <a href="https://www.ixsystems.com/blog/bsdcan-2018-recap/">iX Systems - BSDCan 2018 Recap</a></p>
54160 <p>###<a href="https://svnweb.freebsd.org/base?view=revision&amp;revision=335012">FreeBSD gets pNFS support</a></p>
54161 <pre><code>Merge the pNFS server code from projects/pnfs-planb-server into head.
54162
54163 This code merge adds a pNFS service to the NFSv4.1 server. Although it is
54164 a large commit it should not affect behaviour for a non-pNFS NFS server.
54165 Some documentation on how this works can be found at:
54166 Merge the pN http://people.freebsd.org/~rmacklem/pnfs-planb-setup.txt
54167 and will hopefully be turned into a proper document soon.
54168 This is a merge of the kernel code. Userland and man page changes will
54169 come soon, once the dust settles on this merge.
54170 It has passed a &quot;make universe&quot;, so I hope it will not cause build problems.
54171 It also adds NFSv4.1 server support for the &quot;current stateid&quot;.
54172
54173 Here is a brief overview of the pNFS service:
54174 A pNFS service separates the Read/Write operations from all the other NFSv4.1
54175 Metadata operations. It is hoped that this separation allows a pNFS service
54176 to be configured that exceeds the limits of a single NFS server for either
54177 storage capacity and/or I/O bandwidth.
54178 It is possible to configure mirroring within the data servers (DSs) so that
54179 the data storage file for an MDS file will be mirrored on two or more of
54180 the DSs.
54181 When this is used, failure of a DS will not stop the pNFS service and a
54182 failed DS can be recovered once repaired while the pNFS service continues
54183 to operate. Although two way mirroring would be the norm, it is possible
54184 to set a mirroring level of up to four or the number of DSs, whichever is
54185 less.
54186 The Metadata server will always be a single point of failure,
54187 just as a single NFS server is.
54188
54189 A Plan B pNFS service consists of a single MetaData Server (MDS) and K
54190 Data Servers (DS), all of which are recent FreeBSD systems.
54191 Clients will mount the MDS as they would a single NFS server.
54192 When files are created, the MDS creates a file tree identical to what a
54193 single NFS server creates, except that all the regular (VREG) files will
54194 be empty. As such, if you look at the exported tree on the MDS directly
54195 on the MDS server (not via an NFS mount), the files will all be of size 0.
54196 Each of these files will also have two extended attributes in the system
54197 attribute name space:
54198 pnfsd.dsfile - This extended attrbute stores the information that
54199 the MDS needs to find the data storage file(s) on DS(s) for this file.
54200 pnfsd.dsattr - This extended attribute stores the Size, AccessTime, ModifyTime
54201 and Change attributes for the file, so that the MDS doesn't need to
54202 acquire the attributes from the DS for every Getattr operation.
54203 For each regular (VREG) file, the MDS creates a data storage file on one
54204 (or more if mirroring is enabled) of the DSs in one of the &quot;dsNN&quot;
54205 subdirectories. The name of this file is the file handle
54206 of the file on the MDS in hexadecimal so that the name is unique.
54207 The DSs use subdirectories named &quot;ds0&quot; to &quot;dsN&quot; so that no one directory
54208 gets too large. The value of &quot;N&quot; is set via the sysctl vfs.nfsd.dsdirsize
54209 on the MDS, with the default being 20.
54210 For production servers that will store a lot of files, this value should
54211 probably be much larger.
54212 It can be increased when the &quot;nfsd&quot; daemon is not running on the MDS,
54213 once the &quot;dsK&quot; directories are created.
54214
54215 For pNFS aware NFSv4.1 clients, the FreeBSD server will return two pieces
54216 of information to the client that allows it to do I/O directly to the DS.
54217 DeviceInfo - This is relatively static information that defines what a DS
54218 is. The critical bits of information returned by the FreeBSD
54219 server is the IP address of the DS and, for the Flexible
54220 File layout, that NFSv4.1 is to be used and that it is
54221 &quot;tightly coupled&quot;.
54222 There is a &quot;deviceid&quot; which identifies the DeviceInfo.
54223 Layout - This is per file and can be recalled by the server when it
54224 is no longer valid. For the FreeBSD server, there is support
54225 for two types of layout, call File and Flexible File layout.
54226 Both allow the client to do I/O on the DS via NFSv4.1 I/O
54227 operations. The Flexible File layout is a more recent variant
54228 that allows specification of mirrors, where the client is
54229 expected to do writes to all mirrors to maintain them in a
54230 consistent state. The Flexible File layout also allows the
54231 client to report I/O errors for a DS back to the MDS.
54232 The Flexible File layout supports two variants referred to as
54233 &quot;tightly coupled&quot; vs &quot;loosely coupled&quot;. The FreeBSD server always
54234 uses the &quot;tightly coupled&quot; variant where the client uses the
54235 same credentials to do I/O on the DS as it would on the MDS.
54236 For the &quot;loosely coupled&quot; variant, the layout specifies a
54237 synthetic user/group that the client uses to do I/O on the DS.
54238 The FreeBSD server does not do striping and always returns
54239 layouts for the entire file. The critical information in a layout
54240 is Read vs Read/Writea and DeviceID(s) that identify which
54241 DS(s) the data is stored on.
54242
54243 At this time, the MDS generates File Layout layouts to NFSv4.1 clients
54244 that know how to do pNFS for the non-mirrored DS case unless the sysctl
54245 vfs.nfsd.default_flexfile is set non-zero, in which case Flexible File
54246 layouts are generated.
54247 The mirrored DS configuration always generates Flexible File layouts.
54248 For NFS clients that do not support NFSv4.1 pNFS, all I/O operations
54249 are done against the MDS which acts as a proxy for the appropriate DS(s).
54250 When the MDS receives an I/O RPC, it will do the RPC on the DS as a proxy.
54251 If the DS is on the same machine, the MDS/DS will do the RPC on the DS as
54252 a proxy and so on, until the machine runs out of some resource, such as
54253 session slots or mbufs.
54254 As such, DSs must be separate systems from the MDS.
54255
54256 ***
54257
54258 ###[What does {some strange unix command name} stand for?](http://www.unixguide.net/unix/faq/1.3.shtml)
54259
54260 + awk = &quot;Aho Weinberger and Kernighan&quot;
54261 + grep = &quot;Global Regular Expression Print&quot;
54262 + fgrep = &quot;Fixed GREP&quot;.
54263 + egrep = &quot;Extended GREP&quot;
54264 + cat = &quot;CATenate&quot;
54265 + gecos = &quot;General Electric Comprehensive Operating Supervisor&quot;
54266 + nroff = &quot;New ROFF&quot;
54267 + troff = &quot;Typesetter new ROFF&quot;
54268 + tee = T
54269 + bss = &quot;Block Started by Symbol
54270 + biff = &quot;BIFF&quot;
54271 + rc (as in &quot;.cshrc&quot; or &quot;/etc/rc&quot;) = &quot;RunCom&quot;
54272 + Don Libes' book &quot;Life with Unix&quot; contains lots more of these
54273 tidbits.
54274 ***
54275
54276 ##Beastie Bits
54277 + [RetroBSD: Unix for microcontrollers](http://retrobsd.org/wiki/doku.php)
54278 + [On the matter of OpenBSD breaking embargos (KRACK)](https://marc.info/?l=openbsd-tech&amp;m=152910536208954&amp;w=2)
54279 + [Theo's Basement Computer Paradise (1998)](https://zeus.theos.com/deraadt/hosts.html)
54280 + [Airport Extreme runs NetBSD](https://jcs.org/2018/06/12/airport_ssh)
54281 + [What UNIX shell could have been](https://rain-1.github.io/shell-2.html)
54282
54283 ***
54284 Tarsnap ad
54285 ***
54286
54287 ##Feedback/Questions
54288 + We need more feedback and questions. Please email feedback@bsdnow.tv
54289 + Also, many of you owe us BSDCan trip reports! We have shared what our experience at BSDCan was like, but we want to hear about yours. What can we do better next year? What was it like being there for the first time?
54290 + [Jason writes in](https://slexy.org/view/s205jU58X2)
54291 + https://www.wheelsystems.com/en/products/wheel-fudo-psm/
54292 + [June 19th was National FreeBSD Day](https://twitter.com/search?src=typd&amp;q=%23FreeBSDDay)
54293 ***
54294
54295 - Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [feedback@bsdnow.tv](mailto:feedback@bsdnow.tv)
54296 ***
54297
54298 </code></pre>
54299 </description>
54300 <itunes:keywords>freebsd,openbsd,netbsd,dragonflybsd,trueos,trident,hardenedbsd,tutorial,howto,guide,bsd,interview,hammer,Intel,NomadBSD,LDAP,pNFS,RetroBSD</itunes:keywords>
54301 <content:encoded>
54302 <![CDATA[<p>DragonflyBSD’s hammer1 encrypted master/slave setup, second part of our BSDCan recap, NomadBSD 1.1-RC1 available, OpenBSD adds an LDAP client to base, FreeBSD gets pNFS support, Intel FPU Speculation Vulnerability confirmed, and what some Unix command names mean.</p>
54303
54304 <p>##Headlines<br>
54305 ###<a href="https://www.reddit.com/r/dragonflybsd/comments/8riwtx/towards_a_hammer1_masterslave_encrypted_setup/">DragonflyBSD: Towards a HAMMER1 master/slave encrypted setup with LUKS</a></p>
54306
54307 <blockquote>
54308 <p>I just wanted to share my experience with setting up DragonFly master/slave HAMMER1 PFS’s on top of LUKS<br>
54309 So after a long time using an Synology for my NFS needs, I decided it was time to rethink my setup a little since I had several issues with it :</p>
54310 </blockquote>
54311
54312 <ul>
54313 <li>You cannot run NFS on top of encrypted partitions easily</li>
54314 <li>I suspect I am having some some data corruption (bitrot) on the ext4 filesystem</li>
54315 <li>the NIC was stcuk to 100 Mbps instead of 1 Gbps even after swapping cables, switches, you name it</li>
54316 <li>It’s proprietary</li>
54317 </ul>
54318
54319 <blockquote>
54320 <p>I have been playing with DragonFly in the past and knew about HAMMER, now I just had the perfect excuse to actually use it in production :) After setting up the OS, creating the LUKS partition and HAMMER FS was easy :</p>
54321 </blockquote>
54322
54323 <p><code>kdload dm</code><br>
54324 <code>cryptsetup luksFormat /dev/serno/<id1></code><br>
54325 <code>cryptsetup luksOpen /dev/serno/<id1> fort_knox</code><br>
54326 <code>newfs_hammer -L hammer1_secure_master /dev/mapper/fort_knox</code><br>
54327 <code>cryptsetup luksFormat /dev/serno/<id2></code><br>
54328 <code>cryptsetup luksOpen /dev/serno/<id2> fort_knox_slave</code><br>
54329 <code>newfs_hammer -L hammer1_secure_slave /dev/mapper/fort_knox_slave</code></p>
54330
54331 <ul>
54332 <li>Mount the 2 drives :</li>
54333 </ul>
54334
54335 <p><code>mount /dev/mapper/fort_knox /fort_knox</code><br>
54336 <code>mount /dev/mapper_fort_know_slave /fort_knox_slave</code></p>
54337
54338 <blockquote>
54339 <p>You can now put your data under /fort_knox<br>
54340 Now, off to setting up the replication, first get the shared-uuid of /fort_knox</p>
54341 </blockquote>
54342
54343 <p><code>hammer pfs-status /fort_knox</code></p>
54344
54345 <blockquote>
54346 <p>Create a PFS slave “linked” to the master</p>
54347 </blockquote>
54348
54349 <p><code>hammer pfs-slave /fort_knox_slave/pfs/slave shared-uuid=f9e7cc0d-eb59-10e3-a5b5-01e6e7cefc12</code></p>
54350
54351 <blockquote>
54352 <p>And then stream your data to the slave PFS !</p>
54353 </blockquote>
54354
54355 <p><code>hammer mirror-stream /fort_knox /fort_knox_slave/pfs/slave</code></p>
54356
54357 <blockquote>
54358 <p>After that, setting NFS is fairly trivial even though I had problem with the /etc/exports syntax which is different than Linux</p>
54359 </blockquote>
54360
54361 <blockquote>
54362 <p>There’s a few things I wish would be better though but nothing too problematic or without workarounds :</p>
54363 </blockquote>
54364
54365 <ul>
54366 <li>Cannot unlock LUKS partitions at boot time afaik (Acceptable tradeoff for the added security LUKS gives me vs my old Synology setup) but this force me to run a script to unlock LUKS, mount hammer and start mirror-stream at each boot</li>
54367 <li>No S1/S3 sleep so I made a script to shutdown the system when there’s no network neighborgs to serve the NFS</li>
54368 <li>As my system isn’t online 24/7 for energy reasons, I guess will have to run hammer cleanup myself from time to time</li>
54369 <li>Some uncertainty because hey, it’s kind of exotic but exciting too :)</li>
54370 </ul>
54371
54372 <blockquote>
54373 <p>Overall, I am happy, HAMMER1 and PFS are looking really good, DragonFly is a neat Unix and the community is super friendly (Matthew Dillon actually provided me with a kernel patch to fix the broken ACPI on the PC holding this setup, many thanks!), the system is still a “work in progress” but it is already serving my files as I write this post.</p>
54374 </blockquote>
54375
54376 <blockquote>
54377 <p>Let’s see in 6 months how it goes in the longer run !</p>
54378 </blockquote>
54379
54380 <ul>
54381 <li>Helpful resources : <a href="https://www.dragonflybsd.org/docs/how_to_implement_hammer_pseudo_file_system__40___pfs___41___slave_mirroring_from_pfs_master/">https://www.dragonflybsd.org/docs/how_to_implement_hammer_pseudo_file_system__40___pfs___41___slave_mirroring_from_pfs_master/</a></li>
54382 </ul>
54383
54384 <p><hr></p>
54385
54386 <p>###BSDCan 2018 Recap</p>
54387
54388 <ul>
54389 <li>As promised, here is our second part of our BSDCan report, covering the conference proper. The last tutorials/devsummit of that day lead directly into the conference, as people could pick up their registration packs at the Red Lion and have a drink with fellow BSD folks.</li>
54390 <li>Allan and I were there only briefly, as we wanted to get back to the “Newcomers orientation and mentorship” session lead by Michael W. Lucas. This session is intended for people that are new to BSDCan (maybe their first BSD conference ever?) and may have questions. Michael explained everything from the 6-2-1 rule (hours of sleep, meals per day, and number of showers that attendees should have at a minimum), to the partner and widowers program (lead by his wife Liz), to the sessions that people should not miss (opening, closing, and hallway track). Old-time BSDCan folks were asked to stand up so that people can recognize them and ask them any questions they might have during the conferences. The session was well attended. Afterwards, people went for dinner in groups, a big one lead by Michael Lucas to his favorite Shawarma place, followed by gelato (of course). This allowed newbies to mingle over dinner and ice cream, creating a welcoming atmosphere.</li>
54391 <li>The next day, after Dan Langille opened the conference, Benno Rice gave the keynote presentation about “The Tragedy of Systemd”.</li>
54392 <li>Benedict went to the following talks:</li>
54393 </ul>
54394
54395 <blockquote>
54396 <p>“Automating Network Infrastructures with Ansible on FreeBSD” in the DevSummit track. A good talk that connected well with his Ansible tutorial and even allowed some discussions among participants.<br>
54397 “All along the dwatch tower”: Devin delivered a well prepared talk. I first thought that the number of slides would not fit into the time slot, but she even managed to give a demo of her work, which was well received. The dwatch tool she wrote should make it easy for people to get started with DTrace without learning too much about the syntax at first. The visualizations were certainly nice to see, combining different tools together in a new way.<br>
54398 ZFS BoF, lead by Allan and Matthew Ahrens<br>
54399 SSH Key Management by Michael W. Lucas. Yet another great talk where I learned a lot. I did not get to the SSH CA chapter in the new SSH Mastery book, so this was a good way to wet my appetite for it and motivated me to look into creating one for the cluster that I’m managing.<br>
54400 The rest of the day was spent at the FreeBSD Foundation table, talking to various folks. Then, Allan and I had an interview with Kirk McKusick for National FreeBSD Day, then we had a core meeting, followed by a core dinner.</p>
54401 </blockquote>
54402
54403 <ul>
54404 <li>Day 2:
54405 <blockquote>
54406 <p>“Flexible Disk Use in OpenZFS”: Matthew Ahrens talking about the feature he is implementing to expand a RAID-Z with a single disk, as well as device removal.<br>
54407 Allan’s talk about his efforts to implement ZSTD in OpenZFS as another compression algorithm. I liked his overview slides with the numbers comparing the algorithms for their effectiveness and his personal story about the sometimes rocky road to get the feature implemented.<br>
54408 “zrepl - ZFS replication” by Christian Schwarz, was well prepared and even had a demo to show what his snapshot replication tool can do. We covered it on the show before and people can find it under sysutils/zrepl. Feedback and help is welcome.<br>
54409 “The Evolution of FreeBSD Governance” by Kirk McKusick was yet another great talk by him covering the early days of FreeBSD until today, detailing some of the progress and challenges the project faced over the years in terms of leadership and governance. This is an ongoing process that everyone in the community should participate in to keep the project healthy and infused with fresh blood.<br>
54410 Closing session and auction were funny and great as always.<br>
54411 All in all, yet another amazing BSDCan. Thank you Dan Langille and your organizing team for making it happen! Well done.</p>
54412 </blockquote>
54413 </li>
54414 </ul>
54415
54416 <p><hr></p>
54417
54418 <p><strong>Digital Ocean</strong></p>
54419
54420 <p>###<a href="http://nomadbsd.org/index.html#rel1.1-rc1">NomadBSD 1.1-RC1 Released</a></p>
54421
54422 <blockquote>
54423 <p>The first – and hopefully final – release candidate of NomadBSD 1.1 is available!</p>
54424 </blockquote>
54425
54426 <ul>
54427 <li>Changes</li>
54428 <li>The base system has been upgraded to FreeBSD 11.2-RC3</li>
54429 <li>EFI booting has been fixed.</li>
54430 <li>Support for modern Intel GPUs has been added.</li>
54431 <li>Support for installing packages has been added.</li>
54432 <li>Improved setup menu.</li>
54433 <li>More software packages:</li>
54434 <li>benchmarks/bonnie++</li>
54435 <li>DSBDisplaySettings</li>
54436 <li>DSBExec</li>
54437 <li>DSBSu</li>
54438 <li>mail/thunderbird</li>
54439 <li>net/mosh</li>
54440 <li>ports-mgmt/octopkg</li>
54441 <li>print/qpdfview</li>
54442 <li>security/nmap</li>
54443 <li>sysutils/ddrescue</li>
54444 <li>sysutils/fusefs-hfsfuse</li>
54445 <li>sysutils/fusefs-sshfs</li>
54446 <li>sysutils/sleuthkit</li>
54447 <li>www/lynx</li>
54448 <li>x11-wm/compton</li>
54449 <li>x11/xev</li>
54450 <li>x11/xterm</li>
54451 <li>Many improvements and bugfixes<br>
54452 The image and instructions can be found <a href="http://nomadbsd.org/download.html">here</a>.</li>
54453 </ul>
54454
54455 <p><hr></p>
54456
54457 <p>##News Roundup<br>
54458 ###<a href="https://undeadly.org/cgi?action=article;sid=20180616115514">LDAP client added to -current</a></p>
54459
54460 <pre><code>CVSROOT: /cvs
54461 Module name: src
54462 Changes by: reyk@cvs.openbsd.org 2018/06/13 09:45:58
54463
54464 Log message:
54465 Import ldap(1), a simple ldap search client.
54466 We have an ldapd(8) server and ypldap in base, so it makes sense to
54467 have a simple LDAP client without depending on the OpenLDAP package.
54468 This tool can be used in an ssh(1) AuthorizedKeysCommand script.
54469
54470 With feedback from many including millert@ schwarze@ gilles@ dlg@ jsing@
54471
54472 OK deraadt@
54473
54474 Status:
54475
54476 Vendor Tag: reyk
54477 Release Tags: ldap_20180613
54478
54479 N src/usr.bin/ldap/Makefile
54480 N src/usr.bin/ldap/aldap.c
54481 N src/usr.bin/ldap/aldap.h
54482 N src/usr.bin/ldap/ber.c
54483 N src/usr.bin/ldap/ber.h
54484 N src/usr.bin/ldap/ldap.1
54485 N src/usr.bin/ldap/ldapclient.c
54486 N src/usr.bin/ldap/log.c
54487 N src/usr.bin/ldap/log.h
54488
54489 No conflicts created by this import
54490 </code></pre>
54491
54492 <p><hr></p>
54493
54494 <p>###<a href="https://undeadly.org/cgi?action=article;sid=20180614064341">Intel® FPU Speculation Vulnerability Confirmed</a></p>
54495
54496 <ul>
54497 <li>Earlier this month, Philip Guenther (guenther@) <a href="https://marc.info/?l=openbsd-cvs&m=152818076013158&w=2">committed</a> (to amd64 -current) a change from lazy to semi-eager FPU switching to mitigate against rumored FPU state leakage in Intel® CPUs.</li>
54498 <li>Theo de Raadt (deraadt@) discussed this in <a href="https://undeadly.org/cgi?action=article;sid=20180611101817">his BSDCan 2018 session</a>.</li>
54499 <li>Using information disclosed in Theo’s talk, <a href="https://twitter.com/cperciva/status/1007010583244230656">Colin Percival</a> developed a proof-of-concept exploit in around 5 hours. This seems to have prompted an early end to an embargo (in which OpenBSD was not involved), and the <a href="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html">official announcement</a> of the vulnerability.</li>
54500 <li><a href="https://svnweb.freebsd.org/base?view=revision&revision=335072">FPU change in FreeBSD</a></li>
54501 </ul>
54502
54503 <pre><code>Summary:
54504
54505 System software may utilize the Lazy FP state restore technique to delay the restoring of state until an instruction operating on that state is actually executed by the new process. Systems using Intel® Core-based microprocessors may potentially allow a local process to infer data utilizing Lazy FP state restore from another process through a speculative execution side channel.
54506
54507 Description:
54508
54509 System software may opt to utilize Lazy FP state restore instead of eager save and restore of the state upon a context switch. Lazy restored states are potentially vulnerable to exploits where one process may infer register values of other processes through a speculative execution side channel that infers their value.
54510
54511 · CVSS - 4.3 Medium CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
54512 Affected Products:
54513
54514 Intel® Core-based microprocessors.
54515
54516 Recommendations:
54517
54518 If an XSAVE-enabled feature is disabled, then we recommend either its state component bitmap in the extended control register (XCR0) is set to 0 (e.g. XCR0[bit 2]=0 for AVX, XCR0[bits 7:5]=0 for AVX512) or the corresponding register states of the feature should be cleared prior to being disabled. Also for relevant states (e.g. x87, SSE, AVX, etc.), Intel recommends system software developers utilize Eager FP state restore in lieu of Lazy FP state restore.
54519
54520 Acknowledgements:
54521
54522 Intel would like to thank Julian Stecklina from Amazon Germany, Thomas Prescher from Cyberus Technology GmbH (https://www.cyberus-technology.de/), Zdenek Sojka from SYSGO AG (http://sysgo.com), and Colin Percival for reporting this issue and working with us on coordinated disclosure.
54523 </code></pre>
54524
54525 <p><hr></p>
54526
54527 <p><strong>iXsystems</strong><br>
54528 iX Ad Spot<br>
54529 ###<a href="https://www.ixsystems.com/blog/bsdcan-2018-recap/">iX Systems - BSDCan 2018 Recap</a></p>
54530
54531 <p>###<a href="https://svnweb.freebsd.org/base?view=revision&revision=335012">FreeBSD gets pNFS support</a></p>
54532
54533 <pre><code>Merge the pNFS server code from projects/pnfs-planb-server into head.
54534
54535 This code merge adds a pNFS service to the NFSv4.1 server. Although it is
54536 a large commit it should not affect behaviour for a non-pNFS NFS server.
54537 Some documentation on how this works can be found at:
54538 Merge the pN http://people.freebsd.org/~rmacklem/pnfs-planb-setup.txt
54539 and will hopefully be turned into a proper document soon.
54540 This is a merge of the kernel code. Userland and man page changes will
54541 come soon, once the dust settles on this merge.
54542 It has passed a "make universe", so I hope it will not cause build problems.
54543 It also adds NFSv4.1 server support for the "current stateid".
54544
54545 Here is a brief overview of the pNFS service:
54546 A pNFS service separates the Read/Write operations from all the other NFSv4.1
54547 Metadata operations. It is hoped that this separation allows a pNFS service
54548 to be configured that exceeds the limits of a single NFS server for either
54549 storage capacity and/or I/O bandwidth.
54550 It is possible to configure mirroring within the data servers (DSs) so that
54551 the data storage file for an MDS file will be mirrored on two or more of
54552 the DSs.
54553 When this is used, failure of a DS will not stop the pNFS service and a
54554 failed DS can be recovered once repaired while the pNFS service continues
54555 to operate. Although two way mirroring would be the norm, it is possible
54556 to set a mirroring level of up to four or the number of DSs, whichever is
54557 less.
54558 The Metadata server will always be a single point of failure,
54559 just as a single NFS server is.
54560
54561 A Plan B pNFS service consists of a single MetaData Server (MDS) and K
54562 Data Servers (DS), all of which are recent FreeBSD systems.
54563 Clients will mount the MDS as they would a single NFS server.
54564 When files are created, the MDS creates a file tree identical to what a
54565 single NFS server creates, except that all the regular (VREG) files will
54566 be empty. As such, if you look at the exported tree on the MDS directly
54567 on the MDS server (not via an NFS mount), the files will all be of size 0.
54568 Each of these files will also have two extended attributes in the system
54569 attribute name space:
54570 pnfsd.dsfile - This extended attrbute stores the information that
54571 the MDS needs to find the data storage file(s) on DS(s) for this file.
54572 pnfsd.dsattr - This extended attribute stores the Size, AccessTime, ModifyTime
54573 and Change attributes for the file, so that the MDS doesn't need to
54574 acquire the attributes from the DS for every Getattr operation.
54575 For each regular (VREG) file, the MDS creates a data storage file on one
54576 (or more if mirroring is enabled) of the DSs in one of the "dsNN"
54577 subdirectories. The name of this file is the file handle
54578 of the file on the MDS in hexadecimal so that the name is unique.
54579 The DSs use subdirectories named "ds0" to "dsN" so that no one directory
54580 gets too large. The value of "N" is set via the sysctl vfs.nfsd.dsdirsize
54581 on the MDS, with the default being 20.
54582 For production servers that will store a lot of files, this value should
54583 probably be much larger.
54584 It can be increased when the "nfsd" daemon is not running on the MDS,
54585 once the "dsK" directories are created.
54586
54587 For pNFS aware NFSv4.1 clients, the FreeBSD server will return two pieces
54588 of information to the client that allows it to do I/O directly to the DS.
54589 DeviceInfo - This is relatively static information that defines what a DS
54590 is. The critical bits of information returned by the FreeBSD
54591 server is the IP address of the DS and, for the Flexible
54592 File layout, that NFSv4.1 is to be used and that it is
54593 "tightly coupled".
54594 There is a "deviceid" which identifies the DeviceInfo.
54595 Layout - This is per file and can be recalled by the server when it
54596 is no longer valid. For the FreeBSD server, there is support
54597 for two types of layout, call File and Flexible File layout.
54598 Both allow the client to do I/O on the DS via NFSv4.1 I/O
54599 operations. The Flexible File layout is a more recent variant
54600 that allows specification of mirrors, where the client is
54601 expected to do writes to all mirrors to maintain them in a
54602 consistent state. The Flexible File layout also allows the
54603 client to report I/O errors for a DS back to the MDS.
54604 The Flexible File layout supports two variants referred to as
54605 "tightly coupled" vs "loosely coupled". The FreeBSD server always
54606 uses the "tightly coupled" variant where the client uses the
54607 same credentials to do I/O on the DS as it would on the MDS.
54608 For the "loosely coupled" variant, the layout specifies a
54609 synthetic user/group that the client uses to do I/O on the DS.
54610 The FreeBSD server does not do striping and always returns
54611 layouts for the entire file. The critical information in a layout
54612 is Read vs Read/Writea and DeviceID(s) that identify which
54613 DS(s) the data is stored on.
54614
54615 At this time, the MDS generates File Layout layouts to NFSv4.1 clients
54616 that know how to do pNFS for the non-mirrored DS case unless the sysctl
54617 vfs.nfsd.default_flexfile is set non-zero, in which case Flexible File
54618 layouts are generated.
54619 The mirrored DS configuration always generates Flexible File layouts.
54620 For NFS clients that do not support NFSv4.1 pNFS, all I/O operations
54621 are done against the MDS which acts as a proxy for the appropriate DS(s).
54622 When the MDS receives an I/O RPC, it will do the RPC on the DS as a proxy.
54623 If the DS is on the same machine, the MDS/DS will do the RPC on the DS as
54624 a proxy and so on, until the machine runs out of some resource, such as
54625 session slots or mbufs.
54626 As such, DSs must be separate systems from the MDS.
54627
54628 ***
54629
54630 ###[What does {some strange unix command name} stand for?](http://www.unixguide.net/unix/faq/1.3.shtml)
54631
54632 + awk = "Aho Weinberger and Kernighan"
54633 + grep = "Global Regular Expression Print"
54634 + fgrep = "Fixed GREP".
54635 + egrep = "Extended GREP"
54636 + cat = "CATenate"
54637 + gecos = "General Electric Comprehensive Operating Supervisor"
54638 + nroff = "New ROFF"
54639 + troff = "Typesetter new ROFF"
54640 + tee = T
54641 + bss = "Block Started by Symbol
54642 + biff = "BIFF"
54643 + rc (as in ".cshrc" or "/etc/rc") = "RunCom"
54644 + Don Libes' book "Life with Unix" contains lots more of these
54645 tidbits.
54646 ***
54647
54648 ##Beastie Bits
54649 + [RetroBSD: Unix for microcontrollers](http://retrobsd.org/wiki/doku.php)
54650 + [On the matter of OpenBSD breaking embargos (KRACK)](https://marc.info/?l=openbsd-tech&m=152910536208954&w=2)
54651 + [Theo's Basement Computer Paradise (1998)](https://zeus.theos.com/deraadt/hosts.html)
54652 + [Airport Extreme runs NetBSD](https://jcs.org/2018/06/12/airport_ssh)
54653 + [What UNIX shell could have been](https://rain-1.github.io/shell-2.html)
54654
54655 ***
54656 Tarsnap ad
54657 ***
54658
54659 ##Feedback/Questions
54660 + We need more feedback and questions. Please email feedback@bsdnow.tv
54661 + Also, many of you owe us BSDCan trip reports! We have shared what our experience at BSDCan was like, but we want to hear about yours. What can we do better next year? What was it like being there for the first time?
54662 + [Jason writes in](https://slexy.org/view/s205jU58X2)
54663 + https://www.wheelsystems.com/en/products/wheel-fudo-psm/
54664 + [June 19th was National FreeBSD Day](https://twitter.com/search?src=typd&q=%23FreeBSDDay)
54665 ***
54666
54667 - Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [feedback@bsdnow.tv](mailto:feedback@bsdnow.tv)
54668 ***
54669
54670 </code></pre>]]>
54671 </content:encoded>
54672 <itunes:summary>
54673 <![CDATA[<p>DragonflyBSD’s hammer1 encrypted master/slave setup, second part of our BSDCan recap, NomadBSD 1.1-RC1 available, OpenBSD adds an LDAP client to base, FreeBSD gets pNFS support, Intel FPU Speculation Vulnerability confirmed, and what some Unix command names mean.</p>
54674
54675 <p>##Headlines<br>
54676 ###<a href="https://www.reddit.com/r/dragonflybsd/comments/8riwtx/towards_a_hammer1_masterslave_encrypted_setup/">DragonflyBSD: Towards a HAMMER1 master/slave encrypted setup with LUKS</a></p>
54677
54678 <blockquote>
54679 <p>I just wanted to share my experience with setting up DragonFly master/slave HAMMER1 PFS’s on top of LUKS<br>
54680 So after a long time using an Synology for my NFS needs, I decided it was time to rethink my setup a little since I had several issues with it :</p>
54681 </blockquote>
54682
54683 <ul>
54684 <li>You cannot run NFS on top of encrypted partitions easily</li>
54685 <li>I suspect I am having some some data corruption (bitrot) on the ext4 filesystem</li>
54686 <li>the NIC was stcuk to 100 Mbps instead of 1 Gbps even after swapping cables, switches, you name it</li>
54687 <li>It’s proprietary</li>
54688 </ul>
54689
54690 <blockquote>
54691 <p>I have been playing with DragonFly in the past and knew about HAMMER, now I just had the perfect excuse to actually use it in production :) After setting up the OS, creating the LUKS partition and HAMMER FS was easy :</p>
54692 </blockquote>
54693
54694 <p><code>kdload dm</code><br>
54695 <code>cryptsetup luksFormat /dev/serno/<id1></code><br>
54696 <code>cryptsetup luksOpen /dev/serno/<id1> fort_knox</code><br>
54697 <code>newfs_hammer -L hammer1_secure_master /dev/mapper/fort_knox</code><br>
54698 <code>cryptsetup luksFormat /dev/serno/<id2></code><br>
54699 <code>cryptsetup luksOpen /dev/serno/<id2> fort_knox_slave</code><br>
54700 <code>newfs_hammer -L hammer1_secure_slave /dev/mapper/fort_knox_slave</code></p>
54701
54702 <ul>
54703 <li>Mount the 2 drives :</li>
54704 </ul>
54705
54706 <p><code>mount /dev/mapper/fort_knox /fort_knox</code><br>
54707 <code>mount /dev/mapper_fort_know_slave /fort_knox_slave</code></p>
54708
54709 <blockquote>
54710 <p>You can now put your data under /fort_knox<br>
54711 Now, off to setting up the replication, first get the shared-uuid of /fort_knox</p>
54712 </blockquote>
54713
54714 <p><code>hammer pfs-status /fort_knox</code></p>
54715
54716 <blockquote>
54717 <p>Create a PFS slave “linked” to the master</p>
54718 </blockquote>
54719
54720 <p><code>hammer pfs-slave /fort_knox_slave/pfs/slave shared-uuid=f9e7cc0d-eb59-10e3-a5b5-01e6e7cefc12</code></p>
54721
54722 <blockquote>
54723 <p>And then stream your data to the slave PFS !</p>
54724 </blockquote>
54725
54726 <p><code>hammer mirror-stream /fort_knox /fort_knox_slave/pfs/slave</code></p>
54727
54728 <blockquote>
54729 <p>After that, setting NFS is fairly trivial even though I had problem with the /etc/exports syntax which is different than Linux</p>
54730 </blockquote>
54731
54732 <blockquote>
54733 <p>There’s a few things I wish would be better though but nothing too problematic or without workarounds :</p>
54734 </blockquote>
54735
54736 <ul>
54737 <li>Cannot unlock LUKS partitions at boot time afaik (Acceptable tradeoff for the added security LUKS gives me vs my old Synology setup) but this force me to run a script to unlock LUKS, mount hammer and start mirror-stream at each boot</li>
54738 <li>No S1/S3 sleep so I made a script to shutdown the system when there’s no network neighborgs to serve the NFS</li>
54739 <li>As my system isn’t online 24/7 for energy reasons, I guess will have to run hammer cleanup myself from time to time</li>
54740 <li>Some uncertainty because hey, it’s kind of exotic but exciting too :)</li>
54741 </ul>
54742
54743 <blockquote>
54744 <p>Overall, I am happy, HAMMER1 and PFS are looking really good, DragonFly is a neat Unix and the community is super friendly (Matthew Dillon actually provided me with a kernel patch to fix the broken ACPI on the PC holding this setup, many thanks!), the system is still a “work in progress” but it is already serving my files as I write this post.</p>
54745 </blockquote>
54746
54747 <blockquote>
54748 <p>Let’s see in 6 months how it goes in the longer run !</p>
54749 </blockquote>
54750
54751 <ul>
54752 <li>Helpful resources : <a href="https://www.dragonflybsd.org/docs/how_to_implement_hammer_pseudo_file_system__40___pfs___41___slave_mirroring_from_pfs_master/">https://www.dragonflybsd.org/docs/how_to_implement_hammer_pseudo_file_system__40___pfs___41___slave_mirroring_from_pfs_master/</a></li>
54753 </ul>
54754
54755 <p><hr></p>
54756
54757 <p>###BSDCan 2018 Recap</p>
54758
54759 <ul>
54760 <li>As promised, here is our second part of our BSDCan report, covering the conference proper. The last tutorials/devsummit of that day lead directly into the conference, as people could pick up their registration packs at the Red Lion and have a drink with fellow BSD folks.</li>
54761 <li>Allan and I were there only briefly, as we wanted to get back to the “Newcomers orientation and mentorship” session lead by Michael W. Lucas. This session is intended for people that are new to BSDCan (maybe their first BSD conference ever?) and may have questions. Michael explained everything from the 6-2-1 rule (hours of sleep, meals per day, and number of showers that attendees should have at a minimum), to the partner and widowers program (lead by his wife Liz), to the sessions that people should not miss (opening, closing, and hallway track). Old-time BSDCan folks were asked to stand up so that people can recognize them and ask them any questions they might have during the conferences. The session was well attended. Afterwards, people went for dinner in groups, a big one lead by Michael Lucas to his favorite Shawarma place, followed by gelato (of course). This allowed newbies to mingle over dinner and ice cream, creating a welcoming atmosphere.</li>
54762 <li>The next day, after Dan Langille opened the conference, Benno Rice gave the keynote presentation about “The Tragedy of Systemd”.</li>
54763 <li>Benedict went to the following talks:</li>
54764 </ul>
54765
54766 <blockquote>
54767 <p>“Automating Network Infrastructures with Ansible on FreeBSD” in the DevSummit track. A good talk that connected well with his Ansible tutorial and even allowed some discussions among participants.<br>
54768 “All along the dwatch tower”: Devin delivered a well prepared talk. I first thought that the number of slides would not fit into the time slot, but she even managed to give a demo of her work, which was well received. The dwatch tool she wrote should make it easy for people to get started with DTrace without learning too much about the syntax at first. The visualizations were certainly nice to see, combining different tools together in a new way.<br>
54769 ZFS BoF, lead by Allan and Matthew Ahrens<br>
54770 SSH Key Management by Michael W. Lucas. Yet another great talk where I learned a lot. I did not get to the SSH CA chapter in the new SSH Mastery book, so this was a good way to wet my appetite for it and motivated me to look into creating one for the cluster that I’m managing.<br>
54771 The rest of the day was spent at the FreeBSD Foundation table, talking to various folks. Then, Allan and I had an interview with Kirk McKusick for National FreeBSD Day, then we had a core meeting, followed by a core dinner.</p>
54772 </blockquote>
54773
54774 <ul>
54775 <li>Day 2:
54776 <blockquote>
54777 <p>“Flexible Disk Use in OpenZFS”: Matthew Ahrens talking about the feature he is implementing to expand a RAID-Z with a single disk, as well as device removal.<br>
54778 Allan’s talk about his efforts to implement ZSTD in OpenZFS as another compression algorithm. I liked his overview slides with the numbers comparing the algorithms for their effectiveness and his personal story about the sometimes rocky road to get the feature implemented.<br>
54779 “zrepl - ZFS replication” by Christian Schwarz, was well prepared and even had a demo to show what his snapshot replication tool can do. We covered it on the show before and people can find it under sysutils/zrepl. Feedback and help is welcome.<br>
54780 “The Evolution of FreeBSD Governance” by Kirk McKusick was yet another great talk by him covering the early days of FreeBSD until today, detailing some of the progress and challenges the project faced over the years in terms of leadership and governance. This is an ongoing process that everyone in the community should participate in to keep the project healthy and infused with fresh blood.<br>
54781 Closing session and auction were funny and great as always.<br>
54782 All in all, yet another amazing BSDCan. Thank you Dan Langille and your organizing team for making it happen! Well done.</p>
54783 </blockquote>
54784 </li>
54785 </ul>
54786
54787 <p><hr></p>
54788
54789 <p><strong>Digital Ocean</strong></p>
54790
54791 <p>###<a href="http://nomadbsd.org/index.html#rel1.1-rc1">NomadBSD 1.1-RC1 Released</a></p>
54792
54793 <blockquote>
54794 <p>The first – and hopefully final – release candidate of NomadBSD 1.1 is available!</p>
54795 </blockquote>
54796
54797 <ul>
54798 <li>Changes</li>
54799 <li>The base system has been upgraded to FreeBSD 11.2-RC3</li>
54800 <li>EFI booting has been fixed.</li>
54801 <li>Support for modern Intel GPUs has been added.</li>
54802 <li>Support for installing packages has been added.</li>
54803 <li>Improved setup menu.</li>
54804 <li>More software packages:</li>
54805 <li>benchmarks/bonnie++</li>
54806 <li>DSBDisplaySettings</li>
54807 <li>DSBExec</li>
54808 <li>DSBSu</li>
54809 <li>mail/thunderbird</li>
54810 <li>net/mosh</li>
54811 <li>ports-mgmt/octopkg</li>
54812 <li>print/qpdfview</li>
54813 <li>security/nmap</li>
54814 <li>sysutils/ddrescue</li>
54815 <li>sysutils/fusefs-hfsfuse</li>
54816 <li>sysutils/fusefs-sshfs</li>
54817 <li>sysutils/sleuthkit</li>
54818 <li>www/lynx</li>
54819 <li>x11-wm/compton</li>
54820 <li>x11/xev</li>
54821 <li>x11/xterm</li>
54822 <li>Many improvements and bugfixes<br>
54823 The image and instructions can be found <a href="http://nomadbsd.org/download.html">here</a>.</li>
54824 </ul>
54825
54826 <p><hr></p>
54827
54828 <p>##News Roundup<br>
54829 ###<a href="https://undeadly.org/cgi?action=article;sid=20180616115514">LDAP client added to -current</a></p>
54830
54831 <pre><code>CVSROOT: /cvs
54832 Module name: src
54833 Changes by: reyk@cvs.openbsd.org 2018/06/13 09:45:58
54834
54835 Log message:
54836 Import ldap(1), a simple ldap search client.
54837 We have an ldapd(8) server and ypldap in base, so it makes sense to
54838 have a simple LDAP client without depending on the OpenLDAP package.
54839 This tool can be used in an ssh(1) AuthorizedKeysCommand script.
54840
54841 With feedback from many including millert@ schwarze@ gilles@ dlg@ jsing@
54842
54843 OK deraadt@
54844
54845 Status:
54846
54847 Vendor Tag: reyk
54848 Release Tags: ldap_20180613
54849
54850 N src/usr.bin/ldap/Makefile
54851 N src/usr.bin/ldap/aldap.c
54852 N src/usr.bin/ldap/aldap.h
54853 N src/usr.bin/ldap/ber.c
54854 N src/usr.bin/ldap/ber.h
54855 N src/usr.bin/ldap/ldap.1
54856 N src/usr.bin/ldap/ldapclient.c
54857 N src/usr.bin/ldap/log.c
54858 N src/usr.bin/ldap/log.h
54859
54860 No conflicts created by this import
54861 </code></pre>
54862
54863 <p><hr></p>
54864
54865 <p>###<a href="https://undeadly.org/cgi?action=article;sid=20180614064341">Intel® FPU Speculation Vulnerability Confirmed</a></p>
54866
54867 <ul>
54868 <li>Earlier this month, Philip Guenther (guenther@) <a href="https://marc.info/?l=openbsd-cvs&m=152818076013158&w=2">committed</a> (to amd64 -current) a change from lazy to semi-eager FPU switching to mitigate against rumored FPU state leakage in Intel® CPUs.</li>
54869 <li>Theo de Raadt (deraadt@) discussed this in <a href="https://undeadly.org/cgi?action=article;sid=20180611101817">his BSDCan 2018 session</a>.</li>
54870 <li>Using information disclosed in Theo’s talk, <a href="https://twitter.com/cperciva/status/1007010583244230656">Colin Percival</a> developed a proof-of-concept exploit in around 5 hours. This seems to have prompted an early end to an embargo (in which OpenBSD was not involved), and the <a href="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html">official announcement</a> of the vulnerability.</li>
54871 <li><a href="https://svnweb.freebsd.org/base?view=revision&revision=335072">FPU change in FreeBSD</a></li>
54872 </ul>
54873
54874 <pre><code>Summary:
54875
54876 System software may utilize the Lazy FP state restore technique to delay the restoring of state until an instruction operating on that state is actually executed by the new process. Systems using Intel® Core-based microprocessors may potentially allow a local process to infer data utilizing Lazy FP state restore from another process through a speculative execution side channel.
54877
54878 Description:
54879
54880 System software may opt to utilize Lazy FP state restore instead of eager save and restore of the state upon a context switch. Lazy restored states are potentially vulnerable to exploits where one process may infer register values of other processes through a speculative execution side channel that infers their value.
54881
54882 · CVSS - 4.3 Medium CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
54883 Affected Products:
54884
54885 Intel® Core-based microprocessors.
54886
54887 Recommendations:
54888
54889 If an XSAVE-enabled feature is disabled, then we recommend either its state component bitmap in the extended control register (XCR0) is set to 0 (e.g. XCR0[bit 2]=0 for AVX, XCR0[bits 7:5]=0 for AVX512) or the corresponding register states of the feature should be cleared prior to being disabled. Also for relevant states (e.g. x87, SSE, AVX, etc.), Intel recommends system software developers utilize Eager FP state restore in lieu of Lazy FP state restore.
54890
54891 Acknowledgements:
54892
54893 Intel would like to thank Julian Stecklina from Amazon Germany, Thomas Prescher from Cyberus Technology GmbH (https://www.cyberus-technology.de/), Zdenek Sojka from SYSGO AG (http://sysgo.com), and Colin Percival for reporting this issue and working with us on coordinated disclosure.
54894 </code></pre>
54895
54896 <p><hr></p>
54897
54898 <p><strong>iXsystems</strong><br>
54899 iX Ad Spot<br>
54900 ###<a href="https://www.ixsystems.com/blog/bsdcan-2018-recap/">iX Systems - BSDCan 2018 Recap</a></p>
54901
54902 <p>###<a href="https://svnweb.freebsd.org/base?view=revision&revision=335012">FreeBSD gets pNFS support</a></p>
54903
54904 <pre><code>Merge the pNFS server code from projects/pnfs-planb-server into head.
54905
54906 This code merge adds a pNFS service to the NFSv4.1 server. Although it is
54907 a large commit it should not affect behaviour for a non-pNFS NFS server.
54908 Some documentation on how this works can be found at:
54909 Merge the pN http://people.freebsd.org/~rmacklem/pnfs-planb-setup.txt
54910 and will hopefully be turned into a proper document soon.
54911 This is a merge of the kernel code. Userland and man page changes will
54912 come soon, once the dust settles on this merge.
54913 It has passed a "make universe", so I hope it will not cause build problems.
54914 It also adds NFSv4.1 server support for the "current stateid".
54915
54916 Here is a brief overview of the pNFS service:
54917 A pNFS service separates the Read/Write operations from all the other NFSv4.1
54918 Metadata operations. It is hoped that this separation allows a pNFS service
54919 to be configured that exceeds the limits of a single NFS server for either
54920 storage capacity and/or I/O bandwidth.
54921 It is possible to configure mirroring within the data servers (DSs) so that
54922 the data storage file for an MDS file will be mirrored on two or more of
54923 the DSs.
54924 When this is used, failure of a DS will not stop the pNFS service and a
54925 failed DS can be recovered once repaired while the pNFS service continues
54926 to operate. Although two way mirroring would be the norm, it is possible
54927 to set a mirroring level of up to four or the number of DSs, whichever is
54928 less.
54929 The Metadata server will always be a single point of failure,
54930 just as a single NFS server is.
54931
54932 A Plan B pNFS service consists of a single MetaData Server (MDS) and K
54933 Data Servers (DS), all of which are recent FreeBSD systems.
54934 Clients will mount the MDS as they would a single NFS server.
54935 When files are created, the MDS creates a file tree identical to what a
54936 single NFS server creates, except that all the regular (VREG) files will
54937 be empty. As such, if you look at the exported tree on the MDS directly
54938 on the MDS server (not via an NFS mount), the files will all be of size 0.
54939 Each of these files will also have two extended attributes in the system
54940 attribute name space:
54941 pnfsd.dsfile - This extended attrbute stores the information that
54942 the MDS needs to find the data storage file(s) on DS(s) for this file.
54943 pnfsd.dsattr - This extended attribute stores the Size, AccessTime, ModifyTime
54944 and Change attributes for the file, so that the MDS doesn't need to
54945 acquire the attributes from the DS for every Getattr operation.
54946 For each regular (VREG) file, the MDS creates a data storage file on one
54947 (or more if mirroring is enabled) of the DSs in one of the "dsNN"
54948 subdirectories. The name of this file is the file handle
54949 of the file on the MDS in hexadecimal so that the name is unique.
54950 The DSs use subdirectories named "ds0" to "dsN" so that no one directory
54951 gets too large. The value of "N" is set via the sysctl vfs.nfsd.dsdirsize
54952 on the MDS, with the default being 20.
54953 For production servers that will store a lot of files, this value should
54954 probably be much larger.
54955 It can be increased when the "nfsd" daemon is not running on the MDS,
54956 once the "dsK" directories are created.
54957
54958 For pNFS aware NFSv4.1 clients, the FreeBSD server will return two pieces
54959 of information to the client that allows it to do I/O directly to the DS.
54960 DeviceInfo - This is relatively static information that defines what a DS
54961 is. The critical bits of information returned by the FreeBSD
54962 server is the IP address of the DS and, for the Flexible
54963 File layout, that NFSv4.1 is to be used and that it is
54964 "tightly coupled".
54965 There is a "deviceid" which identifies the DeviceInfo.
54966 Layout - This is per file and can be recalled by the server when it
54967 is no longer valid. For the FreeBSD server, there is support
54968 for two types of layout, call File and Flexible File layout.
54969 Both allow the client to do I/O on the DS via NFSv4.1 I/O
54970 operations. The Flexible File layout is a more recent variant
54971 that allows specification of mirrors, where the client is
54972 expected to do writes to all mirrors to maintain them in a
54973 consistent state. The Flexible File layout also allows the
54974 client to report I/O errors for a DS back to the MDS.
54975 The Flexible File layout supports two variants referred to as
54976 "tightly coupled" vs "loosely coupled". The FreeBSD server always
54977 uses the "tightly coupled" variant where the client uses the
54978 same credentials to do I/O on the DS as it would on the MDS.
54979 For the "loosely coupled" variant, the layout specifies a
54980 synthetic user/group that the client uses to do I/O on the DS.
54981 The FreeBSD server does not do striping and always returns
54982 layouts for the entire file. The critical information in a layout
54983 is Read vs Read/Writea and DeviceID(s) that identify which
54984 DS(s) the data is stored on.
54985
54986 At this time, the MDS generates File Layout layouts to NFSv4.1 clients
54987 that know how to do pNFS for the non-mirrored DS case unless the sysctl
54988 vfs.nfsd.default_flexfile is set non-zero, in which case Flexible File
54989 layouts are generated.
54990 The mirrored DS configuration always generates Flexible File layouts.
54991 For NFS clients that do not support NFSv4.1 pNFS, all I/O operations
54992 are done against the MDS which acts as a proxy for the appropriate DS(s).
54993 When the MDS receives an I/O RPC, it will do the RPC on the DS as a proxy.
54994 If the DS is on the same machine, the MDS/DS will do the RPC on the DS as
54995 a proxy and so on, until the machine runs out of some resource, such as
54996 session slots or mbufs.
54997 As such, DSs must be separate systems from the MDS.
54998
54999 ***
55000
55001 ###[What does {some strange unix command name} stand for?](http://www.unixguide.net/unix/faq/1.3.shtml)
55002
55003 + awk = "Aho Weinberger and Kernighan"
55004 + grep = "Global Regular Expression Print"
55005 + fgrep = "Fixed GREP".
55006 + egrep = "Extended GREP"
55007 + cat = "CATenate"
55008 + gecos = "General Electric Comprehensive Operating Supervisor"
55009 + nroff = "New ROFF"
55010 + troff = "Typesetter new ROFF"
55011 + tee = T
55012 + bss = "Block Started by Symbol
55013 + biff = "BIFF"
55014 + rc (as in ".cshrc" or "/etc/rc") = "RunCom"
55015 + Don Libes' book "Life with Unix" contains lots more of these
55016 tidbits.
55017 ***
55018
55019 ##Beastie Bits
55020 + [RetroBSD: Unix for microcontrollers](http://retrobsd.org/wiki/doku.php)
55021 + [On the matter of OpenBSD breaking embargos (KRACK)](https://marc.info/?l=openbsd-tech&m=152910536208954&w=2)
55022 + [Theo's Basement Computer Paradise (1998)](https://zeus.theos.com/deraadt/hosts.html)
55023 + [Airport Extreme runs NetBSD](https://jcs.org/2018/06/12/airport_ssh)
55024 + [What UNIX shell could have been](https://rain-1.github.io/shell-2.html)
55025
55026 ***
55027 Tarsnap ad
55028 ***
55029
55030 ##Feedback/Questions
55031 + We need more feedback and questions. Please email feedback@bsdnow.tv
55032 + Also, many of you owe us BSDCan trip reports! We have shared what our experience at BSDCan was like, but we want to hear about yours. What can we do better next year? What was it like being there for the first time?
55033 + [Jason writes in](https://slexy.org/view/s205jU58X2)
55034 + https://www.wheelsystems.com/en/products/wheel-fudo-psm/
55035 + [June 19th was National FreeBSD Day](https://twitter.com/search?src=typd&q=%23FreeBSDDay)
55036 ***
55037
55038 - Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [feedback@bsdnow.tv](mailto:feedback@bsdnow.tv)
55039 ***
55040
55041 </code></pre>]]>
55042 </itunes:summary>
55043 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+A54qwrjz</fireside:playerURL>
55044 <fireside:playerEmbedCode>
55045 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+A54qwrjz" width="740" height="200" frameborder="0" scrolling="no">]]>
55046 </fireside:playerEmbedCode>
55047 </item>
55048 <item>
55049 <title>Episode 250: BSDCan 2018 Recap | BSD Now 250</title>
55050 <link>https://www.bsdnow.tv/250</link>
55051 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-2107</guid>
55052 <pubDate>Thu, 14 Jun 2018 04:00:00 -0700</pubDate>
55053 <author>Allan Jude</author>
55054 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4a856940-c133-4d38-98e6-88d80a82c29a.mp3" length="60891452" type="audio/mp3"/>
55055 <itunes:episodeType>full</itunes:episodeType>
55056 <itunes:author>Allan Jude</itunes:author>
55057 <itunes:subtitle>TrueOS becoming a downstream fork with Trident, our BSDCan 2018 recap, HardenedBSD Foundation founding efforts, VPN with OpenIKED on OpenBSD, FreeBSD on a System76 Galago Pro, and hardware accelerated crypto on Octeons.</itunes:subtitle>
55058 <itunes:duration>1:41:10</itunes:duration>
55059 <itunes:explicit>no</itunes:explicit>
55060 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
55061 <description>TrueOS becoming a downstream fork with Trident, our BSDCan 2018 recap, HardenedBSD Foundation founding efforts, VPN with OpenIKED on OpenBSD, FreeBSD on a System76 Galago Pro, and hardware accelerated crypto on Octeons.
55062 <p>##Headlines##<br>
55063 <a href="https://www.trueos.org/blog/trueosdownstream/">TrueOS to Focus on Core Operating System</a></p>
55064 <blockquote>
55065 <p>The TrueOS Project has some big plans in the works, and we want to take a minute and share them with you. Many have come to know TrueOS as the “graphical FreeBSD” that makes things easy for newcomers to the BSDs. Today we’re announcing that TrueOS is shifting our focus a bit to become a cutting-edge operating system that keeps all of the stability that you know and love from ZFS (OpenZFS) and FreeBSD, and adds additional features to create a fresh, innovative operating system. Our goal is to create a core-centric operating system that is modular, functional, and perfect for do-it-yourselfers and advanced users alike.</p>
55066 </blockquote>
55067 <blockquote>
55068 <p>TrueOS will become a downstream fork that will build on FreeBSD by integrating new software technologies like OpenRC and LibreSSL. Work has already begun which allows TrueOS to be used as a base platform for other projects, including JSON-based manifests, integrated Poudriere / pkg tools and much more. We’re planning on a six month release cycle to keep development moving and fresh, allowing us to bring you hot new features to ZFS, bhyve and related tools in a timely manner. This makes TrueOS the perfect fit to serve as the basis for building other distributions.</p>
55069 </blockquote>
55070 <blockquote>
55071 <p>Some of you are probably asking yourselves “But what if I want to have a graphical desktop?” Don’t worry! We’re making sure that everyone who knows and loves the legacy desktop version of TrueOS will be able to continue using a FreeBSD-based, graphical operating system in the future. For instance, if you want to add KDE, just use sudo pkg install kde and voila! You have your new shiny desktop. Easy right? This allows us to get back to our roots of being a desktop agnostic operating system. If you want to add a new desktop environment, you get to pick the one that best suits your use.</p>
55072 </blockquote>
55073 <blockquote>
55074 <p>We know that some of you will still be looking for an out-of-the-box solution similar to legacy PC-BSD and TrueOS. We’re happy to announce that Project Trident will take over graphical FreeBSD development going forward. Not much is going to change in that regard other than a new name! You’ll still have Lumina Desktop as a lightweight and feature-rich desktop environment and tons of utilities from the legacy TrueOS toolchain like sysadm and AppCafe. There will be migration paths available for those that would like to move to other FreeBSD-based distributions like Project Trident or GhostBSD.</p>
55075 </blockquote>
55076 <blockquote>
55077 <p>We look forward to this new chapter for TrueOS and hope you will give the new edition a spin! Tell us what you think about the new changes by leaving us a comment. Don’t forget you can ask us questions on our Twitter and be a part of our community by joining the new TrueOS Forums when they go live in about a week. Thanks for being a loyal fan of TrueOS.</p>
55078 </blockquote>
55079 <p>###<a href="http://project-trident.org/faq">Project Trident FAQ</a></p>
55080 <ul>
55081 <li>Q: Why did you pick the name “Project Trident”?</li>
55082 </ul>
55083 <blockquote>
55084 <p>A: We were looking for a name that was unique, yet would still relate to the BSD community. Since Beastie (the FreeBSD mascot) is always pictured with a trident, it felt like that would be a great name.</p>
55085 </blockquote>
55086 <ul>
55087 <li>Q: Where can users go for technical support?</li>
55088 </ul>
55089 <blockquote>
55090 <p>A: At the moment, Project Trident will continue sharing the TrueOS community forums and Telegram channels. We are currently evaluating dedicated options for support channels in the future.</p>
55091 </blockquote>
55092 <ul>
55093 <li>Q: Can I help contribute to the project?</li>
55094 </ul>
55095 <blockquote>
55096 <p>A: We are always looking for developers who want to join the project. If you’re not a developer you can still help, as a community project we will be more reliant on contributions from the community in the form of how-to guides and other user-centric documentation and support systems.</p>
55097 </blockquote>
55098 <ul>
55099 <li>Q: How is the project supported financially?</li>
55100 </ul>
55101 <blockquote>
55102 <p>A: Project Trident is sponsored by the community, from both individuals and corporations. iXsystems has stepped up as the first enterprise-level sponsor of the project, and has been instrumental in getting Project Trident up and running. Please visit the Sponsors page to see all the current sponsors.</p>
55103 </blockquote>
55104 <ul>
55105 <li>Q: How can I help support the project financially?</li>
55106 </ul>
55107 <blockquote>
55108 <p>A: Several methods exist, from one time or recurring donations via Paypal to limited time swag t-shirt campaigns during the year. We are also looking into more alternative methods of support, so please visit the Sponsors page to see all the current methods of sponsorship.</p>
55109 </blockquote>
55110 <ul>
55111 <li>Q: Will there be any transparency of the financial donations and expenditures?</li>
55112 </ul>
55113 <blockquote>
55114 <p>A: Yes, we will be totally open with how much money comes into the project and what it is spent on. Due to concerns of privacy, we will not identify individuals and their donation amounts unless they specifically request to be identified. We will release a monthly overview in/out ledger, so that community members can see where their money is going.</p>
55115 </blockquote>
55116 <ul>
55117 <li>
55118 <p>Relationship with TrueOS</p>
55119 </li>
55120 <li>
55121 <p>Project Trident does have very close ties to the TrueOS project, since most of the original Project Trident developers were once part of the TrueOS project before it became a distribution platform. For users of the TrueOS desktop, we have some additional questions and answers below.</p>
55122 </li>
55123 <li>
55124 <p>Q: Do we need to be at a certain TrueOS install level/release to upgrade?</p>
55125 </li>
55126 </ul>
55127 <blockquote>
55128 <p>A: As long as you have a TrueOS system which has been updated to at least the 18.03 release you should be able to just perform a system update to be automatically upgraded to Project Trident.</p>
55129 </blockquote>
55130 <ul>
55131 <li>Q: Which members moved from TrueOS to Project Trident?</li>
55132 </ul>
55133 <blockquote>
55134 <p>A: Project Trident is being led by prior members of the TrueOS desktop team. Ken and JT (development), Tim (documentation) and Rod (Community/Support). Since Project Trident is a community-first project, we look forward to working with new members of the team.</p>
55135 </blockquote>
55136 <hr>
55137 <p><strong>iXsystems</strong></p>
55138 <p>###<a href="https://www.bsdcan.org/2018">BSDCan</a></p>
55139 <ul>
55140 <li>BSDCan finished Saturday last week</li>
55141 <li>It started with the GoatBoF on Tuesday at the Royal Oak Pub, where people had a chance to meet and greet. Benedict could not attend due to an all-day FreeBSD Foundation meeting and and even FreeBSD Journal Editorial Board meeting.</li>
55142 <li>The FreeBSD devsummit was held the next two days in parallel to the tutorials. Gordon Tetlow, who organized the devsummit, opened the devsummit. Deb Goodkin from the FreeBSD Foundation gave the first talk with a Foundation update, highlighting current and future efforts. Li-Wen Hsu is now employed by the Foundation to assist in QA work (Jenkins, CI/CD) and Gordon Tetlow has a part-time contract to help secteam as their secretary.</li>
55143 <li>Next, the FreeBSD core team (among them Allan and Benedict) gave a talk about what has happened this last term. With a core election currently running, some of these items will carry over to the next core team, but there were also some finished ones like the FCP process and FreeBSD members initiative. People in the audience asked questions on various topics of interest.</li>
55144 <li>After the coffee break, the release engineering team gave a talk about their efforts in terms of making releases happen in time and good quality.</li>
55145 <li>Benedict had to give his Ansible tutorial in the afternoon, which had roughly 15 people attending. Most of them beginners, we could get some good discussions going and I also learned a few new tricks. The overall feedback was positive and one even asked what I’m going to teach next year.</li>
55146 <li>The second day of the FreeBSD devsummit began with Gordon Tetlow giving an insight into the FreeBSD Security team (aka secteam). He gave a overview of secteam members and responsibilities, explaining the process based on a long past advisory. Developers were encouraged to help out secteam. NDAs and proper disclosure of vulnerabilities were also discussed, and the audience had some feedback and questions.</li>
55147 <li>When the coffee break was over, the FreeBSD 12.0 planning session happened. A <a href="https://wiki.freebsd.org/DevSummit/201806/HaveNeedWant12">Google doc</a> served as a collaborative way of gathering features and things left to do. People signed up for it or were volunteered. Some features won’t make it into 12.0 as they are not 100% ready for prime time and need a few more rounds of testing and bugfixing. Still, 12.0 will have some compelling features.</li>
55148 <li><a href="https://theta360.com/s/xuR4ogsjGmu584JJju0vUaTA">A 360° group picture</a> was taken after lunch, and then people split up into the working groups for the afternoon or started hacking in the UofO Henderson residence.</li>
55149 <li>Benedict and Allan both attended the OpenZFS working group, lead by Matt Ahrens. He presented the completed and outstanding work in FreeBSD, without spoiling too much of the ZFS presentations of various people that happened later at the conference.</li>
55150 <li>Benedict joined the boot code session a bit late (hallway track is the reason) when most things seem to have already been discussed.</li>
55151 <li><a href="https://www.talegraph.com/tales/WmObSRejzT">BSDCan 2018 — Ottawa (In Pictures)</a></li>
55152 <li><a href="https://photos.google.com/share/AF1QipPv_eOz9z-e8R23DkSEcMLF9ivl8est0H4k0lkAoIdY0Jgsn4eyKT54fPyy4EukCw?key=RmJoNS1uOHU2djRDdzZxNGM4ZEY1dFVKamhCNThR">iXsystems Photos from BSDCan 2018</a></li>
55153 </ul>
55154 <hr>
55155 <p>##News Roundup<br>
55156 <a href="https://hardenedbsd.org/article/shawn-webb/2018-06-09/june-hardenedbsd-foundation-update">June HardenedBSD Foundation Update</a></p>
55157 <blockquote>
55158 <p>We at HardenedBSD are working towards starting up a 501©(3) not-for-profit organization in the USA. Setting up this organization will allow future donations to be tax deductible. We’ve made progress and would like to share with you the current state of affairs.</p>
55159 </blockquote>
55160 <blockquote>
55161 <p>We have identified, sent invitations out, and received acceptance letters from six people who will serve on the HardenedBSD Foundation Board of Directors. You can find their bios below. In the latter half of June 2018 or the beginning half of July 2018, we will meet for the first time as a board and formally begin the process of creating the documentation needed to submit to the local, state, and federal tax services.</p>
55162 </blockquote>
55163 <blockquote>
55164 <p>Here’s a brief introduction to those who will serve on the board:</p>
55165 </blockquote>
55166 <ul>
55167 <li>
55168 <p>W. Dean Freeman (Advisor): Dean has ten years of professional experience with deploying and security Unix and networking systems, including assessing systems security for government certification and assessing the efficacy of security products. He was introduced to Unix via FreeBSD 2.2.8 on an ISP shell account as a teenager. Formerly, he was the Snort port maintainer for FreeBSD while working in the Sourcefire VRT, and has contributed entropy-related patches to the FreeBSD and HardenedBSD projects – a topic on which he presented at vBSDCon 2017.</p>
55169 </li>
55170 <li>
55171 <p>Ben La Monica (Advisor): Ben is a Senior Technology Manager of Software Engineering at Morningstar, Inc and has been developing software for over 15 years in a variety of languages. He advocates open source software and enjoys tinkering with electronics and home automation.</p>
55172 </li>
55173 <li>
55174 <p>George Saylor (Advisor): George is a Technical Directory at G2, Inc. Mr. Saylor has over 28 years of information systems and security experience in a broad range of disciplines. His core focus areas are automation and standards in the event correlation space as well as penetration and exploitation of computer systems. Mr Saylor was also a co-founder of the OpenSCAP project.</p>
55175 </li>
55176 <li>
55177 <p>Virginia Suydan (Accountant and general administrator): Accountant and general administrator for the HardenedBSD Foundation. She has worked with Shawn Webb for tax and accounting purposes for over six years.</p>
55178 </li>
55179 <li>
55180 <p>Shawn Webb (Director): Co-founder of HardenedBSD and all-around infosec wonk. He has worked and played in the infosec industry, doing both offensive and defensive research, for around fifteen years. He loves open source technologies and likes to frustrate the bad guys.</p>
55181 </li>
55182 <li>
55183 <p>Ben Welch (Advisor): Ben is currently a Security Engineer at G2, Inc. He graduated from Pennsylvania College of Technology with a Bachelors in Information Assurance and Security. Ben likes long walks, beaches, candlelight dinners, and attending various conferences like BSides and ShmooCon.</p>
55184 </li>
55185 </ul>
55186 <hr>
55187 <p>###<a href="https://medium.com/@cmacrae/your-own-vpn-with-openiked-openbsd-13d7abd3d1d4">Your own VPN with OpenIKED &amp; OpenBSD</a></p>
55188 <blockquote>
55189 <p>Remote connectivity to your home network is something I think a lot of people find desirable. Over the years, I’ve just established an SSH tunnel and use it as a SOCKS proxy, sending my traffic through that. It’s a nice solution for a “poor man’s VPN”, but it can be a bit clunky, and it’s not great having to expose SSH to the world, even if you make sure to lock everything down </p>
55190 </blockquote>
55191 <blockquote>
55192 <p>I set out the other day to finally do it properly. I’d come across this great post by Gordon Turner: <a href="https://blog.gordonturner.com/2018/02/25/openbsd-6-2-vpn-endpoint-for-ios-and-macos/">OpenBSD 6.2 VPN Endpoint for iOS and macOS</a></p>
55193 </blockquote>
55194 <blockquote>
55195 <p>Whilst it was exactly what I was looking for, it outlined how to set up an L2TP VPN. Really, I wanted IKEv2 for performance and security reasons (I won’t elaborate on this here, if you’re curious about the differences, there’s a lot of content out on the web explaining this).</p>
55196 </blockquote>
55197 <blockquote>
55198 <p>The client systems I’d be using have native support for IKEv2 (iOS, macOS, other BSD systems). But, I couldn’t find any tutorials in the same vein.</p>
55199 </blockquote>
55200 <blockquote>
55201 <p>So, let’s get stuck in!</p>
55202 </blockquote>
55203 <ul>
55204 <li>A quick note ✍️</li>
55205 </ul>
55206 <blockquote>
55207 <p>This guide will walk through the set up of an IKEv2 VPN using OpenIKED on OpenBSD. It will detail a “road warrior” configuration, and use a PSK (pre-shared-key) for authentication. I’m sure it can be easily adapted to work on any other platforms that OpenIKED is available on, but keep in mind my steps are specifically for OpenBSD.</p>
55208 </blockquote>
55209 <ul>
55210 <li>Server Configuration</li>
55211 </ul>
55212 <blockquote>
55213 <p>As with all my home infrastructure, I crafted this set-up declaratively. So, I had the deployment of the VM setup in Terraform (deployed on my private Triton cluster), and wrote the configuration in Ansible, then tied them together using radekg/terraform-provisioner-ansible.</p>
55214 </blockquote>
55215 <blockquote>
55216 <p>One of the reasons I love Ansible is that its syntax is very simplistic, yet expressive. As such, I feel it fits very well into explaining these steps with snippets of the playbook I wrote. I’ll link the full playbook a bit further down for those interested.</p>
55217 </blockquote>
55218 <ul>
55219 <li>See the full article for the information on:</li>
55220 <li>sysctl parameters</li>
55221 <li>The naughty list (optional)</li>
55222 <li>Configure the VPN network interface</li>
55223 <li>Configure the firewall</li>
55224 <li>Configure the iked service</li>
55225 <li>Gateway configuration</li>
55226 <li>Client configuration</li>
55227 <li>Troubleshooting</li>
55228 </ul>
55229 <hr>
55230 <p><strong>DigitalOcean</strong></p>
55231 <p>###<a href="https://corrupted.io/2018/05/15/system76-free-bsd.html">FreeBSD on a System76 Galago Pro</a></p>
55232 <blockquote>
55233 <p>Hey all, It’s been a while since I last posted but I thought I would hammer something out here. My most recent purchase was a System76 Galago Pro. I thought, afer playing with POP! OS a bit, is there any reason I couldn’t get BSD on this thing. Turns out the answer is no, no there isnt and it works pretty decently.</p>
55234 </blockquote>
55235 <blockquote>
55236 <p>To get some accounting stuff out of the way I tested this all on FreeBSD Head and 11.1, and all of it is valid as of May 10, 2018. Head is a fast moving target so some of this is only bound to improve.</p>
55237 </blockquote>
55238 <ul>
55239 <li>
55240 <p>The hardware</p>
55241 </li>
55242 <li>
55243 <p>Intel Core i5 Gen 8</p>
55244 </li>
55245 <li>
55246 <p>UHD Graphics 620</p>
55247 </li>
55248 <li>
55249 <p>16 GB DDR4 Ram</p>
55250 </li>
55251 <li>
55252 <p>RTL8411B PCI Express Card Reader</p>
55253 </li>
55254 <li>
55255 <p>RTL8111 Gigabit ethernet controller</p>
55256 </li>
55257 <li>
55258 <p>Intel HD Audio</p>
55259 </li>
55260 <li>
55261 <p>Samsung SSD 960 PRO 512GB NVMe</p>
55262 </li>
55263 <li>
55264 <p>The caveats</p>
55265 </li>
55266 </ul>
55267 <blockquote>
55268 <p>There are a few things that I cant seem to make work straight out of the box, and that is the SD Card reader, the backlight, and the audio is a bit finicky. Also the trackpad doesn’t respond to two finger scrolling. The wiki is mostly up to date, there are a few edits that need to be made still but there is a bug where I cant register an account yet so I haven’t made all the changes.</p>
55269 </blockquote>
55270 <ul>
55271 <li>Processor</li>
55272 </ul>
55273 <blockquote>
55274 <p>It works like any other Intel processor. Pstates and throttling work.</p>
55275 </blockquote>
55276 <ul>
55277 <li>Graphics</li>
55278 </ul>
55279 <blockquote>
55280 <p>The boot menu sets itself to what looks like 1024x768, but works as you expect in a tiny window. The text console does the full 3200x1800 resolution, but the text is ultra tiny. There isnt a font for the console that covers hidpi screens yet. As for X Windows it requres the drm-kmod-next package. Once installed follow the directions from the package and it works with almost no fuss. I have it running on X with full intel acceleration, but it is running at it’s full 3200x1800 resolution, to scale that down just do xrandr --output eDP-1 --scale 0.5x0.5 it will blow it up to roughly 200%. Due to limitations with X windows and hidpi it is harder to get more granular.</p>
55281 </blockquote>
55282 <ul>
55283 <li>Intel Wireless 8265</li>
55284 </ul>
55285 <blockquote>
55286 <p>The wireless uses the iwm module, as of right now it does not seem to automagically load right now. Adding iwm_load=“YES” will cause the module to load on boot and kldload iwm</p>
55287 </blockquote>
55288 <ul>
55289 <li>Battery</li>
55290 </ul>
55291 <blockquote>
55292 <p>I seem to be getting about 5 hours out of the battery, but everything reports out of the box as expected. I could get more by throttling the CPU down speed wise.</p>
55293 </blockquote>
55294 <ul>
55295 <li>Overall impression</li>
55296 </ul>
55297 <blockquote>
55298 <p>It is a pretty decent experience. While not as polished as a Thinkpad there is a lot of potential with a bit of work and polishing. The laptop itself is not bad, the keyboard is responsive. The build quality is pretty solid. My only real complaint is the trackpad is stiff to click and sort of tiny. They seem to be a bit indifferent to non linux OSes running on the gear but that isnt anything new. I wont have any problems using it and is enough that when I work through this laptop, but I’m not sure at this stage if my next machine will be a System76 laptop, but they have impressed me enough to put them in the running when I go to look for my next portable machine but it hasn’t yet replaced the hole left in my heart by lenovo messing with the thinkpad.</p>
55299 </blockquote>
55300 <hr>
55301 <p>###<a href="https://undeadly.org/cgi?action=article;sid=20180418073437">Hardware accelerated AES/HMAC-SHA on octeons</a></p>
55302 <pre><code>In this commit, visa@ submitted code (disabled for now) to use built-in acceleration on octeon CPUs, much like AESNI for x86s.
55303 I decided to test tcpbench(1) and IPsec, before and after updating and enabling the octcrypto(4) driver.
55304 I didn't capture detailed perf stats from before the update, I had heard someone say that Edgerouter Lite boxes would only do some 6MBit/s over ipsec, so I set up a really simple ipsec.conf with ike esp from A to B leading to a policy of
55305 esp tunnel from A to B spi 0xdeadbeef auth hmac-sha2-256 enc aes
55306 going from one ERL to another (I collect octeons, so I have a bunch to test with) and let tcpbench run for a while on it. My numbers hovered around 7Mbit/s, which coincided with what I've heard, and also that most of the CPU gets used while doing it.
55307 Then I edited /sys/arch/octeon/conf/GENERIC, removed the # from octcrypto0 at mainbus0 and recompiled. Booted into the new kernel and got a octcrypto0 line in dmesg, and it was time to rock the ipsec tunnel again. The crypto algorithm and HMAC used by default on ipsec coincides nicely with the list of accelerated functions provided by the driver.
55308 Before we get to tunnel traffic numbers, just one quick look at what systat pigs says while the ipsec is running at full steam:
55309 PID USER NAME CPU 20\ 40\ 60\ 80\ 100\
55310 58917 root crypto 52.25 #################
55311 42636 root softnet 42.48 ##############
55312 (idle) 29.74 #########
55313 1059 root tcpbench 24.22 #######
55314 67777 root crynlk 19.58 ######
55315 So this indicates that the load from doing ipsec and generating the traffic is somewhat nicely evened out over the two cores in the Edgerouter, and there's even some CPU left unused, which means I can actually ssh into it and have it usable. I have had it running for almost 2 days now, moving some 2.1TB over the tunnel.
55316 Now for the new and improved performance numbers:
55317 204452123 4740752 37.402 100.00%
55318 Conn: 1 Mbps: 37.402 Peak Mbps: 58.870 Avg Mbps: 37.402
55319 204453149 4692968 36.628 100.00%
55320 Conn: 1 Mbps: 36.628 Peak Mbps: 58.870 Avg Mbps: 36.628
55321 204454167 5405552 42.480 100.00%
55322 Conn: 1 Mbps: 42.480 Peak Mbps: 58.870 Avg Mbps: 42.480
55323 204455188 5202496 40.804 100.00%
55324 Conn: 1 Mbps: 40.804 Peak Mbps: 58.870 Avg Mbps: 40.804
55325 204456194 5062208 40.256 100.00%
55326 Conn: 1 Mbps: 40.256 Peak Mbps: 58.870 Avg Mbps: 40.256
55327 The tcpbench numbers fluctuate up and down a bit, but the output is nice enough to actually keep tabs on the peak values. Peaking to 58.8MBit/s! Of course, as you can see, the average is lower but nice anyhow.
55328 A manyfold increase in performance, which is good enough in itself, but also moves the throughput from a speed that would make a poor but cheap gateway to something actually useful and decent for many home network speeds. Biggest problem after this gets enabled will be that my options to buy cheap used ERLs diminish.
55329 </code></pre>
55330 <hr>
55331 <p>##Beastie Bits</p>
55332 <ul>
55333 <li><a href="http://www.etinc.com/122/Using-FreeBSD-Text-Dumps">Using FreeBSD Text Dumps</a></li>
55334 <li><a href="https://svnweb.freebsd.org/base?view=revision&amp;revision=334391">llvm’s lld now the default linker for amd64 on FreeBSD</a></li>
55335 <li><a href="https://blather.michaelwlucas.com/archives/3194">Author Discoverability</a></li>
55336 <li><a href="https://www.openbsd.org/papers/BeckPledgeUnveilBSDCan2018.pdf">Pledge and Unveil in OpenBSD {pdf}</a></li>
55337 <li><a href="https://2018.eurobsdcon.org/call-for-papers/">EuroBSDCon 2018 CFP Closes June 17, hurry up and get your submissions in</a></li>
55338 <li><a href="https://2018.eurobsdcon.org/paul-schenkeveld-travel-grant/">Just want to attend, but need help getting to the conference? Applications for the Paul Schenkeveld travel grant accepted until June 15th</a></li>
55339 </ul>
55340 <hr>
55341 <p><strong>Tarsnap</strong></p>
55342 <p>##Feedback/Questions</p>
55343 <ul>
55344 <li>Casey - <a href="http://dpaste.com/2H42V7W#wrap">ZFS on Digital Ocean</a></li>
55345 <li>Jürgen - <a href="http://dpaste.com/3N7ZN8C#wrap">A Question</a></li>
55346 <li>Kevin - <a href="http://dpaste.com/231CY5Z#wrap">Failover best practice</a></li>
55347 <li>Dennis - <a href="http://dpaste.com/1QPNB25#wrap">SQL</a></li>
55348 </ul>
55349 <hr>
55350 <ul>
55351 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
55352 </ul>
55353 </description>
55354 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, tutorial, howto, guide, bsd, interview, OpenIKED, HardenedBSD, Trident, Project Trident, bsdcan</itunes:keywords>
55355 <content:encoded>
55356 <![CDATA[<p>TrueOS becoming a downstream fork with Trident, our BSDCan 2018 recap, HardenedBSD Foundation founding efforts, VPN with OpenIKED on OpenBSD, FreeBSD on a System76 Galago Pro, and hardware accelerated crypto on Octeons.</p>
55357
55358 <p>##Headlines##<br>
55359 ###<a href="https://www.trueos.org/blog/trueosdownstream/">TrueOS to Focus on Core Operating System</a></p>
55360
55361 <blockquote>
55362 <p>The TrueOS Project has some big plans in the works, and we want to take a minute and share them with you. Many have come to know TrueOS as the “graphical FreeBSD” that makes things easy for newcomers to the BSDs. Today we’re announcing that TrueOS is shifting our focus a bit to become a cutting-edge operating system that keeps all of the stability that you know and love from ZFS (OpenZFS) and FreeBSD, and adds additional features to create a fresh, innovative operating system. Our goal is to create a core-centric operating system that is modular, functional, and perfect for do-it-yourselfers and advanced users alike.</p>
55363 </blockquote>
55364
55365 <blockquote>
55366 <p>TrueOS will become a downstream fork that will build on FreeBSD by integrating new software technologies like OpenRC and LibreSSL. Work has already begun which allows TrueOS to be used as a base platform for other projects, including JSON-based manifests, integrated Poudriere / pkg tools and much more. We’re planning on a six month release cycle to keep development moving and fresh, allowing us to bring you hot new features to ZFS, bhyve and related tools in a timely manner. This makes TrueOS the perfect fit to serve as the basis for building other distributions.</p>
55367 </blockquote>
55368
55369 <blockquote>
55370 <p>Some of you are probably asking yourselves “But what if I want to have a graphical desktop?” Don’t worry! We’re making sure that everyone who knows and loves the legacy desktop version of TrueOS will be able to continue using a FreeBSD-based, graphical operating system in the future. For instance, if you want to add KDE, just use sudo pkg install kde and voila! You have your new shiny desktop. Easy right? This allows us to get back to our roots of being a desktop agnostic operating system. If you want to add a new desktop environment, you get to pick the one that best suits your use.</p>
55371 </blockquote>
55372
55373 <blockquote>
55374 <p>We know that some of you will still be looking for an out-of-the-box solution similar to legacy PC-BSD and TrueOS. We’re happy to announce that Project Trident will take over graphical FreeBSD development going forward. Not much is going to change in that regard other than a new name! You’ll still have Lumina Desktop as a lightweight and feature-rich desktop environment and tons of utilities from the legacy TrueOS toolchain like sysadm and AppCafe. There will be migration paths available for those that would like to move to other FreeBSD-based distributions like Project Trident or GhostBSD.</p>
55375 </blockquote>
55376
55377 <blockquote>
55378 <p>We look forward to this new chapter for TrueOS and hope you will give the new edition a spin! Tell us what you think about the new changes by leaving us a comment. Don’t forget you can ask us questions on our Twitter and be a part of our community by joining the new TrueOS Forums when they go live in about a week. Thanks for being a loyal fan of TrueOS.</p>
55379 </blockquote>
55380
55381 <p>###<a href="http://project-trident.org/faq">Project Trident FAQ</a></p>
55382
55383 <ul>
55384 <li>Q: Why did you pick the name “Project Trident”?</li>
55385 </ul>
55386
55387 <blockquote>
55388 <p>A: We were looking for a name that was unique, yet would still relate to the BSD community. Since Beastie (the FreeBSD mascot) is always pictured with a trident, it felt like that would be a great name.</p>
55389 </blockquote>
55390
55391 <ul>
55392 <li>Q: Where can users go for technical support?</li>
55393 </ul>
55394
55395 <blockquote>
55396 <p>A: At the moment, Project Trident will continue sharing the TrueOS community forums and Telegram channels. We are currently evaluating dedicated options for support channels in the future.</p>
55397 </blockquote>
55398
55399 <ul>
55400 <li>Q: Can I help contribute to the project?</li>
55401 </ul>
55402
55403 <blockquote>
55404 <p>A: We are always looking for developers who want to join the project. If you’re not a developer you can still help, as a community project we will be more reliant on contributions from the community in the form of how-to guides and other user-centric documentation and support systems.</p>
55405 </blockquote>
55406
55407 <ul>
55408 <li>Q: How is the project supported financially?</li>
55409 </ul>
55410
55411 <blockquote>
55412 <p>A: Project Trident is sponsored by the community, from both individuals and corporations. iXsystems has stepped up as the first enterprise-level sponsor of the project, and has been instrumental in getting Project Trident up and running. Please visit the Sponsors page to see all the current sponsors.</p>
55413 </blockquote>
55414
55415 <ul>
55416 <li>Q: How can I help support the project financially?</li>
55417 </ul>
55418
55419 <blockquote>
55420 <p>A: Several methods exist, from one time or recurring donations via Paypal to limited time swag t-shirt campaigns during the year. We are also looking into more alternative methods of support, so please visit the Sponsors page to see all the current methods of sponsorship.</p>
55421 </blockquote>
55422
55423 <ul>
55424 <li>Q: Will there be any transparency of the financial donations and expenditures?</li>
55425 </ul>
55426
55427 <blockquote>
55428 <p>A: Yes, we will be totally open with how much money comes into the project and what it is spent on. Due to concerns of privacy, we will not identify individuals and their donation amounts unless they specifically request to be identified. We will release a monthly overview in/out ledger, so that community members can see where their money is going.</p>
55429 </blockquote>
55430
55431 <ul>
55432 <li>
55433 <p>Relationship with TrueOS</p>
55434 </li>
55435 <li>
55436 <p>Project Trident does have very close ties to the TrueOS project, since most of the original Project Trident developers were once part of the TrueOS project before it became a distribution platform. For users of the TrueOS desktop, we have some additional questions and answers below.</p>
55437 </li>
55438 <li>
55439 <p>Q: Do we need to be at a certain TrueOS install level/release to upgrade?</p>
55440 </li>
55441 </ul>
55442
55443 <blockquote>
55444 <p>A: As long as you have a TrueOS system which has been updated to at least the 18.03 release you should be able to just perform a system update to be automatically upgraded to Project Trident.</p>
55445 </blockquote>
55446
55447 <ul>
55448 <li>Q: Which members moved from TrueOS to Project Trident?</li>
55449 </ul>
55450
55451 <blockquote>
55452 <p>A: Project Trident is being led by prior members of the TrueOS desktop team. Ken and JT (development), Tim (documentation) and Rod (Community/Support). Since Project Trident is a community-first project, we look forward to working with new members of the team.</p>
55453 </blockquote>
55454
55455 <p><hr></p>
55456
55457 <p><strong>iXsystems</strong></p>
55458
55459 <p>###<a href="https://www.bsdcan.org/2018">BSDCan</a></p>
55460
55461 <ul>
55462 <li>BSDCan finished Saturday last week</li>
55463 <li>It started with the GoatBoF on Tuesday at the Royal Oak Pub, where people had a chance to meet and greet. Benedict could not attend due to an all-day FreeBSD Foundation meeting and and even FreeBSD Journal Editorial Board meeting.</li>
55464 <li>The FreeBSD devsummit was held the next two days in parallel to the tutorials. Gordon Tetlow, who organized the devsummit, opened the devsummit. Deb Goodkin from the FreeBSD Foundation gave the first talk with a Foundation update, highlighting current and future efforts. Li-Wen Hsu is now employed by the Foundation to assist in QA work (Jenkins, CI/CD) and Gordon Tetlow has a part-time contract to help secteam as their secretary.</li>
55465 <li>Next, the FreeBSD core team (among them Allan and Benedict) gave a talk about what has happened this last term. With a core election currently running, some of these items will carry over to the next core team, but there were also some finished ones like the FCP process and FreeBSD members initiative. People in the audience asked questions on various topics of interest.</li>
55466 <li>After the coffee break, the release engineering team gave a talk about their efforts in terms of making releases happen in time and good quality.</li>
55467 <li>Benedict had to give his Ansible tutorial in the afternoon, which had roughly 15 people attending. Most of them beginners, we could get some good discussions going and I also learned a few new tricks. The overall feedback was positive and one even asked what I’m going to teach next year.</li>
55468 <li>The second day of the FreeBSD devsummit began with Gordon Tetlow giving an insight into the FreeBSD Security team (aka secteam). He gave a overview of secteam members and responsibilities, explaining the process based on a long past advisory. Developers were encouraged to help out secteam. NDAs and proper disclosure of vulnerabilities were also discussed, and the audience had some feedback and questions.</li>
55469 <li>When the coffee break was over, the FreeBSD 12.0 planning session happened. A <a href="https://wiki.freebsd.org/DevSummit/201806/HaveNeedWant12">Google doc</a> served as a collaborative way of gathering features and things left to do. People signed up for it or were volunteered. Some features won’t make it into 12.0 as they are not 100% ready for prime time and need a few more rounds of testing and bugfixing. Still, 12.0 will have some compelling features.</li>
55470 <li><a href="https://theta360.com/s/xuR4ogsjGmu584JJju0vUaTA">A 360° group picture</a> was taken after lunch, and then people split up into the working groups for the afternoon or started hacking in the UofO Henderson residence.</li>
55471 <li>Benedict and Allan both attended the OpenZFS working group, lead by Matt Ahrens. He presented the completed and outstanding work in FreeBSD, without spoiling too much of the ZFS presentations of various people that happened later at the conference.</li>
55472 <li>Benedict joined the boot code session a bit late (hallway track is the reason) when most things seem to have already been discussed.</li>
55473 <li><a href="https://www.talegraph.com/tales/WmObSRejzT">BSDCan 2018 — Ottawa (In Pictures)</a></li>
55474 <li><a href="https://photos.google.com/share/AF1QipPv_eOz9z-e8R23DkSEcMLF9ivl8est0H4k0lkAoIdY0Jgsn4eyKT54fPyy4EukCw?key=RmJoNS1uOHU2djRDdzZxNGM4ZEY1dFVKamhCNThR">iXsystems Photos from BSDCan 2018</a></li>
55475 </ul>
55476
55477 <p><hr></p>
55478
55479 <p>##News Roundup<br>
55480 ###<a href="https://hardenedbsd.org/article/shawn-webb/2018-06-09/june-hardenedbsd-foundation-update">June HardenedBSD Foundation Update</a></p>
55481
55482 <blockquote>
55483 <p>We at HardenedBSD are working towards starting up a 501©(3) not-for-profit organization in the USA. Setting up this organization will allow future donations to be tax deductible. We’ve made progress and would like to share with you the current state of affairs.</p>
55484 </blockquote>
55485
55486 <blockquote>
55487 <p>We have identified, sent invitations out, and received acceptance letters from six people who will serve on the HardenedBSD Foundation Board of Directors. You can find their bios below. In the latter half of June 2018 or the beginning half of July 2018, we will meet for the first time as a board and formally begin the process of creating the documentation needed to submit to the local, state, and federal tax services.</p>
55488 </blockquote>
55489
55490 <blockquote>
55491 <p>Here’s a brief introduction to those who will serve on the board:</p>
55492 </blockquote>
55493
55494 <ul>
55495 <li>
55496 <p>W. Dean Freeman (Advisor): Dean has ten years of professional experience with deploying and security Unix and networking systems, including assessing systems security for government certification and assessing the efficacy of security products. He was introduced to Unix via FreeBSD 2.2.8 on an ISP shell account as a teenager. Formerly, he was the Snort port maintainer for FreeBSD while working in the Sourcefire VRT, and has contributed entropy-related patches to the FreeBSD and HardenedBSD projects – a topic on which he presented at vBSDCon 2017.</p>
55497 </li>
55498 <li>
55499 <p>Ben La Monica (Advisor): Ben is a Senior Technology Manager of Software Engineering at Morningstar, Inc and has been developing software for over 15 years in a variety of languages. He advocates open source software and enjoys tinkering with electronics and home automation.</p>
55500 </li>
55501 <li>
55502 <p>George Saylor (Advisor): George is a Technical Directory at G2, Inc. Mr. Saylor has over 28 years of information systems and security experience in a broad range of disciplines. His core focus areas are automation and standards in the event correlation space as well as penetration and exploitation of computer systems. Mr Saylor was also a co-founder of the OpenSCAP project.</p>
55503 </li>
55504 <li>
55505 <p>Virginia Suydan (Accountant and general administrator): Accountant and general administrator for the HardenedBSD Foundation. She has worked with Shawn Webb for tax and accounting purposes for over six years.</p>
55506 </li>
55507 <li>
55508 <p>Shawn Webb (Director): Co-founder of HardenedBSD and all-around infosec wonk. He has worked and played in the infosec industry, doing both offensive and defensive research, for around fifteen years. He loves open source technologies and likes to frustrate the bad guys.</p>
55509 </li>
55510 <li>
55511 <p>Ben Welch (Advisor): Ben is currently a Security Engineer at G2, Inc. He graduated from Pennsylvania College of Technology with a Bachelors in Information Assurance and Security. Ben likes long walks, beaches, candlelight dinners, and attending various conferences like BSides and ShmooCon.</p>
55512 </li>
55513 </ul>
55514
55515 <p><hr></p>
55516
55517 <p>###<a href="https://medium.com/@cmacrae/your-own-vpn-with-openiked-openbsd-13d7abd3d1d4">Your own VPN with OpenIKED & OpenBSD</a></p>
55518
55519 <blockquote>
55520 <p>Remote connectivity to your home network is something I think a lot of people find desirable. Over the years, I’ve just established an SSH tunnel and use it as a SOCKS proxy, sending my traffic through that. It’s a nice solution for a “poor man’s VPN”, but it can be a bit clunky, and it’s not great having to expose SSH to the world, even if you make sure to lock everything down </p>
55521 </blockquote>
55522
55523 <blockquote>
55524 <p>I set out the other day to finally do it properly. I’d come across this great post by Gordon Turner: <a href="https://blog.gordonturner.com/2018/02/25/openbsd-6-2-vpn-endpoint-for-ios-and-macos/">OpenBSD 6.2 VPN Endpoint for iOS and macOS</a></p>
55525 </blockquote>
55526
55527 <blockquote>
55528 <p>Whilst it was exactly what I was looking for, it outlined how to set up an L2TP VPN. Really, I wanted IKEv2 for performance and security reasons (I won’t elaborate on this here, if you’re curious about the differences, there’s a lot of content out on the web explaining this).</p>
55529 </blockquote>
55530
55531 <blockquote>
55532 <p>The client systems I’d be using have native support for IKEv2 (iOS, macOS, other BSD systems). But, I couldn’t find any tutorials in the same vein.</p>
55533 </blockquote>
55534
55535 <blockquote>
55536 <p>So, let’s get stuck in!</p>
55537 </blockquote>
55538
55539 <ul>
55540 <li>A quick note ✍️</li>
55541 </ul>
55542
55543 <blockquote>
55544 <p>This guide will walk through the set up of an IKEv2 VPN using OpenIKED on OpenBSD. It will detail a “road warrior” configuration, and use a PSK (pre-shared-key) for authentication. I’m sure it can be easily adapted to work on any other platforms that OpenIKED is available on, but keep in mind my steps are specifically for OpenBSD.</p>
55545 </blockquote>
55546
55547 <ul>
55548 <li>Server Configuration</li>
55549 </ul>
55550
55551 <blockquote>
55552 <p>As with all my home infrastructure, I crafted this set-up declaratively. So, I had the deployment of the VM setup in Terraform (deployed on my private Triton cluster), and wrote the configuration in Ansible, then tied them together using radekg/terraform-provisioner-ansible.</p>
55553 </blockquote>
55554
55555 <blockquote>
55556 <p>One of the reasons I love Ansible is that its syntax is very simplistic, yet expressive. As such, I feel it fits very well into explaining these steps with snippets of the playbook I wrote. I’ll link the full playbook a bit further down for those interested.</p>
55557 </blockquote>
55558
55559 <ul>
55560 <li>See the full article for the information on:</li>
55561 <li>sysctl parameters</li>
55562 <li>The naughty list (optional)</li>
55563 <li>Configure the VPN network interface</li>
55564 <li>Configure the firewall</li>
55565 <li>Configure the iked service</li>
55566 <li>Gateway configuration</li>
55567 <li>Client configuration</li>
55568 <li>Troubleshooting</li>
55569 </ul>
55570
55571 <p><hr></p>
55572
55573 <p><strong>DigitalOcean</strong></p>
55574
55575 <p>###<a href="https://corrupted.io/2018/05/15/system76-free-bsd.html">FreeBSD on a System76 Galago Pro</a></p>
55576
55577 <blockquote>
55578 <p>Hey all, It’s been a while since I last posted but I thought I would hammer something out here. My most recent purchase was a System76 Galago Pro. I thought, afer playing with POP! OS a bit, is there any reason I couldn’t get BSD on this thing. Turns out the answer is no, no there isnt and it works pretty decently.</p>
55579 </blockquote>
55580
55581 <blockquote>
55582 <p>To get some accounting stuff out of the way I tested this all on FreeBSD Head and 11.1, and all of it is valid as of May 10, 2018. Head is a fast moving target so some of this is only bound to improve.</p>
55583 </blockquote>
55584
55585 <ul>
55586 <li>
55587 <p>The hardware</p>
55588 </li>
55589 <li>
55590 <p>Intel Core i5 Gen 8</p>
55591 </li>
55592 <li>
55593 <p>UHD Graphics 620</p>
55594 </li>
55595 <li>
55596 <p>16 GB DDR4 Ram</p>
55597 </li>
55598 <li>
55599 <p>RTL8411B PCI Express Card Reader</p>
55600 </li>
55601 <li>
55602 <p>RTL8111 Gigabit ethernet controller</p>
55603 </li>
55604 <li>
55605 <p>Intel HD Audio</p>
55606 </li>
55607 <li>
55608 <p>Samsung SSD 960 PRO 512GB NVMe</p>
55609 </li>
55610 <li>
55611 <p>The caveats</p>
55612 </li>
55613 </ul>
55614
55615 <blockquote>
55616 <p>There are a few things that I cant seem to make work straight out of the box, and that is the SD Card reader, the backlight, and the audio is a bit finicky. Also the trackpad doesn’t respond to two finger scrolling. The wiki is mostly up to date, there are a few edits that need to be made still but there is a bug where I cant register an account yet so I haven’t made all the changes.</p>
55617 </blockquote>
55618
55619 <ul>
55620 <li>Processor</li>
55621 </ul>
55622
55623 <blockquote>
55624 <p>It works like any other Intel processor. Pstates and throttling work.</p>
55625 </blockquote>
55626
55627 <ul>
55628 <li>Graphics</li>
55629 </ul>
55630
55631 <blockquote>
55632 <p>The boot menu sets itself to what looks like 1024x768, but works as you expect in a tiny window. The text console does the full 3200x1800 resolution, but the text is ultra tiny. There isnt a font for the console that covers hidpi screens yet. As for X Windows it requres the drm-kmod-next package. Once installed follow the directions from the package and it works with almost no fuss. I have it running on X with full intel acceleration, but it is running at it’s full 3200x1800 resolution, to scale that down just do xrandr --output eDP-1 --scale 0.5x0.5 it will blow it up to roughly 200%. Due to limitations with X windows and hidpi it is harder to get more granular.</p>
55633 </blockquote>
55634
55635 <ul>
55636 <li>Intel Wireless 8265</li>
55637 </ul>
55638
55639 <blockquote>
55640 <p>The wireless uses the iwm module, as of right now it does not seem to automagically load right now. Adding iwm_load=“YES” will cause the module to load on boot and kldload iwm</p>
55641 </blockquote>
55642
55643 <ul>
55644 <li>Battery</li>
55645 </ul>
55646
55647 <blockquote>
55648 <p>I seem to be getting about 5 hours out of the battery, but everything reports out of the box as expected. I could get more by throttling the CPU down speed wise.</p>
55649 </blockquote>
55650
55651 <ul>
55652 <li>Overall impression</li>
55653 </ul>
55654
55655 <blockquote>
55656 <p>It is a pretty decent experience. While not as polished as a Thinkpad there is a lot of potential with a bit of work and polishing. The laptop itself is not bad, the keyboard is responsive. The build quality is pretty solid. My only real complaint is the trackpad is stiff to click and sort of tiny. They seem to be a bit indifferent to non linux OSes running on the gear but that isnt anything new. I wont have any problems using it and is enough that when I work through this laptop, but I’m not sure at this stage if my next machine will be a System76 laptop, but they have impressed me enough to put them in the running when I go to look for my next portable machine but it hasn’t yet replaced the hole left in my heart by lenovo messing with the thinkpad.</p>
55657 </blockquote>
55658
55659 <p><hr></p>
55660
55661 <p>###<a href="https://undeadly.org/cgi?action=article;sid=20180418073437">Hardware accelerated AES/HMAC-SHA on octeons</a></p>
55662
55663 <pre><code>In this commit, visa@ submitted code (disabled for now) to use built-in acceleration on octeon CPUs, much like AESNI for x86s.
55664
55665 I decided to test tcpbench(1) and IPsec, before and after updating and enabling the octcrypto(4) driver.
55666
55667 I didn't capture detailed perf stats from before the update, I had heard someone say that Edgerouter Lite boxes would only do some 6MBit/s over ipsec, so I set up a really simple ipsec.conf with ike esp from A to B leading to a policy of
55668
55669 esp tunnel from A to B spi 0xdeadbeef auth hmac-sha2-256 enc aes
55670 going from one ERL to another (I collect octeons, so I have a bunch to test with) and let tcpbench run for a while on it. My numbers hovered around 7Mbit/s, which coincided with what I've heard, and also that most of the CPU gets used while doing it.
55671 Then I edited /sys/arch/octeon/conf/GENERIC, removed the # from octcrypto0 at mainbus0 and recompiled. Booted into the new kernel and got a octcrypto0 line in dmesg, and it was time to rock the ipsec tunnel again. The crypto algorithm and HMAC used by default on ipsec coincides nicely with the list of accelerated functions provided by the driver.
55672
55673 Before we get to tunnel traffic numbers, just one quick look at what systat pigs says while the ipsec is running at full steam:
55674
55675 PID USER NAME CPU 20\ 40\ 60\ 80\ 100\
55676 58917 root crypto 52.25 #################
55677 42636 root softnet 42.48 ##############
55678 (idle) 29.74 #########
55679 1059 root tcpbench 24.22 #######
55680 67777 root crynlk 19.58 ######
55681 So this indicates that the load from doing ipsec and generating the traffic is somewhat nicely evened out over the two cores in the Edgerouter, and there's even some CPU left unused, which means I can actually ssh into it and have it usable. I have had it running for almost 2 days now, moving some 2.1TB over the tunnel.
55682 Now for the new and improved performance numbers:
55683
55684 204452123 4740752 37.402 100.00%
55685 Conn: 1 Mbps: 37.402 Peak Mbps: 58.870 Avg Mbps: 37.402
55686 204453149 4692968 36.628 100.00%
55687 Conn: 1 Mbps: 36.628 Peak Mbps: 58.870 Avg Mbps: 36.628
55688 204454167 5405552 42.480 100.00%
55689 Conn: 1 Mbps: 42.480 Peak Mbps: 58.870 Avg Mbps: 42.480
55690 204455188 5202496 40.804 100.00%
55691 Conn: 1 Mbps: 40.804 Peak Mbps: 58.870 Avg Mbps: 40.804
55692 204456194 5062208 40.256 100.00%
55693 Conn: 1 Mbps: 40.256 Peak Mbps: 58.870 Avg Mbps: 40.256
55694
55695 The tcpbench numbers fluctuate up and down a bit, but the output is nice enough to actually keep tabs on the peak values. Peaking to 58.8MBit/s! Of course, as you can see, the average is lower but nice anyhow.
55696
55697 A manyfold increase in performance, which is good enough in itself, but also moves the throughput from a speed that would make a poor but cheap gateway to something actually useful and decent for many home network speeds. Biggest problem after this gets enabled will be that my options to buy cheap used ERLs diminish.
55698 </code></pre>
55699
55700 <p><hr></p>
55701
55702 <p>##Beastie Bits</p>
55703
55704 <ul>
55705 <li><a href="http://www.etinc.com/122/Using-FreeBSD-Text-Dumps">Using FreeBSD Text Dumps</a></li>
55706 <li><a href="https://svnweb.freebsd.org/base?view=revision&revision=334391">llvm’s lld now the default linker for amd64 on FreeBSD</a></li>
55707 <li><a href="https://blather.michaelwlucas.com/archives/3194">Author Discoverability</a></li>
55708 <li><a href="https://www.openbsd.org/papers/BeckPledgeUnveilBSDCan2018.pdf">Pledge and Unveil in OpenBSD {pdf}</a></li>
55709 <li><a href="https://2018.eurobsdcon.org/call-for-papers/">EuroBSDCon 2018 CFP Closes June 17, hurry up and get your submissions in</a></li>
55710 <li><a href="https://2018.eurobsdcon.org/paul-schenkeveld-travel-grant/">Just want to attend, but need help getting to the conference? Applications for the Paul Schenkeveld travel grant accepted until June 15th</a></li>
55711 </ul>
55712
55713 <p><hr></p>
55714
55715 <p><strong>Tarsnap</strong></p>
55716
55717 <p>##Feedback/Questions</p>
55718
55719 <ul>
55720 <li>Casey - <a href="http://dpaste.com/2H42V7W#wrap">ZFS on Digital Ocean</a></li>
55721 <li>Jürgen - <a href="http://dpaste.com/3N7ZN8C#wrap">A Question</a></li>
55722 <li>Kevin - <a href="http://dpaste.com/231CY5Z#wrap">Failover best practice</a></li>
55723 <li>Dennis - <a href="http://dpaste.com/1QPNB25#wrap">SQL</a></li>
55724 </ul>
55725
55726 <p><hr></p>
55727
55728 <ul>
55729 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
55730 </ul>]]>
55731 </content:encoded>
55732 <itunes:summary>
55733 <![CDATA[<p>TrueOS becoming a downstream fork with Trident, our BSDCan 2018 recap, HardenedBSD Foundation founding efforts, VPN with OpenIKED on OpenBSD, FreeBSD on a System76 Galago Pro, and hardware accelerated crypto on Octeons.</p>
55734
55735 <p>##Headlines##<br>
55736 ###<a href="https://www.trueos.org/blog/trueosdownstream/">TrueOS to Focus on Core Operating System</a></p>
55737
55738 <blockquote>
55739 <p>The TrueOS Project has some big plans in the works, and we want to take a minute and share them with you. Many have come to know TrueOS as the “graphical FreeBSD” that makes things easy for newcomers to the BSDs. Today we’re announcing that TrueOS is shifting our focus a bit to become a cutting-edge operating system that keeps all of the stability that you know and love from ZFS (OpenZFS) and FreeBSD, and adds additional features to create a fresh, innovative operating system. Our goal is to create a core-centric operating system that is modular, functional, and perfect for do-it-yourselfers and advanced users alike.</p>
55740 </blockquote>
55741
55742 <blockquote>
55743 <p>TrueOS will become a downstream fork that will build on FreeBSD by integrating new software technologies like OpenRC and LibreSSL. Work has already begun which allows TrueOS to be used as a base platform for other projects, including JSON-based manifests, integrated Poudriere / pkg tools and much more. We’re planning on a six month release cycle to keep development moving and fresh, allowing us to bring you hot new features to ZFS, bhyve and related tools in a timely manner. This makes TrueOS the perfect fit to serve as the basis for building other distributions.</p>
55744 </blockquote>
55745
55746 <blockquote>
55747 <p>Some of you are probably asking yourselves “But what if I want to have a graphical desktop?” Don’t worry! We’re making sure that everyone who knows and loves the legacy desktop version of TrueOS will be able to continue using a FreeBSD-based, graphical operating system in the future. For instance, if you want to add KDE, just use sudo pkg install kde and voila! You have your new shiny desktop. Easy right? This allows us to get back to our roots of being a desktop agnostic operating system. If you want to add a new desktop environment, you get to pick the one that best suits your use.</p>
55748 </blockquote>
55749
55750 <blockquote>
55751 <p>We know that some of you will still be looking for an out-of-the-box solution similar to legacy PC-BSD and TrueOS. We’re happy to announce that Project Trident will take over graphical FreeBSD development going forward. Not much is going to change in that regard other than a new name! You’ll still have Lumina Desktop as a lightweight and feature-rich desktop environment and tons of utilities from the legacy TrueOS toolchain like sysadm and AppCafe. There will be migration paths available for those that would like to move to other FreeBSD-based distributions like Project Trident or GhostBSD.</p>
55752 </blockquote>
55753
55754 <blockquote>
55755 <p>We look forward to this new chapter for TrueOS and hope you will give the new edition a spin! Tell us what you think about the new changes by leaving us a comment. Don’t forget you can ask us questions on our Twitter and be a part of our community by joining the new TrueOS Forums when they go live in about a week. Thanks for being a loyal fan of TrueOS.</p>
55756 </blockquote>
55757
55758 <p>###<a href="http://project-trident.org/faq">Project Trident FAQ</a></p>
55759
55760 <ul>
55761 <li>Q: Why did you pick the name “Project Trident”?</li>
55762 </ul>
55763
55764 <blockquote>
55765 <p>A: We were looking for a name that was unique, yet would still relate to the BSD community. Since Beastie (the FreeBSD mascot) is always pictured with a trident, it felt like that would be a great name.</p>
55766 </blockquote>
55767
55768 <ul>
55769 <li>Q: Where can users go for technical support?</li>
55770 </ul>
55771
55772 <blockquote>
55773 <p>A: At the moment, Project Trident will continue sharing the TrueOS community forums and Telegram channels. We are currently evaluating dedicated options for support channels in the future.</p>
55774 </blockquote>
55775
55776 <ul>
55777 <li>Q: Can I help contribute to the project?</li>
55778 </ul>
55779
55780 <blockquote>
55781 <p>A: We are always looking for developers who want to join the project. If you’re not a developer you can still help, as a community project we will be more reliant on contributions from the community in the form of how-to guides and other user-centric documentation and support systems.</p>
55782 </blockquote>
55783
55784 <ul>
55785 <li>Q: How is the project supported financially?</li>
55786 </ul>
55787
55788 <blockquote>
55789 <p>A: Project Trident is sponsored by the community, from both individuals and corporations. iXsystems has stepped up as the first enterprise-level sponsor of the project, and has been instrumental in getting Project Trident up and running. Please visit the Sponsors page to see all the current sponsors.</p>
55790 </blockquote>
55791
55792 <ul>
55793 <li>Q: How can I help support the project financially?</li>
55794 </ul>
55795
55796 <blockquote>
55797 <p>A: Several methods exist, from one time or recurring donations via Paypal to limited time swag t-shirt campaigns during the year. We are also looking into more alternative methods of support, so please visit the Sponsors page to see all the current methods of sponsorship.</p>
55798 </blockquote>
55799
55800 <ul>
55801 <li>Q: Will there be any transparency of the financial donations and expenditures?</li>
55802 </ul>
55803
55804 <blockquote>
55805 <p>A: Yes, we will be totally open with how much money comes into the project and what it is spent on. Due to concerns of privacy, we will not identify individuals and their donation amounts unless they specifically request to be identified. We will release a monthly overview in/out ledger, so that community members can see where their money is going.</p>
55806 </blockquote>
55807
55808 <ul>
55809 <li>
55810 <p>Relationship with TrueOS</p>
55811 </li>
55812 <li>
55813 <p>Project Trident does have very close ties to the TrueOS project, since most of the original Project Trident developers were once part of the TrueOS project before it became a distribution platform. For users of the TrueOS desktop, we have some additional questions and answers below.</p>
55814 </li>
55815 <li>
55816 <p>Q: Do we need to be at a certain TrueOS install level/release to upgrade?</p>
55817 </li>
55818 </ul>
55819
55820 <blockquote>
55821 <p>A: As long as you have a TrueOS system which has been updated to at least the 18.03 release you should be able to just perform a system update to be automatically upgraded to Project Trident.</p>
55822 </blockquote>
55823
55824 <ul>
55825 <li>Q: Which members moved from TrueOS to Project Trident?</li>
55826 </ul>
55827
55828 <blockquote>
55829 <p>A: Project Trident is being led by prior members of the TrueOS desktop team. Ken and JT (development), Tim (documentation) and Rod (Community/Support). Since Project Trident is a community-first project, we look forward to working with new members of the team.</p>
55830 </blockquote>
55831
55832 <p><hr></p>
55833
55834 <p><strong>iXsystems</strong></p>
55835
55836 <p>###<a href="https://www.bsdcan.org/2018">BSDCan</a></p>
55837
55838 <ul>
55839 <li>BSDCan finished Saturday last week</li>
55840 <li>It started with the GoatBoF on Tuesday at the Royal Oak Pub, where people had a chance to meet and greet. Benedict could not attend due to an all-day FreeBSD Foundation meeting and and even FreeBSD Journal Editorial Board meeting.</li>
55841 <li>The FreeBSD devsummit was held the next two days in parallel to the tutorials. Gordon Tetlow, who organized the devsummit, opened the devsummit. Deb Goodkin from the FreeBSD Foundation gave the first talk with a Foundation update, highlighting current and future efforts. Li-Wen Hsu is now employed by the Foundation to assist in QA work (Jenkins, CI/CD) and Gordon Tetlow has a part-time contract to help secteam as their secretary.</li>
55842 <li>Next, the FreeBSD core team (among them Allan and Benedict) gave a talk about what has happened this last term. With a core election currently running, some of these items will carry over to the next core team, but there were also some finished ones like the FCP process and FreeBSD members initiative. People in the audience asked questions on various topics of interest.</li>
55843 <li>After the coffee break, the release engineering team gave a talk about their efforts in terms of making releases happen in time and good quality.</li>
55844 <li>Benedict had to give his Ansible tutorial in the afternoon, which had roughly 15 people attending. Most of them beginners, we could get some good discussions going and I also learned a few new tricks. The overall feedback was positive and one even asked what I’m going to teach next year.</li>
55845 <li>The second day of the FreeBSD devsummit began with Gordon Tetlow giving an insight into the FreeBSD Security team (aka secteam). He gave a overview of secteam members and responsibilities, explaining the process based on a long past advisory. Developers were encouraged to help out secteam. NDAs and proper disclosure of vulnerabilities were also discussed, and the audience had some feedback and questions.</li>
55846 <li>When the coffee break was over, the FreeBSD 12.0 planning session happened. A <a href="https://wiki.freebsd.org/DevSummit/201806/HaveNeedWant12">Google doc</a> served as a collaborative way of gathering features and things left to do. People signed up for it or were volunteered. Some features won’t make it into 12.0 as they are not 100% ready for prime time and need a few more rounds of testing and bugfixing. Still, 12.0 will have some compelling features.</li>
55847 <li><a href="https://theta360.com/s/xuR4ogsjGmu584JJju0vUaTA">A 360° group picture</a> was taken after lunch, and then people split up into the working groups for the afternoon or started hacking in the UofO Henderson residence.</li>
55848 <li>Benedict and Allan both attended the OpenZFS working group, lead by Matt Ahrens. He presented the completed and outstanding work in FreeBSD, without spoiling too much of the ZFS presentations of various people that happened later at the conference.</li>
55849 <li>Benedict joined the boot code session a bit late (hallway track is the reason) when most things seem to have already been discussed.</li>
55850 <li><a href="https://www.talegraph.com/tales/WmObSRejzT">BSDCan 2018 — Ottawa (In Pictures)</a></li>
55851 <li><a href="https://photos.google.com/share/AF1QipPv_eOz9z-e8R23DkSEcMLF9ivl8est0H4k0lkAoIdY0Jgsn4eyKT54fPyy4EukCw?key=RmJoNS1uOHU2djRDdzZxNGM4ZEY1dFVKamhCNThR">iXsystems Photos from BSDCan 2018</a></li>
55852 </ul>
55853
55854 <p><hr></p>
55855
55856 <p>##News Roundup<br>
55857 ###<a href="https://hardenedbsd.org/article/shawn-webb/2018-06-09/june-hardenedbsd-foundation-update">June HardenedBSD Foundation Update</a></p>
55858
55859 <blockquote>
55860 <p>We at HardenedBSD are working towards starting up a 501©(3) not-for-profit organization in the USA. Setting up this organization will allow future donations to be tax deductible. We’ve made progress and would like to share with you the current state of affairs.</p>
55861 </blockquote>
55862
55863 <blockquote>
55864 <p>We have identified, sent invitations out, and received acceptance letters from six people who will serve on the HardenedBSD Foundation Board of Directors. You can find their bios below. In the latter half of June 2018 or the beginning half of July 2018, we will meet for the first time as a board and formally begin the process of creating the documentation needed to submit to the local, state, and federal tax services.</p>
55865 </blockquote>
55866
55867 <blockquote>
55868 <p>Here’s a brief introduction to those who will serve on the board:</p>
55869 </blockquote>
55870
55871 <ul>
55872 <li>
55873 <p>W. Dean Freeman (Advisor): Dean has ten years of professional experience with deploying and security Unix and networking systems, including assessing systems security for government certification and assessing the efficacy of security products. He was introduced to Unix via FreeBSD 2.2.8 on an ISP shell account as a teenager. Formerly, he was the Snort port maintainer for FreeBSD while working in the Sourcefire VRT, and has contributed entropy-related patches to the FreeBSD and HardenedBSD projects – a topic on which he presented at vBSDCon 2017.</p>
55874 </li>
55875 <li>
55876 <p>Ben La Monica (Advisor): Ben is a Senior Technology Manager of Software Engineering at Morningstar, Inc and has been developing software for over 15 years in a variety of languages. He advocates open source software and enjoys tinkering with electronics and home automation.</p>
55877 </li>
55878 <li>
55879 <p>George Saylor (Advisor): George is a Technical Directory at G2, Inc. Mr. Saylor has over 28 years of information systems and security experience in a broad range of disciplines. His core focus areas are automation and standards in the event correlation space as well as penetration and exploitation of computer systems. Mr Saylor was also a co-founder of the OpenSCAP project.</p>
55880 </li>
55881 <li>
55882 <p>Virginia Suydan (Accountant and general administrator): Accountant and general administrator for the HardenedBSD Foundation. She has worked with Shawn Webb for tax and accounting purposes for over six years.</p>
55883 </li>
55884 <li>
55885 <p>Shawn Webb (Director): Co-founder of HardenedBSD and all-around infosec wonk. He has worked and played in the infosec industry, doing both offensive and defensive research, for around fifteen years. He loves open source technologies and likes to frustrate the bad guys.</p>
55886 </li>
55887 <li>
55888 <p>Ben Welch (Advisor): Ben is currently a Security Engineer at G2, Inc. He graduated from Pennsylvania College of Technology with a Bachelors in Information Assurance and Security. Ben likes long walks, beaches, candlelight dinners, and attending various conferences like BSides and ShmooCon.</p>
55889 </li>
55890 </ul>
55891
55892 <p><hr></p>
55893
55894 <p>###<a href="https://medium.com/@cmacrae/your-own-vpn-with-openiked-openbsd-13d7abd3d1d4">Your own VPN with OpenIKED & OpenBSD</a></p>
55895
55896 <blockquote>
55897 <p>Remote connectivity to your home network is something I think a lot of people find desirable. Over the years, I’ve just established an SSH tunnel and use it as a SOCKS proxy, sending my traffic through that. It’s a nice solution for a “poor man’s VPN”, but it can be a bit clunky, and it’s not great having to expose SSH to the world, even if you make sure to lock everything down </p>
55898 </blockquote>
55899
55900 <blockquote>
55901 <p>I set out the other day to finally do it properly. I’d come across this great post by Gordon Turner: <a href="https://blog.gordonturner.com/2018/02/25/openbsd-6-2-vpn-endpoint-for-ios-and-macos/">OpenBSD 6.2 VPN Endpoint for iOS and macOS</a></p>
55902 </blockquote>
55903
55904 <blockquote>
55905 <p>Whilst it was exactly what I was looking for, it outlined how to set up an L2TP VPN. Really, I wanted IKEv2 for performance and security reasons (I won’t elaborate on this here, if you’re curious about the differences, there’s a lot of content out on the web explaining this).</p>
55906 </blockquote>
55907
55908 <blockquote>
55909 <p>The client systems I’d be using have native support for IKEv2 (iOS, macOS, other BSD systems). But, I couldn’t find any tutorials in the same vein.</p>
55910 </blockquote>
55911
55912 <blockquote>
55913 <p>So, let’s get stuck in!</p>
55914 </blockquote>
55915
55916 <ul>
55917 <li>A quick note ✍️</li>
55918 </ul>
55919
55920 <blockquote>
55921 <p>This guide will walk through the set up of an IKEv2 VPN using OpenIKED on OpenBSD. It will detail a “road warrior” configuration, and use a PSK (pre-shared-key) for authentication. I’m sure it can be easily adapted to work on any other platforms that OpenIKED is available on, but keep in mind my steps are specifically for OpenBSD.</p>
55922 </blockquote>
55923
55924 <ul>
55925 <li>Server Configuration</li>
55926 </ul>
55927
55928 <blockquote>
55929 <p>As with all my home infrastructure, I crafted this set-up declaratively. So, I had the deployment of the VM setup in Terraform (deployed on my private Triton cluster), and wrote the configuration in Ansible, then tied them together using radekg/terraform-provisioner-ansible.</p>
55930 </blockquote>
55931
55932 <blockquote>
55933 <p>One of the reasons I love Ansible is that its syntax is very simplistic, yet expressive. As such, I feel it fits very well into explaining these steps with snippets of the playbook I wrote. I’ll link the full playbook a bit further down for those interested.</p>
55934 </blockquote>
55935
55936 <ul>
55937 <li>See the full article for the information on:</li>
55938 <li>sysctl parameters</li>
55939 <li>The naughty list (optional)</li>
55940 <li>Configure the VPN network interface</li>
55941 <li>Configure the firewall</li>
55942 <li>Configure the iked service</li>
55943 <li>Gateway configuration</li>
55944 <li>Client configuration</li>
55945 <li>Troubleshooting</li>
55946 </ul>
55947
55948 <p><hr></p>
55949
55950 <p><strong>DigitalOcean</strong></p>
55951
55952 <p>###<a href="https://corrupted.io/2018/05/15/system76-free-bsd.html">FreeBSD on a System76 Galago Pro</a></p>
55953
55954 <blockquote>
55955 <p>Hey all, It’s been a while since I last posted but I thought I would hammer something out here. My most recent purchase was a System76 Galago Pro. I thought, afer playing with POP! OS a bit, is there any reason I couldn’t get BSD on this thing. Turns out the answer is no, no there isnt and it works pretty decently.</p>
55956 </blockquote>
55957
55958 <blockquote>
55959 <p>To get some accounting stuff out of the way I tested this all on FreeBSD Head and 11.1, and all of it is valid as of May 10, 2018. Head is a fast moving target so some of this is only bound to improve.</p>
55960 </blockquote>
55961
55962 <ul>
55963 <li>
55964 <p>The hardware</p>
55965 </li>
55966 <li>
55967 <p>Intel Core i5 Gen 8</p>
55968 </li>
55969 <li>
55970 <p>UHD Graphics 620</p>
55971 </li>
55972 <li>
55973 <p>16 GB DDR4 Ram</p>
55974 </li>
55975 <li>
55976 <p>RTL8411B PCI Express Card Reader</p>
55977 </li>
55978 <li>
55979 <p>RTL8111 Gigabit ethernet controller</p>
55980 </li>
55981 <li>
55982 <p>Intel HD Audio</p>
55983 </li>
55984 <li>
55985 <p>Samsung SSD 960 PRO 512GB NVMe</p>
55986 </li>
55987 <li>
55988 <p>The caveats</p>
55989 </li>
55990 </ul>
55991
55992 <blockquote>
55993 <p>There are a few things that I cant seem to make work straight out of the box, and that is the SD Card reader, the backlight, and the audio is a bit finicky. Also the trackpad doesn’t respond to two finger scrolling. The wiki is mostly up to date, there are a few edits that need to be made still but there is a bug where I cant register an account yet so I haven’t made all the changes.</p>
55994 </blockquote>
55995
55996 <ul>
55997 <li>Processor</li>
55998 </ul>
55999
56000 <blockquote>
56001 <p>It works like any other Intel processor. Pstates and throttling work.</p>
56002 </blockquote>
56003
56004 <ul>
56005 <li>Graphics</li>
56006 </ul>
56007
56008 <blockquote>
56009 <p>The boot menu sets itself to what looks like 1024x768, but works as you expect in a tiny window. The text console does the full 3200x1800 resolution, but the text is ultra tiny. There isnt a font for the console that covers hidpi screens yet. As for X Windows it requres the drm-kmod-next package. Once installed follow the directions from the package and it works with almost no fuss. I have it running on X with full intel acceleration, but it is running at it’s full 3200x1800 resolution, to scale that down just do xrandr --output eDP-1 --scale 0.5x0.5 it will blow it up to roughly 200%. Due to limitations with X windows and hidpi it is harder to get more granular.</p>
56010 </blockquote>
56011
56012 <ul>
56013 <li>Intel Wireless 8265</li>
56014 </ul>
56015
56016 <blockquote>
56017 <p>The wireless uses the iwm module, as of right now it does not seem to automagically load right now. Adding iwm_load=“YES” will cause the module to load on boot and kldload iwm</p>
56018 </blockquote>
56019
56020 <ul>
56021 <li>Battery</li>
56022 </ul>
56023
56024 <blockquote>
56025 <p>I seem to be getting about 5 hours out of the battery, but everything reports out of the box as expected. I could get more by throttling the CPU down speed wise.</p>
56026 </blockquote>
56027
56028 <ul>
56029 <li>Overall impression</li>
56030 </ul>
56031
56032 <blockquote>
56033 <p>It is a pretty decent experience. While not as polished as a Thinkpad there is a lot of potential with a bit of work and polishing. The laptop itself is not bad, the keyboard is responsive. The build quality is pretty solid. My only real complaint is the trackpad is stiff to click and sort of tiny. They seem to be a bit indifferent to non linux OSes running on the gear but that isnt anything new. I wont have any problems using it and is enough that when I work through this laptop, but I’m not sure at this stage if my next machine will be a System76 laptop, but they have impressed me enough to put them in the running when I go to look for my next portable machine but it hasn’t yet replaced the hole left in my heart by lenovo messing with the thinkpad.</p>
56034 </blockquote>
56035
56036 <p><hr></p>
56037
56038 <p>###<a href="https://undeadly.org/cgi?action=article;sid=20180418073437">Hardware accelerated AES/HMAC-SHA on octeons</a></p>
56039
56040 <pre><code>In this commit, visa@ submitted code (disabled for now) to use built-in acceleration on octeon CPUs, much like AESNI for x86s.
56041
56042 I decided to test tcpbench(1) and IPsec, before and after updating and enabling the octcrypto(4) driver.
56043
56044 I didn't capture detailed perf stats from before the update, I had heard someone say that Edgerouter Lite boxes would only do some 6MBit/s over ipsec, so I set up a really simple ipsec.conf with ike esp from A to B leading to a policy of
56045
56046 esp tunnel from A to B spi 0xdeadbeef auth hmac-sha2-256 enc aes
56047 going from one ERL to another (I collect octeons, so I have a bunch to test with) and let tcpbench run for a while on it. My numbers hovered around 7Mbit/s, which coincided with what I've heard, and also that most of the CPU gets used while doing it.
56048 Then I edited /sys/arch/octeon/conf/GENERIC, removed the # from octcrypto0 at mainbus0 and recompiled. Booted into the new kernel and got a octcrypto0 line in dmesg, and it was time to rock the ipsec tunnel again. The crypto algorithm and HMAC used by default on ipsec coincides nicely with the list of accelerated functions provided by the driver.
56049
56050 Before we get to tunnel traffic numbers, just one quick look at what systat pigs says while the ipsec is running at full steam:
56051
56052 PID USER NAME CPU 20\ 40\ 60\ 80\ 100\
56053 58917 root crypto 52.25 #################
56054 42636 root softnet 42.48 ##############
56055 (idle) 29.74 #########
56056 1059 root tcpbench 24.22 #######
56057 67777 root crynlk 19.58 ######
56058 So this indicates that the load from doing ipsec and generating the traffic is somewhat nicely evened out over the two cores in the Edgerouter, and there's even some CPU left unused, which means I can actually ssh into it and have it usable. I have had it running for almost 2 days now, moving some 2.1TB over the tunnel.
56059 Now for the new and improved performance numbers:
56060
56061 204452123 4740752 37.402 100.00%
56062 Conn: 1 Mbps: 37.402 Peak Mbps: 58.870 Avg Mbps: 37.402
56063 204453149 4692968 36.628 100.00%
56064 Conn: 1 Mbps: 36.628 Peak Mbps: 58.870 Avg Mbps: 36.628
56065 204454167 5405552 42.480 100.00%
56066 Conn: 1 Mbps: 42.480 Peak Mbps: 58.870 Avg Mbps: 42.480
56067 204455188 5202496 40.804 100.00%
56068 Conn: 1 Mbps: 40.804 Peak Mbps: 58.870 Avg Mbps: 40.804
56069 204456194 5062208 40.256 100.00%
56070 Conn: 1 Mbps: 40.256 Peak Mbps: 58.870 Avg Mbps: 40.256
56071
56072 The tcpbench numbers fluctuate up and down a bit, but the output is nice enough to actually keep tabs on the peak values. Peaking to 58.8MBit/s! Of course, as you can see, the average is lower but nice anyhow.
56073
56074 A manyfold increase in performance, which is good enough in itself, but also moves the throughput from a speed that would make a poor but cheap gateway to something actually useful and decent for many home network speeds. Biggest problem after this gets enabled will be that my options to buy cheap used ERLs diminish.
56075 </code></pre>
56076
56077 <p><hr></p>
56078
56079 <p>##Beastie Bits</p>
56080
56081 <ul>
56082 <li><a href="http://www.etinc.com/122/Using-FreeBSD-Text-Dumps">Using FreeBSD Text Dumps</a></li>
56083 <li><a href="https://svnweb.freebsd.org/base?view=revision&revision=334391">llvm’s lld now the default linker for amd64 on FreeBSD</a></li>
56084 <li><a href="https://blather.michaelwlucas.com/archives/3194">Author Discoverability</a></li>
56085 <li><a href="https://www.openbsd.org/papers/BeckPledgeUnveilBSDCan2018.pdf">Pledge and Unveil in OpenBSD {pdf}</a></li>
56086 <li><a href="https://2018.eurobsdcon.org/call-for-papers/">EuroBSDCon 2018 CFP Closes June 17, hurry up and get your submissions in</a></li>
56087 <li><a href="https://2018.eurobsdcon.org/paul-schenkeveld-travel-grant/">Just want to attend, but need help getting to the conference? Applications for the Paul Schenkeveld travel grant accepted until June 15th</a></li>
56088 </ul>
56089
56090 <p><hr></p>
56091
56092 <p><strong>Tarsnap</strong></p>
56093
56094 <p>##Feedback/Questions</p>
56095
56096 <ul>
56097 <li>Casey - <a href="http://dpaste.com/2H42V7W#wrap">ZFS on Digital Ocean</a></li>
56098 <li>Jürgen - <a href="http://dpaste.com/3N7ZN8C#wrap">A Question</a></li>
56099 <li>Kevin - <a href="http://dpaste.com/231CY5Z#wrap">Failover best practice</a></li>
56100 <li>Dennis - <a href="http://dpaste.com/1QPNB25#wrap">SQL</a></li>
56101 </ul>
56102
56103 <p><hr></p>
56104
56105 <ul>
56106 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
56107 </ul>]]>
56108 </itunes:summary>
56109 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+1zQ_thgg</fireside:playerURL>
56110 <fireside:playerEmbedCode>
56111 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+1zQ_thgg" width="740" height="200" frameborder="0" scrolling="no">]]>
56112 </fireside:playerEmbedCode>
56113 </item>
56114 <item>
56115 <title>Episode 249: Router On A Stick | BSD Now 249</title>
56116 <link>https://www.bsdnow.tv/249</link>
56117 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-2072</guid>
56118 <pubDate>Wed, 06 Jun 2018 11:00:00 -0700</pubDate>
56119 <author>Allan Jude</author>
56120 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/9447bcc4-4425-4ae0-bc1e-0fb13362e0e2.mp3" length="51237875" type="audio/mp3"/>
56121 <itunes:episodeType>full</itunes:episodeType>
56122 <itunes:author>Allan Jude</itunes:author>
56123 <itunes:subtitle>OpenZFS and DTrace updates in NetBSD, NetBSD network security stack audit, Performance of MySQL on ZFS, OpenSMTP results from p2k18, legacy Windows backup to FreeNAS, ZFS block size importance, and NetBSD as router on a stick.</itunes:subtitle>
56124 <itunes:duration>1:25:17</itunes:duration>
56125 <itunes:explicit>no</itunes:explicit>
56126 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
56127 <description>OpenZFS and DTrace updates in NetBSD, NetBSD network security stack audit, Performance of MySQL on ZFS, OpenSMTP results from p2k18, legacy Windows backup to FreeNAS, ZFS block size importance, and NetBSD as router on a stick.
56128 <hr>
56129 <p>##Headlines<br>
56130 <a href="https://mail-index.netbsd.org/source-changes/2018/05/28/msg095541.html">ZFS and DTrace update lands in NetBSD</a></p>
56131 <blockquote>
56132 <p>merge a new version of the CDDL dtrace and ZFS code. This changes the upstream vendor from OpenSolaris to FreeBSD, and this version is based on FreeBSD svn r315983.</p>
56133 </blockquote>
56134 <ul>
56135 <li>r315983 is from March 2017 (14 months ago), so there is still more work to do</li>
56136 </ul>
56137 <blockquote>
56138 <p>in addition to the 10 years of improvements from upstream, this version also has these NetBSD-specific enhancements:</p>
56139 <ul>
56140 <li>dtrace FBT probes can now be placed in kernel modules.</li>
56141 <li>ZFS now supports mmap().</li>
56142 </ul>
56143 </blockquote>
56144 <ul>
56145 <li>This brings NetBSD 10 years forward, and they should be able to catch the rest of the way up fairly quickly</li>
56146 </ul>
56147 <hr>
56148 <p>###<a href="https://blog.netbsd.org/tnf/entry/network_security_audit">NetBSD network stack security audit</a></p>
56149 <ul>
56150 <li>Maxime Villard has been working on an audit of the NetBSD network stack, a project sponsored by The NetBSD Foundation, which has served all users of BSD-derived operating systems.</li>
56151 </ul>
56152 <blockquote>
56153 <p>Over the last five months, hundreds of patches were committed to the source tree as a result of this work. Dozens of bugs were fixed, among which a good number of actual, remotely-triggerable vulnerabilities.</p>
56154 </blockquote>
56155 <blockquote>
56156 <p>Changes were made to strengthen the networking subsystems and improve code quality: reinforce the mbuf API, add many KASSERTs to enforce assumptions, simplify packet handling, and verify compliance with RFCs. This was done in several layers of the NetBSD kernel, from device drivers to L4 handlers.<br>
56157 In the course of investigating several bugs discovered in NetBSD, I happened to look at the network stacks of other operating systems, to see whether they had already fixed the issues, and if so how. Needless to say, I found bugs there too.</p>
56158 </blockquote>
56159 <ul>
56160 <li>A lot of code is shared between the BSDs, so it is especially helpful when one finds a bug, to check the other BSDs and share the fix.</li>
56161 </ul>
56162 <blockquote>
56163 <p>The IPv6 Buffer Overflow: The overflow allowed an attacker to write one byte of packet-controlled data into ‘packetstorage+off’, where ‘off’ could be approximately controlled too. This allowed at least a pretty bad remote DoS/Crash<br>
56164 The IPsec Infinite Loop: When receiving an IPv6-AH packet, the IPsec entry point was not correctly computing the length of the IPv6 suboptions, and this, before authentication. As a result, a specially-crafted IPv6 packet could trigger an infinite loop in the kernel (making it unresponsive). In addition this flaw allowed a limited buffer overflow - where the data being written was however not controllable by the attacker.<br>
56165 The IPPROTO Typo: While looking at the IPv6 Multicast code, I stumbled across a pretty simple yet pretty bad mistake: at one point the Pim6 entry point would return IPPROTONONE instead of IPPROTODONE. Returning IPPROTONONE was entirely wrong: it caused the kernel to keep iterating on the IPv6 packet chain, while the packet storage was already freed.<br>
56166 The PF Signedness Bug: A bug was found in NetBSD’s implementation of the PF firewall, that did not affect the other BSDs. In the initial PF code a particular macro was used as an alias to a number. This macro formed a signed integer. NetBSD replaced the macro with a sizeof(), which returns an unsigned result.<br>
56167 The NPF Integer Overflow: An integer overflow could be triggered in NPF, when parsing an IPv6 packet with large options. This could cause NPF to look for the L4 payload at the wrong offset within the packet, and it allowed an attacker to bypass any L4 filtering rule on IPv6.<br>
56168 The IPsec Fragment Attack: I noticed some time ago that when reassembling fragments (in either IPv4 or IPv6), the kernel was not removing the MPKTHDR flag on the secondary mbufs in mbuf chains. This flag is supposed to indicate that a given mbuf is the head of the chain it forms; having the flag on secondary mbufs was suspicious.<br>
56169 What Now: Not all protocols and layers of the network stack were verified, because of time constraints, and also because of unexpected events: the recent x86 CPU bugs, which I was the only one able to fix promptly. A todo list will be left when the project end date is reached, for someone else to pick up. Me perhaps, later this year? We’ll see.<br>
56170 This security audit of NetBSD’s network stack is sponsored by The NetBSD Foundation, and serves all users of BSD-derived operating systems. The NetBSD Foundation is a non-profit organization, and welcomes any donations that help continue funding projects of this kind.</p>
56171 </blockquote>
56172 <hr>
56173 <p><strong>DigitalOcean</strong></p>
56174 <p>###<a href="https://www.percona.com/blog/2018/05/15/about-zfs-performance/">MySQL on ZFS Performance</a></p>
56175 <blockquote>
56176 <p>I used sysbench to create a table of 10M rows and then, using export/import tablespace, I copied it 329 times. I ended up with 330 tables for a total size of about 850GB. The dataset generated by sysbench is not very compressible, so I used lz4 compression in ZFS. For the other ZFS settings, I used what can be found in my earlier ZFS posts but with the ARC size limited to 1GB. I then used that plain configuration for the first benchmarks. Here are the results with the sysbench point-select benchmark, a uniform distribution and eight threads. The InnoDB buffer pool was set to 2.5GB.<br>
56177 In both cases, the load is IO bound. The disk is doing exactly the allowed 3000 IOPS. The above graph appears to be a clear demonstration that XFS is much faster than ZFS, right? But is that really the case? The way the dataset has been created is extremely favorable to XFS since there is absolutely no file fragmentation. Once you have all the files opened, a read IOP is just a single fseek call to an offset and ZFS doesn’t need to access any intermediate inode. The above result is about as fair as saying MyISAM is faster than InnoDB based only on table scan performance results of unfragmented tables and default configuration. ZFS is much less affected by the file level fragmentation, especially for point access type.</p>
56178 </blockquote>
56179 <blockquote>
56180 <p>ZFS stores the files in B-trees in a very similar fashion as InnoDB stores data. To access a piece of data in a B-tree, you need to access the top level page (often called root node) and then one block per level down to a leaf-node containing the data. With no cache, to read something from a three levels B-tree thus requires 3 IOPS.</p>
56181 </blockquote>
56182 <blockquote>
56183 <p>The extra IOPS performed by ZFS are needed to access those internal blocks in the B-trees of the files. These internal blocks are labeled as metadata. Essentially, in the above benchmark, the ARC is too small to contain all the internal blocks of the table files’ B-trees. If we continue the comparison with InnoDB, it would be like running with a buffer pool too small to contain the non-leaf pages. The test dataset I used has about 600MB of non-leaf pages, about 0.1% of the total size, which was well cached by the 3GB buffer pool. So only one InnoDB page, a leaf page, needed to be read per point-select statement.</p>
56184 </blockquote>
56185 <blockquote>
56186 <p>To correctly set the ARC size to cache the metadata, you have two choices. First, you can guess values for the ARC size and experiment. Second, you can try to evaluate it by looking at the ZFS internal data. Let’s review these two approaches.</p>
56187 </blockquote>
56188 <blockquote>
56189 <p>You’ll read/hear often the ratio 1GB of ARC for 1TB of data, which is about the same 0.1% ratio as for InnoDB. I wrote about that ratio a few times, having nothing better to propose. Actually, I found it depends a lot on the recordsize used. The 0.1% ratio implies a ZFS recordsize of 128KB. A ZFS filesystem with a recordsize of 128KB will use much less metadata than another one using a recordsize of 16KB because it has 8x fewer leaf pages. Fewer leaf pages require less B-tree internal nodes, hence less metadata. A filesystem with a recordsize of 128KB is excellent for sequential access as it maximizes compression and reduces the IOPS but it is poor for small random access operations like the ones MySQL/InnoDB does.</p>
56190 </blockquote>
56191 <ul>
56192 <li>In order to improve ZFS performance, I had 3 options:</li>
56193 <li>Increase the ARC size to 7GB</li>
56194 <li>Use a larger Innodb page size like 64KB</li>
56195 <li>Add a L2ARC</li>
56196 </ul>
56197 <blockquote>
56198 <p>I was reluctant to grow the ARC to 7GB, which was nearly half the overall system memory. At best, the ZFS performance would only match XFS. A larger InnoDB page size would increase the CPU load for decompression on an instance with only two vCPUs; not great either. The last option, the L2ARC, was the most promising.</p>
56199 </blockquote>
56200 <blockquote>
56201 <p>ZFS is much more complex than XFS and EXT4 but, that also means it has more tunables/options. I used a simplistic setup and an unfair benchmark which initially led to poor ZFS results. With the same benchmark, very favorable to XFS, I added a ZFS L2ARC and that completely reversed the situation, more than tripling the ZFS results, now 66% above XFS.</p>
56202 </blockquote>
56203 <ul>
56204 <li>Conclusion</li>
56205 </ul>
56206 <blockquote>
56207 <p>We have seen in this post why the general perception is that ZFS under-performs compared to XFS or EXT4. The presence of B-trees for the files has a big impact on the amount of metadata ZFS needs to handle, especially when the recordsize is small. The metadata consists mostly of the non-leaf pages (or internal nodes) of the B-trees. When properly cached, the performance of ZFS is excellent. ZFS allows you to optimize the use of EBS volumes, both in term of IOPS and size when the instance has fast ephemeral storage devices. Using the ephemeral device of an i3.large instance for the ZFS L2ARC, ZFS outperformed XFS by 66%.</p>
56208 </blockquote>
56209 <hr>
56210 <p>###<a href="https://poolp.org/posts/2018-04-30/opensmtpd-new-config/">OpenSMTPD new config</a></p>
56211 <pre><code>TL;DR:
56212 OpenBSD #p2k18 hackathon took place at Epitech in Nantes.
56213 I was organizing the hackathon but managed to make progress on OpenSMTPD.
56214 As mentioned at EuroBSDCon the one-line per rule config format was a design error.
56215 A new configuration grammar is almost ready and the underlying structures are simplified.
56216 Refactor removes ~750 lines of code and solves _many issues that were side-effects of the design error.
56217 New features are going to be unlocked thanks to this.
56218 </code></pre>
56219 <ul>
56220 <li>Anatomy of a design error</li>
56221 </ul>
56222 <blockquote>
56223 <p>OpenSMTPD started ten years ago out of dissatisfaction with other solutions, mainly because I considered them way too complex for me not to get things wrong from time to time.<br>
56224 The initial configuration format was very different, I was inspired by pyr@’s hoststated, which eventually became relayd, and designed my configuration format with blocks enclosed by brackets.<br>
56225 When I first showed OpenSMTPD to pyr@, he convinced me that PF-like one-line rules would be awesome, and it was awesome indeed.<br>
56226 It helped us maintain our goal of simple configuration files, it helped fight feature creeping, it helped us gain popularity and become a relevant MTA, it helped us get where we are now 10 years later.<br>
56227 That being said, I believe this was a design error. A design error that could not have been predicted until we hit the wall to understand WHY this was an error. One-line rules are semantically wrong, they are SMTP wrong, they are wrong.<br>
56228 One-line rules are making the entire daemon more complex, preventing some features from being implemented, making others more complex than they should be, they no longer serve our goals.<br>
56229 To get to the point: we should move to two-line rules :-)</p>
56230 </blockquote>
56231 <p>Anatomy of a design error<br>
56232 OpenSMTPD started ten years ago out of dissatisfaction with other solutions, mainly because I considered them way too complex for me not to get things wrong from time to time.</p>
56233 <p>The initial configuration format was very different, I was inspired by pyr@’s hoststated, which eventually became relayd, and designed my configuration format with blocks enclosed by brackets.</p>
56234 <p>When I first showed OpenSMTPD to pyr@, he convinced me that PF-like one-line rules would be awesome, and it was awesome indeed.</p>
56235 <p>It helped us maintain our goal of simple configuration files, it helped fight feature creeping, it helped us gain popularity and become a relevant MTA, it helped us get where we are now 10 years later.</p>
56236 <p>That being said, I believe this was a design error. A design error that could not have been predicted until we hit the wall to understand WHY this was an error. One-line rules are semantically wrong, they are SMTP wrong, they are wrong.</p>
56237 <p>One-line rules are making the entire daemon more complex, preventing some features from being implemented, making others more complex than they should be, they no longer serve our goals.</p>
56238 <p>To get to the point: we should move to two-line rules :-)</p>
56239 <ul>
56240 <li>The problem with one-line rules</li>
56241 </ul>
56242 <blockquote>
56243 <p>OpenSMTPD decides to accept or reject messages based on one-line rules such as:</p>
56244 </blockquote>
56245 <p><code>accept from any for domain poolp.org deliver to mbox</code></p>
56246 <blockquote>
56247 <p>Which can essentially be split into three units:</p>
56248 </blockquote>
56249 <ul>
56250 <li>the decision: accept/reject</li>
56251 <li>the matching: from any for domain <a href="http://poolp.org">poolp.org</a></li>
56252 <li>the (default) action: deliver to mbox</li>
56253 </ul>
56254 <blockquote>
56255 <p>To ensure that we meet the requirements of the transactions, the matching must be performed during the SMTP transaction before we take a decision for the recipient.<br>
56256 Given that the rule is atomic, that it doesn’t have an identifier and that the action is part of it, the two only ways to make sure we can remember the action to take later on at delivery time is to either:</p>
56257 </blockquote>
56258 <ul>
56259 <li>save the action in the envelope, which is what we do today</li>
56260 <li>evaluate the envelope again at delivery</li>
56261 <li>And this this where it gets tricky… both solutions are NOT ok.</li>
56262 </ul>
56263 <blockquote>
56264 <p>The first solution, which we’ve been using for a decade, was to save the action within the envelope and kind of carve it in stone. This works fine… however it comes with the downsides that errors fixed in configuration files can’t be caught up by envelopes, that delivery action must be validated way ahead of time during the SMTP transaction which is much trickier, that the parsing of delivery methods takes place as the _smtpd user rather than the recipient user, and that envelope structures that are passed all over OpenSMTPD carry delivery-time informations, and more, and more, and more. The code becomes more complex in general, less safe in some particular places, and some areas are nightmarish to deal with because they have to deal with completely unrelated code that can’t be dealt with later in the code path.</p>
56265 </blockquote>
56266 <blockquote>
56267 <p>The second solution can’t be done. An envelope may be the result of nested rules, for example an external client, hitting an alias, hitting a user with a .forward file resolving to a user. An envelope on disk may no longer match any rule or it may match a completely different rule If we could ensure that it matched the same rule, evaluating the ruleset may spawn new envelopes which would violate the transaction. Trying to imagine how we could work around this leads to more and more and more RFC violations, incoherent states, duplicate mails, etc…</p>
56268 </blockquote>
56269 <blockquote>
56270 <p>There is simply no way to deal with this with atomic rules, the matching and the action must be two separate units that are evaluated at two different times, failure to do so will necessarily imply that you’re either using our first solution and all its downsides, or that you are currently in a world of pain trying to figure out why everything is burning around you. The minute the action is written to an on-disk envelope, you have failed.</p>
56271 </blockquote>
56272 <blockquote>
56273 <p>A proper ruleset must define a set of matching patterns resolving to an action identifier that is carved in stone, AND a set of named action set that is resolved dynamically at delivery time.</p>
56274 </blockquote>
56275 <ul>
56276 <li>Follow the link above to see the rest of the article</li>
56277 </ul>
56278 <hr>
56279 <p><strong>Break</strong></p>
56280 <p>##News Roundup<br>
56281 <a href="http://fortysomethinggeek.blogspot.com/2012/09/legacy-windows-rsync-backup-to-freenas.html">Backing up a legacy Windows machine to a FreeNAS with rsync</a></p>
56282 <blockquote>
56283 <p>I have some old Windows servers (10 years and counting) and I have been using rsync to back them up to my FreeNAS box. It has been working great for me.</p>
56284 </blockquote>
56285 <blockquote>
56286 <p>First of all, I do have my Windows servers backup in virtualized format. However, those are only one-time snapshops that I run once in a while. These are classic ASP IIS web servers that I can easily put up on a new VM. However, many of these legacy servers generate gigabytes of data a day in their repositories. Running VM conversion daily is not ideal.</p>
56287 </blockquote>
56288 <blockquote>
56289 <p>My solution was to use some sort of rsync solution just for the data repos. I’ve tried some applications that didn’t work too well with Samba shares and these old servers have slow I/O. Copying files to external sata or usb drive was not ideal. We’ve moved on from Windows to Linux and do not have any Windows file servers of capacity to provide network backups. Hence, I decided to use Delta Copy with FreeNAS. So here is a little write up on how to set it up. I have 4 Windows 2000 servers backing up daily with this method.</p>
56290 </blockquote>
56291 <blockquote>
56292 <p>First, download Delta Copy and install it. It is open-source and pretty much free. It is basically a wrapper for cygwin’s rsync. When you install it, it will ask you to install the Server services which allows you to run it as a Rsync server on Windows. You don’t need to do this. Instead, you will be just using the Delta Copy Client application. But before we do that, we will need to configure our Rsync service for our Windows Clients on FreeNAS.</p>
56293 </blockquote>
56294 <ul>
56295 <li>In FreeNAS, go under Services , Select Rsync &gt; Rsync Modules &gt; Add Rsync Module.</li>
56296 <li>Then fill out the form; giving the module a name and set the path. In my example, I simply called it WIN and linked it to a user called backupuser.</li>
56297 <li>This process is much easier than trying to configure the daemon rsyncd.conf file by hand.</li>
56298 <li>Now, on the Windows Client, start the DeltaCopy Client. You will create a new Profile.</li>
56299 <li>You will need to enter the IP of the Rsync server (FreeNAS) and specify the module name which will be called “Virtual Directory Name.” When you pull the select menu, the list of Rsync Modules you created earlier in FreeNAS will populate.</li>
56300 <li>You can set authentication. On the server, you can restrict by IP and do other things to lock down your rsync.</li>
56301 <li>Next, you will add folders (and/or files) you want to synchronize.</li>
56302 <li>Once the paths are set up, you can run a sync by right clicking the profile name.</li>
56303 <li>Here, I made a test sync to a home folder of a virtualized windows box. As you can see, I mounted the rsync volume on my mac to see the progress. The rsync worked beautifully. DeltaCopy did what it was told.</li>
56304 <li>Once you get everything working. The next thing to do is set schedules. If you done tasks schedules in Windows before, it is pretty straightforward. DeltaCopy has a link in the application to directly create a new task for you. I set my backups to run nightly and it has been working great.</li>
56305 </ul>
56306 <blockquote>
56307 <p>There you have it. Windows rsync to FreeNAS using DeltaCopy.<br>
56308 The nice thing about FreeNAS is you don’t have to modify /etc/rsyncd.conf files. Everything can be done in the web admin.</p>
56309 </blockquote>
56310 <hr>
56311 <p><strong>iXsystems</strong></p>
56312 <p>###<a href="https://r3xnation.wordpress.com/2018/04/10/how-to-write-atf-tests-for-netbsd/amp/">How to write ATF tests for NetBSD</a></p>
56313 <blockquote>
56314 <p>I have recently started contributing to the amazing NetBSD foundation. I was thinking of trying out a new OS for a long time. Switching to the NetBSD OS has been a fun change.</p>
56315 </blockquote>
56316 <blockquote>
56317 <p>My first contribution to the NetBSD foundation was adding regression tests for the Address Sanitizer (ASan) in the Automated Testing Framework(ATF) which NetBSD has. I managed to complete it with the help of my really amazing mentor Kamil. This post is gonna be about the ATF framework that NetBSD has and how to you can add multiple tests with ease.</p>
56318 </blockquote>
56319 <ul>
56320 <li>Intro</li>
56321 </ul>
56322 <blockquote>
56323 <p>In ATF tests we will basically be talking about test programs which are a suite of test cases for a specific application or program.</p>
56324 </blockquote>
56325 <ul>
56326 <li>The ATF suite of Commands</li>
56327 </ul>
56328 <blockquote>
56329 <p>There are a variety of commands that the atf suite offers. These include :</p>
56330 </blockquote>
56331 <ul>
56332 <li>
56333 <p>atf-check: The versatile command that is a vital part of the checking process. man page</p>
56334 </li>
56335 <li>
56336 <p>atf-run: Command used to run a test program. man page</p>
56337 </li>
56338 <li>
56339 <p>atf-fail: Report failure of a test case.</p>
56340 </li>
56341 <li>
56342 <p>atf-report: used to pretty print the atf-run. man page</p>
56343 </li>
56344 <li>
56345 <p>atf-set: To set atf test conditions.</p>
56346 </li>
56347 <li>
56348 <p>We will be taking a better look at the syntax and usage later.</p>
56349 </li>
56350 <li>
56351 <p>Let’s start with the Basics</p>
56352 </li>
56353 </ul>
56354 <blockquote>
56355 <p>The ATF testing framework comes preinstalled with a default NetBSD installation. It is used to write tests for various applications and commands in NetBSD. One can write the Test programs in either the C language or in shell script. In this post I will be dealing with the Bash part.</p>
56356 </blockquote>
56357 <ul>
56358 <li>Follow the link above to see the rest of the article</li>
56359 </ul>
56360 <hr>
56361 <p>###<a href="http://brian.candler.me/posts/the-importance-of-zfs-blocksize/">The Importance of ZFS Block Size</a></p>
56362 <ul>
56363 <li>Warning! WARNING! Don’t just do things because some random blog says so</li>
56364 </ul>
56365 <blockquote>
56366 <p>One of the important tunables in ZFS is the recordsize (for normal datasets) and volblocksize (for zvols). These default to 128KB and 8KB respectively.<br>
56367 As I understand it, this is the unit of work in ZFS. If you modify one byte in a large file with the default 128KB record size, it causes the whole 128KB to be read in, one byte to be changed, and a new 128KB block to be written out.<br>
56368 As a result, the official recommendation is to use a block size which aligns with the underlying workload: so for example if you are using a database which reads and writes 16KB chunks then you should use a 16KB block size, and if you are running VMs containing an ext4 filesystem, which uses a 4KB block size, you should set a 4KB block size<br>
56369 You can see it has a 16GB total file size, of which 8.5G has been touched and consumes space - that is, it’s a “sparse” file. The used space is also visible by looking at the zfs filesystem which this file resides in<br>
56370 Then I tried to copy the image file whilst maintaining its “sparseness”, that is, only touching the blocks of the zvol which needed to be touched. The original used only 8.42G, but the copy uses 14.6GB - almost the entire 16GB has been touched! What’s gone wrong?<br>
56371 I finally realised that the difference between the zfs filesystem and the zvol is the block size. I recreated the zvol with a 128K block size<br>
56372 That’s better. The disk usage of the zvol is now exactly the same as for the sparse file in the filesystem dataset</p>
56373 </blockquote>
56374 <ul>
56375 <li>It does impact the read speed too. 4K blocks took 5:52, and 128K blocks took 3:20</li>
56376 <li>Part of this is the amount of metadata that has to be read, see the MySQL benchmarks from earlier in the show</li>
56377 <li>And yes, using a larger block size will increase the compression efficiency, since the compressor has more redundant data to optimize.</li>
56378 <li>Some of the savings, and the speedup is because a lot less metadata had to be written</li>
56379 <li>Your zpool layout also plays a big role, if you use 4Kn disks, and RAID-Z2, using a volblocksize of 8k will actually result in a large amount of wasted space because of RAID-Z padding. Although, if you enable compression, your 8k records may compress to only 4k, and then all the numbers change again.</li>
56380 </ul>
56381 <hr>
56382 <p>###<a href="https://www.fukr.org.uk/?p=184">Using a Raspberry Pi 2 as a Router on a Stick Starring NetBSD</a></p>
56383 <ul>
56384 <li>Sorry we didn’t answer you quickly enough</li>
56385 </ul>
56386 <blockquote>
56387 <p>A few weeks ago I set about upgrading my feeble networking skills by playing around with a Cisco 2970 switch. I set up a couple of VLANs and found the urge to set up a router to route between them. The 2970 isn’t a modern layer 3 switch so what am I to do?</p>
56388 </blockquote>
56389 <blockquote>
56390 <p>Why not make use of the Raspberry Pi 2 that I’ve never used and put it to some good use as a ‘router on a stick’.</p>
56391 </blockquote>
56392 <blockquote>
56393 <p>I could install a Linux based OS as I am quite familiar with it but where’s the fun in that? In my home lab I use SmartOS which by the way is a shit hot hypervisor but as far as I know there aren’t any Illumos distributions for the Raspberry Pi. On the desktop I use Solus OS which is by far the slickest Linux based OS that I’ve had the pleasure to use but Solus’ focus is purely desktop. It’s looking like BSD then!</p>
56394 </blockquote>
56395 <blockquote>
56396 <p>I believe FreeBSD is renowned for it’s top notch networking stack and so I wrote to the BSDNow show on Jupiter Broadcasting for some help but it seems that the FreeBSD chaps from the show are off on a jolly to some BSD conference or another(love the show by the way).</p>
56397 </blockquote>
56398 <blockquote>
56399 <p>It looks like me and the luvverly NetBSD are on a date this Saturday. I’ve always had a secret love for NetBSD. She’s a beautiful, charming and promiscuous lover(looking at the supported architectures) and I just can’t stop going back to her despite her misgivings(ahem, zfs). Just my type of grrrl!</p>
56400 </blockquote>
56401 <blockquote>
56402 <p>Let’s crack on…</p>
56403 </blockquote>
56404 <ul>
56405 <li>Follow the link above to see the rest of the article</li>
56406 </ul>
56407 <hr>
56408 <p>##Beastie Bits</p>
56409 <ul>
56410 <li><a href="https://www.bsdjobs.com/">BSD Jobs</a></li>
56411 <li><a href="https://lists.freebsd.org/pipermail/freebsd-jobs/2018-May/000944.html">University of Aberdeen’s Internet Transport Research Group is hiring</a></li>
56412 <li><a href="https://youtu.be/YnNpgtjrM9U">VR demo on OpenBSD via OpenHMD with OSVR HDK2</a></li>
56413 <li><a href="https://rachelbythebay.com/w/2018/04/05/bangpatch/">patch runs ed, and ed can run anything (mentions FreeBSD and OpenBSD)</a></li>
56414 <li><a href="https://github.com/jwilm/alacritty/blob/master/README.md">Alacritty (OpenGL-powered terminal emulator) now supports OpenBSD</a></li>
56415 <li><a href="https://undeadly.org/cgi?action=article;sid=20180413065457">MAP_STACK Stack Register Checking Committed to -current</a></li>
56416 <li><a href="https://2018.eurobsdcon.org/call-for-papers/">EuroBSDCon CfP till June 17, 2018</a></li>
56417 </ul>
56418 <hr>
56419 <p><strong>Tarsnap</strong></p>
56420 <p>##Feedback/Questions</p>
56421 <ul>
56422 <li>NeutronDaemon - <a href="http://dpaste.com/3E0SR5Y#wrap">Tutorial request</a></li>
56423 <li>Kurt - <a href="http://dpaste.com/01CWKM5#wrap">Question about transferability/bi-directionality of ZFS snapshots and send/receive</a></li>
56424 <li>Peter - <a href="http://dpaste.com/3N1BGQF#wrap">A Question and much love for BSD Now</a></li>
56425 <li>Peter - <a href="http://dpaste.com/20R2DTG">netgraph state</a></li>
56426 </ul>
56427 <hr>
56428 <ul>
56429 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
56430 </ul>
56431 <hr>
56432 </description>
56433 <itunes:keywords>freebsd,openbsd,netbsd,dragonflybsd,trueos,tutorial,howto,guide,bsd,interview,dtrace,sysbench,InnoDB,OpenSMTPD,samba,rsync,ATF tests,raspberry pi 2</itunes:keywords>
56434 <content:encoded>
56435 <![CDATA[<p>OpenZFS and DTrace updates in NetBSD, NetBSD network security stack audit, Performance of MySQL on ZFS, OpenSMTP results from p2k18, legacy Windows backup to FreeNAS, ZFS block size importance, and NetBSD as router on a stick.<br>
56436 <hr></p>
56437
56438 <p>##Headlines<br>
56439 ###<a href="https://mail-index.netbsd.org/source-changes/2018/05/28/msg095541.html">ZFS and DTrace update lands in NetBSD</a></p>
56440
56441 <blockquote>
56442 <p>merge a new version of the CDDL dtrace and ZFS code. This changes the upstream vendor from OpenSolaris to FreeBSD, and this version is based on FreeBSD svn r315983.</p>
56443 </blockquote>
56444
56445 <ul>
56446 <li>r315983 is from March 2017 (14 months ago), so there is still more work to do</li>
56447 </ul>
56448
56449 <blockquote>
56450 <p>in addition to the 10 years of improvements from upstream, this version also has these NetBSD-specific enhancements:</p>
56451 <ul>
56452 <li>dtrace FBT probes can now be placed in kernel modules.</li>
56453 <li>ZFS now supports mmap().</li>
56454 </ul>
56455 </blockquote>
56456
56457 <ul>
56458 <li>This brings NetBSD 10 years forward, and they should be able to catch the rest of the way up fairly quickly</li>
56459 </ul>
56460
56461 <p><hr></p>
56462
56463 <p>###<a href="https://blog.netbsd.org/tnf/entry/network_security_audit">NetBSD network stack security audit</a></p>
56464
56465 <ul>
56466 <li>Maxime Villard has been working on an audit of the NetBSD network stack, a project sponsored by The NetBSD Foundation, which has served all users of BSD-derived operating systems.</li>
56467 </ul>
56468
56469 <blockquote>
56470 <p>Over the last five months, hundreds of patches were committed to the source tree as a result of this work. Dozens of bugs were fixed, among which a good number of actual, remotely-triggerable vulnerabilities.</p>
56471 </blockquote>
56472
56473 <blockquote>
56474 <p>Changes were made to strengthen the networking subsystems and improve code quality: reinforce the mbuf API, add many KASSERTs to enforce assumptions, simplify packet handling, and verify compliance with RFCs. This was done in several layers of the NetBSD kernel, from device drivers to L4 handlers.<br>
56475 In the course of investigating several bugs discovered in NetBSD, I happened to look at the network stacks of other operating systems, to see whether they had already fixed the issues, and if so how. Needless to say, I found bugs there too.</p>
56476 </blockquote>
56477
56478 <ul>
56479 <li>A lot of code is shared between the BSDs, so it is especially helpful when one finds a bug, to check the other BSDs and share the fix.</li>
56480 </ul>
56481
56482 <blockquote>
56483 <p>The IPv6 Buffer Overflow: The overflow allowed an attacker to write one byte of packet-controlled data into ‘packet_storage+off’, where ‘off’ could be approximately controlled too. This allowed at least a pretty bad remote DoS/Crash<br>
56484 The IPsec Infinite Loop: When receiving an IPv6-AH packet, the IPsec entry point was not correctly computing the length of the IPv6 suboptions, and this, before authentication. As a result, a specially-crafted IPv6 packet could trigger an infinite loop in the kernel (making it unresponsive). In addition this flaw allowed a limited buffer overflow - where the data being written was however not controllable by the attacker.<br>
56485 The IPPROTO Typo: While looking at the IPv6 Multicast code, I stumbled across a pretty simple yet pretty bad mistake: at one point the Pim6 entry point would return IPPROTO_NONE instead of IPPROTO_DONE. Returning IPPROTO_NONE was entirely wrong: it caused the kernel to keep iterating on the IPv6 packet chain, while the packet storage was already freed.<br>
56486 The PF Signedness Bug: A bug was found in NetBSD’s implementation of the PF firewall, that did not affect the other BSDs. In the initial PF code a particular macro was used as an alias to a number. This macro formed a signed integer. NetBSD replaced the macro with a sizeof(), which returns an unsigned result.<br>
56487 The NPF Integer Overflow: An integer overflow could be triggered in NPF, when parsing an IPv6 packet with large options. This could cause NPF to look for the L4 payload at the wrong offset within the packet, and it allowed an attacker to bypass any L4 filtering rule on IPv6.<br>
56488 The IPsec Fragment Attack: I noticed some time ago that when reassembling fragments (in either IPv4 or IPv6), the kernel was not removing the M_PKTHDR flag on the secondary mbufs in mbuf chains. This flag is supposed to indicate that a given mbuf is the head of the chain it forms; having the flag on secondary mbufs was suspicious.<br>
56489 What Now: Not all protocols and layers of the network stack were verified, because of time constraints, and also because of unexpected events: the recent x86 CPU bugs, which I was the only one able to fix promptly. A todo list will be left when the project end date is reached, for someone else to pick up. Me perhaps, later this year? We’ll see.<br>
56490 This security audit of NetBSD’s network stack is sponsored by The NetBSD Foundation, and serves all users of BSD-derived operating systems. The NetBSD Foundation is a non-profit organization, and welcomes any donations that help continue funding projects of this kind.</p>
56491 </blockquote>
56492
56493 <p><hr></p>
56494
56495 <p><strong>DigitalOcean</strong></p>
56496
56497 <p>###<a href="https://www.percona.com/blog/2018/05/15/about-zfs-performance/">MySQL on ZFS Performance</a></p>
56498
56499 <blockquote>
56500 <p>I used sysbench to create a table of 10M rows and then, using export/import tablespace, I copied it 329 times. I ended up with 330 tables for a total size of about 850GB. The dataset generated by sysbench is not very compressible, so I used lz4 compression in ZFS. For the other ZFS settings, I used what can be found in my earlier ZFS posts but with the ARC size limited to 1GB. I then used that plain configuration for the first benchmarks. Here are the results with the sysbench point-select benchmark, a uniform distribution and eight threads. The InnoDB buffer pool was set to 2.5GB.<br>
56501 In both cases, the load is IO bound. The disk is doing exactly the allowed 3000 IOPS. The above graph appears to be a clear demonstration that XFS is much faster than ZFS, right? But is that really the case? The way the dataset has been created is extremely favorable to XFS since there is absolutely no file fragmentation. Once you have all the files opened, a read IOP is just a single fseek call to an offset and ZFS doesn’t need to access any intermediate inode. The above result is about as fair as saying MyISAM is faster than InnoDB based only on table scan performance results of unfragmented tables and default configuration. ZFS is much less affected by the file level fragmentation, especially for point access type.</p>
56502 </blockquote>
56503
56504 <blockquote>
56505 <p>ZFS stores the files in B-trees in a very similar fashion as InnoDB stores data. To access a piece of data in a B-tree, you need to access the top level page (often called root node) and then one block per level down to a leaf-node containing the data. With no cache, to read something from a three levels B-tree thus requires 3 IOPS.</p>
56506 </blockquote>
56507
56508 <blockquote>
56509 <p>The extra IOPS performed by ZFS are needed to access those internal blocks in the B-trees of the files. These internal blocks are labeled as metadata. Essentially, in the above benchmark, the ARC is too small to contain all the internal blocks of the table files’ B-trees. If we continue the comparison with InnoDB, it would be like running with a buffer pool too small to contain the non-leaf pages. The test dataset I used has about 600MB of non-leaf pages, about 0.1% of the total size, which was well cached by the 3GB buffer pool. So only one InnoDB page, a leaf page, needed to be read per point-select statement.</p>
56510 </blockquote>
56511
56512 <blockquote>
56513 <p>To correctly set the ARC size to cache the metadata, you have two choices. First, you can guess values for the ARC size and experiment. Second, you can try to evaluate it by looking at the ZFS internal data. Let’s review these two approaches.</p>
56514 </blockquote>
56515
56516 <blockquote>
56517 <p>You’ll read/hear often the ratio 1GB of ARC for 1TB of data, which is about the same 0.1% ratio as for InnoDB. I wrote about that ratio a few times, having nothing better to propose. Actually, I found it depends a lot on the recordsize used. The 0.1% ratio implies a ZFS recordsize of 128KB. A ZFS filesystem with a recordsize of 128KB will use much less metadata than another one using a recordsize of 16KB because it has 8x fewer leaf pages. Fewer leaf pages require less B-tree internal nodes, hence less metadata. A filesystem with a recordsize of 128KB is excellent for sequential access as it maximizes compression and reduces the IOPS but it is poor for small random access operations like the ones MySQL/InnoDB does.</p>
56518 </blockquote>
56519
56520 <ul>
56521 <li>In order to improve ZFS performance, I had 3 options:</li>
56522 <li>Increase the ARC size to 7GB</li>
56523 <li>Use a larger Innodb page size like 64KB</li>
56524 <li>Add a L2ARC</li>
56525 </ul>
56526
56527 <blockquote>
56528 <p>I was reluctant to grow the ARC to 7GB, which was nearly half the overall system memory. At best, the ZFS performance would only match XFS. A larger InnoDB page size would increase the CPU load for decompression on an instance with only two vCPUs; not great either. The last option, the L2ARC, was the most promising.</p>
56529 </blockquote>
56530
56531 <blockquote>
56532 <p>ZFS is much more complex than XFS and EXT4 but, that also means it has more tunables/options. I used a simplistic setup and an unfair benchmark which initially led to poor ZFS results. With the same benchmark, very favorable to XFS, I added a ZFS L2ARC and that completely reversed the situation, more than tripling the ZFS results, now 66% above XFS.</p>
56533 </blockquote>
56534
56535 <ul>
56536 <li>Conclusion</li>
56537 </ul>
56538
56539 <blockquote>
56540 <p>We have seen in this post why the general perception is that ZFS under-performs compared to XFS or EXT4. The presence of B-trees for the files has a big impact on the amount of metadata ZFS needs to handle, especially when the recordsize is small. The metadata consists mostly of the non-leaf pages (or internal nodes) of the B-trees. When properly cached, the performance of ZFS is excellent. ZFS allows you to optimize the use of EBS volumes, both in term of IOPS and size when the instance has fast ephemeral storage devices. Using the ephemeral device of an i3.large instance for the ZFS L2ARC, ZFS outperformed XFS by 66%.</p>
56541 </blockquote>
56542
56543 <p><hr></p>
56544
56545 <p>###<a href="https://poolp.org/posts/2018-04-30/opensmtpd-new-config/">OpenSMTPD new config</a></p>
56546
56547 <pre><code>TL;DR:
56548 OpenBSD #p2k18 hackathon took place at Epitech in Nantes.
56549 I was organizing the hackathon but managed to make progress on OpenSMTPD.
56550 As mentioned at EuroBSDCon the one-line per rule config format was a design error.
56551 A new configuration grammar is almost ready and the underlying structures are simplified.
56552 Refactor removes ~750 lines of code and solves _many_ issues that were side-effects of the design error.
56553 New features are going to be unlocked thanks to this.
56554 </code></pre>
56555
56556 <ul>
56557 <li>Anatomy of a design error</li>
56558 </ul>
56559
56560 <blockquote>
56561 <p>OpenSMTPD started ten years ago out of dissatisfaction with other solutions, mainly because I considered them way too complex for me not to get things wrong from time to time.<br>
56562 The initial configuration format was very different, I was inspired by pyr@’s hoststated, which eventually became relayd, and designed my configuration format with blocks enclosed by brackets.<br>
56563 When I first showed OpenSMTPD to pyr@, he convinced me that PF-like one-line rules would be awesome, and it was awesome indeed.<br>
56564 It helped us maintain our goal of simple configuration files, it helped fight feature creeping, it helped us gain popularity and become a relevant MTA, it helped us get where we are now 10 years later.<br>
56565 That being said, I believe this was a design error. A design error that could not have been predicted until we hit the wall to understand WHY this was an error. One-line rules are semantically wrong, they are SMTP wrong, they are wrong.<br>
56566 One-line rules are making the entire daemon more complex, preventing some features from being implemented, making others more complex than they should be, they no longer serve our goals.<br>
56567 To get to the point: we should move to two-line rules :-)</p>
56568 </blockquote>
56569
56570 <p>Anatomy of a design error<br>
56571 OpenSMTPD started ten years ago out of dissatisfaction with other solutions, mainly because I considered them way too complex for me not to get things wrong from time to time.</p>
56572
56573 <p>The initial configuration format was very different, I was inspired by pyr@’s hoststated, which eventually became relayd, and designed my configuration format with blocks enclosed by brackets.</p>
56574
56575 <p>When I first showed OpenSMTPD to pyr@, he convinced me that PF-like one-line rules would be awesome, and it was awesome indeed.</p>
56576
56577 <p>It helped us maintain our goal of simple configuration files, it helped fight feature creeping, it helped us gain popularity and become a relevant MTA, it helped us get where we are now 10 years later.</p>
56578
56579 <p>That being said, I believe this was a design error. A design error that could not have been predicted until we hit the wall to understand WHY this was an error. One-line rules are semantically wrong, they are SMTP wrong, they are wrong.</p>
56580
56581 <p>One-line rules are making the entire daemon more complex, preventing some features from being implemented, making others more complex than they should be, they no longer serve our goals.</p>
56582
56583 <p>To get to the point: we should move to two-line rules :-)</p>
56584
56585 <ul>
56586 <li>The problem with one-line rules</li>
56587 </ul>
56588
56589 <blockquote>
56590 <p>OpenSMTPD decides to accept or reject messages based on one-line rules such as:</p>
56591 </blockquote>
56592
56593 <p><code>accept from any for domain poolp.org deliver to mbox</code></p>
56594
56595 <blockquote>
56596 <p>Which can essentially be split into three units:</p>
56597 </blockquote>
56598
56599 <ul>
56600 <li>the decision: accept/reject</li>
56601 <li>the matching: from any for domain <a href="http://poolp.org">poolp.org</a></li>
56602 <li>the (default) action: deliver to mbox</li>
56603 </ul>
56604
56605 <blockquote>
56606 <p>To ensure that we meet the requirements of the transactions, the matching must be performed during the SMTP transaction before we take a decision for the recipient.<br>
56607 Given that the rule is atomic, that it doesn’t have an identifier and that the action is part of it, the two only ways to make sure we can remember the action to take later on at delivery time is to either:</p>
56608 </blockquote>
56609
56610 <ul>
56611 <li>save the action in the envelope, which is what we do today</li>
56612 <li>evaluate the envelope again at delivery</li>
56613 <li>And this this where it gets tricky… both solutions are NOT ok.</li>
56614 </ul>
56615
56616 <blockquote>
56617 <p>The first solution, which we’ve been using for a decade, was to save the action within the envelope and kind of carve it in stone. This works fine… however it comes with the downsides that errors fixed in configuration files can’t be caught up by envelopes, that delivery action must be validated way ahead of time during the SMTP transaction which is much trickier, that the parsing of delivery methods takes place as the _smtpd user rather than the recipient user, and that envelope structures that are passed all over OpenSMTPD carry delivery-time informations, and more, and more, and more. The code becomes more complex in general, less safe in some particular places, and some areas are nightmarish to deal with because they have to deal with completely unrelated code that can’t be dealt with later in the code path.</p>
56618 </blockquote>
56619
56620 <blockquote>
56621 <p>The second solution can’t be done. An envelope may be the result of nested rules, for example an external client, hitting an alias, hitting a user with a .forward file resolving to a user. An envelope on disk may no longer match any rule or it may match a completely different rule If we could ensure that it matched the same rule, evaluating the ruleset may spawn new envelopes which would violate the transaction. Trying to imagine how we could work around this leads to more and more and more RFC violations, incoherent states, duplicate mails, etc…</p>
56622 </blockquote>
56623
56624 <blockquote>
56625 <p>There is simply no way to deal with this with atomic rules, the matching and the action must be two separate units that are evaluated at two different times, failure to do so will necessarily imply that you’re either using our first solution and all its downsides, or that you are currently in a world of pain trying to figure out why everything is burning around you. The minute the action is written to an on-disk envelope, you have failed.</p>
56626 </blockquote>
56627
56628 <blockquote>
56629 <p>A proper ruleset must define a set of matching patterns resolving to an action identifier that is carved in stone, AND a set of named action set that is resolved dynamically at delivery time.</p>
56630 </blockquote>
56631
56632 <ul>
56633 <li>Follow the link above to see the rest of the article</li>
56634 </ul>
56635
56636 <p><hr></p>
56637
56638 <p><strong>Break</strong></p>
56639
56640 <p>##News Roundup<br>
56641 ###<a href="http://fortysomethinggeek.blogspot.com/2012/09/legacy-windows-rsync-backup-to-freenas.html">Backing up a legacy Windows machine to a FreeNAS with rsync</a></p>
56642
56643 <blockquote>
56644 <p>I have some old Windows servers (10 years and counting) and I have been using rsync to back them up to my FreeNAS box. It has been working great for me.</p>
56645 </blockquote>
56646
56647 <blockquote>
56648 <p>First of all, I do have my Windows servers backup in virtualized format. However, those are only one-time snapshops that I run once in a while. These are classic ASP IIS web servers that I can easily put up on a new VM. However, many of these legacy servers generate gigabytes of data a day in their repositories. Running VM conversion daily is not ideal.</p>
56649 </blockquote>
56650
56651 <blockquote>
56652 <p>My solution was to use some sort of rsync solution just for the data repos. I’ve tried some applications that didn’t work too well with Samba shares and these old servers have slow I/O. Copying files to external sata or usb drive was not ideal. We’ve moved on from Windows to Linux and do not have any Windows file servers of capacity to provide network backups. Hence, I decided to use Delta Copy with FreeNAS. So here is a little write up on how to set it up. I have 4 Windows 2000 servers backing up daily with this method.</p>
56653 </blockquote>
56654
56655 <blockquote>
56656 <p>First, download Delta Copy and install it. It is open-source and pretty much free. It is basically a wrapper for cygwin’s rsync. When you install it, it will ask you to install the Server services which allows you to run it as a Rsync server on Windows. You don’t need to do this. Instead, you will be just using the Delta Copy Client application. But before we do that, we will need to configure our Rsync service for our Windows Clients on FreeNAS.</p>
56657 </blockquote>
56658
56659 <ul>
56660 <li>In FreeNAS, go under Services , Select Rsync > Rsync Modules > Add Rsync Module.</li>
56661 <li>Then fill out the form; giving the module a name and set the path. In my example, I simply called it WIN and linked it to a user called backupuser.</li>
56662 <li>This process is much easier than trying to configure the daemon rsyncd.conf file by hand.</li>
56663 <li>Now, on the Windows Client, start the DeltaCopy Client. You will create a new Profile.</li>
56664 <li>You will need to enter the IP of the Rsync server (FreeNAS) and specify the module name which will be called “Virtual Directory Name.” When you pull the select menu, the list of Rsync Modules you created earlier in FreeNAS will populate.</li>
56665 <li>You can set authentication. On the server, you can restrict by IP and do other things to lock down your rsync.</li>
56666 <li>Next, you will add folders (and/or files) you want to synchronize.</li>
56667 <li>Once the paths are set up, you can run a sync by right clicking the profile name.</li>
56668 <li>Here, I made a test sync to a home folder of a virtualized windows box. As you can see, I mounted the rsync volume on my mac to see the progress. The rsync worked beautifully. DeltaCopy did what it was told.</li>
56669 <li>Once you get everything working. The next thing to do is set schedules. If you done tasks schedules in Windows before, it is pretty straightforward. DeltaCopy has a link in the application to directly create a new task for you. I set my backups to run nightly and it has been working great.</li>
56670 </ul>
56671
56672 <blockquote>
56673 <p>There you have it. Windows rsync to FreeNAS using DeltaCopy.<br>
56674 The nice thing about FreeNAS is you don’t have to modify /etc/rsyncd.conf files. Everything can be done in the web admin.</p>
56675 </blockquote>
56676
56677 <p><hr></p>
56678
56679 <p><strong>iXsystems</strong></p>
56680
56681 <p>###<a href="https://r3xnation.wordpress.com/2018/04/10/how-to-write-atf-tests-for-netbsd/amp/">How to write ATF tests for NetBSD</a></p>
56682
56683 <blockquote>
56684 <p>I have recently started contributing to the amazing NetBSD foundation. I was thinking of trying out a new OS for a long time. Switching to the NetBSD OS has been a fun change.</p>
56685 </blockquote>
56686
56687 <blockquote>
56688 <p>My first contribution to the NetBSD foundation was adding regression tests for the Address Sanitizer (ASan) in the Automated Testing Framework(ATF) which NetBSD has. I managed to complete it with the help of my really amazing mentor Kamil. This post is gonna be about the ATF framework that NetBSD has and how to you can add multiple tests with ease.</p>
56689 </blockquote>
56690
56691 <ul>
56692 <li>Intro</li>
56693 </ul>
56694
56695 <blockquote>
56696 <p>In ATF tests we will basically be talking about test programs which are a suite of test cases for a specific application or program.</p>
56697 </blockquote>
56698
56699 <ul>
56700 <li>The ATF suite of Commands</li>
56701 </ul>
56702
56703 <blockquote>
56704 <p>There are a variety of commands that the atf suite offers. These include :</p>
56705 </blockquote>
56706
56707 <ul>
56708 <li>
56709 <p>atf-check: The versatile command that is a vital part of the checking process. man page</p>
56710 </li>
56711 <li>
56712 <p>atf-run: Command used to run a test program. man page</p>
56713 </li>
56714 <li>
56715 <p>atf-fail: Report failure of a test case.</p>
56716 </li>
56717 <li>
56718 <p>atf-report: used to pretty print the atf-run. man page</p>
56719 </li>
56720 <li>
56721 <p>atf-set: To set atf test conditions.</p>
56722 </li>
56723 <li>
56724 <p>We will be taking a better look at the syntax and usage later.</p>
56725 </li>
56726 <li>
56727 <p>Let’s start with the Basics</p>
56728 </li>
56729 </ul>
56730
56731 <blockquote>
56732 <p>The ATF testing framework comes preinstalled with a default NetBSD installation. It is used to write tests for various applications and commands in NetBSD. One can write the Test programs in either the C language or in shell script. In this post I will be dealing with the Bash part.</p>
56733 </blockquote>
56734
56735 <ul>
56736 <li>Follow the link above to see the rest of the article</li>
56737 </ul>
56738
56739 <p><hr></p>
56740
56741 <p>###<a href="http://brian.candler.me/posts/the-importance-of-zfs-blocksize/">The Importance of ZFS Block Size</a></p>
56742
56743 <ul>
56744 <li>Warning! WARNING! Don’t just do things because some random blog says so</li>
56745 </ul>
56746
56747 <blockquote>
56748 <p>One of the important tunables in ZFS is the recordsize (for normal datasets) and volblocksize (for zvols). These default to 128KB and 8KB respectively.<br>
56749 As I understand it, this is the unit of work in ZFS. If you modify one byte in a large file with the default 128KB record size, it causes the whole 128KB to be read in, one byte to be changed, and a new 128KB block to be written out.<br>
56750 As a result, the official recommendation is to use a block size which aligns with the underlying workload: so for example if you are using a database which reads and writes 16KB chunks then you should use a 16KB block size, and if you are running VMs containing an ext4 filesystem, which uses a 4KB block size, you should set a 4KB block size<br>
56751 You can see it has a 16GB total file size, of which 8.5G has been touched and consumes space - that is, it’s a “sparse” file. The used space is also visible by looking at the zfs filesystem which this file resides in<br>
56752 Then I tried to copy the image file whilst maintaining its “sparseness”, that is, only touching the blocks of the zvol which needed to be touched. The original used only 8.42G, but the copy uses 14.6GB - almost the entire 16GB has been touched! What’s gone wrong?<br>
56753 I finally realised that the difference between the zfs filesystem and the zvol is the block size. I recreated the zvol with a 128K block size<br>
56754 That’s better. The disk usage of the zvol is now exactly the same as for the sparse file in the filesystem dataset</p>
56755 </blockquote>
56756
56757 <ul>
56758 <li>It does impact the read speed too. 4K blocks took 5:52, and 128K blocks took 3:20</li>
56759 <li>Part of this is the amount of metadata that has to be read, see the MySQL benchmarks from earlier in the show</li>
56760 <li>And yes, using a larger block size will increase the compression efficiency, since the compressor has more redundant data to optimize.</li>
56761 <li>Some of the savings, and the speedup is because a lot less metadata had to be written</li>
56762 <li>Your zpool layout also plays a big role, if you use 4Kn disks, and RAID-Z2, using a volblocksize of 8k will actually result in a large amount of wasted space because of RAID-Z padding. Although, if you enable compression, your 8k records may compress to only 4k, and then all the numbers change again.</li>
56763 </ul>
56764
56765 <p><hr></p>
56766
56767 <p>###<a href="https://www.fukr.org.uk/?p=184">Using a Raspberry Pi 2 as a Router on a Stick Starring NetBSD</a></p>
56768
56769 <ul>
56770 <li>Sorry we didn’t answer you quickly enough</li>
56771 </ul>
56772
56773 <blockquote>
56774 <p>A few weeks ago I set about upgrading my feeble networking skills by playing around with a Cisco 2970 switch. I set up a couple of VLANs and found the urge to set up a router to route between them. The 2970 isn’t a modern layer 3 switch so what am I to do?</p>
56775 </blockquote>
56776
56777 <blockquote>
56778 <p>Why not make use of the Raspberry Pi 2 that I’ve never used and put it to some good use as a ‘router on a stick’.</p>
56779 </blockquote>
56780
56781 <blockquote>
56782 <p>I could install a Linux based OS as I am quite familiar with it but where’s the fun in that? In my home lab I use SmartOS which by the way is a shit hot hypervisor but as far as I know there aren’t any Illumos distributions for the Raspberry Pi. On the desktop I use Solus OS which is by far the slickest Linux based OS that I’ve had the pleasure to use but Solus’ focus is purely desktop. It’s looking like BSD then!</p>
56783 </blockquote>
56784
56785 <blockquote>
56786 <p>I believe FreeBSD is renowned for it’s top notch networking stack and so I wrote to the BSDNow show on Jupiter Broadcasting for some help but it seems that the FreeBSD chaps from the show are off on a jolly to some BSD conference or another(love the show by the way).</p>
56787 </blockquote>
56788
56789 <blockquote>
56790 <p>It looks like me and the luvverly NetBSD are on a date this Saturday. I’ve always had a secret love for NetBSD. She’s a beautiful, charming and promiscuous lover(looking at the supported architectures) and I just can’t stop going back to her despite her misgivings(ahem, zfs). Just my type of grrrl!</p>
56791 </blockquote>
56792
56793 <blockquote>
56794 <p>Let’s crack on…</p>
56795 </blockquote>
56796
56797 <ul>
56798 <li>Follow the link above to see the rest of the article</li>
56799 </ul>
56800
56801 <p><hr></p>
56802
56803 <p>##Beastie Bits</p>
56804
56805 <ul>
56806 <li><a href="https://www.bsdjobs.com/">BSD Jobs</a></li>
56807 <li><a href="https://lists.freebsd.org/pipermail/freebsd-jobs/2018-May/000944.html">University of Aberdeen’s Internet Transport Research Group is hiring</a></li>
56808 <li><a href="https://youtu.be/YnNpgtjrM9U">VR demo on OpenBSD via OpenHMD with OSVR HDK2</a></li>
56809 <li><a href="https://rachelbythebay.com/w/2018/04/05/bangpatch/">patch runs ed, and ed can run anything (mentions FreeBSD and OpenBSD)</a></li>
56810 <li><a href="https://github.com/jwilm/alacritty/blob/master/README.md">Alacritty (OpenGL-powered terminal emulator) now supports OpenBSD</a></li>
56811 <li><a href="https://undeadly.org/cgi?action=article;sid=20180413065457">MAP_STACK Stack Register Checking Committed to -current</a></li>
56812 <li><a href="https://2018.eurobsdcon.org/call-for-papers/">EuroBSDCon CfP till June 17, 2018</a></li>
56813 </ul>
56814
56815 <p><hr></p>
56816
56817 <p><strong>Tarsnap</strong></p>
56818
56819 <p>##Feedback/Questions</p>
56820
56821 <ul>
56822 <li>NeutronDaemon - <a href="http://dpaste.com/3E0SR5Y#wrap">Tutorial request</a></li>
56823 <li>Kurt - <a href="http://dpaste.com/01CWKM5#wrap">Question about transferability/bi-directionality of ZFS snapshots and send/receive</a></li>
56824 <li>Peter - <a href="http://dpaste.com/3N1BGQF#wrap">A Question and much love for BSD Now</a></li>
56825 <li>Peter - <a href="http://dpaste.com/20R2DTG">netgraph state</a></li>
56826 </ul>
56827
56828 <p><hr></p>
56829
56830 <ul>
56831 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
56832 </ul>
56833
56834 <p><hr></p>]]>
56835 </content:encoded>
56836 <itunes:summary>
56837 <![CDATA[<p>OpenZFS and DTrace updates in NetBSD, NetBSD network security stack audit, Performance of MySQL on ZFS, OpenSMTP results from p2k18, legacy Windows backup to FreeNAS, ZFS block size importance, and NetBSD as router on a stick.<br>
56838 <hr></p>
56839
56840 <p>##Headlines<br>
56841 ###<a href="https://mail-index.netbsd.org/source-changes/2018/05/28/msg095541.html">ZFS and DTrace update lands in NetBSD</a></p>
56842
56843 <blockquote>
56844 <p>merge a new version of the CDDL dtrace and ZFS code. This changes the upstream vendor from OpenSolaris to FreeBSD, and this version is based on FreeBSD svn r315983.</p>
56845 </blockquote>
56846
56847 <ul>
56848 <li>r315983 is from March 2017 (14 months ago), so there is still more work to do</li>
56849 </ul>
56850
56851 <blockquote>
56852 <p>in addition to the 10 years of improvements from upstream, this version also has these NetBSD-specific enhancements:</p>
56853 <ul>
56854 <li>dtrace FBT probes can now be placed in kernel modules.</li>
56855 <li>ZFS now supports mmap().</li>
56856 </ul>
56857 </blockquote>
56858
56859 <ul>
56860 <li>This brings NetBSD 10 years forward, and they should be able to catch the rest of the way up fairly quickly</li>
56861 </ul>
56862
56863 <p><hr></p>
56864
56865 <p>###<a href="https://blog.netbsd.org/tnf/entry/network_security_audit">NetBSD network stack security audit</a></p>
56866
56867 <ul>
56868 <li>Maxime Villard has been working on an audit of the NetBSD network stack, a project sponsored by The NetBSD Foundation, which has served all users of BSD-derived operating systems.</li>
56869 </ul>
56870
56871 <blockquote>
56872 <p>Over the last five months, hundreds of patches were committed to the source tree as a result of this work. Dozens of bugs were fixed, among which a good number of actual, remotely-triggerable vulnerabilities.</p>
56873 </blockquote>
56874
56875 <blockquote>
56876 <p>Changes were made to strengthen the networking subsystems and improve code quality: reinforce the mbuf API, add many KASSERTs to enforce assumptions, simplify packet handling, and verify compliance with RFCs. This was done in several layers of the NetBSD kernel, from device drivers to L4 handlers.<br>
56877 In the course of investigating several bugs discovered in NetBSD, I happened to look at the network stacks of other operating systems, to see whether they had already fixed the issues, and if so how. Needless to say, I found bugs there too.</p>
56878 </blockquote>
56879
56880 <ul>
56881 <li>A lot of code is shared between the BSDs, so it is especially helpful when one finds a bug, to check the other BSDs and share the fix.</li>
56882 </ul>
56883
56884 <blockquote>
56885 <p>The IPv6 Buffer Overflow: The overflow allowed an attacker to write one byte of packet-controlled data into ‘packet_storage+off’, where ‘off’ could be approximately controlled too. This allowed at least a pretty bad remote DoS/Crash<br>
56886 The IPsec Infinite Loop: When receiving an IPv6-AH packet, the IPsec entry point was not correctly computing the length of the IPv6 suboptions, and this, before authentication. As a result, a specially-crafted IPv6 packet could trigger an infinite loop in the kernel (making it unresponsive). In addition this flaw allowed a limited buffer overflow - where the data being written was however not controllable by the attacker.<br>
56887 The IPPROTO Typo: While looking at the IPv6 Multicast code, I stumbled across a pretty simple yet pretty bad mistake: at one point the Pim6 entry point would return IPPROTO_NONE instead of IPPROTO_DONE. Returning IPPROTO_NONE was entirely wrong: it caused the kernel to keep iterating on the IPv6 packet chain, while the packet storage was already freed.<br>
56888 The PF Signedness Bug: A bug was found in NetBSD’s implementation of the PF firewall, that did not affect the other BSDs. In the initial PF code a particular macro was used as an alias to a number. This macro formed a signed integer. NetBSD replaced the macro with a sizeof(), which returns an unsigned result.<br>
56889 The NPF Integer Overflow: An integer overflow could be triggered in NPF, when parsing an IPv6 packet with large options. This could cause NPF to look for the L4 payload at the wrong offset within the packet, and it allowed an attacker to bypass any L4 filtering rule on IPv6.<br>
56890 The IPsec Fragment Attack: I noticed some time ago that when reassembling fragments (in either IPv4 or IPv6), the kernel was not removing the M_PKTHDR flag on the secondary mbufs in mbuf chains. This flag is supposed to indicate that a given mbuf is the head of the chain it forms; having the flag on secondary mbufs was suspicious.<br>
56891 What Now: Not all protocols and layers of the network stack were verified, because of time constraints, and also because of unexpected events: the recent x86 CPU bugs, which I was the only one able to fix promptly. A todo list will be left when the project end date is reached, for someone else to pick up. Me perhaps, later this year? We’ll see.<br>
56892 This security audit of NetBSD’s network stack is sponsored by The NetBSD Foundation, and serves all users of BSD-derived operating systems. The NetBSD Foundation is a non-profit organization, and welcomes any donations that help continue funding projects of this kind.</p>
56893 </blockquote>
56894
56895 <p><hr></p>
56896
56897 <p><strong>DigitalOcean</strong></p>
56898
56899 <p>###<a href="https://www.percona.com/blog/2018/05/15/about-zfs-performance/">MySQL on ZFS Performance</a></p>
56900
56901 <blockquote>
56902 <p>I used sysbench to create a table of 10M rows and then, using export/import tablespace, I copied it 329 times. I ended up with 330 tables for a total size of about 850GB. The dataset generated by sysbench is not very compressible, so I used lz4 compression in ZFS. For the other ZFS settings, I used what can be found in my earlier ZFS posts but with the ARC size limited to 1GB. I then used that plain configuration for the first benchmarks. Here are the results with the sysbench point-select benchmark, a uniform distribution and eight threads. The InnoDB buffer pool was set to 2.5GB.<br>
56903 In both cases, the load is IO bound. The disk is doing exactly the allowed 3000 IOPS. The above graph appears to be a clear demonstration that XFS is much faster than ZFS, right? But is that really the case? The way the dataset has been created is extremely favorable to XFS since there is absolutely no file fragmentation. Once you have all the files opened, a read IOP is just a single fseek call to an offset and ZFS doesn’t need to access any intermediate inode. The above result is about as fair as saying MyISAM is faster than InnoDB based only on table scan performance results of unfragmented tables and default configuration. ZFS is much less affected by the file level fragmentation, especially for point access type.</p>
56904 </blockquote>
56905
56906 <blockquote>
56907 <p>ZFS stores the files in B-trees in a very similar fashion as InnoDB stores data. To access a piece of data in a B-tree, you need to access the top level page (often called root node) and then one block per level down to a leaf-node containing the data. With no cache, to read something from a three levels B-tree thus requires 3 IOPS.</p>
56908 </blockquote>
56909
56910 <blockquote>
56911 <p>The extra IOPS performed by ZFS are needed to access those internal blocks in the B-trees of the files. These internal blocks are labeled as metadata. Essentially, in the above benchmark, the ARC is too small to contain all the internal blocks of the table files’ B-trees. If we continue the comparison with InnoDB, it would be like running with a buffer pool too small to contain the non-leaf pages. The test dataset I used has about 600MB of non-leaf pages, about 0.1% of the total size, which was well cached by the 3GB buffer pool. So only one InnoDB page, a leaf page, needed to be read per point-select statement.</p>
56912 </blockquote>
56913
56914 <blockquote>
56915 <p>To correctly set the ARC size to cache the metadata, you have two choices. First, you can guess values for the ARC size and experiment. Second, you can try to evaluate it by looking at the ZFS internal data. Let’s review these two approaches.</p>
56916 </blockquote>
56917
56918 <blockquote>
56919 <p>You’ll read/hear often the ratio 1GB of ARC for 1TB of data, which is about the same 0.1% ratio as for InnoDB. I wrote about that ratio a few times, having nothing better to propose. Actually, I found it depends a lot on the recordsize used. The 0.1% ratio implies a ZFS recordsize of 128KB. A ZFS filesystem with a recordsize of 128KB will use much less metadata than another one using a recordsize of 16KB because it has 8x fewer leaf pages. Fewer leaf pages require less B-tree internal nodes, hence less metadata. A filesystem with a recordsize of 128KB is excellent for sequential access as it maximizes compression and reduces the IOPS but it is poor for small random access operations like the ones MySQL/InnoDB does.</p>
56920 </blockquote>
56921
56922 <ul>
56923 <li>In order to improve ZFS performance, I had 3 options:</li>
56924 <li>Increase the ARC size to 7GB</li>
56925 <li>Use a larger Innodb page size like 64KB</li>
56926 <li>Add a L2ARC</li>
56927 </ul>
56928
56929 <blockquote>
56930 <p>I was reluctant to grow the ARC to 7GB, which was nearly half the overall system memory. At best, the ZFS performance would only match XFS. A larger InnoDB page size would increase the CPU load for decompression on an instance with only two vCPUs; not great either. The last option, the L2ARC, was the most promising.</p>
56931 </blockquote>
56932
56933 <blockquote>
56934 <p>ZFS is much more complex than XFS and EXT4 but, that also means it has more tunables/options. I used a simplistic setup and an unfair benchmark which initially led to poor ZFS results. With the same benchmark, very favorable to XFS, I added a ZFS L2ARC and that completely reversed the situation, more than tripling the ZFS results, now 66% above XFS.</p>
56935 </blockquote>
56936
56937 <ul>
56938 <li>Conclusion</li>
56939 </ul>
56940
56941 <blockquote>
56942 <p>We have seen in this post why the general perception is that ZFS under-performs compared to XFS or EXT4. The presence of B-trees for the files has a big impact on the amount of metadata ZFS needs to handle, especially when the recordsize is small. The metadata consists mostly of the non-leaf pages (or internal nodes) of the B-trees. When properly cached, the performance of ZFS is excellent. ZFS allows you to optimize the use of EBS volumes, both in term of IOPS and size when the instance has fast ephemeral storage devices. Using the ephemeral device of an i3.large instance for the ZFS L2ARC, ZFS outperformed XFS by 66%.</p>
56943 </blockquote>
56944
56945 <p><hr></p>
56946
56947 <p>###<a href="https://poolp.org/posts/2018-04-30/opensmtpd-new-config/">OpenSMTPD new config</a></p>
56948
56949 <pre><code>TL;DR:
56950 OpenBSD #p2k18 hackathon took place at Epitech in Nantes.
56951 I was organizing the hackathon but managed to make progress on OpenSMTPD.
56952 As mentioned at EuroBSDCon the one-line per rule config format was a design error.
56953 A new configuration grammar is almost ready and the underlying structures are simplified.
56954 Refactor removes ~750 lines of code and solves _many_ issues that were side-effects of the design error.
56955 New features are going to be unlocked thanks to this.
56956 </code></pre>
56957
56958 <ul>
56959 <li>Anatomy of a design error</li>
56960 </ul>
56961
56962 <blockquote>
56963 <p>OpenSMTPD started ten years ago out of dissatisfaction with other solutions, mainly because I considered them way too complex for me not to get things wrong from time to time.<br>
56964 The initial configuration format was very different, I was inspired by pyr@’s hoststated, which eventually became relayd, and designed my configuration format with blocks enclosed by brackets.<br>
56965 When I first showed OpenSMTPD to pyr@, he convinced me that PF-like one-line rules would be awesome, and it was awesome indeed.<br>
56966 It helped us maintain our goal of simple configuration files, it helped fight feature creeping, it helped us gain popularity and become a relevant MTA, it helped us get where we are now 10 years later.<br>
56967 That being said, I believe this was a design error. A design error that could not have been predicted until we hit the wall to understand WHY this was an error. One-line rules are semantically wrong, they are SMTP wrong, they are wrong.<br>
56968 One-line rules are making the entire daemon more complex, preventing some features from being implemented, making others more complex than they should be, they no longer serve our goals.<br>
56969 To get to the point: we should move to two-line rules :-)</p>
56970 </blockquote>
56971
56972 <p>Anatomy of a design error<br>
56973 OpenSMTPD started ten years ago out of dissatisfaction with other solutions, mainly because I considered them way too complex for me not to get things wrong from time to time.</p>
56974
56975 <p>The initial configuration format was very different, I was inspired by pyr@’s hoststated, which eventually became relayd, and designed my configuration format with blocks enclosed by brackets.</p>
56976
56977 <p>When I first showed OpenSMTPD to pyr@, he convinced me that PF-like one-line rules would be awesome, and it was awesome indeed.</p>
56978
56979 <p>It helped us maintain our goal of simple configuration files, it helped fight feature creeping, it helped us gain popularity and become a relevant MTA, it helped us get where we are now 10 years later.</p>
56980
56981 <p>That being said, I believe this was a design error. A design error that could not have been predicted until we hit the wall to understand WHY this was an error. One-line rules are semantically wrong, they are SMTP wrong, they are wrong.</p>
56982
56983 <p>One-line rules are making the entire daemon more complex, preventing some features from being implemented, making others more complex than they should be, they no longer serve our goals.</p>
56984
56985 <p>To get to the point: we should move to two-line rules :-)</p>
56986
56987 <ul>
56988 <li>The problem with one-line rules</li>
56989 </ul>
56990
56991 <blockquote>
56992 <p>OpenSMTPD decides to accept or reject messages based on one-line rules such as:</p>
56993 </blockquote>
56994
56995 <p><code>accept from any for domain poolp.org deliver to mbox</code></p>
56996
56997 <blockquote>
56998 <p>Which can essentially be split into three units:</p>
56999 </blockquote>
57000
57001 <ul>
57002 <li>the decision: accept/reject</li>
57003 <li>the matching: from any for domain <a href="http://poolp.org">poolp.org</a></li>
57004 <li>the (default) action: deliver to mbox</li>
57005 </ul>
57006
57007 <blockquote>
57008 <p>To ensure that we meet the requirements of the transactions, the matching must be performed during the SMTP transaction before we take a decision for the recipient.<br>
57009 Given that the rule is atomic, that it doesn’t have an identifier and that the action is part of it, the two only ways to make sure we can remember the action to take later on at delivery time is to either:</p>
57010 </blockquote>
57011
57012 <ul>
57013 <li>save the action in the envelope, which is what we do today</li>
57014 <li>evaluate the envelope again at delivery</li>
57015 <li>And this this where it gets tricky… both solutions are NOT ok.</li>
57016 </ul>
57017
57018 <blockquote>
57019 <p>The first solution, which we’ve been using for a decade, was to save the action within the envelope and kind of carve it in stone. This works fine… however it comes with the downsides that errors fixed in configuration files can’t be caught up by envelopes, that delivery action must be validated way ahead of time during the SMTP transaction which is much trickier, that the parsing of delivery methods takes place as the _smtpd user rather than the recipient user, and that envelope structures that are passed all over OpenSMTPD carry delivery-time informations, and more, and more, and more. The code becomes more complex in general, less safe in some particular places, and some areas are nightmarish to deal with because they have to deal with completely unrelated code that can’t be dealt with later in the code path.</p>
57020 </blockquote>
57021
57022 <blockquote>
57023 <p>The second solution can’t be done. An envelope may be the result of nested rules, for example an external client, hitting an alias, hitting a user with a .forward file resolving to a user. An envelope on disk may no longer match any rule or it may match a completely different rule If we could ensure that it matched the same rule, evaluating the ruleset may spawn new envelopes which would violate the transaction. Trying to imagine how we could work around this leads to more and more and more RFC violations, incoherent states, duplicate mails, etc…</p>
57024 </blockquote>
57025
57026 <blockquote>
57027 <p>There is simply no way to deal with this with atomic rules, the matching and the action must be two separate units that are evaluated at two different times, failure to do so will necessarily imply that you’re either using our first solution and all its downsides, or that you are currently in a world of pain trying to figure out why everything is burning around you. The minute the action is written to an on-disk envelope, you have failed.</p>
57028 </blockquote>
57029
57030 <blockquote>
57031 <p>A proper ruleset must define a set of matching patterns resolving to an action identifier that is carved in stone, AND a set of named action set that is resolved dynamically at delivery time.</p>
57032 </blockquote>
57033
57034 <ul>
57035 <li>Follow the link above to see the rest of the article</li>
57036 </ul>
57037
57038 <p><hr></p>
57039
57040 <p><strong>Break</strong></p>
57041
57042 <p>##News Roundup<br>
57043 ###<a href="http://fortysomethinggeek.blogspot.com/2012/09/legacy-windows-rsync-backup-to-freenas.html">Backing up a legacy Windows machine to a FreeNAS with rsync</a></p>
57044
57045 <blockquote>
57046 <p>I have some old Windows servers (10 years and counting) and I have been using rsync to back them up to my FreeNAS box. It has been working great for me.</p>
57047 </blockquote>
57048
57049 <blockquote>
57050 <p>First of all, I do have my Windows servers backup in virtualized format. However, those are only one-time snapshops that I run once in a while. These are classic ASP IIS web servers that I can easily put up on a new VM. However, many of these legacy servers generate gigabytes of data a day in their repositories. Running VM conversion daily is not ideal.</p>
57051 </blockquote>
57052
57053 <blockquote>
57054 <p>My solution was to use some sort of rsync solution just for the data repos. I’ve tried some applications that didn’t work too well with Samba shares and these old servers have slow I/O. Copying files to external sata or usb drive was not ideal. We’ve moved on from Windows to Linux and do not have any Windows file servers of capacity to provide network backups. Hence, I decided to use Delta Copy with FreeNAS. So here is a little write up on how to set it up. I have 4 Windows 2000 servers backing up daily with this method.</p>
57055 </blockquote>
57056
57057 <blockquote>
57058 <p>First, download Delta Copy and install it. It is open-source and pretty much free. It is basically a wrapper for cygwin’s rsync. When you install it, it will ask you to install the Server services which allows you to run it as a Rsync server on Windows. You don’t need to do this. Instead, you will be just using the Delta Copy Client application. But before we do that, we will need to configure our Rsync service for our Windows Clients on FreeNAS.</p>
57059 </blockquote>
57060
57061 <ul>
57062 <li>In FreeNAS, go under Services , Select Rsync > Rsync Modules > Add Rsync Module.</li>
57063 <li>Then fill out the form; giving the module a name and set the path. In my example, I simply called it WIN and linked it to a user called backupuser.</li>
57064 <li>This process is much easier than trying to configure the daemon rsyncd.conf file by hand.</li>
57065 <li>Now, on the Windows Client, start the DeltaCopy Client. You will create a new Profile.</li>
57066 <li>You will need to enter the IP of the Rsync server (FreeNAS) and specify the module name which will be called “Virtual Directory Name.” When you pull the select menu, the list of Rsync Modules you created earlier in FreeNAS will populate.</li>
57067 <li>You can set authentication. On the server, you can restrict by IP and do other things to lock down your rsync.</li>
57068 <li>Next, you will add folders (and/or files) you want to synchronize.</li>
57069 <li>Once the paths are set up, you can run a sync by right clicking the profile name.</li>
57070 <li>Here, I made a test sync to a home folder of a virtualized windows box. As you can see, I mounted the rsync volume on my mac to see the progress. The rsync worked beautifully. DeltaCopy did what it was told.</li>
57071 <li>Once you get everything working. The next thing to do is set schedules. If you done tasks schedules in Windows before, it is pretty straightforward. DeltaCopy has a link in the application to directly create a new task for you. I set my backups to run nightly and it has been working great.</li>
57072 </ul>
57073
57074 <blockquote>
57075 <p>There you have it. Windows rsync to FreeNAS using DeltaCopy.<br>
57076 The nice thing about FreeNAS is you don’t have to modify /etc/rsyncd.conf files. Everything can be done in the web admin.</p>
57077 </blockquote>
57078
57079 <p><hr></p>
57080
57081 <p><strong>iXsystems</strong></p>
57082
57083 <p>###<a href="https://r3xnation.wordpress.com/2018/04/10/how-to-write-atf-tests-for-netbsd/amp/">How to write ATF tests for NetBSD</a></p>
57084
57085 <blockquote>
57086 <p>I have recently started contributing to the amazing NetBSD foundation. I was thinking of trying out a new OS for a long time. Switching to the NetBSD OS has been a fun change.</p>
57087 </blockquote>
57088
57089 <blockquote>
57090 <p>My first contribution to the NetBSD foundation was adding regression tests for the Address Sanitizer (ASan) in the Automated Testing Framework(ATF) which NetBSD has. I managed to complete it with the help of my really amazing mentor Kamil. This post is gonna be about the ATF framework that NetBSD has and how to you can add multiple tests with ease.</p>
57091 </blockquote>
57092
57093 <ul>
57094 <li>Intro</li>
57095 </ul>
57096
57097 <blockquote>
57098 <p>In ATF tests we will basically be talking about test programs which are a suite of test cases for a specific application or program.</p>
57099 </blockquote>
57100
57101 <ul>
57102 <li>The ATF suite of Commands</li>
57103 </ul>
57104
57105 <blockquote>
57106 <p>There are a variety of commands that the atf suite offers. These include :</p>
57107 </blockquote>
57108
57109 <ul>
57110 <li>
57111 <p>atf-check: The versatile command that is a vital part of the checking process. man page</p>
57112 </li>
57113 <li>
57114 <p>atf-run: Command used to run a test program. man page</p>
57115 </li>
57116 <li>
57117 <p>atf-fail: Report failure of a test case.</p>
57118 </li>
57119 <li>
57120 <p>atf-report: used to pretty print the atf-run. man page</p>
57121 </li>
57122 <li>
57123 <p>atf-set: To set atf test conditions.</p>
57124 </li>
57125 <li>
57126 <p>We will be taking a better look at the syntax and usage later.</p>
57127 </li>
57128 <li>
57129 <p>Let’s start with the Basics</p>
57130 </li>
57131 </ul>
57132
57133 <blockquote>
57134 <p>The ATF testing framework comes preinstalled with a default NetBSD installation. It is used to write tests for various applications and commands in NetBSD. One can write the Test programs in either the C language or in shell script. In this post I will be dealing with the Bash part.</p>
57135 </blockquote>
57136
57137 <ul>
57138 <li>Follow the link above to see the rest of the article</li>
57139 </ul>
57140
57141 <p><hr></p>
57142
57143 <p>###<a href="http://brian.candler.me/posts/the-importance-of-zfs-blocksize/">The Importance of ZFS Block Size</a></p>
57144
57145 <ul>
57146 <li>Warning! WARNING! Don’t just do things because some random blog says so</li>
57147 </ul>
57148
57149 <blockquote>
57150 <p>One of the important tunables in ZFS is the recordsize (for normal datasets) and volblocksize (for zvols). These default to 128KB and 8KB respectively.<br>
57151 As I understand it, this is the unit of work in ZFS. If you modify one byte in a large file with the default 128KB record size, it causes the whole 128KB to be read in, one byte to be changed, and a new 128KB block to be written out.<br>
57152 As a result, the official recommendation is to use a block size which aligns with the underlying workload: so for example if you are using a database which reads and writes 16KB chunks then you should use a 16KB block size, and if you are running VMs containing an ext4 filesystem, which uses a 4KB block size, you should set a 4KB block size<br>
57153 You can see it has a 16GB total file size, of which 8.5G has been touched and consumes space - that is, it’s a “sparse” file. The used space is also visible by looking at the zfs filesystem which this file resides in<br>
57154 Then I tried to copy the image file whilst maintaining its “sparseness”, that is, only touching the blocks of the zvol which needed to be touched. The original used only 8.42G, but the copy uses 14.6GB - almost the entire 16GB has been touched! What’s gone wrong?<br>
57155 I finally realised that the difference between the zfs filesystem and the zvol is the block size. I recreated the zvol with a 128K block size<br>
57156 That’s better. The disk usage of the zvol is now exactly the same as for the sparse file in the filesystem dataset</p>
57157 </blockquote>
57158
57159 <ul>
57160 <li>It does impact the read speed too. 4K blocks took 5:52, and 128K blocks took 3:20</li>
57161 <li>Part of this is the amount of metadata that has to be read, see the MySQL benchmarks from earlier in the show</li>
57162 <li>And yes, using a larger block size will increase the compression efficiency, since the compressor has more redundant data to optimize.</li>
57163 <li>Some of the savings, and the speedup is because a lot less metadata had to be written</li>
57164 <li>Your zpool layout also plays a big role, if you use 4Kn disks, and RAID-Z2, using a volblocksize of 8k will actually result in a large amount of wasted space because of RAID-Z padding. Although, if you enable compression, your 8k records may compress to only 4k, and then all the numbers change again.</li>
57165 </ul>
57166
57167 <p><hr></p>
57168
57169 <p>###<a href="https://www.fukr.org.uk/?p=184">Using a Raspberry Pi 2 as a Router on a Stick Starring NetBSD</a></p>
57170
57171 <ul>
57172 <li>Sorry we didn’t answer you quickly enough</li>
57173 </ul>
57174
57175 <blockquote>
57176 <p>A few weeks ago I set about upgrading my feeble networking skills by playing around with a Cisco 2970 switch. I set up a couple of VLANs and found the urge to set up a router to route between them. The 2970 isn’t a modern layer 3 switch so what am I to do?</p>
57177 </blockquote>
57178
57179 <blockquote>
57180 <p>Why not make use of the Raspberry Pi 2 that I’ve never used and put it to some good use as a ‘router on a stick’.</p>
57181 </blockquote>
57182
57183 <blockquote>
57184 <p>I could install a Linux based OS as I am quite familiar with it but where’s the fun in that? In my home lab I use SmartOS which by the way is a shit hot hypervisor but as far as I know there aren’t any Illumos distributions for the Raspberry Pi. On the desktop I use Solus OS which is by far the slickest Linux based OS that I’ve had the pleasure to use but Solus’ focus is purely desktop. It’s looking like BSD then!</p>
57185 </blockquote>
57186
57187 <blockquote>
57188 <p>I believe FreeBSD is renowned for it’s top notch networking stack and so I wrote to the BSDNow show on Jupiter Broadcasting for some help but it seems that the FreeBSD chaps from the show are off on a jolly to some BSD conference or another(love the show by the way).</p>
57189 </blockquote>
57190
57191 <blockquote>
57192 <p>It looks like me and the luvverly NetBSD are on a date this Saturday. I’ve always had a secret love for NetBSD. She’s a beautiful, charming and promiscuous lover(looking at the supported architectures) and I just can’t stop going back to her despite her misgivings(ahem, zfs). Just my type of grrrl!</p>
57193 </blockquote>
57194
57195 <blockquote>
57196 <p>Let’s crack on…</p>
57197 </blockquote>
57198
57199 <ul>
57200 <li>Follow the link above to see the rest of the article</li>
57201 </ul>
57202
57203 <p><hr></p>
57204
57205 <p>##Beastie Bits</p>
57206
57207 <ul>
57208 <li><a href="https://www.bsdjobs.com/">BSD Jobs</a></li>
57209 <li><a href="https://lists.freebsd.org/pipermail/freebsd-jobs/2018-May/000944.html">University of Aberdeen’s Internet Transport Research Group is hiring</a></li>
57210 <li><a href="https://youtu.be/YnNpgtjrM9U">VR demo on OpenBSD via OpenHMD with OSVR HDK2</a></li>
57211 <li><a href="https://rachelbythebay.com/w/2018/04/05/bangpatch/">patch runs ed, and ed can run anything (mentions FreeBSD and OpenBSD)</a></li>
57212 <li><a href="https://github.com/jwilm/alacritty/blob/master/README.md">Alacritty (OpenGL-powered terminal emulator) now supports OpenBSD</a></li>
57213 <li><a href="https://undeadly.org/cgi?action=article;sid=20180413065457">MAP_STACK Stack Register Checking Committed to -current</a></li>
57214 <li><a href="https://2018.eurobsdcon.org/call-for-papers/">EuroBSDCon CfP till June 17, 2018</a></li>
57215 </ul>
57216
57217 <p><hr></p>
57218
57219 <p><strong>Tarsnap</strong></p>
57220
57221 <p>##Feedback/Questions</p>
57222
57223 <ul>
57224 <li>NeutronDaemon - <a href="http://dpaste.com/3E0SR5Y#wrap">Tutorial request</a></li>
57225 <li>Kurt - <a href="http://dpaste.com/01CWKM5#wrap">Question about transferability/bi-directionality of ZFS snapshots and send/receive</a></li>
57226 <li>Peter - <a href="http://dpaste.com/3N1BGQF#wrap">A Question and much love for BSD Now</a></li>
57227 <li>Peter - <a href="http://dpaste.com/20R2DTG">netgraph state</a></li>
57228 </ul>
57229
57230 <p><hr></p>
57231
57232 <ul>
57233 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
57234 </ul>
57235
57236 <p><hr></p>]]>
57237 </itunes:summary>
57238 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+iWHrf-HR</fireside:playerURL>
57239 <fireside:playerEmbedCode>
57240 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+iWHrf-HR" width="740" height="200" frameborder="0" scrolling="no">]]>
57241 </fireside:playerEmbedCode>
57242 </item>
57243 <item>
57244 <title>Episode 248: Show Me The Mooney | BSD Now 248</title>
57245 <link>https://www.bsdnow.tv/248</link>
57246 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-2016</guid>
57247 <pubDate>Tue, 29 May 2018 11:30:00 -0700</pubDate>
57248 <author>Allan Jude</author>
57249 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/a0ea5b3c-e781-499e-bfa4-cee1d550f915.mp3" length="62803024" type="audio/mp3"/>
57250 <itunes:episodeType>full</itunes:episodeType>
57251 <itunes:author>Allan Jude</itunes:author>
57252 <itunes:subtitle>DragonflyBSD release 5.2.1 is here, BPF kernel exploit writeup, Remote Debugging the running OpenBSD kernel, interview with Patrick Mooney, FreeBSD buildbot setup in a jail, dumping your USB, and 5 years of gaming on FreeBSD.</itunes:subtitle>
57253 <itunes:duration>1:44:33</itunes:duration>
57254 <itunes:explicit>no</itunes:explicit>
57255 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
57256 <description>DragonflyBSD release 5.2.1 is here, BPF kernel exploit writeup, Remote Debugging the running OpenBSD kernel, interview with Patrick Mooney, FreeBSD buildbot setup in a jail, dumping your USB, and 5 years of gaming on FreeBSD.
57257 <h2>Headlines</h2>
57258 <h3><a href="https://www.dragonflybsd.org/release52/">DragonFlyBSD: release52 (w/stable HAMMER2, as default root)</a></h3>
57259
57260 <ul>
57261 <li>DragonflyBSD 5.2.1 was released on May 21, 2018</li>
57262 <li>> Big Ticket items:
57263
57264
57265 <blockquote>
57266 Meltdown and Spectre mitigation support
57267 Meltdown isolation and spectre mitigation support added. Meltdown mitigation is automatically enabled for all Intel cpus. Spectre mitigation must be enabled manually via sysctl if desired, using sysctls machdep.spectre<em>mitigation and machdep.meltdown</em>mitigation.
57268 HAMMER2
57269 H2 has received a very large number of bug fixes and performance improvements. We can now recommend H2 as the default root filesystem in non-clustered mode.
57270 Clustered support is not yet available.
57271 ipfw Updates
57272 Implement state based "redirect", i.e. without using libalias.
57273 ipfw now supports all possible ICMP types.
57274 Fix ICMP<em>MAXTYPE assumptions (now 40 as of this release).
57275 Improved graphics support
57276 The drm/i915 kernel driver has been updated to support Intel Coffeelake GPUs
57277 Add 24-bit pixel format support to the EFI frame buffer code.
57278 Significantly improve fbio support for the "scfb" XOrg driver. This allows EFI frame buffers to be used by X in situations where we do not otherwise support the GPU.
57279 Partly implement the FBIO</em>BLANK ioctl for display powersaving.
57280 Syscons waits for drm modesetting at appropriate places, avoiding races.</li>
57281 </ul>
57282 <hr />
57283 </blockquote>
57284
57285 <h3><a href="https://github.com/Cryptogenic/Exploit-Writeups/blob/master/FreeBSD/PS4%204.55%20BPF%20Race%20Condition%20Kernel%20Exploit%20Writeup.md">PS4 4.55 BPF Race Condition Kernel Exploit Writeup</a></h3>
57286
57287
57288
57289 <blockquote>
57290 <p>Note: While this bug is primarily interesting for exploitation on the PS4, this bug can also potentially be exploited on other unpatched platforms using FreeBSD if the attacker has read/write permissions on /dev/bpf, or if they want to escalate from root user to kernel code execution. As such, I've published it under the "FreeBSD" folder and not the "PS4" folder.</p>
57291 </blockquote>
57292
57293 <ul>
57294 <li>Introduction</li>
57295 </ul>
57296
57297 <blockquote>
57298 <p>Welcome to the kernel portion of the PS4 4.55FW full exploit chain write-up. This bug was found by qwerty, and is fairly unique in the way it's exploited, so I wanted to do a detailed write-up on how it worked. The full source of the exploit can be found <a href="https://github.com/Cryptogenic/PS4-4.55-Kernel-Exploit">here</a>. I've previously covered the webkit exploit implementation for userland access <a href="https://github.com/Cryptogenic/Exploit-Writeups/blob/master/WebKit/setAttributeNodeNS%20UAF%20Write-up.md">here</a>.</p>
57299 </blockquote>
57300
57301 <ul>
57302 <li>FreeBSD or Sony's fault? Why not both...</li>
57303 </ul>
57304
57305 <blockquote>
57306 <p>Interestingly, this bug is actually a FreeBSD bug and was not (at least directly) introduced by Sony code. While this is a FreeBSD bug however, it's not very useful for most systems because the /dev/bpf device driver is root-owned, and the permissions for it are set to 0600 (meaning owner has read/write privileges, and nobody else does) - though it can be used for escalating from root to kernel mode code execution. However, let’s take a look at the make_dev() call inside the PS4 kernel for /dev/bpf (taken from a 4.05 kernel dump).</p>
57307 </blockquote>
57308
57309 <p><code>
57310 seg000:FFFFFFFFA181F15B lea rdi, unk_FFFFFFFFA2D77640
57311 seg000:FFFFFFFFA181F162 lea r9, aBpf ; "bpf"
57312 seg000:FFFFFFFFA181F169 mov esi, 0
57313 seg000:FFFFFFFFA181F16E mov edx, 0
57314 seg000:FFFFFFFFA181F173 xor ecx, ecx
57315 seg000:FFFFFFFFA181F175 mov r8d, 1B6h
57316 seg000:FFFFFFFFA181F17B xor eax, eax
57317 seg000:FFFFFFFFA181F17D mov cs:qword_FFFFFFFFA34EC770, 0
57318 seg000:FFFFFFFFA181F188 call make_dev
57319 </code></p>
57320
57321 <blockquote>
57322 <p>We see UID 0 (the UID for the root user) getting moved into the register for the 3rd argument, which is the owner argument. However, the permissions bits are being set to 0x1B6, which in octal is 0666. This means anyone can open /dev/bpf with read/write privileges. I’m not sure why this is the case, qwerty speculates that perhaps bpf is used for LAN gaming. In any case, this was a poor design decision because bpf is usually considered privileged, and should not be accessible to a process that is completely untrusted, such as WebKit. On most platforms, permissions for /dev/bpf will be set to 0x180, or 0600.</p>
57323 </blockquote>
57324
57325 <ul>
57326 <li>Race Conditions - What are they?</li>
57327 </ul>
57328
57329 <blockquote>
57330 <p>The class of the bug abused in this exploit is known as a "race condition". Before we get into bug specifics, it's important for the reader to understand what race conditions are and how they can be an issue (especially in something like a kernel). Often in complex software (such as a kernel), resources will be shared (or "global"). This means other threads could potentially execute code that will access some resource that could be accessed by another thread at the same point in time. What happens if one thread accesses this resource while another thread does without exclusive access? Race conditions are introduced.</p>
57331
57332 <p>Race conditions are defined as possible scenarios where events happen in a sequence different than the developer intended which leads to undefined behavior. In simple, single-threaded programs, this is not an issue because execution is linear. In more complex programs where code can be running in parallel however, this becomes a real issue. To prevent these problems, atomic instructions and locking mechanisms were introduced. When one thread wants to access a critical resource, it will attempt to acquire a "lock". If another thread is already using this resource, generally the thread attempting to acquire the lock will wait until the other thread is finished with it. Each thread must release the lock to the resource after they're done with it, failure to do so could result in a deadlock.</p>
57333
57334 <p>While locking mechanisms such as mutexes have been introduced, developers sometimes struggle to use them properly. For example, what if a piece of shared data gets validated and processed, but while the processing of the data is locked, the validation is not? There is a window between validation and locking where that data can change, and while the developer thinks the data has been validated, it could be substituted with something malicious after it is validated, but before it is used. Parallel programming can be difficult, especially when, as a developer, you also want to factor in the fact that you don't want to put too much code in between locking and unlocking as it can impact performance.</p>
57335 </blockquote>
57336
57337 <ul>
57338 <li>See <a href="https://github.com/Cryptogenic/Exploit-Writeups/blob/master/FreeBSD/PS4%204.55%20BPF%20Race%20Condition%20Kernel%20Exploit%20Writeup.md">article</a> for the rest</li>
57339 </ul>
57340
57341 <hr />
57342 <p><strong>iXsystems</strong></p>
57343
57344 <h3><a href="http://bijanebrahimi.github.io/blog/remote-debugging-the-running-openbsd-kernel.html">Remote Debugging the running OpenBSD kernel</a></h3>
57345
57346 <ul>
57347 <li>Subtitled: A way to understand the OpenBSD internals
57348 +> The Problem
57349 +> A few month ago, I tried porting the FreeBSD kdb along with it's gdb stub implementations to OpenBSD as a practice of learning the internals of an BSD operating system. The ddb code in both FreeBSD and OpenBSD looks pretty much the same and the GDB Remote Serial Protocol looks very minimal.
57350 +> But sadly I got very busy and the work is stalled but I'm planning on resuming the attempt as soon as I get the chance, But there is an alternative way to Debugging the OpenBSD kernel via QEMU. What I did below is basically the same with a few minor changes which I hope to describe it as best.
57351 +> Installing OpenBSD on Qemu
57352 +> For debugging the kernel, we need a working OpenBSD system running on Qemu. I chose to create a raw disk file to be able to easily mount it later via the host and copy the custom kernel onto it.
57353
57354
57355 <blockquote>
57356 $ qemu-img create -f raw disk.raw 5G
57357 $ qemu-system-x86<em>64 -m 256M \
57358 -drive format=raw,file=install63.fs \
57359 -drive format=raw,file=disk.raw
57360 +> Custom Kernel
57361 +> To debug the kernel, we need a version of the kernel with debugging symbols and for that we have to recompile it first. The process is documented at Building the System from Source:
57362 ...
57363 +> Then we can copy the bsd kernel to the guest machine and keep the bsd.gdb on the host to start the remote debugging via gdb.
57364 +> Remote debugging kernel
57365 +> Now it's to time to boot the guest with the new custom kernel. Remember that the -s argument enables the gdb server on qemu on localhost port 1234 by default:
57366 $ qemu-system-x86</em>64 -m 256M -s \
57367 -net nic -net user \
57368 -drive format=raw,file=install63.fs \
57369 +> Now to finally attach to the running kernel:</li>
57370 </ul>
57371 <hr />
57372 </blockquote>
57373
57374 <h2>Interview - Patrick Mooney - Software Engineer <a href="pmooney@pfmooney.com">pmooney@pfmooney.com</a> / <a href="https://twitter.com/pfmooney">@pfmooney</a></h2>
57375
57376 <ul>
57377 <li>BR: How did you first get introduced to UNIX?</li>
57378 <li>AJ: What got you started contributing to an open source project?</li>
57379 <li>BR: What sorts of things have you worked on in the past?</li>
57380 <li>AJ: Can you tell us more about what attracted you to illumos?</li>
57381 <li>BR: How did you get interested in, and started with, systems development?</li>
57382 <li>AJ: When did you first get interested in bhyve?</li>
57383 <li>BR: How much work was it to take the years-old port of bhyve and get it working on modern IllumOS?</li>
57384 <li>AJ: What was the process for getting the bhyve port caught up to current FreeBSD?</li>
57385 <li>BR: How usable is bhyve on illumOS?</li>
57386 <li>AJ: What area are you most interested in improving in bhyve?</li>
57387 <li>BR: Do you think the FreeBSD and illumos versions of bhyve will stay in sync with each other?</li>
57388 <li>AJ: What do you do for fun?</li>
57389 <li>BR: Anything else you want to mention?</li>
57390 </ul>
57391
57392 <hr />
57393 <h2>News Roundup</h2>
57394
57395 <h3><a href="https://andidog.de/blog/2018-04-22-buildbot-setup-freebsd-jails">Setting up buildbot in FreeBSD Jails</a></h3>
57396
57397 <blockquote>
57398 <p>In this article, I would like to present a tutorial to set up buildbot, a continuous integration (CI) software (like Jenkins, drone, etc.), making use of FreeBSD’s containerization mechanism "jails". We will cover terminology, rationale for using both buildbot and jails together, and installation steps. At the end, you will have a working buildbot instance using its sample build configuration, ready to play around with your own CI plans (or even CD, it’s very flexible!). Some hints for production-grade installations are given, but the tutorial steps are meant for a test environment (namely a virtual machine). Buildbot’s configuration and detailed concepts are not in scope here.</p>
57399 </blockquote>
57400
57401 <ul>
57402 <li><p>Table of contents</p>
57403
57404 <ul><li>Choosing host operating system and version for buildbot</li>
57405 <li>Create a FreeBSD playground</li>
57406 <li>Introduction to jails</li>
57407 <li>Overview of buildbot</li>
57408 <li>Set up jails</li>
57409 <li>Install buildbot master</li>
57410 <li>Run buildbot master</li>
57411 <li>Install buildbot worker</li>
57412 <li>Run buildbot worker</li>
57413 <li>Set up web server nginx to access buildbot UI</li>
57414 <li>Run your first build</li>
57415 <li>Production hints</li>
57416 <li>Finished!</li></ul></li>
57417 <li><p>Choosing host operating system and version for buildbot</p></li>
57418 </ul>
57419
57420 <blockquote>
57421 <p>We choose the released version of FreeBSD (11.1-RELEASE at the moment). There is no particular reason for it, and as a matter of fact buildbot as a Python-based server is very cross-platform; therefore the underlying OS platform and version should not make a large difference.</p>
57422
57423 <p>It will make a difference for what you do with buildbot, however. For instance, poudriere is the de-facto standard for building packages from source on FreeBSD. Builds run in jails which may be any FreeBSD base system version older or equal to the host’s version (reason will be explained below). In other words, if the host is FreeBSD 11.1, build jails created by poudriere could e.g. use 9.1, 10.3, 11.0, 11.1, but potentially not version 12 or newer because of incompatibilities with the host’s kernel (jails do not run their own kernel as full virtual machines do). To not prolong this article over the intended scope, the details of which nice things could be done or automated with buildbot are not covered.</p>
57424
57425 <p>Package names on the FreeBSD platform are independent of the OS version, since external software (as in: not part of base system) is maintained in FreeBSD ports. So, if your chosen FreeBSD version (here: 11) is still officially supported, the packages mentioned in this post should work. In the unlikely event of package name changes before you read this article, you should be able to find the actual package names like pkg search buildbot.</p>
57426
57427 <p>Other operating systems like the various Linux distributions will use different package names but might also offer buildbot pre-packaged. If not, the buildbot installation manual offers steps to install it manually. In such case, the downside is that you will have to maintain and update the buildbot modules outside the stability and (semi-)automatic updates of your OS packages.</p>
57428 </blockquote>
57429
57430 <ul>
57431 <li>See <a href="https://andidog.de/blog/2018-04-22-buildbot-setup-freebsd-jails">article</a> for the rest</li>
57432 </ul>
57433
57434 <hr />
57435 <p><strong>DigitalOcean</strong></p>
57436
57437 <h3><a href="http://www.grenadille.net/post/2018/03/29/Dumping-your-USB">Dumping your USB</a></h3>
57438
57439 <blockquote>
57440 <p>One of the many new features of OpenBSD 6.3 is the possibility to dump USB traffic to userland via bpf(4). This can be done with tcpdump(8) by specifying a USB bus as interface:</p>
57441 </blockquote>
57442
57443 <p>```</p>
57444
57445 <h1>tcpdump -Xx -i usb0</h1>
57446
57447 <p>tcpdump: listening on usb0, link-type USBPCAP
57448 12:28:03.317945 bus 0 &lt; addr 1: ep1 intr 2
57449 0000: 0400 ..</p>
57450
57451 <p>12:28:03.318018 bus 0 > addr 1: ep0 ctrl 8
57452 0000: 00a3 0000 0002 0004 00 ......... <br />
57453 [...]
57454 ```</p>
57455
57456 <blockquote>
57457 <p>As you might have noted I decided to implement the existing USBPcap capture format. A capture format is required because USB packets do not include all the necessary information to properly interpret them. I first thought I would implement libpcap's DLT<em>USB but then I quickly realize that this was not a standard. It is instead a FreeBSD specific format which has been since then renamed DLT</em>USB<em>FREEBSD.
57458 But I didn't want to embrace xkcd #927, so I look at the existing formats: DLT</em>USB<em>FREEBSD, DLT</em>USB<em>LINUX, DLT</em>USB<em>LINUX</em>MMAPPED, DLT<em>USB</em>DARWIN and DLT_USBPCAP. I was first a bit sad to see that nobody could agree on a common format then I moved on and picked the simplest one: USBPcap.
57459 Implementing an already existing format gives us out-of-box support for all the tools supporting it. That's why having common formats let us share our energy. In the case of USBPcap it is already supported by Wireshark, so you can already inspect your packet graphically. For that you need to first capture raw packets:</p>
57460 </blockquote>
57461
57462 <p>```</p>
57463
57464 <h1>tcpdump -s 3303 -w usb.pcap -i usb0</h1>
57465
57466 <p>tcpdump: listening on usb0, link-type USBPCAP
57467 ^C
57468 208 packets received by filter
57469 0 packets dropped by kernel
57470 ```</p>
57471
57472 <blockquote>
57473 <p>USB packets can be quite big, that's why I'm not using tcpdump(8)'s default packet size. In this case, I want to make sure I can dump the complete uaudio(4) frames.
57474 It is important to say that what is dumped to userland is what the USB stack sees. Packets sent on the wire might differ, especially when it comes to retries and timing. So this feature is not here to replace any USB analyser, however I hope that it will help people understand how things work and what the USB stack is doing. Even I found some interesting timing issues while implementing isochronous support.</p>
57475 </blockquote>
57476
57477 <hr />
57478 <h3><a href="https://www.romanzolotarev.com/openbsd/webserver.html">Run OpenBSD on your web server</a></h3>
57479
57480 <ul>
57481 <li><a href="https://www.romanzolotarev.com/vultr.html">Deploy and login to your OpenBSD server first.</a></li>
57482 </ul>
57483
57484 <blockquote>
57485 <p>As soon as you're there you can enable an httpd(8) daemon, it's already installed on OpenBSD, you just need to configure it:</p>
57486 </blockquote>
57487
57488 <p><code>www# vi /etc/httpd.conf</code></p>
57489
57490 <ul>
57491 <li>Add two server sections---one for www and another for naked domain (all requests are redirected to www).</li>
57492 </ul>
57493
57494 <p>```
57495 server "www.example.com" {
57496 listen on * port 80
57497 root "/htdocs/www.example.com"
57498 }</p>
57499
57500 <p>server "example.com" {
57501 listen on * port 80
57502 block return 301 "http://www.example.com$REQUEST_URI"
57503 }
57504 ```</p>
57505
57506 <ul>
57507 <li>httpd is chrooted to /var/www by default, so let's make a document root directory:</li>
57508 </ul>
57509
57510 <p><code>www# mkdir -p /var/www/htdocs/www.example.com</code></p>
57511
57512 <ul>
57513 <li>Save and check this configuration:</li>
57514 </ul>
57515
57516 <p><code>
57517 www# httpd -n
57518 configuration ok
57519 </code></p>
57520
57521 <ul>
57522 <li>Enable httpd(8) daemon and start it.</li>
57523 </ul>
57524
57525 <p><code>
57526 www# rcctl enable httpd
57527 www# rcctl start httpd
57528 </code></p>
57529
57530 <ul>
57531 <li><p>Publish your website</p></li>
57532 <li><p>Copy your website content into /var/www/htdocs/www.example.com and then test it your web browser.</p></li>
57533 </ul>
57534
57535 <p><code>http://XXX.XXX.XXX.XXX/</code></p>
57536
57537 <blockquote>
57538 <p>Your web server should be up and running.</p>
57539 </blockquote>
57540
57541 <ul>
57542 <li>Update DNS records</li>
57543 </ul>
57544
57545 <blockquote>
57546 <p>If there is another HTTPS server using this domain, configure that server to redirect all HTTPS requests to HTTP.</p>
57547
57548 <p>Now as your new server is ready you can update DNS records accordingly.</p>
57549 </blockquote>
57550
57551 <p><code>
57552 example.com. 300 IN A XXX.XXX.XXX.XXX
57553 www.example.com. 300 IN A XXX.XXX.XXX.XXX
57554 </code></p>
57555
57556 <ul>
57557 <li>Examine your DNS is propagated.</li>
57558 </ul>
57559
57560 <p><code>$ dig example.com www.example.com</code></p>
57561
57562 <ul>
57563 <li><p>Check IP addresses it answer sections. If they are correct, you should be able to access your new web server by its domain name.</p></li>
57564 <li><p><a href="https://www.romanzolotarev.com/openbsd/acme-client.html">What's next? Enable HTTPS on your server.</a></p></li>
57565 </ul>
57566
57567 <hr />
57568 <h3><a href="https://euroquis.nl/bobulate/?p=1827">Modern Akonadi and KMail on FreeBSD</a></h3>
57569
57570 <blockquote>
57571 <p>For, quite literally a year or more, KMail and Akonadi on FreeBSD have been only marginally useful, at best. KDE4 era KMail was pretty darn good, but everything after that has had a number of FreeBSD users tearing out their hair. Sure, you can go to Trojitá, which has its own special problems and is generally “meh”, or bail out entirely to webmail, but .. KMail is a really great mail client when it works. Which, on Linux desktops, is nearly always, and on FreeBSD, is was nearly never.</p>
57572
57573 <p>I looked at it with Dan and Volker last summer, briefly, and we got not much further than “hmm”. There’s a message about “The world is going to end!” which hardly makes sense, it means that a message has been truncated or corrupted while traversing a UNIX domain socket.</p>
57574
57575 <p>Now Alexandre Martins — praise be! — has wandered in with a likely solution. KDE Bug 381850 contains a suggestion, which deserves to be publicised (and tested):</p>
57576 </blockquote>
57577
57578 <p><code>sysctl net.local.stream.recvspace=65536</code>
57579 <code>sysctl net.local.stream.sendspace=65536</code></p>
57580
57581 <blockquote>
57582 <p>The default FreeBSD UNIX local socket buffer space is 8kiB. Bumping the size up to 64kiB — which matches the size that Linux has by default — suddenly makes KMail and Akonadi shine again. No other changes, no recompiling, just .. bump the sysctls (perhaps also in /etc/sysctl.conf) and KMail from Area51 hums along all day without ending the world.</p>
57583
57584 <p>Since changing this value may have other effects, and Akonadi shouldn’t be dependent on a specific buffer size anyway, I’m looking into the Akonadi code (encouraged by Dan) to either automatically size the socket buffers, or to figure out where in the underlying code the assumption about buffer size lives. So for now, sysctl can make KMail users on FreeBSD happy, and later we hope to have things fully automatic (and if that doesn’t pan out, well, pkg-message exists).</p>
57585
57586 <p>PS. Modern KDE PIM applications — Akonadi, KMail — which live in the deskutils/ category of the official FreeBSD ports were added to the official tree April 10th, so you can get your fix now from the official tree.</p>
57587 </blockquote>
57588
57589 <hr />
57590 <h2>Beastie Bits</h2>
57591
57592 <ul>
57593 <li><a href="http://lists.dragonflybsd.org/pipermail/users/2018-April/335722.html">pkg-provides support for DragonFly (from Rodrigo Osorio)</a></li>
57594 <li><a href="https://monades.roperzh.com/memories-writing-parser-man-pages/">Memories of writing a parser for man pages</a></li>
57595 <li><a href="http://developeronfire.com/podcast/episode-198-bryan-cantrill-persistence-and-action">Bryan Cantrill interview over at DeveloperOnFire podcast</a></li>
57596 <li><a href="http://minnie.tuhs.org/pipermail/tuhs/2018-March/013285.html">1978-03-25 - 2018-03-25: 40 years BSD Mail</a></li>
57597 <li><a href="https://imgur.com/a/KOTJS">My 5 years of FreeBSD gaming: a compendium of free games and engines running natively on FreeBSD</a></li>
57598 <li><a href="https://reviews.freebsd.org/D15562">Sequential Resilver being upstreamed to FreeBSD, from FreeNAS, where it was ported from ZFS-on-Linux</a></li>
57599 <li><a href="https://lists.freebsd.org/pipermail/freebsd-jobs/2018-May/000944.html">University of Aberdeen’s Internet Transport Research Group is hiring </a></li>
57600 </ul>
57601
57602 <hr />
57603 <p><strong>Tarsnap ad</strong></p>
57604
57605 <h2>Feedback/Questions</h2>
57606
57607 <ul>
57608 <li>Dave - <a href="http://dpaste.com/0KHRB4Z#wrap">mounting non-filesystem things inside jails</a></li>
57609 <li>Morgan - <a href="http://dpaste.com/10QD42T#wrap">ZFS on Linux Data loss bug</a></li>
57610 <li>Rene - <a href="http://dpaste.com/30VM51S#wrap">How to keep your ISP’s nose out of your browser history with encrypted DNS</a></li>
57611 <li>Rodriguez - <a href="http://dpaste.com/3WVYR9D#wrap">Feedback question! Relating to Windows</a></li>
57612 </ul>
57613
57614 <hr />
57615 <ul>
57616 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
57617 </ul>
57618 </description>
57619 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, tutorial, howto, guide, bsd, interview, HAMMER2, PS4, Kernel Exploit, debugging</itunes:keywords>
57620 <content:encoded>
57621 <![CDATA[<p>DragonflyBSD release 5.2.1 is here, BPF kernel exploit writeup, Remote Debugging the running OpenBSD kernel, interview with Patrick Mooney, FreeBSD buildbot setup in a jail, dumping your USB, and 5 years of gaming on FreeBSD.</p>
57622
57623 <h2>Headlines</h2>
57624
57625 <h3><a href="https://www.dragonflybsd.org/release52/">DragonFlyBSD: release52 (w/stable HAMMER2, as default root)</a></h3>
57626
57627 <ul>
57628 <li>DragonflyBSD 5.2.1 was released on May 21, 2018</li>
57629 <li>> Big Ticket items:
57630
57631
57632 <blockquote>
57633 Meltdown and Spectre mitigation support
57634 Meltdown isolation and spectre mitigation support added. Meltdown mitigation is automatically enabled for all Intel cpus. Spectre mitigation must be enabled manually via sysctl if desired, using sysctls machdep.spectre<em>mitigation and machdep.meltdown</em>mitigation.
57635 HAMMER2
57636 H2 has received a very large number of bug fixes and performance improvements. We can now recommend H2 as the default root filesystem in non-clustered mode.
57637 Clustered support is not yet available.
57638 ipfw Updates
57639 Implement state based "redirect", i.e. without using libalias.
57640 ipfw now supports all possible ICMP types.
57641 Fix ICMP<em>MAXTYPE assumptions (now 40 as of this release).
57642 Improved graphics support
57643 The drm/i915 kernel driver has been updated to support Intel Coffeelake GPUs
57644 Add 24-bit pixel format support to the EFI frame buffer code.
57645 Significantly improve fbio support for the "scfb" XOrg driver. This allows EFI frame buffers to be used by X in situations where we do not otherwise support the GPU.
57646 Partly implement the FBIO</em>BLANK ioctl for display powersaving.
57647 Syscons waits for drm modesetting at appropriate places, avoiding races.</li>
57648 </ul>
57649 <hr />
57650 </blockquote>
57651
57652 <h3><a href="https://github.com/Cryptogenic/Exploit-Writeups/blob/master/FreeBSD/PS4%204.55%20BPF%20Race%20Condition%20Kernel%20Exploit%20Writeup.md">PS4 4.55 BPF Race Condition Kernel Exploit Writeup</a></h3>
57653
57654
57655
57656 <blockquote>
57657 <p>Note: While this bug is primarily interesting for exploitation on the PS4, this bug can also potentially be exploited on other unpatched platforms using FreeBSD if the attacker has read/write permissions on /dev/bpf, or if they want to escalate from root user to kernel code execution. As such, I've published it under the "FreeBSD" folder and not the "PS4" folder.</p>
57658 </blockquote>
57659
57660 <ul>
57661 <li>Introduction</li>
57662 </ul>
57663
57664 <blockquote>
57665 <p>Welcome to the kernel portion of the PS4 4.55FW full exploit chain write-up. This bug was found by qwerty, and is fairly unique in the way it's exploited, so I wanted to do a detailed write-up on how it worked. The full source of the exploit can be found <a href="https://github.com/Cryptogenic/PS4-4.55-Kernel-Exploit">here</a>. I've previously covered the webkit exploit implementation for userland access <a href="https://github.com/Cryptogenic/Exploit-Writeups/blob/master/WebKit/setAttributeNodeNS%20UAF%20Write-up.md">here</a>.</p>
57666 </blockquote>
57667
57668 <ul>
57669 <li>FreeBSD or Sony's fault? Why not both...</li>
57670 </ul>
57671
57672 <blockquote>
57673 <p>Interestingly, this bug is actually a FreeBSD bug and was not (at least directly) introduced by Sony code. While this is a FreeBSD bug however, it's not very useful for most systems because the /dev/bpf device driver is root-owned, and the permissions for it are set to 0600 (meaning owner has read/write privileges, and nobody else does) - though it can be used for escalating from root to kernel mode code execution. However, let’s take a look at the make_dev() call inside the PS4 kernel for /dev/bpf (taken from a 4.05 kernel dump).</p>
57674 </blockquote>
57675
57676 <p><code>
57677 seg000:FFFFFFFFA181F15B lea rdi, unk_FFFFFFFFA2D77640
57678 seg000:FFFFFFFFA181F162 lea r9, aBpf ; "bpf"
57679 seg000:FFFFFFFFA181F169 mov esi, 0
57680 seg000:FFFFFFFFA181F16E mov edx, 0
57681 seg000:FFFFFFFFA181F173 xor ecx, ecx
57682 seg000:FFFFFFFFA181F175 mov r8d, 1B6h
57683 seg000:FFFFFFFFA181F17B xor eax, eax
57684 seg000:FFFFFFFFA181F17D mov cs:qword_FFFFFFFFA34EC770, 0
57685 seg000:FFFFFFFFA181F188 call make_dev
57686 </code></p>
57687
57688 <blockquote>
57689 <p>We see UID 0 (the UID for the root user) getting moved into the register for the 3rd argument, which is the owner argument. However, the permissions bits are being set to 0x1B6, which in octal is 0666. This means anyone can open /dev/bpf with read/write privileges. I’m not sure why this is the case, qwerty speculates that perhaps bpf is used for LAN gaming. In any case, this was a poor design decision because bpf is usually considered privileged, and should not be accessible to a process that is completely untrusted, such as WebKit. On most platforms, permissions for /dev/bpf will be set to 0x180, or 0600.</p>
57690 </blockquote>
57691
57692 <ul>
57693 <li>Race Conditions - What are they?</li>
57694 </ul>
57695
57696 <blockquote>
57697 <p>The class of the bug abused in this exploit is known as a "race condition". Before we get into bug specifics, it's important for the reader to understand what race conditions are and how they can be an issue (especially in something like a kernel). Often in complex software (such as a kernel), resources will be shared (or "global"). This means other threads could potentially execute code that will access some resource that could be accessed by another thread at the same point in time. What happens if one thread accesses this resource while another thread does without exclusive access? Race conditions are introduced.</p>
57698
57699 <p>Race conditions are defined as possible scenarios where events happen in a sequence different than the developer intended which leads to undefined behavior. In simple, single-threaded programs, this is not an issue because execution is linear. In more complex programs where code can be running in parallel however, this becomes a real issue. To prevent these problems, atomic instructions and locking mechanisms were introduced. When one thread wants to access a critical resource, it will attempt to acquire a "lock". If another thread is already using this resource, generally the thread attempting to acquire the lock will wait until the other thread is finished with it. Each thread must release the lock to the resource after they're done with it, failure to do so could result in a deadlock.</p>
57700
57701 <p>While locking mechanisms such as mutexes have been introduced, developers sometimes struggle to use them properly. For example, what if a piece of shared data gets validated and processed, but while the processing of the data is locked, the validation is not? There is a window between validation and locking where that data can change, and while the developer thinks the data has been validated, it could be substituted with something malicious after it is validated, but before it is used. Parallel programming can be difficult, especially when, as a developer, you also want to factor in the fact that you don't want to put too much code in between locking and unlocking as it can impact performance.</p>
57702 </blockquote>
57703
57704 <ul>
57705 <li>See <a href="https://github.com/Cryptogenic/Exploit-Writeups/blob/master/FreeBSD/PS4%204.55%20BPF%20Race%20Condition%20Kernel%20Exploit%20Writeup.md">article</a> for the rest</li>
57706 </ul>
57707
57708 <p><hr /></p>
57709
57710 <p><strong>iXsystems</strong></p>
57711
57712 <h3><a href="http://bijanebrahimi.github.io/blog/remote-debugging-the-running-openbsd-kernel.html">Remote Debugging the running OpenBSD kernel</a></h3>
57713
57714 <ul>
57715 <li>Subtitled: A way to understand the OpenBSD internals
57716 +> The Problem
57717 +> A few month ago, I tried porting the FreeBSD kdb along with it's gdb stub implementations to OpenBSD as a practice of learning the internals of an BSD operating system. The ddb code in both FreeBSD and OpenBSD looks pretty much the same and the GDB Remote Serial Protocol looks very minimal.
57718 +> But sadly I got very busy and the work is stalled but I'm planning on resuming the attempt as soon as I get the chance, But there is an alternative way to Debugging the OpenBSD kernel via QEMU. What I did below is basically the same with a few minor changes which I hope to describe it as best.
57719 +> Installing OpenBSD on Qemu
57720 +> For debugging the kernel, we need a working OpenBSD system running on Qemu. I chose to create a raw disk file to be able to easily mount it later via the host and copy the custom kernel onto it.
57721
57722
57723 <blockquote>
57724 $ qemu-img create -f raw disk.raw 5G
57725 $ qemu-system-x86<em>64 -m 256M \
57726 -drive format=raw,file=install63.fs \
57727 -drive format=raw,file=disk.raw
57728 +> Custom Kernel
57729 +> To debug the kernel, we need a version of the kernel with debugging symbols and for that we have to recompile it first. The process is documented at Building the System from Source:
57730 ...
57731 +> Then we can copy the bsd kernel to the guest machine and keep the bsd.gdb on the host to start the remote debugging via gdb.
57732 +> Remote debugging kernel
57733 +> Now it's to time to boot the guest with the new custom kernel. Remember that the -s argument enables the gdb server on qemu on localhost port 1234 by default:
57734 $ qemu-system-x86</em>64 -m 256M -s \
57735 -net nic -net user \
57736 -drive format=raw,file=install63.fs \
57737 +> Now to finally attach to the running kernel:</li>
57738 </ul>
57739 <hr />
57740 </blockquote>
57741
57742 <h2>Interview - Patrick Mooney - Software Engineer <a href="pmooney@pfmooney.com">pmooney@pfmooney.com</a> / <a href="https://twitter.com/pfmooney">@pfmooney</a></h2>
57743
57744 <ul>
57745 <li>BR: How did you first get introduced to UNIX?</li>
57746 <li>AJ: What got you started contributing to an open source project?</li>
57747 <li>BR: What sorts of things have you worked on in the past?</li>
57748 <li>AJ: Can you tell us more about what attracted you to illumos?</li>
57749 <li>BR: How did you get interested in, and started with, systems development?</li>
57750 <li>AJ: When did you first get interested in bhyve?</li>
57751 <li>BR: How much work was it to take the years-old port of bhyve and get it working on modern IllumOS?</li>
57752 <li>AJ: What was the process for getting the bhyve port caught up to current FreeBSD?</li>
57753 <li>BR: How usable is bhyve on illumOS?</li>
57754 <li>AJ: What area are you most interested in improving in bhyve?</li>
57755 <li>BR: Do you think the FreeBSD and illumos versions of bhyve will stay in sync with each other?</li>
57756 <li>AJ: What do you do for fun?</li>
57757 <li>BR: Anything else you want to mention?</li>
57758 </ul>
57759
57760 <p><hr /></p>
57761
57762 <h2>News Roundup</h2>
57763
57764 <h3><a href="https://andidog.de/blog/2018-04-22-buildbot-setup-freebsd-jails">Setting up buildbot in FreeBSD Jails</a></h3>
57765
57766 <blockquote>
57767 <p>In this article, I would like to present a tutorial to set up buildbot, a continuous integration (CI) software (like Jenkins, drone, etc.), making use of FreeBSD’s containerization mechanism "jails". We will cover terminology, rationale for using both buildbot and jails together, and installation steps. At the end, you will have a working buildbot instance using its sample build configuration, ready to play around with your own CI plans (or even CD, it’s very flexible!). Some hints for production-grade installations are given, but the tutorial steps are meant for a test environment (namely a virtual machine). Buildbot’s configuration and detailed concepts are not in scope here.</p>
57768 </blockquote>
57769
57770 <ul>
57771 <li><p>Table of contents</p>
57772
57773 <ul><li>Choosing host operating system and version for buildbot</li>
57774 <li>Create a FreeBSD playground</li>
57775 <li>Introduction to jails</li>
57776 <li>Overview of buildbot</li>
57777 <li>Set up jails</li>
57778 <li>Install buildbot master</li>
57779 <li>Run buildbot master</li>
57780 <li>Install buildbot worker</li>
57781 <li>Run buildbot worker</li>
57782 <li>Set up web server nginx to access buildbot UI</li>
57783 <li>Run your first build</li>
57784 <li>Production hints</li>
57785 <li>Finished!</li></ul></li>
57786 <li><p>Choosing host operating system and version for buildbot</p></li>
57787 </ul>
57788
57789 <blockquote>
57790 <p>We choose the released version of FreeBSD (11.1-RELEASE at the moment). There is no particular reason for it, and as a matter of fact buildbot as a Python-based server is very cross-platform; therefore the underlying OS platform and version should not make a large difference.</p>
57791
57792 <p>It will make a difference for what you do with buildbot, however. For instance, poudriere is the de-facto standard for building packages from source on FreeBSD. Builds run in jails which may be any FreeBSD base system version older or equal to the host’s version (reason will be explained below). In other words, if the host is FreeBSD 11.1, build jails created by poudriere could e.g. use 9.1, 10.3, 11.0, 11.1, but potentially not version 12 or newer because of incompatibilities with the host’s kernel (jails do not run their own kernel as full virtual machines do). To not prolong this article over the intended scope, the details of which nice things could be done or automated with buildbot are not covered.</p>
57793
57794 <p>Package names on the FreeBSD platform are independent of the OS version, since external software (as in: not part of base system) is maintained in FreeBSD ports. So, if your chosen FreeBSD version (here: 11) is still officially supported, the packages mentioned in this post should work. In the unlikely event of package name changes before you read this article, you should be able to find the actual package names like pkg search buildbot.</p>
57795
57796 <p>Other operating systems like the various Linux distributions will use different package names but might also offer buildbot pre-packaged. If not, the buildbot installation manual offers steps to install it manually. In such case, the downside is that you will have to maintain and update the buildbot modules outside the stability and (semi-)automatic updates of your OS packages.</p>
57797 </blockquote>
57798
57799 <ul>
57800 <li>See <a href="https://andidog.de/blog/2018-04-22-buildbot-setup-freebsd-jails">article</a> for the rest</li>
57801 </ul>
57802
57803 <p><hr /></p>
57804
57805 <p><strong>DigitalOcean</strong></p>
57806
57807 <h3><a href="http://www.grenadille.net/post/2018/03/29/Dumping-your-USB">Dumping your USB</a></h3>
57808
57809 <blockquote>
57810 <p>One of the many new features of OpenBSD 6.3 is the possibility to dump USB traffic to userland via bpf(4). This can be done with tcpdump(8) by specifying a USB bus as interface:</p>
57811 </blockquote>
57812
57813 <p>```</p>
57814
57815 <h1>tcpdump -Xx -i usb0</h1>
57816
57817 <p>tcpdump: listening on usb0, link-type USBPCAP
57818 12:28:03.317945 bus 0 < addr 1: ep1 intr 2
57819 0000: 0400 ..</p>
57820
57821 <p>12:28:03.318018 bus 0 > addr 1: ep0 ctrl 8
57822 0000: 00a3 0000 0002 0004 00 ......... <br />
57823 [...]
57824 ```</p>
57825
57826 <blockquote>
57827 <p>As you might have noted I decided to implement the existing USBPcap capture format. A capture format is required because USB packets do not include all the necessary information to properly interpret them. I first thought I would implement libpcap's DLT<em>USB but then I quickly realize that this was not a standard. It is instead a FreeBSD specific format which has been since then renamed DLT</em>USB<em>FREEBSD.
57828 But I didn't want to embrace xkcd #927, so I look at the existing formats: DLT</em>USB<em>FREEBSD, DLT</em>USB<em>LINUX, DLT</em>USB<em>LINUX</em>MMAPPED, DLT<em>USB</em>DARWIN and DLT_USBPCAP. I was first a bit sad to see that nobody could agree on a common format then I moved on and picked the simplest one: USBPcap.
57829 Implementing an already existing format gives us out-of-box support for all the tools supporting it. That's why having common formats let us share our energy. In the case of USBPcap it is already supported by Wireshark, so you can already inspect your packet graphically. For that you need to first capture raw packets:</p>
57830 </blockquote>
57831
57832 <p>```</p>
57833
57834 <h1>tcpdump -s 3303 -w usb.pcap -i usb0</h1>
57835
57836 <p>tcpdump: listening on usb0, link-type USBPCAP
57837 ^C
57838 208 packets received by filter
57839 0 packets dropped by kernel
57840 ```</p>
57841
57842 <blockquote>
57843 <p>USB packets can be quite big, that's why I'm not using tcpdump(8)'s default packet size. In this case, I want to make sure I can dump the complete uaudio(4) frames.
57844 It is important to say that what is dumped to userland is what the USB stack sees. Packets sent on the wire might differ, especially when it comes to retries and timing. So this feature is not here to replace any USB analyser, however I hope that it will help people understand how things work and what the USB stack is doing. Even I found some interesting timing issues while implementing isochronous support.</p>
57845 </blockquote>
57846
57847 <p><hr /></p>
57848
57849 <h3><a href="https://www.romanzolotarev.com/openbsd/webserver.html">Run OpenBSD on your web server</a></h3>
57850
57851 <ul>
57852 <li><a href="https://www.romanzolotarev.com/vultr.html">Deploy and login to your OpenBSD server first.</a></li>
57853 </ul>
57854
57855 <blockquote>
57856 <p>As soon as you're there you can enable an httpd(8) daemon, it's already installed on OpenBSD, you just need to configure it:</p>
57857 </blockquote>
57858
57859 <p><code>www# vi /etc/httpd.conf</code></p>
57860
57861 <ul>
57862 <li>Add two server sections---one for www and another for naked domain (all requests are redirected to www).</li>
57863 </ul>
57864
57865 <p>```
57866 server "www.example.com" {
57867 listen on * port 80
57868 root "/htdocs/www.example.com"
57869 }</p>
57870
57871 <p>server "example.com" {
57872 listen on * port 80
57873 block return 301 "http://www.example.com$REQUEST_URI"
57874 }
57875 ```</p>
57876
57877 <ul>
57878 <li>httpd is chrooted to /var/www by default, so let's make a document root directory:</li>
57879 </ul>
57880
57881 <p><code>www# mkdir -p /var/www/htdocs/www.example.com</code></p>
57882
57883 <ul>
57884 <li>Save and check this configuration:</li>
57885 </ul>
57886
57887 <p><code>
57888 www# httpd -n
57889 configuration ok
57890 </code></p>
57891
57892 <ul>
57893 <li>Enable httpd(8) daemon and start it.</li>
57894 </ul>
57895
57896 <p><code>
57897 www# rcctl enable httpd
57898 www# rcctl start httpd
57899 </code></p>
57900
57901 <ul>
57902 <li><p>Publish your website</p></li>
57903 <li><p>Copy your website content into /var/www/htdocs/www.example.com and then test it your web browser.</p></li>
57904 </ul>
57905
57906 <p><code>http://XXX.XXX.XXX.XXX/</code></p>
57907
57908 <blockquote>
57909 <p>Your web server should be up and running.</p>
57910 </blockquote>
57911
57912 <ul>
57913 <li>Update DNS records</li>
57914 </ul>
57915
57916 <blockquote>
57917 <p>If there is another HTTPS server using this domain, configure that server to redirect all HTTPS requests to HTTP.</p>
57918
57919 <p>Now as your new server is ready you can update DNS records accordingly.</p>
57920 </blockquote>
57921
57922 <p><code>
57923 example.com. 300 IN A XXX.XXX.XXX.XXX
57924 www.example.com. 300 IN A XXX.XXX.XXX.XXX
57925 </code></p>
57926
57927 <ul>
57928 <li>Examine your DNS is propagated.</li>
57929 </ul>
57930
57931 <p><code>$ dig example.com www.example.com</code></p>
57932
57933 <ul>
57934 <li><p>Check IP addresses it answer sections. If they are correct, you should be able to access your new web server by its domain name.</p></li>
57935 <li><p><a href="https://www.romanzolotarev.com/openbsd/acme-client.html">What's next? Enable HTTPS on your server.</a></p></li>
57936 </ul>
57937
57938 <p><hr /></p>
57939
57940 <h3><a href="https://euroquis.nl/bobulate/?p=1827">Modern Akonadi and KMail on FreeBSD</a></h3>
57941
57942 <blockquote>
57943 <p>For, quite literally a year or more, KMail and Akonadi on FreeBSD have been only marginally useful, at best. KDE4 era KMail was pretty darn good, but everything after that has had a number of FreeBSD users tearing out their hair. Sure, you can go to Trojitá, which has its own special problems and is generally “meh”, or bail out entirely to webmail, but .. KMail is a really great mail client when it works. Which, on Linux desktops, is nearly always, and on FreeBSD, is was nearly never.</p>
57944
57945 <p>I looked at it with Dan and Volker last summer, briefly, and we got not much further than “hmm”. There’s a message about “The world is going to end!” which hardly makes sense, it means that a message has been truncated or corrupted while traversing a UNIX domain socket.</p>
57946
57947 <p>Now Alexandre Martins — praise be! — has wandered in with a likely solution. KDE Bug 381850 contains a suggestion, which deserves to be publicised (and tested):</p>
57948 </blockquote>
57949
57950 <p><code>sysctl net.local.stream.recvspace=65536</code>
57951 <code>sysctl net.local.stream.sendspace=65536</code></p>
57952
57953 <blockquote>
57954 <p>The default FreeBSD UNIX local socket buffer space is 8kiB. Bumping the size up to 64kiB — which matches the size that Linux has by default — suddenly makes KMail and Akonadi shine again. No other changes, no recompiling, just .. bump the sysctls (perhaps also in /etc/sysctl.conf) and KMail from Area51 hums along all day without ending the world.</p>
57955
57956 <p>Since changing this value may have other effects, and Akonadi shouldn’t be dependent on a specific buffer size anyway, I’m looking into the Akonadi code (encouraged by Dan) to either automatically size the socket buffers, or to figure out where in the underlying code the assumption about buffer size lives. So for now, sysctl can make KMail users on FreeBSD happy, and later we hope to have things fully automatic (and if that doesn’t pan out, well, pkg-message exists).</p>
57957
57958 <p>PS. Modern KDE PIM applications — Akonadi, KMail — which live in the deskutils/ category of the official FreeBSD ports were added to the official tree April 10th, so you can get your fix now from the official tree.</p>
57959 </blockquote>
57960
57961 <p><hr /></p>
57962
57963 <h2>Beastie Bits</h2>
57964
57965 <ul>
57966 <li><a href="http://lists.dragonflybsd.org/pipermail/users/2018-April/335722.html">pkg-provides support for DragonFly (from Rodrigo Osorio)</a></li>
57967 <li><a href="https://monades.roperzh.com/memories-writing-parser-man-pages/">Memories of writing a parser for man pages</a></li>
57968 <li><a href="http://developeronfire.com/podcast/episode-198-bryan-cantrill-persistence-and-action">Bryan Cantrill interview over at DeveloperOnFire podcast</a></li>
57969 <li><a href="http://minnie.tuhs.org/pipermail/tuhs/2018-March/013285.html">1978-03-25 - 2018-03-25: 40 years BSD Mail</a></li>
57970 <li><a href="https://imgur.com/a/KOTJS">My 5 years of FreeBSD gaming: a compendium of free games and engines running natively on FreeBSD</a></li>
57971 <li><a href="https://reviews.freebsd.org/D15562">Sequential Resilver being upstreamed to FreeBSD, from FreeNAS, where it was ported from ZFS-on-Linux</a></li>
57972 <li><a href="https://lists.freebsd.org/pipermail/freebsd-jobs/2018-May/000944.html">University of Aberdeen’s Internet Transport Research Group is hiring </a></li>
57973 </ul>
57974
57975 <p><hr /></p>
57976
57977 <p><strong>Tarsnap ad</strong></p>
57978
57979 <h2>Feedback/Questions</h2>
57980
57981 <ul>
57982 <li>Dave - <a href="http://dpaste.com/0KHRB4Z#wrap">mounting non-filesystem things inside jails</a></li>
57983 <li>Morgan - <a href="http://dpaste.com/10QD42T#wrap">ZFS on Linux Data loss bug</a></li>
57984 <li>Rene - <a href="http://dpaste.com/30VM51S#wrap">How to keep your ISP’s nose out of your browser history with encrypted DNS</a></li>
57985 <li>Rodriguez - <a href="http://dpaste.com/3WVYR9D#wrap">Feedback question! Relating to Windows</a></li>
57986 </ul>
57987
57988 <p><hr /></p>
57989
57990 <ul>
57991 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
57992 </ul>]]>
57993 </content:encoded>
57994 <itunes:summary>
57995 <![CDATA[<p>DragonflyBSD release 5.2.1 is here, BPF kernel exploit writeup, Remote Debugging the running OpenBSD kernel, interview with Patrick Mooney, FreeBSD buildbot setup in a jail, dumping your USB, and 5 years of gaming on FreeBSD.</p>
57996
57997 <h2>Headlines</h2>
57998
57999 <h3><a href="https://www.dragonflybsd.org/release52/">DragonFlyBSD: release52 (w/stable HAMMER2, as default root)</a></h3>
58000
58001 <ul>
58002 <li>DragonflyBSD 5.2.1 was released on May 21, 2018</li>
58003 <li>> Big Ticket items:
58004
58005
58006 <blockquote>
58007 Meltdown and Spectre mitigation support
58008 Meltdown isolation and spectre mitigation support added. Meltdown mitigation is automatically enabled for all Intel cpus. Spectre mitigation must be enabled manually via sysctl if desired, using sysctls machdep.spectre<em>mitigation and machdep.meltdown</em>mitigation.
58009 HAMMER2
58010 H2 has received a very large number of bug fixes and performance improvements. We can now recommend H2 as the default root filesystem in non-clustered mode.
58011 Clustered support is not yet available.
58012 ipfw Updates
58013 Implement state based "redirect", i.e. without using libalias.
58014 ipfw now supports all possible ICMP types.
58015 Fix ICMP<em>MAXTYPE assumptions (now 40 as of this release).
58016 Improved graphics support
58017 The drm/i915 kernel driver has been updated to support Intel Coffeelake GPUs
58018 Add 24-bit pixel format support to the EFI frame buffer code.
58019 Significantly improve fbio support for the "scfb" XOrg driver. This allows EFI frame buffers to be used by X in situations where we do not otherwise support the GPU.
58020 Partly implement the FBIO</em>BLANK ioctl for display powersaving.
58021 Syscons waits for drm modesetting at appropriate places, avoiding races.</li>
58022 </ul>
58023 <hr />
58024 </blockquote>
58025
58026 <h3><a href="https://github.com/Cryptogenic/Exploit-Writeups/blob/master/FreeBSD/PS4%204.55%20BPF%20Race%20Condition%20Kernel%20Exploit%20Writeup.md">PS4 4.55 BPF Race Condition Kernel Exploit Writeup</a></h3>
58027
58028
58029
58030 <blockquote>
58031 <p>Note: While this bug is primarily interesting for exploitation on the PS4, this bug can also potentially be exploited on other unpatched platforms using FreeBSD if the attacker has read/write permissions on /dev/bpf, or if they want to escalate from root user to kernel code execution. As such, I've published it under the "FreeBSD" folder and not the "PS4" folder.</p>
58032 </blockquote>
58033
58034 <ul>
58035 <li>Introduction</li>
58036 </ul>
58037
58038 <blockquote>
58039 <p>Welcome to the kernel portion of the PS4 4.55FW full exploit chain write-up. This bug was found by qwerty, and is fairly unique in the way it's exploited, so I wanted to do a detailed write-up on how it worked. The full source of the exploit can be found <a href="https://github.com/Cryptogenic/PS4-4.55-Kernel-Exploit">here</a>. I've previously covered the webkit exploit implementation for userland access <a href="https://github.com/Cryptogenic/Exploit-Writeups/blob/master/WebKit/setAttributeNodeNS%20UAF%20Write-up.md">here</a>.</p>
58040 </blockquote>
58041
58042 <ul>
58043 <li>FreeBSD or Sony's fault? Why not both...</li>
58044 </ul>
58045
58046 <blockquote>
58047 <p>Interestingly, this bug is actually a FreeBSD bug and was not (at least directly) introduced by Sony code. While this is a FreeBSD bug however, it's not very useful for most systems because the /dev/bpf device driver is root-owned, and the permissions for it are set to 0600 (meaning owner has read/write privileges, and nobody else does) - though it can be used for escalating from root to kernel mode code execution. However, let’s take a look at the make_dev() call inside the PS4 kernel for /dev/bpf (taken from a 4.05 kernel dump).</p>
58048 </blockquote>
58049
58050 <p><code>
58051 seg000:FFFFFFFFA181F15B lea rdi, unk_FFFFFFFFA2D77640
58052 seg000:FFFFFFFFA181F162 lea r9, aBpf ; "bpf"
58053 seg000:FFFFFFFFA181F169 mov esi, 0
58054 seg000:FFFFFFFFA181F16E mov edx, 0
58055 seg000:FFFFFFFFA181F173 xor ecx, ecx
58056 seg000:FFFFFFFFA181F175 mov r8d, 1B6h
58057 seg000:FFFFFFFFA181F17B xor eax, eax
58058 seg000:FFFFFFFFA181F17D mov cs:qword_FFFFFFFFA34EC770, 0
58059 seg000:FFFFFFFFA181F188 call make_dev
58060 </code></p>
58061
58062 <blockquote>
58063 <p>We see UID 0 (the UID for the root user) getting moved into the register for the 3rd argument, which is the owner argument. However, the permissions bits are being set to 0x1B6, which in octal is 0666. This means anyone can open /dev/bpf with read/write privileges. I’m not sure why this is the case, qwerty speculates that perhaps bpf is used for LAN gaming. In any case, this was a poor design decision because bpf is usually considered privileged, and should not be accessible to a process that is completely untrusted, such as WebKit. On most platforms, permissions for /dev/bpf will be set to 0x180, or 0600.</p>
58064 </blockquote>
58065
58066 <ul>
58067 <li>Race Conditions - What are they?</li>
58068 </ul>
58069
58070 <blockquote>
58071 <p>The class of the bug abused in this exploit is known as a "race condition". Before we get into bug specifics, it's important for the reader to understand what race conditions are and how they can be an issue (especially in something like a kernel). Often in complex software (such as a kernel), resources will be shared (or "global"). This means other threads could potentially execute code that will access some resource that could be accessed by another thread at the same point in time. What happens if one thread accesses this resource while another thread does without exclusive access? Race conditions are introduced.</p>
58072
58073 <p>Race conditions are defined as possible scenarios where events happen in a sequence different than the developer intended which leads to undefined behavior. In simple, single-threaded programs, this is not an issue because execution is linear. In more complex programs where code can be running in parallel however, this becomes a real issue. To prevent these problems, atomic instructions and locking mechanisms were introduced. When one thread wants to access a critical resource, it will attempt to acquire a "lock". If another thread is already using this resource, generally the thread attempting to acquire the lock will wait until the other thread is finished with it. Each thread must release the lock to the resource after they're done with it, failure to do so could result in a deadlock.</p>
58074
58075 <p>While locking mechanisms such as mutexes have been introduced, developers sometimes struggle to use them properly. For example, what if a piece of shared data gets validated and processed, but while the processing of the data is locked, the validation is not? There is a window between validation and locking where that data can change, and while the developer thinks the data has been validated, it could be substituted with something malicious after it is validated, but before it is used. Parallel programming can be difficult, especially when, as a developer, you also want to factor in the fact that you don't want to put too much code in between locking and unlocking as it can impact performance.</p>
58076 </blockquote>
58077
58078 <ul>
58079 <li>See <a href="https://github.com/Cryptogenic/Exploit-Writeups/blob/master/FreeBSD/PS4%204.55%20BPF%20Race%20Condition%20Kernel%20Exploit%20Writeup.md">article</a> for the rest</li>
58080 </ul>
58081
58082 <p><hr /></p>
58083
58084 <p><strong>iXsystems</strong></p>
58085
58086 <h3><a href="http://bijanebrahimi.github.io/blog/remote-debugging-the-running-openbsd-kernel.html">Remote Debugging the running OpenBSD kernel</a></h3>
58087
58088 <ul>
58089 <li>Subtitled: A way to understand the OpenBSD internals
58090 +> The Problem
58091 +> A few month ago, I tried porting the FreeBSD kdb along with it's gdb stub implementations to OpenBSD as a practice of learning the internals of an BSD operating system. The ddb code in both FreeBSD and OpenBSD looks pretty much the same and the GDB Remote Serial Protocol looks very minimal.
58092 +> But sadly I got very busy and the work is stalled but I'm planning on resuming the attempt as soon as I get the chance, But there is an alternative way to Debugging the OpenBSD kernel via QEMU. What I did below is basically the same with a few minor changes which I hope to describe it as best.
58093 +> Installing OpenBSD on Qemu
58094 +> For debugging the kernel, we need a working OpenBSD system running on Qemu. I chose to create a raw disk file to be able to easily mount it later via the host and copy the custom kernel onto it.
58095
58096
58097 <blockquote>
58098 $ qemu-img create -f raw disk.raw 5G
58099 $ qemu-system-x86<em>64 -m 256M \
58100 -drive format=raw,file=install63.fs \
58101 -drive format=raw,file=disk.raw
58102 +> Custom Kernel
58103 +> To debug the kernel, we need a version of the kernel with debugging symbols and for that we have to recompile it first. The process is documented at Building the System from Source:
58104 ...
58105 +> Then we can copy the bsd kernel to the guest machine and keep the bsd.gdb on the host to start the remote debugging via gdb.
58106 +> Remote debugging kernel
58107 +> Now it's to time to boot the guest with the new custom kernel. Remember that the -s argument enables the gdb server on qemu on localhost port 1234 by default:
58108 $ qemu-system-x86</em>64 -m 256M -s \
58109 -net nic -net user \
58110 -drive format=raw,file=install63.fs \
58111 +> Now to finally attach to the running kernel:</li>
58112 </ul>
58113 <hr />
58114 </blockquote>
58115
58116 <h2>Interview - Patrick Mooney - Software Engineer <a href="pmooney@pfmooney.com">pmooney@pfmooney.com</a> / <a href="https://twitter.com/pfmooney">@pfmooney</a></h2>
58117
58118 <ul>
58119 <li>BR: How did you first get introduced to UNIX?</li>
58120 <li>AJ: What got you started contributing to an open source project?</li>
58121 <li>BR: What sorts of things have you worked on in the past?</li>
58122 <li>AJ: Can you tell us more about what attracted you to illumos?</li>
58123 <li>BR: How did you get interested in, and started with, systems development?</li>
58124 <li>AJ: When did you first get interested in bhyve?</li>
58125 <li>BR: How much work was it to take the years-old port of bhyve and get it working on modern IllumOS?</li>
58126 <li>AJ: What was the process for getting the bhyve port caught up to current FreeBSD?</li>
58127 <li>BR: How usable is bhyve on illumOS?</li>
58128 <li>AJ: What area are you most interested in improving in bhyve?</li>
58129 <li>BR: Do you think the FreeBSD and illumos versions of bhyve will stay in sync with each other?</li>
58130 <li>AJ: What do you do for fun?</li>
58131 <li>BR: Anything else you want to mention?</li>
58132 </ul>
58133
58134 <p><hr /></p>
58135
58136 <h2>News Roundup</h2>
58137
58138 <h3><a href="https://andidog.de/blog/2018-04-22-buildbot-setup-freebsd-jails">Setting up buildbot in FreeBSD Jails</a></h3>
58139
58140 <blockquote>
58141 <p>In this article, I would like to present a tutorial to set up buildbot, a continuous integration (CI) software (like Jenkins, drone, etc.), making use of FreeBSD’s containerization mechanism "jails". We will cover terminology, rationale for using both buildbot and jails together, and installation steps. At the end, you will have a working buildbot instance using its sample build configuration, ready to play around with your own CI plans (or even CD, it’s very flexible!). Some hints for production-grade installations are given, but the tutorial steps are meant for a test environment (namely a virtual machine). Buildbot’s configuration and detailed concepts are not in scope here.</p>
58142 </blockquote>
58143
58144 <ul>
58145 <li><p>Table of contents</p>
58146
58147 <ul><li>Choosing host operating system and version for buildbot</li>
58148 <li>Create a FreeBSD playground</li>
58149 <li>Introduction to jails</li>
58150 <li>Overview of buildbot</li>
58151 <li>Set up jails</li>
58152 <li>Install buildbot master</li>
58153 <li>Run buildbot master</li>
58154 <li>Install buildbot worker</li>
58155 <li>Run buildbot worker</li>
58156 <li>Set up web server nginx to access buildbot UI</li>
58157 <li>Run your first build</li>
58158 <li>Production hints</li>
58159 <li>Finished!</li></ul></li>
58160 <li><p>Choosing host operating system and version for buildbot</p></li>
58161 </ul>
58162
58163 <blockquote>
58164 <p>We choose the released version of FreeBSD (11.1-RELEASE at the moment). There is no particular reason for it, and as a matter of fact buildbot as a Python-based server is very cross-platform; therefore the underlying OS platform and version should not make a large difference.</p>
58165
58166 <p>It will make a difference for what you do with buildbot, however. For instance, poudriere is the de-facto standard for building packages from source on FreeBSD. Builds run in jails which may be any FreeBSD base system version older or equal to the host’s version (reason will be explained below). In other words, if the host is FreeBSD 11.1, build jails created by poudriere could e.g. use 9.1, 10.3, 11.0, 11.1, but potentially not version 12 or newer because of incompatibilities with the host’s kernel (jails do not run their own kernel as full virtual machines do). To not prolong this article over the intended scope, the details of which nice things could be done or automated with buildbot are not covered.</p>
58167
58168 <p>Package names on the FreeBSD platform are independent of the OS version, since external software (as in: not part of base system) is maintained in FreeBSD ports. So, if your chosen FreeBSD version (here: 11) is still officially supported, the packages mentioned in this post should work. In the unlikely event of package name changes before you read this article, you should be able to find the actual package names like pkg search buildbot.</p>
58169
58170 <p>Other operating systems like the various Linux distributions will use different package names but might also offer buildbot pre-packaged. If not, the buildbot installation manual offers steps to install it manually. In such case, the downside is that you will have to maintain and update the buildbot modules outside the stability and (semi-)automatic updates of your OS packages.</p>
58171 </blockquote>
58172
58173 <ul>
58174 <li>See <a href="https://andidog.de/blog/2018-04-22-buildbot-setup-freebsd-jails">article</a> for the rest</li>
58175 </ul>
58176
58177 <p><hr /></p>
58178
58179 <p><strong>DigitalOcean</strong></p>
58180
58181 <h3><a href="http://www.grenadille.net/post/2018/03/29/Dumping-your-USB">Dumping your USB</a></h3>
58182
58183 <blockquote>
58184 <p>One of the many new features of OpenBSD 6.3 is the possibility to dump USB traffic to userland via bpf(4). This can be done with tcpdump(8) by specifying a USB bus as interface:</p>
58185 </blockquote>
58186
58187 <p>```</p>
58188
58189 <h1>tcpdump -Xx -i usb0</h1>
58190
58191 <p>tcpdump: listening on usb0, link-type USBPCAP
58192 12:28:03.317945 bus 0 < addr 1: ep1 intr 2
58193 0000: 0400 ..</p>
58194
58195 <p>12:28:03.318018 bus 0 > addr 1: ep0 ctrl 8
58196 0000: 00a3 0000 0002 0004 00 ......... <br />
58197 [...]
58198 ```</p>
58199
58200 <blockquote>
58201 <p>As you might have noted I decided to implement the existing USBPcap capture format. A capture format is required because USB packets do not include all the necessary information to properly interpret them. I first thought I would implement libpcap's DLT<em>USB but then I quickly realize that this was not a standard. It is instead a FreeBSD specific format which has been since then renamed DLT</em>USB<em>FREEBSD.
58202 But I didn't want to embrace xkcd #927, so I look at the existing formats: DLT</em>USB<em>FREEBSD, DLT</em>USB<em>LINUX, DLT</em>USB<em>LINUX</em>MMAPPED, DLT<em>USB</em>DARWIN and DLT_USBPCAP. I was first a bit sad to see that nobody could agree on a common format then I moved on and picked the simplest one: USBPcap.
58203 Implementing an already existing format gives us out-of-box support for all the tools supporting it. That's why having common formats let us share our energy. In the case of USBPcap it is already supported by Wireshark, so you can already inspect your packet graphically. For that you need to first capture raw packets:</p>
58204 </blockquote>
58205
58206 <p>```</p>
58207
58208 <h1>tcpdump -s 3303 -w usb.pcap -i usb0</h1>
58209
58210 <p>tcpdump: listening on usb0, link-type USBPCAP
58211 ^C
58212 208 packets received by filter
58213 0 packets dropped by kernel
58214 ```</p>
58215
58216 <blockquote>
58217 <p>USB packets can be quite big, that's why I'm not using tcpdump(8)'s default packet size. In this case, I want to make sure I can dump the complete uaudio(4) frames.
58218 It is important to say that what is dumped to userland is what the USB stack sees. Packets sent on the wire might differ, especially when it comes to retries and timing. So this feature is not here to replace any USB analyser, however I hope that it will help people understand how things work and what the USB stack is doing. Even I found some interesting timing issues while implementing isochronous support.</p>
58219 </blockquote>
58220
58221 <p><hr /></p>
58222
58223 <h3><a href="https://www.romanzolotarev.com/openbsd/webserver.html">Run OpenBSD on your web server</a></h3>
58224
58225 <ul>
58226 <li><a href="https://www.romanzolotarev.com/vultr.html">Deploy and login to your OpenBSD server first.</a></li>
58227 </ul>
58228
58229 <blockquote>
58230 <p>As soon as you're there you can enable an httpd(8) daemon, it's already installed on OpenBSD, you just need to configure it:</p>
58231 </blockquote>
58232
58233 <p><code>www# vi /etc/httpd.conf</code></p>
58234
58235 <ul>
58236 <li>Add two server sections---one for www and another for naked domain (all requests are redirected to www).</li>
58237 </ul>
58238
58239 <p>```
58240 server "www.example.com" {
58241 listen on * port 80
58242 root "/htdocs/www.example.com"
58243 }</p>
58244
58245 <p>server "example.com" {
58246 listen on * port 80
58247 block return 301 "http://www.example.com$REQUEST_URI"
58248 }
58249 ```</p>
58250
58251 <ul>
58252 <li>httpd is chrooted to /var/www by default, so let's make a document root directory:</li>
58253 </ul>
58254
58255 <p><code>www# mkdir -p /var/www/htdocs/www.example.com</code></p>
58256
58257 <ul>
58258 <li>Save and check this configuration:</li>
58259 </ul>
58260
58261 <p><code>
58262 www# httpd -n
58263 configuration ok
58264 </code></p>
58265
58266 <ul>
58267 <li>Enable httpd(8) daemon and start it.</li>
58268 </ul>
58269
58270 <p><code>
58271 www# rcctl enable httpd
58272 www# rcctl start httpd
58273 </code></p>
58274
58275 <ul>
58276 <li><p>Publish your website</p></li>
58277 <li><p>Copy your website content into /var/www/htdocs/www.example.com and then test it your web browser.</p></li>
58278 </ul>
58279
58280 <p><code>http://XXX.XXX.XXX.XXX/</code></p>
58281
58282 <blockquote>
58283 <p>Your web server should be up and running.</p>
58284 </blockquote>
58285
58286 <ul>
58287 <li>Update DNS records</li>
58288 </ul>
58289
58290 <blockquote>
58291 <p>If there is another HTTPS server using this domain, configure that server to redirect all HTTPS requests to HTTP.</p>
58292
58293 <p>Now as your new server is ready you can update DNS records accordingly.</p>
58294 </blockquote>
58295
58296 <p><code>
58297 example.com. 300 IN A XXX.XXX.XXX.XXX
58298 www.example.com. 300 IN A XXX.XXX.XXX.XXX
58299 </code></p>
58300
58301 <ul>
58302 <li>Examine your DNS is propagated.</li>
58303 </ul>
58304
58305 <p><code>$ dig example.com www.example.com</code></p>
58306
58307 <ul>
58308 <li><p>Check IP addresses it answer sections. If they are correct, you should be able to access your new web server by its domain name.</p></li>
58309 <li><p><a href="https://www.romanzolotarev.com/openbsd/acme-client.html">What's next? Enable HTTPS on your server.</a></p></li>
58310 </ul>
58311
58312 <p><hr /></p>
58313
58314 <h3><a href="https://euroquis.nl/bobulate/?p=1827">Modern Akonadi and KMail on FreeBSD</a></h3>
58315
58316 <blockquote>
58317 <p>For, quite literally a year or more, KMail and Akonadi on FreeBSD have been only marginally useful, at best. KDE4 era KMail was pretty darn good, but everything after that has had a number of FreeBSD users tearing out their hair. Sure, you can go to Trojitá, which has its own special problems and is generally “meh”, or bail out entirely to webmail, but .. KMail is a really great mail client when it works. Which, on Linux desktops, is nearly always, and on FreeBSD, is was nearly never.</p>
58318
58319 <p>I looked at it with Dan and Volker last summer, briefly, and we got not much further than “hmm”. There’s a message about “The world is going to end!” which hardly makes sense, it means that a message has been truncated or corrupted while traversing a UNIX domain socket.</p>
58320
58321 <p>Now Alexandre Martins — praise be! — has wandered in with a likely solution. KDE Bug 381850 contains a suggestion, which deserves to be publicised (and tested):</p>
58322 </blockquote>
58323
58324 <p><code>sysctl net.local.stream.recvspace=65536</code>
58325 <code>sysctl net.local.stream.sendspace=65536</code></p>
58326
58327 <blockquote>
58328 <p>The default FreeBSD UNIX local socket buffer space is 8kiB. Bumping the size up to 64kiB — which matches the size that Linux has by default — suddenly makes KMail and Akonadi shine again. No other changes, no recompiling, just .. bump the sysctls (perhaps also in /etc/sysctl.conf) and KMail from Area51 hums along all day without ending the world.</p>
58329
58330 <p>Since changing this value may have other effects, and Akonadi shouldn’t be dependent on a specific buffer size anyway, I’m looking into the Akonadi code (encouraged by Dan) to either automatically size the socket buffers, or to figure out where in the underlying code the assumption about buffer size lives. So for now, sysctl can make KMail users on FreeBSD happy, and later we hope to have things fully automatic (and if that doesn’t pan out, well, pkg-message exists).</p>
58331
58332 <p>PS. Modern KDE PIM applications — Akonadi, KMail — which live in the deskutils/ category of the official FreeBSD ports were added to the official tree April 10th, so you can get your fix now from the official tree.</p>
58333 </blockquote>
58334
58335 <p><hr /></p>
58336
58337 <h2>Beastie Bits</h2>
58338
58339 <ul>
58340 <li><a href="http://lists.dragonflybsd.org/pipermail/users/2018-April/335722.html">pkg-provides support for DragonFly (from Rodrigo Osorio)</a></li>
58341 <li><a href="https://monades.roperzh.com/memories-writing-parser-man-pages/">Memories of writing a parser for man pages</a></li>
58342 <li><a href="http://developeronfire.com/podcast/episode-198-bryan-cantrill-persistence-and-action">Bryan Cantrill interview over at DeveloperOnFire podcast</a></li>
58343 <li><a href="http://minnie.tuhs.org/pipermail/tuhs/2018-March/013285.html">1978-03-25 - 2018-03-25: 40 years BSD Mail</a></li>
58344 <li><a href="https://imgur.com/a/KOTJS">My 5 years of FreeBSD gaming: a compendium of free games and engines running natively on FreeBSD</a></li>
58345 <li><a href="https://reviews.freebsd.org/D15562">Sequential Resilver being upstreamed to FreeBSD, from FreeNAS, where it was ported from ZFS-on-Linux</a></li>
58346 <li><a href="https://lists.freebsd.org/pipermail/freebsd-jobs/2018-May/000944.html">University of Aberdeen’s Internet Transport Research Group is hiring </a></li>
58347 </ul>
58348
58349 <p><hr /></p>
58350
58351 <p><strong>Tarsnap ad</strong></p>
58352
58353 <h2>Feedback/Questions</h2>
58354
58355 <ul>
58356 <li>Dave - <a href="http://dpaste.com/0KHRB4Z#wrap">mounting non-filesystem things inside jails</a></li>
58357 <li>Morgan - <a href="http://dpaste.com/10QD42T#wrap">ZFS on Linux Data loss bug</a></li>
58358 <li>Rene - <a href="http://dpaste.com/30VM51S#wrap">How to keep your ISP’s nose out of your browser history with encrypted DNS</a></li>
58359 <li>Rodriguez - <a href="http://dpaste.com/3WVYR9D#wrap">Feedback question! Relating to Windows</a></li>
58360 </ul>
58361
58362 <p><hr /></p>
58363
58364 <ul>
58365 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
58366 </ul>]]>
58367 </itunes:summary>
58368 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+Cvcf3bp4</fireside:playerURL>
58369 <fireside:playerEmbedCode>
58370 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+Cvcf3bp4" width="740" height="200" frameborder="0" scrolling="no">]]>
58371 </fireside:playerEmbedCode>
58372 </item>
58373 <item>
58374 <title>Episode 247: Interning for FreeBSD | BSD Now 247</title>
58375 <link>https://www.bsdnow.tv/247</link>
58376 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-1994</guid>
58377 <pubDate>Thu, 24 May 2018 12:00:00 -0700</pubDate>
58378 <author>Allan Jude</author>
58379 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/31bf045b-2e53-459e-a40e-993a51ceccdb.mp3" length="54062460" type="audio/mp3"/>
58380 <itunes:episodeType>full</itunes:episodeType>
58381 <itunes:author>Allan Jude</itunes:author>
58382 <itunes:subtitle>FreeBSD internship learnings, exciting developments coming to FreeBSD, running FreeNAS on DigitalOcean, Network Manager control for OpenBSD, OpenZFS User Conference Videos are here and batch editing files with ed.</itunes:subtitle>
58383 <itunes:duration>1:29:59</itunes:duration>
58384 <itunes:explicit>no</itunes:explicit>
58385 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
58386 <description>FreeBSD internship learnings, exciting developments coming to FreeBSD, running FreeNAS on DigitalOcean, Network Manager control for OpenBSD, OpenZFS User Conference Videos are here and batch editing files with ed.
58387 <h2>Headlines</h2>
58388 <h3><a href="https://www.freebsdfoundation.org/blog/guest-blog-what-i-learned-during-my-freebsd-internship/">What I learned during my FreeBSD intership</a></h3>
58389
58390 <blockquote>
58391 <p>Hi, my name is Mitchell Horne. I am a computer engineering student at the University of Waterloo, currently in my third year of studies, and fortunate to have been one of the FreeBSD Foundation’s co-op students this past term (January to April). During this time I worked under Ed Maste, in the Foundation’s small Kitchener office, along with another co-op student Arshan Khanifar. My term has now come to an end, and so I’d like to share a little bit about my experience as a newcomer to FreeBSD and open-source development.</p>
58392
58393 <p>I’ll begin with some quick background — and a small admission of guilt. I have been an open-source user for a large part of my life. When I was a teenager I started playing around with Linux, which opened my eyes to the wider world of free software. Other than some small contributions to GNOME, my experience has been mostly as an end user; however, the value of these projects and the open-source philosophy was not lost on me, and is most of what motivated my interest in this position. Before beginning this term I had no personal experience with any of the BSDs, although I knew of their existence and was extremely excited to receive the position. I knew it would be a great opportunity for growth, but I must confess that my naivety about FreeBSD caused me to make the silent assumption that this would be a form of compromise — a stepping stone that would eventually allow me to work on open-source projects that are somehow “greater” or more “legitimate”. After four months spent immersed in this project I have learned how it operates, witnessed its community, and learned about its history. I am happy to admit that I was completely mistaken. Saying it now seems obvious, but FreeBSD is a project with its own distinct uses, goals, and identity. For many there may exist no greater opportunity than to work on FreeBSD full time, and with what I know now I would have a hard time coming up with a project that is more “legitimate”.</p>
58394 </blockquote>
58395
58396 <ul>
58397 <li>What I Liked</li>
58398 </ul>
58399
58400 <blockquote>
58401 <p>In all cases, the work I submitted this term was reviewed by no less than two people before being committed. The feedback and criticism I received was always both constructive and to the point, and it commented on everything from high-level ideas to small style issues. I appreciate having these thorough reviews in place, since I believe it ultimately encourages people to accept only their best work. It is indicative of the high quality that already exists within every aspect of this project, and this commitment to quality is something that should continue to be honored as a core value. As I’ve discovered in some of my previous work terms, it is all too easy cut corners in the name of a deadline or changing priorities, but the fact that FreeBSD doesn’t need to make these types of compromises is a testament to the power of free software.</p>
58402
58403 <p>It’s a small thing, but the quality and completeness of the FreeBSD documentation was hugely helpful throughout my term. Everything you might need to know about utilities, library functions, the kernel, and more can be found in a man page; and the handbook is a great resource as both an introduction to the operating system and a reference. I only wish I had taken some time earlier in the term to explore the different documents more thoroughly, as they cover a wide range of interesting and useful topics. The effort people put into writing and maintaining FreeBSD’s documentation is easy to overlook, but its value cannot be overstated.</p>
58404 </blockquote>
58405
58406 <ul>
58407 <li>What I Learned</li>
58408 </ul>
58409
58410 <blockquote>
58411 <p>Although there was a lot I enjoyed, there were certainly many struggles I faced throughout the term, and lessons to be learned from them. I expect that some of issues I faced may be specific to FreeBSD, while others may be common to open-source projects in general. I don’t have enough experience to speculate on which is which, so I will leave this to the reader.</p>
58412
58413 <p>The first lesson can be summed up simply: you have to advocate for your own work. FreeBSD is made up in large part by volunteer efforts, and in many cases there is more work to go around than people available to do it. A consequence of this is that there will not be anybody there to check up on you. Even in my position where I actually had a direct supervisor, Ed often had his plate full with so many other things that the responsibility to find someone to look at my work fell to me. Admittedly, a couple of smaller changes I worked on got left behind or stuck in review simply because there wasn’t a clear person/place to reach out to.</p>
58414
58415 <p>I think this is both a barrier of entry to FreeBSD and a mental hurdle that I needed to get over. If there’s a change you want to see included or reviewed, then you may have to be the one to push for it, and there’s nothing wrong with that. Perhaps this process should be easier for newcomers or infrequent contributors (the disconnect between Bugzilla and Phabricator definitely leaves a lot to be desired), but we also have to be aware that this simply isn’t the reality right now. Getting your work looked at may require a little bit more self-motivation, but I’d argue that there are much worse problems a project like FreeBSD could have than this.</p>
58416
58417 <p>I understand this a lot better now, but it is still something I struggle with. I’m not naturally the type of person who easily connects with others or asks for help, so I see this as an area for future growth rather than simply a struggle I encountered and overcame over the course of this work term. Certainly it is an important skill to understand the value of your own work, and equally important is the ability to communicate that value to others.</p>
58418
58419 <p>I also learned the importance of starting small. My first week or two on the job mainly involved getting set up and comfortable with the workflow. After this initial stage, I began exploring the project and found myself overwhelmed by its scale. With so many possible areas to investigate, and so much work happening at once, I felt quite lost on where to begin. Many of the potential projects I found were too far beyond my experience level, and most small bugs were picked up and fixed quickly by more experienced contributors before I could even get to them.</p>
58420
58421 <p>It’s easy to make the mistake that FreeBSD is made up solely of a few rock-star committers that do everything. This is how it appears at face-value, as reading through commits, bug reports, and mailing lists yields a few of the same names over and over. The reality is that just as important are the hundreds of users and infrequent contributors who take the time to submit bug reports, patches, or feedback. Even though there are some people who would fall under the umbrella of a rock-star committer, they didn’t get there overnight. Rather, they have built their skills and knowledge through many years of involvement in FreeBSD and similar projects.</p>
58422
58423 <p>As a student coming into this project and having high expectations of myself, it was easy to set the bar too high by comparing myself against those big committers, and feel that my work was insignificant, inadequate, and simply too infrequent. In reality, there is no reason I should have felt this way. In a way, this comparison is disrespectful to those who have reached this level, as it took them a long time to get there, and it’s a humbling reminder that any skill worth learning requires time, patience, and dedication. It is easy to focus on an end product and simply wish to be there, but in order to be truly successful one must start small, and find satisfaction in the struggle of learning something new. I take pride in the many small successes I’ve had throughout my term here, and appreciate the fact that my journey into FreeBSD and open-source software is only just beginning.</p>
58424 </blockquote>
58425
58426 <ul>
58427 <li>Closing Thoughts</li>
58428 </ul>
58429
58430 <blockquote>
58431 <p>I would like to close with some brief thank-you’s. First, to everyone at the Foundation for being so helpful, and allowing this position to exist in the first place. I am extremely grateful to have been given this unique opportunity to learn about and give back to the open-source world. I’d also like to thank my office mates; Ed: for being an excellent mentor, who offered an endless wealth of knowledge and willingness to share it. My classmate and fellow intern Arshan: for giving me a sense of camaraderie and the comforting reminder that at many moments he was as lost as I was. Finally, a quick thanks to everyone else I crossed paths with who offered reviews and advice. I appreciate your help and look forward to working with you all further.</p>
58432
58433 <p>I am walking away from this co-op with a much greater appreciation for this project, and have made it a goal to remain involved in some capacity. I feel that I’ve gained a little bit of a wider perspective on my place in the software world, something I never really got from my previous co-ops. Whether it ends up being just a stepping stone, or the beginning of much larger involvement, I thoroughly enjoyed my time here.</p>
58434 </blockquote>
58435
58436 <hr />
58437 <h3>Recent Developments in FreeBSD</h3>
58438
58439 <ul>
58440 <li><a href="https://svnweb.freebsd.org/base?view=revision&amp;revision=333890">Support for encrypted, compressed (gzip and zstd), and network crash dumps enabled by default on most platforms</a></li>
58441 <li><a href="https://svnweb.freebsd.org/base?view=revision&amp;revision=333649">Intel Microcode Splitter</a></li>
58442 <li><a href="https://svnweb.freebsd.org/base?view=revision&amp;revision=334005">Intel Spec Store Bypass Disable control</a></li>
58443 <li><a href="https://svnweb.freebsd.org/base?view=revision&amp;revision=333713">Raspberry Pi 3B+ Ethernet Driver</a></li>
58444 <li><a href="https://reviews.freebsd.org/D15522">IBRS for i386</a></li>
58445 <li>Upcoming:</li>
58446 <li><a href="https://reviews.freebsd.org/D15523">Microcode updater for AMD CPUs</a></li>
58447 <li><a href="https://reviews.freebsd.org/D15525">the RACK TCP/IP stack, from Netflix</a></li>
58448 <li>Voting in the FreeBSD Core Election begins today:</li>
58449 </ul>
58450
58451 <hr />
58452 <p><strong>DigitalOcean</strong>
58453 <a href="http://do.co/bsdnow">Digital Ocean Promo Link for BSD Now Listeners</a></p>
58454
58455 <hr />
58456 <h3><a href="http://www.shlomimarco.com/blog/running-freenas-on-a-digitalocean-droplet">Running FreeNAS on a DigitalOcean Droplet</a></h3>
58457
58458 <ul>
58459 <li>Need to backup your FreeNAS offsite? Run a locked down instance in the cloud, and replicate to it</li>
58460 <li>The tutorial walks though the steps of converting a fresh FreeBSD based droplet into a FreeNAS</li>
58461 <li>Create a droplet, and add a small secondary block-storage device</li>
58462 <li>Boot the droplet, login, and download FreeNAS</li>
58463 <li>Disable swap, enable ‘foot shooting’ mode in GEOM</li>
58464 <li>use dd to write the FreeNAS installer to the boot disk</li>
58465 <li>Reboot the droplet, and use the FreeNAS installer to install FreeNAS to the secondary block storage device</li>
58466 <li>Now, reimage the droplet with FreeBSD again, to replace the FreeNAS installer</li>
58467 <li>Boot, and dd FreeNAS from the secondary block storage device back to the boot disk</li>
58468 <li>You can now destroy the secondary block device</li>
58469 <li>Now you have a FreeNAS, and can take it from there.</li>
58470 <li>Use the FreeNAS replication wizard to configure sending snapshots from your home NAS to your cloud NAS</li>
58471 <li>Note: You might consider creating a new block storage device to create a larger pool, that you can more easily grow over time, rather than using the boot device in the droplet as your main pool.</li>
58472 </ul>
58473
58474 <hr />
58475 <h2>News Roundup</h2>
58476
58477 <h3><a href="http://www.vincentdelft.be/post/post_20180411">Network Manager Control for OpenBSD (Updated)</a></h3>
58478
58479 <ul>
58480 <li>Generalities</li>
58481 <li><p>I just remind the scope of this small tool:</p>
58482
58483 <ul><li>allow you to pre-define several cable or wifi connections</li>
58484 <li>let nmctl to connect automatically to the first available one</li>
58485 <li>allow you to easily switch from one network connection to an other one</li>
58486 <li>create openbox dynamic menus</li></ul></li>
58487 <li><p>Enhancements in this version</p></li>
58488 </ul>
58489
58490 <blockquote>
58491 <p>This is my second development version: 0.2.
58492 I've added performed several changes in the code:</p>
58493 </blockquote>
58494
58495 <ul>
58496 <li>code style cleanup, to better match the python recommendations</li>
58497 <li>adapt the tool to allow to connect to an Open-wifi having blancs in the name. This happens in some hotels</li>
58498 <li>implement a loop as work-around concerning the arp table issue.</li>
58499 </ul>
58500
58501 <blockquote>
58502 <p>The source code is still on the git of Sourceforge.net.
58503 You can see the files <a href="https://sourceforge.net/p/nmctl/code/ci/master/tree/">here</a></p>
58504
58505 <p>And you can download the last version <a href="https://sourceforge.net/p/nmctl/code/ci/master/tarball">here</a></p>
58506 </blockquote>
58507
58508 <ul>
58509 <li>Feedbacks after few months</li>
58510 </ul>
58511
58512 <blockquote>
58513 <p>I'm using this script on my OpenBSD laptop since about 5 months. In my case, I'm mainly using the openbox menus and the --restart option.</p>
58514 </blockquote>
58515
58516 <ul>
58517 <li>The Openbox menus</li>
58518 </ul>
58519
58520 <blockquote>
58521 <p>The openbox menus are working fine. As explain in my previous blog, I just have to create 2 entries in my openbox's menu.xml file, and all the rest comes automatically from nmctl itself thanks to the --list and --scan options.
58522 I've not changed this part of nmctl since it works as expected (for me :-) ).</p>
58523 </blockquote>
58524
58525 <ul>
58526 <li>The --restart option</li>
58527 </ul>
58528
58529 <blockquote>
58530 <p>Because I'm very lazy, and because OpenBSD is very simple to use, I've added the command "nmctl --restart" in the /etc/apm/resume script. Thanks to apmd, this script will be used each time I'm opening the lid of my laptop.
58531 In other words, each time I'll opening my laptop, nmctl will search the optimum network connection for me.
58532 But I had several issues in this scenario.
58533 Most of the problems were linked to the arp table issues. Indeed, in some circumstances, my proxy IP address was associated to the cable interface instead of the wifi interface or vice-versa. As consequence I'm not able to connect to the proxy, thus not able to connect to internet. So the ping to google (final test nmctl perform) is failing.
58534 Knowing that anyhow, I'm doing a full arp cleanup, it's not clear for me from where this problem come from. To solve this situation I've implemented a "retry" concept. In other words, before testing an another possible network connection (as listed in my /etc/nmctl.conf file), the script try 3x the current connection's parameters.
58535 If you want to reduce or increase this figures, you can do it via the --retry parameter.</p>
58536 </blockquote>
58537
58538 <ul>
58539 <li>Results of my expertise with this small tool</li>
58540 </ul>
58541
58542 <blockquote>
58543 <p>Where ever I'm located, my laptop is now connecting automatically to the wifi / cable connection previously identified for this location.
58544 Currently I have 3 places where I have Wifi credentials and 2 offices places where I just have to plug the network cable.
58545 Since the /etc/apm/resume scripts is triggered when I open the lid of the laptop, I just have to make sure that I plug the RJ45 before opening the laptop. For the rest, I do not have to type any commands, OpenBSD do all what is needed ;-).
58546 I hotels or restaurants, I can just connect to the Open Wifi thanks to the openbox menu created by "nmctl --scan".</p>
58547 </blockquote>
58548
58549 <ul>
58550 <li><p>Next steps</p></li>
58551 <li><p>Documentation</p></li>
58552 </ul>
58553
58554 <blockquote>
58555 <p>The tool is missing lot of documentation. I appreciate OpenBSD for his great documentation, so I have to do the same.
58556 I plan to write a README and a man page at first instances.
58557 But since my laziness, I will do it as soon as I see some interest for this tool from other persons.</p>
58558 </blockquote>
58559
58560 <ul>
58561 <li>Tests</li>
58562 </ul>
58563
58564 <blockquote>
58565 <p>I now have to travel and see how to see the script react on the different situations.
58566 Interested persons are welcome to share with me the outcome of their tests.
58567 I'm curious how it work.</p>
58568 </blockquote>
58569
58570 <hr />
58571 <h3><a href="https://an.undulating.space/post/180411-erl-openbsd-upgrade/">OpenBSD 6.3 on EdgeRouter Lite simple upgrade method</a></h3>
58572
58573 <ul>
58574 <li>TL;DR</li>
58575 </ul>
58576
58577 <blockquote>
58578 <p>OpenBSD 6.3 oceton upgrade instructions may not factor that your ERL is running from the USB key they want wiped with the miniroot63.fs image loaded on.
58579 Place the bsd.rd for OpenBSD 6.3 on the sd0i slice used by U-Boot for the kernel, and then edit the boot command to run it.</p>
58580 </blockquote>
58581
58582 <ul>
58583 <li>a tiny upgrade</li>
58584 </ul>
58585
58586 <blockquote>
58587 <p>The OpenBSD documentation is comprehensive, but there might be rough corners around what are probably edge cases in their user base. People running EdgeRouter Lite hardware for example, who are looking to upgrade from 6.2 to 6.3.
58588 The documentation, which gave us everything we needed last time, left me with some questions about how to upgrade. In INSTALL.octeon, the Upgrading section does mention:
58589 The best solution, whenever possible, is to backup your data and reinstall from scratch
58590 I had to check if that directive existed in the documentation for other architectures. I wondered if oceton users were getting singled out. We were not. Just simplicity and pragmatism.</p>
58591 </blockquote>
58592
58593 <ul>
58594 <li>Reading on:</li>
58595 </ul>
58596
58597 <blockquote>
58598 <p>To upgrade OpenBSD 6.3 from a previous version, start with the general instructions in the section "Installing OpenBSD".
58599 But that section requires us to boot off of TFTP or NFS. Which I don’t want to do right now. Could also use a USB stick with the miniroot63.fs installed on it.
58600 But as the ERL only has a single USB port, we would have to remove the USB stick with the current install on it. Once we get to the Install or Upgrade prompt, there would be nothing to upgrade.
58601 Well, I guess I could use a USB hub. But the ERL’s USB port is inside the case. With all the screws in. And the tools are neatly put away. And I’d have to pull the USB hub from behind a workstation. And it’s two am. And I cleaned up the cabling in the lab this past weekend. Looks nice for once.
58602 So I don’t want to futz around with all that.
58603 There must be an almost imperceptibly easier way of doing this than setting up a TFTP server or NFS share in five minutes… Right?</p>
58604 </blockquote>
58605
58606 <hr />
58607 <p><strong>iXsystems</strong>
58608 <a href="https://www.ixsystems.com/blog/boisetechshow-2018/">Boise Technology Show 2018 Recap</a></p>
58609
58610 <h3><a href="http://zfs.datto.com/">OpenZFS User Conference Slides &amp; Videos</a></h3>
58611
58612 <ul>
58613 <li><a href="https://vimeo.com/album/5150026/video/266112599">Thank you ZFS</a></li>
58614 <li><a href="https://vimeo.com/album/5150026/video/266112475">ZSTD Compression</a></li>
58615 <li><a href="https://vimeo.com/album/5150026/video/266111164">Pool Layout Considerations</a></li>
58616 <li><a href="https://vimeo.com/album/5150026/video/266111346">ZFS Releases</a></li>
58617 <li><a href="https://vimeo.com/album/5150026/video/266112077">Helping Developers Help You</a></li>
58618 <li><a href="https://vimeo.com/album/5150026/video/266112233">ZFS and MySQL on Linux</a></li>
58619 <li><a href="https://vimeo.com/album/5150026/video/266110985">Micron</a></li>
58620 <li><a href="https://vimeo.com/album/5150026/video/266108105">OSNEXUS</a></li>
58621 <li><a href="https://vimeo.com/album/5150026/video/266107946">ZFS at Six Feet Up</a></li>
58622 <li><a href="https://vimeo.com/album/5150026/video/266107372">Flexible Disk Use with OpenZFS</a></li>
58623 </ul>
58624
58625 <hr />
58626 <h3><a href="https://jvns.ca/blog/2018/05/11/batch-editing-files-with-ed/">Batch editing files with ed</a></h3>
58627
58628 <ul>
58629 <li>what’s ‘ed’?</li>
58630 </ul>
58631
58632 <blockquote>
58633 <p>ed is this sort of terrifying text editor. A typical interaction with ed for me in the past has gone something like this:</p>
58634 </blockquote>
58635
58636 <p><code>
58637 $ ed
58638 help
58639 ?
58640 h
58641 ?
58642 asdfasdfasdfsadf
58643 ?
58644 &lt;close terminal in frustration&gt;
58645 </code></p>
58646
58647 <blockquote>
58648 <p>Basically if you do something wrong, ed will just print out a single, unhelpful, ?. So I’d basically dismissed ed as an old arcane Unix tool that had no practical use today.
58649 vi is a successor to ed, except with a visual interface instead of this ?</p>
58650 </blockquote>
58651
58652 <ul>
58653 <li>surprise: Ed is actually sort of cool and fun</li>
58654 </ul>
58655
58656 <blockquote>
58657 <p>So if Ed is a terrifying thing that only prints ? at you, why am I writing a blog post about it? WELL!!!!
58658 On April 1 this year, Michael W Lucas published a new short book called Ed Mastery. I like his writing, and even though it was sort of an april fool’s joke, it was ALSO a legitimate actual real book, and so I bought it and read it to see if his claims that Ed is actually interesting were true.
58659 And it was so cool!!!! I found out:</p>
58660 </blockquote>
58661
58662 <ul>
58663 <li>how to get Ed to give you better error messages than just ?</li>
58664 <li>that the name of the grep command comes from ed syntax (g/re/p)</li>
58665 <li>the basics of how to navigate and edit files using ed</li>
58666 </ul>
58667
58668 <blockquote>
58669 <p>All of that was a cool Unix history lesson, but did not make me want to actually use Ed in real life. But!!!</p>
58670
58671 <p>The other neat thing about Ed (that did make me want to use it!) is that any Ed session corresponds to a script that you can replay! So if I know Ed, then I can use Ed basically as a way to easily apply vim-macro-like programs to my files.</p>
58672 </blockquote>
58673
58674 <hr />
58675 <h2>Beastie Bits</h2>
58676
58677 <ul>
58678 <li><a href="https://blather.michaelwlucas.com/archives/3186">FreeBSD Mastery: Jails -- Help make it happen </a></li>
58679 <li><a href="https://www.youtube.com/watch?v=MsY-BafQgj4">Video: OpenZFS Basics presented by George Wilson and Matt Ahrens at Scale 16x back in March 2018</a></li>
58680 <li><a href="https://www.dragonflydigest.com/2018/05/17/21257.html">DragonFlyBSD’s IPFW gets highspeed lockless in-kernel NAT</a></li>
58681 <li><a href="https://www.reddit.com/r/openbsd/comments/8ei00k/a_love_letter_to_openbsd/">A Love Letter to OpenBSD</a></li>
58682 <li><a href="https://blather.michaelwlucas.com/archives/3176">New talks, and the F-bomb</a></li>
58683 <li><a href="https://manpages.bsd.lv/mdoc.html">Practical UNIX Manuals: mdoc</a></li>
58684 <li><a href="https://lists.freebsd.org/pipermail/freebsd-advocacy/2018-May/004758.html">BSD Meetup in Zurich: May 24th</a></li>
58685 <li><a href="https://www.eventbrite.com/e/the-polish-bsd-user-group-1-meetup-tickets-45941857332">BSD Meetup in Warsaw: May 24th</a></li>
58686 <li><a href="http://meetbsd.com/">MeetBSD 2018</a></li>
58687 </ul>
58688
58689 <hr />
58690 <p><strong>Tarsnap</strong></p>
58691
58692 <h2>Feedback/Questions</h2>
58693
58694 <ul>
58695 <li>Seth - <a href="http://dpaste.com/12R65X4#wrap">First time poudriere Builder</a></li>
58696 <li>Farhan - <a href="http://dpaste.com/1GHCGY5#wrap">Why we didn't go FreeBSD</a></li>
58697 <li>architech - <a href="http://dpaste.com/1H72FGE#wrap">Encryption Feedback</a></li>
58698 <li>Dave - <a href="http://dpaste.com/27YH93Y#wrap">Handy Tip on setting up automated coredump handling for FreeBSD</a></li>
58699 </ul>
58700
58701 <hr />
58702 <ul>
58703 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
58704 </ul>
58705 </description>
58706 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, tutorial, howto, guide, bsd, interview, FreeBSD Internship, FreeNAS, Digital Ocean, Network Manager, EdgeRouter Lite, OpenZFS, ed</itunes:keywords>
58707 <content:encoded>
58708 <![CDATA[<p>FreeBSD internship learnings, exciting developments coming to FreeBSD, running FreeNAS on DigitalOcean, Network Manager control for OpenBSD, OpenZFS User Conference Videos are here and batch editing files with ed.</p>
58709
58710 <h2>Headlines</h2>
58711
58712 <h3><a href="https://www.freebsdfoundation.org/blog/guest-blog-what-i-learned-during-my-freebsd-internship/">What I learned during my FreeBSD intership</a></h3>
58713
58714 <blockquote>
58715 <p>Hi, my name is Mitchell Horne. I am a computer engineering student at the University of Waterloo, currently in my third year of studies, and fortunate to have been one of the FreeBSD Foundation’s co-op students this past term (January to April). During this time I worked under Ed Maste, in the Foundation’s small Kitchener office, along with another co-op student Arshan Khanifar. My term has now come to an end, and so I’d like to share a little bit about my experience as a newcomer to FreeBSD and open-source development.</p>
58716
58717 <p>I’ll begin with some quick background — and a small admission of guilt. I have been an open-source user for a large part of my life. When I was a teenager I started playing around with Linux, which opened my eyes to the wider world of free software. Other than some small contributions to GNOME, my experience has been mostly as an end user; however, the value of these projects and the open-source philosophy was not lost on me, and is most of what motivated my interest in this position. Before beginning this term I had no personal experience with any of the BSDs, although I knew of their existence and was extremely excited to receive the position. I knew it would be a great opportunity for growth, but I must confess that my naivety about FreeBSD caused me to make the silent assumption that this would be a form of compromise — a stepping stone that would eventually allow me to work on open-source projects that are somehow “greater” or more “legitimate”. After four months spent immersed in this project I have learned how it operates, witnessed its community, and learned about its history. I am happy to admit that I was completely mistaken. Saying it now seems obvious, but FreeBSD is a project with its own distinct uses, goals, and identity. For many there may exist no greater opportunity than to work on FreeBSD full time, and with what I know now I would have a hard time coming up with a project that is more “legitimate”.</p>
58718 </blockquote>
58719
58720 <ul>
58721 <li>What I Liked</li>
58722 </ul>
58723
58724 <blockquote>
58725 <p>In all cases, the work I submitted this term was reviewed by no less than two people before being committed. The feedback and criticism I received was always both constructive and to the point, and it commented on everything from high-level ideas to small style issues. I appreciate having these thorough reviews in place, since I believe it ultimately encourages people to accept only their best work. It is indicative of the high quality that already exists within every aspect of this project, and this commitment to quality is something that should continue to be honored as a core value. As I’ve discovered in some of my previous work terms, it is all too easy cut corners in the name of a deadline or changing priorities, but the fact that FreeBSD doesn’t need to make these types of compromises is a testament to the power of free software.</p>
58726
58727 <p>It’s a small thing, but the quality and completeness of the FreeBSD documentation was hugely helpful throughout my term. Everything you might need to know about utilities, library functions, the kernel, and more can be found in a man page; and the handbook is a great resource as both an introduction to the operating system and a reference. I only wish I had taken some time earlier in the term to explore the different documents more thoroughly, as they cover a wide range of interesting and useful topics. The effort people put into writing and maintaining FreeBSD’s documentation is easy to overlook, but its value cannot be overstated.</p>
58728 </blockquote>
58729
58730 <ul>
58731 <li>What I Learned</li>
58732 </ul>
58733
58734 <blockquote>
58735 <p>Although there was a lot I enjoyed, there were certainly many struggles I faced throughout the term, and lessons to be learned from them. I expect that some of issues I faced may be specific to FreeBSD, while others may be common to open-source projects in general. I don’t have enough experience to speculate on which is which, so I will leave this to the reader.</p>
58736
58737 <p>The first lesson can be summed up simply: you have to advocate for your own work. FreeBSD is made up in large part by volunteer efforts, and in many cases there is more work to go around than people available to do it. A consequence of this is that there will not be anybody there to check up on you. Even in my position where I actually had a direct supervisor, Ed often had his plate full with so many other things that the responsibility to find someone to look at my work fell to me. Admittedly, a couple of smaller changes I worked on got left behind or stuck in review simply because there wasn’t a clear person/place to reach out to.</p>
58738
58739 <p>I think this is both a barrier of entry to FreeBSD and a mental hurdle that I needed to get over. If there’s a change you want to see included or reviewed, then you may have to be the one to push for it, and there’s nothing wrong with that. Perhaps this process should be easier for newcomers or infrequent contributors (the disconnect between Bugzilla and Phabricator definitely leaves a lot to be desired), but we also have to be aware that this simply isn’t the reality right now. Getting your work looked at may require a little bit more self-motivation, but I’d argue that there are much worse problems a project like FreeBSD could have than this.</p>
58740
58741 <p>I understand this a lot better now, but it is still something I struggle with. I’m not naturally the type of person who easily connects with others or asks for help, so I see this as an area for future growth rather than simply a struggle I encountered and overcame over the course of this work term. Certainly it is an important skill to understand the value of your own work, and equally important is the ability to communicate that value to others.</p>
58742
58743 <p>I also learned the importance of starting small. My first week or two on the job mainly involved getting set up and comfortable with the workflow. After this initial stage, I began exploring the project and found myself overwhelmed by its scale. With so many possible areas to investigate, and so much work happening at once, I felt quite lost on where to begin. Many of the potential projects I found were too far beyond my experience level, and most small bugs were picked up and fixed quickly by more experienced contributors before I could even get to them.</p>
58744
58745 <p>It’s easy to make the mistake that FreeBSD is made up solely of a few rock-star committers that do everything. This is how it appears at face-value, as reading through commits, bug reports, and mailing lists yields a few of the same names over and over. The reality is that just as important are the hundreds of users and infrequent contributors who take the time to submit bug reports, patches, or feedback. Even though there are some people who would fall under the umbrella of a rock-star committer, they didn’t get there overnight. Rather, they have built their skills and knowledge through many years of involvement in FreeBSD and similar projects.</p>
58746
58747 <p>As a student coming into this project and having high expectations of myself, it was easy to set the bar too high by comparing myself against those big committers, and feel that my work was insignificant, inadequate, and simply too infrequent. In reality, there is no reason I should have felt this way. In a way, this comparison is disrespectful to those who have reached this level, as it took them a long time to get there, and it’s a humbling reminder that any skill worth learning requires time, patience, and dedication. It is easy to focus on an end product and simply wish to be there, but in order to be truly successful one must start small, and find satisfaction in the struggle of learning something new. I take pride in the many small successes I’ve had throughout my term here, and appreciate the fact that my journey into FreeBSD and open-source software is only just beginning.</p>
58748 </blockquote>
58749
58750 <ul>
58751 <li>Closing Thoughts</li>
58752 </ul>
58753
58754 <blockquote>
58755 <p>I would like to close with some brief thank-you’s. First, to everyone at the Foundation for being so helpful, and allowing this position to exist in the first place. I am extremely grateful to have been given this unique opportunity to learn about and give back to the open-source world. I’d also like to thank my office mates; Ed: for being an excellent mentor, who offered an endless wealth of knowledge and willingness to share it. My classmate and fellow intern Arshan: for giving me a sense of camaraderie and the comforting reminder that at many moments he was as lost as I was. Finally, a quick thanks to everyone else I crossed paths with who offered reviews and advice. I appreciate your help and look forward to working with you all further.</p>
58756
58757 <p>I am walking away from this co-op with a much greater appreciation for this project, and have made it a goal to remain involved in some capacity. I feel that I’ve gained a little bit of a wider perspective on my place in the software world, something I never really got from my previous co-ops. Whether it ends up being just a stepping stone, or the beginning of much larger involvement, I thoroughly enjoyed my time here.</p>
58758 </blockquote>
58759
58760 <p><hr /></p>
58761
58762 <h3>Recent Developments in FreeBSD</h3>
58763
58764 <ul>
58765 <li><a href="https://svnweb.freebsd.org/base?view=revision&revision=333890">Support for encrypted, compressed (gzip and zstd), and network crash dumps enabled by default on most platforms</a></li>
58766 <li><a href="https://svnweb.freebsd.org/base?view=revision&revision=333649">Intel Microcode Splitter</a></li>
58767 <li><a href="https://svnweb.freebsd.org/base?view=revision&revision=334005">Intel Spec Store Bypass Disable control</a></li>
58768 <li><a href="https://svnweb.freebsd.org/base?view=revision&revision=333713">Raspberry Pi 3B+ Ethernet Driver</a></li>
58769 <li><a href="https://reviews.freebsd.org/D15522">IBRS for i386</a></li>
58770 <li>Upcoming:</li>
58771 <li><a href="https://reviews.freebsd.org/D15523">Microcode updater for AMD CPUs</a></li>
58772 <li><a href="https://reviews.freebsd.org/D15525">the RACK TCP/IP stack, from Netflix</a></li>
58773 <li>Voting in the FreeBSD Core Election begins today:</li>
58774 </ul>
58775
58776 <p><hr /></p>
58777
58778 <p><strong>DigitalOcean</strong>
58779 <a href="http://do.co/bsdnow">Digital Ocean Promo Link for BSD Now Listeners</a></p>
58780
58781 <p><hr /></p>
58782
58783 <h3><a href="http://www.shlomimarco.com/blog/running-freenas-on-a-digitalocean-droplet">Running FreeNAS on a DigitalOcean Droplet</a></h3>
58784
58785 <ul>
58786 <li>Need to backup your FreeNAS offsite? Run a locked down instance in the cloud, and replicate to it</li>
58787 <li>The tutorial walks though the steps of converting a fresh FreeBSD based droplet into a FreeNAS</li>
58788 <li>Create a droplet, and add a small secondary block-storage device</li>
58789 <li>Boot the droplet, login, and download FreeNAS</li>
58790 <li>Disable swap, enable ‘foot shooting’ mode in GEOM</li>
58791 <li>use dd to write the FreeNAS installer to the boot disk</li>
58792 <li>Reboot the droplet, and use the FreeNAS installer to install FreeNAS to the secondary block storage device</li>
58793 <li>Now, reimage the droplet with FreeBSD again, to replace the FreeNAS installer</li>
58794 <li>Boot, and dd FreeNAS from the secondary block storage device back to the boot disk</li>
58795 <li>You can now destroy the secondary block device</li>
58796 <li>Now you have a FreeNAS, and can take it from there.</li>
58797 <li>Use the FreeNAS replication wizard to configure sending snapshots from your home NAS to your cloud NAS</li>
58798 <li>Note: You might consider creating a new block storage device to create a larger pool, that you can more easily grow over time, rather than using the boot device in the droplet as your main pool.</li>
58799 </ul>
58800
58801 <p><hr /></p>
58802
58803 <h2>News Roundup</h2>
58804
58805 <h3><a href="http://www.vincentdelft.be/post/post_20180411">Network Manager Control for OpenBSD (Updated)</a></h3>
58806
58807 <ul>
58808 <li>Generalities</li>
58809 <li><p>I just remind the scope of this small tool:</p>
58810
58811 <ul><li>allow you to pre-define several cable or wifi connections</li>
58812 <li>let nmctl to connect automatically to the first available one</li>
58813 <li>allow you to easily switch from one network connection to an other one</li>
58814 <li>create openbox dynamic menus</li></ul></li>
58815 <li><p>Enhancements in this version</p></li>
58816 </ul>
58817
58818 <blockquote>
58819 <p>This is my second development version: 0.2.
58820 I've added performed several changes in the code:</p>
58821 </blockquote>
58822
58823 <ul>
58824 <li>code style cleanup, to better match the python recommendations</li>
58825 <li>adapt the tool to allow to connect to an Open-wifi having blancs in the name. This happens in some hotels</li>
58826 <li>implement a loop as work-around concerning the arp table issue.</li>
58827 </ul>
58828
58829 <blockquote>
58830 <p>The source code is still on the git of Sourceforge.net.
58831 You can see the files <a href="https://sourceforge.net/p/nmctl/code/ci/master/tree/">here</a></p>
58832
58833 <p>And you can download the last version <a href="https://sourceforge.net/p/nmctl/code/ci/master/tarball">here</a></p>
58834 </blockquote>
58835
58836 <ul>
58837 <li>Feedbacks after few months</li>
58838 </ul>
58839
58840 <blockquote>
58841 <p>I'm using this script on my OpenBSD laptop since about 5 months. In my case, I'm mainly using the openbox menus and the --restart option.</p>
58842 </blockquote>
58843
58844 <ul>
58845 <li>The Openbox menus</li>
58846 </ul>
58847
58848 <blockquote>
58849 <p>The openbox menus are working fine. As explain in my previous blog, I just have to create 2 entries in my openbox's menu.xml file, and all the rest comes automatically from nmctl itself thanks to the --list and --scan options.
58850 I've not changed this part of nmctl since it works as expected (for me :-) ).</p>
58851 </blockquote>
58852
58853 <ul>
58854 <li>The --restart option</li>
58855 </ul>
58856
58857 <blockquote>
58858 <p>Because I'm very lazy, and because OpenBSD is very simple to use, I've added the command "nmctl --restart" in the /etc/apm/resume script. Thanks to apmd, this script will be used each time I'm opening the lid of my laptop.
58859 In other words, each time I'll opening my laptop, nmctl will search the optimum network connection for me.
58860 But I had several issues in this scenario.
58861 Most of the problems were linked to the arp table issues. Indeed, in some circumstances, my proxy IP address was associated to the cable interface instead of the wifi interface or vice-versa. As consequence I'm not able to connect to the proxy, thus not able to connect to internet. So the ping to google (final test nmctl perform) is failing.
58862 Knowing that anyhow, I'm doing a full arp cleanup, it's not clear for me from where this problem come from. To solve this situation I've implemented a "retry" concept. In other words, before testing an another possible network connection (as listed in my /etc/nmctl.conf file), the script try 3x the current connection's parameters.
58863 If you want to reduce or increase this figures, you can do it via the --retry parameter.</p>
58864 </blockquote>
58865
58866 <ul>
58867 <li>Results of my expertise with this small tool</li>
58868 </ul>
58869
58870 <blockquote>
58871 <p>Where ever I'm located, my laptop is now connecting automatically to the wifi / cable connection previously identified for this location.
58872 Currently I have 3 places where I have Wifi credentials and 2 offices places where I just have to plug the network cable.
58873 Since the /etc/apm/resume scripts is triggered when I open the lid of the laptop, I just have to make sure that I plug the RJ45 before opening the laptop. For the rest, I do not have to type any commands, OpenBSD do all what is needed ;-).
58874 I hotels or restaurants, I can just connect to the Open Wifi thanks to the openbox menu created by "nmctl --scan".</p>
58875 </blockquote>
58876
58877 <ul>
58878 <li><p>Next steps</p></li>
58879 <li><p>Documentation</p></li>
58880 </ul>
58881
58882 <blockquote>
58883 <p>The tool is missing lot of documentation. I appreciate OpenBSD for his great documentation, so I have to do the same.
58884 I plan to write a README and a man page at first instances.
58885 But since my laziness, I will do it as soon as I see some interest for this tool from other persons.</p>
58886 </blockquote>
58887
58888 <ul>
58889 <li>Tests</li>
58890 </ul>
58891
58892 <blockquote>
58893 <p>I now have to travel and see how to see the script react on the different situations.
58894 Interested persons are welcome to share with me the outcome of their tests.
58895 I'm curious how it work.</p>
58896 </blockquote>
58897
58898 <p><hr /></p>
58899
58900 <h3><a href="https://an.undulating.space/post/180411-erl-openbsd-upgrade/">OpenBSD 6.3 on EdgeRouter Lite simple upgrade method</a></h3>
58901
58902 <ul>
58903 <li>TL;DR</li>
58904 </ul>
58905
58906 <blockquote>
58907 <p>OpenBSD 6.3 oceton upgrade instructions may not factor that your ERL is running from the USB key they want wiped with the miniroot63.fs image loaded on.
58908 Place the bsd.rd for OpenBSD 6.3 on the sd0i slice used by U-Boot for the kernel, and then edit the boot command to run it.</p>
58909 </blockquote>
58910
58911 <ul>
58912 <li>a tiny upgrade</li>
58913 </ul>
58914
58915 <blockquote>
58916 <p>The OpenBSD documentation is comprehensive, but there might be rough corners around what are probably edge cases in their user base. People running EdgeRouter Lite hardware for example, who are looking to upgrade from 6.2 to 6.3.
58917 The documentation, which gave us everything we needed last time, left me with some questions about how to upgrade. In INSTALL.octeon, the Upgrading section does mention:
58918 The best solution, whenever possible, is to backup your data and reinstall from scratch
58919 I had to check if that directive existed in the documentation for other architectures. I wondered if oceton users were getting singled out. We were not. Just simplicity and pragmatism.</p>
58920 </blockquote>
58921
58922 <ul>
58923 <li>Reading on:</li>
58924 </ul>
58925
58926 <blockquote>
58927 <p>To upgrade OpenBSD 6.3 from a previous version, start with the general instructions in the section "Installing OpenBSD".
58928 But that section requires us to boot off of TFTP or NFS. Which I don’t want to do right now. Could also use a USB stick with the miniroot63.fs installed on it.
58929 But as the ERL only has a single USB port, we would have to remove the USB stick with the current install on it. Once we get to the Install or Upgrade prompt, there would be nothing to upgrade.
58930 Well, I guess I could use a USB hub. But the ERL’s USB port is inside the case. With all the screws in. And the tools are neatly put away. And I’d have to pull the USB hub from behind a workstation. And it’s two am. And I cleaned up the cabling in the lab this past weekend. Looks nice for once.
58931 So I don’t want to futz around with all that.
58932 There must be an almost imperceptibly easier way of doing this than setting up a TFTP server or NFS share in five minutes… Right?</p>
58933 </blockquote>
58934
58935 <p><hr /></p>
58936
58937 <p><strong>iXsystems</strong>
58938 <a href="https://www.ixsystems.com/blog/boisetechshow-2018/">Boise Technology Show 2018 Recap</a></p>
58939
58940 <h3><a href="http://zfs.datto.com/">OpenZFS User Conference Slides & Videos</a></h3>
58941
58942 <ul>
58943 <li><a href="https://vimeo.com/album/5150026/video/266112599">Thank you ZFS</a></li>
58944 <li><a href="https://vimeo.com/album/5150026/video/266112475">ZSTD Compression</a></li>
58945 <li><a href="https://vimeo.com/album/5150026/video/266111164">Pool Layout Considerations</a></li>
58946 <li><a href="https://vimeo.com/album/5150026/video/266111346">ZFS Releases</a></li>
58947 <li><a href="https://vimeo.com/album/5150026/video/266112077">Helping Developers Help You</a></li>
58948 <li><a href="https://vimeo.com/album/5150026/video/266112233">ZFS and MySQL on Linux</a></li>
58949 <li><a href="https://vimeo.com/album/5150026/video/266110985">Micron</a></li>
58950 <li><a href="https://vimeo.com/album/5150026/video/266108105">OSNEXUS</a></li>
58951 <li><a href="https://vimeo.com/album/5150026/video/266107946">ZFS at Six Feet Up</a></li>
58952 <li><a href="https://vimeo.com/album/5150026/video/266107372">Flexible Disk Use with OpenZFS</a></li>
58953 </ul>
58954
58955 <p><hr /></p>
58956
58957 <h3><a href="https://jvns.ca/blog/2018/05/11/batch-editing-files-with-ed/">Batch editing files with ed</a></h3>
58958
58959 <ul>
58960 <li>what’s ‘ed’?</li>
58961 </ul>
58962
58963 <blockquote>
58964 <p>ed is this sort of terrifying text editor. A typical interaction with ed for me in the past has gone something like this:</p>
58965 </blockquote>
58966
58967 <p><code>
58968 $ ed
58969 help
58970 ?
58971 h
58972 ?
58973 asdfasdfasdfsadf
58974 ?
58975 <close terminal in frustration>
58976 </code></p>
58977
58978 <blockquote>
58979 <p>Basically if you do something wrong, ed will just print out a single, unhelpful, ?. So I’d basically dismissed ed as an old arcane Unix tool that had no practical use today.
58980 vi is a successor to ed, except with a visual interface instead of this ?</p>
58981 </blockquote>
58982
58983 <ul>
58984 <li>surprise: Ed is actually sort of cool and fun</li>
58985 </ul>
58986
58987 <blockquote>
58988 <p>So if Ed is a terrifying thing that only prints ? at you, why am I writing a blog post about it? WELL!!!!
58989 On April 1 this year, Michael W Lucas published a new short book called Ed Mastery. I like his writing, and even though it was sort of an april fool’s joke, it was ALSO a legitimate actual real book, and so I bought it and read it to see if his claims that Ed is actually interesting were true.
58990 And it was so cool!!!! I found out:</p>
58991 </blockquote>
58992
58993 <ul>
58994 <li>how to get Ed to give you better error messages than just ?</li>
58995 <li>that the name of the grep command comes from ed syntax (g/re/p)</li>
58996 <li>the basics of how to navigate and edit files using ed</li>
58997 </ul>
58998
58999 <blockquote>
59000 <p>All of that was a cool Unix history lesson, but did not make me want to actually use Ed in real life. But!!!</p>
59001
59002 <p>The other neat thing about Ed (that did make me want to use it!) is that any Ed session corresponds to a script that you can replay! So if I know Ed, then I can use Ed basically as a way to easily apply vim-macro-like programs to my files.</p>
59003 </blockquote>
59004
59005 <p><hr /></p>
59006
59007 <h2>Beastie Bits</h2>
59008
59009 <ul>
59010 <li><a href="https://blather.michaelwlucas.com/archives/3186">FreeBSD Mastery: Jails -- Help make it happen </a></li>
59011 <li><a href="https://www.youtube.com/watch?v=MsY-BafQgj4">Video: OpenZFS Basics presented by George Wilson and Matt Ahrens at Scale 16x back in March 2018</a></li>
59012 <li><a href="https://www.dragonflydigest.com/2018/05/17/21257.html">DragonFlyBSD’s IPFW gets highspeed lockless in-kernel NAT</a></li>
59013 <li><a href="https://www.reddit.com/r/openbsd/comments/8ei00k/a_love_letter_to_openbsd/">A Love Letter to OpenBSD</a></li>
59014 <li><a href="https://blather.michaelwlucas.com/archives/3176">New talks, and the F-bomb</a></li>
59015 <li><a href="https://manpages.bsd.lv/mdoc.html">Practical UNIX Manuals: mdoc</a></li>
59016 <li><a href="https://lists.freebsd.org/pipermail/freebsd-advocacy/2018-May/004758.html">BSD Meetup in Zurich: May 24th</a></li>
59017 <li><a href="https://www.eventbrite.com/e/the-polish-bsd-user-group-1-meetup-tickets-45941857332">BSD Meetup in Warsaw: May 24th</a></li>
59018 <li><a href="http://meetbsd.com/">MeetBSD 2018</a></li>
59019 </ul>
59020
59021 <p><hr /></p>
59022
59023 <p><strong>Tarsnap</strong></p>
59024
59025 <h2>Feedback/Questions</h2>
59026
59027 <ul>
59028 <li>Seth - <a href="http://dpaste.com/12R65X4#wrap">First time poudriere Builder</a></li>
59029 <li>Farhan - <a href="http://dpaste.com/1GHCGY5#wrap">Why we didn't go FreeBSD</a></li>
59030 <li>architech - <a href="http://dpaste.com/1H72FGE#wrap">Encryption Feedback</a></li>
59031 <li>Dave - <a href="http://dpaste.com/27YH93Y#wrap">Handy Tip on setting up automated coredump handling for FreeBSD</a></li>
59032 </ul>
59033
59034 <p><hr /></p>
59035
59036 <ul>
59037 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
59038 </ul>]]>
59039 </content:encoded>
59040 <itunes:summary>
59041 <![CDATA[<p>FreeBSD internship learnings, exciting developments coming to FreeBSD, running FreeNAS on DigitalOcean, Network Manager control for OpenBSD, OpenZFS User Conference Videos are here and batch editing files with ed.</p>
59042
59043 <h2>Headlines</h2>
59044
59045 <h3><a href="https://www.freebsdfoundation.org/blog/guest-blog-what-i-learned-during-my-freebsd-internship/">What I learned during my FreeBSD intership</a></h3>
59046
59047 <blockquote>
59048 <p>Hi, my name is Mitchell Horne. I am a computer engineering student at the University of Waterloo, currently in my third year of studies, and fortunate to have been one of the FreeBSD Foundation’s co-op students this past term (January to April). During this time I worked under Ed Maste, in the Foundation’s small Kitchener office, along with another co-op student Arshan Khanifar. My term has now come to an end, and so I’d like to share a little bit about my experience as a newcomer to FreeBSD and open-source development.</p>
59049
59050 <p>I’ll begin with some quick background — and a small admission of guilt. I have been an open-source user for a large part of my life. When I was a teenager I started playing around with Linux, which opened my eyes to the wider world of free software. Other than some small contributions to GNOME, my experience has been mostly as an end user; however, the value of these projects and the open-source philosophy was not lost on me, and is most of what motivated my interest in this position. Before beginning this term I had no personal experience with any of the BSDs, although I knew of their existence and was extremely excited to receive the position. I knew it would be a great opportunity for growth, but I must confess that my naivety about FreeBSD caused me to make the silent assumption that this would be a form of compromise — a stepping stone that would eventually allow me to work on open-source projects that are somehow “greater” or more “legitimate”. After four months spent immersed in this project I have learned how it operates, witnessed its community, and learned about its history. I am happy to admit that I was completely mistaken. Saying it now seems obvious, but FreeBSD is a project with its own distinct uses, goals, and identity. For many there may exist no greater opportunity than to work on FreeBSD full time, and with what I know now I would have a hard time coming up with a project that is more “legitimate”.</p>
59051 </blockquote>
59052
59053 <ul>
59054 <li>What I Liked</li>
59055 </ul>
59056
59057 <blockquote>
59058 <p>In all cases, the work I submitted this term was reviewed by no less than two people before being committed. The feedback and criticism I received was always both constructive and to the point, and it commented on everything from high-level ideas to small style issues. I appreciate having these thorough reviews in place, since I believe it ultimately encourages people to accept only their best work. It is indicative of the high quality that already exists within every aspect of this project, and this commitment to quality is something that should continue to be honored as a core value. As I’ve discovered in some of my previous work terms, it is all too easy cut corners in the name of a deadline or changing priorities, but the fact that FreeBSD doesn’t need to make these types of compromises is a testament to the power of free software.</p>
59059
59060 <p>It’s a small thing, but the quality and completeness of the FreeBSD documentation was hugely helpful throughout my term. Everything you might need to know about utilities, library functions, the kernel, and more can be found in a man page; and the handbook is a great resource as both an introduction to the operating system and a reference. I only wish I had taken some time earlier in the term to explore the different documents more thoroughly, as they cover a wide range of interesting and useful topics. The effort people put into writing and maintaining FreeBSD’s documentation is easy to overlook, but its value cannot be overstated.</p>
59061 </blockquote>
59062
59063 <ul>
59064 <li>What I Learned</li>
59065 </ul>
59066
59067 <blockquote>
59068 <p>Although there was a lot I enjoyed, there were certainly many struggles I faced throughout the term, and lessons to be learned from them. I expect that some of issues I faced may be specific to FreeBSD, while others may be common to open-source projects in general. I don’t have enough experience to speculate on which is which, so I will leave this to the reader.</p>
59069
59070 <p>The first lesson can be summed up simply: you have to advocate for your own work. FreeBSD is made up in large part by volunteer efforts, and in many cases there is more work to go around than people available to do it. A consequence of this is that there will not be anybody there to check up on you. Even in my position where I actually had a direct supervisor, Ed often had his plate full with so many other things that the responsibility to find someone to look at my work fell to me. Admittedly, a couple of smaller changes I worked on got left behind or stuck in review simply because there wasn’t a clear person/place to reach out to.</p>
59071
59072 <p>I think this is both a barrier of entry to FreeBSD and a mental hurdle that I needed to get over. If there’s a change you want to see included or reviewed, then you may have to be the one to push for it, and there’s nothing wrong with that. Perhaps this process should be easier for newcomers or infrequent contributors (the disconnect between Bugzilla and Phabricator definitely leaves a lot to be desired), but we also have to be aware that this simply isn’t the reality right now. Getting your work looked at may require a little bit more self-motivation, but I’d argue that there are much worse problems a project like FreeBSD could have than this.</p>
59073
59074 <p>I understand this a lot better now, but it is still something I struggle with. I’m not naturally the type of person who easily connects with others or asks for help, so I see this as an area for future growth rather than simply a struggle I encountered and overcame over the course of this work term. Certainly it is an important skill to understand the value of your own work, and equally important is the ability to communicate that value to others.</p>
59075
59076 <p>I also learned the importance of starting small. My first week or two on the job mainly involved getting set up and comfortable with the workflow. After this initial stage, I began exploring the project and found myself overwhelmed by its scale. With so many possible areas to investigate, and so much work happening at once, I felt quite lost on where to begin. Many of the potential projects I found were too far beyond my experience level, and most small bugs were picked up and fixed quickly by more experienced contributors before I could even get to them.</p>
59077
59078 <p>It’s easy to make the mistake that FreeBSD is made up solely of a few rock-star committers that do everything. This is how it appears at face-value, as reading through commits, bug reports, and mailing lists yields a few of the same names over and over. The reality is that just as important are the hundreds of users and infrequent contributors who take the time to submit bug reports, patches, or feedback. Even though there are some people who would fall under the umbrella of a rock-star committer, they didn’t get there overnight. Rather, they have built their skills and knowledge through many years of involvement in FreeBSD and similar projects.</p>
59079
59080 <p>As a student coming into this project and having high expectations of myself, it was easy to set the bar too high by comparing myself against those big committers, and feel that my work was insignificant, inadequate, and simply too infrequent. In reality, there is no reason I should have felt this way. In a way, this comparison is disrespectful to those who have reached this level, as it took them a long time to get there, and it’s a humbling reminder that any skill worth learning requires time, patience, and dedication. It is easy to focus on an end product and simply wish to be there, but in order to be truly successful one must start small, and find satisfaction in the struggle of learning something new. I take pride in the many small successes I’ve had throughout my term here, and appreciate the fact that my journey into FreeBSD and open-source software is only just beginning.</p>
59081 </blockquote>
59082
59083 <ul>
59084 <li>Closing Thoughts</li>
59085 </ul>
59086
59087 <blockquote>
59088 <p>I would like to close with some brief thank-you’s. First, to everyone at the Foundation for being so helpful, and allowing this position to exist in the first place. I am extremely grateful to have been given this unique opportunity to learn about and give back to the open-source world. I’d also like to thank my office mates; Ed: for being an excellent mentor, who offered an endless wealth of knowledge and willingness to share it. My classmate and fellow intern Arshan: for giving me a sense of camaraderie and the comforting reminder that at many moments he was as lost as I was. Finally, a quick thanks to everyone else I crossed paths with who offered reviews and advice. I appreciate your help and look forward to working with you all further.</p>
59089
59090 <p>I am walking away from this co-op with a much greater appreciation for this project, and have made it a goal to remain involved in some capacity. I feel that I’ve gained a little bit of a wider perspective on my place in the software world, something I never really got from my previous co-ops. Whether it ends up being just a stepping stone, or the beginning of much larger involvement, I thoroughly enjoyed my time here.</p>
59091 </blockquote>
59092
59093 <p><hr /></p>
59094
59095 <h3>Recent Developments in FreeBSD</h3>
59096
59097 <ul>
59098 <li><a href="https://svnweb.freebsd.org/base?view=revision&revision=333890">Support for encrypted, compressed (gzip and zstd), and network crash dumps enabled by default on most platforms</a></li>
59099 <li><a href="https://svnweb.freebsd.org/base?view=revision&revision=333649">Intel Microcode Splitter</a></li>
59100 <li><a href="https://svnweb.freebsd.org/base?view=revision&revision=334005">Intel Spec Store Bypass Disable control</a></li>
59101 <li><a href="https://svnweb.freebsd.org/base?view=revision&revision=333713">Raspberry Pi 3B+ Ethernet Driver</a></li>
59102 <li><a href="https://reviews.freebsd.org/D15522">IBRS for i386</a></li>
59103 <li>Upcoming:</li>
59104 <li><a href="https://reviews.freebsd.org/D15523">Microcode updater for AMD CPUs</a></li>
59105 <li><a href="https://reviews.freebsd.org/D15525">the RACK TCP/IP stack, from Netflix</a></li>
59106 <li>Voting in the FreeBSD Core Election begins today:</li>
59107 </ul>
59108
59109 <p><hr /></p>
59110
59111 <p><strong>DigitalOcean</strong>
59112 <a href="http://do.co/bsdnow">Digital Ocean Promo Link for BSD Now Listeners</a></p>
59113
59114 <p><hr /></p>
59115
59116 <h3><a href="http://www.shlomimarco.com/blog/running-freenas-on-a-digitalocean-droplet">Running FreeNAS on a DigitalOcean Droplet</a></h3>
59117
59118 <ul>
59119 <li>Need to backup your FreeNAS offsite? Run a locked down instance in the cloud, and replicate to it</li>
59120 <li>The tutorial walks though the steps of converting a fresh FreeBSD based droplet into a FreeNAS</li>
59121 <li>Create a droplet, and add a small secondary block-storage device</li>
59122 <li>Boot the droplet, login, and download FreeNAS</li>
59123 <li>Disable swap, enable ‘foot shooting’ mode in GEOM</li>
59124 <li>use dd to write the FreeNAS installer to the boot disk</li>
59125 <li>Reboot the droplet, and use the FreeNAS installer to install FreeNAS to the secondary block storage device</li>
59126 <li>Now, reimage the droplet with FreeBSD again, to replace the FreeNAS installer</li>
59127 <li>Boot, and dd FreeNAS from the secondary block storage device back to the boot disk</li>
59128 <li>You can now destroy the secondary block device</li>
59129 <li>Now you have a FreeNAS, and can take it from there.</li>
59130 <li>Use the FreeNAS replication wizard to configure sending snapshots from your home NAS to your cloud NAS</li>
59131 <li>Note: You might consider creating a new block storage device to create a larger pool, that you can more easily grow over time, rather than using the boot device in the droplet as your main pool.</li>
59132 </ul>
59133
59134 <p><hr /></p>
59135
59136 <h2>News Roundup</h2>
59137
59138 <h3><a href="http://www.vincentdelft.be/post/post_20180411">Network Manager Control for OpenBSD (Updated)</a></h3>
59139
59140 <ul>
59141 <li>Generalities</li>
59142 <li><p>I just remind the scope of this small tool:</p>
59143
59144 <ul><li>allow you to pre-define several cable or wifi connections</li>
59145 <li>let nmctl to connect automatically to the first available one</li>
59146 <li>allow you to easily switch from one network connection to an other one</li>
59147 <li>create openbox dynamic menus</li></ul></li>
59148 <li><p>Enhancements in this version</p></li>
59149 </ul>
59150
59151 <blockquote>
59152 <p>This is my second development version: 0.2.
59153 I've added performed several changes in the code:</p>
59154 </blockquote>
59155
59156 <ul>
59157 <li>code style cleanup, to better match the python recommendations</li>
59158 <li>adapt the tool to allow to connect to an Open-wifi having blancs in the name. This happens in some hotels</li>
59159 <li>implement a loop as work-around concerning the arp table issue.</li>
59160 </ul>
59161
59162 <blockquote>
59163 <p>The source code is still on the git of Sourceforge.net.
59164 You can see the files <a href="https://sourceforge.net/p/nmctl/code/ci/master/tree/">here</a></p>
59165
59166 <p>And you can download the last version <a href="https://sourceforge.net/p/nmctl/code/ci/master/tarball">here</a></p>
59167 </blockquote>
59168
59169 <ul>
59170 <li>Feedbacks after few months</li>
59171 </ul>
59172
59173 <blockquote>
59174 <p>I'm using this script on my OpenBSD laptop since about 5 months. In my case, I'm mainly using the openbox menus and the --restart option.</p>
59175 </blockquote>
59176
59177 <ul>
59178 <li>The Openbox menus</li>
59179 </ul>
59180
59181 <blockquote>
59182 <p>The openbox menus are working fine. As explain in my previous blog, I just have to create 2 entries in my openbox's menu.xml file, and all the rest comes automatically from nmctl itself thanks to the --list and --scan options.
59183 I've not changed this part of nmctl since it works as expected (for me :-) ).</p>
59184 </blockquote>
59185
59186 <ul>
59187 <li>The --restart option</li>
59188 </ul>
59189
59190 <blockquote>
59191 <p>Because I'm very lazy, and because OpenBSD is very simple to use, I've added the command "nmctl --restart" in the /etc/apm/resume script. Thanks to apmd, this script will be used each time I'm opening the lid of my laptop.
59192 In other words, each time I'll opening my laptop, nmctl will search the optimum network connection for me.
59193 But I had several issues in this scenario.
59194 Most of the problems were linked to the arp table issues. Indeed, in some circumstances, my proxy IP address was associated to the cable interface instead of the wifi interface or vice-versa. As consequence I'm not able to connect to the proxy, thus not able to connect to internet. So the ping to google (final test nmctl perform) is failing.
59195 Knowing that anyhow, I'm doing a full arp cleanup, it's not clear for me from where this problem come from. To solve this situation I've implemented a "retry" concept. In other words, before testing an another possible network connection (as listed in my /etc/nmctl.conf file), the script try 3x the current connection's parameters.
59196 If you want to reduce or increase this figures, you can do it via the --retry parameter.</p>
59197 </blockquote>
59198
59199 <ul>
59200 <li>Results of my expertise with this small tool</li>
59201 </ul>
59202
59203 <blockquote>
59204 <p>Where ever I'm located, my laptop is now connecting automatically to the wifi / cable connection previously identified for this location.
59205 Currently I have 3 places where I have Wifi credentials and 2 offices places where I just have to plug the network cable.
59206 Since the /etc/apm/resume scripts is triggered when I open the lid of the laptop, I just have to make sure that I plug the RJ45 before opening the laptop. For the rest, I do not have to type any commands, OpenBSD do all what is needed ;-).
59207 I hotels or restaurants, I can just connect to the Open Wifi thanks to the openbox menu created by "nmctl --scan".</p>
59208 </blockquote>
59209
59210 <ul>
59211 <li><p>Next steps</p></li>
59212 <li><p>Documentation</p></li>
59213 </ul>
59214
59215 <blockquote>
59216 <p>The tool is missing lot of documentation. I appreciate OpenBSD for his great documentation, so I have to do the same.
59217 I plan to write a README and a man page at first instances.
59218 But since my laziness, I will do it as soon as I see some interest for this tool from other persons.</p>
59219 </blockquote>
59220
59221 <ul>
59222 <li>Tests</li>
59223 </ul>
59224
59225 <blockquote>
59226 <p>I now have to travel and see how to see the script react on the different situations.
59227 Interested persons are welcome to share with me the outcome of their tests.
59228 I'm curious how it work.</p>
59229 </blockquote>
59230
59231 <p><hr /></p>
59232
59233 <h3><a href="https://an.undulating.space/post/180411-erl-openbsd-upgrade/">OpenBSD 6.3 on EdgeRouter Lite simple upgrade method</a></h3>
59234
59235 <ul>
59236 <li>TL;DR</li>
59237 </ul>
59238
59239 <blockquote>
59240 <p>OpenBSD 6.3 oceton upgrade instructions may not factor that your ERL is running from the USB key they want wiped with the miniroot63.fs image loaded on.
59241 Place the bsd.rd for OpenBSD 6.3 on the sd0i slice used by U-Boot for the kernel, and then edit the boot command to run it.</p>
59242 </blockquote>
59243
59244 <ul>
59245 <li>a tiny upgrade</li>
59246 </ul>
59247
59248 <blockquote>
59249 <p>The OpenBSD documentation is comprehensive, but there might be rough corners around what are probably edge cases in their user base. People running EdgeRouter Lite hardware for example, who are looking to upgrade from 6.2 to 6.3.
59250 The documentation, which gave us everything we needed last time, left me with some questions about how to upgrade. In INSTALL.octeon, the Upgrading section does mention:
59251 The best solution, whenever possible, is to backup your data and reinstall from scratch
59252 I had to check if that directive existed in the documentation for other architectures. I wondered if oceton users were getting singled out. We were not. Just simplicity and pragmatism.</p>
59253 </blockquote>
59254
59255 <ul>
59256 <li>Reading on:</li>
59257 </ul>
59258
59259 <blockquote>
59260 <p>To upgrade OpenBSD 6.3 from a previous version, start with the general instructions in the section "Installing OpenBSD".
59261 But that section requires us to boot off of TFTP or NFS. Which I don’t want to do right now. Could also use a USB stick with the miniroot63.fs installed on it.
59262 But as the ERL only has a single USB port, we would have to remove the USB stick with the current install on it. Once we get to the Install or Upgrade prompt, there would be nothing to upgrade.
59263 Well, I guess I could use a USB hub. But the ERL’s USB port is inside the case. With all the screws in. And the tools are neatly put away. And I’d have to pull the USB hub from behind a workstation. And it’s two am. And I cleaned up the cabling in the lab this past weekend. Looks nice for once.
59264 So I don’t want to futz around with all that.
59265 There must be an almost imperceptibly easier way of doing this than setting up a TFTP server or NFS share in five minutes… Right?</p>
59266 </blockquote>
59267
59268 <p><hr /></p>
59269
59270 <p><strong>iXsystems</strong>
59271 <a href="https://www.ixsystems.com/blog/boisetechshow-2018/">Boise Technology Show 2018 Recap</a></p>
59272
59273 <h3><a href="http://zfs.datto.com/">OpenZFS User Conference Slides & Videos</a></h3>
59274
59275 <ul>
59276 <li><a href="https://vimeo.com/album/5150026/video/266112599">Thank you ZFS</a></li>
59277 <li><a href="https://vimeo.com/album/5150026/video/266112475">ZSTD Compression</a></li>
59278 <li><a href="https://vimeo.com/album/5150026/video/266111164">Pool Layout Considerations</a></li>
59279 <li><a href="https://vimeo.com/album/5150026/video/266111346">ZFS Releases</a></li>
59280 <li><a href="https://vimeo.com/album/5150026/video/266112077">Helping Developers Help You</a></li>
59281 <li><a href="https://vimeo.com/album/5150026/video/266112233">ZFS and MySQL on Linux</a></li>
59282 <li><a href="https://vimeo.com/album/5150026/video/266110985">Micron</a></li>
59283 <li><a href="https://vimeo.com/album/5150026/video/266108105">OSNEXUS</a></li>
59284 <li><a href="https://vimeo.com/album/5150026/video/266107946">ZFS at Six Feet Up</a></li>
59285 <li><a href="https://vimeo.com/album/5150026/video/266107372">Flexible Disk Use with OpenZFS</a></li>
59286 </ul>
59287
59288 <p><hr /></p>
59289
59290 <h3><a href="https://jvns.ca/blog/2018/05/11/batch-editing-files-with-ed/">Batch editing files with ed</a></h3>
59291
59292 <ul>
59293 <li>what’s ‘ed’?</li>
59294 </ul>
59295
59296 <blockquote>
59297 <p>ed is this sort of terrifying text editor. A typical interaction with ed for me in the past has gone something like this:</p>
59298 </blockquote>
59299
59300 <p><code>
59301 $ ed
59302 help
59303 ?
59304 h
59305 ?
59306 asdfasdfasdfsadf
59307 ?
59308 <close terminal in frustration>
59309 </code></p>
59310
59311 <blockquote>
59312 <p>Basically if you do something wrong, ed will just print out a single, unhelpful, ?. So I’d basically dismissed ed as an old arcane Unix tool that had no practical use today.
59313 vi is a successor to ed, except with a visual interface instead of this ?</p>
59314 </blockquote>
59315
59316 <ul>
59317 <li>surprise: Ed is actually sort of cool and fun</li>
59318 </ul>
59319
59320 <blockquote>
59321 <p>So if Ed is a terrifying thing that only prints ? at you, why am I writing a blog post about it? WELL!!!!
59322 On April 1 this year, Michael W Lucas published a new short book called Ed Mastery. I like his writing, and even though it was sort of an april fool’s joke, it was ALSO a legitimate actual real book, and so I bought it and read it to see if his claims that Ed is actually interesting were true.
59323 And it was so cool!!!! I found out:</p>
59324 </blockquote>
59325
59326 <ul>
59327 <li>how to get Ed to give you better error messages than just ?</li>
59328 <li>that the name of the grep command comes from ed syntax (g/re/p)</li>
59329 <li>the basics of how to navigate and edit files using ed</li>
59330 </ul>
59331
59332 <blockquote>
59333 <p>All of that was a cool Unix history lesson, but did not make me want to actually use Ed in real life. But!!!</p>
59334
59335 <p>The other neat thing about Ed (that did make me want to use it!) is that any Ed session corresponds to a script that you can replay! So if I know Ed, then I can use Ed basically as a way to easily apply vim-macro-like programs to my files.</p>
59336 </blockquote>
59337
59338 <p><hr /></p>
59339
59340 <h2>Beastie Bits</h2>
59341
59342 <ul>
59343 <li><a href="https://blather.michaelwlucas.com/archives/3186">FreeBSD Mastery: Jails -- Help make it happen </a></li>
59344 <li><a href="https://www.youtube.com/watch?v=MsY-BafQgj4">Video: OpenZFS Basics presented by George Wilson and Matt Ahrens at Scale 16x back in March 2018</a></li>
59345 <li><a href="https://www.dragonflydigest.com/2018/05/17/21257.html">DragonFlyBSD’s IPFW gets highspeed lockless in-kernel NAT</a></li>
59346 <li><a href="https://www.reddit.com/r/openbsd/comments/8ei00k/a_love_letter_to_openbsd/">A Love Letter to OpenBSD</a></li>
59347 <li><a href="https://blather.michaelwlucas.com/archives/3176">New talks, and the F-bomb</a></li>
59348 <li><a href="https://manpages.bsd.lv/mdoc.html">Practical UNIX Manuals: mdoc</a></li>
59349 <li><a href="https://lists.freebsd.org/pipermail/freebsd-advocacy/2018-May/004758.html">BSD Meetup in Zurich: May 24th</a></li>
59350 <li><a href="https://www.eventbrite.com/e/the-polish-bsd-user-group-1-meetup-tickets-45941857332">BSD Meetup in Warsaw: May 24th</a></li>
59351 <li><a href="http://meetbsd.com/">MeetBSD 2018</a></li>
59352 </ul>
59353
59354 <p><hr /></p>
59355
59356 <p><strong>Tarsnap</strong></p>
59357
59358 <h2>Feedback/Questions</h2>
59359
59360 <ul>
59361 <li>Seth - <a href="http://dpaste.com/12R65X4#wrap">First time poudriere Builder</a></li>
59362 <li>Farhan - <a href="http://dpaste.com/1GHCGY5#wrap">Why we didn't go FreeBSD</a></li>
59363 <li>architech - <a href="http://dpaste.com/1H72FGE#wrap">Encryption Feedback</a></li>
59364 <li>Dave - <a href="http://dpaste.com/27YH93Y#wrap">Handy Tip on setting up automated coredump handling for FreeBSD</a></li>
59365 </ul>
59366
59367 <p><hr /></p>
59368
59369 <ul>
59370 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
59371 </ul>]]>
59372 </itunes:summary>
59373 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+RvyyE9D2</fireside:playerURL>
59374 <fireside:playerEmbedCode>
59375 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+RvyyE9D2" width="740" height="200" frameborder="0" scrolling="no">]]>
59376 </fireside:playerEmbedCode>
59377 </item>
59378 <item>
59379 <title>Episode 246: Properly Coordinated Disclosure | BSD Now 246</title>
59380 <link>https://www.bsdnow.tv/246</link>
59381 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-1954</guid>
59382 <pubDate>Wed, 16 May 2018 22:00:00 -0700</pubDate>
59383 <author>Allan Jude</author>
59384 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ef0afdeb-1a67-441c-9317-8405a2572cd6.mp3" length="54017115" type="audio/mp3"/>
59385 <itunes:episodeType>full</itunes:episodeType>
59386 <itunes:author>Allan Jude</itunes:author>
59387 <itunes:subtitle>How Intel docs were misinterpreted by almost any OS, a look at the mininet SDN emulator, do’s and don’ts for FreeBSD, OpenBSD community going gold, ed mastery is a must read, and the distributed object store minio on FreeBSD.</itunes:subtitle>
59388 <itunes:duration>1:29:54</itunes:duration>
59389 <itunes:explicit>no</itunes:explicit>
59390 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
59391 <description>How Intel docs were misinterpreted by almost any OS, a look at the mininet SDN emulator, do’s and don’ts for FreeBSD, OpenBSD community going gold, ed mastery is a must read, and the distributed object store minio on FreeBSD.
59392 <h2>Headlines</h2>
59393 <h3><a href="https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html">Intel documentation flaw sees instruction misimplemented in almost every OS</a></h3>
59394
59395 <blockquote>
59396 <p>A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash.
59397 OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.
59398 + A detailed white paper describes this behavior <a href="http://everdox.net/popss.pdf">here</a>
59399 + <a href="https://svnweb.freebsd.org/base?view=revision&amp;revision=333368">FreeBSD Commit</a>
59400 Thank you to the MSRC Incident Response Team, and in particular Greg Lenti and Nate Warfield, for coordinating the response to this issue across multiple vendors.
59401 Thanks to Computer Recycling at The Working Center of Kitchener for making hardware available to allow us to test the patch on additional CPU families.
59402 + <a href="https://www.freebsd.org/security/advisories/FreeBSD-SA-18:06.debugreg.asc">FreeBSD Security Advisory</a>
59403 + <a href="https://www.dragonflydigest.com/2018/05/09/21231.html">DragonFlyBSD Post</a>
59404 + <a href="https://www.kb.cert.org/vuls/id/CHEU-AYC3MZ">NetBSD does not support debug register and so is not affected.</a>
59405 + <a href="https://www.kb.cert.org/vuls/id/CHEU-AYC3MR">OpenBSD also appears to not be affected, “We are not aware of further vendor information regarding this vulnerability.”</a>
59406 + <a href="https://illumos.topicbox.com/groups/developer/T9cd475bd5497caa9">IllumOS Not Impacted</a></p>
59407 </blockquote>
59408
59409 <hr />
59410 <h3><a href="https://www.freebsdfoundation.org/blog/guest-post-a-look-at-sdn-emulator-mininet/">Guest Post – A Look at SDN Emulator Mininet</a></h3>
59411
59412 <ul>
59413 <li>A guest post on the FreeBSD Foundation’s blog by developer Ayaka Koshibe
59414
59415
59416 <blockquote>
59417 At this year’s AsiaBSDCon, I presented a talk about a SDN network emulator called Mininet, and my ongoing work to make it more portable. That presentation was focused on the OpenBSD version of the port, and I breezed past the detail that I also had a version or Mininet working on FreeBSD. Because I was given the opportunity, I’d like to share a bit about the FreeBSD version of Mininet. It will not only be about what Mininet is and why it might be interesting, but also a recounting of my experience as a user making a first-time attempt at porting an application to FreeBSD.
59418 Mininet started off as a tool used by academic researchers to emulate OpenFlow networks when they didn’t have convenient access to actual networks. Because of its history, Mininet became associated strongly with networks that use OpenFlow for their control channels. But, it has also become fairly popular among developers working in, and among several universities for research and teaching about, SDN (Software Defined Networking)
59419 I began using Mininet as an intern at my university’s network research lab. I was using FreeBSD by that time, and wasn’t too happy to learn that Mininet wouldn’t work on anything but Linux. I gradually got tired of having to run a Linux VM just to use Mininet, and one day it clicked in my mind that I can actually try porting it to FreeBSD.
59420 Mininet creates a topology using the resource virtualization features that Linux has. Specifically, nodes are bash processes running in network namespaces, and the nodes are interconnected using veth virtual Ethernet links. Switches and controllers are just nodes whose shells have run the right commands to configure a software switch or start a controller application. Mininet can therefore be viewed as a series of Python libraries that run the system commands necessary to create network namespaces and veth interfaces, assemble a specified topology, and coordinate how user commands aimed at nodes (since they are just shells) are run.
59421 Coming back to the port, I chose to use vnet jails to replace the network namespaces, and epair(4) links to replace the veth links. For the SDN functionality, I needed at least one switch and controller that can be run on FreeBSD. I chose OpenvSwitch(OVS) for the switch, since it was available in ports and is well-known by the SDN world, and Ryu for the controller since it’s being actively developed and used and supports more recent versions of OpenFlow.
59422 I have discussed the possibility of upstreaming my work. Although they were excited about it, I was asked about a script for creating VMs with Mininet preinstalled, and continuous integration support for my fork of the repository. I started taking a look at the release scripts for creating a VM, and after seeing that it would be much easier to use the scripts if I can get Mininet and Ryu added to the ports tree, I also tried a hand at submitting some ports. For CI support, Mininet uses Travis, which unfortunately doesn’t support FreeBSD. For this, I plan to look at a minimalistic CI tool called contbuild, which looks simple enough to get running and is written portably.
59423 This is very much a work-in-progress, and one going at a glacial pace. Even though the company that I work for does use Mininet, but doesn’t use FreeBSD, so this is something that I’ve been working on in my free time. Earlier on, it was the learning curve that made progress slow. When I started, I hadn’t done anything more than run FreeBSD on a laptop, and uneventfully build a few applications from the ports tree. Right off the bat, using vnet jails meant learning how to build and run a custom kernel. This was the easy part, as the handbook was clear about how to do this. When I moved from using FreeBSD 10.3 to 11, I found that I can panic my machine by quickly creating and destroying OVS switches and jails. I submitted a bug report, but decided to go one step further and actually try to debug the panic for myself. With the help of a few people well-versed in systems programming and the developer’s handbook, I was able to come up with a fix, and get it accepted. This pretty much brings my porting experiment to the present day, where I’m slowly working out the pieces that I mentioned earlier.
59424 In the beginning, I thought that this Mininet port would be a weekend project where I come out knowing thing or two about using vnet jails and with one less VM to run. Instead, it became a crash course in building and debugging kernels and submitting bug reports, patches, and ports. It’d like to mention that I wouldn’t have gotten far at all if it weren’t for the helpful folks, the documentation, and how debuggable FreeBSD is. I enjoy good challenges and learning experiences, and this has definitely been both.</li>
59425 <li>Thank you to Ayaka for working to port Mininet to the BSDs, and for sharing her experiences with us.</li>
59426 <li>If you want to see the OpenBSD version of the talk, the video from <a href="https://www.youtube.com/watch?v=Vg9Czjm9aV8">AsiaBSDCon is here</a>, and it will be presented again at BSDCan.</li>
59427 </ul>
59428 <hr />
59429 </blockquote>
59430
59431 **iXsystems**
59432 [iXsystems LFNW Recap](https://www.ixsystems.com/blog/lfnw-2018-recap/)
59433
59434
59435 <hr />
59436
59437
59438
59439
59440
59441 <h3><a href="https://forums.freebsd.org/threads/10-dos-and-dont-for-freebsd.65618/">10 Beginner Do's and Don't for FreeBSD</a></h3>
59442
59443 <ul>
59444 <li>1) Don't mix ports and binary packages</li>
59445 <li>2) Don't edit 'default' files</li>
59446 <li>3) Don't mess with /etc/crontab</li>
59447 <li>4) Don't mess with /etc/passwd and /etc/groups either!</li>
59448 <li>5) Reconsider the removal of any options from your customized kernel configuration</li>
59449 <li>6) Don't change the root shell to something else</li>
59450 <li>7) Don't use the root user all the time</li>
59451 <li>8) /var/backups is a thing</li>
59452 <li>9) Check system integrity using /etc/mtree</li>
59453 <li>10) What works for me doesn't have to work for you!</li>
59454 </ul>
59455
59456 <hr />
59457 <h2>News Roundup</h2>
59458
59459 <h3><a href="https://undeadly.org/cgi?action=article;sid=20180419060427">OpenBSD Community Goes Gold for 2018!</a></h3>
59460
59461 <ul>
59462 <li>Ken Westerback (krw@ when wearing his developer hat) writes:</li>
59463 </ul>
59464
59465 <p>```
59466 Monthly paypal donations from the OpenBSD community have made the community the OpenBSD Foundation's first Gold level contributor for 2018!</p>
59467
59468 <p>2018 is the third consecutive year that the community has reached Gold status or better.</p>
59469
59470 <p>These monthly paypal commitments by the community are our most reliable source of funds and thus the most useful for financial planning purposes. We are extremely thankful for the continuing support and hope the community matches their 2017 achievement of Platinum status. Or even their 2016 achievement of Iridium status.</p>
59471
59472 <p>Sign up now for a monthly donation!</p>
59473
59474 <p>Note that Bitcoin contributions have been re-enabled now that our Bitcoin intermediary has re-certified our Canadian paperwork.</p>
59475
59476 <p>https://www.openbsdfoundation.org/donations.html
59477 ```</p>
59478
59479 <hr />
59480 <h3><a href="http://bsdly.blogspot.com/2018/04/ed1-mastery-is-must-for-real-unix-person.html">ed(1) mastery is a must read for real unix people</a></h3>
59481
59482 <blockquote>
59483 <p>In some circles on the Internet, your choice of text editor is a serious matter.</p>
59484
59485 <p>We've all seen the threads on mailing lits, USENET news groups and web forums about the relative merits of Emacs vs vi, including endless iterations of flame wars, and sometimes even involving lesser known or non-portable editing environments.</p>
59486
59487 <p>And then of course, from the Linux newbies we have seen an endless stream of tweeted graphical 'memes' about the editor vim (aka 'vi Improved') versus the various apparently friendlier-to-some options such as GNU nano. Apparently even the 'improved' version of the classical and ubiquitous vi(1) editor is a challenge even to exit for a significant subset of the younger generation.</p>
59488
59489 <p>Yes, your choice of text editor or editing environment is a serious matter. Mainly because text processing is so fundamental to our interactions with computers.</p>
59490
59491 <p>But for those of us who keep our systems on a real Unix (such as OpenBSD or FreeBSD), there is no real contest. The OpenBSD base system contains several text editors including vi(1) and the almost-emacs mg(1), but ed(1) remains the standard editor.</p>
59492
59493 <p>Now Michael Lucas has written a book to guide the as yet uninitiated to the fundamentals of the original Unix text editor. It is worth keeping in mind that much of Unix and its original standard text editor written back when the standard output and default user interface was more likely than not a printing terminal.</p>
59494
59495 <p>To some of us, reading and following the narrative of Ed Mastery is a trip down memory lane. To others, following along the text will illustrate the horror of the world of pre-graphic computer interfaces. For others again, the fact that ed(1) doesn't use your terminal settings much at all offers hope of fixing things when something or somebody screwed up your system so you don't have a working terminal for that visual editor.</p>
59496 </blockquote>
59497
59498 <hr />
59499 <p><strong>DigitalOcean</strong>
59500 <a href="http://do.co/bsdnow">Digital Ocean Promo Link for BSD Now Listeners</a></p>
59501
59502 <hr />
59503 <h3><a href="https://vermaden.wordpress.com/2018/04/16/distributed-object-storage-with-minio-on-freebsd/">Distributed Object Storage with Minio on FreeBSD</a></h3>
59504
59505 <blockquote>
59506 <p>Free and open source distributed object storage server compatible with Amazon S3 v2/v4 API. Offers data protection against hardware failures using erasure code and bitrot detection. Supports highly available distributed setup. Provides confidentiality, integrity and authenticity assurances for encrypted data with negligible performance overhead. Both server side and client side encryption are supported. Below is the image of example Minio setup.</p>
59507 </blockquote>
59508
59509 <ul>
59510 <li><a href="https://vermaden.files.wordpress.com/2018/04/minio-architecture-diagram-distributed.jpg?w=960">Architecture Diagram </a></li>
59511 </ul>
59512
59513 <p>The Minio identifies itself as the ZFS of Cloud Object Storage. This guide will show You how to setup highly available distributed Minio storage on the FreeBSD operating system with ZFS as backend for Minio data. For convenience we will use FreeBSD Jails operating system level virtualization.</p>
59514
59515 <ul>
59516 <li>Setup</li>
59517 </ul>
59518
59519 <blockquote>
59520 <p>The setup will assume that You have 3 datacenters and assumption that you have two datacenters in whose the most of the data must reside and that the third datacenter is used as a ‘quorum/witness’ role. Distributed Minio supports up to 16 nodes/drives total, so we may juggle with that number to balance data between desired datacenters. As we have 16 drives to allocate resources on 3 sites we will use 7 + 7 + 2 approach here. The datacenters where most of the data must reside have 7/16 ratio while the ‘quorum/witness’ datacenter have only 2/16 ratio. Thanks to built in Minio redundancy we may loose (turn off for example) any one of those machines and our object storage will still be available and ready to use for any purpose.</p>
59521 </blockquote>
59522
59523 <ul>
59524 <li>Jails</li>
59525 </ul>
59526
59527 <blockquote>
59528 <p>First we will create 3 jails for our proof of concept Minio setup, storage1 will have the ‘quorum/witness’ role while storage2 and storage3 will have the ‘data’ role. To distinguish commands I type on the host system and storageX Jail I use two different prompts, this way it should be obvious what command to execute and where.</p>
59529 </blockquote>
59530
59531 <ul>
59532 <li>WeI know the FreeNAS people have been working on integrating this</li>
59533 </ul>
59534
59535 <hr />
59536 <h3><a href="https://kristaps.bsd.lv/kcgi/tutorial6.html">Best practises for pledge(2) security</a></h3>
59537
59538 <blockquote>
59539 <p>Let's set the record straight for securing kcgi CGI and FastCGI applications with pledge(2). This is focussed on secure OpenBSD deployments.</p>
59540 </blockquote>
59541
59542 <ul>
59543 <li>Theory</li>
59544 </ul>
59545
59546 <blockquote>
59547 <p>Internally, kcgi makes considerable use of available security tools. But it's also designed to be invoked in a secure environment. We'll start with pledge(2), which has been around on OpenBSD since version 5.9. If you're reading this tutorial, you're probably on OpenBSD, and you probably have knowledge of pledge(2).</p>
59548
59549 <p>How to begin? Read kcgi(3). It includes canonical information on which pledge(2) promises you'll need for each function in the library. This is just a tutorial—the manpage is canonical and overrides what you may read here.</p>
59550
59551 <p>Next, assess the promises that your application needs. From kcgi(3), it's easy to see which promises we'll need to start. You'll need to augment this list with whichever tools you're also using. The general push is to start with the broadest set of required promises, then restrict as quickly as possible. Sometimes this can be done in a single pledge(2), but other times it takes a few.</p>
59552 </blockquote>
59553
59554 <hr />
59555 <h2>Beastie Bits</h2>
59556
59557 <ul>
59558 <li><a href="http://mailman.uk.freebsd.org/pipermail/ukfreebsd/2018-April/014194.html">April's London *BSD meetup - notes</a></li>
59559 <li><a href="http://mailman.uk.freebsd.org/pipermail/ukfreebsd/2018-May/014198.html">May’s London *BSD Meetup: May 22nd </a></li>
59560 <li><a href="https://2018.eurobsdcon.org/call-for-papers/">Call for Papers for EuroBSDcon 2018</a></li>
59561 <li><a href="https://www.freebsdfoundation.org/journal/">FreeBSD Journal March/April Desktop/Laptop issue</a></li>
59562 <li><a href="https://lwn.net/Articles/752063/">LWN followup on the PostgreSQL fsync() issue</a></li>
59563 <li><a href="https://awards.acm.org/outstanding-contribution">The Association for Computing Machinery recognizes Steve Bourne for outstanding contributions</a></li>
59564 </ul>
59565
59566 <hr />
59567 <h2>Feedback/Questions</h2>
59568
59569 <ul>
59570 <li>Ray - <a href="http://dpaste.com/1F8RX6H#wrap">Speaking at Conferences</a></li>
59571 <li>Casey - <a href="http://dpaste.com/364FTMM#wrap">Questions</a></li>
59572 <li>Jeremy - <a href="http://dpaste.com/3GWHP9N#wrap">zfs in the enterprise</a>
59573 <ul><li><a href="https://wiki.freebsd.org/HAST">HAST + ZFS</a></li></ul></li>
59574 <li>Lars - <a href="http://dpaste.com/1HDZFA3">Civil Infrastructure Platform use of *BSD</a></li>
59575 </ul>
59576
59577 <hr />
59578 <ul>
59579 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
59580 </ul>
59581 </description>
59582 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, tutorial, howto, guide, bsd, interview, MinIO, SDN Emulator Mininet, PostgresQL</itunes:keywords>
59583 <content:encoded>
59584 <
59629
59630
59631 <hr />
59632
59633
59634
59635
59636
59637 <h3><a href="https://forums.freebsd.org/threads/10-dos-and-dont-for-freebsd.65618/">10 Beginner Do's and Don't for FreeBSD</a></h3>
59638
59639 <ul>
59640 <li>1) Don't mix ports and binary packages</li>
59641 <li>2) Don't edit 'default' files</li>
59642 <li>3) Don't mess with /etc/crontab</li>
59643 <li>4) Don't mess with /etc/passwd and /etc/groups either!</li>
59644 <li>5) Reconsider the removal of any options from your customized kernel configuration</li>
59645 <li>6) Don't change the root shell to something else</li>
59646 <li>7) Don't use the root user all the time</li>
59647 <li>8) /var/backups is a thing</li>
59648 <li>9) Check system integrity using /etc/mtree</li>
59649 <li>10) What works for me doesn't have to work for you!</li>
59650 </ul>
59651
59652 <p><hr /></p>
59653
59654 <h2>News Roundup</h2>
59655
59656 <h3><a href="https://undeadly.org/cgi?action=article;sid=20180419060427">OpenBSD Community Goes Gold for 2018!</a></h3>
59657
59658 <ul>
59659 <li>Ken Westerback (krw@ when wearing his developer hat) writes:</li>
59660 </ul>
59661
59662 <p>```
59663 Monthly paypal donations from the OpenBSD community have made the community the OpenBSD Foundation's first Gold level contributor for 2018!</p>
59664
59665 <p>2018 is the third consecutive year that the community has reached Gold status or better.</p>
59666
59667 <p>These monthly paypal commitments by the community are our most reliable source of funds and thus the most useful for financial planning purposes. We are extremely thankful for the continuing support and hope the community matches their 2017 achievement of Platinum status. Or even their 2016 achievement of Iridium status.</p>
59668
59669 <p>Sign up now for a monthly donation!</p>
59670
59671 <p>Note that Bitcoin contributions have been re-enabled now that our Bitcoin intermediary has re-certified our Canadian paperwork.</p>
59672
59673 <p>https://www.openbsdfoundation.org/donations.html
59674 ```</p>
59675
59676 <p><hr /></p>
59677
59678 <h3><a href="http://bsdly.blogspot.com/2018/04/ed1-mastery-is-must-for-real-unix-person.html">ed(1) mastery is a must read for real unix people</a></h3>
59679
59680 <blockquote>
59681 <p>In some circles on the Internet, your choice of text editor is a serious matter.</p>
59682
59683 <p>We've all seen the threads on mailing lits, USENET news groups and web forums about the relative merits of Emacs vs vi, including endless iterations of flame wars, and sometimes even involving lesser known or non-portable editing environments.</p>
59684
59685 <p>And then of course, from the Linux newbies we have seen an endless stream of tweeted graphical 'memes' about the editor vim (aka 'vi Improved') versus the various apparently friendlier-to-some options such as GNU nano. Apparently even the 'improved' version of the classical and ubiquitous vi(1) editor is a challenge even to exit for a significant subset of the younger generation.</p>
59686
59687 <p>Yes, your choice of text editor or editing environment is a serious matter. Mainly because text processing is so fundamental to our interactions with computers.</p>
59688
59689 <p>But for those of us who keep our systems on a real Unix (such as OpenBSD or FreeBSD), there is no real contest. The OpenBSD base system contains several text editors including vi(1) and the almost-emacs mg(1), but ed(1) remains the standard editor.</p>
59690
59691 <p>Now Michael Lucas has written a book to guide the as yet uninitiated to the fundamentals of the original Unix text editor. It is worth keeping in mind that much of Unix and its original standard text editor written back when the standard output and default user interface was more likely than not a printing terminal.</p>
59692
59693 <p>To some of us, reading and following the narrative of Ed Mastery is a trip down memory lane. To others, following along the text will illustrate the horror of the world of pre-graphic computer interfaces. For others again, the fact that ed(1) doesn't use your terminal settings much at all offers hope of fixing things when something or somebody screwed up your system so you don't have a working terminal for that visual editor.</p>
59694 </blockquote>
59695
59696 <p><hr /></p>
59697
59698 <p><strong>DigitalOcean</strong>
59699 <a href="http://do.co/bsdnow">Digital Ocean Promo Link for BSD Now Listeners</a></p>
59700
59701 <p><hr /></p>
59702
59703 <h3><a href="https://vermaden.wordpress.com/2018/04/16/distributed-object-storage-with-minio-on-freebsd/">Distributed Object Storage with Minio on FreeBSD</a></h3>
59704
59705 <blockquote>
59706 <p>Free and open source distributed object storage server compatible with Amazon S3 v2/v4 API. Offers data protection against hardware failures using erasure code and bitrot detection. Supports highly available distributed setup. Provides confidentiality, integrity and authenticity assurances for encrypted data with negligible performance overhead. Both server side and client side encryption are supported. Below is the image of example Minio setup.</p>
59707 </blockquote>
59708
59709 <ul>
59710 <li><a href="https://vermaden.files.wordpress.com/2018/04/minio-architecture-diagram-distributed.jpg?w=960">Architecture Diagram </a></li>
59711 </ul>
59712
59713 <p>The Minio identifies itself as the ZFS of Cloud Object Storage. This guide will show You how to setup highly available distributed Minio storage on the FreeBSD operating system with ZFS as backend for Minio data. For convenience we will use FreeBSD Jails operating system level virtualization.</p>
59714
59715 <ul>
59716 <li>Setup</li>
59717 </ul>
59718
59719 <blockquote>
59720 <p>The setup will assume that You have 3 datacenters and assumption that you have two datacenters in whose the most of the data must reside and that the third datacenter is used as a ‘quorum/witness’ role. Distributed Minio supports up to 16 nodes/drives total, so we may juggle with that number to balance data between desired datacenters. As we have 16 drives to allocate resources on 3 sites we will use 7 + 7 + 2 approach here. The datacenters where most of the data must reside have 7/16 ratio while the ‘quorum/witness’ datacenter have only 2/16 ratio. Thanks to built in Minio redundancy we may loose (turn off for example) any one of those machines and our object storage will still be available and ready to use for any purpose.</p>
59721 </blockquote>
59722
59723 <ul>
59724 <li>Jails</li>
59725 </ul>
59726
59727 <blockquote>
59728 <p>First we will create 3 jails for our proof of concept Minio setup, storage1 will have the ‘quorum/witness’ role while storage2 and storage3 will have the ‘data’ role. To distinguish commands I type on the host system and storageX Jail I use two different prompts, this way it should be obvious what command to execute and where.</p>
59729 </blockquote>
59730
59731 <ul>
59732 <li>WeI know the FreeNAS people have been working on integrating this</li>
59733 </ul>
59734
59735 <p><hr /></p>
59736
59737 <h3><a href="https://kristaps.bsd.lv/kcgi/tutorial6.html">Best practises for pledge(2) security</a></h3>
59738
59739 <blockquote>
59740 <p>Let's set the record straight for securing kcgi CGI and FastCGI applications with pledge(2). This is focussed on secure OpenBSD deployments.</p>
59741 </blockquote>
59742
59743 <ul>
59744 <li>Theory</li>
59745 </ul>
59746
59747 <blockquote>
59748 <p>Internally, kcgi makes considerable use of available security tools. But it's also designed to be invoked in a secure environment. We'll start with pledge(2), which has been around on OpenBSD since version 5.9. If you're reading this tutorial, you're probably on OpenBSD, and you probably have knowledge of pledge(2).</p>
59749
59750 <p>How to begin? Read kcgi(3). It includes canonical information on which pledge(2) promises you'll need for each function in the library. This is just a tutorial—the manpage is canonical and overrides what you may read here.</p>
59751
59752 <p>Next, assess the promises that your application needs. From kcgi(3), it's easy to see which promises we'll need to start. You'll need to augment this list with whichever tools you're also using. The general push is to start with the broadest set of required promises, then restrict as quickly as possible. Sometimes this can be done in a single pledge(2), but other times it takes a few.</p>
59753 </blockquote>
59754
59755 <p><hr /></p>
59756
59757 <h2>Beastie Bits</h2>
59758
59759 <ul>
59760 <li><a href="http://mailman.uk.freebsd.org/pipermail/ukfreebsd/2018-April/014194.html">April's London *BSD meetup - notes</a></li>
59761 <li><a href="http://mailman.uk.freebsd.org/pipermail/ukfreebsd/2018-May/014198.html">May’s London *BSD Meetup: May 22nd </a></li>
59762 <li><a href="https://2018.eurobsdcon.org/call-for-papers/">Call for Papers for EuroBSDcon 2018</a></li>
59763 <li><a href="https://www.freebsdfoundation.org/journal/">FreeBSD Journal March/April Desktop/Laptop issue</a></li>
59764 <li><a href="https://lwn.net/Articles/752063/">LWN followup on the PostgreSQL fsync() issue</a></li>
59765 <li><a href="https://awards.acm.org/outstanding-contribution">The Association for Computing Machinery recognizes Steve Bourne for outstanding contributions</a></li>
59766 </ul>
59767
59768 <p><hr /></p>
59769
59770 <h2>Feedback/Questions</h2>
59771
59772 <ul>
59773 <li>Ray - <a href="http://dpaste.com/1F8RX6H#wrap">Speaking at Conferences</a></li>
59774 <li>Casey - <a href="http://dpaste.com/364FTMM#wrap">Questions</a></li>
59775 <li>Jeremy - <a href="http://dpaste.com/3GWHP9N#wrap">zfs in the enterprise</a>
59776 <ul><li><a href="https://wiki.freebsd.org/HAST">HAST + ZFS</a></li></ul></li>
59777 <li>Lars - <a href="http://dpaste.com/1HDZFA3">Civil Infrastructure Platform use of *BSD</a></li>
59778 </ul>
59779
59780 <p><hr /></p>
59781
59782 <ul>
59783 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
59784 </ul>]]>
59785 </content:encoded>
59786 <itunes:summary>
59787 <
59832
59833
59834 <hr />
59835
59836
59837
59838
59839
59840 <h3><a href="https://forums.freebsd.org/threads/10-dos-and-dont-for-freebsd.65618/">10 Beginner Do's and Don't for FreeBSD</a></h3>
59841
59842 <ul>
59843 <li>1) Don't mix ports and binary packages</li>
59844 <li>2) Don't edit 'default' files</li>
59845 <li>3) Don't mess with /etc/crontab</li>
59846 <li>4) Don't mess with /etc/passwd and /etc/groups either!</li>
59847 <li>5) Reconsider the removal of any options from your customized kernel configuration</li>
59848 <li>6) Don't change the root shell to something else</li>
59849 <li>7) Don't use the root user all the time</li>
59850 <li>8) /var/backups is a thing</li>
59851 <li>9) Check system integrity using /etc/mtree</li>
59852 <li>10) What works for me doesn't have to work for you!</li>
59853 </ul>
59854
59855 <p><hr /></p>
59856
59857 <h2>News Roundup</h2>
59858
59859 <h3><a href="https://undeadly.org/cgi?action=article;sid=20180419060427">OpenBSD Community Goes Gold for 2018!</a></h3>
59860
59861 <ul>
59862 <li>Ken Westerback (krw@ when wearing his developer hat) writes:</li>
59863 </ul>
59864
59865 <p>```
59866 Monthly paypal donations from the OpenBSD community have made the community the OpenBSD Foundation's first Gold level contributor for 2018!</p>
59867
59868 <p>2018 is the third consecutive year that the community has reached Gold status or better.</p>
59869
59870 <p>These monthly paypal commitments by the community are our most reliable source of funds and thus the most useful for financial planning purposes. We are extremely thankful for the continuing support and hope the community matches their 2017 achievement of Platinum status. Or even their 2016 achievement of Iridium status.</p>
59871
59872 <p>Sign up now for a monthly donation!</p>
59873
59874 <p>Note that Bitcoin contributions have been re-enabled now that our Bitcoin intermediary has re-certified our Canadian paperwork.</p>
59875
59876 <p>https://www.openbsdfoundation.org/donations.html
59877 ```</p>
59878
59879 <p><hr /></p>
59880
59881 <h3><a href="http://bsdly.blogspot.com/2018/04/ed1-mastery-is-must-for-real-unix-person.html">ed(1) mastery is a must read for real unix people</a></h3>
59882
59883 <blockquote>
59884 <p>In some circles on the Internet, your choice of text editor is a serious matter.</p>
59885
59886 <p>We've all seen the threads on mailing lits, USENET news groups and web forums about the relative merits of Emacs vs vi, including endless iterations of flame wars, and sometimes even involving lesser known or non-portable editing environments.</p>
59887
59888 <p>And then of course, from the Linux newbies we have seen an endless stream of tweeted graphical 'memes' about the editor vim (aka 'vi Improved') versus the various apparently friendlier-to-some options such as GNU nano. Apparently even the 'improved' version of the classical and ubiquitous vi(1) editor is a challenge even to exit for a significant subset of the younger generation.</p>
59889
59890 <p>Yes, your choice of text editor or editing environment is a serious matter. Mainly because text processing is so fundamental to our interactions with computers.</p>
59891
59892 <p>But for those of us who keep our systems on a real Unix (such as OpenBSD or FreeBSD), there is no real contest. The OpenBSD base system contains several text editors including vi(1) and the almost-emacs mg(1), but ed(1) remains the standard editor.</p>
59893
59894 <p>Now Michael Lucas has written a book to guide the as yet uninitiated to the fundamentals of the original Unix text editor. It is worth keeping in mind that much of Unix and its original standard text editor written back when the standard output and default user interface was more likely than not a printing terminal.</p>
59895
59896 <p>To some of us, reading and following the narrative of Ed Mastery is a trip down memory lane. To others, following along the text will illustrate the horror of the world of pre-graphic computer interfaces. For others again, the fact that ed(1) doesn't use your terminal settings much at all offers hope of fixing things when something or somebody screwed up your system so you don't have a working terminal for that visual editor.</p>
59897 </blockquote>
59898
59899 <p><hr /></p>
59900
59901 <p><strong>DigitalOcean</strong>
59902 <a href="http://do.co/bsdnow">Digital Ocean Promo Link for BSD Now Listeners</a></p>
59903
59904 <p><hr /></p>
59905
59906 <h3><a href="https://vermaden.wordpress.com/2018/04/16/distributed-object-storage-with-minio-on-freebsd/">Distributed Object Storage with Minio on FreeBSD</a></h3>
59907
59908 <blockquote>
59909 <p>Free and open source distributed object storage server compatible with Amazon S3 v2/v4 API. Offers data protection against hardware failures using erasure code and bitrot detection. Supports highly available distributed setup. Provides confidentiality, integrity and authenticity assurances for encrypted data with negligible performance overhead. Both server side and client side encryption are supported. Below is the image of example Minio setup.</p>
59910 </blockquote>
59911
59912 <ul>
59913 <li><a href="https://vermaden.files.wordpress.com/2018/04/minio-architecture-diagram-distributed.jpg?w=960">Architecture Diagram </a></li>
59914 </ul>
59915
59916 <p>The Minio identifies itself as the ZFS of Cloud Object Storage. This guide will show You how to setup highly available distributed Minio storage on the FreeBSD operating system with ZFS as backend for Minio data. For convenience we will use FreeBSD Jails operating system level virtualization.</p>
59917
59918 <ul>
59919 <li>Setup</li>
59920 </ul>
59921
59922 <blockquote>
59923 <p>The setup will assume that You have 3 datacenters and assumption that you have two datacenters in whose the most of the data must reside and that the third datacenter is used as a ‘quorum/witness’ role. Distributed Minio supports up to 16 nodes/drives total, so we may juggle with that number to balance data between desired datacenters. As we have 16 drives to allocate resources on 3 sites we will use 7 + 7 + 2 approach here. The datacenters where most of the data must reside have 7/16 ratio while the ‘quorum/witness’ datacenter have only 2/16 ratio. Thanks to built in Minio redundancy we may loose (turn off for example) any one of those machines and our object storage will still be available and ready to use for any purpose.</p>
59924 </blockquote>
59925
59926 <ul>
59927 <li>Jails</li>
59928 </ul>
59929
59930 <blockquote>
59931 <p>First we will create 3 jails for our proof of concept Minio setup, storage1 will have the ‘quorum/witness’ role while storage2 and storage3 will have the ‘data’ role. To distinguish commands I type on the host system and storageX Jail I use two different prompts, this way it should be obvious what command to execute and where.</p>
59932 </blockquote>
59933
59934 <ul>
59935 <li>WeI know the FreeNAS people have been working on integrating this</li>
59936 </ul>
59937
59938 <p><hr /></p>
59939
59940 <h3><a href="https://kristaps.bsd.lv/kcgi/tutorial6.html">Best practises for pledge(2) security</a></h3>
59941
59942 <blockquote>
59943 <p>Let's set the record straight for securing kcgi CGI and FastCGI applications with pledge(2). This is focussed on secure OpenBSD deployments.</p>
59944 </blockquote>
59945
59946 <ul>
59947 <li>Theory</li>
59948 </ul>
59949
59950 <blockquote>
59951 <p>Internally, kcgi makes considerable use of available security tools. But it's also designed to be invoked in a secure environment. We'll start with pledge(2), which has been around on OpenBSD since version 5.9. If you're reading this tutorial, you're probably on OpenBSD, and you probably have knowledge of pledge(2).</p>
59952
59953 <p>How to begin? Read kcgi(3). It includes canonical information on which pledge(2) promises you'll need for each function in the library. This is just a tutorial—the manpage is canonical and overrides what you may read here.</p>
59954
59955 <p>Next, assess the promises that your application needs. From kcgi(3), it's easy to see which promises we'll need to start. You'll need to augment this list with whichever tools you're also using. The general push is to start with the broadest set of required promises, then restrict as quickly as possible. Sometimes this can be done in a single pledge(2), but other times it takes a few.</p>
59956 </blockquote>
59957
59958 <p><hr /></p>
59959
59960 <h2>Beastie Bits</h2>
59961
59962 <ul>
59963 <li><a href="http://mailman.uk.freebsd.org/pipermail/ukfreebsd/2018-April/014194.html">April's London *BSD meetup - notes</a></li>
59964 <li><a href="http://mailman.uk.freebsd.org/pipermail/ukfreebsd/2018-May/014198.html">May’s London *BSD Meetup: May 22nd </a></li>
59965 <li><a href="https://2018.eurobsdcon.org/call-for-papers/">Call for Papers for EuroBSDcon 2018</a></li>
59966 <li><a href="https://www.freebsdfoundation.org/journal/">FreeBSD Journal March/April Desktop/Laptop issue</a></li>
59967 <li><a href="https://lwn.net/Articles/752063/">LWN followup on the PostgreSQL fsync() issue</a></li>
59968 <li><a href="https://awards.acm.org/outstanding-contribution">The Association for Computing Machinery recognizes Steve Bourne for outstanding contributions</a></li>
59969 </ul>
59970
59971 <p><hr /></p>
59972
59973 <h2>Feedback/Questions</h2>
59974
59975 <ul>
59976 <li>Ray - <a href="http://dpaste.com/1F8RX6H#wrap">Speaking at Conferences</a></li>
59977 <li>Casey - <a href="http://dpaste.com/364FTMM#wrap">Questions</a></li>
59978 <li>Jeremy - <a href="http://dpaste.com/3GWHP9N#wrap">zfs in the enterprise</a>
59979 <ul><li><a href="https://wiki.freebsd.org/HAST">HAST + ZFS</a></li></ul></li>
59980 <li>Lars - <a href="http://dpaste.com/1HDZFA3">Civil Infrastructure Platform use of *BSD</a></li>
59981 </ul>
59982
59983 <p><hr /></p>
59984
59985 <ul>
59986 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
59987 </ul>]]>
59988 </itunes:summary>
59989 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+gazKr6Uh</fireside:playerURL>
59990 <fireside:playerEmbedCode>
59991 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+gazKr6Uh" width="740" height="200" frameborder="0" scrolling="no">]]>
59992 </fireside:playerEmbedCode>
59993 </item>
59994 <item>
59995 <title>Episode 245: ZFS User Conf 2018 | BSD Now 245</title>
59996 <link>https://www.bsdnow.tv/245</link>
59997 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-1913</guid>
59998 <pubDate>Thu, 10 May 2018 05:00:00 -0700</pubDate>
59999 <author>Allan Jude</author>
60000 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/b6503021-a9eb-471a-8089-2dc3647bc58c.mp3" length="61107427" type="audio/mp3"/>
60001 <itunes:episodeType>full</itunes:episodeType>
60002 <itunes:author>Allan Jude</itunes:author>
60003 <itunes:subtitle>Allan’s recap of the ZFS User conference, first impressions of OmniOS by a BSD user, Nextcloud 13 setup on FreeBSD, OpenBSD on a fanless desktop computer, an intro to HardenedBSD, and DragonFlyBSD getting some SMP improvements.</itunes:subtitle>
60004 <itunes:duration>1:24:37</itunes:duration>
60005 <itunes:explicit>no</itunes:explicit>
60006 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
60007 <description>Allan’s recap of the ZFS User conference, first impressions of OmniOS by a BSD user, Nextcloud 13 setup on FreeBSD, OpenBSD on a fanless desktop computer, an intro to HardenedBSD, and DragonFlyBSD getting some SMP improvements.
60008 <hr />
60009 <h2>Headlines</h2>
60010
60011 <h3>ZFS User Conference Recap</h3>
60012
60013 <ul>
60014 <li>Attendees met for breakfast on the fourth floor, in a lunchroom type area just outside of the theatre. One entire wall was made of lego base plates, and there were buckets of different coloured lego embedded in the wall.</li>
60015 <li>The talks started with Matt Ahrens discussing how the 2nd most requested feature of ZFS, Device Removal, has now landed, then pivoting into the MOST requested feature, RAID-Z expansion, and his work on that so far, which included the first functional prototype, on FreeBSD.</li>
60016 <li>Then our friend Calvin Hendryx-Parker presented how he solves all of his backup headaches with ZFS. I provided him some helpful hints to optimize his setup and improve the throughput of his backups</li>
60017 <li>Then Steven Umbehocker of OSNEXUS talked about their products, and how they manage large numbers of ZFS nodes</li>
60018 <li>After a very nice lunch, Orlando Pichardo of Micron talked about the future of flash, and their new 7.5TB SATA SSDs. Discussion of these devices after the talk may lead to enhancements to ZFS to better support these new larger flash devices that use larger logical sector sizes.</li>
60019 <li>Alek Pinchuk of Datto talked about Pool Layout Considerations</li>
60020 <li>then Tony Hutter of LLNL talked about the release process for ZFS on Linux</li>
60021 <li>Then Tom Caputi of Datto presented: Helping Developers Help You, guidance for users submitting bug reports, with some good and bad examples</li>
60022 <li>Then we had a nice cocktail party and dinner, and stayed late into the night talked about ZFS</li>
60023 <li>The next day, Jervin Real of Percona, presented: ZFS and MySQL on Linux, the Sweet Spots. Mostly outlining some benchmark they had done, some of the results were curious and some additional digging may turn up enhancements that can be made to ZFS, or just better tuning advice for high traffic MySQL servers.</li>
60024 <li>Then I presented my ZSTD compression work, which had been referenced in 2 of the previous talks, as people are anxious to get their hands on this code.</li>
60025 <li>Lastly, Eric Sproul of Circonus, gave his talk: Thank You, ZFS. It thanked ZFS and its Community for making their companies product possible, and then provided an update to his presentation from last year, where they were having problems with extremely high levels of ZFS fragmentation. This also sparked a longer conversation after the talk was over.</li>
60026 <li>Then we had a BBQ lunch, and after some more talking, the conference broke up.</li>
60027 </ul>
60028
60029 <hr />
60030 <h3><a href="https://www.linuxquestions.org/questions/solaris-opensolaris-20/initial-omnios-impressions-by-a-bsd-user-4175626757/">Initial OmniOS impressions by a BSD user</a></h3>
60031
60032 <blockquote>
60033 <p>I had been using FreeBSD as my main web server OS since 2012 and I liked it so much that I even contributed money and code to it. However, since the FreeBSD guys (and gals) decided to install anti-tech feminism, I have been considering to move away from it for quite some time now.</p>
60034
60035 <p>As my growing needs require stronger hardware, it was finally time to rent a new server. I do not intend to run FreeBSD on it. Although the most obvious choice would be OpenBSD (I run it on another server and it works just fine), I plan to have a couple of databases running on the new machine, and database throughput has never been one of OpenBSD's strong points. This is my chance to give illumos another try. As neither WiFi nor desktop environments are relevant on a no-X11 server, the server-focused OmniOS seemed to fit my needs.</p>
60036
60037 <p>My current (to be phased out) setup on FreeBSD is:</p>
60038 </blockquote>
60039
60040 <ul>
60041 <li>apache24 with SSL support, running five websites on six domains (both HTTP and HTTPS)</li>
60042 <li>a (somewhat large) Tiny Tiny RSS installation from git, updated via cronjob</li>
60043 <li>sbcl running a daily cronjob of my Web-to-RSS parser</li>
60044 <li>an FTP server where I share stuff with friends</li>
60045 <li>an IRC bouncer</li>
60046 <li>MariaDB and PostgreSQL for some of the hosted services</li>
60047 </ul>
60048
60049 <blockquote>
60050 <p>I would not consider anything of that too esoteric for a modern operating system. Since I was not really using anything mod_rewrite-related, I was perfectly ready to replace apache24 by nginx, remembering that the prepackaged apache24 on FreeBSD did not support HTTPS out of the box and I had ended up installing it from the ports. That is the only change in my setup which I am actively planning.</p>
60051
60052 <p>So here's what I noticed.</p>
60053 </blockquote>
60054
60055 <ul>
60056 <li>First impressions:</li>
60057 </ul>
60058
60059 <blockquote>
60060 <p>Hooray, a BSD boot loader! Finally an operating system without grub - I made my experiences with that and I don't want to repeat them too often.</p>
60061
60062 <p>It is weird that the installer won't accept "mydomain.org" as a hostname but sendmail complains that "mydomain" is not a valid hostname right from the start, OmniOS sent me into Maintenance Mode to fix that. A good start, right? So the first completely new thing I had to find out on my new shiny toy was how to change the hostname. There is no /etc/rc.conf in it and hostname mydomain.org was only valid for one login session. I found out that the hostname has to be changed in three different files under /etc on Solaris - the third one did not even exist for me. Changing the other two files seems to have solved this problem for me.</p>
60063 </blockquote>
60064
60065 <ul>
60066 <li>Random findings:</li>
60067 </ul>
60068
60069 <blockquote>
60070 <p>~ I was wondering how many resources my (mostly idle) new web server was using - I always thought Solaris was rather fat, but it still felt fast to me.</p>
60071
60072 <p>Ah, right - we're in Unixland and we need to think outside of the box. This table was really helpful: although a number of things are different between OmniOS and SmartOS, I found out that the *stat tools do what top does. I could probably just install top from one of the package managers, but I failed to find a reason to do so. I had 99% idle CPU and RAM - that's all I wanted to know.</p>
60073
60074 <p>~ Trying to set up twtxt informed me that Python 3.6 (from pkgin) expects LANG and LC_ALL to be set. Weird - did FreeBSD do that for me? It's been a while ... at least that was easy to fix.</p>
60075
60076 <p>~ SMF - Solaris's version of init - confuses me. It has "levels" similar to Gentoo's OpenRC, but it mostly shuts up during the boot process. Stuff from pkgsrc, e.g. nginx, comes with a description how to set up the particular service, but I should probably read more about it. What if, one day, I install a package which is not made ready for OmniOS? I'll have to find out how to write SMF scripts. But that should not be my highest priority.</p>
60077
60078 <p>~ The OmniOS documentation talks a lot about "zones" which, if I understand that correctly, mostly equal FreeBSD's "jails". This could be my chance to try to respect a better separation between my various services - if my lazyness won't take over again. (It probably will.)</p>
60079
60080 <p>~ OmniOS's default shell - rather un-unixy - seems to be the bash. Update: I was informed about a mistake here: the default shell is ksh93, there are bogus .bashrc files lying around though.</p>
60081
60082 <p>~ Somewhere in between, my sshd had a hiccup or, at least, logging into it took longer than usual. If that happens again, I should investigate.</p>
60083 </blockquote>
60084
60085 <ul>
60086 <li>Conclusion:</li>
60087 </ul>
60088
60089 <blockquote>
60090 <p>By the time of me writing this, I have a basic web server with an awesome performance and a lot of applications ready to be configured only one click away. The more I play with it, the more I have the feeling that I have missed a lot while wasting my time with FreeBSD. For a system that is said to be "dying", OmniOS feels well-thought and, when equipped with a reasonable package management, comes with everything I need to reproduce my FreeBSD setup without losing functionality.</p>
60091
60092 <p>I'm looking forward to what will happen with it.</p>
60093 </blockquote>
60094
60095 <hr />
60096 <p><strong>DigitalOcean</strong>
60097 http://do.co/bsdnow</p>
60098
60099 <h3>[Open Source Hardware Camp 2018 — Sat 30/06 &amp; Sun 01/07, Lincoln, UK</h3>
60100
60101 <p>(includes 'Open-source RISC-V core quickstart' and 'An introductory workshop to NetBSD on embedded platforms')](http://oshug.org/pipermail/oshug/2018-April/000635.html)</p>
60102
60103 <p>```
60104 Hi All,</p>
60105
60106 <p>I'm pleased to announce that we have 10 talks and 7 workshops confirmed
60107 for Open Source Hardware Camp 2018, with the possibility of one or two
60108 more. Registration is now open!</p>
60109
60110 <p>For the first time ever we will be hosting OSHCamp in Lincoln and a huge
60111 thanks to Sarah Markall for helping to make this happen.</p>
60112
60113 <p>As in previous years, there will be a social event on the Saturday
60114 evening and we have a room booked at the Wig and Mitre. Food will be
60115 available.</p>
60116
60117 <p>There will likely be a few of us meeting up for pre-conference drinks on
60118 the Friday evening also.</p>
60119
60120 <p>Details of the programme can be found below and, as ever, we have an
60121 excellent mix of topics being covered.</p>
60122
60123 <p>Cheers,</p>
60124
60125 <p>Andrew
60126 ```</p>
60127
60128 <ul>
60129 <li>Open Source Hardware Camp 2018</li>
60130 </ul>
60131
60132 <blockquote>
60133 <p>On the 30th June 2018, 09:00 Saturday morning - 16:00 on the Sunday
60134 afternoon at The Blue Room, The Lawn, Union Rd, Lincoln, LN1 3BU.</p>
60135 </blockquote>
60136
60137 <ul>
60138 <li>Registration: http://oshug.org/event/oshcamp2018</li>
60139 <li>Open Source Hardware Camp 2018 will be hosted in the historic county
60140 town of Lincoln — home to, amongst others, noted engine builders Ruston
60141 &amp; Hornsby (now Siemens, via GEC and English Electric).</li>
60142 <li>Lincoln is well served by rail, reachable from Leeds and London within
60143 2-2.5 hours, and 4-5 hours from Edinburgh and Southampton.</li>
60144 <li>There will be a social at the Wig and Mitre on the Saturday evening.</li>
60145 <li>For travel and accommodation information information please see the
60146 event page on oshug.org.</li>
60147 </ul>
60148
60149 <hr />
60150 <h2>News Roundup</h2>
60151
60152 <h3><a href="https://vermaden.wordpress.com/2018/04/04/nextcloud-13-on-freebsd/">Nextcloud 13 on FreeBSD</a></h3>
60153
60154 <blockquote>
60155 <p>Today I would like to share a setup of Nextcloud 13 running on a FreeBSD system. To make things more interesting it would be running inside a FreeBSD Jail. I will not describe the Nextcloud setup itself here as its large enough for several blog posts.</p>
60156
60157 <p>Official Nextcloud 13 documentation recommends following setup:</p>
60158 </blockquote>
60159
60160 <ul>
60161 <li>MySQL/MariaDB</li>
60162 <li>PHP 7.0 (or newer)</li>
60163 <li>Apache 2.4 (with mod_php)</li>
60164 </ul>
60165
60166 <blockquote>
60167 <p>I prefer PostgreSQL database to MySQL/MariaDB and I prefer fast and lean Nginx web server to Apache, so my setup is based on these components:</p>
60168 </blockquote>
60169
60170 <ul>
60171 <li>PostgreSQL 10.3</li>
60172 <li>PHP 7.2.4</li>
60173 <li>Nginx 1.12.2 (with php-fpm)</li>
60174 <li>Memcached 1.5.7</li>
60175 </ul>
60176
60177 <blockquote>
60178 <p>The Memcached subsystem is least important, it can be easily changed into something more modern like Redis for example. I prefer not to use any third party tools for FreeBSD Jails management. Not because they are bad or something like that. There are just many choices for good FreeBSD Jails management and I want to provide a GENERIC example for Nextcloud 13 in a Jail, not for a specific management tool.</p>
60179 </blockquote>
60180
60181 <ul>
60182 <li>Host</li>
60183 </ul>
60184
60185 <blockquote>
60186 <p>Lets start with preparing the FreeBSD Host with needed settings. We need to allow using raw sockets in Jails. For the future optional upgrades of the Jail we will also allow using chflags(1) in Jails.</p>
60187 </blockquote>
60188
60189 <hr />
60190 <h3><a href="https://www.romanzolotarev.com/setup.html">OpenBSD on my fanless desktop computer</a></h3>
60191
60192 <blockquote>
60193 <p>You asked me about my setup. Here you go.</p>
60194
60195 <p>I’ve been using OpenBSD on servers for years as a web developer, but never had a chance to dive in to system administration before. If you appreciate the simplicity of OpenBSD and you have to give it a try on your desktop.</p>
60196
60197 <p>Bear in mind, this is a relatively cheap ergonomic setup, because all I need is xterm(1) with Vim and Firefox, I don’t care about CPU/GPU performance or mobility too much, but I want a large screen and a good keyboard.</p>
60198 </blockquote>
60199
60200 <p><code>
60201 Item Price, USD
60202 Zotac CI527 NANO-BE $371
60203 16GB RAM Crucial DDR4-2133 $127
60204 250GB SSD Samsung 850 EVO $104
60205 Asus VZ249HE 23.8" IPS Full HD $129
60206 ErgoDox EZ V3, Cherry MX Brown, blank DCS $325
60207 Kensington Orbit Trackball $33
60208 Total $1,107
60209 </code></p>
60210
60211 <ul>
60212 <li>OpenBSD</li>
60213 </ul>
60214
60215 <blockquote>
60216 <p>I tried few times to install OpenBSD on my MacBooks—I heard some models are compatible with it,—but in my case it was a bit of a fiasco (thanks to Nvidia and Broadcom). That’s why I bought a new computer, just to be able to run this wonderful operating system.</p>
60217
60218 <p>Now I run -stable on my desktop and servers. Servers are supposed to be reliable, that’s obvious, why not run -current on a desktop? Because -stable is shipped every six months and I that’s is often enough for me. I prefer slow fashion.</p>
60219 </blockquote>
60220
60221 <hr />
60222 <p><strong>iXsystems</strong>
60223 iX Ad Spot <a href="https://www.ixsystems.com/blog/nab-2018-recap-2/">NAB 2018 – Michael Dexter’s Recap</a></p>
60224
60225 <h3><a href="https://vermaden.wordpress.com/2018/04/06/introduction-to-hardenedbsd-world/">Introduction to HardenedBSD World</a></h3>
60226
60227 <blockquote>
60228 <p>HardenedBSD is a security enhanced fork of FreeBSD which happened in 2014. HardenedBSD is implementing many exploit mitigation and security technologies on top of FreeBSD which all started with implementation of Address Space Layout Randomization (ASLR). The fork has been created for ease of development.</p>
60229
60230 <p>To cite the https://hardenedbsd.org/content/about page – “HardenedBSD aims to implement innovative exploit mitigation and security solutions for the FreeBSD community. (…) HardenedBSD takes a holistic approach to security by hardening the system and implementing exploit mitigation technologies.”</p>
60231
60232 <p>Most FreeBSD enthusiasts know mfsBSD project by Martin Matuska – http://mfsbsd.vx.sk/ – FreeBSD system loaded completely into memory. The mfsBSD synonym for the HardenedBSD world is SoloBSD – http://www.solobsd.org/ – which is based on HardenedBSD sources.</p>
60233
60234 <p>One may ask how HardenedBSD project compared to more well know for its security OpenBSD system and it is very important question. The OpenBSD developers try to write ‘good’ code without dirty hacks for performance or other reasons. Clean and secure code is most important in OpenBSD world. The OpenBSD project even made security audit of all OpenBSD code available, line by line. This was easier to achieve in FreeBSD or HardenedBSD because OpenBSD code base its about ten times smaller. This has also other implications, possibilities. While FreeBSD (and HardenedBSD) offer many new features like mature SMP subsystem even with some NUMA support, ZFS filesystem, GEOM storage framework, Bhyve virtualization, Virtualbox option and many other new modern features the OpenBSD remains classic UNIX system with UFS filesystem and with very ‘theoretical’ SMP support. The vmm project tried to implement new hypervisor in OpenBSD world, but because of lack of support for graphics its for OpenBSD, Illumos and Linux currently, You will not virtualize Windows or Mac OS X there. This is also only virtualization option for OpenBSD as there are no Jails on OpenBSD. Current Bhyve implementation allows one even to boot latest Windows 2019 Technology Preview.</p>
60235
60236 <p>A HardenedBSD project is FreeBSD system code base with LOTS of security mechanisms and mitigations that are not available on FreeBSD system. For example entire lib32 tree has been disabled by default on HardenedBSD to make it more secure. Also LibreSSL is the default SSL library on HardenedBSD, same as OpenBSD while FreeBSD uses OpenSSL for compatibility reasons.</p>
60237
60238 <p>Comparison between LibreSSL and OpenSSL vulnerabilities.</p>
60239 </blockquote>
60240
60241 <ul>
60242 <li>https://en.wikipedia.org/wiki/LibreSSL#Security</li>
60243 <li>https://wiki.freebsd.org/LibreSSL#LibreSSL<em>.28and</em>OpenSSL.29<em>Security</em>Vulnerabilities</li>
60244 </ul>
60245
60246 <blockquote>
60247 <p>One may see HardenedBSD as FreeBSD being successfully pulled up to the OpenBSD level (at least that is the goal), but as FreeBSD has tons more code and features it will be harder and longer process to achieve the goal.</p>
60248
60249 <p>As I do not have that much competence on the security field I will just repost the comparison from the HardenedBSD project versus other BSD systems. The comparison is also available here – https://hardenedbsd.org/content/easy-feature-comparison – on the HardenedBSD website.</p>
60250 </blockquote>
60251
60252 <hr />
60253 <h3><a href="https://www.tomatkinson.uk/git.html">Running my own git server</a></h3>
60254
60255 <blockquote>
60256 <p>Note: This article is predominantly based on work by Hiltjo Posthuma who you should read because I would have spent far too much time failing to set things up if it wasn’t for their post. Not only have they written lots of very interesting posts, they write some really brilliant programs</p>
60257
60258 <p>Since I started university 3 years ago, I started using lots of services from lots of different companies. The “cloud” trend led me to believe that I wanted other people to look after my data for me. I was wrong. Since finding myself loving the ethos of OpenBSD, I found myself wanting to apply this ethos to the services I use as well. Not only is it important to me because of the security benefits, but also because I like the minimalist style OpenBSD portrays. This is the first in a mini-series documenting my move from bloated, hosted, sometimes proprietary services to minimal, well-written, free, self-hosted services.</p>
60259 </blockquote>
60260
60261 <ul>
60262 <li>Tools &amp; applications</li>
60263 </ul>
60264
60265 <blockquote>
60266 <p>These are the programs I am going to be using to get my git server up and running:</p>
60267 </blockquote>
60268
60269 <p><code>
60270 httpd(8)
60271 acme-client(1)
60272 git(1)
60273 cgit(1)
60274 slowcgi(8)
60275 </code></p>
60276
60277 <ul>
60278 <li>Setting up httpd</li>
60279 </ul>
60280
60281 <blockquote>
60282 <p>Ensure you have the necessary flags enabled in your /etc/rc.conf.local:</p>
60283 </blockquote>
60284
60285 <ul>
60286 <li>Configuring cgit</li>
60287 </ul>
60288
60289 <blockquote>
60290 <p>When using the OpenBSD httpd(8), it will serve it’s content in a chrooted environment,which defaults to the home directory of the user it runs as, which is www in this case. This means that the chroot is limited to the directory /var/www and it’s contents.</p>
60291
60292 <p>In order to configure cgit, there must be a cgitrc file available to cgit. This is found at the location stored in $CGIT_CONFIG, which defaults to /conf/cgitrc. Because of the chroot, this file is actually stored at /var/www/conf/cgitrc.</p>
60293 </blockquote>
60294
60295 <hr />
60296 <h2>Beastie Bits</h2>
60297
60298 <ul>
60299 <li><a href="https://blather.michaelwlucas.com/archives/3173">My Penguicon 2018 Schedule</a></li>
60300 <li><a href="https://rachelbythebay.com/w/2018/04/16/signal/">sigaction: see who killed you (and more)</a></li>
60301 <li><a href="http://mail-index.netbsd.org/netbsd-announce/2018/04/20/msg000284.html">Takeshi steps down from NetBSD core team after 13 years</a></li>
60302 <li><a href="https://www.phoronix.com/scan.php?page=news_item&amp;px=DragonFlyBSD-More-Perf-For-5.4">DragonFlyBSD Kernel Gets Some SMP Improvements – Phoronix</a></li>
60303 <li><a href="https://m.youtube.com/watch?v=bT_k06Xg-BE">Writing FreeBSD Malware</a></li>
60304 </ul>
60305
60306 <p><strong>Tarsnap ad</strong></p>
60307
60308 <h2>Feedback/Questions</h2>
60309
60310 <ul>
60311 <li>Troels - <a href="http://dpaste.com/35K0BD7#wrap">Question regarding ZFS xattr</a></li>
60312 <li>Mike - <a href="http://dpaste.com/33X1K80#wrap">Sharing your screen</a></li>
60313 <li>Wilyarti - <a href="http://dpaste.com/0D452Q0#wrap">Adlocking on FreeBSD</a></li>
60314 <li>Brad - <a href="http://dpaste.com/08XAHNY#wrap">Recommendations for snapshot strategy</a></li>
60315 </ul>
60316
60317 <hr />
60318 <ul>
60319 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
60320 </ul>
60321
60322 <hr />
60323 </description>
60324 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, tutorial, howto, guide, bsd, interview</itunes:keywords>
60325 <content:encoded>
60326 <</p>
60424
60425 <p>```
60426 Hi All,</p>
60427
60428 <p>I'm pleased to announce that we have 10 talks and 7 workshops confirmed
60429 for Open Source Hardware Camp 2018, with the possibility of one or two
60430 more. Registration is now open!</p>
60431
60432 <p>For the first time ever we will be hosting OSHCamp in Lincoln and a huge
60433 thanks to Sarah Markall for helping to make this happen.</p>
60434
60435 <p>As in previous years, there will be a social event on the Saturday
60436 evening and we have a room booked at the Wig and Mitre. Food will be
60437 available.</p>
60438
60439 <p>There will likely be a few of us meeting up for pre-conference drinks on
60440 the Friday evening also.</p>
60441
60442 <p>Details of the programme can be found below and, as ever, we have an
60443 excellent mix of topics being covered.</p>
60444
60445 <p>Cheers,</p>
60446
60447 <p>Andrew
60448 ```</p>
60449
60450 <ul>
60451 <li>Open Source Hardware Camp 2018</li>
60452 </ul>
60453
60454 <blockquote>
60455 <p>On the 30th June 2018, 09:00 Saturday morning - 16:00 on the Sunday
60456 afternoon at The Blue Room, The Lawn, Union Rd, Lincoln, LN1 3BU.</p>
60457 </blockquote>
60458
60459 <ul>
60460 <li>Registration: http://oshug.org/event/oshcamp2018</li>
60461 <li>Open Source Hardware Camp 2018 will be hosted in the historic county
60462 town of Lincoln — home to, amongst others, noted engine builders Ruston
60463 & Hornsby (now Siemens, via GEC and English Electric).</li>
60464 <li>Lincoln is well served by rail, reachable from Leeds and London within
60465 2-2.5 hours, and 4-5 hours from Edinburgh and Southampton.</li>
60466 <li>There will be a social at the Wig and Mitre on the Saturday evening.</li>
60467 <li>For travel and accommodation information information please see the
60468 event page on oshug.org.</li>
60469 </ul>
60470
60471 <p><hr /></p>
60472
60473 <h2>News Roundup</h2>
60474
60475 <h3><a href="https://vermaden.wordpress.com/2018/04/04/nextcloud-13-on-freebsd/">Nextcloud 13 on FreeBSD</a></h3>
60476
60477 <blockquote>
60478 <p>Today I would like to share a setup of Nextcloud 13 running on a FreeBSD system. To make things more interesting it would be running inside a FreeBSD Jail. I will not describe the Nextcloud setup itself here as its large enough for several blog posts.</p>
60479
60480 <p>Official Nextcloud 13 documentation recommends following setup:</p>
60481 </blockquote>
60482
60483 <ul>
60484 <li>MySQL/MariaDB</li>
60485 <li>PHP 7.0 (or newer)</li>
60486 <li>Apache 2.4 (with mod_php)</li>
60487 </ul>
60488
60489 <blockquote>
60490 <p>I prefer PostgreSQL database to MySQL/MariaDB and I prefer fast and lean Nginx web server to Apache, so my setup is based on these components:</p>
60491 </blockquote>
60492
60493 <ul>
60494 <li>PostgreSQL 10.3</li>
60495 <li>PHP 7.2.4</li>
60496 <li>Nginx 1.12.2 (with php-fpm)</li>
60497 <li>Memcached 1.5.7</li>
60498 </ul>
60499
60500 <blockquote>
60501 <p>The Memcached subsystem is least important, it can be easily changed into something more modern like Redis for example. I prefer not to use any third party tools for FreeBSD Jails management. Not because they are bad or something like that. There are just many choices for good FreeBSD Jails management and I want to provide a GENERIC example for Nextcloud 13 in a Jail, not for a specific management tool.</p>
60502 </blockquote>
60503
60504 <ul>
60505 <li>Host</li>
60506 </ul>
60507
60508 <blockquote>
60509 <p>Lets start with preparing the FreeBSD Host with needed settings. We need to allow using raw sockets in Jails. For the future optional upgrades of the Jail we will also allow using chflags(1) in Jails.</p>
60510 </blockquote>
60511
60512 <p><hr /></p>
60513
60514 <h3><a href="https://www.romanzolotarev.com/setup.html">OpenBSD on my fanless desktop computer</a></h3>
60515
60516 <blockquote>
60517 <p>You asked me about my setup. Here you go.</p>
60518
60519 <p>I’ve been using OpenBSD on servers for years as a web developer, but never had a chance to dive in to system administration before. If you appreciate the simplicity of OpenBSD and you have to give it a try on your desktop.</p>
60520
60521 <p>Bear in mind, this is a relatively cheap ergonomic setup, because all I need is xterm(1) with Vim and Firefox, I don’t care about CPU/GPU performance or mobility too much, but I want a large screen and a good keyboard.</p>
60522 </blockquote>
60523
60524 <p><code>
60525 Item Price, USD
60526 Zotac CI527 NANO-BE $371
60527 16GB RAM Crucial DDR4-2133 $127
60528 250GB SSD Samsung 850 EVO $104
60529 Asus VZ249HE 23.8" IPS Full HD $129
60530 ErgoDox EZ V3, Cherry MX Brown, blank DCS $325
60531 Kensington Orbit Trackball $33
60532 Total $1,107
60533 </code></p>
60534
60535 <ul>
60536 <li>OpenBSD</li>
60537 </ul>
60538
60539 <blockquote>
60540 <p>I tried few times to install OpenBSD on my MacBooks—I heard some models are compatible with it,—but in my case it was a bit of a fiasco (thanks to Nvidia and Broadcom). That’s why I bought a new computer, just to be able to run this wonderful operating system.</p>
60541
60542 <p>Now I run -stable on my desktop and servers. Servers are supposed to be reliable, that’s obvious, why not run -current on a desktop? Because -stable is shipped every six months and I that’s is often enough for me. I prefer slow fashion.</p>
60543 </blockquote>
60544
60545 <p><hr /></p>
60546
60547 <p><strong>iXsystems</strong>
60548 iX Ad Spot <a href="https://www.ixsystems.com/blog/nab-2018-recap-2/">NAB 2018 – Michael Dexter’s Recap</a></p>
60549
60550 <h3><a href="https://vermaden.wordpress.com/2018/04/06/introduction-to-hardenedbsd-world/">Introduction to HardenedBSD World</a></h3>
60551
60552 <blockquote>
60553 <p>HardenedBSD is a security enhanced fork of FreeBSD which happened in 2014. HardenedBSD is implementing many exploit mitigation and security technologies on top of FreeBSD which all started with implementation of Address Space Layout Randomization (ASLR). The fork has been created for ease of development.</p>
60554
60555 <p>To cite the https://hardenedbsd.org/content/about page – “HardenedBSD aims to implement innovative exploit mitigation and security solutions for the FreeBSD community. (…) HardenedBSD takes a holistic approach to security by hardening the system and implementing exploit mitigation technologies.”</p>
60556
60557 <p>Most FreeBSD enthusiasts know mfsBSD project by Martin Matuska – http://mfsbsd.vx.sk/ – FreeBSD system loaded completely into memory. The mfsBSD synonym for the HardenedBSD world is SoloBSD – http://www.solobsd.org/ – which is based on HardenedBSD sources.</p>
60558
60559 <p>One may ask how HardenedBSD project compared to more well know for its security OpenBSD system and it is very important question. The OpenBSD developers try to write ‘good’ code without dirty hacks for performance or other reasons. Clean and secure code is most important in OpenBSD world. The OpenBSD project even made security audit of all OpenBSD code available, line by line. This was easier to achieve in FreeBSD or HardenedBSD because OpenBSD code base its about ten times smaller. This has also other implications, possibilities. While FreeBSD (and HardenedBSD) offer many new features like mature SMP subsystem even with some NUMA support, ZFS filesystem, GEOM storage framework, Bhyve virtualization, Virtualbox option and many other new modern features the OpenBSD remains classic UNIX system with UFS filesystem and with very ‘theoretical’ SMP support. The vmm project tried to implement new hypervisor in OpenBSD world, but because of lack of support for graphics its for OpenBSD, Illumos and Linux currently, You will not virtualize Windows or Mac OS X there. This is also only virtualization option for OpenBSD as there are no Jails on OpenBSD. Current Bhyve implementation allows one even to boot latest Windows 2019 Technology Preview.</p>
60560
60561 <p>A HardenedBSD project is FreeBSD system code base with LOTS of security mechanisms and mitigations that are not available on FreeBSD system. For example entire lib32 tree has been disabled by default on HardenedBSD to make it more secure. Also LibreSSL is the default SSL library on HardenedBSD, same as OpenBSD while FreeBSD uses OpenSSL for compatibility reasons.</p>
60562
60563 <p>Comparison between LibreSSL and OpenSSL vulnerabilities.</p>
60564 </blockquote>
60565
60566 <ul>
60567 <li>https://en.wikipedia.org/wiki/LibreSSL#Security</li>
60568 <li>https://wiki.freebsd.org/LibreSSL#LibreSSL<em>.28and</em>OpenSSL.29<em>Security</em>Vulnerabilities</li>
60569 </ul>
60570
60571 <blockquote>
60572 <p>One may see HardenedBSD as FreeBSD being successfully pulled up to the OpenBSD level (at least that is the goal), but as FreeBSD has tons more code and features it will be harder and longer process to achieve the goal.</p>
60573
60574 <p>As I do not have that much competence on the security field I will just repost the comparison from the HardenedBSD project versus other BSD systems. The comparison is also available here – https://hardenedbsd.org/content/easy-feature-comparison – on the HardenedBSD website.</p>
60575 </blockquote>
60576
60577 <p><hr /></p>
60578
60579 <h3><a href="https://www.tomatkinson.uk/git.html">Running my own git server</a></h3>
60580
60581 <blockquote>
60582 <p>Note: This article is predominantly based on work by Hiltjo Posthuma who you should read because I would have spent far too much time failing to set things up if it wasn’t for their post. Not only have they written lots of very interesting posts, they write some really brilliant programs</p>
60583
60584 <p>Since I started university 3 years ago, I started using lots of services from lots of different companies. The “cloud” trend led me to believe that I wanted other people to look after my data for me. I was wrong. Since finding myself loving the ethos of OpenBSD, I found myself wanting to apply this ethos to the services I use as well. Not only is it important to me because of the security benefits, but also because I like the minimalist style OpenBSD portrays. This is the first in a mini-series documenting my move from bloated, hosted, sometimes proprietary services to minimal, well-written, free, self-hosted services.</p>
60585 </blockquote>
60586
60587 <ul>
60588 <li>Tools & applications</li>
60589 </ul>
60590
60591 <blockquote>
60592 <p>These are the programs I am going to be using to get my git server up and running:</p>
60593 </blockquote>
60594
60595 <p><code>
60596 httpd(8)
60597 acme-client(1)
60598 git(1)
60599 cgit(1)
60600 slowcgi(8)
60601 </code></p>
60602
60603 <ul>
60604 <li>Setting up httpd</li>
60605 </ul>
60606
60607 <blockquote>
60608 <p>Ensure you have the necessary flags enabled in your /etc/rc.conf.local:</p>
60609 </blockquote>
60610
60611 <ul>
60612 <li>Configuring cgit</li>
60613 </ul>
60614
60615 <blockquote>
60616 <p>When using the OpenBSD httpd(8), it will serve it’s content in a chrooted environment,which defaults to the home directory of the user it runs as, which is www in this case. This means that the chroot is limited to the directory /var/www and it’s contents.</p>
60617
60618 <p>In order to configure cgit, there must be a cgitrc file available to cgit. This is found at the location stored in $CGIT_CONFIG, which defaults to /conf/cgitrc. Because of the chroot, this file is actually stored at /var/www/conf/cgitrc.</p>
60619 </blockquote>
60620
60621 <p><hr /></p>
60622
60623 <h2>Beastie Bits</h2>
60624
60625 <ul>
60626 <li><a href="https://blather.michaelwlucas.com/archives/3173">My Penguicon 2018 Schedule</a></li>
60627 <li><a href="https://rachelbythebay.com/w/2018/04/16/signal/">sigaction: see who killed you (and more)</a></li>
60628 <li><a href="http://mail-index.netbsd.org/netbsd-announce/2018/04/20/msg000284.html">Takeshi steps down from NetBSD core team after 13 years</a></li>
60629 <li><a href="https://www.phoronix.com/scan.php?page=news_item&px=DragonFlyBSD-More-Perf-For-5.4">DragonFlyBSD Kernel Gets Some SMP Improvements – Phoronix</a></li>
60630 <li><a href="https://m.youtube.com/watch?v=bT_k06Xg-BE">Writing FreeBSD Malware</a></li>
60631 </ul>
60632
60633 <p><strong>Tarsnap ad</strong></p>
60634
60635 <h2>Feedback/Questions</h2>
60636
60637 <ul>
60638 <li>Troels - <a href="http://dpaste.com/35K0BD7#wrap">Question regarding ZFS xattr</a></li>
60639 <li>Mike - <a href="http://dpaste.com/33X1K80#wrap">Sharing your screen</a></li>
60640 <li>Wilyarti - <a href="http://dpaste.com/0D452Q0#wrap">Adlocking on FreeBSD</a></li>
60641 <li>Brad - <a href="http://dpaste.com/08XAHNY#wrap">Recommendations for snapshot strategy</a></li>
60642 </ul>
60643
60644 <p><hr /></p>
60645
60646 <ul>
60647 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
60648 </ul>
60649
60650 <p><hr /></p>]]>
60651 </content:encoded>
60652 <itunes:summary>
60653 <</p>
60751
60752 <p>```
60753 Hi All,</p>
60754
60755 <p>I'm pleased to announce that we have 10 talks and 7 workshops confirmed
60756 for Open Source Hardware Camp 2018, with the possibility of one or two
60757 more. Registration is now open!</p>
60758
60759 <p>For the first time ever we will be hosting OSHCamp in Lincoln and a huge
60760 thanks to Sarah Markall for helping to make this happen.</p>
60761
60762 <p>As in previous years, there will be a social event on the Saturday
60763 evening and we have a room booked at the Wig and Mitre. Food will be
60764 available.</p>
60765
60766 <p>There will likely be a few of us meeting up for pre-conference drinks on
60767 the Friday evening also.</p>
60768
60769 <p>Details of the programme can be found below and, as ever, we have an
60770 excellent mix of topics being covered.</p>
60771
60772 <p>Cheers,</p>
60773
60774 <p>Andrew
60775 ```</p>
60776
60777 <ul>
60778 <li>Open Source Hardware Camp 2018</li>
60779 </ul>
60780
60781 <blockquote>
60782 <p>On the 30th June 2018, 09:00 Saturday morning - 16:00 on the Sunday
60783 afternoon at The Blue Room, The Lawn, Union Rd, Lincoln, LN1 3BU.</p>
60784 </blockquote>
60785
60786 <ul>
60787 <li>Registration: http://oshug.org/event/oshcamp2018</li>
60788 <li>Open Source Hardware Camp 2018 will be hosted in the historic county
60789 town of Lincoln — home to, amongst others, noted engine builders Ruston
60790 & Hornsby (now Siemens, via GEC and English Electric).</li>
60791 <li>Lincoln is well served by rail, reachable from Leeds and London within
60792 2-2.5 hours, and 4-5 hours from Edinburgh and Southampton.</li>
60793 <li>There will be a social at the Wig and Mitre on the Saturday evening.</li>
60794 <li>For travel and accommodation information information please see the
60795 event page on oshug.org.</li>
60796 </ul>
60797
60798 <p><hr /></p>
60799
60800 <h2>News Roundup</h2>
60801
60802 <h3><a href="https://vermaden.wordpress.com/2018/04/04/nextcloud-13-on-freebsd/">Nextcloud 13 on FreeBSD</a></h3>
60803
60804 <blockquote>
60805 <p>Today I would like to share a setup of Nextcloud 13 running on a FreeBSD system. To make things more interesting it would be running inside a FreeBSD Jail. I will not describe the Nextcloud setup itself here as its large enough for several blog posts.</p>
60806
60807 <p>Official Nextcloud 13 documentation recommends following setup:</p>
60808 </blockquote>
60809
60810 <ul>
60811 <li>MySQL/MariaDB</li>
60812 <li>PHP 7.0 (or newer)</li>
60813 <li>Apache 2.4 (with mod_php)</li>
60814 </ul>
60815
60816 <blockquote>
60817 <p>I prefer PostgreSQL database to MySQL/MariaDB and I prefer fast and lean Nginx web server to Apache, so my setup is based on these components:</p>
60818 </blockquote>
60819
60820 <ul>
60821 <li>PostgreSQL 10.3</li>
60822 <li>PHP 7.2.4</li>
60823 <li>Nginx 1.12.2 (with php-fpm)</li>
60824 <li>Memcached 1.5.7</li>
60825 </ul>
60826
60827 <blockquote>
60828 <p>The Memcached subsystem is least important, it can be easily changed into something more modern like Redis for example. I prefer not to use any third party tools for FreeBSD Jails management. Not because they are bad or something like that. There are just many choices for good FreeBSD Jails management and I want to provide a GENERIC example for Nextcloud 13 in a Jail, not for a specific management tool.</p>
60829 </blockquote>
60830
60831 <ul>
60832 <li>Host</li>
60833 </ul>
60834
60835 <blockquote>
60836 <p>Lets start with preparing the FreeBSD Host with needed settings. We need to allow using raw sockets in Jails. For the future optional upgrades of the Jail we will also allow using chflags(1) in Jails.</p>
60837 </blockquote>
60838
60839 <p><hr /></p>
60840
60841 <h3><a href="https://www.romanzolotarev.com/setup.html">OpenBSD on my fanless desktop computer</a></h3>
60842
60843 <blockquote>
60844 <p>You asked me about my setup. Here you go.</p>
60845
60846 <p>I’ve been using OpenBSD on servers for years as a web developer, but never had a chance to dive in to system administration before. If you appreciate the simplicity of OpenBSD and you have to give it a try on your desktop.</p>
60847
60848 <p>Bear in mind, this is a relatively cheap ergonomic setup, because all I need is xterm(1) with Vim and Firefox, I don’t care about CPU/GPU performance or mobility too much, but I want a large screen and a good keyboard.</p>
60849 </blockquote>
60850
60851 <p><code>
60852 Item Price, USD
60853 Zotac CI527 NANO-BE $371
60854 16GB RAM Crucial DDR4-2133 $127
60855 250GB SSD Samsung 850 EVO $104
60856 Asus VZ249HE 23.8" IPS Full HD $129
60857 ErgoDox EZ V3, Cherry MX Brown, blank DCS $325
60858 Kensington Orbit Trackball $33
60859 Total $1,107
60860 </code></p>
60861
60862 <ul>
60863 <li>OpenBSD</li>
60864 </ul>
60865
60866 <blockquote>
60867 <p>I tried few times to install OpenBSD on my MacBooks—I heard some models are compatible with it,—but in my case it was a bit of a fiasco (thanks to Nvidia and Broadcom). That’s why I bought a new computer, just to be able to run this wonderful operating system.</p>
60868
60869 <p>Now I run -stable on my desktop and servers. Servers are supposed to be reliable, that’s obvious, why not run -current on a desktop? Because -stable is shipped every six months and I that’s is often enough for me. I prefer slow fashion.</p>
60870 </blockquote>
60871
60872 <p><hr /></p>
60873
60874 <p><strong>iXsystems</strong>
60875 iX Ad Spot <a href="https://www.ixsystems.com/blog/nab-2018-recap-2/">NAB 2018 – Michael Dexter’s Recap</a></p>
60876
60877 <h3><a href="https://vermaden.wordpress.com/2018/04/06/introduction-to-hardenedbsd-world/">Introduction to HardenedBSD World</a></h3>
60878
60879 <blockquote>
60880 <p>HardenedBSD is a security enhanced fork of FreeBSD which happened in 2014. HardenedBSD is implementing many exploit mitigation and security technologies on top of FreeBSD which all started with implementation of Address Space Layout Randomization (ASLR). The fork has been created for ease of development.</p>
60881
60882 <p>To cite the https://hardenedbsd.org/content/about page – “HardenedBSD aims to implement innovative exploit mitigation and security solutions for the FreeBSD community. (…) HardenedBSD takes a holistic approach to security by hardening the system and implementing exploit mitigation technologies.”</p>
60883
60884 <p>Most FreeBSD enthusiasts know mfsBSD project by Martin Matuska – http://mfsbsd.vx.sk/ – FreeBSD system loaded completely into memory. The mfsBSD synonym for the HardenedBSD world is SoloBSD – http://www.solobsd.org/ – which is based on HardenedBSD sources.</p>
60885
60886 <p>One may ask how HardenedBSD project compared to more well know for its security OpenBSD system and it is very important question. The OpenBSD developers try to write ‘good’ code without dirty hacks for performance or other reasons. Clean and secure code is most important in OpenBSD world. The OpenBSD project even made security audit of all OpenBSD code available, line by line. This was easier to achieve in FreeBSD or HardenedBSD because OpenBSD code base its about ten times smaller. This has also other implications, possibilities. While FreeBSD (and HardenedBSD) offer many new features like mature SMP subsystem even with some NUMA support, ZFS filesystem, GEOM storage framework, Bhyve virtualization, Virtualbox option and many other new modern features the OpenBSD remains classic UNIX system with UFS filesystem and with very ‘theoretical’ SMP support. The vmm project tried to implement new hypervisor in OpenBSD world, but because of lack of support for graphics its for OpenBSD, Illumos and Linux currently, You will not virtualize Windows or Mac OS X there. This is also only virtualization option for OpenBSD as there are no Jails on OpenBSD. Current Bhyve implementation allows one even to boot latest Windows 2019 Technology Preview.</p>
60887
60888 <p>A HardenedBSD project is FreeBSD system code base with LOTS of security mechanisms and mitigations that are not available on FreeBSD system. For example entire lib32 tree has been disabled by default on HardenedBSD to make it more secure. Also LibreSSL is the default SSL library on HardenedBSD, same as OpenBSD while FreeBSD uses OpenSSL for compatibility reasons.</p>
60889
60890 <p>Comparison between LibreSSL and OpenSSL vulnerabilities.</p>
60891 </blockquote>
60892
60893 <ul>
60894 <li>https://en.wikipedia.org/wiki/LibreSSL#Security</li>
60895 <li>https://wiki.freebsd.org/LibreSSL#LibreSSL<em>.28and</em>OpenSSL.29<em>Security</em>Vulnerabilities</li>
60896 </ul>
60897
60898 <blockquote>
60899 <p>One may see HardenedBSD as FreeBSD being successfully pulled up to the OpenBSD level (at least that is the goal), but as FreeBSD has tons more code and features it will be harder and longer process to achieve the goal.</p>
60900
60901 <p>As I do not have that much competence on the security field I will just repost the comparison from the HardenedBSD project versus other BSD systems. The comparison is also available here – https://hardenedbsd.org/content/easy-feature-comparison – on the HardenedBSD website.</p>
60902 </blockquote>
60903
60904 <p><hr /></p>
60905
60906 <h3><a href="https://www.tomatkinson.uk/git.html">Running my own git server</a></h3>
60907
60908 <blockquote>
60909 <p>Note: This article is predominantly based on work by Hiltjo Posthuma who you should read because I would have spent far too much time failing to set things up if it wasn’t for their post. Not only have they written lots of very interesting posts, they write some really brilliant programs</p>
60910
60911 <p>Since I started university 3 years ago, I started using lots of services from lots of different companies. The “cloud” trend led me to believe that I wanted other people to look after my data for me. I was wrong. Since finding myself loving the ethos of OpenBSD, I found myself wanting to apply this ethos to the services I use as well. Not only is it important to me because of the security benefits, but also because I like the minimalist style OpenBSD portrays. This is the first in a mini-series documenting my move from bloated, hosted, sometimes proprietary services to minimal, well-written, free, self-hosted services.</p>
60912 </blockquote>
60913
60914 <ul>
60915 <li>Tools & applications</li>
60916 </ul>
60917
60918 <blockquote>
60919 <p>These are the programs I am going to be using to get my git server up and running:</p>
60920 </blockquote>
60921
60922 <p><code>
60923 httpd(8)
60924 acme-client(1)
60925 git(1)
60926 cgit(1)
60927 slowcgi(8)
60928 </code></p>
60929
60930 <ul>
60931 <li>Setting up httpd</li>
60932 </ul>
60933
60934 <blockquote>
60935 <p>Ensure you have the necessary flags enabled in your /etc/rc.conf.local:</p>
60936 </blockquote>
60937
60938 <ul>
60939 <li>Configuring cgit</li>
60940 </ul>
60941
60942 <blockquote>
60943 <p>When using the OpenBSD httpd(8), it will serve it’s content in a chrooted environment,which defaults to the home directory of the user it runs as, which is www in this case. This means that the chroot is limited to the directory /var/www and it’s contents.</p>
60944
60945 <p>In order to configure cgit, there must be a cgitrc file available to cgit. This is found at the location stored in $CGIT_CONFIG, which defaults to /conf/cgitrc. Because of the chroot, this file is actually stored at /var/www/conf/cgitrc.</p>
60946 </blockquote>
60947
60948 <p><hr /></p>
60949
60950 <h2>Beastie Bits</h2>
60951
60952 <ul>
60953 <li><a href="https://blather.michaelwlucas.com/archives/3173">My Penguicon 2018 Schedule</a></li>
60954 <li><a href="https://rachelbythebay.com/w/2018/04/16/signal/">sigaction: see who killed you (and more)</a></li>
60955 <li><a href="http://mail-index.netbsd.org/netbsd-announce/2018/04/20/msg000284.html">Takeshi steps down from NetBSD core team after 13 years</a></li>
60956 <li><a href="https://www.phoronix.com/scan.php?page=news_item&px=DragonFlyBSD-More-Perf-For-5.4">DragonFlyBSD Kernel Gets Some SMP Improvements – Phoronix</a></li>
60957 <li><a href="https://m.youtube.com/watch?v=bT_k06Xg-BE">Writing FreeBSD Malware</a></li>
60958 </ul>
60959
60960 <p><strong>Tarsnap ad</strong></p>
60961
60962 <h2>Feedback/Questions</h2>
60963
60964 <ul>
60965 <li>Troels - <a href="http://dpaste.com/35K0BD7#wrap">Question regarding ZFS xattr</a></li>
60966 <li>Mike - <a href="http://dpaste.com/33X1K80#wrap">Sharing your screen</a></li>
60967 <li>Wilyarti - <a href="http://dpaste.com/0D452Q0#wrap">Adlocking on FreeBSD</a></li>
60968 <li>Brad - <a href="http://dpaste.com/08XAHNY#wrap">Recommendations for snapshot strategy</a></li>
60969 </ul>
60970
60971 <p><hr /></p>
60972
60973 <ul>
60974 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
60975 </ul>
60976
60977 <p><hr /></p>]]>
60978 </itunes:summary>
60979 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+WTK4Au1G</fireside:playerURL>
60980 <fireside:playerEmbedCode>
60981 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+WTK4Au1G" width="740" height="200" frameborder="0" scrolling="no">]]>
60982 </fireside:playerEmbedCode>
60983 </item>
60984 <item>
60985 <title>Episode 244: C is a Lie | BSD Now 244</title>
60986 <link>https://www.bsdnow.tv/244</link>
60987 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-1868</guid>
60988 <pubDate>Thu, 03 May 2018 00:00:00 -0700</pubDate>
60989 <author>Allan Jude</author>
60990 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/a46e2baa-82ee-4acb-9678-978f26dbd32c.mp3" length="61656187" type="audio/mp3"/>
60991 <itunes:episodeType>full</itunes:episodeType>
60992 <itunes:author>Allan Jude</itunes:author>
60993 <itunes:subtitle>Arcan and OpenBSD, running OpenBSD 6.3 on RPI 3, why C is not a low-level language, HardenedBSD switching back to OpenSSL, how the Internet was almost broken, EuroBSDcon CfP is out, and the BSDCan 2018 schedule is available.</itunes:subtitle>
60994 <itunes:duration>1:25:32</itunes:duration>
60995 <itunes:explicit>no</itunes:explicit>
60996 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
60997 <description>Arcan and OpenBSD, running OpenBSD 6.3 on RPI 3, why C is not a low-level language, HardenedBSD switching back to OpenSSL, how the Internet was almost broken, EuroBSDcon CfP is out, and the BSDCan 2018 schedule is available.
60998 <h2>Headlines</h2>
60999 <h3><a href="https://arcan-fe.com/2018/04/25/towards-secure-system-graphics-arcan-and-openbsd/">Towards Secure System Graphics: Arcan and OpenBSD</a></h3>
61000
61001 <blockquote>
61002 <p>Let me preface this by saying that this is a (very) long and medium-rare technical article about the security considerations and minutiae of porting (most of) the Arcan ecosystem to work under OpenBSD. The main point of this article is not so much flirting with the OpenBSD crowd or adding further noise to software engineering topics, but to go through the special considerations that had to be taken, as notes to anyone else that decides to go down this overgrown and lonesome trail, or are curious about some less than obvious differences between how these things “work” on Linux vs. other parts of the world.</p>
61003
61004 <p>A disclaimer is also that most of this have been discovered by experimentation and combining bits and pieces scattered in everything from Xorg code to man pages, there may be smarter ways to solve some of the problems mentioned – this is just the best I could find within the time allotted. I’d be happy to be corrected, in patch/pull request form that is &#x1f609;</p>
61005
61006 <p>Each section will start with a short rant-like explanation of how it works in Linux, and what the translation to OpenBSD involved or, in the cases that are still partly or fully missing, will require. The topics that will be covered this time are:</p>
61007 </blockquote>
61008
61009 <ul>
61010 <li>Graphics Device Access</li>
61011 <li>Hotplug</li>
61012 <li>Input</li>
61013 <li>Backlight</li>
61014 <li>Xorg</li>
61015 <li>Pledging</li>
61016 <li>Missing</li>
61017 </ul>
61018
61019 <hr />
61020 <h3><a href="https://bijanebrahimi.github.io/blog/installing-openbsd-63-on-raspberry-pi-3.html">Installing OpenBSD 6.3 (snapshots) on Raspberry pi 3</a></h3>
61021
61022 <ul>
61023 <li>The Easy way</li>
61024 </ul>
61025
61026 <blockquote>
61027 <p>Installing the OpenBSD on raspberry pi 3 is very easy and well documented which almost convinced me of not writing about it, but still I felt like it may help somebody new to the project (But again I really recommend reading the document if you are interested and have the time).</p>
61028
61029 <p>Note: I'm always running snapshots and recommend anybody to do it as well. But the snapshots links will change to the next version every 6 month, so I changed the links to the 6.3 version to keep the blog post valid over times. If you're familiar to the OpenBSD flavors, feel free to use the snapshots links instead.</p>
61030 </blockquote>
61031
61032 <ul>
61033 <li>Requirements</li>
61034 </ul>
61035
61036 <blockquote>
61037 <p>Due to the lack of driver, the OpenBSD can not boot directly from the SD Card yet, So we'll need an USB Stick for the installtion target aside the SD Card for the U-Boot and installer. Also, a Serial Console connection is required. I Used a PL2303 USB to Serial (TTL) adapter connected to my Laptop via USB port and connected to the Raspberry via TX, RX and GND pins.</p>
61038 </blockquote>
61039
61040 <hr />
61041 <p><strong>iXsystems</strong>
61042 https://www.ixsystems.com/blog/truenas-m-series-veeam-pr-2018/</p>
61043
61044 <h3><a href="http://tomforsyth1000.github.io/blog.wiki.html#%5B%5BWhydidn%27tLarrabeefail?%5D%5D">Why Didn’t Larrabee Fail?</a></h3>
61045
61046 <blockquote>
61047 <p>Every month or so, someone will ask me what happened to Larrabee and why it failed so badly. And I then try to explain to them that not only didn't it fail, it was a pretty huge success. And they are understandably very puzzled by this, because in the public consciousness Larrabee was like the Itanic and the SPU rolled into one, wasn't it? Well, not quite. So rather than explain it in person a whole bunch more times, I thought I should write it down.</p>
61048
61049 <p>This is not a history, and I'm going to skip a TON of details for brevity. One day I'll write the whole story down, because it's a pretty decent escapade with lots of fun characters. But not today. Today you just get the very start and the very end.</p>
61050
61051 <p>When I say "Larrabee" I mean all of Knights, all of MIC, all of Xeon Phi, all of the "Isle" cards - they're all exactly the same chip and the same people and the same software effort. Marketing seemed to dream up a new codeword every week, but there was only ever three chips:</p>
61052 </blockquote>
61053
61054 <ul>
61055 <li>Knights Ferry / Aubrey Isle / LRB1 - mostly a prototype, had some performance gotchas, but did work, and shipped to partners.</li>
61056 <li>Knights Corner / Xeon Phi / LRB2 - the thing we actually shipped in bulk.</li>
61057 <li>Knights Landing - the new version that is shipping any day now (mid 2016).</li>
61058 </ul>
61059
61060 <blockquote>
61061 <p>That's it. There were some other codenames I've forgotten over the years, but they're all of one of the above chips. Behind all the marketing smoke and mirrors there were only three chips ever made (so far), and only four planned in total (we had a thing called LRB3 planned between KNC and KNL for a while). All of them are "Larrabee", whether they do graphics or not.</p>
61062
61063 <p>When Larrabee was originally conceived back in about 2005, it was called "SMAC", and its original goals were, from most to least important:</p>
61064 </blockquote>
61065
61066 <ul>
61067 <li><ol><li>Make the most powerful flops-per-watt machine for real-world workloads using a huge array of simple cores, on systems and boards that could be built into bazillo-core supercomputers.</li></ol></li>
61068 <li><ol><li>Make it from x86 cores. That means memory coherency, store ordering, memory protection, real OSes, no ugly scratchpads, it runs legacy code, and so on. No funky DSPs or windowed register files or wacky programming models allowed. Do not build another Itanium or SPU!</li></ol></li>
61069 <li><ol><li>Make it soon. That means keeping it simple.</li></ol></li>
61070 <li><ol><li>Support the emerging GPGPU market with that same chip. Intel were absolutely not going to build a 150W PCIe card version of their embedded graphics chip (known as "Gen"), so we had to cover those programming models. As a bonus, run normal graphics well.</li></ol></li>
61071 <li><ol><li>Add as little graphics-specific hardware as you can get away with.</li></ol></li>
61072 </ul>
61073
61074 <blockquote>
61075 <p>That ordering is important - in terms of engineering and focus, Larrabee was never primarily a graphics card. If Intel had wanted a kick-ass graphics card, they already had a very good graphics team begging to be allowed to build a nice big fat hot discrete GPU - and the Gen architecture is such that they'd build a great one, too. But Intel management didn't want one, and still doesn't. But if we were going to build Larrabee anyway, they wanted us to cover that market as well.</p>
61076
61077 <p>... the design of Larrabee was of a CPU with a very wide SIMD unit, designed above all to be a real grown-up CPU - coherent caches, well-ordered memory rules, good memory protection, true multitasking, real threads, runs Linux/FreeBSD, etc. Larrabee, in the form of KNC, went on to become the fastest supercomputer in the world for a couple of years, and it's still making a ton of money for Intel in the HPC market that it was designed for, fighting very nicely against the GPUs and other custom architectures. Its successor, KNL, is just being released right now (mid 2016) and should do very nicely in that space too. Remember - KNC is literally the same chip as LRB2. It has texture samplers and a video out port sitting on the die. They don't test them or turn them on or expose them to software, but they're still there - it's still a graphics-capable part.</p>
61078
61079 <p>But it's still actually running FreeBSD on that card, and under FreeBSD it's just running an x86 program called DirectXGfx (248 threads of it).</p>
61080 </blockquote>
61081
61082 <hr />
61083 <h2>News Roundup</h2>
61084
61085 <h3><a href="https://queue.acm.org/detail.cfm?id=3212479">C Is Not a Low-level Language : Your computer is not a fast PDP-11.</a></h3>
61086
61087 <blockquote>
61088 <p>In the wake of the recent Meltdown and Spectre vulnerabilities, it's worth spending some time looking at root causes. Both of these vulnerabilities involved processors speculatively executing instructions past some kind of access check and allowing the attacker to observe the results via a side channel. The features that led to these vulnerabilities, along with several others, were added to let C programmers continue to believe they were programming in a low-level language, when this hasn't been the case for decades.</p>
61089
61090 <p>Processor vendors are not alone in this. Those of us working on C/C++ compilers have also participated.</p>
61091 </blockquote>
61092
61093 <ul>
61094 <li>What Is a Low-Level Language?</li>
61095 </ul>
61096
61097 <blockquote>
61098 <p>Computer science pioneer Alan Perlis defined low-level languages this way: "A programming language is low level when its programs require attention to the irrelevant."</p>
61099
61100 <p>While, yes, this definition applies to C, it does not capture what people desire in a low-level language. Various attributes cause people to regard a language as low-level. Think of programming languages as belonging on a continuum, with assembly at one end and the interface to the Starship Enterprise's computer at the other. Low-level languages are "close to the metal," whereas high-level languages are closer to how humans think.</p>
61101
61102 <p>For a language to be "close to the metal," it must provide an abstract machine that maps easily to the abstractions exposed by the target platform. It's easy to argue that C was a low-level language for the PDP-11. They both described a model in which programs executed sequentially, in which memory was a flat space, and even the pre- and post-increment operators cleanly lined up with the PDP-11 addressing modes.</p>
61103 </blockquote>
61104
61105 <p>Fast PDP-11 Emulators</p>
61106
61107 <blockquote>
61108 <p>The root cause of the Spectre and Meltdown vulnerabilities was that processor architects were trying to build not just fast processors, but fast processors that expose the same abstract machine as a PDP-11. This is essential because it allows C programmers to continue in the belief that their language is close to the underlying hardware.</p>
61109
61110 <p>C code provides a mostly serial abstract machine (until C11, an entirely serial machine if nonstandard vendor extensions were excluded). Creating a new thread is a library operation known to be expensive, so processors wishing to keep their execution units busy running C code rely on ILP (instruction-level parallelism). They inspect adjacent operations and issue independent ones in parallel. This adds a significant amount of complexity (and power consumption) to allow programmers to write mostly sequential code. In contrast, GPUs achieve very high performance without any of this logic, at the expense of requiring explicitly parallel programs.</p>
61111
61112 <p>The quest for high ILP was the direct cause of Spectre and Meltdown. A modern Intel processor has up to 180 instructions in flight at a time (in stark contrast to a sequential C abstract machine, which expects each operation to complete before the next one begins). A typical heuristic for C code is that there is a branch, on average, every seven instructions. If you wish to keep such a pipeline full from a single thread, then you must guess the targets of the next 25 branches. This, again, adds complexity; it also means that an incorrect guess results in work being done and then discarded, which is not ideal for power consumption. This discarded work has visible side effects, which the Spectre and Meltdown attacks could exploit.</p>
61113
61114 <p>On a modern high-end core, the register rename engine is one of the largest consumers of die area and power. To make matters worse, it cannot be turned off or power gated while any instructions are running, which makes it inconvenient in a dark silicon era when transistors are cheap but powered transistors are an expensive resource. This unit is conspicuously absent on GPUs, where parallelism again comes from multiple threads rather than trying to extract instruction-level parallelism from intrinsically scalar code. If instructions do not have dependencies that need to be reordered, then register renaming is not necessary.</p>
61115
61116 <p>Consider another core part of the C abstract machine's memory model: flat memory. This hasn't been true for more than two decades. A modern processor often has three levels of cache in between registers and main memory, which attempt to hide latency.</p>
61117
61118 <p>The cache is, as its name implies, hidden from the programmer and so is not visible to C. Efficient use of the cache is one of the most important ways of making code run quickly on a modern processor, yet this is completely hidden by the abstract machine, and programmers must rely on knowing implementation details of the cache (for example, two values that are 64-byte-aligned may end up in the same cache line) to write efficient code.</p>
61119 </blockquote>
61120
61121 <ul>
61122 <li><a href="https://web.archive.org/web/20180501170011/https://queue.acm.org/detail.cfm?id=3212479">Backup URL</a></li>
61123 <li><a href="https://news.ycombinator.com/item?id=16967675">Hacker News Commentary</a></li>
61124 </ul>
61125
61126 <hr />
61127 <h3><a href="https://hardenedbsd.org/article/shawn-webb/2018-04-30/hardenedbsd-switching-back-openssl">HardenedBSD Switching Back to OpenSSL</a></h3>
61128
61129 <blockquote>
61130 <p>Over a year ago, HardenedBSD switched to LibreSSL as the default cryptographic library in base for 12-CURRENT. 11-STABLE followed suit later on. Bernard Spil has done an excellent job at keeping our users up-to-date with the latest security patches from LibreSSL.</p>
61131
61132 <p>After recently updating 12-CURRENT to LibreSSL 2.7.2 from 2.6.4, it has become increasingly clear to us that performing major upgrades requires a team larger than a single person. Upgrading to 2.7.2 caused a lot of fallout in our ports tree. As of 28 Apr 2018, several ports we consider high priority are still broken. As it stands right now, it would take Bernard a significant amount of his spare personal time to fix these issues.</p>
61133
61134 <p>Until we have a multi-person team dedicated to maintaining LibreSSL in base along with the patches required in ports, HardenedBSD will use OpenSSL going forward as the default cryptographic library in base. LibreSSL will co-exist with OpenSSL in the source tree, as it does now. However, MK_LIBRESSL will default to "no" instead of the current "yes". Bernard will continue maintaining LibreSSL in base along with addressing the various problematic ports entries.</p>
61135
61136 <p>To provide our users with ample time to plan and perform updates, we will wait a period of two months prior to making the switch. The switch will occur on 01 Jul 2018 and will be performed simultaneously in 12-CURRENT and 11-STABLE. HardenedBSD will archive a copy of the LibreSSL-centric package repositories and binary updates for base for a period of six months after the switch (expiring the package repos on 01 Jan 2019). This essentially gives our users eight full months for an upgrade path.</p>
61137
61138 <p>As part of the switch back to OpenSSL, the default NTP daemon in base will switch back from OpenNTPd to ISC NTP. Users who have local<em>openntpd</em>enable="YES" set in rc.conf will need to switch back to ntpd_enable="YES".</p>
61139
61140 <p>Users who build base from source will want to fully clean their object directories. Any and all packages that link with libcrypto or libssl will need to be rebuilt or reinstalled.</p>
61141
61142 <p>With the community's help, we look forward to the day when we can make the switch back to LibreSSL. We at HardenedBSD believe that providing our users options to rid themselves of software monocultures can better increase security and manage risk.</p>
61143 </blockquote>
61144
61145 <hr />
61146 <p><strong>DigitalOcean</strong>
61147 http://do.co/bsdnow -- $100 credit for 60 days</p>
61148
61149 <h3><a href="https://duo.com/decipher/hacker-history-how-dan-kaminsky-almost-broke-the-internet">How Dan Kaminsky Almost Broke the Internet</a></h3>
61150
61151 <blockquote>
61152 <p>In the summer of 2008, security researcher Dan Kaminsky disclosed how he had found a huge flaw in the Internet that could let attackers redirect web traffic to alternate servers and disrupt normal operations. In this Hacker History video, Kaminsky describes the flaw and notes the issue remains unfixed.</p>
61153
61154 <p>“We were really concerned about web pages and emails 'cause that’s what you get to compromise when you compromise DNS,” Kaminsky says. “You think you’re sending an email to IBM but it really goes to the bad guy.”</p>
61155
61156 <p>As the phone book of the Internet, DNS translates easy-to-remember domain names into IP addresses so that users don’t have to remember strings of numbers to reach web applications and services. Authoritative nameservers publish the IP addresses of domain names. Recursive nameservers talk to authoritative servers to find addresses for those domain names and saves the information into its cache to speed up the response time the next time it is asked about that site. While anyone can set up a nameserver and configure an authoritative zone for any site, if recursive nameservers don’t point to it to ask questions, no one will get those wrong answers.</p>
61157
61158 <p>We made the Internet less flammable.</p>
61159
61160 <p>Kaminsky found a fundamental design flaw in DNS that made it possible to inject incorrect information into the nameserver's cache, or DNS cache poisoning. In this case, if an attacker crafted DNS queries looking for sibling names to existing domains, such as 1.example.com, 2.example.com, and 3.example.com, while claiming to be the official "www" server for example.com, the nameserver will save that server IP address for “www” in its cache.</p>
61161
61162 <p>“The server will go, ‘You are the official. Go right ahead. Tell me what it’s supposed to be,’” Kaminsky says in the video.</p>
61163
61164 <p>Since the issue affected nearly every DNS server on the planet, it required a coordinated response to address it. Kaminsky informed Paul Vixie, creator of several DNS protocol extensions and application, and Vixie called an emergency summit of major IT vendors at Microsoft’s headquarters to figure out what to do.</p>
61165
61166 <p>The “fix” involved combining the 16-bit transaction identifier that DNS lookups used with UDP source ports to create 32-bit transaction identifiers. Instead of fixing the flaw so that it can’t be exploited, the resolution focused on making it take more than ten seconds, eliminating the instantaneous attack.</p>
61167
61168 <p>“[It’s] not like we repaired DNS,” Kaminsky says. “We made the Internet less flammable.”</p>
61169
61170 <p>DNSSEC (Domain Name System Security Extensions), is intended to secure DNS by adding a cryptographic layer to DNS information. The root zone of the internet was signed for DNSSEC in July 2010 and the .com Top Level Domain (TLD) was finally signed for DNSSEC in April 2011. Unfortunately, adoption has been slow, even ten years after Kaminsky first raised the alarm about DNS, as less than 15 percent of users pass their queries to DNSSEC validating resolvers.</p>
61171
61172 <p>The Internet was never designed to be secure. The Internet was designed to move pictures of cats.</p>
61173
61174 <p>No one expected the Internet to be used for commerce and critical communications. If people lose faith in DNS, then all the things that depend on it are at risk.</p>
61175
61176 <p>“What are we going to do? Here is the answer. Some of us gotta go out fix it,” Kaminsky says.</p>
61177 </blockquote>
61178
61179 <hr />
61180 <h3><a href="https://www.openindiana.org/2018/04/28/openindiana-hipster-2018-04-is-here/">OpenIndiana Hipster 2018.04 is here</a></h3>
61181
61182 <ul>
61183 <li><p>We have released a new OpenIndiana Hipster snapshot 2018.04. The noticeable changes:</p>
61184
61185 <ul><li>Userland software is rebuilt with GCC 6.</li>
61186 <li>KPTI was enabled to mitigate recent security issues in Intel CPUs.</li>
61187 <li>Support of Gnome 2 desktop was removed.</li>
61188 <li>Linked images now support zoneproxy service.</li>
61189 <li>Mate desktop applications are delivered as 64-bit-only.</li>
61190 <li>Upower support was integrated.</li>
61191 <li>IIIM was removed.</li></ul></li>
61192 <li><p>More information can be found in <a href="https://wiki.openindiana.org/oi/2018.04+Release+notes">2018.04 Release notes</a> and new medias can be downloaded from <a href="http://dlc.openindiana.org/">http://dlc.openindiana.org</a>.</p></li>
61193 </ul>
61194
61195 <hr />
61196 <h2>Beastie Bits</h2>
61197
61198 <ul>
61199 <li><a href="https://2018.eurobsdcon.org/call-for-papers/">EuroBSDCon - Call for Papers</a></li>
61200 <li><a href="https://www.openssh.com/txt/release-7.7">OpenSSH 7.7</a></li>
61201 <li><a href="https://mail-index.netbsd.org/pkgsrc-users/2018/04/05/msg026461.html">pkgsrc-2018Q1 released</a></li>
61202 <li><a href="https://www.bsdcan.org/2018/schedule/">BSDCan Schedule</a></li>
61203 <li><a href="https://www.youtube.com/watch?v=CehSeSVgEUA&amp;feature=youtu.be">Michael Dexter's LFNW talk</a></li>
61204 </ul>
61205
61206 <hr />
61207 <hr />
61208 <p>Tarsnap ad</p>
61209
61210 <hr />
61211 <h2>Feedback/Questions</h2>
61212
61213 <ul>
61214 <li>Bob - <a href="http://dpaste.com/02T6P91#wrap">Help locating FreeBSD Help</a></li>
61215 <li>Alex - <a href="http://dpaste.com/04RQ46X#wrap">Convert directory to dataset</a></li>
61216 <li>Adam - <a href="http://dpaste.com/3GT988W#wrap">FreeNAS Question</a></li>
61217 <li>Florian - <a href="http://dpaste.com/3RGQRVR#wrap">Three Questions</a></li>
61218 </ul>
61219
61220 <hr />
61221 <ul>
61222 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
61223 </ul>
61224
61225 <hr />
61226 <p>iX Ad spot: <a href="https://www.ixsystems.com/blog/truenas-m-series-veeam-pr-2018/">iXsystems TrueNAS M-Series Blows Away Veeam Backup Certification Tests</a></p>
61227 </description>
61228 <content:encoded>
61229 <![CDATA[<p>Arcan and OpenBSD, running OpenBSD 6.3 on RPI 3, why C is not a low-level language, HardenedBSD switching back to OpenSSL, how the Internet was almost broken, EuroBSDcon CfP is out, and the BSDCan 2018 schedule is available.</p>
61230
61231 <h2>Headlines</h2>
61232
61233 <h3><a href="https://arcan-fe.com/2018/04/25/towards-secure-system-graphics-arcan-and-openbsd/">Towards Secure System Graphics: Arcan and OpenBSD</a></h3>
61234
61235 <blockquote>
61236 <p>Let me preface this by saying that this is a (very) long and medium-rare technical article about the security considerations and minutiae of porting (most of) the Arcan ecosystem to work under OpenBSD. The main point of this article is not so much flirting with the OpenBSD crowd or adding further noise to software engineering topics, but to go through the special considerations that had to be taken, as notes to anyone else that decides to go down this overgrown and lonesome trail, or are curious about some less than obvious differences between how these things “work” on Linux vs. other parts of the world.</p>
61237
61238 <p>A disclaimer is also that most of this have been discovered by experimentation and combining bits and pieces scattered in everything from Xorg code to man pages, there may be smarter ways to solve some of the problems mentioned – this is just the best I could find within the time allotted. I’d be happy to be corrected, in patch/pull request form that is 😉</p>
61239
61240 <p>Each section will start with a short rant-like explanation of how it works in Linux, and what the translation to OpenBSD involved or, in the cases that are still partly or fully missing, will require. The topics that will be covered this time are:</p>
61241 </blockquote>
61242
61243 <ul>
61244 <li>Graphics Device Access</li>
61245 <li>Hotplug</li>
61246 <li>Input</li>
61247 <li>Backlight</li>
61248 <li>Xorg</li>
61249 <li>Pledging</li>
61250 <li>Missing</li>
61251 </ul>
61252
61253 <p><hr /></p>
61254
61255 <h3><a href="https://bijanebrahimi.github.io/blog/installing-openbsd-63-on-raspberry-pi-3.html">Installing OpenBSD 6.3 (snapshots) on Raspberry pi 3</a></h3>
61256
61257 <ul>
61258 <li>The Easy way</li>
61259 </ul>
61260
61261 <blockquote>
61262 <p>Installing the OpenBSD on raspberry pi 3 is very easy and well documented which almost convinced me of not writing about it, but still I felt like it may help somebody new to the project (But again I really recommend reading the document if you are interested and have the time).</p>
61263
61264 <p>Note: I'm always running snapshots and recommend anybody to do it as well. But the snapshots links will change to the next version every 6 month, so I changed the links to the 6.3 version to keep the blog post valid over times. If you're familiar to the OpenBSD flavors, feel free to use the snapshots links instead.</p>
61265 </blockquote>
61266
61267 <ul>
61268 <li>Requirements</li>
61269 </ul>
61270
61271 <blockquote>
61272 <p>Due to the lack of driver, the OpenBSD can not boot directly from the SD Card yet, So we'll need an USB Stick for the installtion target aside the SD Card for the U-Boot and installer. Also, a Serial Console connection is required. I Used a PL2303 USB to Serial (TTL) adapter connected to my Laptop via USB port and connected to the Raspberry via TX, RX and GND pins.</p>
61273 </blockquote>
61274
61275 <p><hr /></p>
61276
61277 <p><strong>iXsystems</strong>
61278 https://www.ixsystems.com/blog/truenas-m-series-veeam-pr-2018/</p>
61279
61280 <h3><a href="http://tomforsyth1000.github.io/blog.wiki.html#%5B%5BWhydidn%27tLarrabeefail?%5D%5D">Why Didn’t Larrabee Fail?</a></h3>
61281
61282 <blockquote>
61283 <p>Every month or so, someone will ask me what happened to Larrabee and why it failed so badly. And I then try to explain to them that not only didn't it fail, it was a pretty huge success. And they are understandably very puzzled by this, because in the public consciousness Larrabee was like the Itanic and the SPU rolled into one, wasn't it? Well, not quite. So rather than explain it in person a whole bunch more times, I thought I should write it down.</p>
61284
61285 <p>This is not a history, and I'm going to skip a TON of details for brevity. One day I'll write the whole story down, because it's a pretty decent escapade with lots of fun characters. But not today. Today you just get the very start and the very end.</p>
61286
61287 <p>When I say "Larrabee" I mean all of Knights, all of MIC, all of Xeon Phi, all of the "Isle" cards - they're all exactly the same chip and the same people and the same software effort. Marketing seemed to dream up a new codeword every week, but there was only ever three chips:</p>
61288 </blockquote>
61289
61290 <ul>
61291 <li>Knights Ferry / Aubrey Isle / LRB1 - mostly a prototype, had some performance gotchas, but did work, and shipped to partners.</li>
61292 <li>Knights Corner / Xeon Phi / LRB2 - the thing we actually shipped in bulk.</li>
61293 <li>Knights Landing - the new version that is shipping any day now (mid 2016).</li>
61294 </ul>
61295
61296 <blockquote>
61297 <p>That's it. There were some other codenames I've forgotten over the years, but they're all of one of the above chips. Behind all the marketing smoke and mirrors there were only three chips ever made (so far), and only four planned in total (we had a thing called LRB3 planned between KNC and KNL for a while). All of them are "Larrabee", whether they do graphics or not.</p>
61298
61299 <p>When Larrabee was originally conceived back in about 2005, it was called "SMAC", and its original goals were, from most to least important:</p>
61300 </blockquote>
61301
61302 <ul>
61303 <li><ol><li>Make the most powerful flops-per-watt machine for real-world workloads using a huge array of simple cores, on systems and boards that could be built into bazillo-core supercomputers.</li></ol></li>
61304 <li><ol><li>Make it from x86 cores. That means memory coherency, store ordering, memory protection, real OSes, no ugly scratchpads, it runs legacy code, and so on. No funky DSPs or windowed register files or wacky programming models allowed. Do not build another Itanium or SPU!</li></ol></li>
61305 <li><ol><li>Make it soon. That means keeping it simple.</li></ol></li>
61306 <li><ol><li>Support the emerging GPGPU market with that same chip. Intel were absolutely not going to build a 150W PCIe card version of their embedded graphics chip (known as "Gen"), so we had to cover those programming models. As a bonus, run normal graphics well.</li></ol></li>
61307 <li><ol><li>Add as little graphics-specific hardware as you can get away with.</li></ol></li>
61308 </ul>
61309
61310 <blockquote>
61311 <p>That ordering is important - in terms of engineering and focus, Larrabee was never primarily a graphics card. If Intel had wanted a kick-ass graphics card, they already had a very good graphics team begging to be allowed to build a nice big fat hot discrete GPU - and the Gen architecture is such that they'd build a great one, too. But Intel management didn't want one, and still doesn't. But if we were going to build Larrabee anyway, they wanted us to cover that market as well.</p>
61312
61313 <p>... the design of Larrabee was of a CPU with a very wide SIMD unit, designed above all to be a real grown-up CPU - coherent caches, well-ordered memory rules, good memory protection, true multitasking, real threads, runs Linux/FreeBSD, etc. Larrabee, in the form of KNC, went on to become the fastest supercomputer in the world for a couple of years, and it's still making a ton of money for Intel in the HPC market that it was designed for, fighting very nicely against the GPUs and other custom architectures. Its successor, KNL, is just being released right now (mid 2016) and should do very nicely in that space too. Remember - KNC is literally the same chip as LRB2. It has texture samplers and a video out port sitting on the die. They don't test them or turn them on or expose them to software, but they're still there - it's still a graphics-capable part.</p>
61314
61315 <p>But it's still actually running FreeBSD on that card, and under FreeBSD it's just running an x86 program called DirectXGfx (248 threads of it).</p>
61316 </blockquote>
61317
61318 <p><hr /></p>
61319
61320 <h2>News Roundup</h2>
61321
61322 <h3><a href="https://queue.acm.org/detail.cfm?id=3212479">C Is Not a Low-level Language : Your computer is not a fast PDP-11.</a></h3>
61323
61324 <blockquote>
61325 <p>In the wake of the recent Meltdown and Spectre vulnerabilities, it's worth spending some time looking at root causes. Both of these vulnerabilities involved processors speculatively executing instructions past some kind of access check and allowing the attacker to observe the results via a side channel. The features that led to these vulnerabilities, along with several others, were added to let C programmers continue to believe they were programming in a low-level language, when this hasn't been the case for decades.</p>
61326
61327 <p>Processor vendors are not alone in this. Those of us working on C/C++ compilers have also participated.</p>
61328 </blockquote>
61329
61330 <ul>
61331 <li>What Is a Low-Level Language?</li>
61332 </ul>
61333
61334 <blockquote>
61335 <p>Computer science pioneer Alan Perlis defined low-level languages this way: "A programming language is low level when its programs require attention to the irrelevant."</p>
61336
61337 <p>While, yes, this definition applies to C, it does not capture what people desire in a low-level language. Various attributes cause people to regard a language as low-level. Think of programming languages as belonging on a continuum, with assembly at one end and the interface to the Starship Enterprise's computer at the other. Low-level languages are "close to the metal," whereas high-level languages are closer to how humans think.</p>
61338
61339 <p>For a language to be "close to the metal," it must provide an abstract machine that maps easily to the abstractions exposed by the target platform. It's easy to argue that C was a low-level language for the PDP-11. They both described a model in which programs executed sequentially, in which memory was a flat space, and even the pre- and post-increment operators cleanly lined up with the PDP-11 addressing modes.</p>
61340 </blockquote>
61341
61342 <p>Fast PDP-11 Emulators</p>
61343
61344 <blockquote>
61345 <p>The root cause of the Spectre and Meltdown vulnerabilities was that processor architects were trying to build not just fast processors, but fast processors that expose the same abstract machine as a PDP-11. This is essential because it allows C programmers to continue in the belief that their language is close to the underlying hardware.</p>
61346
61347 <p>C code provides a mostly serial abstract machine (until C11, an entirely serial machine if nonstandard vendor extensions were excluded). Creating a new thread is a library operation known to be expensive, so processors wishing to keep their execution units busy running C code rely on ILP (instruction-level parallelism). They inspect adjacent operations and issue independent ones in parallel. This adds a significant amount of complexity (and power consumption) to allow programmers to write mostly sequential code. In contrast, GPUs achieve very high performance without any of this logic, at the expense of requiring explicitly parallel programs.</p>
61348
61349 <p>The quest for high ILP was the direct cause of Spectre and Meltdown. A modern Intel processor has up to 180 instructions in flight at a time (in stark contrast to a sequential C abstract machine, which expects each operation to complete before the next one begins). A typical heuristic for C code is that there is a branch, on average, every seven instructions. If you wish to keep such a pipeline full from a single thread, then you must guess the targets of the next 25 branches. This, again, adds complexity; it also means that an incorrect guess results in work being done and then discarded, which is not ideal for power consumption. This discarded work has visible side effects, which the Spectre and Meltdown attacks could exploit.</p>
61350
61351 <p>On a modern high-end core, the register rename engine is one of the largest consumers of die area and power. To make matters worse, it cannot be turned off or power gated while any instructions are running, which makes it inconvenient in a dark silicon era when transistors are cheap but powered transistors are an expensive resource. This unit is conspicuously absent on GPUs, where parallelism again comes from multiple threads rather than trying to extract instruction-level parallelism from intrinsically scalar code. If instructions do not have dependencies that need to be reordered, then register renaming is not necessary.</p>
61352
61353 <p>Consider another core part of the C abstract machine's memory model: flat memory. This hasn't been true for more than two decades. A modern processor often has three levels of cache in between registers and main memory, which attempt to hide latency.</p>
61354
61355 <p>The cache is, as its name implies, hidden from the programmer and so is not visible to C. Efficient use of the cache is one of the most important ways of making code run quickly on a modern processor, yet this is completely hidden by the abstract machine, and programmers must rely on knowing implementation details of the cache (for example, two values that are 64-byte-aligned may end up in the same cache line) to write efficient code.</p>
61356 </blockquote>
61357
61358 <ul>
61359 <li><a href="https://web.archive.org/web/20180501170011/https://queue.acm.org/detail.cfm?id=3212479">Backup URL</a></li>
61360 <li><a href="https://news.ycombinator.com/item?id=16967675">Hacker News Commentary</a></li>
61361 </ul>
61362
61363 <p><hr /></p>
61364
61365 <h3><a href="https://hardenedbsd.org/article/shawn-webb/2018-04-30/hardenedbsd-switching-back-openssl">HardenedBSD Switching Back to OpenSSL</a></h3>
61366
61367 <blockquote>
61368 <p>Over a year ago, HardenedBSD switched to LibreSSL as the default cryptographic library in base for 12-CURRENT. 11-STABLE followed suit later on. Bernard Spil has done an excellent job at keeping our users up-to-date with the latest security patches from LibreSSL.</p>
61369
61370 <p>After recently updating 12-CURRENT to LibreSSL 2.7.2 from 2.6.4, it has become increasingly clear to us that performing major upgrades requires a team larger than a single person. Upgrading to 2.7.2 caused a lot of fallout in our ports tree. As of 28 Apr 2018, several ports we consider high priority are still broken. As it stands right now, it would take Bernard a significant amount of his spare personal time to fix these issues.</p>
61371
61372 <p>Until we have a multi-person team dedicated to maintaining LibreSSL in base along with the patches required in ports, HardenedBSD will use OpenSSL going forward as the default cryptographic library in base. LibreSSL will co-exist with OpenSSL in the source tree, as it does now. However, MK_LIBRESSL will default to "no" instead of the current "yes". Bernard will continue maintaining LibreSSL in base along with addressing the various problematic ports entries.</p>
61373
61374 <p>To provide our users with ample time to plan and perform updates, we will wait a period of two months prior to making the switch. The switch will occur on 01 Jul 2018 and will be performed simultaneously in 12-CURRENT and 11-STABLE. HardenedBSD will archive a copy of the LibreSSL-centric package repositories and binary updates for base for a period of six months after the switch (expiring the package repos on 01 Jan 2019). This essentially gives our users eight full months for an upgrade path.</p>
61375
61376 <p>As part of the switch back to OpenSSL, the default NTP daemon in base will switch back from OpenNTPd to ISC NTP. Users who have local<em>openntpd</em>enable="YES" set in rc.conf will need to switch back to ntpd_enable="YES".</p>
61377
61378 <p>Users who build base from source will want to fully clean their object directories. Any and all packages that link with libcrypto or libssl will need to be rebuilt or reinstalled.</p>
61379
61380 <p>With the community's help, we look forward to the day when we can make the switch back to LibreSSL. We at HardenedBSD believe that providing our users options to rid themselves of software monocultures can better increase security and manage risk.</p>
61381 </blockquote>
61382
61383 <p><hr /></p>
61384
61385 <p><strong>DigitalOcean</strong>
61386 http://do.co/bsdnow -- $100 credit for 60 days</p>
61387
61388 <h3><a href="https://duo.com/decipher/hacker-history-how-dan-kaminsky-almost-broke-the-internet">How Dan Kaminsky Almost Broke the Internet</a></h3>
61389
61390 <blockquote>
61391 <p>In the summer of 2008, security researcher Dan Kaminsky disclosed how he had found a huge flaw in the Internet that could let attackers redirect web traffic to alternate servers and disrupt normal operations. In this Hacker History video, Kaminsky describes the flaw and notes the issue remains unfixed.</p>
61392
61393 <p>“We were really concerned about web pages and emails 'cause that’s what you get to compromise when you compromise DNS,” Kaminsky says. “You think you’re sending an email to IBM but it really goes to the bad guy.”</p>
61394
61395 <p>As the phone book of the Internet, DNS translates easy-to-remember domain names into IP addresses so that users don’t have to remember strings of numbers to reach web applications and services. Authoritative nameservers publish the IP addresses of domain names. Recursive nameservers talk to authoritative servers to find addresses for those domain names and saves the information into its cache to speed up the response time the next time it is asked about that site. While anyone can set up a nameserver and configure an authoritative zone for any site, if recursive nameservers don’t point to it to ask questions, no one will get those wrong answers.</p>
61396
61397 <p>We made the Internet less flammable.</p>
61398
61399 <p>Kaminsky found a fundamental design flaw in DNS that made it possible to inject incorrect information into the nameserver's cache, or DNS cache poisoning. In this case, if an attacker crafted DNS queries looking for sibling names to existing domains, such as 1.example.com, 2.example.com, and 3.example.com, while claiming to be the official "www" server for example.com, the nameserver will save that server IP address for “www” in its cache.</p>
61400
61401 <p>“The server will go, ‘You are the official. Go right ahead. Tell me what it’s supposed to be,’” Kaminsky says in the video.</p>
61402
61403 <p>Since the issue affected nearly every DNS server on the planet, it required a coordinated response to address it. Kaminsky informed Paul Vixie, creator of several DNS protocol extensions and application, and Vixie called an emergency summit of major IT vendors at Microsoft’s headquarters to figure out what to do.</p>
61404
61405 <p>The “fix” involved combining the 16-bit transaction identifier that DNS lookups used with UDP source ports to create 32-bit transaction identifiers. Instead of fixing the flaw so that it can’t be exploited, the resolution focused on making it take more than ten seconds, eliminating the instantaneous attack.</p>
61406
61407 <p>“[It’s] not like we repaired DNS,” Kaminsky says. “We made the Internet less flammable.”</p>
61408
61409 <p>DNSSEC (Domain Name System Security Extensions), is intended to secure DNS by adding a cryptographic layer to DNS information. The root zone of the internet was signed for DNSSEC in July 2010 and the .com Top Level Domain (TLD) was finally signed for DNSSEC in April 2011. Unfortunately, adoption has been slow, even ten years after Kaminsky first raised the alarm about DNS, as less than 15 percent of users pass their queries to DNSSEC validating resolvers.</p>
61410
61411 <p>The Internet was never designed to be secure. The Internet was designed to move pictures of cats.</p>
61412
61413 <p>No one expected the Internet to be used for commerce and critical communications. If people lose faith in DNS, then all the things that depend on it are at risk.</p>
61414
61415 <p>“What are we going to do? Here is the answer. Some of us gotta go out fix it,” Kaminsky says.</p>
61416 </blockquote>
61417
61418 <p><hr /></p>
61419
61420 <h3><a href="https://www.openindiana.org/2018/04/28/openindiana-hipster-2018-04-is-here/">OpenIndiana Hipster 2018.04 is here</a></h3>
61421
61422 <ul>
61423 <li><p>We have released a new OpenIndiana Hipster snapshot 2018.04. The noticeable changes:</p>
61424
61425 <ul><li>Userland software is rebuilt with GCC 6.</li>
61426 <li>KPTI was enabled to mitigate recent security issues in Intel CPUs.</li>
61427 <li>Support of Gnome 2 desktop was removed.</li>
61428 <li>Linked images now support zoneproxy service.</li>
61429 <li>Mate desktop applications are delivered as 64-bit-only.</li>
61430 <li>Upower support was integrated.</li>
61431 <li>IIIM was removed.</li></ul></li>
61432 <li><p>More information can be found in <a href="https://wiki.openindiana.org/oi/2018.04+Release+notes">2018.04 Release notes</a> and new medias can be downloaded from <a href="http://dlc.openindiana.org/">http://dlc.openindiana.org</a>.</p></li>
61433 </ul>
61434
61435 <p><hr /></p>
61436
61437 <h2>Beastie Bits</h2>
61438
61439 <ul>
61440 <li><a href="https://2018.eurobsdcon.org/call-for-papers/">EuroBSDCon - Call for Papers</a></li>
61441 <li><a href="https://www.openssh.com/txt/release-7.7">OpenSSH 7.7</a></li>
61442 <li><a href="https://mail-index.netbsd.org/pkgsrc-users/2018/04/05/msg026461.html">pkgsrc-2018Q1 released</a></li>
61443 <li><a href="https://www.bsdcan.org/2018/schedule/">BSDCan Schedule</a></li>
61444 <li><a href="https://www.youtube.com/watch?v=CehSeSVgEUA&feature=youtu.be">Michael Dexter's LFNW talk</a></li>
61445 </ul>
61446
61447 <p><hr /></p>
61448
61449 <p><hr /></p>
61450
61451 <p>Tarsnap ad</p>
61452
61453 <p><hr /></p>
61454
61455 <h2>Feedback/Questions</h2>
61456
61457 <ul>
61458 <li>Bob - <a href="http://dpaste.com/02T6P91#wrap">Help locating FreeBSD Help</a></li>
61459 <li>Alex - <a href="http://dpaste.com/04RQ46X#wrap">Convert directory to dataset</a></li>
61460 <li>Adam - <a href="http://dpaste.com/3GT988W#wrap">FreeNAS Question</a></li>
61461 <li>Florian - <a href="http://dpaste.com/3RGQRVR#wrap">Three Questions</a></li>
61462 </ul>
61463
61464 <p><hr /></p>
61465
61466 <ul>
61467 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
61468 </ul>
61469
61470 <p><hr /></p>
61471
61472 <p>iX Ad spot: <a href="https://www.ixsystems.com/blog/truenas-m-series-veeam-pr-2018/">iXsystems TrueNAS M-Series Blows Away Veeam Backup Certification Tests</a></p>]]>
61473 </content:encoded>
61474 <itunes:summary>
61475 <![CDATA[<p>Arcan and OpenBSD, running OpenBSD 6.3 on RPI 3, why C is not a low-level language, HardenedBSD switching back to OpenSSL, how the Internet was almost broken, EuroBSDcon CfP is out, and the BSDCan 2018 schedule is available.</p>
61476
61477 <h2>Headlines</h2>
61478
61479 <h3><a href="https://arcan-fe.com/2018/04/25/towards-secure-system-graphics-arcan-and-openbsd/">Towards Secure System Graphics: Arcan and OpenBSD</a></h3>
61480
61481 <blockquote>
61482 <p>Let me preface this by saying that this is a (very) long and medium-rare technical article about the security considerations and minutiae of porting (most of) the Arcan ecosystem to work under OpenBSD. The main point of this article is not so much flirting with the OpenBSD crowd or adding further noise to software engineering topics, but to go through the special considerations that had to be taken, as notes to anyone else that decides to go down this overgrown and lonesome trail, or are curious about some less than obvious differences between how these things “work” on Linux vs. other parts of the world.</p>
61483
61484 <p>A disclaimer is also that most of this have been discovered by experimentation and combining bits and pieces scattered in everything from Xorg code to man pages, there may be smarter ways to solve some of the problems mentioned – this is just the best I could find within the time allotted. I’d be happy to be corrected, in patch/pull request form that is 😉</p>
61485
61486 <p>Each section will start with a short rant-like explanation of how it works in Linux, and what the translation to OpenBSD involved or, in the cases that are still partly or fully missing, will require. The topics that will be covered this time are:</p>
61487 </blockquote>
61488
61489 <ul>
61490 <li>Graphics Device Access</li>
61491 <li>Hotplug</li>
61492 <li>Input</li>
61493 <li>Backlight</li>
61494 <li>Xorg</li>
61495 <li>Pledging</li>
61496 <li>Missing</li>
61497 </ul>
61498
61499 <p><hr /></p>
61500
61501 <h3><a href="https://bijanebrahimi.github.io/blog/installing-openbsd-63-on-raspberry-pi-3.html">Installing OpenBSD 6.3 (snapshots) on Raspberry pi 3</a></h3>
61502
61503 <ul>
61504 <li>The Easy way</li>
61505 </ul>
61506
61507 <blockquote>
61508 <p>Installing the OpenBSD on raspberry pi 3 is very easy and well documented which almost convinced me of not writing about it, but still I felt like it may help somebody new to the project (But again I really recommend reading the document if you are interested and have the time).</p>
61509
61510 <p>Note: I'm always running snapshots and recommend anybody to do it as well. But the snapshots links will change to the next version every 6 month, so I changed the links to the 6.3 version to keep the blog post valid over times. If you're familiar to the OpenBSD flavors, feel free to use the snapshots links instead.</p>
61511 </blockquote>
61512
61513 <ul>
61514 <li>Requirements</li>
61515 </ul>
61516
61517 <blockquote>
61518 <p>Due to the lack of driver, the OpenBSD can not boot directly from the SD Card yet, So we'll need an USB Stick for the installtion target aside the SD Card for the U-Boot and installer. Also, a Serial Console connection is required. I Used a PL2303 USB to Serial (TTL) adapter connected to my Laptop via USB port and connected to the Raspberry via TX, RX and GND pins.</p>
61519 </blockquote>
61520
61521 <p><hr /></p>
61522
61523 <p><strong>iXsystems</strong>
61524 https://www.ixsystems.com/blog/truenas-m-series-veeam-pr-2018/</p>
61525
61526 <h3><a href="http://tomforsyth1000.github.io/blog.wiki.html#%5B%5BWhydidn%27tLarrabeefail?%5D%5D">Why Didn’t Larrabee Fail?</a></h3>
61527
61528 <blockquote>
61529 <p>Every month or so, someone will ask me what happened to Larrabee and why it failed so badly. And I then try to explain to them that not only didn't it fail, it was a pretty huge success. And they are understandably very puzzled by this, because in the public consciousness Larrabee was like the Itanic and the SPU rolled into one, wasn't it? Well, not quite. So rather than explain it in person a whole bunch more times, I thought I should write it down.</p>
61530
61531 <p>This is not a history, and I'm going to skip a TON of details for brevity. One day I'll write the whole story down, because it's a pretty decent escapade with lots of fun characters. But not today. Today you just get the very start and the very end.</p>
61532
61533 <p>When I say "Larrabee" I mean all of Knights, all of MIC, all of Xeon Phi, all of the "Isle" cards - they're all exactly the same chip and the same people and the same software effort. Marketing seemed to dream up a new codeword every week, but there was only ever three chips:</p>
61534 </blockquote>
61535
61536 <ul>
61537 <li>Knights Ferry / Aubrey Isle / LRB1 - mostly a prototype, had some performance gotchas, but did work, and shipped to partners.</li>
61538 <li>Knights Corner / Xeon Phi / LRB2 - the thing we actually shipped in bulk.</li>
61539 <li>Knights Landing - the new version that is shipping any day now (mid 2016).</li>
61540 </ul>
61541
61542 <blockquote>
61543 <p>That's it. There were some other codenames I've forgotten over the years, but they're all of one of the above chips. Behind all the marketing smoke and mirrors there were only three chips ever made (so far), and only four planned in total (we had a thing called LRB3 planned between KNC and KNL for a while). All of them are "Larrabee", whether they do graphics or not.</p>
61544
61545 <p>When Larrabee was originally conceived back in about 2005, it was called "SMAC", and its original goals were, from most to least important:</p>
61546 </blockquote>
61547
61548 <ul>
61549 <li><ol><li>Make the most powerful flops-per-watt machine for real-world workloads using a huge array of simple cores, on systems and boards that could be built into bazillo-core supercomputers.</li></ol></li>
61550 <li><ol><li>Make it from x86 cores. That means memory coherency, store ordering, memory protection, real OSes, no ugly scratchpads, it runs legacy code, and so on. No funky DSPs or windowed register files or wacky programming models allowed. Do not build another Itanium or SPU!</li></ol></li>
61551 <li><ol><li>Make it soon. That means keeping it simple.</li></ol></li>
61552 <li><ol><li>Support the emerging GPGPU market with that same chip. Intel were absolutely not going to build a 150W PCIe card version of their embedded graphics chip (known as "Gen"), so we had to cover those programming models. As a bonus, run normal graphics well.</li></ol></li>
61553 <li><ol><li>Add as little graphics-specific hardware as you can get away with.</li></ol></li>
61554 </ul>
61555
61556 <blockquote>
61557 <p>That ordering is important - in terms of engineering and focus, Larrabee was never primarily a graphics card. If Intel had wanted a kick-ass graphics card, they already had a very good graphics team begging to be allowed to build a nice big fat hot discrete GPU - and the Gen architecture is such that they'd build a great one, too. But Intel management didn't want one, and still doesn't. But if we were going to build Larrabee anyway, they wanted us to cover that market as well.</p>
61558
61559 <p>... the design of Larrabee was of a CPU with a very wide SIMD unit, designed above all to be a real grown-up CPU - coherent caches, well-ordered memory rules, good memory protection, true multitasking, real threads, runs Linux/FreeBSD, etc. Larrabee, in the form of KNC, went on to become the fastest supercomputer in the world for a couple of years, and it's still making a ton of money for Intel in the HPC market that it was designed for, fighting very nicely against the GPUs and other custom architectures. Its successor, KNL, is just being released right now (mid 2016) and should do very nicely in that space too. Remember - KNC is literally the same chip as LRB2. It has texture samplers and a video out port sitting on the die. They don't test them or turn them on or expose them to software, but they're still there - it's still a graphics-capable part.</p>
61560
61561 <p>But it's still actually running FreeBSD on that card, and under FreeBSD it's just running an x86 program called DirectXGfx (248 threads of it).</p>
61562 </blockquote>
61563
61564 <p><hr /></p>
61565
61566 <h2>News Roundup</h2>
61567
61568 <h3><a href="https://queue.acm.org/detail.cfm?id=3212479">C Is Not a Low-level Language : Your computer is not a fast PDP-11.</a></h3>
61569
61570 <blockquote>
61571 <p>In the wake of the recent Meltdown and Spectre vulnerabilities, it's worth spending some time looking at root causes. Both of these vulnerabilities involved processors speculatively executing instructions past some kind of access check and allowing the attacker to observe the results via a side channel. The features that led to these vulnerabilities, along with several others, were added to let C programmers continue to believe they were programming in a low-level language, when this hasn't been the case for decades.</p>
61572
61573 <p>Processor vendors are not alone in this. Those of us working on C/C++ compilers have also participated.</p>
61574 </blockquote>
61575
61576 <ul>
61577 <li>What Is a Low-Level Language?</li>
61578 </ul>
61579
61580 <blockquote>
61581 <p>Computer science pioneer Alan Perlis defined low-level languages this way: "A programming language is low level when its programs require attention to the irrelevant."</p>
61582
61583 <p>While, yes, this definition applies to C, it does not capture what people desire in a low-level language. Various attributes cause people to regard a language as low-level. Think of programming languages as belonging on a continuum, with assembly at one end and the interface to the Starship Enterprise's computer at the other. Low-level languages are "close to the metal," whereas high-level languages are closer to how humans think.</p>
61584
61585 <p>For a language to be "close to the metal," it must provide an abstract machine that maps easily to the abstractions exposed by the target platform. It's easy to argue that C was a low-level language for the PDP-11. They both described a model in which programs executed sequentially, in which memory was a flat space, and even the pre- and post-increment operators cleanly lined up with the PDP-11 addressing modes.</p>
61586 </blockquote>
61587
61588 <p>Fast PDP-11 Emulators</p>
61589
61590 <blockquote>
61591 <p>The root cause of the Spectre and Meltdown vulnerabilities was that processor architects were trying to build not just fast processors, but fast processors that expose the same abstract machine as a PDP-11. This is essential because it allows C programmers to continue in the belief that their language is close to the underlying hardware.</p>
61592
61593 <p>C code provides a mostly serial abstract machine (until C11, an entirely serial machine if nonstandard vendor extensions were excluded). Creating a new thread is a library operation known to be expensive, so processors wishing to keep their execution units busy running C code rely on ILP (instruction-level parallelism). They inspect adjacent operations and issue independent ones in parallel. This adds a significant amount of complexity (and power consumption) to allow programmers to write mostly sequential code. In contrast, GPUs achieve very high performance without any of this logic, at the expense of requiring explicitly parallel programs.</p>
61594
61595 <p>The quest for high ILP was the direct cause of Spectre and Meltdown. A modern Intel processor has up to 180 instructions in flight at a time (in stark contrast to a sequential C abstract machine, which expects each operation to complete before the next one begins). A typical heuristic for C code is that there is a branch, on average, every seven instructions. If you wish to keep such a pipeline full from a single thread, then you must guess the targets of the next 25 branches. This, again, adds complexity; it also means that an incorrect guess results in work being done and then discarded, which is not ideal for power consumption. This discarded work has visible side effects, which the Spectre and Meltdown attacks could exploit.</p>
61596
61597 <p>On a modern high-end core, the register rename engine is one of the largest consumers of die area and power. To make matters worse, it cannot be turned off or power gated while any instructions are running, which makes it inconvenient in a dark silicon era when transistors are cheap but powered transistors are an expensive resource. This unit is conspicuously absent on GPUs, where parallelism again comes from multiple threads rather than trying to extract instruction-level parallelism from intrinsically scalar code. If instructions do not have dependencies that need to be reordered, then register renaming is not necessary.</p>
61598
61599 <p>Consider another core part of the C abstract machine's memory model: flat memory. This hasn't been true for more than two decades. A modern processor often has three levels of cache in between registers and main memory, which attempt to hide latency.</p>
61600
61601 <p>The cache is, as its name implies, hidden from the programmer and so is not visible to C. Efficient use of the cache is one of the most important ways of making code run quickly on a modern processor, yet this is completely hidden by the abstract machine, and programmers must rely on knowing implementation details of the cache (for example, two values that are 64-byte-aligned may end up in the same cache line) to write efficient code.</p>
61602 </blockquote>
61603
61604 <ul>
61605 <li><a href="https://web.archive.org/web/20180501170011/https://queue.acm.org/detail.cfm?id=3212479">Backup URL</a></li>
61606 <li><a href="https://news.ycombinator.com/item?id=16967675">Hacker News Commentary</a></li>
61607 </ul>
61608
61609 <p><hr /></p>
61610
61611 <h3><a href="https://hardenedbsd.org/article/shawn-webb/2018-04-30/hardenedbsd-switching-back-openssl">HardenedBSD Switching Back to OpenSSL</a></h3>
61612
61613 <blockquote>
61614 <p>Over a year ago, HardenedBSD switched to LibreSSL as the default cryptographic library in base for 12-CURRENT. 11-STABLE followed suit later on. Bernard Spil has done an excellent job at keeping our users up-to-date with the latest security patches from LibreSSL.</p>
61615
61616 <p>After recently updating 12-CURRENT to LibreSSL 2.7.2 from 2.6.4, it has become increasingly clear to us that performing major upgrades requires a team larger than a single person. Upgrading to 2.7.2 caused a lot of fallout in our ports tree. As of 28 Apr 2018, several ports we consider high priority are still broken. As it stands right now, it would take Bernard a significant amount of his spare personal time to fix these issues.</p>
61617
61618 <p>Until we have a multi-person team dedicated to maintaining LibreSSL in base along with the patches required in ports, HardenedBSD will use OpenSSL going forward as the default cryptographic library in base. LibreSSL will co-exist with OpenSSL in the source tree, as it does now. However, MK_LIBRESSL will default to "no" instead of the current "yes". Bernard will continue maintaining LibreSSL in base along with addressing the various problematic ports entries.</p>
61619
61620 <p>To provide our users with ample time to plan and perform updates, we will wait a period of two months prior to making the switch. The switch will occur on 01 Jul 2018 and will be performed simultaneously in 12-CURRENT and 11-STABLE. HardenedBSD will archive a copy of the LibreSSL-centric package repositories and binary updates for base for a period of six months after the switch (expiring the package repos on 01 Jan 2019). This essentially gives our users eight full months for an upgrade path.</p>
61621
61622 <p>As part of the switch back to OpenSSL, the default NTP daemon in base will switch back from OpenNTPd to ISC NTP. Users who have local<em>openntpd</em>enable="YES" set in rc.conf will need to switch back to ntpd_enable="YES".</p>
61623
61624 <p>Users who build base from source will want to fully clean their object directories. Any and all packages that link with libcrypto or libssl will need to be rebuilt or reinstalled.</p>
61625
61626 <p>With the community's help, we look forward to the day when we can make the switch back to LibreSSL. We at HardenedBSD believe that providing our users options to rid themselves of software monocultures can better increase security and manage risk.</p>
61627 </blockquote>
61628
61629 <p><hr /></p>
61630
61631 <p><strong>DigitalOcean</strong>
61632 http://do.co/bsdnow -- $100 credit for 60 days</p>
61633
61634 <h3><a href="https://duo.com/decipher/hacker-history-how-dan-kaminsky-almost-broke-the-internet">How Dan Kaminsky Almost Broke the Internet</a></h3>
61635
61636 <blockquote>
61637 <p>In the summer of 2008, security researcher Dan Kaminsky disclosed how he had found a huge flaw in the Internet that could let attackers redirect web traffic to alternate servers and disrupt normal operations. In this Hacker History video, Kaminsky describes the flaw and notes the issue remains unfixed.</p>
61638
61639 <p>“We were really concerned about web pages and emails 'cause that’s what you get to compromise when you compromise DNS,” Kaminsky says. “You think you’re sending an email to IBM but it really goes to the bad guy.”</p>
61640
61641 <p>As the phone book of the Internet, DNS translates easy-to-remember domain names into IP addresses so that users don’t have to remember strings of numbers to reach web applications and services. Authoritative nameservers publish the IP addresses of domain names. Recursive nameservers talk to authoritative servers to find addresses for those domain names and saves the information into its cache to speed up the response time the next time it is asked about that site. While anyone can set up a nameserver and configure an authoritative zone for any site, if recursive nameservers don’t point to it to ask questions, no one will get those wrong answers.</p>
61642
61643 <p>We made the Internet less flammable.</p>
61644
61645 <p>Kaminsky found a fundamental design flaw in DNS that made it possible to inject incorrect information into the nameserver's cache, or DNS cache poisoning. In this case, if an attacker crafted DNS queries looking for sibling names to existing domains, such as 1.example.com, 2.example.com, and 3.example.com, while claiming to be the official "www" server for example.com, the nameserver will save that server IP address for “www” in its cache.</p>
61646
61647 <p>“The server will go, ‘You are the official. Go right ahead. Tell me what it’s supposed to be,’” Kaminsky says in the video.</p>
61648
61649 <p>Since the issue affected nearly every DNS server on the planet, it required a coordinated response to address it. Kaminsky informed Paul Vixie, creator of several DNS protocol extensions and application, and Vixie called an emergency summit of major IT vendors at Microsoft’s headquarters to figure out what to do.</p>
61650
61651 <p>The “fix” involved combining the 16-bit transaction identifier that DNS lookups used with UDP source ports to create 32-bit transaction identifiers. Instead of fixing the flaw so that it can’t be exploited, the resolution focused on making it take more than ten seconds, eliminating the instantaneous attack.</p>
61652
61653 <p>“[It’s] not like we repaired DNS,” Kaminsky says. “We made the Internet less flammable.”</p>
61654
61655 <p>DNSSEC (Domain Name System Security Extensions), is intended to secure DNS by adding a cryptographic layer to DNS information. The root zone of the internet was signed for DNSSEC in July 2010 and the .com Top Level Domain (TLD) was finally signed for DNSSEC in April 2011. Unfortunately, adoption has been slow, even ten years after Kaminsky first raised the alarm about DNS, as less than 15 percent of users pass their queries to DNSSEC validating resolvers.</p>
61656
61657 <p>The Internet was never designed to be secure. The Internet was designed to move pictures of cats.</p>
61658
61659 <p>No one expected the Internet to be used for commerce and critical communications. If people lose faith in DNS, then all the things that depend on it are at risk.</p>
61660
61661 <p>“What are we going to do? Here is the answer. Some of us gotta go out fix it,” Kaminsky says.</p>
61662 </blockquote>
61663
61664 <p><hr /></p>
61665
61666 <h3><a href="https://www.openindiana.org/2018/04/28/openindiana-hipster-2018-04-is-here/">OpenIndiana Hipster 2018.04 is here</a></h3>
61667
61668 <ul>
61669 <li><p>We have released a new OpenIndiana Hipster snapshot 2018.04. The noticeable changes:</p>
61670
61671 <ul><li>Userland software is rebuilt with GCC 6.</li>
61672 <li>KPTI was enabled to mitigate recent security issues in Intel CPUs.</li>
61673 <li>Support of Gnome 2 desktop was removed.</li>
61674 <li>Linked images now support zoneproxy service.</li>
61675 <li>Mate desktop applications are delivered as 64-bit-only.</li>
61676 <li>Upower support was integrated.</li>
61677 <li>IIIM was removed.</li></ul></li>
61678 <li><p>More information can be found in <a href="https://wiki.openindiana.org/oi/2018.04+Release+notes">2018.04 Release notes</a> and new medias can be downloaded from <a href="http://dlc.openindiana.org/">http://dlc.openindiana.org</a>.</p></li>
61679 </ul>
61680
61681 <p><hr /></p>
61682
61683 <h2>Beastie Bits</h2>
61684
61685 <ul>
61686 <li><a href="https://2018.eurobsdcon.org/call-for-papers/">EuroBSDCon - Call for Papers</a></li>
61687 <li><a href="https://www.openssh.com/txt/release-7.7">OpenSSH 7.7</a></li>
61688 <li><a href="https://mail-index.netbsd.org/pkgsrc-users/2018/04/05/msg026461.html">pkgsrc-2018Q1 released</a></li>
61689 <li><a href="https://www.bsdcan.org/2018/schedule/">BSDCan Schedule</a></li>
61690 <li><a href="https://www.youtube.com/watch?v=CehSeSVgEUA&feature=youtu.be">Michael Dexter's LFNW talk</a></li>
61691 </ul>
61692
61693 <p><hr /></p>
61694
61695 <p><hr /></p>
61696
61697 <p>Tarsnap ad</p>
61698
61699 <p><hr /></p>
61700
61701 <h2>Feedback/Questions</h2>
61702
61703 <ul>
61704 <li>Bob - <a href="http://dpaste.com/02T6P91#wrap">Help locating FreeBSD Help</a></li>
61705 <li>Alex - <a href="http://dpaste.com/04RQ46X#wrap">Convert directory to dataset</a></li>
61706 <li>Adam - <a href="http://dpaste.com/3GT988W#wrap">FreeNAS Question</a></li>
61707 <li>Florian - <a href="http://dpaste.com/3RGQRVR#wrap">Three Questions</a></li>
61708 </ul>
61709
61710 <p><hr /></p>
61711
61712 <ul>
61713 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
61714 </ul>
61715
61716 <p><hr /></p>
61717
61718 <p>iX Ad spot: <a href="https://www.ixsystems.com/blog/truenas-m-series-veeam-pr-2018/">iXsystems TrueNAS M-Series Blows Away Veeam Backup Certification Tests</a></p>]]>
61719 </itunes:summary>
61720 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+3ns2pzlX</fireside:playerURL>
61721 <fireside:playerEmbedCode>
61722 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+3ns2pzlX" width="740" height="200" frameborder="0" scrolling="no">]]>
61723 </fireside:playerEmbedCode>
61724 </item>
61725 <item>
61726 <title>Episode 243: Understanding The Scheduler | BSD Now 243</title>
61727 <link>https://www.bsdnow.tv/243</link>
61728 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-1826</guid>
61729 <pubDate>Wed, 25 Apr 2018 13:00:00 -0700</pubDate>
61730 <author>Allan Jude</author>
61731 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/bc8d0c60-eef3-488f-9d07-65122019420b.mp3" length="61676635" type="audio/mp3"/>
61732 <itunes:episodeType>full</itunes:episodeType>
61733 <itunes:author>Allan Jude</itunes:author>
61734 <itunes:subtitle>OpenBSD 6.3 and DragonflyBSD 5.2 are released, bug fix for disappearing files in OpenZFS on Linux (and only Linux), understanding the FreeBSD CPU scheduler, NetBSD on RPI3, thoughts on being a committer for 20 years, and 5 reasons to use FreeBSD in 2018.</itunes:subtitle>
61735 <itunes:duration>1:25:24</itunes:duration>
61736 <itunes:explicit>no</itunes:explicit>
61737 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
61738 <description>OpenBSD 6.3 and DragonflyBSD 5.2 are released, bug fix for disappearing files in OpenZFS on Linux (and only Linux), understanding the FreeBSD CPU scheduler, NetBSD on RPI3, thoughts on being a committer for 20 years, and 5 reasons to use FreeBSD in 2018.
61739 <h2>Headlines</h2>
61740 <h3><a href="https://www.openbsd.org/63.html">OpenBSD 6.3 released</a></h3>
61741
61742 <ul>
61743 <li>Punctual as ever, OpenBSD 6.3 has been releases with the following features/changes:
61744
61745
61746 <blockquote>
61747 Improved HW support, including:
61748 SMP support on OpenBSD/arm64 platforms
61749 vmm/vmd improvements:
61750 IEEE 802.11 wireless stack improvements
61751 Generic network stack improvements
61752 Installer improvements
61753 Routing daemons and other userland network improvements
61754 Security improvements
61755 dhclient(8) improvements
61756 Assorted improvements
61757 OpenSMTPD 6.0.4
61758 OpenSSH 7.7
61759 LibreSSL 2.7.2</li>
61760 </ul>
61761 <hr />
61762 </blockquote>
61763
61764 <h3><a href="https://www.dragonflybsd.org/release52/">DragonFlyBSD 5.2 released</a></h3>
61765
61766
61767
61768 <blockquote>
61769 <p>Big-ticket items
61770 Meltdown and Spectre mitigation support
61771 Meltdown isolation and spectre mitigation support added. Meltdown mitigation is automatically enabled for all Intel cpus. Spectre mitigation must be enabled manually via sysctl if desired, using sysctls machdep.spectre<em>mitigation and machdep.meltdown</em>mitigation.
61772 HAMMER2
61773 H2 has received a very large number of bug fixes and performance improvements. We can now recommend H2 as the default root filesystem in non-clustered mode.
61774 Clustered support is not yet available.
61775 ipfw Updates
61776 Implement state based "redirect", i.e. without using libalias.
61777 ipfw now supports all possible ICMP types.
61778 Fix ICMP<em>MAXTYPE assumptions (now 40 as of this release).
61779 Improved graphics support
61780 The drm/i915 kernel driver has been updated to support Intel Coffeelake GPUs
61781 Add 24-bit pixel format support to the EFI frame buffer code.
61782 Significantly improve fbio support for the "scfb" XOrg driver. This allows EFI frame buffers to be used by X in situations where we do not otherwise support the GPU.
61783 Partly implement the FBIO</em>BLANK ioctl for display powersaving.
61784 Syscons waits for drm modesetting at appropriate places, avoiding races.
61785 + For more details, check out the “All changes since DragonFly 5.0” section.</p>
61786 </blockquote>
61787
61788 <hr />
61789
61790
61791
61792
61793
61794
61795 <h3><a href="https://github.com/zfsonlinux/zfs/issues/7401">ZFS on Linux bug causes files to disappear</a></h3>
61796
61797 <ul>
61798 <li>A bug in ZoL 0.7.7 caused 0.7.8 to be released just 3 days after the release</li>
61799 <li>The bug only impacts Linux, the change that caused the problem was not upstreamed yet, so does not impact ZFS on illumos, FreeBSD, OS X, or Windows</li>
61800 <li>The bug can cause files being copied into a directory to not be properly linked to the directory, so they will no longer be listed in the contents of the directory</li>
61801 <li>ZoL developers are working on a tool to allow you to recover the data, since no data was actually lost, the files were just not properly registered as part of the directory</li>
61802 <li>The bug was introduced in a commit made in February, that attempted to improve performance of datasets created with the case insensitivity option. In an effort to improve performance, they introduced a limit to cap to give up (return ENOSPC) if growing the directory ZAP failed twice.</li>
61803 <li>The ZAP is the key-value pair data structure that contains metadata for a directory, including a hash table of the files that are in a directory. When a directory has a large number of files, the ZAP is converted to a FatZAP, and additional space may need to be allocated as additional files are added.
61804
61805
61806 <blockquote>
61807 Commit cc63068 caused ENOSPC error when copy a large amount of files between two directories. The reason is that the patch limits zap leaf expansion to 2 retries, and return ENOSPC when failed.</li>
61808 <li>Finding the root cause of this issue was somewhat hampered by the fact that many people were not able to reproduce the issue. It turns out this was caused by an entirely unrelated change to GNU coreutils.</li>
61809 <li>On later versions of GNU Coreutils, the files were returned in a sorted order, resulting in them hitting different buckets in the hash table, and not tripping the retry limit</li>
61810 <li>Tools like rsync were unaffected, because they always sort the files before copying</li>
61811 <li>If you did not see any ENOSPC errors, you were likely not impacted
61812 The intent for limiting retries is to prevent pointlessly growing table to max size when adding a block full of entries with same name in different case in mixed mode. However, it turns out we cannot use any limit on the retry. When we copy files from one directory in readdir order, we are copying in hash order, one leaf block at a time. Which means that if the leaf block in source directory has expanded 6 times, and you copy those entries in that block, by the time you need to expand the leaf in destination directory, you need to expand it 6 times in one go. So any limit on the retry will result in error where it shouldn't.</li>
61813 <li>Recommendations for Users from Ryan Yao:
61814 The regression makes it so that creating a new file could fail with ENOSPC after which files created in that directory could become orphaned. Existing files seem okay, but I have yet to confirm that myself and I cannot speak for what others know. It is incredibly difficult to reproduce on systems running coreutils 8.23 or later. So far, reports have only come from people using coreutils 8.22 or older. The directory size actually gets incremented for each orphaned file, which makes it wrong after orphan files happen.
61815 We will likely have some way to recover the orphaned files (like ext4’s lost+found) and fix the directory sizes in the very near future. Snapshots of the damaged datasets are problematic though. Until we have a subcommand to fix it (not including the snapshots, which we would have to list), the damage can be removed from a system that has it either by rolling back to a snapshot before it happened or creating a new dataset with 0.7.6 (or another release other than 0.7.7), moving everything to the new dataset and destroying the old. That will restore things to pristine condition.
61816 It should also be possible to check for pools that are affected, but I have yet to finish my analysis to be certain that no false negatives occur when checking, so I will avoid saying how for now.</li>
61817 <li>Writes to existing files cannot trigger this bug, only adding new files to a directory in bulk</li>
61818 </ul>
61819 <hr />
61820 </blockquote>
61821
61822 <h2>News Roundup</h2>
61823
61824
61825
61826 <h3><a href="https://blog.des.no/2018/04/twenty-years/">des@’s thoughts on being a FreeBSD committer for 20 years</a></h3>
61827
61828
61829
61830 <blockquote>
61831 <p>Yesterday was the twentieth anniversary of my FreeBSD commit bit, and tomorrow will be the twentieth anniversary of my first commit. I figured I’d split the difference and write a few words about it today.</p>
61832
61833 <p>My level of engagement with the FreeBSD project has varied greatly over the twenty years I’ve been a committer. There have been times when I worked on it full-time, and times when I did not touch it for months. The last few years, health issues and life events have consumed my time and sapped my energy, and my contributions have come in bursts. Commit statistics do not tell the whole story, though: even when not working on FreeBSD directly, I have worked on side projects which, like OpenPAM, may one day find their way into FreeBSD.</p>
61834
61835 <p>My contributions have not been limited to code. I was the project’s first Bugmeister; I’ve served on the Security Team for a long time, and have been both Security Officer and Deputy Security Officer; I managed the last four Core Team elections and am doing so again this year.</p>
61836
61837 <p>In return, the project has taught me much about programming and software engineering. It taught me code hygiene and the importance of clarity over cleverness; it taught me the ins and outs of revision control; it taught me the importance of good documentation, and how to write it; and it taught me good release engineering practices.</p>
61838
61839 <p>Last but not least, it has provided me with the opportunity to work with some of the best people in the field. I have the privilege today to count several of them among my friends.</p>
61840
61841 <p>For better or worse, the FreeBSD project has shaped my career and my life. It set me on the path to information security in general and IAA in particular, and opened many a door for me. I would not be where I am now without it.</p>
61842
61843 <p>I won’t pretend to be able to tell the future. I don’t know how long I will remain active in the FreeBSD project and community. It could be another twenty years; or it could be ten, or five, or less. All I know is that FreeBSD and I still have things to teach each other, and I don’t intend to call it quits any time soon.</p>
61844 </blockquote>
61845
61846 <hr />
61847
61848
61849
61850
61851
61852
61853 <h3><a href="https://www.ixsystems.com/blog/truenas-m-series/?utm_source=twitter.com&amp;utm_medium=bsdnow&amp;utm_campaign=truenas+m+series">iXsystems unveils new TrueNAS M-Series Unified Storage Line</a></h3>
61854
61855
61856
61857 <blockquote>
61858 <p>San Jose, Calif., April 10, 2018 — iXsystems, the leader in Enterprise Open Source servers and software-defined storage, announced the TrueNAS M40 and M50 as the newest high-performance models in its hybrid, unified storage product line. The TrueNAS M-Series harnesses NVMe and NVDIMM to bring all-flash array performance to the award-winning TrueNAS hybrid arrays. It also includes the Intel® Xeon® Scalable Family of Processors and supports up to 100GbE and 32Gb Fibre Channel networking. Sitting between the all-flash TrueNAS Z50 and the hybrid TrueNAS X-Series in the product line, the TrueNAS M-Series delivers up to 10 Petabytes of highly-available and flash-powered network attached storage and rounds out a comprehensive product set that has a capacity and performance option for every storage budget.</p>
61859 </blockquote>
61860
61861 <ul>
61862 <li>Designed for On-Premises &amp; Enterprise Cloud Environments</li>
61863 </ul>
61864
61865 <blockquote>
61866 <p>As a unified file, block, and object sharing solution, TrueNAS can meet the needs of file serving, backup, virtualization, media production, and private cloud users thanks to its support for the SMB, NFS, AFP, iSCSI, Fibre Channel, and S3 protocols.</p>
61867
61868 <p>At the heart of the TrueNAS M-Series is a custom 4U, dual-controller head unit that supports up to 24 3.5” drives and comes in two models, the M40 and M50, for maximum flexibility and scalability. The TrueNAS M40 uses NVDIMMs for write cache, SSDs for read cache, and up to two external 60-bay expansion shelves that unlock up to 2PB in capacity. The TrueNAS M50 uses NVDIMMs for write caching, NVMe drives for read caching, and up to twelve external 60-bay expansion shelves to scale upwards of 10PB. The dual-controller design provides high-availability failover and non-disruptive upgrades for mission-critical enterprise environments.</p>
61869
61870 <p>By design, the TrueNAS M-Series unleashes cutting-edge persistent memory technology for demanding performance and capacity workloads, enabling businesses to accelerate enterprise applications and deploy enterprise private clouds that are twice the capacity of previous TrueNAS models. It also supports replication to the Amazon S3, BackBlaze B2, Google Cloud, and Microsoft Azure cloud platforms and can deliver an object store using the ubiquitous S3 object storage protocol at a fraction of the cost of the public cloud.</p>
61871 </blockquote>
61872
61873 <ul>
61874 <li>Fast</li>
61875 </ul>
61876
61877 <blockquote>
61878 <p>As a true enterprise storage platform, the TrueNAS M50 supports very demanding performance workloads with up to four active 100GbE ports, 3TB of RAM, 32GB of NVDIMM write cache and up to 15TB of NVMe flash read cache. The TrueNAS M40 and M50 include up to 24/7 and global next-business-day support, putting IT at ease. The modular and tool-less design of the M-Series allows for easy, non-disruptive servicing and upgrading by end-users and support technicians for guaranteed uptime. TrueNAS has US-Based support provided by the engineering team that developed it, offering the rapid response that every enterprise needs.</p>
61879 </blockquote>
61880
61881 <ul>
61882 <li><p>Award-Winning TrueNAS Features</p>
61883
61884 <ul><li>Enterprise: Perfectly suited for private clouds and enterprise workloads such as file sharing, backups, M&amp;E, surveillance, and hosting virtual machines.</li>
61885 <li>Unified: Utilizes SMB, AFP, NFS for file storage, iSCSI, Fibre Channel and OpenStack Cinder for block storage, and S3-compatible APIs for object storage. Supports every common operating system, hypervisor, and application.</li>
61886 <li>Economical: Deploy an enterprise private cloud and reduce storage TCO by 70% over AWS with built-in enterprise-class features such as in-line compression, deduplication, clones, and thin-provisioning.</li>
61887 <li>Safe: The OpenZFS file system ensures data integrity with best-in-class replication and snapshotting. Customers can replicate data to the rest of the iXsystems storage lineup and to the public cloud.</li>
61888 <li>Reliable: High Availability option with dual hot-swappable controllers for continuous data availability and 99.999% uptime.</li>
61889 <li>Familiar: Provision and manage storage with the same simple and powerful WebUI and REST APIs used in all iXsystems storage products, as well as iXsystems’ FreeNAS Software.</li>
61890 <li>Certified: TrueNAS has passed the Citrix Ready, VMware Ready, and Veeam Ready certifications, reducing the risk of deploying a virtualized infrastructure.</li>
61891 <li>Open: By using industry-standard sharing protocols, the OpenZFS Open Source enterprise file system and FreeNAS, the world’s #1 Open Source storage operating system (and also engineered by iXsystems), TrueNAS is the most open enterprise storage solution on the market.</li></ul></li>
61892 <li><p>Availability</p></li>
61893 </ul>
61894
61895 <blockquote>
61896 <p>The TrueNAS M40 and M50 will be generally available in April 2018 through the iXsystems global channel partner network. The TrueNAS M-Series starts at under $20,000 USD and can be easily expanded using a linear “per terabyte” pricing model. With typical compression, a Petabtye can be stored for under $100,000 USD. TrueNAS comes with an all-inclusive software suite that provides NFS, Windows SMB, iSCSI, snapshots, clones and replication.</p>
61897 </blockquote>
61898
61899 <ul>
61900 <li>For more information, visit www.ixsystems.com/TrueNAS </li>
61901 <li><a href="TrueNAS M-Series What's New">TrueNAS M-Series What's New Video</a></li>
61902 </ul>
61903
61904 <hr />
61905 <h3><a href="https://lists.freebsd.org/pipermail/freebsd-stable/2018-April/088678.html">Understanding and tuning the FreeBSD Scheduler </a></h3>
61906
61907 <p>```
61908 Occasionally I noticed that the system would not quickly process the
61909 tasks i need done, but instead prefer other, longrunning tasks. I
61910 figured it must be related to the scheduler, and decided it hates me.</p>
61911
61912 <p>A closer look shows the behaviour as follows (single CPU):</p>
61913
61914 <p>Lets run an I/O-active task, e.g, postgres VACUUM that would
61915 continuously read from big files (while doing compute as well [1]):</p>
61916
61917 <blockquote>
61918 <p>pool alloc free read write read write
61919 cache - - - - - -
61920 ada1s4 7.08G 10.9G 1.58K 0 12.9M 0</p>
61921 </blockquote>
61922
61923 <p>Now start an endless loop:</p>
61924
61925 <h1>while true; do :; done</h1>
61926
61927 <p>And the effect is:</p>
61928
61929 <blockquote>
61930 <p>pool alloc free read write read write
61931 cache - - - - - -
61932 ada1s4 7.08G 10.9G 9 0 76.8K 0</p>
61933 </blockquote>
61934
61935 <p>The VACUUM gets almost stuck! This figures with WCPU in "top":</p>
61936
61937 <blockquote>
61938 <p>PID USERNAME PRI NICE SIZE RES STATE TIME WCPU COMMAND
61939 85583 root 99 0 7044K 1944K RUN 1:06 92.21% bash
61940 53005 pgsql 52 0 620M 91856K RUN 5:47 0.50% postgres</p>
61941 </blockquote>
61942
61943 <p>Hacking on kern.sched.quantum makes it quite a bit better:</p>
61944
61945 <h1>sysctl kern.sched.quantum=1</h1>
61946
61947 <p>kern.sched.quantum: 94488 -> 7874</p>
61948
61949 <blockquote>
61950 <p>pool alloc free read write read write
61951 cache - - - - - -
61952 ada1s4 7.08G 10.9G 395 0 3.12M 0</p>
61953
61954 <p>PID USERNAME PRI NICE SIZE RES STATE TIME WCPU COMMAND
61955 85583 root 94 0 7044K 1944K RUN 4:13 70.80% bash
61956 53005 pgsql 52 0 276M 91856K RUN 5:52 11.83% postgres</p>
61957 </blockquote>
61958
61959 <p>Now, as usual, the "root-cause" questions arise: What exactly does
61960 this "quantum"? Is this solution a workaround, i.e. actually something
61961 else is wrong, and has it tradeoff in other situations? Or otherwise,
61962 why is such a default value chosen, which appears to be ill-deceived?</p>
61963
61964 <p>The docs for the quantum parameter are a bit unsatisfying - they say
61965 its the max num of ticks a process gets - and what happens when
61966 they're exhausted? If by default the endless loop is actually allowed
61967 to continue running for 94k ticks (or 94ms, more likely) uninterrupted,
61968 then that explains the perceived behaviour - buts thats certainly not
61969 what a scheduler should do when other procs are ready to run.</p>
61970
61971 <p>11.1-RELEASE-p7, kern.hz=200. Switching tickless mode on or off does
61972 not influence the matter. Starting the endless loop with "nice" does
61973 not influence the matter.</p>
61974
61975 <p>[1]
61976 A pure-I/O job without compute load, like "dd", does not show
61977 this behaviour. Also, when other tasks are running, the unjust
61978 behaviour is not so stongly pronounced.
61979 ```</p>
61980
61981 <hr />
61982 <h3><a href="https://mail-index.netbsd.org/port-arm/2018/04/01/msg004702.html">aarch64 support added</a></h3>
61983
61984 <blockquote>
61985 <p>I have committed about adding initial support for aarch64.</p>
61986 </blockquote>
61987
61988 <ul>
61989 <li>booting log on RaspberryPI3:</li>
61990 </ul>
61991
61992 <p>```
61993 boot NetBSD/evbarm (aarch64)
61994 Drop to EL1...OK
61995 Creating VA=PA tables
61996 Creating KSEG tables
61997 Creating KVA=PA tables
61998 Creating devmap tables
61999 MMU Enable...OK
62000 VSTART = ffffffc000001ff4
62001 FDT&lt;3ab46000> devmap cpufunc bootstrap consinit ok
62002 uboot: args 0x3ab46000, 0, 0, 0</p>
62003
62004 <pre><code>NetBSD/evbarm (fdt) booting ...
62005 FDT /memory [0] @ 0x0 size 0x3b000000
62006 MEM: add 0-3b000000
62007 MEM: res 0-1000
62008 MEM: res 3ab46000-3ab4a000
62009 Usable memory:
62010 1000 - 3ab45fff
62011 3ab4a000 - 3affffff
62012 initarm: kernel phys start 1000000 end 17bd000
62013 MEM: res 1000000-17bd000
62014 bootargs: root=axe0
62015 1000 - ffffff
62016 17bd000 - 3ab45fff
62017 3ab4a000 - 3affffff
62018 ------------------------------------------
62019 kern_vtopdiff = 0xffffffbfff000000
62020 physical_start = 0x0000000000001000
62021 kernel_start_phys = 0x0000000001000000
62022 kernel_end_phys = 0x00000000017bd000
62023 physical_end = 0x000000003ab45000
62024 VM_MIN_KERNEL_ADDRESS = 0xffffffc000000000
62025 kernel_start_l2 = 0xffffffc000000000
62026 kernel_start = 0xffffffc000000000
62027 kernel_end = 0xffffffc0007bd000
62028 kernel_end_l2 = 0xffffffc000800000
62029 (kernel va area)
62030 (devmap va area)
62031 VM_MAX_KERNEL_ADDRESS = 0xffffffffffe00000
62032 ------------------------------------------
62033 Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
62034 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017,
62035 2018 The NetBSD Foundation, Inc. All rights reserved.
62036 Copyright (c) 1982, 1986, 1989, 1991, 1993
62037 The Regents of the University of California. All rights reserved.
62038
62039 NetBSD 8.99.14 (RPI64) #11: Fri Mar 30 12:34:19 JST 2018
62040 ryo@moveq:/usr/home/ryo/tmp/netbsd-src-ryo-wip/sys/arch/evbarm/compile/RPI64
62041 total memory = 936 MB
62042 avail memory = 877 MB
62043 </code></pre>
62044
62045 <p>…</p>
62046
62047 <pre><code>Starting local daemons:.
62048 Updating motd.
62049 Starting sshd.
62050 Starting inetd.
62051 Starting cron.
62052 The following components reported failures:
62053 /etc/rc.d/swap2
62054 See /var/run/rc.log for more information.
62055 Fri Mar 30 12:35:31 JST 2018
62056
62057 NetBSD/evbarm (rpi3) (console)
62058
62059 login: root
62060 Last login: Fri Mar 30 12:30:24 2018 on console
62061
62062 rpi3# uname -ap
62063 NetBSD rpi3 8.99.14 NetBSD 8.99.14 (RPI64) #11: Fri Mar 30 12:34:19 JST 2018 ryo@moveq:/usr/home/ryo/tmp/netbsd-src-ryo-wip/sys/arch/evbarm/compile/RPI64 evbarm aarch64
62064 rpi3#
62065 </code></pre>
62066
62067 <p>```</p>
62068
62069 <blockquote>
62070 <p>Now, multiuser mode works stably on fdt based boards (RPI3,SUNXI,TEGRA). But there are still some problems, more time is required for release. also SMP is not yet. See sys/arch/aarch64/aarch64/TODO for more detail. Especially the problems around TLS of rtld, and C++ stack unwindings are too difficult for me to solve, I give up and need someone's help (^o^)/ Since C++ doesn't work, ATF also doesn't work. If the ATF works, it will clarify more issues.</p>
62071
62072 <p>sys/arch/evbarm64 is gone and integrated into sys/arch/evbarm. One evbarm/conf/GENERIC64 kernel binary supports all fdt (bcm2837,sunxi,tegra) based boards. While on 32bit, sys/arch/evbarm/conf/GENERIC will support all fdt based boards...but doesn't work yet. (WIP)</p>
62073
62074 <p>My deepest appreciation goes to Tohru Nishimura (nisimura@) whose writes vector handlers, context switchings, and so on. and his comments and suggestions were innumerably valuable. I would also like to thank Nick Hudson (skrll@) and Jared McNeill (jmcneill@) whose added support FDT and integrated into evbarm. Finally, I would like to thank Matt Thomas (matt@) whose commited aarch64
62075 toolchains and preliminary support for aarch64.</p>
62076 </blockquote>
62077
62078 <hr />
62079 <h2>Beastie Bits</h2>
62080
62081 <ul>
62082 <li><a href="https://www.youtube.com/watch?v=hvuWI5hzD5U">5 Reasons to Use FreeBSD in 2018</a></li>
62083 <li><a href="https://twitter.com/johalun/status/983645780509712384">Rewriting Intel gigabit network driver in Rust</a></li>
62084 <li><a href="https://twitter.com/DLangille/status/983360090240684034">Recruiting to make Elastic Search on FreeBSD better</a></li>
62085 <li><a href="https://twitter.com/Tubsta/status/981058685219688448">Windows Server 2019 Preview, in bhyve on FreeBSD</a></li>
62086 <li><a href="https://blather.michaelwlucas.com/archives/3126">“SSH Mastery, 2nd ed” in hardcover</a></li>
62087 </ul>
62088
62089 <hr />
62090 <h2>Feedback/Questions</h2>
62091
62092 <ul>
62093 <li>Jason - <a href="http://dpaste.com/0JN4V1K#wrap">ZFS Transfer option</a></li>
62094 <li>Luis - <a href="http://dpaste.com/3MH4QRF#wrap">ZFS Pools</a></li>
62095 <li><a href="https://clonos.tekroutine.com/">ClonOS </a></li>
62096 <li>Michael - <a href="http://dpaste.com/3MN5F74#wrap">Tech Conferences</a></li>
62097 <li>anonymous - <a href="http://dpaste.com/18J24QJ#wrap">BSD trash on removable drives</a></li>
62098 </ul>
62099
62100 <hr />
62101 <ul>
62102 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
62103 </ul>
62104
62105 <hr />
62106 </description>
62107 <itunes:keywords>BSD,DragonflyBSD,freebsd,guide,howto,Interview,NetBSD,OpenBSD,trueos,tutorial</itunes:keywords>
62108 <content:encoded>
62109 <![CDATA[<p>OpenBSD 6.3 and DragonflyBSD 5.2 are released, bug fix for disappearing files in OpenZFS on Linux (and only Linux), understanding the FreeBSD CPU scheduler, NetBSD on RPI3, thoughts on being a committer for 20 years, and 5 reasons to use FreeBSD in 2018.</p>
62110
62111 <h2>Headlines</h2>
62112
62113 <h3><a href="https://www.openbsd.org/63.html">OpenBSD 6.3 released</a></h3>
62114
62115 <ul>
62116 <li>Punctual as ever, OpenBSD 6.3 has been releases with the following features/changes:
62117
62118
62119 <blockquote>
62120 Improved HW support, including:
62121 SMP support on OpenBSD/arm64 platforms
62122 vmm/vmd improvements:
62123 IEEE 802.11 wireless stack improvements
62124 Generic network stack improvements
62125 Installer improvements
62126 Routing daemons and other userland network improvements
62127 Security improvements
62128 dhclient(8) improvements
62129 Assorted improvements
62130 OpenSMTPD 6.0.4
62131 OpenSSH 7.7
62132 LibreSSL 2.7.2</li>
62133 </ul>
62134 <hr />
62135 </blockquote>
62136
62137 <h3><a href="https://www.dragonflybsd.org/release52/">DragonFlyBSD 5.2 released</a></h3>
62138
62139
62140
62141 <blockquote>
62142 <p>Big-ticket items
62143 Meltdown and Spectre mitigation support
62144 Meltdown isolation and spectre mitigation support added. Meltdown mitigation is automatically enabled for all Intel cpus. Spectre mitigation must be enabled manually via sysctl if desired, using sysctls machdep.spectre<em>mitigation and machdep.meltdown</em>mitigation.
62145 HAMMER2
62146 H2 has received a very large number of bug fixes and performance improvements. We can now recommend H2 as the default root filesystem in non-clustered mode.
62147 Clustered support is not yet available.
62148 ipfw Updates
62149 Implement state based "redirect", i.e. without using libalias.
62150 ipfw now supports all possible ICMP types.
62151 Fix ICMP<em>MAXTYPE assumptions (now 40 as of this release).
62152 Improved graphics support
62153 The drm/i915 kernel driver has been updated to support Intel Coffeelake GPUs
62154 Add 24-bit pixel format support to the EFI frame buffer code.
62155 Significantly improve fbio support for the "scfb" XOrg driver. This allows EFI frame buffers to be used by X in situations where we do not otherwise support the GPU.
62156 Partly implement the FBIO</em>BLANK ioctl for display powersaving.
62157 Syscons waits for drm modesetting at appropriate places, avoiding races.
62158 + For more details, check out the “All changes since DragonFly 5.0” section.</p>
62159 </blockquote>
62160
62161 <hr />
62162
62163
62164
62165
62166
62167
62168 <h3><a href="https://github.com/zfsonlinux/zfs/issues/7401">ZFS on Linux bug causes files to disappear</a></h3>
62169
62170 <ul>
62171 <li>A bug in ZoL 0.7.7 caused 0.7.8 to be released just 3 days after the release</li>
62172 <li>The bug only impacts Linux, the change that caused the problem was not upstreamed yet, so does not impact ZFS on illumos, FreeBSD, OS X, or Windows</li>
62173 <li>The bug can cause files being copied into a directory to not be properly linked to the directory, so they will no longer be listed in the contents of the directory</li>
62174 <li>ZoL developers are working on a tool to allow you to recover the data, since no data was actually lost, the files were just not properly registered as part of the directory</li>
62175 <li>The bug was introduced in a commit made in February, that attempted to improve performance of datasets created with the case insensitivity option. In an effort to improve performance, they introduced a limit to cap to give up (return ENOSPC) if growing the directory ZAP failed twice.</li>
62176 <li>The ZAP is the key-value pair data structure that contains metadata for a directory, including a hash table of the files that are in a directory. When a directory has a large number of files, the ZAP is converted to a FatZAP, and additional space may need to be allocated as additional files are added.
62177
62178
62179 <blockquote>
62180 Commit cc63068 caused ENOSPC error when copy a large amount of files between two directories. The reason is that the patch limits zap leaf expansion to 2 retries, and return ENOSPC when failed.</li>
62181 <li>Finding the root cause of this issue was somewhat hampered by the fact that many people were not able to reproduce the issue. It turns out this was caused by an entirely unrelated change to GNU coreutils.</li>
62182 <li>On later versions of GNU Coreutils, the files were returned in a sorted order, resulting in them hitting different buckets in the hash table, and not tripping the retry limit</li>
62183 <li>Tools like rsync were unaffected, because they always sort the files before copying</li>
62184 <li>If you did not see any ENOSPC errors, you were likely not impacted
62185 The intent for limiting retries is to prevent pointlessly growing table to max size when adding a block full of entries with same name in different case in mixed mode. However, it turns out we cannot use any limit on the retry. When we copy files from one directory in readdir order, we are copying in hash order, one leaf block at a time. Which means that if the leaf block in source directory has expanded 6 times, and you copy those entries in that block, by the time you need to expand the leaf in destination directory, you need to expand it 6 times in one go. So any limit on the retry will result in error where it shouldn't.</li>
62186 <li>Recommendations for Users from Ryan Yao:
62187 The regression makes it so that creating a new file could fail with ENOSPC after which files created in that directory could become orphaned. Existing files seem okay, but I have yet to confirm that myself and I cannot speak for what others know. It is incredibly difficult to reproduce on systems running coreutils 8.23 or later. So far, reports have only come from people using coreutils 8.22 or older. The directory size actually gets incremented for each orphaned file, which makes it wrong after orphan files happen.
62188 We will likely have some way to recover the orphaned files (like ext4’s lost+found) and fix the directory sizes in the very near future. Snapshots of the damaged datasets are problematic though. Until we have a subcommand to fix it (not including the snapshots, which we would have to list), the damage can be removed from a system that has it either by rolling back to a snapshot before it happened or creating a new dataset with 0.7.6 (or another release other than 0.7.7), moving everything to the new dataset and destroying the old. That will restore things to pristine condition.
62189 It should also be possible to check for pools that are affected, but I have yet to finish my analysis to be certain that no false negatives occur when checking, so I will avoid saying how for now.</li>
62190 <li>Writes to existing files cannot trigger this bug, only adding new files to a directory in bulk</li>
62191 </ul>
62192 <hr />
62193 </blockquote>
62194
62195 <h2>News Roundup</h2>
62196
62197
62198
62199 <h3><a href="https://blog.des.no/2018/04/twenty-years/">des@’s thoughts on being a FreeBSD committer for 20 years</a></h3>
62200
62201
62202
62203 <blockquote>
62204 <p>Yesterday was the twentieth anniversary of my FreeBSD commit bit, and tomorrow will be the twentieth anniversary of my first commit. I figured I’d split the difference and write a few words about it today.</p>
62205
62206 <p>My level of engagement with the FreeBSD project has varied greatly over the twenty years I’ve been a committer. There have been times when I worked on it full-time, and times when I did not touch it for months. The last few years, health issues and life events have consumed my time and sapped my energy, and my contributions have come in bursts. Commit statistics do not tell the whole story, though: even when not working on FreeBSD directly, I have worked on side projects which, like OpenPAM, may one day find their way into FreeBSD.</p>
62207
62208 <p>My contributions have not been limited to code. I was the project’s first Bugmeister; I’ve served on the Security Team for a long time, and have been both Security Officer and Deputy Security Officer; I managed the last four Core Team elections and am doing so again this year.</p>
62209
62210 <p>In return, the project has taught me much about programming and software engineering. It taught me code hygiene and the importance of clarity over cleverness; it taught me the ins and outs of revision control; it taught me the importance of good documentation, and how to write it; and it taught me good release engineering practices.</p>
62211
62212 <p>Last but not least, it has provided me with the opportunity to work with some of the best people in the field. I have the privilege today to count several of them among my friends.</p>
62213
62214 <p>For better or worse, the FreeBSD project has shaped my career and my life. It set me on the path to information security in general and IAA in particular, and opened many a door for me. I would not be where I am now without it.</p>
62215
62216 <p>I won’t pretend to be able to tell the future. I don’t know how long I will remain active in the FreeBSD project and community. It could be another twenty years; or it could be ten, or five, or less. All I know is that FreeBSD and I still have things to teach each other, and I don’t intend to call it quits any time soon.</p>
62217 </blockquote>
62218
62219 <hr />
62220
62221
62222
62223
62224
62225
62226 <h3><a href="https://www.ixsystems.com/blog/truenas-m-series/?utm_source=twitter.com&utm_medium=bsdnow&utm_campaign=truenas+m+series">iXsystems unveils new TrueNAS M-Series Unified Storage Line</a></h3>
62227
62228
62229
62230 <blockquote>
62231 <p>San Jose, Calif., April 10, 2018 — iXsystems, the leader in Enterprise Open Source servers and software-defined storage, announced the TrueNAS M40 and M50 as the newest high-performance models in its hybrid, unified storage product line. The TrueNAS M-Series harnesses NVMe and NVDIMM to bring all-flash array performance to the award-winning TrueNAS hybrid arrays. It also includes the Intel® Xeon® Scalable Family of Processors and supports up to 100GbE and 32Gb Fibre Channel networking. Sitting between the all-flash TrueNAS Z50 and the hybrid TrueNAS X-Series in the product line, the TrueNAS M-Series delivers up to 10 Petabytes of highly-available and flash-powered network attached storage and rounds out a comprehensive product set that has a capacity and performance option for every storage budget.</p>
62232 </blockquote>
62233
62234 <ul>
62235 <li>Designed for On-Premises & Enterprise Cloud Environments</li>
62236 </ul>
62237
62238 <blockquote>
62239 <p>As a unified file, block, and object sharing solution, TrueNAS can meet the needs of file serving, backup, virtualization, media production, and private cloud users thanks to its support for the SMB, NFS, AFP, iSCSI, Fibre Channel, and S3 protocols.</p>
62240
62241 <p>At the heart of the TrueNAS M-Series is a custom 4U, dual-controller head unit that supports up to 24 3.5” drives and comes in two models, the M40 and M50, for maximum flexibility and scalability. The TrueNAS M40 uses NVDIMMs for write cache, SSDs for read cache, and up to two external 60-bay expansion shelves that unlock up to 2PB in capacity. The TrueNAS M50 uses NVDIMMs for write caching, NVMe drives for read caching, and up to twelve external 60-bay expansion shelves to scale upwards of 10PB. The dual-controller design provides high-availability failover and non-disruptive upgrades for mission-critical enterprise environments.</p>
62242
62243 <p>By design, the TrueNAS M-Series unleashes cutting-edge persistent memory technology for demanding performance and capacity workloads, enabling businesses to accelerate enterprise applications and deploy enterprise private clouds that are twice the capacity of previous TrueNAS models. It also supports replication to the Amazon S3, BackBlaze B2, Google Cloud, and Microsoft Azure cloud platforms and can deliver an object store using the ubiquitous S3 object storage protocol at a fraction of the cost of the public cloud.</p>
62244 </blockquote>
62245
62246 <ul>
62247 <li>Fast</li>
62248 </ul>
62249
62250 <blockquote>
62251 <p>As a true enterprise storage platform, the TrueNAS M50 supports very demanding performance workloads with up to four active 100GbE ports, 3TB of RAM, 32GB of NVDIMM write cache and up to 15TB of NVMe flash read cache. The TrueNAS M40 and M50 include up to 24/7 and global next-business-day support, putting IT at ease. The modular and tool-less design of the M-Series allows for easy, non-disruptive servicing and upgrading by end-users and support technicians for guaranteed uptime. TrueNAS has US-Based support provided by the engineering team that developed it, offering the rapid response that every enterprise needs.</p>
62252 </blockquote>
62253
62254 <ul>
62255 <li><p>Award-Winning TrueNAS Features</p>
62256
62257 <ul><li>Enterprise: Perfectly suited for private clouds and enterprise workloads such as file sharing, backups, M&E, surveillance, and hosting virtual machines.</li>
62258 <li>Unified: Utilizes SMB, AFP, NFS for file storage, iSCSI, Fibre Channel and OpenStack Cinder for block storage, and S3-compatible APIs for object storage. Supports every common operating system, hypervisor, and application.</li>
62259 <li>Economical: Deploy an enterprise private cloud and reduce storage TCO by 70% over AWS with built-in enterprise-class features such as in-line compression, deduplication, clones, and thin-provisioning.</li>
62260 <li>Safe: The OpenZFS file system ensures data integrity with best-in-class replication and snapshotting. Customers can replicate data to the rest of the iXsystems storage lineup and to the public cloud.</li>
62261 <li>Reliable: High Availability option with dual hot-swappable controllers for continuous data availability and 99.999% uptime.</li>
62262 <li>Familiar: Provision and manage storage with the same simple and powerful WebUI and REST APIs used in all iXsystems storage products, as well as iXsystems’ FreeNAS Software.</li>
62263 <li>Certified: TrueNAS has passed the Citrix Ready, VMware Ready, and Veeam Ready certifications, reducing the risk of deploying a virtualized infrastructure.</li>
62264 <li>Open: By using industry-standard sharing protocols, the OpenZFS Open Source enterprise file system and FreeNAS, the world’s #1 Open Source storage operating system (and also engineered by iXsystems), TrueNAS is the most open enterprise storage solution on the market.</li></ul></li>
62265 <li><p>Availability</p></li>
62266 </ul>
62267
62268 <blockquote>
62269 <p>The TrueNAS M40 and M50 will be generally available in April 2018 through the iXsystems global channel partner network. The TrueNAS M-Series starts at under $20,000 USD and can be easily expanded using a linear “per terabyte” pricing model. With typical compression, a Petabtye can be stored for under $100,000 USD. TrueNAS comes with an all-inclusive software suite that provides NFS, Windows SMB, iSCSI, snapshots, clones and replication.</p>
62270 </blockquote>
62271
62272 <ul>
62273 <li>For more information, visit www.ixsystems.com/TrueNAS </li>
62274 <li><a href="TrueNAS M-Series What's New">TrueNAS M-Series What's New Video</a></li>
62275 </ul>
62276
62277 <p><hr /></p>
62278
62279 <h3><a href="https://lists.freebsd.org/pipermail/freebsd-stable/2018-April/088678.html">Understanding and tuning the FreeBSD Scheduler </a></h3>
62280
62281 <p>```
62282 Occasionally I noticed that the system would not quickly process the
62283 tasks i need done, but instead prefer other, longrunning tasks. I
62284 figured it must be related to the scheduler, and decided it hates me.</p>
62285
62286 <p>A closer look shows the behaviour as follows (single CPU):</p>
62287
62288 <p>Lets run an I/O-active task, e.g, postgres VACUUM that would
62289 continuously read from big files (while doing compute as well [1]):</p>
62290
62291 <blockquote>
62292 <p>pool alloc free read write read write
62293 cache - - - - - -
62294 ada1s4 7.08G 10.9G 1.58K 0 12.9M 0</p>
62295 </blockquote>
62296
62297 <p>Now start an endless loop:</p>
62298
62299 <h1>while true; do :; done</h1>
62300
62301 <p>And the effect is:</p>
62302
62303 <blockquote>
62304 <p>pool alloc free read write read write
62305 cache - - - - - -
62306 ada1s4 7.08G 10.9G 9 0 76.8K 0</p>
62307 </blockquote>
62308
62309 <p>The VACUUM gets almost stuck! This figures with WCPU in "top":</p>
62310
62311 <blockquote>
62312 <p>PID USERNAME PRI NICE SIZE RES STATE TIME WCPU COMMAND
62313 85583 root 99 0 7044K 1944K RUN 1:06 92.21% bash
62314 53005 pgsql 52 0 620M 91856K RUN 5:47 0.50% postgres</p>
62315 </blockquote>
62316
62317 <p>Hacking on kern.sched.quantum makes it quite a bit better:</p>
62318
62319 <h1>sysctl kern.sched.quantum=1</h1>
62320
62321 <p>kern.sched.quantum: 94488 -> 7874</p>
62322
62323 <blockquote>
62324 <p>pool alloc free read write read write
62325 cache - - - - - -
62326 ada1s4 7.08G 10.9G 395 0 3.12M 0</p>
62327
62328 <p>PID USERNAME PRI NICE SIZE RES STATE TIME WCPU COMMAND
62329 85583 root 94 0 7044K 1944K RUN 4:13 70.80% bash
62330 53005 pgsql 52 0 276M 91856K RUN 5:52 11.83% postgres</p>
62331 </blockquote>
62332
62333 <p>Now, as usual, the "root-cause" questions arise: What exactly does
62334 this "quantum"? Is this solution a workaround, i.e. actually something
62335 else is wrong, and has it tradeoff in other situations? Or otherwise,
62336 why is such a default value chosen, which appears to be ill-deceived?</p>
62337
62338 <p>The docs for the quantum parameter are a bit unsatisfying - they say
62339 its the max num of ticks a process gets - and what happens when
62340 they're exhausted? If by default the endless loop is actually allowed
62341 to continue running for 94k ticks (or 94ms, more likely) uninterrupted,
62342 then that explains the perceived behaviour - buts thats certainly not
62343 what a scheduler should do when other procs are ready to run.</p>
62344
62345 <p>11.1-RELEASE-p7, kern.hz=200. Switching tickless mode on or off does
62346 not influence the matter. Starting the endless loop with "nice" does
62347 not influence the matter.</p>
62348
62349 <p>[1]
62350 A pure-I/O job without compute load, like "dd", does not show
62351 this behaviour. Also, when other tasks are running, the unjust
62352 behaviour is not so stongly pronounced.
62353 ```</p>
62354
62355 <p><hr /></p>
62356
62357 <h3><a href="https://mail-index.netbsd.org/port-arm/2018/04/01/msg004702.html">aarch64 support added</a></h3>
62358
62359 <blockquote>
62360 <p>I have committed about adding initial support for aarch64.</p>
62361 </blockquote>
62362
62363 <ul>
62364 <li>booting log on RaspberryPI3:</li>
62365 </ul>
62366
62367 <p>```
62368 boot NetBSD/evbarm (aarch64)
62369 Drop to EL1...OK
62370 Creating VA=PA tables
62371 Creating KSEG tables
62372 Creating KVA=PA tables
62373 Creating devmap tables
62374 MMU Enable...OK
62375 VSTART = ffffffc000001ff4
62376 FDT<3ab46000> devmap cpufunc bootstrap consinit ok
62377 uboot: args 0x3ab46000, 0, 0, 0</p>
62378
62379 <pre><code>NetBSD/evbarm (fdt) booting ...
62380 FDT /memory [0] @ 0x0 size 0x3b000000
62381 MEM: add 0-3b000000
62382 MEM: res 0-1000
62383 MEM: res 3ab46000-3ab4a000
62384 Usable memory:
62385 1000 - 3ab45fff
62386 3ab4a000 - 3affffff
62387 initarm: kernel phys start 1000000 end 17bd000
62388 MEM: res 1000000-17bd000
62389 bootargs: root=axe0
62390 1000 - ffffff
62391 17bd000 - 3ab45fff
62392 3ab4a000 - 3affffff
62393 ------------------------------------------
62394 kern_vtopdiff = 0xffffffbfff000000
62395 physical_start = 0x0000000000001000
62396 kernel_start_phys = 0x0000000001000000
62397 kernel_end_phys = 0x00000000017bd000
62398 physical_end = 0x000000003ab45000
62399 VM_MIN_KERNEL_ADDRESS = 0xffffffc000000000
62400 kernel_start_l2 = 0xffffffc000000000
62401 kernel_start = 0xffffffc000000000
62402 kernel_end = 0xffffffc0007bd000
62403 kernel_end_l2 = 0xffffffc000800000
62404 (kernel va area)
62405 (devmap va area)
62406 VM_MAX_KERNEL_ADDRESS = 0xffffffffffe00000
62407 ------------------------------------------
62408 Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
62409 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017,
62410 2018 The NetBSD Foundation, Inc. All rights reserved.
62411 Copyright (c) 1982, 1986, 1989, 1991, 1993
62412 The Regents of the University of California. All rights reserved.
62413
62414 NetBSD 8.99.14 (RPI64) #11: Fri Mar 30 12:34:19 JST 2018
62415 ryo@moveq:/usr/home/ryo/tmp/netbsd-src-ryo-wip/sys/arch/evbarm/compile/RPI64
62416 total memory = 936 MB
62417 avail memory = 877 MB
62418 </code></pre>
62419
62420 <p>…</p>
62421
62422 <pre><code>Starting local daemons:.
62423 Updating motd.
62424 Starting sshd.
62425 Starting inetd.
62426 Starting cron.
62427 The following components reported failures:
62428 /etc/rc.d/swap2
62429 See /var/run/rc.log for more information.
62430 Fri Mar 30 12:35:31 JST 2018
62431
62432 NetBSD/evbarm (rpi3) (console)
62433
62434 login: root
62435 Last login: Fri Mar 30 12:30:24 2018 on console
62436
62437 rpi3# uname -ap
62438 NetBSD rpi3 8.99.14 NetBSD 8.99.14 (RPI64) #11: Fri Mar 30 12:34:19 JST 2018 ryo@moveq:/usr/home/ryo/tmp/netbsd-src-ryo-wip/sys/arch/evbarm/compile/RPI64 evbarm aarch64
62439 rpi3#
62440 </code></pre>
62441
62442 <p>```</p>
62443
62444 <blockquote>
62445 <p>Now, multiuser mode works stably on fdt based boards (RPI3,SUNXI,TEGRA). But there are still some problems, more time is required for release. also SMP is not yet. See sys/arch/aarch64/aarch64/TODO for more detail. Especially the problems around TLS of rtld, and C++ stack unwindings are too difficult for me to solve, I give up and need someone's help (^o^)/ Since C++ doesn't work, ATF also doesn't work. If the ATF works, it will clarify more issues.</p>
62446
62447 <p>sys/arch/evbarm64 is gone and integrated into sys/arch/evbarm. One evbarm/conf/GENERIC64 kernel binary supports all fdt (bcm2837,sunxi,tegra) based boards. While on 32bit, sys/arch/evbarm/conf/GENERIC will support all fdt based boards...but doesn't work yet. (WIP)</p>
62448
62449 <p>My deepest appreciation goes to Tohru Nishimura (nisimura@) whose writes vector handlers, context switchings, and so on. and his comments and suggestions were innumerably valuable. I would also like to thank Nick Hudson (skrll@) and Jared McNeill (jmcneill@) whose added support FDT and integrated into evbarm. Finally, I would like to thank Matt Thomas (matt@) whose commited aarch64
62450 toolchains and preliminary support for aarch64.</p>
62451 </blockquote>
62452
62453 <p><hr /></p>
62454
62455 <h2>Beastie Bits</h2>
62456
62457 <ul>
62458 <li><a href="https://www.youtube.com/watch?v=hvuWI5hzD5U">5 Reasons to Use FreeBSD in 2018</a></li>
62459 <li><a href="https://twitter.com/johalun/status/983645780509712384">Rewriting Intel gigabit network driver in Rust</a></li>
62460 <li><a href="https://twitter.com/DLangille/status/983360090240684034">Recruiting to make Elastic Search on FreeBSD better</a></li>
62461 <li><a href="https://twitter.com/Tubsta/status/981058685219688448">Windows Server 2019 Preview, in bhyve on FreeBSD</a></li>
62462 <li><a href="https://blather.michaelwlucas.com/archives/3126">“SSH Mastery, 2nd ed” in hardcover</a></li>
62463 </ul>
62464
62465 <p><hr /></p>
62466
62467 <h2>Feedback/Questions</h2>
62468
62469 <ul>
62470 <li>Jason - <a href="http://dpaste.com/0JN4V1K#wrap">ZFS Transfer option</a></li>
62471 <li>Luis - <a href="http://dpaste.com/3MH4QRF#wrap">ZFS Pools</a></li>
62472 <li><a href="https://clonos.tekroutine.com/">ClonOS </a></li>
62473 <li>Michael - <a href="http://dpaste.com/3MN5F74#wrap">Tech Conferences</a></li>
62474 <li>anonymous - <a href="http://dpaste.com/18J24QJ#wrap">BSD trash on removable drives</a></li>
62475 </ul>
62476
62477 <p><hr /></p>
62478
62479 <ul>
62480 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
62481 </ul>
62482
62483 <p><hr /></p>]]>
62484 </content:encoded>
62485 <itunes:summary>
62486 <![CDATA[<p>OpenBSD 6.3 and DragonflyBSD 5.2 are released, bug fix for disappearing files in OpenZFS on Linux (and only Linux), understanding the FreeBSD CPU scheduler, NetBSD on RPI3, thoughts on being a committer for 20 years, and 5 reasons to use FreeBSD in 2018.</p>
62487
62488 <h2>Headlines</h2>
62489
62490 <h3><a href="https://www.openbsd.org/63.html">OpenBSD 6.3 released</a></h3>
62491
62492 <ul>
62493 <li>Punctual as ever, OpenBSD 6.3 has been releases with the following features/changes:
62494
62495
62496 <blockquote>
62497 Improved HW support, including:
62498 SMP support on OpenBSD/arm64 platforms
62499 vmm/vmd improvements:
62500 IEEE 802.11 wireless stack improvements
62501 Generic network stack improvements
62502 Installer improvements
62503 Routing daemons and other userland network improvements
62504 Security improvements
62505 dhclient(8) improvements
62506 Assorted improvements
62507 OpenSMTPD 6.0.4
62508 OpenSSH 7.7
62509 LibreSSL 2.7.2</li>
62510 </ul>
62511 <hr />
62512 </blockquote>
62513
62514 <h3><a href="https://www.dragonflybsd.org/release52/">DragonFlyBSD 5.2 released</a></h3>
62515
62516
62517
62518 <blockquote>
62519 <p>Big-ticket items
62520 Meltdown and Spectre mitigation support
62521 Meltdown isolation and spectre mitigation support added. Meltdown mitigation is automatically enabled for all Intel cpus. Spectre mitigation must be enabled manually via sysctl if desired, using sysctls machdep.spectre<em>mitigation and machdep.meltdown</em>mitigation.
62522 HAMMER2
62523 H2 has received a very large number of bug fixes and performance improvements. We can now recommend H2 as the default root filesystem in non-clustered mode.
62524 Clustered support is not yet available.
62525 ipfw Updates
62526 Implement state based "redirect", i.e. without using libalias.
62527 ipfw now supports all possible ICMP types.
62528 Fix ICMP<em>MAXTYPE assumptions (now 40 as of this release).
62529 Improved graphics support
62530 The drm/i915 kernel driver has been updated to support Intel Coffeelake GPUs
62531 Add 24-bit pixel format support to the EFI frame buffer code.
62532 Significantly improve fbio support for the "scfb" XOrg driver. This allows EFI frame buffers to be used by X in situations where we do not otherwise support the GPU.
62533 Partly implement the FBIO</em>BLANK ioctl for display powersaving.
62534 Syscons waits for drm modesetting at appropriate places, avoiding races.
62535 + For more details, check out the “All changes since DragonFly 5.0” section.</p>
62536 </blockquote>
62537
62538 <hr />
62539
62540
62541
62542
62543
62544
62545 <h3><a href="https://github.com/zfsonlinux/zfs/issues/7401">ZFS on Linux bug causes files to disappear</a></h3>
62546
62547 <ul>
62548 <li>A bug in ZoL 0.7.7 caused 0.7.8 to be released just 3 days after the release</li>
62549 <li>The bug only impacts Linux, the change that caused the problem was not upstreamed yet, so does not impact ZFS on illumos, FreeBSD, OS X, or Windows</li>
62550 <li>The bug can cause files being copied into a directory to not be properly linked to the directory, so they will no longer be listed in the contents of the directory</li>
62551 <li>ZoL developers are working on a tool to allow you to recover the data, since no data was actually lost, the files were just not properly registered as part of the directory</li>
62552 <li>The bug was introduced in a commit made in February, that attempted to improve performance of datasets created with the case insensitivity option. In an effort to improve performance, they introduced a limit to cap to give up (return ENOSPC) if growing the directory ZAP failed twice.</li>
62553 <li>The ZAP is the key-value pair data structure that contains metadata for a directory, including a hash table of the files that are in a directory. When a directory has a large number of files, the ZAP is converted to a FatZAP, and additional space may need to be allocated as additional files are added.
62554
62555
62556 <blockquote>
62557 Commit cc63068 caused ENOSPC error when copy a large amount of files between two directories. The reason is that the patch limits zap leaf expansion to 2 retries, and return ENOSPC when failed.</li>
62558 <li>Finding the root cause of this issue was somewhat hampered by the fact that many people were not able to reproduce the issue. It turns out this was caused by an entirely unrelated change to GNU coreutils.</li>
62559 <li>On later versions of GNU Coreutils, the files were returned in a sorted order, resulting in them hitting different buckets in the hash table, and not tripping the retry limit</li>
62560 <li>Tools like rsync were unaffected, because they always sort the files before copying</li>
62561 <li>If you did not see any ENOSPC errors, you were likely not impacted
62562 The intent for limiting retries is to prevent pointlessly growing table to max size when adding a block full of entries with same name in different case in mixed mode. However, it turns out we cannot use any limit on the retry. When we copy files from one directory in readdir order, we are copying in hash order, one leaf block at a time. Which means that if the leaf block in source directory has expanded 6 times, and you copy those entries in that block, by the time you need to expand the leaf in destination directory, you need to expand it 6 times in one go. So any limit on the retry will result in error where it shouldn't.</li>
62563 <li>Recommendations for Users from Ryan Yao:
62564 The regression makes it so that creating a new file could fail with ENOSPC after which files created in that directory could become orphaned. Existing files seem okay, but I have yet to confirm that myself and I cannot speak for what others know. It is incredibly difficult to reproduce on systems running coreutils 8.23 or later. So far, reports have only come from people using coreutils 8.22 or older. The directory size actually gets incremented for each orphaned file, which makes it wrong after orphan files happen.
62565 We will likely have some way to recover the orphaned files (like ext4’s lost+found) and fix the directory sizes in the very near future. Snapshots of the damaged datasets are problematic though. Until we have a subcommand to fix it (not including the snapshots, which we would have to list), the damage can be removed from a system that has it either by rolling back to a snapshot before it happened or creating a new dataset with 0.7.6 (or another release other than 0.7.7), moving everything to the new dataset and destroying the old. That will restore things to pristine condition.
62566 It should also be possible to check for pools that are affected, but I have yet to finish my analysis to be certain that no false negatives occur when checking, so I will avoid saying how for now.</li>
62567 <li>Writes to existing files cannot trigger this bug, only adding new files to a directory in bulk</li>
62568 </ul>
62569 <hr />
62570 </blockquote>
62571
62572 <h2>News Roundup</h2>
62573
62574
62575
62576 <h3><a href="https://blog.des.no/2018/04/twenty-years/">des@’s thoughts on being a FreeBSD committer for 20 years</a></h3>
62577
62578
62579
62580 <blockquote>
62581 <p>Yesterday was the twentieth anniversary of my FreeBSD commit bit, and tomorrow will be the twentieth anniversary of my first commit. I figured I’d split the difference and write a few words about it today.</p>
62582
62583 <p>My level of engagement with the FreeBSD project has varied greatly over the twenty years I’ve been a committer. There have been times when I worked on it full-time, and times when I did not touch it for months. The last few years, health issues and life events have consumed my time and sapped my energy, and my contributions have come in bursts. Commit statistics do not tell the whole story, though: even when not working on FreeBSD directly, I have worked on side projects which, like OpenPAM, may one day find their way into FreeBSD.</p>
62584
62585 <p>My contributions have not been limited to code. I was the project’s first Bugmeister; I’ve served on the Security Team for a long time, and have been both Security Officer and Deputy Security Officer; I managed the last four Core Team elections and am doing so again this year.</p>
62586
62587 <p>In return, the project has taught me much about programming and software engineering. It taught me code hygiene and the importance of clarity over cleverness; it taught me the ins and outs of revision control; it taught me the importance of good documentation, and how to write it; and it taught me good release engineering practices.</p>
62588
62589 <p>Last but not least, it has provided me with the opportunity to work with some of the best people in the field. I have the privilege today to count several of them among my friends.</p>
62590
62591 <p>For better or worse, the FreeBSD project has shaped my career and my life. It set me on the path to information security in general and IAA in particular, and opened many a door for me. I would not be where I am now without it.</p>
62592
62593 <p>I won’t pretend to be able to tell the future. I don’t know how long I will remain active in the FreeBSD project and community. It could be another twenty years; or it could be ten, or five, or less. All I know is that FreeBSD and I still have things to teach each other, and I don’t intend to call it quits any time soon.</p>
62594 </blockquote>
62595
62596 <hr />
62597
62598
62599
62600
62601
62602
62603 <h3><a href="https://www.ixsystems.com/blog/truenas-m-series/?utm_source=twitter.com&utm_medium=bsdnow&utm_campaign=truenas+m+series">iXsystems unveils new TrueNAS M-Series Unified Storage Line</a></h3>
62604
62605
62606
62607 <blockquote>
62608 <p>San Jose, Calif., April 10, 2018 — iXsystems, the leader in Enterprise Open Source servers and software-defined storage, announced the TrueNAS M40 and M50 as the newest high-performance models in its hybrid, unified storage product line. The TrueNAS M-Series harnesses NVMe and NVDIMM to bring all-flash array performance to the award-winning TrueNAS hybrid arrays. It also includes the Intel® Xeon® Scalable Family of Processors and supports up to 100GbE and 32Gb Fibre Channel networking. Sitting between the all-flash TrueNAS Z50 and the hybrid TrueNAS X-Series in the product line, the TrueNAS M-Series delivers up to 10 Petabytes of highly-available and flash-powered network attached storage and rounds out a comprehensive product set that has a capacity and performance option for every storage budget.</p>
62609 </blockquote>
62610
62611 <ul>
62612 <li>Designed for On-Premises & Enterprise Cloud Environments</li>
62613 </ul>
62614
62615 <blockquote>
62616 <p>As a unified file, block, and object sharing solution, TrueNAS can meet the needs of file serving, backup, virtualization, media production, and private cloud users thanks to its support for the SMB, NFS, AFP, iSCSI, Fibre Channel, and S3 protocols.</p>
62617
62618 <p>At the heart of the TrueNAS M-Series is a custom 4U, dual-controller head unit that supports up to 24 3.5” drives and comes in two models, the M40 and M50, for maximum flexibility and scalability. The TrueNAS M40 uses NVDIMMs for write cache, SSDs for read cache, and up to two external 60-bay expansion shelves that unlock up to 2PB in capacity. The TrueNAS M50 uses NVDIMMs for write caching, NVMe drives for read caching, and up to twelve external 60-bay expansion shelves to scale upwards of 10PB. The dual-controller design provides high-availability failover and non-disruptive upgrades for mission-critical enterprise environments.</p>
62619
62620 <p>By design, the TrueNAS M-Series unleashes cutting-edge persistent memory technology for demanding performance and capacity workloads, enabling businesses to accelerate enterprise applications and deploy enterprise private clouds that are twice the capacity of previous TrueNAS models. It also supports replication to the Amazon S3, BackBlaze B2, Google Cloud, and Microsoft Azure cloud platforms and can deliver an object store using the ubiquitous S3 object storage protocol at a fraction of the cost of the public cloud.</p>
62621 </blockquote>
62622
62623 <ul>
62624 <li>Fast</li>
62625 </ul>
62626
62627 <blockquote>
62628 <p>As a true enterprise storage platform, the TrueNAS M50 supports very demanding performance workloads with up to four active 100GbE ports, 3TB of RAM, 32GB of NVDIMM write cache and up to 15TB of NVMe flash read cache. The TrueNAS M40 and M50 include up to 24/7 and global next-business-day support, putting IT at ease. The modular and tool-less design of the M-Series allows for easy, non-disruptive servicing and upgrading by end-users and support technicians for guaranteed uptime. TrueNAS has US-Based support provided by the engineering team that developed it, offering the rapid response that every enterprise needs.</p>
62629 </blockquote>
62630
62631 <ul>
62632 <li><p>Award-Winning TrueNAS Features</p>
62633
62634 <ul><li>Enterprise: Perfectly suited for private clouds and enterprise workloads such as file sharing, backups, M&E, surveillance, and hosting virtual machines.</li>
62635 <li>Unified: Utilizes SMB, AFP, NFS for file storage, iSCSI, Fibre Channel and OpenStack Cinder for block storage, and S3-compatible APIs for object storage. Supports every common operating system, hypervisor, and application.</li>
62636 <li>Economical: Deploy an enterprise private cloud and reduce storage TCO by 70% over AWS with built-in enterprise-class features such as in-line compression, deduplication, clones, and thin-provisioning.</li>
62637 <li>Safe: The OpenZFS file system ensures data integrity with best-in-class replication and snapshotting. Customers can replicate data to the rest of the iXsystems storage lineup and to the public cloud.</li>
62638 <li>Reliable: High Availability option with dual hot-swappable controllers for continuous data availability and 99.999% uptime.</li>
62639 <li>Familiar: Provision and manage storage with the same simple and powerful WebUI and REST APIs used in all iXsystems storage products, as well as iXsystems’ FreeNAS Software.</li>
62640 <li>Certified: TrueNAS has passed the Citrix Ready, VMware Ready, and Veeam Ready certifications, reducing the risk of deploying a virtualized infrastructure.</li>
62641 <li>Open: By using industry-standard sharing protocols, the OpenZFS Open Source enterprise file system and FreeNAS, the world’s #1 Open Source storage operating system (and also engineered by iXsystems), TrueNAS is the most open enterprise storage solution on the market.</li></ul></li>
62642 <li><p>Availability</p></li>
62643 </ul>
62644
62645 <blockquote>
62646 <p>The TrueNAS M40 and M50 will be generally available in April 2018 through the iXsystems global channel partner network. The TrueNAS M-Series starts at under $20,000 USD and can be easily expanded using a linear “per terabyte” pricing model. With typical compression, a Petabtye can be stored for under $100,000 USD. TrueNAS comes with an all-inclusive software suite that provides NFS, Windows SMB, iSCSI, snapshots, clones and replication.</p>
62647 </blockquote>
62648
62649 <ul>
62650 <li>For more information, visit www.ixsystems.com/TrueNAS </li>
62651 <li><a href="TrueNAS M-Series What's New">TrueNAS M-Series What's New Video</a></li>
62652 </ul>
62653
62654 <p><hr /></p>
62655
62656 <h3><a href="https://lists.freebsd.org/pipermail/freebsd-stable/2018-April/088678.html">Understanding and tuning the FreeBSD Scheduler </a></h3>
62657
62658 <p>```
62659 Occasionally I noticed that the system would not quickly process the
62660 tasks i need done, but instead prefer other, longrunning tasks. I
62661 figured it must be related to the scheduler, and decided it hates me.</p>
62662
62663 <p>A closer look shows the behaviour as follows (single CPU):</p>
62664
62665 <p>Lets run an I/O-active task, e.g, postgres VACUUM that would
62666 continuously read from big files (while doing compute as well [1]):</p>
62667
62668 <blockquote>
62669 <p>pool alloc free read write read write
62670 cache - - - - - -
62671 ada1s4 7.08G 10.9G 1.58K 0 12.9M 0</p>
62672 </blockquote>
62673
62674 <p>Now start an endless loop:</p>
62675
62676 <h1>while true; do :; done</h1>
62677
62678 <p>And the effect is:</p>
62679
62680 <blockquote>
62681 <p>pool alloc free read write read write
62682 cache - - - - - -
62683 ada1s4 7.08G 10.9G 9 0 76.8K 0</p>
62684 </blockquote>
62685
62686 <p>The VACUUM gets almost stuck! This figures with WCPU in "top":</p>
62687
62688 <blockquote>
62689 <p>PID USERNAME PRI NICE SIZE RES STATE TIME WCPU COMMAND
62690 85583 root 99 0 7044K 1944K RUN 1:06 92.21% bash
62691 53005 pgsql 52 0 620M 91856K RUN 5:47 0.50% postgres</p>
62692 </blockquote>
62693
62694 <p>Hacking on kern.sched.quantum makes it quite a bit better:</p>
62695
62696 <h1>sysctl kern.sched.quantum=1</h1>
62697
62698 <p>kern.sched.quantum: 94488 -> 7874</p>
62699
62700 <blockquote>
62701 <p>pool alloc free read write read write
62702 cache - - - - - -
62703 ada1s4 7.08G 10.9G 395 0 3.12M 0</p>
62704
62705 <p>PID USERNAME PRI NICE SIZE RES STATE TIME WCPU COMMAND
62706 85583 root 94 0 7044K 1944K RUN 4:13 70.80% bash
62707 53005 pgsql 52 0 276M 91856K RUN 5:52 11.83% postgres</p>
62708 </blockquote>
62709
62710 <p>Now, as usual, the "root-cause" questions arise: What exactly does
62711 this "quantum"? Is this solution a workaround, i.e. actually something
62712 else is wrong, and has it tradeoff in other situations? Or otherwise,
62713 why is such a default value chosen, which appears to be ill-deceived?</p>
62714
62715 <p>The docs for the quantum parameter are a bit unsatisfying - they say
62716 its the max num of ticks a process gets - and what happens when
62717 they're exhausted? If by default the endless loop is actually allowed
62718 to continue running for 94k ticks (or 94ms, more likely) uninterrupted,
62719 then that explains the perceived behaviour - buts thats certainly not
62720 what a scheduler should do when other procs are ready to run.</p>
62721
62722 <p>11.1-RELEASE-p7, kern.hz=200. Switching tickless mode on or off does
62723 not influence the matter. Starting the endless loop with "nice" does
62724 not influence the matter.</p>
62725
62726 <p>[1]
62727 A pure-I/O job without compute load, like "dd", does not show
62728 this behaviour. Also, when other tasks are running, the unjust
62729 behaviour is not so stongly pronounced.
62730 ```</p>
62731
62732 <p><hr /></p>
62733
62734 <h3><a href="https://mail-index.netbsd.org/port-arm/2018/04/01/msg004702.html">aarch64 support added</a></h3>
62735
62736 <blockquote>
62737 <p>I have committed about adding initial support for aarch64.</p>
62738 </blockquote>
62739
62740 <ul>
62741 <li>booting log on RaspberryPI3:</li>
62742 </ul>
62743
62744 <p>```
62745 boot NetBSD/evbarm (aarch64)
62746 Drop to EL1...OK
62747 Creating VA=PA tables
62748 Creating KSEG tables
62749 Creating KVA=PA tables
62750 Creating devmap tables
62751 MMU Enable...OK
62752 VSTART = ffffffc000001ff4
62753 FDT<3ab46000> devmap cpufunc bootstrap consinit ok
62754 uboot: args 0x3ab46000, 0, 0, 0</p>
62755
62756 <pre><code>NetBSD/evbarm (fdt) booting ...
62757 FDT /memory [0] @ 0x0 size 0x3b000000
62758 MEM: add 0-3b000000
62759 MEM: res 0-1000
62760 MEM: res 3ab46000-3ab4a000
62761 Usable memory:
62762 1000 - 3ab45fff
62763 3ab4a000 - 3affffff
62764 initarm: kernel phys start 1000000 end 17bd000
62765 MEM: res 1000000-17bd000
62766 bootargs: root=axe0
62767 1000 - ffffff
62768 17bd000 - 3ab45fff
62769 3ab4a000 - 3affffff
62770 ------------------------------------------
62771 kern_vtopdiff = 0xffffffbfff000000
62772 physical_start = 0x0000000000001000
62773 kernel_start_phys = 0x0000000001000000
62774 kernel_end_phys = 0x00000000017bd000
62775 physical_end = 0x000000003ab45000
62776 VM_MIN_KERNEL_ADDRESS = 0xffffffc000000000
62777 kernel_start_l2 = 0xffffffc000000000
62778 kernel_start = 0xffffffc000000000
62779 kernel_end = 0xffffffc0007bd000
62780 kernel_end_l2 = 0xffffffc000800000
62781 (kernel va area)
62782 (devmap va area)
62783 VM_MAX_KERNEL_ADDRESS = 0xffffffffffe00000
62784 ------------------------------------------
62785 Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
62786 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017,
62787 2018 The NetBSD Foundation, Inc. All rights reserved.
62788 Copyright (c) 1982, 1986, 1989, 1991, 1993
62789 The Regents of the University of California. All rights reserved.
62790
62791 NetBSD 8.99.14 (RPI64) #11: Fri Mar 30 12:34:19 JST 2018
62792 ryo@moveq:/usr/home/ryo/tmp/netbsd-src-ryo-wip/sys/arch/evbarm/compile/RPI64
62793 total memory = 936 MB
62794 avail memory = 877 MB
62795 </code></pre>
62796
62797 <p>…</p>
62798
62799 <pre><code>Starting local daemons:.
62800 Updating motd.
62801 Starting sshd.
62802 Starting inetd.
62803 Starting cron.
62804 The following components reported failures:
62805 /etc/rc.d/swap2
62806 See /var/run/rc.log for more information.
62807 Fri Mar 30 12:35:31 JST 2018
62808
62809 NetBSD/evbarm (rpi3) (console)
62810
62811 login: root
62812 Last login: Fri Mar 30 12:30:24 2018 on console
62813
62814 rpi3# uname -ap
62815 NetBSD rpi3 8.99.14 NetBSD 8.99.14 (RPI64) #11: Fri Mar 30 12:34:19 JST 2018 ryo@moveq:/usr/home/ryo/tmp/netbsd-src-ryo-wip/sys/arch/evbarm/compile/RPI64 evbarm aarch64
62816 rpi3#
62817 </code></pre>
62818
62819 <p>```</p>
62820
62821 <blockquote>
62822 <p>Now, multiuser mode works stably on fdt based boards (RPI3,SUNXI,TEGRA). But there are still some problems, more time is required for release. also SMP is not yet. See sys/arch/aarch64/aarch64/TODO for more detail. Especially the problems around TLS of rtld, and C++ stack unwindings are too difficult for me to solve, I give up and need someone's help (^o^)/ Since C++ doesn't work, ATF also doesn't work. If the ATF works, it will clarify more issues.</p>
62823
62824 <p>sys/arch/evbarm64 is gone and integrated into sys/arch/evbarm. One evbarm/conf/GENERIC64 kernel binary supports all fdt (bcm2837,sunxi,tegra) based boards. While on 32bit, sys/arch/evbarm/conf/GENERIC will support all fdt based boards...but doesn't work yet. (WIP)</p>
62825
62826 <p>My deepest appreciation goes to Tohru Nishimura (nisimura@) whose writes vector handlers, context switchings, and so on. and his comments and suggestions were innumerably valuable. I would also like to thank Nick Hudson (skrll@) and Jared McNeill (jmcneill@) whose added support FDT and integrated into evbarm. Finally, I would like to thank Matt Thomas (matt@) whose commited aarch64
62827 toolchains and preliminary support for aarch64.</p>
62828 </blockquote>
62829
62830 <p><hr /></p>
62831
62832 <h2>Beastie Bits</h2>
62833
62834 <ul>
62835 <li><a href="https://www.youtube.com/watch?v=hvuWI5hzD5U">5 Reasons to Use FreeBSD in 2018</a></li>
62836 <li><a href="https://twitter.com/johalun/status/983645780509712384">Rewriting Intel gigabit network driver in Rust</a></li>
62837 <li><a href="https://twitter.com/DLangille/status/983360090240684034">Recruiting to make Elastic Search on FreeBSD better</a></li>
62838 <li><a href="https://twitter.com/Tubsta/status/981058685219688448">Windows Server 2019 Preview, in bhyve on FreeBSD</a></li>
62839 <li><a href="https://blather.michaelwlucas.com/archives/3126">“SSH Mastery, 2nd ed” in hardcover</a></li>
62840 </ul>
62841
62842 <p><hr /></p>
62843
62844 <h2>Feedback/Questions</h2>
62845
62846 <ul>
62847 <li>Jason - <a href="http://dpaste.com/0JN4V1K#wrap">ZFS Transfer option</a></li>
62848 <li>Luis - <a href="http://dpaste.com/3MH4QRF#wrap">ZFS Pools</a></li>
62849 <li><a href="https://clonos.tekroutine.com/">ClonOS </a></li>
62850 <li>Michael - <a href="http://dpaste.com/3MN5F74#wrap">Tech Conferences</a></li>
62851 <li>anonymous - <a href="http://dpaste.com/18J24QJ#wrap">BSD trash on removable drives</a></li>
62852 </ul>
62853
62854 <p><hr /></p>
62855
62856 <ul>
62857 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
62858 </ul>
62859
62860 <p><hr /></p>]]>
62861 </itunes:summary>
62862 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+WKQYxDQ7</fireside:playerURL>
62863 <fireside:playerEmbedCode>
62864 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+WKQYxDQ7" width="740" height="200" frameborder="0" scrolling="no">]]>
62865 </fireside:playerEmbedCode>
62866 </item>
62867 <item>
62868 <title>Episode 242: Linux Takes The Fastpath | BSD Now 242</title>
62869 <link>https://www.bsdnow.tv/242</link>
62870 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-1788</guid>
62871 <pubDate>Wed, 18 Apr 2018 11:00:00 -0700</pubDate>
62872 <author>Allan Jude</author>
62873 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/729a44d2-5a5b-4879-8700-d519931d67f0.mp3" length="60077262" type="audio/mp3"/>
62874 <itunes:episodeType>full</itunes:episodeType>
62875 <itunes:author>Allan Jude</itunes:author>
62876 <itunes:subtitle>TrueOS Stable 18.03 released, a look at F-stack, the secret to an open source business model, intro to jails and jail networking, FreeBSD Foundation March update, and the ipsec Errata.</itunes:subtitle>
62877 <itunes:duration>1:23:20</itunes:duration>
62878 <itunes:explicit>no</itunes:explicit>
62879 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
62880 <description>TrueOS Stable 18.03 released, a look at F-stack, the secret to an open source business model, intro to jails and jail networking, FreeBSD Foundation March update, and the ipsec Errata.
62881 <h2>Headlines</h2>
62882 <h3><a href="https://trueos.org/blog/trueos-stable-18-03-release/">TrueOS STABLE 18.03 Release</a></h3>
62883
62884 <blockquote>
62885 <p>The TrueOS team is pleased to announce the availability of a new STABLE release of the TrueOS project (version 18.03). This is a special release due to the security issues impacting the computing world since the beginning of 2018. In particular, mitigating the “Meltdown” and “Spectre” system exploits make it necessary to update the entire package ecosystem for TrueOS. This release does not replace the scheduled June STABLE update, but provides the necessary and expected security updates for the STABLE release branch of TrueOS, even though this is part-way through our normal release cycle.</p>
62886 </blockquote>
62887
62888 <ul>
62889 <li><p>Important changes between version 17.12 and 18.03</p>
62890
62891 <ul><li>“Meltdown” security fixes: This release contains all the fixes to FreeBSD which mitigate the security issues for systems that utilize Intel-based processors when running virtual machines such as FreeBSD jails. Please note that virtual machines or jails must also be updated to a version of FreeBSD or TrueOS which contains these security fixes.</li>
62892 <li>“Spectre” security mitigations: This release contains all current mitigations from FreeBSD HEAD for the Spectre memory-isolation attacks (Variant 2). All 3rd-party packages for this release are also compiled with LLVM/Clang 6 (the “retpoline” mitigation strategy). This fixes many memory allocation issues and enforces stricter requirements for code completeness and memory usage within applications. Unfortunately, some 3rd-party applications became unavailable as pre-compiled packages due to non-compliance with these updated standards. These applications are currently being fixed either by the upstream authors or the FreeBSD port maintainers. If there are any concerns about the availability of a critical application for a specific workflow, please search through the changelog of packages between TrueOS 17.12 and 18.03 to verify the status of the application.</li></ul></li>
62893 </ul>
62894
62895 <blockquote>
62896 <p>Most systems will need microcode updates for additional Spectre mitigations. The microcode updates are not enabled by default. This work is considered experimental because it is in active development by the upstream vendors. If desired, the microcode updates are available with the new devcpu-data package, which is available in the Appcafe. Install this package and enable the new microcode_update service to apply the latest runtime code when booting the system.</p>
62897 </blockquote>
62898
62899 <ul>
62900 <li><p>Important security-based package updates</p>
62901
62902 <ul><li>LibreSSL is updated from version 2.6.3 -> 2.6.4</li>
62903 <li>Reminder: LibreSSL is used on TrueOS to build any package which does not explicitly require OpenSSL. All applications that utilize the SSL transport layer are now running with the latest security updates.</li>
62904 <li>Browser updates: (Keep in mind that many browsers have also implemented their own security mitigations in the aftermath of the Spectre exploit.)</li>
62905 <li>Firefox: 57.0.1 -> 58.0.2</li>
62906 <li>Chromium: 61.0.3163.100 -> 63.0.3239.132</li>
62907 <li>Qt5 Webengine (QupZilla, Falkon, many others): 5.7.1 -> 5.9.4</li></ul></li>
62908 <li><p>All pre-compiled packages for this release are built with the latest versions of LLVM/Clang, unless the package explicitly requires GCC. These packages also utilize the latest compile-time mitigations for memory-access security concerns.</p></li>
62909 </ul>
62910
62911 <hr />
62912 <h3><a href="https://github.com/F-Stack/f-stack">F-Stack</a></h3>
62913
62914 <blockquote>
62915 <p>F-Stack is an user space network development kit with high performance based on DPDK, FreeBSD TCP/IP stack and coroutine API. http://www.f-stack.org</p>
62916 </blockquote>
62917
62918 <ul>
62919 <li><p>Introduction
62920 With the rapid development of NIC, the poor performance of data packets processing with Linux kernel has become the bottleneck. However, the rapid development of the Internet needs high performance of network processing, kernel bypass has caught more and more attentions. There are various similar technologies appear, such as DPDK, NETMAP and PF_RING. The main idea of kernel bypass is that Linux is only used to deal with control flow, all data streams are processed in user space. Therefore, kernel bypass can avoid performance bottlenecks caused by kernel packet copying, thread scheduling, system calls and interrupts. Furthermore, kernel bypass can achieve higher performance with multi optimizing methods. Within various techniques, DPDK has been widely used because of its more thorough isolation from kernel scheduling and active community support.</p></li>
62921 <li><p>F-Stack is an open source network framework with high performance based on DPDK. With following characteristics</p>
62922
62923 <ul><li>Ultra high network performance which can achieve network card under full load, 10 million concurrent connections, 5 million RPS, 1 million CPS.</li>
62924 <li>Transplant FreeBSD 11.01 user space stack, provides a complete stack function, cut a great amount of irrelevant features. Therefore greatly enhance the performance.</li>
62925 <li>Support Nginx, Redis and other mature applications, service can easily use F-Stack</li>
62926 <li>With Multi-process architecture, easy to extend</li>
62927 <li>Provide micro thread interface. Various applications with stateful app can easily use F-Stack to get high performance without processing complex asynchronous logic.</li>
62928 <li>Provide Epoll/Kqueue interface that allow many kinds of applications easily use F-Stack</li></ul></li>
62929 <li><p>History</p></li>
62930 </ul>
62931
62932 <blockquote>
62933 <p>In order to deal with the increasingly severe DDoS attacks, authorized DNS server of Tencent Cloud DNSPod switched from Gigabit Ethernet to 10-Gigabit at the end of 2012. We faced several options, one is to continue to use the original model another is to use kernel bypass technology. After several rounds of investigation, we finally chose to develop our next generation of DNS server based on DPDK. The reason is DPDK provides ultra-high performance and can be seamlessly extended to 40G, or even 100G NIC in the future.</p>
62934
62935 <p>After several months of development and testing, DKDNS, high-performance DNS server based on DPDK officially released in October 2013. It's capable of achieving up to 11 million QPS with a single 10GE port and 18.2 million QPS with two 10GE ports. And then we developed a user-space TCP/IP stack called F-Stack that can process 0.6 million RPS with a single 10GE port.</p>
62936
62937 <p>With the fast growth of Tencent Cloud, more and more services need higher network access performance. Meanwhile, F-Stack was continuous improving driven by the business growth, and ultimately developed into a general network access framework. But this TCP/IP stack couldn't meet the needs of these services while continue to develop and maintain a complete network stack will cost high, we've tried several plans and finally determined to port FreeBSD(11.0 stable) TCP/IP stack into F-Stack. Thus, we can reduce the cost of maintenance and follow up the improvement from community quickly.Thanks to libplebnet and libuinet, this work becomes a lot easier.</p>
62938
62939 <p>With the rapid development of all kinds of application, in order to help different APPs quick and easily use F-Stack, F-Stack has integrated Nginx, Redis and other commonly used APPs, and a micro thread framework, and provides a standard Epoll/Kqueue interface.</p>
62940
62941 <p>Currently, besides authorized DNS server of DNSPod, there are various products in Tencent Cloud has used the F-Stack, such as HttpDNS (D+), COS access module, CDN access module, etc..</p>
62942 </blockquote>
62943
62944 <hr />
62945 <p><strong>iXsystems</strong></p>
62946
62947 <h3><a href="https://www.forbes.com/sites/forbestechcouncil/2018/04/02/leadership-is-the-secret-to-an-open-source-business-model/#a2beca765c78">Leadership Is The Secret To An Open Source Business Model</a></h3>
62948
62949 <ul>
62950 <li>A Forbes article by Mike Lauth, CEO of iXsystems
62951
62952
62953 <blockquote>
62954 There is a good chance you’ve never heard of open source software and an even greater one that you’re using it every day without even realizing it. Open source software is computer software that is available under a variety of licenses that all encourage the sharing of the software and its underlying source code. Open source has powered the internet from day one and today powers the cloud and just about everything connected to it from your mobile phone to virtually every internet of things device.
62955 FreeNAS is one of two open source operating systems that my company, iXsystems, develops and distributes free of charge and is at the heart of our line of TrueNAS enterprise storage products. While some of our competitors sell storage software similar to FreeNAS, we not only give it away but also do so with truly no strings attached -- competitors can and do take FreeNAS and build products based on it with zero obligation to share their changes. The freedom to do so is the fundamental tenet of permissively licensed open source software, and while it sounds self-defeating to be this generous, we’ve proven that leadership, not licensing, is the true secret to a successful open source business model.
62956 We each have our own personal definition of what is fair when it comes to open source. At iXsystems, we made a conscious decision to base FreeNAS and TrueOS on the FreeBSD operating system developed by the FreeBSD project. We stand on the shoulders of giants by using FreeBSD and we consider it quite reasonable to give back on the same generous terms that the FreeBSD project offers us. We could be selective in what we provide free of charge, but we believe that doing so would be short-sighted. In the long game we’re playing, the leadership we provide over the open source projects we produce is infinitely more important than any restrictions provided by the licenses of those and other open source projects.
62957 Twenty years in, we have no reason to change our free-software-on-great-hardware business model and giving away the software has brought an unexpected side-benefit: the largest Q/A department in the world, staffed by our passionate users who volunteer to let us know every thought they have about our software. We wouldn’t change a thing, and I encourage you to find exactly what win-win goodwill you and your company can provide to your constituents to make them not just a customer base but a community.</li>
62958 <li>Drive The Conversation
62959 It took a leap of faith for us to give away the heart of our products in exchange for a passionate community, but doing so changes your customer's relationship with your brand from priced to priceless. This kind of relationship leverages a social contract instead of a legal one. Taking this approach empowers your users in ways they will not experience with other companies and it is your responsibility to lead, rather than control them with a project like FreeNAS</li>
62960 <li>Relieve Customer Pain Points With Every New Release
62961 Responsiveness to the needs of your constituents is what distinguishes project leadership from project dictatorship. Be sure to balance your vision for your products and projects with the “real world” needs of your users. While our competition can use the software we develop, they will at best wow users with specific features rather than project-wide ones. Never underestimate how grateful a user will be when you make their job easier.</li>
62962 <li>Accept That A Patent Is Not A Business Model
62963 Patents are considered the ultimate control mechanism in the technology industry, but they only provide a business model if you have a monopoly and monopolies are illegal. Resist getting hung up on the control you can establish over your customers and spend your time acquiring and empowering them. The moment you both realize that your success is mutual, you have a relationship that will last longer than any single sale. You’ll be pleasantly surprised how the relationships you build will transcend the specific companies that friends you make work for.</li>
62964 <li>Distinguish Leadership From Management
62965 Every company has various levels of management, but leadership is the magic that creates markets where they did not exist and aligns paying customers with value that you can deliver in a profitable manner. Leadership and vision are ultimately the most proprietary aspects of a technology business, over every patentable piece of hardware or licensable piece of software. Whether you create a new market or bring efficiency to an existing one, your leadership is your secret weapon -- not your level of control.</li>
62966 </ul>
62967 <hr />
62968 </blockquote>
62969
62970 <h2>News Roundup</h2>
62971
62972
62973
62974 <h3><a href="https://www.skyforge.at/posts/an-introduction-to-jails-and-jail-networking/">Introduction to Jails and Jail Networking on FreeBSD</a></h3>
62975
62976
62977
62978 <blockquote>
62979 <p>Jails basically partition a FreeBSD system into various isolated sub-systems called jails. The syscall and userspace tools first appeared in FreeBSD 4.0 (~ March 2000) with subsequent releases expanding functionality and improving existing features as well as usability.
62980 + For Linux users, jails are similar to LXC, used for resource/process isolation. Unlike LXC however, jails are a first-class concept and are well integrated into the base system. Essentially however, both offer a chroot-with-extra-separation feeling.
62981 Setting up a jail is a fairly simple process, which can essentially be split into three steps:
62982 + Place the stuff you want to run and the stuff it needs to run somewhere on your filesystem.
62983 + Add some basic configuration for the jail in jail.conf.
62984 + Fire up the jail.
62985 To confirm that the jail started successfully we can use the jls utility:
62986 We can now enter the jailed environment by using jexec, which will by default execute a root shell inside the named jail
62987 A jail can only see and use addresses that have been passed down to it by the parent system. This creates a slight problem with the loopback address: The host would probably like to keep that address to itself and not share it with any jail.
62988 Because of this, the loopback-address inside a jail is emulated by the system:
62989 + 127.0.0.1 is an alias for the first IPv4-address assigned to the jail.
62990 + ::1 is an alias for the first IPv6-address assigned to the jail.
62991 While this looks simple enough and usually works just fine[tm], it is also a source of many problems. Just imagine if your jail has only one single global IPv4 assigned to it. A daemon binding its (possibly unsecured) control port to the loopback-address would then unwillingly be exposed to the rest of the internet, which is hardly ever a good idea.
62992 + So, create an extra loopback adapter, and make the first IP in each jail a private loopback address
62993 + The tutorial goes on to cover making multiple jails share a single public IP address using NAT
62994 + It also covers more advanced concepts like ‘thin’ jails, to save some disk space if you are going to create a large number of jails, and how to upgrade them after the fact
62995 + Finally, it covers the integration with a lot of common tools, like identifying and filter jailed processes using top and ps, or using the package managers support for jails to install packages in a jail from the outside.</p>
62996 </blockquote>
62997
62998 <hr />
62999
63000
63001
63002 **DigitalOcean**
63003
63004
63005
63006 <h3>SmartOS release-20180315</h3>
63007
63008 ```
63009
63010 Hello All,
63011
63012 The latest bi-weekly "release" branch build of SmartOS is up:
63013
63014
63015 <pre><code>curl -C - -O https://us-east.manta.joyent.com/Joyent_Dev/public/SmartOS/smartos-latest.iso
63016 curl -C - -O https://us-east.manta.joyent.com/Joyent_Dev/public/SmartOS/smartos-latest-USB.img.bz2
63017 curl -C - -O https://us-east.manta.joyent.com/Joyent_Dev/public/SmartOS/smartos-latest.vmwarevm.tar.bz2
63018 </code></pre>
63019
63020 A generated changelog is here:
63021
63022 <pre><code>https://us-east.manta.joyent.com/Joyent_Dev/public/SmartOS/smartos.html#20180329T002644Z
63023 </code></pre>
63024
63025 The full build bits directory, for those interested, is here in Manta:
63026
63027 <pre><code>/Joyent_Dev/public/SmartOS/20180329T002644Z
63028 </code></pre>
63029
63030 <h1>Highlights</h1>
63031
63032 Firewall rules created with fwadm(1M) can now use the PRIORITY keyword to
63033 specify a higher precedence for a rule.
63034
63035 This release has includes mitigation of the Intel Meltdown vulnerability in the
63036 form of kpti (kernel page table isolation) with PCID (process context
63037 identifier) support
63038
63039 This release also includes experimental support for bhyve branded zones.
63040
63041
63042
63043
63044 <h1>General Info</h1>
63045
63046 Every second Thursday we roll a "release-YYYYMMDD" release branch and
63047 builds for SmartOS (and Triton DataCenter and Manta, as well).
63048
63049 Cheers,
63050 Josh Wilsdon, on behalf of the SmartOS developers
63051 https://smartos.org
63052 ```
63053
63054 <ul>
63055 <li>Here's a screencap from q5sys' machine showing the output of sysinfo: https://i.imgur.com/MFkNi76.jpg</li>
63056 </ul>
63057
63058 <hr />
63059 <h3><a href="https://www.freebsdfoundation.org/wp-content/uploads/2018/03/FreeBSD-Foundation-March-2018-Update-1.pdf">FreeBSD Foundation March 2018 Update</a></h3>
63060
63061 <ul>
63062 <li>> Syzkaller update: Syzkaller is a coverage-guided system call fuzzer. It invokes syscalls with arbitrary and changing inputs, and is intended to use code coverage data to guide changes to system call inputs in order to access larger and larger portions of the kernel in the search for bugs.</li>
63063 <li>> Last term’s student focused largely on scripts to deploy and configure Syzkaller on Packet.net’s hosting infrastructure, but did not get to the code coverage integration required for Syzkaller to be effective. This term co-op student Mitchell Horne has been adding code coverage support in FreeBSD for Syzkaller.</li>
63064 <li>> The Linux code coverage support for Syzkaller is known as kcov and was submitted by Dmitry Vyukov, Syzkaller’s author. Kcov is purposebuilt for Syzkaller:
63065 <ul><li>> kcov provides code coverage collection for coverage-guided fuzzing (randomized testing). Coverage-guided fuzzing is a testing technique that uses coverage feedback to determine new interesting inputs to a system.</li>
63066 <li>> kcov does not aim to collect as much coverage as possible. It aims to collect more or less stable coverage that is function of syscall inputs. To achieve this goal it does not collect coverage in soft/hard interrupts and instrumentation of some inherently non-deterministic or non-interesting parts of kernel is disabled (e.g. scheduler, locking).</li></ul></li>
63067 <li>> Mitchell implemented equivalent functionality for FreeBSD - a distinct implementation, but modelled on the one in Linux. These patches are currently in review, as are minor changes to Syzkaller to use the new interface on FreeBSD.</li>
63068 <li>> We still have some additional work to fully integrate Syzkaller and run it on a consistent basis, but the brief testing that has been completed suggests this work will provide a very valuable improvement in test coverage and opportunities for system hardening: we tested Syzkaller with Mitchell's code coverage patch over a weekend. It provoked kernel crashes hundreds of times faster than without his work.</li>
63069 <li>> I want to say thank you to NetApp for becoming an Iridium Partner again this
63070 year! (Donations between $100,000 - $249,999) It’s companies like NetApp, who recognize the importance of supporting our efforts, that allow us to continue to provide software improvements, advocate for FreeBSD, and help lead the release engineering and security efforts.</li>
63071 <li>> Conference Recap: FOSSASIA 2018</li>
63072 <li>Foundation Director Philip Paeps went to FOSSASIA, which is possibly the largest open source event in Asia. The FreeBSD Foundation sponsored the conference.</li>
63073 <li>Our booth had a constant stream of traffic over the weekend and we handed out hundreds of FreeBSD stickers, pens and flyers. Many attendees of FOSSASIA had never heard of FreeBSD before and are now keen to start exploring and perhaps even contributing. By the end of the conference, there were FreeBSD stickers everywhere!</li>
63074 <li>> One particular hallway-track conversation led to an invitation to present FreeBSD at a "Women Who Code" evening in Kuala Lumpur later this week (Thursday 29th March). I spent the days after the conference meeting companies who use (or want to use) FreeBSD in Singapore.</li>
63075 <li>> SCaLE 16x: The Foundation sponsored a FreeBSD table in the expo hall that was
63076 staffed by Dru Lavigne, Warren Block, and Deb Goodkin. Our purpose was to promote FreeBSD, and attract more users and contributors to the Project. We had a steady flow of people stopping by our table, asking inquisitive questions, and picking up some cool swag and FreeBSD handouts.</li>
63077 <li>Deb Goodkin took some tutorials/trainings there and talked to a lot of other open source projects.</li>
63078 <li><blockquote>
63079 <p>Next year, we have the opportunity to have a BSD track, similar to the BSD Devroom at FOSDEM. We are looking for some volunteers in Southern California who can help organize this one or two-day event and help us educate more people about the BSDs. Let us know if you
63080 would like to help with this effort.</p>
63081 </blockquote></li>
63082 <li><blockquote>
63083 <p>Roll Call: #WhoUsesFreeBSD</p>
63084 </blockquote></li>
63085 <li><blockquote>
63086 <p>Many of you probably saw our post on social media asking Who Uses FreeBSD. Please help us answer this question to assist us in determining FreeBSD market share data, promote how companies are successfully using FreeBSD to encourage more companies to embrace
63087 FreeBSD, and to update the list of users on our website. Knowing who uses FreeBSD helps our contributors know where to look for jobs; knowing what universities teach with FreeBSD, helps companies know where to recruit, and knowing what products use FreeBSD helps us determine what features and technologies to support.</p>
63088 </blockquote></li>
63089 <li><blockquote>
63090 <p>New Hosting Partner: Oregon State University Open Source Lab</p>
63091 </blockquote></li>
63092 <li>> We are pleased to announce that the Oregon State University (OSU) Open Source Lab (OSL), which hosts infrastructure for over 160 different open source projects, has agreed to host some of our servers for FreeBSD development. The first server, which should be arriving shortly, is an HP Enterprise Proliant DL360 Gen10 configured with NVDIMM memory which will be initially used for further development and testing of permanent memory support in the kernel.</li>
63093 <li>Stay tuned for more news from the FreeBSD Foundation in May (next newsletter).</li>
63094 </ul>
63095
63096 <hr />
63097 <h2>Beastie Bits</h2>
63098
63099 <ul>
63100 <li><a href="https://daniel.haxx.se/blog/2018/03/20/twenty-years-1998-2018/">cURL is 20 today</a></li>
63101 <li><a href="https://www.skyforge.at/posts/a-note-in-sysvipc-and-jails-on-freebsd/">A Note on SYSVIPC and Jails on FreeBSD</a></li>
63102 <li><a href="https://marc.info/?l=openbsd-announce&amp;m=152149507725894&amp;w=2">OpenBSD Errata: March 20th, 2018 (ipsec)</a></li>
63103 <li><a href="https://www.freebsd.org/security/advisories.html">FreeBSD Security Advisories for IPSEC and vt </a></li>
63104 <li><a href="https://www.tecmint.com/pkg-command-examples-to-manage-packages-in-freebsd/">23 Useful PKG Command Examples to Manage Packages in FreeBSD</a></li>
63105 </ul>
63106
63107 <hr />
63108 <p><strong>Tarsnap</strong></p>
63109
63110 <h2>Feedback/Questions</h2>
63111
63112 <ul>
63113 <li>Casey - <a href="http://dpaste.com/2VMH555#wrap">Cool Editor</a></li>
63114 <li>Nelson - <a href="http://dpaste.com/2NTE4SD#wrap">New article on FreeBSD vs MacOS</a></li>
63115 <li>Damian - <a href="http://dpaste.com/0FYWVHD#wrap">Mysterious Reverse Proxy 504</a></li>
63116 <li>Nelson - <a href="http://dpaste.com/0BTGTVP#wrap">FreeBSD, rsync, nasty bug, now fixed</a></li>
63117 </ul>
63118
63119 <hr />
63120 <ul>
63121 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
63122 </ul>
63123
63124 <hr />
63125 </description>
63126 <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, tutorial, howto, guide, bsd, interview</itunes:keywords>
63127 <content:encoded>
63128 <![CDATA[<p>TrueOS Stable 18.03 released, a look at F-stack, the secret to an open source business model, intro to jails and jail networking, FreeBSD Foundation March update, and the ipsec Errata.</p>
63129
63130 <h2>Headlines</h2>
63131
63132 <h3><a href="https://trueos.org/blog/trueos-stable-18-03-release/">TrueOS STABLE 18.03 Release</a></h3>
63133
63134 <blockquote>
63135 <p>The TrueOS team is pleased to announce the availability of a new STABLE release of the TrueOS project (version 18.03). This is a special release due to the security issues impacting the computing world since the beginning of 2018. In particular, mitigating the “Meltdown” and “Spectre” system exploits make it necessary to update the entire package ecosystem for TrueOS. This release does not replace the scheduled June STABLE update, but provides the necessary and expected security updates for the STABLE release branch of TrueOS, even though this is part-way through our normal release cycle.</p>
63136 </blockquote>
63137
63138 <ul>
63139 <li><p>Important changes between version 17.12 and 18.03</p>
63140
63141 <ul><li>“Meltdown” security fixes: This release contains all the fixes to FreeBSD which mitigate the security issues for systems that utilize Intel-based processors when running virtual machines such as FreeBSD jails. Please note that virtual machines or jails must also be updated to a version of FreeBSD or TrueOS which contains these security fixes.</li>
63142 <li>“Spectre” security mitigations: This release contains all current mitigations from FreeBSD HEAD for the Spectre memory-isolation attacks (Variant 2). All 3rd-party packages for this release are also compiled with LLVM/Clang 6 (the “retpoline” mitigation strategy). This fixes many memory allocation issues and enforces stricter requirements for code completeness and memory usage within applications. Unfortunately, some 3rd-party applications became unavailable as pre-compiled packages due to non-compliance with these updated standards. These applications are currently being fixed either by the upstream authors or the FreeBSD port maintainers. If there are any concerns about the availability of a critical application for a specific workflow, please search through the changelog of packages between TrueOS 17.12 and 18.03 to verify the status of the application.</li></ul></li>
63143 </ul>
63144
63145 <blockquote>
63146 <p>Most systems will need microcode updates for additional Spectre mitigations. The microcode updates are not enabled by default. This work is considered experimental because it is in active development by the upstream vendors. If desired, the microcode updates are available with the new devcpu-data package, which is available in the Appcafe. Install this package and enable the new microcode_update service to apply the latest runtime code when booting the system.</p>
63147 </blockquote>
63148
63149 <ul>
63150 <li><p>Important security-based package updates</p>
63151
63152 <ul><li>LibreSSL is updated from version 2.6.3 -> 2.6.4</li>
63153 <li>Reminder: LibreSSL is used on TrueOS to build any package which does not explicitly require OpenSSL. All applications that utilize the SSL transport layer are now running with the latest security updates.</li>
63154 <li>Browser updates: (Keep in mind that many browsers have also implemented their own security mitigations in the aftermath of the Spectre exploit.)</li>
63155 <li>Firefox: 57.0.1 -> 58.0.2</li>
63156 <li>Chromium: 61.0.3163.100 -> 63.0.3239.132</li>
63157 <li>Qt5 Webengine (QupZilla, Falkon, many others): 5.7.1 -> 5.9.4</li></ul></li>
63158 <li><p>All pre-compiled packages for this release are built with the latest versions of LLVM/Clang, unless the package explicitly requires GCC. These packages also utilize the latest compile-time mitigations for memory-access security concerns.</p></li>
63159 </ul>
63160
63161 <p><hr /></p>
63162
63163 <h3><a href="https://github.com/F-Stack/f-stack">F-Stack</a></h3>
63164
63165 <blockquote>
63166 <p>F-Stack is an user space network development kit with high performance based on DPDK, FreeBSD TCP/IP stack and coroutine API. http://www.f-stack.org</p>
63167 </blockquote>
63168
63169 <ul>
63170 <li><p>Introduction
63171 With the rapid development of NIC, the poor performance of data packets processing with Linux kernel has become the bottleneck. However, the rapid development of the Internet needs high performance of network processing, kernel bypass has caught more and more attentions. There are various similar technologies appear, such as DPDK, NETMAP and PF_RING. The main idea of kernel bypass is that Linux is only used to deal with control flow, all data streams are processed in user space. Therefore, kernel bypass can avoid performance bottlenecks caused by kernel packet copying, thread scheduling, system calls and interrupts. Furthermore, kernel bypass can achieve higher performance with multi optimizing methods. Within various techniques, DPDK has been widely used because of its more thorough isolation from kernel scheduling and active community support.</p></li>
63172 <li><p>F-Stack is an open source network framework with high performance based on DPDK. With following characteristics</p>
63173
63174 <ul><li>Ultra high network performance which can achieve network card under full load, 10 million concurrent connections, 5 million RPS, 1 million CPS.</li>
63175 <li>Transplant FreeBSD 11.01 user space stack, provides a complete stack function, cut a great amount of irrelevant features. Therefore greatly enhance the performance.</li>
63176 <li>Support Nginx, Redis and other mature applications, service can easily use F-Stack</li>
63177 <li>With Multi-process architecture, easy to extend</li>
63178 <li>Provide micro thread interface. Various applications with stateful app can easily use F-Stack to get high performance without processing complex asynchronous logic.</li>
63179 <li>Provide Epoll/Kqueue interface that allow many kinds of applications easily use F-Stack</li></ul></li>
63180 <li><p>History</p></li>
63181 </ul>
63182
63183 <blockquote>
63184 <p>In order to deal with the increasingly severe DDoS attacks, authorized DNS server of Tencent Cloud DNSPod switched from Gigabit Ethernet to 10-Gigabit at the end of 2012. We faced several options, one is to continue to use the original model another is to use kernel bypass technology. After several rounds of investigation, we finally chose to develop our next generation of DNS server based on DPDK. The reason is DPDK provides ultra-high performance and can be seamlessly extended to 40G, or even 100G NIC in the future.</p>
63185
63186 <p>After several months of development and testing, DKDNS, high-performance DNS server based on DPDK officially released in October 2013. It's capable of achieving up to 11 million QPS with a single 10GE port and 18.2 million QPS with two 10GE ports. And then we developed a user-space TCP/IP stack called F-Stack that can process 0.6 million RPS with a single 10GE port.</p>
63187
63188 <p>With the fast growth of Tencent Cloud, more and more services need higher network access performance. Meanwhile, F-Stack was continuous improving driven by the business growth, and ultimately developed into a general network access framework. But this TCP/IP stack couldn't meet the needs of these services while continue to develop and maintain a complete network stack will cost high, we've tried several plans and finally determined to port FreeBSD(11.0 stable) TCP/IP stack into F-Stack. Thus, we can reduce the cost of maintenance and follow up the improvement from community quickly.Thanks to libplebnet and libuinet, this work becomes a lot easier.</p>
63189
63190 <p>With the rapid development of all kinds of application, in order to help different APPs quick and easily use F-Stack, F-Stack has integrated Nginx, Redis and other commonly used APPs, and a micro thread framework, and provides a standard Epoll/Kqueue interface.</p>
63191
63192 <p>Currently, besides authorized DNS server of DNSPod, there are various products in Tencent Cloud has used the F-Stack, such as HttpDNS (D+), COS access module, CDN access module, etc..</p>
63193 </blockquote>
63194
63195 <p><hr /></p>
63196
63197 <p><strong>iXsystems</strong></p>
63198
63199 <h3><a href="https://www.forbes.com/sites/forbestechcouncil/2018/04/02/leadership-is-the-secret-to-an-open-source-business-model/#a2beca765c78">Leadership Is The Secret To An Open Source Business Model</a></h3>
63200
63201 <ul>
63202 <li>A Forbes article by Mike Lauth, CEO of iXsystems
63203
63204
63205 <blockquote>
63206 There is a good chance you’ve never heard of open source software and an even greater one that you’re using it every day without even realizing it. Open source software is computer software that is available under a variety of licenses that all encourage the sharing of the software and its underlying source code. Open source has powered the internet from day one and today powers the cloud and just about everything connected to it from your mobile phone to virtually every internet of things device.
63207 FreeNAS is one of two open source operating systems that my company, iXsystems, develops and distributes free of charge and is at the heart of our line of TrueNAS enterprise storage products. While some of our competitors sell storage software similar to FreeNAS, we not only give it away but also do so with truly no strings attached -- competitors can and do take FreeNAS and build products based on it with zero obligation to share their changes. The freedom to do so is the fundamental tenet of permissively licensed open source software, and while it sounds self-defeating to be this generous, we’ve proven that leadership, not licensing, is the true secret to a successful open source business model.
63208 We each have our own personal definition of what is fair when it comes to open source. At iXsystems, we made a conscious decision to base FreeNAS and TrueOS on the FreeBSD operating system developed by the FreeBSD project. We stand on the shoulders of giants by using FreeBSD and we consider it quite reasonable to give back on the same generous terms that the FreeBSD project offers us. We could be selective in what we provide free of charge, but we believe that doing so would be short-sighted. In the long game we’re playing, the leadership we provide over the open source projects we produce is infinitely more important than any restrictions provided by the licenses of those and other open source projects.
63209 Twenty years in, we have no reason to change our free-software-on-great-hardware business model and giving away the software has brought an unexpected side-benefit: the largest Q/A department in the world, staffed by our passionate users who volunteer to let us know every thought they have about our software. We wouldn’t change a thing, and I encourage you to find exactly what win-win goodwill you and your company can provide to your constituents to make them not just a customer base but a community.</li>
63210 <li>Drive The Conversation
63211 It took a leap of faith for us to give away the heart of our products in exchange for a passionate community, but doing so changes your customer's relationship with your brand from priced to priceless. This kind of relationship leverages a social contract instead of a legal one. Taking this approach empowers your users in ways they will not experience with other companies and it is your responsibility to lead, rather than control them with a project like FreeNAS</li>
63212 <li>Relieve Customer Pain Points With Every New Release
63213 Responsiveness to the needs of your constituents is what distinguishes project leadership from project dictatorship. Be sure to balance your vision for your products and projects with the “real world” needs of your users. While our competition can use the software we develop, they will at best wow users with specific features rather than project-wide ones. Never underestimate how grateful a user will be when you make their job easier.</li>
63214 <li>Accept That A Patent Is Not A Business Model
63215 Patents are considered the ultimate control mechanism in the technology industry, but they only provide a business model if you have a monopoly and monopolies are illegal. Resist getting hung up on the control you can establish over your customers and spend your time acquiring and empowering them. The moment you both realize that your success is mutual, you have a relationship that will last longer than any single sale. You’ll be pleasantly surprised how the relationships you build will transcend the specific companies that friends you make work for.</li>
63216 <li>Distinguish Leadership From Management
63217 Every company has various levels of management, but leadership is the magic that creates markets where they did not exist and aligns paying customers with value that you can deliver in a profitable manner. Leadership and vision are ultimately the most proprietary aspects of a technology business, over every patentable piece of hardware or licensable piece of software. Whether you create a new market or bring efficiency to an existing one, your leadership is your secret weapon -- not your level of control.</li>
63218 </ul>
63219 <hr />
63220 </blockquote>
63221
63222 <h2>News Roundup</h2>
63223
63224
63225
63226 <h3><a href="https://www.skyforge.at/posts/an-introduction-to-jails-and-jail-networking/">Introduction to Jails and Jail Networking on FreeBSD</a></h3>
63227
63228
63229
63230 <blockquote>
63231 <p>Jails basically partition a FreeBSD system into various isolated sub-systems called jails. The syscall and userspace tools first appeared in FreeBSD 4.0 (~ March 2000) with subsequent releases expanding functionality and improving existing features as well as usability.
63232 + For Linux users, jails are similar to LXC, used for resource/process isolation. Unlike LXC however, jails are a first-class concept and are well integrated into the base system. Essentially however, both offer a chroot-with-extra-separation feeling.
63233 Setting up a jail is a fairly simple process, which can essentially be split into three steps:
63234 + Place the stuff you want to run and the stuff it needs to run somewhere on your filesystem.
63235 + Add some basic configuration for the jail in jail.conf.
63236 + Fire up the jail.
63237 To confirm that the jail started successfully we can use the jls utility:
63238 We can now enter the jailed environment by using jexec, which will by default execute a root shell inside the named jail
63239 A jail can only see and use addresses that have been passed down to it by the parent system. This creates a slight problem with the loopback address: The host would probably like to keep that address to itself and not share it with any jail.
63240 Because of this, the loopback-address inside a jail is emulated by the system:
63241 + 127.0.0.1 is an alias for the first IPv4-address assigned to the jail.
63242 + ::1 is an alias for the first IPv6-address assigned to the jail.
63243 While this looks simple enough and usually works just fine[tm], it is also a source of many problems. Just imagine if your jail has only one single global IPv4 assigned to it. A daemon binding its (possibly unsecured) control port to the loopback-address would then unwillingly be exposed to the rest of the internet, which is hardly ever a good idea.
63244 + So, create an extra loopback adapter, and make the first IP in each jail a private loopback address
63245 + The tutorial goes on to cover making multiple jails share a single public IP address using NAT
63246 + It also covers more advanced concepts like ‘thin’ jails, to save some disk space if you are going to create a large number of jails, and how to upgrade them after the fact
63247 + Finally, it covers the integration with a lot of common tools, like identifying and filter jailed processes using top and ps, or using the package managers support for jails to install packages in a jail from the outside.</p>
63248 </blockquote>
63249
63250 <hr />
63251
63252
63253
63254 **DigitalOcean**
63255
63256
63257
63258 <h3>SmartOS release-20180315</h3>
63259
63260 ```
63261
63262 Hello All,
63263
63264 The latest bi-weekly "release" branch build of SmartOS is up:
63265
63266
63267 <pre><code>curl -C - -O https://us-east.manta.joyent.com/Joyent_Dev/public/SmartOS/smartos-latest.iso
63268 curl -C - -O https://us-east.manta.joyent.com/Joyent_Dev/public/SmartOS/smartos-latest-USB.img.bz2
63269 curl -C - -O https://us-east.manta.joyent.com/Joyent_Dev/public/SmartOS/smartos-latest.vmwarevm.tar.bz2
63270 </code></pre>
63271
63272 A generated changelog is here:
63273
63274 <pre><code>https://us-east.manta.joyent.com/Joyent_Dev/public/SmartOS/smartos.html#20180329T002644Z
63275 </code></pre>
63276
63277 The full build bits directory, for those interested, is here in Manta:
63278
63279 <pre><code>/Joyent_Dev/public/SmartOS/20180329T002644Z
63280 </code></pre>
63281
63282 <h1>Highlights</h1>
63283
63284 Firewall rules created with fwadm(1M) can now use the PRIORITY keyword to
63285 specify a higher precedence for a rule.
63286
63287 This release has includes mitigation of the Intel Meltdown vulnerability in the
63288 form of kpti (kernel page table isolation) with PCID (process context
63289 identifier) support
63290
63291 This release also includes experimental support for bhyve branded zones.
63292
63293
63294
63295
63296 <h1>General Info</h1>
63297
63298 Every second Thursday we roll a "release-YYYYMMDD" release branch and
63299 builds for SmartOS (and Triton DataCenter and Manta, as well).
63300
63301 Cheers,
63302 Josh Wilsdon, on behalf of the SmartOS developers
63303 https://smartos.org
63304 ```
63305
63306 <ul>
63307 <li>Here's a screencap from q5sys' machine showing the output of sysinfo: https://i.imgur.com/MFkNi76.jpg</li>
63308 </ul>
63309
63310 <p><hr /></p>
63311
63312 <h3><a href="https://www.freebsdfoundation.org/wp-content/uploads/2018/03/FreeBSD-Foundation-March-2018-Update-1.pdf">FreeBSD Foundation March 2018 Update</a></h3>
63313
63314 <ul>
63315 <li>> Syzkaller update: Syzkaller is a coverage-guided system call fuzzer. It invokes syscalls with arbitrary and changing inputs, and is intended to use code coverage data to guide changes to system call inputs in order to access larger and larger portions of the kernel in the search for bugs.</li>
63316 <li>> Last term’s student focused largely on scripts to deploy and configure Syzkaller on Packet.net’s hosting infrastructure, but did not get to the code coverage integration required for Syzkaller to be effective. This term co-op student Mitchell Horne has been adding code coverage support in FreeBSD for Syzkaller.</li>
63317 <li>> The Linux code coverage support for Syzkaller is known as kcov and was submitted by Dmitry Vyukov, Syzkaller’s author. Kcov is purposebuilt for Syzkaller:
63318 <ul><li>> kcov provides code coverage collection for coverage-guided fuzzing (randomized testing). Coverage-guided fuzzing is a testing technique that uses coverage feedback to determine new interesting inputs to a system.</li>
63319 <li>> kcov does not aim to collect as much coverage as possible. It aims to collect more or less stable coverage that is function of syscall inputs. To achieve this goal it does not collect coverage in soft/hard interrupts and instrumentation of some inherently non-deterministic or non-interesting parts of kernel is disabled (e.g. scheduler, locking).</li></ul></li>
63320 <li>> Mitchell implemented equivalent functionality for FreeBSD - a distinct implementation, but modelled on the one in Linux. These patches are currently in review, as are minor changes to Syzkaller to use the new interface on FreeBSD.</li>
63321 <li>> We still have some additional work to fully integrate Syzkaller and run it on a consistent basis, but the brief testing that has been completed suggests this work will provide a very valuable improvement in test coverage and opportunities for system hardening: we tested Syzkaller with Mitchell's code coverage patch over a weekend. It provoked kernel crashes hundreds of times faster than without his work.</li>
63322 <li>> I want to say thank you to NetApp for becoming an Iridium Partner again this
63323 year! (Donations between $100,000 - $249,999) It’s companies like NetApp, who recognize the importance of supporting our efforts, that allow us to continue to provide software improvements, advocate for FreeBSD, and help lead the release engineering and security efforts.</li>
63324 <li>> Conference Recap: FOSSASIA 2018</li>
63325 <li>Foundation Director Philip Paeps went to FOSSASIA, which is possibly the largest open source event in Asia. The FreeBSD Foundation sponsored the conference.</li>
63326 <li>Our booth had a constant stream of traffic over the weekend and we handed out hundreds of FreeBSD stickers, pens and flyers. Many attendees of FOSSASIA had never heard of FreeBSD before and are now keen to start exploring and perhaps even contributing. By the end of the conference, there were FreeBSD stickers everywhere!</li>
63327 <li>> One particular hallway-track conversation led to an invitation to present FreeBSD at a "Women Who Code" evening in Kuala Lumpur later this week (Thursday 29th March). I spent the days after the conference meeting companies who use (or want to use) FreeBSD in Singapore.</li>
63328 <li>> SCaLE 16x: The Foundation sponsored a FreeBSD table in the expo hall that was
63329 staffed by Dru Lavigne, Warren Block, and Deb Goodkin. Our purpose was to promote FreeBSD, and attract more users and contributors to the Project. We had a steady flow of people stopping by our table, asking inquisitive questions, and picking up some cool swag and FreeBSD handouts.</li>
63330 <li>Deb Goodkin took some tutorials/trainings there and talked to a lot of other open source projects.</li>
63331 <li><blockquote>
63332 <p>Next year, we have the opportunity to have a BSD track, similar to the BSD Devroom at FOSDEM. We are looking for some volunteers in Southern California who can help organize this one or two-day event and help us educate more people about the BSDs. Let us know if you
63333 would like to help with this effort.</p>
63334 </blockquote></li>
63335 <li><blockquote>
63336 <p>Roll Call: #WhoUsesFreeBSD</p>
63337 </blockquote></li>
63338 <li><blockquote>
63339 <p>Many of you probably saw our post on social media asking Who Uses FreeBSD. Please help us answer this question to assist us in determining FreeBSD market share data, promote how companies are successfully using FreeBSD to encourage more companies to embrace
63340 FreeBSD, and to update the list of users on our website. Knowing who uses FreeBSD helps our contributors know where to look for jobs; knowing what universities teach with FreeBSD, helps companies know where to recruit, and knowing what products use FreeBSD helps us determine what features and technologies to support.</p>
63341 </blockquote></li>
63342 <li><blockquote>
63343 <p>New Hosting Partner: Oregon State University Open Source Lab</p>
63344 </blockquote></li>
63345 <li>> We are pleased to announce that the Oregon State University (OSU) Open Source Lab (OSL), which hosts infrastructure for over 160 different open source projects, has agreed to host some of our servers for FreeBSD development. The first server, which should be arriving shortly, is an HP Enterprise Proliant DL360 Gen10 configured with NVDIMM memory which will be initially used for further development and testing of permanent memory support in the kernel.</li>
63346 <li>Stay tuned for more news from the FreeBSD Foundation in May (next newsletter).</li>
63347 </ul>
63348
63349 <p><hr /></p>
63350
63351 <h2>Beastie Bits</h2>
63352
63353 <ul>
63354 <li><a href="https://daniel.haxx.se/blog/2018/03/20/twenty-years-1998-2018/">cURL is 20 today</a></li>
63355 <li><a href="https://www.skyforge.at/posts/a-note-in-sysvipc-and-jails-on-freebsd/">A Note on SYSVIPC and Jails on FreeBSD</a></li>
63356 <li><a href="https://marc.info/?l=openbsd-announce&m=152149507725894&w=2">OpenBSD Errata: March 20th, 2018 (ipsec)</a></li>
63357 <li><a href="https://www.freebsd.org/security/advisories.html">FreeBSD Security Advisories for IPSEC and vt </a></li>
63358 <li><a href="https://www.tecmint.com/pkg-command-examples-to-manage-packages-in-freebsd/">23 Useful PKG Command Examples to Manage Packages in FreeBSD</a></li>
63359 </ul>
63360
63361 <p><hr /></p>
63362
63363 <p><strong>Tarsnap</strong></p>
63364
63365 <h2>Feedback/Questions</h2>
63366
63367 <ul>
63368 <li>Casey - <a href="http://dpaste.com/2VMH555#wrap">Cool Editor</a></li>
63369 <li>Nelson - <a href="http://dpaste.com/2NTE4SD#wrap">New article on FreeBSD vs MacOS</a></li>
63370 <li>Damian - <a href="http://dpaste.com/0FYWVHD#wrap">Mysterious Reverse Proxy 504</a></li>
63371 <li>Nelson - <a href="http://dpaste.com/0BTGTVP#wrap">FreeBSD, rsync, nasty bug, now fixed</a></li>
63372 </ul>
63373
63374 <p><hr /></p>
63375
63376 <ul>
63377 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
63378 </ul>
63379
63380 <p><hr /></p>]]>
63381 </content:encoded>
63382 <itunes:summary>
63383 <![CDATA[<p>TrueOS Stable 18.03 released, a look at F-stack, the secret to an open source business model, intro to jails and jail networking, FreeBSD Foundation March update, and the ipsec Errata.</p>
63384
63385 <h2>Headlines</h2>
63386
63387 <h3><a href="https://trueos.org/blog/trueos-stable-18-03-release/">TrueOS STABLE 18.03 Release</a></h3>
63388
63389 <blockquote>
63390 <p>The TrueOS team is pleased to announce the availability of a new STABLE release of the TrueOS project (version 18.03). This is a special release due to the security issues impacting the computing world since the beginning of 2018. In particular, mitigating the “Meltdown” and “Spectre” system exploits make it necessary to update the entire package ecosystem for TrueOS. This release does not replace the scheduled June STABLE update, but provides the necessary and expected security updates for the STABLE release branch of TrueOS, even though this is part-way through our normal release cycle.</p>
63391 </blockquote>
63392
63393 <ul>
63394 <li><p>Important changes between version 17.12 and 18.03</p>
63395
63396 <ul><li>“Meltdown” security fixes: This release contains all the fixes to FreeBSD which mitigate the security issues for systems that utilize Intel-based processors when running virtual machines such as FreeBSD jails. Please note that virtual machines or jails must also be updated to a version of FreeBSD or TrueOS which contains these security fixes.</li>
63397 <li>“Spectre” security mitigations: This release contains all current mitigations from FreeBSD HEAD for the Spectre memory-isolation attacks (Variant 2). All 3rd-party packages for this release are also compiled with LLVM/Clang 6 (the “retpoline” mitigation strategy). This fixes many memory allocation issues and enforces stricter requirements for code completeness and memory usage within applications. Unfortunately, some 3rd-party applications became unavailable as pre-compiled packages due to non-compliance with these updated standards. These applications are currently being fixed either by the upstream authors or the FreeBSD port maintainers. If there are any concerns about the availability of a critical application for a specific workflow, please search through the changelog of packages between TrueOS 17.12 and 18.03 to verify the status of the application.</li></ul></li>
63398 </ul>
63399
63400 <blockquote>
63401 <p>Most systems will need microcode updates for additional Spectre mitigations. The microcode updates are not enabled by default. This work is considered experimental because it is in active development by the upstream vendors. If desired, the microcode updates are available with the new devcpu-data package, which is available in the Appcafe. Install this package and enable the new microcode_update service to apply the latest runtime code when booting the system.</p>
63402 </blockquote>
63403
63404 <ul>
63405 <li><p>Important security-based package updates</p>
63406
63407 <ul><li>LibreSSL is updated from version 2.6.3 -> 2.6.4</li>
63408 <li>Reminder: LibreSSL is used on TrueOS to build any package which does not explicitly require OpenSSL. All applications that utilize the SSL transport layer are now running with the latest security updates.</li>
63409 <li>Browser updates: (Keep in mind that many browsers have also implemented their own security mitigations in the aftermath of the Spectre exploit.)</li>
63410 <li>Firefox: 57.0.1 -> 58.0.2</li>
63411 <li>Chromium: 61.0.3163.100 -> 63.0.3239.132</li>
63412 <li>Qt5 Webengine (QupZilla, Falkon, many others): 5.7.1 -> 5.9.4</li></ul></li>
63413 <li><p>All pre-compiled packages for this release are built with the latest versions of LLVM/Clang, unless the package explicitly requires GCC. These packages also utilize the latest compile-time mitigations for memory-access security concerns.</p></li>
63414 </ul>
63415
63416 <p><hr /></p>
63417
63418 <h3><a href="https://github.com/F-Stack/f-stack">F-Stack</a></h3>
63419
63420 <blockquote>
63421 <p>F-Stack is an user space network development kit with high performance based on DPDK, FreeBSD TCP/IP stack and coroutine API. http://www.f-stack.org</p>
63422 </blockquote>
63423
63424 <ul>
63425 <li><p>Introduction
63426 With the rapid development of NIC, the poor performance of data packets processing with Linux kernel has become the bottleneck. However, the rapid development of the Internet needs high performance of network processing, kernel bypass has caught more and more attentions. There are various similar technologies appear, such as DPDK, NETMAP and PF_RING. The main idea of kernel bypass is that Linux is only used to deal with control flow, all data streams are processed in user space. Therefore, kernel bypass can avoid performance bottlenecks caused by kernel packet copying, thread scheduling, system calls and interrupts. Furthermore, kernel bypass can achieve higher performance with multi optimizing methods. Within various techniques, DPDK has been widely used because of its more thorough isolation from kernel scheduling and active community support.</p></li>
63427 <li><p>F-Stack is an open source network framework with high performance based on DPDK. With following characteristics</p>
63428
63429 <ul><li>Ultra high network performance which can achieve network card under full load, 10 million concurrent connections, 5 million RPS, 1 million CPS.</li>
63430 <li>Transplant FreeBSD 11.01 user space stack, provides a complete stack function, cut a great amount of irrelevant features. Therefore greatly enhance the performance.</li>
63431 <li>Support Nginx, Redis and other mature applications, service can easily use F-Stack</li>
63432 <li>With Multi-process architecture, easy to extend</li>
63433 <li>Provide micro thread interface. Various applications with stateful app can easily use F-Stack to get high performance without processing complex asynchronous logic.</li>
63434 <li>Provide Epoll/Kqueue interface that allow many kinds of applications easily use F-Stack</li></ul></li>
63435 <li><p>History</p></li>
63436 </ul>
63437
63438 <blockquote>
63439 <p>In order to deal with the increasingly severe DDoS attacks, authorized DNS server of Tencent Cloud DNSPod switched from Gigabit Ethernet to 10-Gigabit at the end of 2012. We faced several options, one is to continue to use the original model another is to use kernel bypass technology. After several rounds of investigation, we finally chose to develop our next generation of DNS server based on DPDK. The reason is DPDK provides ultra-high performance and can be seamlessly extended to 40G, or even 100G NIC in the future.</p>
63440
63441 <p>After several months of development and testing, DKDNS, high-performance DNS server based on DPDK officially released in October 2013. It's capable of achieving up to 11 million QPS with a single 10GE port and 18.2 million QPS with two 10GE ports. And then we developed a user-space TCP/IP stack called F-Stack that can process 0.6 million RPS with a single 10GE port.</p>
63442
63443 <p>With the fast growth of Tencent Cloud, more and more services need higher network access performance. Meanwhile, F-Stack was continuous improving driven by the business growth, and ultimately developed into a general network access framework. But this TCP/IP stack couldn't meet the needs of these services while continue to develop and maintain a complete network stack will cost high, we've tried several plans and finally determined to port FreeBSD(11.0 stable) TCP/IP stack into F-Stack. Thus, we can reduce the cost of maintenance and follow up the improvement from community quickly.Thanks to libplebnet and libuinet, this work becomes a lot easier.</p>
63444
63445 <p>With the rapid development of all kinds of application, in order to help different APPs quick and easily use F-Stack, F-Stack has integrated Nginx, Redis and other commonly used APPs, and a micro thread framework, and provides a standard Epoll/Kqueue interface.</p>
63446
63447 <p>Currently, besides authorized DNS server of DNSPod, there are various products in Tencent Cloud has used the F-Stack, such as HttpDNS (D+), COS access module, CDN access module, etc..</p>
63448 </blockquote>
63449
63450 <p><hr /></p>
63451
63452 <p><strong>iXsystems</strong></p>
63453
63454 <h3><a href="https://www.forbes.com/sites/forbestechcouncil/2018/04/02/leadership-is-the-secret-to-an-open-source-business-model/#a2beca765c78">Leadership Is The Secret To An Open Source Business Model</a></h3>
63455
63456 <ul>
63457 <li>A Forbes article by Mike Lauth, CEO of iXsystems
63458
63459
63460 <blockquote>
63461 There is a good chance you’ve never heard of open source software and an even greater one that you’re using it every day without even realizing it. Open source software is computer software that is available under a variety of licenses that all encourage the sharing of the software and its underlying source code. Open source has powered the internet from day one and today powers the cloud and just about everything connected to it from your mobile phone to virtually every internet of things device.
63462 FreeNAS is one of two open source operating systems that my company, iXsystems, develops and distributes free of charge and is at the heart of our line of TrueNAS enterprise storage products. While some of our competitors sell storage software similar to FreeNAS, we not only give it away but also do so with truly no strings attached -- competitors can and do take FreeNAS and build products based on it with zero obligation to share their changes. The freedom to do so is the fundamental tenet of permissively licensed open source software, and while it sounds self-defeating to be this generous, we’ve proven that leadership, not licensing, is the true secret to a successful open source business model.
63463 We each have our own personal definition of what is fair when it comes to open source. At iXsystems, we made a conscious decision to base FreeNAS and TrueOS on the FreeBSD operating system developed by the FreeBSD project. We stand on the shoulders of giants by using FreeBSD and we consider it quite reasonable to give back on the same generous terms that the FreeBSD project offers us. We could be selective in what we provide free of charge, but we believe that doing so would be short-sighted. In the long game we’re playing, the leadership we provide over the open source projects we produce is infinitely more important than any restrictions provided by the licenses of those and other open source projects.
63464 Twenty years in, we have no reason to change our free-software-on-great-hardware business model and giving away the software has brought an unexpected side-benefit: the largest Q/A department in the world, staffed by our passionate users who volunteer to let us know every thought they have about our software. We wouldn’t change a thing, and I encourage you to find exactly what win-win goodwill you and your company can provide to your constituents to make them not just a customer base but a community.</li>
63465 <li>Drive The Conversation
63466 It took a leap of faith for us to give away the heart of our products in exchange for a passionate community, but doing so changes your customer's relationship with your brand from priced to priceless. This kind of relationship leverages a social contract instead of a legal one. Taking this approach empowers your users in ways they will not experience with other companies and it is your responsibility to lead, rather than control them with a project like FreeNAS</li>
63467 <li>Relieve Customer Pain Points With Every New Release
63468 Responsiveness to the needs of your constituents is what distinguishes project leadership from project dictatorship. Be sure to balance your vision for your products and projects with the “real world” needs of your users. While our competition can use the software we develop, they will at best wow users with specific features rather than project-wide ones. Never underestimate how grateful a user will be when you make their job easier.</li>
63469 <li>Accept That A Patent Is Not A Business Model
63470 Patents are considered the ultimate control mechanism in the technology industry, but they only provide a business model if you have a monopoly and monopolies are illegal. Resist getting hung up on the control you can establish over your customers and spend your time acquiring and empowering them. The moment you both realize that your success is mutual, you have a relationship that will last longer than any single sale. You’ll be pleasantly surprised how the relationships you build will transcend the specific companies that friends you make work for.</li>
63471 <li>Distinguish Leadership From Management
63472 Every company has various levels of management, but leadership is the magic that creates markets where they did not exist and aligns paying customers with value that you can deliver in a profitable manner. Leadership and vision are ultimately the most proprietary aspects of a technology business, over every patentable piece of hardware or licensable piece of software. Whether you create a new market or bring efficiency to an existing one, your leadership is your secret weapon -- not your level of control.</li>
63473 </ul>
63474 <hr />
63475 </blockquote>
63476
63477 <h2>News Roundup</h2>
63478
63479
63480
63481 <h3><a href="https://www.skyforge.at/posts/an-introduction-to-jails-and-jail-networking/">Introduction to Jails and Jail Networking on FreeBSD</a></h3>
63482
63483
63484
63485 <blockquote>
63486 <p>Jails basically partition a FreeBSD system into various isolated sub-systems called jails. The syscall and userspace tools first appeared in FreeBSD 4.0 (~ March 2000) with subsequent releases expanding functionality and improving existing features as well as usability.
63487 + For Linux users, jails are similar to LXC, used for resource/process isolation. Unlike LXC however, jails are a first-class concept and are well integrated into the base system. Essentially however, both offer a chroot-with-extra-separation feeling.
63488 Setting up a jail is a fairly simple process, which can essentially be split into three steps:
63489 + Place the stuff you want to run and the stuff it needs to run somewhere on your filesystem.
63490 + Add some basic configuration for the jail in jail.conf.
63491 + Fire up the jail.
63492 To confirm that the jail started successfully we can use the jls utility:
63493 We can now enter the jailed environment by using jexec, which will by default execute a root shell inside the named jail
63494 A jail can only see and use addresses that have been passed down to it by the parent system. This creates a slight problem with the loopback address: The host would probably like to keep that address to itself and not share it with any jail.
63495 Because of this, the loopback-address inside a jail is emulated by the system:
63496 + 127.0.0.1 is an alias for the first IPv4-address assigned to the jail.
63497 + ::1 is an alias for the first IPv6-address assigned to the jail.
63498 While this looks simple enough and usually works just fine[tm], it is also a source of many problems. Just imagine if your jail has only one single global IPv4 assigned to it. A daemon binding its (possibly unsecured) control port to the loopback-address would then unwillingly be exposed to the rest of the internet, which is hardly ever a good idea.
63499 + So, create an extra loopback adapter, and make the first IP in each jail a private loopback address
63500 + The tutorial goes on to cover making multiple jails share a single public IP address using NAT
63501 + It also covers more advanced concepts like ‘thin’ jails, to save some disk space if you are going to create a large number of jails, and how to upgrade them after the fact
63502 + Finally, it covers the integration with a lot of common tools, like identifying and filter jailed processes using top and ps, or using the package managers support for jails to install packages in a jail from the outside.</p>
63503 </blockquote>
63504
63505 <hr />
63506
63507
63508
63509 **DigitalOcean**
63510
63511
63512
63513 <h3>SmartOS release-20180315</h3>
63514
63515 ```
63516
63517 Hello All,
63518
63519 The latest bi-weekly "release" branch build of SmartOS is up:
63520
63521
63522 <pre><code>curl -C - -O https://us-east.manta.joyent.com/Joyent_Dev/public/SmartOS/smartos-latest.iso
63523 curl -C - -O https://us-east.manta.joyent.com/Joyent_Dev/public/SmartOS/smartos-latest-USB.img.bz2
63524 curl -C - -O https://us-east.manta.joyent.com/Joyent_Dev/public/SmartOS/smartos-latest.vmwarevm.tar.bz2
63525 </code></pre>
63526
63527 A generated changelog is here:
63528
63529 <pre><code>https://us-east.manta.joyent.com/Joyent_Dev/public/SmartOS/smartos.html#20180329T002644Z
63530 </code></pre>
63531
63532 The full build bits directory, for those interested, is here in Manta:
63533
63534 <pre><code>/Joyent_Dev/public/SmartOS/20180329T002644Z
63535 </code></pre>
63536
63537 <h1>Highlights</h1>
63538
63539 Firewall rules created with fwadm(1M) can now use the PRIORITY keyword to
63540 specify a higher precedence for a rule.
63541
63542 This release has includes mitigation of the Intel Meltdown vulnerability in the
63543 form of kpti (kernel page table isolation) with PCID (process context
63544 identifier) support
63545
63546 This release also includes experimental support for bhyve branded zones.
63547
63548
63549
63550
63551 <h1>General Info</h1>
63552
63553 Every second Thursday we roll a "release-YYYYMMDD" release branch and
63554 builds for SmartOS (and Triton DataCenter and Manta, as well).
63555
63556 Cheers,
63557 Josh Wilsdon, on behalf of the SmartOS developers
63558 https://smartos.org
63559 ```
63560
63561 <ul>
63562 <li>Here's a screencap from q5sys' machine showing the output of sysinfo: https://i.imgur.com/MFkNi76.jpg</li>
63563 </ul>
63564
63565 <p><hr /></p>
63566
63567 <h3><a href="https://www.freebsdfoundation.org/wp-content/uploads/2018/03/FreeBSD-Foundation-March-2018-Update-1.pdf">FreeBSD Foundation March 2018 Update</a></h3>
63568
63569 <ul>
63570 <li>> Syzkaller update: Syzkaller is a coverage-guided system call fuzzer. It invokes syscalls with arbitrary and changing inputs, and is intended to use code coverage data to guide changes to system call inputs in order to access larger and larger portions of the kernel in the search for bugs.</li>
63571 <li>> Last term’s student focused largely on scripts to deploy and configure Syzkaller on Packet.net’s hosting infrastructure, but did not get to the code coverage integration required for Syzkaller to be effective. This term co-op student Mitchell Horne has been adding code coverage support in FreeBSD for Syzkaller.</li>
63572 <li>> The Linux code coverage support for Syzkaller is known as kcov and was submitted by Dmitry Vyukov, Syzkaller’s author. Kcov is purposebuilt for Syzkaller:
63573 <ul><li>> kcov provides code coverage collection for coverage-guided fuzzing (randomized testing). Coverage-guided fuzzing is a testing technique that uses coverage feedback to determine new interesting inputs to a system.</li>
63574 <li>> kcov does not aim to collect as much coverage as possible. It aims to collect more or less stable coverage that is function of syscall inputs. To achieve this goal it does not collect coverage in soft/hard interrupts and instrumentation of some inherently non-deterministic or non-interesting parts of kernel is disabled (e.g. scheduler, locking).</li></ul></li>
63575 <li>> Mitchell implemented equivalent functionality for FreeBSD - a distinct implementation, but modelled on the one in Linux. These patches are currently in review, as are minor changes to Syzkaller to use the new interface on FreeBSD.</li>
63576 <li>> We still have some additional work to fully integrate Syzkaller and run it on a consistent basis, but the brief testing that has been completed suggests this work will provide a very valuable improvement in test coverage and opportunities for system hardening: we tested Syzkaller with Mitchell's code coverage patch over a weekend. It provoked kernel crashes hundreds of times faster than without his work.</li>
63577 <li>> I want to say thank you to NetApp for becoming an Iridium Partner again this
63578 year! (Donations between $100,000 - $249,999) It’s companies like NetApp, who recognize the importance of supporting our efforts, that allow us to continue to provide software improvements, advocate for FreeBSD, and help lead the release engineering and security efforts.</li>
63579 <li>> Conference Recap: FOSSASIA 2018</li>
63580 <li>Foundation Director Philip Paeps went to FOSSASIA, which is possibly the largest open source event in Asia. The FreeBSD Foundation sponsored the conference.</li>
63581 <li>Our booth had a constant stream of traffic over the weekend and we handed out hundreds of FreeBSD stickers, pens and flyers. Many attendees of FOSSASIA had never heard of FreeBSD before and are now keen to start exploring and perhaps even contributing. By the end of the conference, there were FreeBSD stickers everywhere!</li>
63582 <li>> One particular hallway-track conversation led to an invitation to present FreeBSD at a "Women Who Code" evening in Kuala Lumpur later this week (Thursday 29th March). I spent the days after the conference meeting companies who use (or want to use) FreeBSD in Singapore.</li>
63583 <li>> SCaLE 16x: The Foundation sponsored a FreeBSD table in the expo hall that was
63584 staffed by Dru Lavigne, Warren Block, and Deb Goodkin. Our purpose was to promote FreeBSD, and attract more users and contributors to the Project. We had a steady flow of people stopping by our table, asking inquisitive questions, and picking up some cool swag and FreeBSD handouts.</li>
63585 <li>Deb Goodkin took some tutorials/trainings there and talked to a lot of other open source projects.</li>
63586 <li><blockquote>
63587 <p>Next year, we have the opportunity to have a BSD track, similar to the BSD Devroom at FOSDEM. We are looking for some volunteers in Southern California who can help organize this one or two-day event and help us educate more people about the BSDs. Let us know if you
63588 would like to help with this effort.</p>
63589 </blockquote></li>
63590 <li><blockquote>
63591 <p>Roll Call: #WhoUsesFreeBSD</p>
63592 </blockquote></li>
63593 <li><blockquote>
63594 <p>Many of you probably saw our post on social media asking Who Uses FreeBSD. Please help us answer this question to assist us in determining FreeBSD market share data, promote how companies are successfully using FreeBSD to encourage more companies to embrace
63595 FreeBSD, and to update the list of users on our website. Knowing who uses FreeBSD helps our contributors know where to look for jobs; knowing what universities teach with FreeBSD, helps companies know where to recruit, and knowing what products use FreeBSD helps us determine what features and technologies to support.</p>
63596 </blockquote></li>
63597 <li><blockquote>
63598 <p>New Hosting Partner: Oregon State University Open Source Lab</p>
63599 </blockquote></li>
63600 <li>> We are pleased to announce that the Oregon State University (OSU) Open Source Lab (OSL), which hosts infrastructure for over 160 different open source projects, has agreed to host some of our servers for FreeBSD development. The first server, which should be arriving shortly, is an HP Enterprise Proliant DL360 Gen10 configured with NVDIMM memory which will be initially used for further development and testing of permanent memory support in the kernel.</li>
63601 <li>Stay tuned for more news from the FreeBSD Foundation in May (next newsletter).</li>
63602 </ul>
63603
63604 <p><hr /></p>
63605
63606 <h2>Beastie Bits</h2>
63607
63608 <ul>
63609 <li><a href="https://daniel.haxx.se/blog/2018/03/20/twenty-years-1998-2018/">cURL is 20 today</a></li>
63610 <li><a href="https://www.skyforge.at/posts/a-note-in-sysvipc-and-jails-on-freebsd/">A Note on SYSVIPC and Jails on FreeBSD</a></li>
63611 <li><a href="https://marc.info/?l=openbsd-announce&m=152149507725894&w=2">OpenBSD Errata: March 20th, 2018 (ipsec)</a></li>
63612 <li><a href="https://www.freebsd.org/security/advisories.html">FreeBSD Security Advisories for IPSEC and vt </a></li>
63613 <li><a href="https://www.tecmint.com/pkg-command-examples-to-manage-packages-in-freebsd/">23 Useful PKG Command Examples to Manage Packages in FreeBSD</a></li>
63614 </ul>
63615
63616 <p><hr /></p>
63617
63618 <p><strong>Tarsnap</strong></p>
63619
63620 <h2>Feedback/Questions</h2>
63621
63622 <ul>
63623 <li>Casey - <a href="http://dpaste.com/2VMH555#wrap">Cool Editor</a></li>
63624 <li>Nelson - <a href="http://dpaste.com/2NTE4SD#wrap">New article on FreeBSD vs MacOS</a></li>
63625 <li>Damian - <a href="http://dpaste.com/0FYWVHD#wrap">Mysterious Reverse Proxy 504</a></li>
63626 <li>Nelson - <a href="http://dpaste.com/0BTGTVP#wrap">FreeBSD, rsync, nasty bug, now fixed</a></li>
63627 </ul>
63628
63629 <p><hr /></p>
63630
63631 <ul>
63632 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
63633 </ul>
63634
63635 <p><hr /></p>]]>
63636 </itunes:summary>
63637 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+ZgIsVF3j</fireside:playerURL>
63638 <fireside:playerEmbedCode>
63639 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+ZgIsVF3j" width="740" height="200" frameborder="0" scrolling="no">]]>
63640 </fireside:playerEmbedCode>
63641 </item>
63642 <item>
63643 <title>Episode 241: Bowling in the LimeLight | BSD Now 241</title>
63644 <link>https://www.bsdnow.tv/241</link>
63645 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-1749</guid>
63646 <pubDate>Thu, 12 Apr 2018 06:00:00 -0700</pubDate>
63647 <author>Allan Jude</author>
63648 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/b2801252-e063-4376-b49f-82b61742290d.mp3" length="87193008" type="audio/mp3"/>
63649 <itunes:episodeType>full</itunes:episodeType>
63650 <itunes:author>Allan Jude</itunes:author>
63651 <itunes:subtitle>Second round of ZFS improvements in FreeBSD, Postgres finds that non-FreeBSD/non-Illumos systems are corrupting data, interview with Kevin Bowling, BSDCan list of talks, and cryptographic right answers.</itunes:subtitle>
63652 <itunes:duration>2:01:00</itunes:duration>
63653 <itunes:explicit>no</itunes:explicit>
63654 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
63655 <description>Second round of ZFS improvements in FreeBSD, Postgres finds that non-FreeBSD/non-Illumos systems are corrupting data, interview with Kevin Bowling, BSDCan list of talks, and cryptographic right answers.
63656 <h2>Headlines</h2>
63657 <h3>[Other big ZFS improvements you might have missed]</h3>
63658
63659 <ul>
63660 <li><a href="https://svnweb.freebsd.org/base?view=revision&amp;revision=329798">9075 Improve ZFS pool import/load process and corrupted pool recovery</a>
63661
63662
63663 <blockquote>
63664 <p>One of the first tasks during the pool load process is to parse a config provided from userland that describes what devices the pool is composed of. A vdev tree is generated from that config, and then all the vdevs are opened.
63665 The Meta Object Set (MOS) of the pool is accessed, and several metadata objects that are necessary to load the pool are read. The exact configuration of the pool is also stored inside the MOS. Since the configuration provided from userland is external and might not accurately describe the vdev tree of the pool at the txg that is being loaded, it cannot be relied upon to safely operate the pool. For that reason, the configuration in the MOS is read early on. In the past, the two configurations were compared together and if there was a mismatch then the load process was aborted and an error was returned.
63666 The latter was a good way to ensure a pool does not get corrupted, however it made the pool load process needlessly fragile in cases where the vdev configuration changed or the userland configuration was outdated. Since the MOS is stored in 3 copies, the configuration provided by userland doesn't have to be perfect in order to read its contents. Hence, a new approach has been adopted: The pool is first opened with the untrusted userland configuration just so that the real configuration can be read from the MOS. The trusted MOS configuration is then used to generate a new vdev tree and the pool is re-opened.
63667 When the pool is opened with an untrusted configuration, writes are disabled to avoid accidentally damaging it. During reads, some sanity checks are performed on block pointers to see if each DVA points to a known vdev; when the configuration is untrusted, instead of panicking the system if those checks fail we simply avoid issuing reads to the invalid DVAs.
63668 This new two-step pool load process now allows rewinding pools across vdev tree changes such as device replacement, addition, etc. Loading a pool from an external config file in a clustering environment also becomes much safer now since the pool will import even if the config is outdated and didn't, for instance, register a recent device addition.
63669 With this code in place, it became relatively easy to implement a long-sought-after feature: the ability to import a pool with missing top level (i.e. non-redundant) devices. Note that since this almost guarantees some loss Of data, this feature is for now restricted to a read-only import.</li>
63670 <li></p>
63671
63672 <ul><li><a href="https://svnweb.freebsd.org/base?view=revision&amp;revision=329732">7614 zfs device evacuation/removal</a>
63673 This project allows top-level vdevs to be removed from the storage pool with “zpool remove”, reducing the total amount of storage in the pool. This operation copies all allocated regions of the device to be removed onto other devices, recording the mapping from old to new location. After the removal is complete, read and free operations to the removed (now “indirect”) vdev must be remapped and performed at the new location on disk. The indirect mapping table is kept in memory whenever the pool is loaded, so there is minimal performance overhead when doing operations on the indirect vdev.
63674 The size of the in-memory mapping table will be reduced when its entries become “obsolete” because they are no longer used by any block pointers in the pool. An entry becomes obsolete when all the blocks that use it are freed. An entry can also become obsolete when all the snapshots that reference it are deleted, and the block pointers that reference it have been “remapped” in all filesystems/zvols (and clones). Whenever an indirect block is written, all the block pointers in it will be “remapped” to their new (concrete) locations if possible. This process can be accelerated by using the “zfs remap” command to proactively rewrite all indirect blocks that reference indirect (removed) vdevs.
63675 Note that when a device is removed, we do not verify the checksum of the data that is copied. This makes the process much faster, but if it were used on redundant vdevs (i.e. mirror or raidz vdevs), it would be possible to copy the wrong data, when we have the correct data on e.g. the other side of the mirror. Therefore, mirror and raidz devices can not be removed.</li></ul></li>
63676 <li>You can use ‘zpool detach’ to downgrade a mirror to a single top-level device, so that you can then remove it</li>
63677 <li>
63678 <ul><li><a href="https://svnweb.freebsd.org/base?view=revision&amp;revision=329681">7446 zpool create should support efi system partition</a></li></ul></li>
63679 <li>This one was not actually merged into FreeBSD, as it doesn’t apply currently, but I would like to switch the way FreeBSD deals with full disks to be closer to IllumOS to make automatic spare replacement a hands-off operation.
63680 Since we support whole-disk configuration for boot pool, we also will need whole disk support with UEFI boot and for this, zpool create should create efi-system partition. I have borrowed the idea from oracle solaris, and introducing zpool create -B switch to provide an way to specify that boot partition should be created. However, there is still an question, how big should the system partition be. For time being, I have set default size 256MB (thats minimum size for FAT32 with 4k blocks). To support custom size, the set on creation "bootsize" property is created and so the custom size can be set as: zpool create -B -o bootsize=34MB rpool c0t0d0. After the pool is created, the "bootsize" property is read only. When -B switch is not used, the bootsize defaults to 0 and is shown in zpool get output with no value. Older zfs/zpool implementations can ignore this property.</li>
63681 </ul>
63682
63683 <hr />
63684 </blockquote>
63685
63686 **Digital Ocean**
63687
63688
63689
63690 <h3><a href="https://www.postgresql.org/message-id/flat/CAEepm%3D0B9f0O7jLE3ipUTqC3V6NO2LNbwE9Hp%3D3BxGbZPqEyQg%40mail.gmail.com#CAEepm=0B9f0O7jLE3ipUTqC3V6NO2LNbwE9Hp=3BxGbZPqEyQg@mail.gmail.com">PostgreSQL developers find that every operating system other than FreeBSD and IllumOS might corrupt your data</a></h3>
63691
63692
63693
63694 <blockquote>
63695 <p>Some time ago I ran into an issue where a user encountered data corruption after a storage error. PostgreSQL played a part in that corruption by allowing checkpoint what should've been a fatal error.
63696 TL;DR: Pg should PANIC on fsync() EIO return. Retrying fsync() is not OK at least on Linux. When fsync() returns success it means "all writes since the last fsync have hit disk" but we assume it means "all writes since the last SUCCESSFUL fsync have hit disk".
63697 Pg wrote some blocks, which went to OS dirty buffers for writeback. Writeback failed due to an underlying storage error. The block I/O layer and XFS marked the writeback page as failed (AS<em>EIO), but had no way to tell the app about the failure. When Pg called fsync() on the FD during the next checkpoint, fsync() returned EIO because of the flagged page, to tell Pg that a previous async write failed. Pg treated the checkpoint as failed and didn't advance the redo start position in the control file.
63698 + All good so far.
63699 But then we retried the checkpoint, which retried the fsync(). The retry succeeded, because the prior fsync() *cleared the AS</em>EIO bad page flag*.
63700 The write never made it to disk, but we completed the checkpoint, and merrily carried on our way. Whoops, data loss.
63701 The clear-error-and-continue behaviour of fsync is not documented as far as I can tell. Nor is fsync() returning EIO unless you have a very new linux man-pages with the patch I wrote to add it. But from what I can see in the POSIX standard we are not given any guarantees about what happens on fsync() failure at all, so we're probably wrong to assume that retrying fsync() is safe.
63702 We already PANIC on fsync() failure for WAL segments. We just need to do the same for data forks at least for EIO. This isn't as bad as it seems because AFAICS fsync only returns EIO in cases where we should be stopping the world anyway, and many FSes will do that for us.
63703 + Upon further looking, it turns out it is not just Linux brain damage:
63704 Apparently I was too optimistic. I had looked only at FreeBSD, which keeps the page around and dirties it so we can retry, but the other BSDs apparently don't (<a href="https://github.com/freebsd/freebsd/commit/e4e8fec98ae986357cdc208b04557dba55a59266">FreeBSD changed that in 1999</a>).
63705 From what I can tell from the sources below, we have: Linux, OpenBSD, NetBSD: retrying fsync() after EIO lies
63706 FreeBSD, Illumos: retrying fsync() after EIO tells the truth
63707 + <a href="http://gnats.netbsd.org/53152">NetBSD PR to solve the issues </a>
63708 + I/O errors are not reported back to fsync at all.
63709 + Write errors during genfs_putpages that fail for any reason other than ENOMEM cause the data to be semi-silently discarded.
63710 + It appears that UVM pages are marked clean when they're selected to be written out, not after the write succeeds; so there are a bunch of potential races when writes fail.
63711 + It appears that write errors for buffercache buffers are semi-silently discarded as well.</p>
63712 </blockquote>
63713
63714 <hr />
63715
63716
63717
63718
63719
63720 <h2>Interview - Kevin Bowling: Senior Manager Engineering of LimeLight Networks - <a href="mailto:kbowling@llnw.com">kbowling@llnw.com</a> / <a href="https://twitter.com/kevinbowling1">@kevinbowling1</a></h2>
63721
63722 <ul>
63723 <li>BR: How did you first get introduced to UNIX and BSD?</li>
63724 <li>AJ: What got you started contributing to an open source project?</li>
63725 <li>BR: What sorts of things have you worked on it the past?</li>
63726 <li>AJ: Tell us a bit about LimeLight and how they use FreeBSD.</li>
63727 <li>BR: What are the biggest advantages of FreeBSD for LimeLight?</li>
63728 <li>AJ: What could FreeBSD do better that would benefit LimeLight?</li>
63729 <li>BR: What has LimeLight given back to FreeBSD?</li>
63730 <li>AJ: What have you been working on more recently?</li>
63731 <li>BR: What do you find to be the most valuable part of open source?</li>
63732 <li>AJ: Where do you think the most improvement in open source is needed?</li>
63733 <li>BR: Tell us a bit about your computing history collection. What are your three favourite pieces?</li>
63734 <li>AJ: How do you keep motivated to work on Open Source?</li>
63735 <li>BR: What do you do for fun?</li>
63736 <li>AJ: Anything else you want to mention?</li>
63737 </ul>
63738
63739 <hr />
63740 <h2>News Roundup</h2>
63741
63742 <h3><a href="http://www.bsdcan.org/2018/schedule/">BSDCan 2018 Selected Talks</a></h3>
63743
63744 <ul>
63745 <li>The schedule for BSDCan is up</li>
63746 <li>Lots of interesting content, we are looking forward to it</li>
63747 <li>We hope to see lots of you there. Make sure you come introduce yourselves to us. Don’t be shy.</li>
63748 <li>Remember, if this is your first BSDCan, checkout the newbie session on Thursday night. It’ll help you get to know a few people so you have someone you can ask for guidance.</li>
63749 <li>Also, check out the hallway track, the tables, and come to the hacker lounge.</li>
63750 </ul>
63751
63752 <hr />
63753 <p><strong>iXsystems</strong></p>
63754
63755 <h3><a href="http://latacora.singles/2018/04/03/cryptographic-right-answers.html">Cryptographic Right Answers</a></h3>
63756
63757 <ul>
63758 <li>Crypto can be confusing. We all know we shouldn’t roll our own, but what should we use?</li>
63759 <li>Well, some developers have tried to answer that question over the years, keeping an updated list of “Right Answers”</li>
63760 <li>2009: <a href="https://twitter.com/cperciva">Colin Percival</a> of FreeBSD</li>
63761 <li>2015: <a href="https://twitter.com/tqbf">Thomas H. Ptacek</a></li>
63762 <li>2018: <a href="https://twitter.com/latacora_team">Latacora</a> A consultancy that provides “Retained security teams for startups”, where Thomas Ptacek works.
63763
63764
63765 <blockquote>
63766 <p>We’re less interested in empowering developers and a lot more pessimistic about the prospects of getting this stuff right.</li>
63767 </ul>
63768 There are, in the literature and in the most sophisticated modern systems, “better” answers for many of these items. If you’re building for low-footprint embedded systems, you can use STROBE and a sound, modern, authenticated encryption stack entirely out of a single SHA-3-like sponge constructions. You can use NOISE to build a secure transport protocol with its own AKE. Speaking of AKEs, there are, like, 30 different password AKEs you could choose from.</p>
63769
63770 <p>But if you’re a developer and not a cryptography engineer, you shouldn’t do any of that. You should keep things simple and conventional and easy to analyze; “boring”, as the Google TLS people would say.</p>
63771 </blockquote>
63772
63773 <ul>
63774 <li><p>Cryptographic Right Answers</p></li>
63775 <li><p>Encrypting Data</p></li>
63776 </ul>
63777
63778 <blockquote>
63779 <p>Percival, 2009: AES-CTR with HMAC.
63780 Ptacek, 2015: (1) NaCl/libsodium’s default, (2) ChaCha20-Poly1305, or (3) AES-GCM.
63781 Latacora, 2018: KMS or XSalsa20+Poly1305</p>
63782 </blockquote>
63783
63784 <ul>
63785 <li>Symmetric key length</li>
63786 </ul>
63787
63788 <blockquote>
63789 <p>Percival, 2009: Use 256-bit keys.
63790 Ptacek, 2015: Use 256-bit keys.
63791 Latacora, 2018: Go ahead and use 256 bit keys.</p>
63792 </blockquote>
63793
63794 <ul>
63795 <li>Symmetric “Signatures”</li>
63796 </ul>
63797
63798 <blockquote>
63799 <p>Percival, 2009: Use HMAC.
63800 Ptacek, 2015: Yep, use HMAC.
63801 Latacora, 2018: Still HMAC.</p>
63802 </blockquote>
63803
63804 <ul>
63805 <li>Hashing algorithm</li>
63806 </ul>
63807
63808 <blockquote>
63809 <p>Percival, 2009: Use SHA256 (SHA-2).
63810 Ptacek, 2015: Use SHA-2.
63811 Latacora, 2018: Still SHA-2.</p>
63812 </blockquote>
63813
63814 <ul>
63815 <li>Random IDs</li>
63816 </ul>
63817
63818 <blockquote>
63819 <p>Percival, 2009: Use 256-bit random numbers.
63820 Ptacek, 2015: Use 256-bit random numbers.
63821 Latacora, 2018: Use 256-bit random numbers.</p>
63822 </blockquote>
63823
63824 <ul>
63825 <li>Password handling</li>
63826 </ul>
63827
63828 <blockquote>
63829 <p>Percival, 2009: scrypt or PBKDF2.
63830 Ptacek, 2015: In order of preference, use scrypt, bcrypt, and then if nothing else is available PBKDF2.
63831 Latacora, 2018: In order of preference, use scrypt, argon2, bcrypt, and then if nothing else is available PBKDF2.</p>
63832 </blockquote>
63833
63834 <ul>
63835 <li>Asymmetric encryption</li>
63836 </ul>
63837
63838 <blockquote>
63839 <p>Percival, 2009: Use RSAES-OAEP with SHA256 and MGF1+SHA256 bzzrt pop ffssssssst exponent 65537.
63840 Ptacek, 2015: Use NaCl/libsodium (box / crypto<em>box).
63841 Latacora, 2018: Use Nacl/libsodium (box / crypto</em>box).</p>
63842 </blockquote>
63843
63844 <ul>
63845 <li>Asymmetric signatures</li>
63846 </ul>
63847
63848 <blockquote>
63849 <p>Percival, 2009: Use RSASSA-PSS with SHA256 then MGF1+SHA256 in tricolor systemic silicate orientation.
63850 Ptacek, 2015: Use Nacl, Ed25519, or RFC6979.
63851 Latacora, 2018: Use Nacl or Ed25519.</p>
63852 </blockquote>
63853
63854 <ul>
63855 <li>Diffie-Hellman</li>
63856 </ul>
63857
63858 <blockquote>
63859 <p>Percival, 2009: Operate over the 2048-bit Group #14 with a generator of 2.
63860 Ptacek, 2015: Probably still DH-2048, or Nacl.
63861 Latacora, 2018: Probably nothing. Or use Curve25519.</p>
63862 </blockquote>
63863
63864 <ul>
63865 <li>Website security</li>
63866 </ul>
63867
63868 <blockquote>
63869 <p>Percival, 2009: Use OpenSSL.
63870 Ptacek, 2015: Remains: OpenSSL, or BoringSSL if you can. Or just use AWS ELBs
63871 Latacora, 2018: Use AWS ALB/ELB or OpenSSL, with LetsEncrypt</p>
63872 </blockquote>
63873
63874 <ul>
63875 <li>Client-server application security</li>
63876 </ul>
63877
63878 <blockquote>
63879 <p>Percival, 2009: Distribute the server’s public RSA key with the client code, and do not use SSL.
63880 Ptacek, 2015: Use OpenSSL, or BoringSSL if you can. Or just use AWS ELBs
63881 Latacora, 2018: Use AWS ALB/ELB or OpenSSL, with LetsEncrypt</p>
63882 </blockquote>
63883
63884 <ul>
63885 <li>Online backups</li>
63886 </ul>
63887
63888 <blockquote>
63889 <p>Percival, 2009: Use Tarsnap.
63890 Ptacek, 2015: Use Tarsnap.
63891 Latacora, 2018: Store PMAC-SIV-encrypted arc files to S3 and save fingerprints of your backups to an ERC20-compatible blockchain. Just kidding. You should still use Tarsnap.</p>
63892 </blockquote>
63893
63894 <ul>
63895 <li>Seriously though, use Tarsnap.</li>
63896 </ul>
63897
63898 <hr />
63899 <h3><a href="https://dan.langille.org/2018/03/19/adding-ipv6-to-an-existing-server/">Adding IPv6 to an existing server</a></h3>
63900
63901 <blockquote>
63902 <p>I am adding IPv6 addresses to each of my servers. This post assumes the server is up and running FreeBSD 11.1 and you already have an IPv6 address block. This does not cover the creation of an IPv6 tunnel, such as that provided by HE.net. This assumes native IPv6.</p>
63903
63904 <p>In this post, I am using the IPv6 addresses from the IPv6 Address Prefix Reserved for Documentation (i.e. 2001:DB8::/32). You should use your own addresses.</p>
63905
63906 <p>The IPv6 block I have been assigned is 2001:DB8:1001:8d00/64.</p>
63907
63908 <p>I added this to /etc/rc.conf:</p>
63909 </blockquote>
63910
63911 <p><code>
63912 ipv6_activate_all_interfaces="YES"
63913 ipv6_defaultrouter="2001:DB8:1001:8d00::1"
63914 ifconfig_em1_ipv6="inet6 2001:DB8:1001:8d00:d389:119c:9b57:396b prefixlen 64 accept_rtadv" # ns1
63915 </code></p>
63916
63917 <blockquote>
63918 <p>The IPv6 address I have assigned to this host is completely random (with the given block). I found a random IPv6 address generator and used it to select d389:119c:9b57:396b as the address for this service within my address block.</p>
63919
63920 <p>I don’t have the reference, but I did read that randomly selecting addresses within your block is a better approach.</p>
63921
63922 <p>In order to invoke these changes without rebooting, I issued these commands:</p>
63923 </blockquote>
63924
63925 <p>```
63926 [dan@tallboy:~] $ sudo ifconfig em1 inet6 2001:DB8:1001:8d00:d389:119c:9b57:396b prefixlen 64 accept_rtadv
63927 [dan@tallboy:~] $ </p>
63928
63929 <p>[dan@tallboy:~] $ sudo route add -inet6 default 2001:DB8:1001:8d00::1
63930 add net default: gateway 2001:DB8:1001:8d00::1
63931 ```</p>
63932
63933 <blockquote>
63934 <p>If you do the route add first, you will get this error:</p>
63935 </blockquote>
63936
63937 <p><code>
63938 [dan@tallboy:~] $ sudo route add -inet6 default 2001:DB8:1001:8d00::1
63939 route: writing to routing socket: Network is unreachable
63940 add net default: gateway 2001:DB8:1001:8d00::1 fib 0: Network is unreachable
63941 </code></p>
63942
63943 <hr />
63944 <h2>Beastie Bits</h2>
63945
63946 <ul>
63947 <li><a href="https://vermaden.wordpress.com/2018/03/15/ghost-in-the-shell-part-1/">Ghost in the Shell – Part 1</a></li>
63948 <li><a href="https://gist.github.com/dlangille/bcf918b22aaf9b3fd17408b39c97e8ce">Enabling compression on ZFS - a practical example</a></li>
63949 <li><a href="https://0x7e2.bsidesljubljana.si/modern-secure-devops-freebsd-goran-mekic/">Modern and secure DevOps on FreeBSD (Goran Mekić)</a></li>
63950 <li><a href="https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.0-relnotes.txt">LibreSSL 2.7.0 Released</a></li>
63951 <li><a href="https://zrepl.github.io/changelog.html">zrepl version 0.0.3 is out!</a></li>
63952 <li>[ZFS User Conference](http://zfs.datto.com/]</li>
63953 </ul>
63954
63955 <hr />
63956 <p><strong>Tarsnap</strong></p>
63957
63958 <h2>Feedback/Questions</h2>
63959
63960 <ul>
63961 <li>Benjamin - <a href="http://dpaste.com/1SXE1B9#wrap">BSD Personal Mailserver</a></li>
63962 <li>Warren - <a href="http://dpaste.com/0RN0S8X#wrap">ZFS volume size limit (show #233)</a></li>
63963 <li>Lars - <a href="http://dpaste.com/3RAM4Z7#wrap">AFRINIC</a></li>
63964 <li>Brad - <a href="http://dpaste.com/0M7XD71#wrap">OpenZFS vs OracleZFS</a></li>
63965 </ul>
63966
63967 <hr />
63968 <ul>
63969 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
63970 </ul>
63971 </description>
63972 <content:encoded>
63973 <![CDATA[<p>Second round of ZFS improvements in FreeBSD, Postgres finds that non-FreeBSD/non-Illumos systems are corrupting data, interview with Kevin Bowling, BSDCan list of talks, and cryptographic right answers.</p>
63974
63975 <h2>Headlines</h2>
63976
63977 <h3>[Other big ZFS improvements you might have missed]</h3>
63978
63979 <ul>
63980 <li><a href="https://svnweb.freebsd.org/base?view=revision&revision=329798">9075 Improve ZFS pool import/load process and corrupted pool recovery</a>
63981
63982
63983 <blockquote>
63984 <p>One of the first tasks during the pool load process is to parse a config provided from userland that describes what devices the pool is composed of. A vdev tree is generated from that config, and then all the vdevs are opened.
63985 The Meta Object Set (MOS) of the pool is accessed, and several metadata objects that are necessary to load the pool are read. The exact configuration of the pool is also stored inside the MOS. Since the configuration provided from userland is external and might not accurately describe the vdev tree of the pool at the txg that is being loaded, it cannot be relied upon to safely operate the pool. For that reason, the configuration in the MOS is read early on. In the past, the two configurations were compared together and if there was a mismatch then the load process was aborted and an error was returned.
63986 The latter was a good way to ensure a pool does not get corrupted, however it made the pool load process needlessly fragile in cases where the vdev configuration changed or the userland configuration was outdated. Since the MOS is stored in 3 copies, the configuration provided by userland doesn't have to be perfect in order to read its contents. Hence, a new approach has been adopted: The pool is first opened with the untrusted userland configuration just so that the real configuration can be read from the MOS. The trusted MOS configuration is then used to generate a new vdev tree and the pool is re-opened.
63987 When the pool is opened with an untrusted configuration, writes are disabled to avoid accidentally damaging it. During reads, some sanity checks are performed on block pointers to see if each DVA points to a known vdev; when the configuration is untrusted, instead of panicking the system if those checks fail we simply avoid issuing reads to the invalid DVAs.
63988 This new two-step pool load process now allows rewinding pools across vdev tree changes such as device replacement, addition, etc. Loading a pool from an external config file in a clustering environment also becomes much safer now since the pool will import even if the config is outdated and didn't, for instance, register a recent device addition.
63989 With this code in place, it became relatively easy to implement a long-sought-after feature: the ability to import a pool with missing top level (i.e. non-redundant) devices. Note that since this almost guarantees some loss Of data, this feature is for now restricted to a read-only import.</li>
63990 <li></p>
63991
63992 <ul><li><a href="https://svnweb.freebsd.org/base?view=revision&revision=329732">7614 zfs device evacuation/removal</a>
63993 This project allows top-level vdevs to be removed from the storage pool with “zpool remove”, reducing the total amount of storage in the pool. This operation copies all allocated regions of the device to be removed onto other devices, recording the mapping from old to new location. After the removal is complete, read and free operations to the removed (now “indirect”) vdev must be remapped and performed at the new location on disk. The indirect mapping table is kept in memory whenever the pool is loaded, so there is minimal performance overhead when doing operations on the indirect vdev.
63994 The size of the in-memory mapping table will be reduced when its entries become “obsolete” because they are no longer used by any block pointers in the pool. An entry becomes obsolete when all the blocks that use it are freed. An entry can also become obsolete when all the snapshots that reference it are deleted, and the block pointers that reference it have been “remapped” in all filesystems/zvols (and clones). Whenever an indirect block is written, all the block pointers in it will be “remapped” to their new (concrete) locations if possible. This process can be accelerated by using the “zfs remap” command to proactively rewrite all indirect blocks that reference indirect (removed) vdevs.
63995 Note that when a device is removed, we do not verify the checksum of the data that is copied. This makes the process much faster, but if it were used on redundant vdevs (i.e. mirror or raidz vdevs), it would be possible to copy the wrong data, when we have the correct data on e.g. the other side of the mirror. Therefore, mirror and raidz devices can not be removed.</li></ul></li>
63996 <li>You can use ‘zpool detach’ to downgrade a mirror to a single top-level device, so that you can then remove it</li>
63997 <li>
63998 <ul><li><a href="https://svnweb.freebsd.org/base?view=revision&revision=329681">7446 zpool create should support efi system partition</a></li></ul></li>
63999 <li>This one was not actually merged into FreeBSD, as it doesn’t apply currently, but I would like to switch the way FreeBSD deals with full disks to be closer to IllumOS to make automatic spare replacement a hands-off operation.
64000 Since we support whole-disk configuration for boot pool, we also will need whole disk support with UEFI boot and for this, zpool create should create efi-system partition. I have borrowed the idea from oracle solaris, and introducing zpool create -B switch to provide an way to specify that boot partition should be created. However, there is still an question, how big should the system partition be. For time being, I have set default size 256MB (thats minimum size for FAT32 with 4k blocks). To support custom size, the set on creation "bootsize" property is created and so the custom size can be set as: zpool create -B -o bootsize=34MB rpool c0t0d0. After the pool is created, the "bootsize" property is read only. When -B switch is not used, the bootsize defaults to 0 and is shown in zpool get output with no value. Older zfs/zpool implementations can ignore this property.</li>
64001 </ul>
64002
64003 <hr />
64004 </blockquote>
64005
64006 **Digital Ocean**
64007
64008
64009
64010 <h3><a href="https://www.postgresql.org/message-id/flat/CAEepm%3D0B9f0O7jLE3ipUTqC3V6NO2LNbwE9Hp%3D3BxGbZPqEyQg%40mail.gmail.com#CAEepm=0B9f0O7jLE3ipUTqC3V6NO2LNbwE9Hp=3BxGbZPqEyQg@mail.gmail.com">PostgreSQL developers find that every operating system other than FreeBSD and IllumOS might corrupt your data</a></h3>
64011
64012
64013
64014 <blockquote>
64015 <p>Some time ago I ran into an issue where a user encountered data corruption after a storage error. PostgreSQL played a part in that corruption by allowing checkpoint what should've been a fatal error.
64016 TL;DR: Pg should PANIC on fsync() EIO return. Retrying fsync() is not OK at least on Linux. When fsync() returns success it means "all writes since the last fsync have hit disk" but we assume it means "all writes since the last SUCCESSFUL fsync have hit disk".
64017 Pg wrote some blocks, which went to OS dirty buffers for writeback. Writeback failed due to an underlying storage error. The block I/O layer and XFS marked the writeback page as failed (AS<em>EIO), but had no way to tell the app about the failure. When Pg called fsync() on the FD during the next checkpoint, fsync() returned EIO because of the flagged page, to tell Pg that a previous async write failed. Pg treated the checkpoint as failed and didn't advance the redo start position in the control file.
64018 + All good so far.
64019 But then we retried the checkpoint, which retried the fsync(). The retry succeeded, because the prior fsync() *cleared the AS</em>EIO bad page flag*.
64020 The write never made it to disk, but we completed the checkpoint, and merrily carried on our way. Whoops, data loss.
64021 The clear-error-and-continue behaviour of fsync is not documented as far as I can tell. Nor is fsync() returning EIO unless you have a very new linux man-pages with the patch I wrote to add it. But from what I can see in the POSIX standard we are not given any guarantees about what happens on fsync() failure at all, so we're probably wrong to assume that retrying fsync() is safe.
64022 We already PANIC on fsync() failure for WAL segments. We just need to do the same for data forks at least for EIO. This isn't as bad as it seems because AFAICS fsync only returns EIO in cases where we should be stopping the world anyway, and many FSes will do that for us.
64023 + Upon further looking, it turns out it is not just Linux brain damage:
64024 Apparently I was too optimistic. I had looked only at FreeBSD, which keeps the page around and dirties it so we can retry, but the other BSDs apparently don't (<a href="https://github.com/freebsd/freebsd/commit/e4e8fec98ae986357cdc208b04557dba55a59266">FreeBSD changed that in 1999</a>).
64025 From what I can tell from the sources below, we have: Linux, OpenBSD, NetBSD: retrying fsync() after EIO lies
64026 FreeBSD, Illumos: retrying fsync() after EIO tells the truth
64027 + <a href="http://gnats.netbsd.org/53152">NetBSD PR to solve the issues </a>
64028 + I/O errors are not reported back to fsync at all.
64029 + Write errors during genfs_putpages that fail for any reason other than ENOMEM cause the data to be semi-silently discarded.
64030 + It appears that UVM pages are marked clean when they're selected to be written out, not after the write succeeds; so there are a bunch of potential races when writes fail.
64031 + It appears that write errors for buffercache buffers are semi-silently discarded as well.</p>
64032 </blockquote>
64033
64034 <hr />
64035
64036
64037
64038
64039
64040 <h2>Interview - Kevin Bowling: Senior Manager Engineering of LimeLight Networks - <a href="mailto:kbowling@llnw.com">kbowling@llnw.com</a> / <a href="https://twitter.com/kevinbowling1">@kevinbowling1</a></h2>
64041
64042 <ul>
64043 <li>BR: How did you first get introduced to UNIX and BSD?</li>
64044 <li>AJ: What got you started contributing to an open source project?</li>
64045 <li>BR: What sorts of things have you worked on it the past?</li>
64046 <li>AJ: Tell us a bit about LimeLight and how they use FreeBSD.</li>
64047 <li>BR: What are the biggest advantages of FreeBSD for LimeLight?</li>
64048 <li>AJ: What could FreeBSD do better that would benefit LimeLight?</li>
64049 <li>BR: What has LimeLight given back to FreeBSD?</li>
64050 <li>AJ: What have you been working on more recently?</li>
64051 <li>BR: What do you find to be the most valuable part of open source?</li>
64052 <li>AJ: Where do you think the most improvement in open source is needed?</li>
64053 <li>BR: Tell us a bit about your computing history collection. What are your three favourite pieces?</li>
64054 <li>AJ: How do you keep motivated to work on Open Source?</li>
64055 <li>BR: What do you do for fun?</li>
64056 <li>AJ: Anything else you want to mention?</li>
64057 </ul>
64058
64059 <p><hr /></p>
64060
64061 <h2>News Roundup</h2>
64062
64063 <h3><a href="http://www.bsdcan.org/2018/schedule/">BSDCan 2018 Selected Talks</a></h3>
64064
64065 <ul>
64066 <li>The schedule for BSDCan is up</li>
64067 <li>Lots of interesting content, we are looking forward to it</li>
64068 <li>We hope to see lots of you there. Make sure you come introduce yourselves to us. Don’t be shy.</li>
64069 <li>Remember, if this is your first BSDCan, checkout the newbie session on Thursday night. It’ll help you get to know a few people so you have someone you can ask for guidance.</li>
64070 <li>Also, check out the hallway track, the tables, and come to the hacker lounge.</li>
64071 </ul>
64072
64073 <p><hr /></p>
64074
64075 <p><strong>iXsystems</strong></p>
64076
64077 <h3><a href="http://latacora.singles/2018/04/03/cryptographic-right-answers.html">Cryptographic Right Answers</a></h3>
64078
64079 <ul>
64080 <li>Crypto can be confusing. We all know we shouldn’t roll our own, but what should we use?</li>
64081 <li>Well, some developers have tried to answer that question over the years, keeping an updated list of “Right Answers”</li>
64082 <li>2009: <a href="https://twitter.com/cperciva">Colin Percival</a> of FreeBSD</li>
64083 <li>2015: <a href="https://twitter.com/tqbf">Thomas H. Ptacek</a></li>
64084 <li>2018: <a href="https://twitter.com/latacora_team">Latacora</a> A consultancy that provides “Retained security teams for startups”, where Thomas Ptacek works.
64085
64086
64087 <blockquote>
64088 <p>We’re less interested in empowering developers and a lot more pessimistic about the prospects of getting this stuff right.</li>
64089 </ul>
64090 There are, in the literature and in the most sophisticated modern systems, “better” answers for many of these items. If you’re building for low-footprint embedded systems, you can use STROBE and a sound, modern, authenticated encryption stack entirely out of a single SHA-3-like sponge constructions. You can use NOISE to build a secure transport protocol with its own AKE. Speaking of AKEs, there are, like, 30 different password AKEs you could choose from.</p>
64091
64092 <p>But if you’re a developer and not a cryptography engineer, you shouldn’t do any of that. You should keep things simple and conventional and easy to analyze; “boring”, as the Google TLS people would say.</p>
64093 </blockquote>
64094
64095 <ul>
64096 <li><p>Cryptographic Right Answers</p></li>
64097 <li><p>Encrypting Data</p></li>
64098 </ul>
64099
64100 <blockquote>
64101 <p>Percival, 2009: AES-CTR with HMAC.
64102 Ptacek, 2015: (1) NaCl/libsodium’s default, (2) ChaCha20-Poly1305, or (3) AES-GCM.
64103 Latacora, 2018: KMS or XSalsa20+Poly1305</p>
64104 </blockquote>
64105
64106 <ul>
64107 <li>Symmetric key length</li>
64108 </ul>
64109
64110 <blockquote>
64111 <p>Percival, 2009: Use 256-bit keys.
64112 Ptacek, 2015: Use 256-bit keys.
64113 Latacora, 2018: Go ahead and use 256 bit keys.</p>
64114 </blockquote>
64115
64116 <ul>
64117 <li>Symmetric “Signatures”</li>
64118 </ul>
64119
64120 <blockquote>
64121 <p>Percival, 2009: Use HMAC.
64122 Ptacek, 2015: Yep, use HMAC.
64123 Latacora, 2018: Still HMAC.</p>
64124 </blockquote>
64125
64126 <ul>
64127 <li>Hashing algorithm</li>
64128 </ul>
64129
64130 <blockquote>
64131 <p>Percival, 2009: Use SHA256 (SHA-2).
64132 Ptacek, 2015: Use SHA-2.
64133 Latacora, 2018: Still SHA-2.</p>
64134 </blockquote>
64135
64136 <ul>
64137 <li>Random IDs</li>
64138 </ul>
64139
64140 <blockquote>
64141 <p>Percival, 2009: Use 256-bit random numbers.
64142 Ptacek, 2015: Use 256-bit random numbers.
64143 Latacora, 2018: Use 256-bit random numbers.</p>
64144 </blockquote>
64145
64146 <ul>
64147 <li>Password handling</li>
64148 </ul>
64149
64150 <blockquote>
64151 <p>Percival, 2009: scrypt or PBKDF2.
64152 Ptacek, 2015: In order of preference, use scrypt, bcrypt, and then if nothing else is available PBKDF2.
64153 Latacora, 2018: In order of preference, use scrypt, argon2, bcrypt, and then if nothing else is available PBKDF2.</p>
64154 </blockquote>
64155
64156 <ul>
64157 <li>Asymmetric encryption</li>
64158 </ul>
64159
64160 <blockquote>
64161 <p>Percival, 2009: Use RSAES-OAEP with SHA256 and MGF1+SHA256 bzzrt pop ffssssssst exponent 65537.
64162 Ptacek, 2015: Use NaCl/libsodium (box / crypto<em>box).
64163 Latacora, 2018: Use Nacl/libsodium (box / crypto</em>box).</p>
64164 </blockquote>
64165
64166 <ul>
64167 <li>Asymmetric signatures</li>
64168 </ul>
64169
64170 <blockquote>
64171 <p>Percival, 2009: Use RSASSA-PSS with SHA256 then MGF1+SHA256 in tricolor systemic silicate orientation.
64172 Ptacek, 2015: Use Nacl, Ed25519, or RFC6979.
64173 Latacora, 2018: Use Nacl or Ed25519.</p>
64174 </blockquote>
64175
64176 <ul>
64177 <li>Diffie-Hellman</li>
64178 </ul>
64179
64180 <blockquote>
64181 <p>Percival, 2009: Operate over the 2048-bit Group #14 with a generator of 2.
64182 Ptacek, 2015: Probably still DH-2048, or Nacl.
64183 Latacora, 2018: Probably nothing. Or use Curve25519.</p>
64184 </blockquote>
64185
64186 <ul>
64187 <li>Website security</li>
64188 </ul>
64189
64190 <blockquote>
64191 <p>Percival, 2009: Use OpenSSL.
64192 Ptacek, 2015: Remains: OpenSSL, or BoringSSL if you can. Or just use AWS ELBs
64193 Latacora, 2018: Use AWS ALB/ELB or OpenSSL, with LetsEncrypt</p>
64194 </blockquote>
64195
64196 <ul>
64197 <li>Client-server application security</li>
64198 </ul>
64199
64200 <blockquote>
64201 <p>Percival, 2009: Distribute the server’s public RSA key with the client code, and do not use SSL.
64202 Ptacek, 2015: Use OpenSSL, or BoringSSL if you can. Or just use AWS ELBs
64203 Latacora, 2018: Use AWS ALB/ELB or OpenSSL, with LetsEncrypt</p>
64204 </blockquote>
64205
64206 <ul>
64207 <li>Online backups</li>
64208 </ul>
64209
64210 <blockquote>
64211 <p>Percival, 2009: Use Tarsnap.
64212 Ptacek, 2015: Use Tarsnap.
64213 Latacora, 2018: Store PMAC-SIV-encrypted arc files to S3 and save fingerprints of your backups to an ERC20-compatible blockchain. Just kidding. You should still use Tarsnap.</p>
64214 </blockquote>
64215
64216 <ul>
64217 <li>Seriously though, use Tarsnap.</li>
64218 </ul>
64219
64220 <p><hr /></p>
64221
64222 <h3><a href="https://dan.langille.org/2018/03/19/adding-ipv6-to-an-existing-server/">Adding IPv6 to an existing server</a></h3>
64223
64224 <blockquote>
64225 <p>I am adding IPv6 addresses to each of my servers. This post assumes the server is up and running FreeBSD 11.1 and you already have an IPv6 address block. This does not cover the creation of an IPv6 tunnel, such as that provided by HE.net. This assumes native IPv6.</p>
64226
64227 <p>In this post, I am using the IPv6 addresses from the IPv6 Address Prefix Reserved for Documentation (i.e. 2001:DB8::/32). You should use your own addresses.</p>
64228
64229 <p>The IPv6 block I have been assigned is 2001:DB8:1001:8d00/64.</p>
64230
64231 <p>I added this to /etc/rc.conf:</p>
64232 </blockquote>
64233
64234 <p><code>
64235 ipv6_activate_all_interfaces="YES"
64236 ipv6_defaultrouter="2001:DB8:1001:8d00::1"
64237 ifconfig_em1_ipv6="inet6 2001:DB8:1001:8d00:d389:119c:9b57:396b prefixlen 64 accept_rtadv" # ns1
64238 </code></p>
64239
64240 <blockquote>
64241 <p>The IPv6 address I have assigned to this host is completely random (with the given block). I found a random IPv6 address generator and used it to select d389:119c:9b57:396b as the address for this service within my address block.</p>
64242
64243 <p>I don’t have the reference, but I did read that randomly selecting addresses within your block is a better approach.</p>
64244
64245 <p>In order to invoke these changes without rebooting, I issued these commands:</p>
64246 </blockquote>
64247
64248 <p>```
64249 [dan@tallboy:~] $ sudo ifconfig em1 inet6 2001:DB8:1001:8d00:d389:119c:9b57:396b prefixlen 64 accept_rtadv
64250 [dan@tallboy:~] $ </p>
64251
64252 <p>[dan@tallboy:~] $ sudo route add -inet6 default 2001:DB8:1001:8d00::1
64253 add net default: gateway 2001:DB8:1001:8d00::1
64254 ```</p>
64255
64256 <blockquote>
64257 <p>If you do the route add first, you will get this error:</p>
64258 </blockquote>
64259
64260 <p><code>
64261 [dan@tallboy:~] $ sudo route add -inet6 default 2001:DB8:1001:8d00::1
64262 route: writing to routing socket: Network is unreachable
64263 add net default: gateway 2001:DB8:1001:8d00::1 fib 0: Network is unreachable
64264 </code></p>
64265
64266 <p><hr /></p>
64267
64268 <h2>Beastie Bits</h2>
64269
64270 <ul>
64271 <li><a href="https://vermaden.wordpress.com/2018/03/15/ghost-in-the-shell-part-1/">Ghost in the Shell – Part 1</a></li>
64272 <li><a href="https://gist.github.com/dlangille/bcf918b22aaf9b3fd17408b39c97e8ce">Enabling compression on ZFS - a practical example</a></li>
64273 <li><a href="https://0x7e2.bsidesljubljana.si/modern-secure-devops-freebsd-goran-mekic/">Modern and secure DevOps on FreeBSD (Goran Mekić)</a></li>
64274 <li><a href="https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.0-relnotes.txt">LibreSSL 2.7.0 Released</a></li>
64275 <li><a href="https://zrepl.github.io/changelog.html">zrepl version 0.0.3 is out!</a></li>
64276 <li>[ZFS User Conference](http://zfs.datto.com/]</li>
64277 </ul>
64278
64279 <p><hr /></p>
64280
64281 <p><strong>Tarsnap</strong></p>
64282
64283 <h2>Feedback/Questions</h2>
64284
64285 <ul>
64286 <li>Benjamin - <a href="http://dpaste.com/1SXE1B9#wrap">BSD Personal Mailserver</a></li>
64287 <li>Warren - <a href="http://dpaste.com/0RN0S8X#wrap">ZFS volume size limit (show #233)</a></li>
64288 <li>Lars - <a href="http://dpaste.com/3RAM4Z7#wrap">AFRINIC</a></li>
64289 <li>Brad - <a href="http://dpaste.com/0M7XD71#wrap">OpenZFS vs OracleZFS</a></li>
64290 </ul>
64291
64292 <p><hr /></p>
64293
64294 <ul>
64295 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
64296 </ul>]]>
64297 </content:encoded>
64298 <itunes:summary>
64299 <![CDATA[<p>Second round of ZFS improvements in FreeBSD, Postgres finds that non-FreeBSD/non-Illumos systems are corrupting data, interview with Kevin Bowling, BSDCan list of talks, and cryptographic right answers.</p>
64300
64301 <h2>Headlines</h2>
64302
64303 <h3>[Other big ZFS improvements you might have missed]</h3>
64304
64305 <ul>
64306 <li><a href="https://svnweb.freebsd.org/base?view=revision&revision=329798">9075 Improve ZFS pool import/load process and corrupted pool recovery</a>
64307
64308
64309 <blockquote>
64310 <p>One of the first tasks during the pool load process is to parse a config provided from userland that describes what devices the pool is composed of. A vdev tree is generated from that config, and then all the vdevs are opened.
64311 The Meta Object Set (MOS) of the pool is accessed, and several metadata objects that are necessary to load the pool are read. The exact configuration of the pool is also stored inside the MOS. Since the configuration provided from userland is external and might not accurately describe the vdev tree of the pool at the txg that is being loaded, it cannot be relied upon to safely operate the pool. For that reason, the configuration in the MOS is read early on. In the past, the two configurations were compared together and if there was a mismatch then the load process was aborted and an error was returned.
64312 The latter was a good way to ensure a pool does not get corrupted, however it made the pool load process needlessly fragile in cases where the vdev configuration changed or the userland configuration was outdated. Since the MOS is stored in 3 copies, the configuration provided by userland doesn't have to be perfect in order to read its contents. Hence, a new approach has been adopted: The pool is first opened with the untrusted userland configuration just so that the real configuration can be read from the MOS. The trusted MOS configuration is then used to generate a new vdev tree and the pool is re-opened.
64313 When the pool is opened with an untrusted configuration, writes are disabled to avoid accidentally damaging it. During reads, some sanity checks are performed on block pointers to see if each DVA points to a known vdev; when the configuration is untrusted, instead of panicking the system if those checks fail we simply avoid issuing reads to the invalid DVAs.
64314 This new two-step pool load process now allows rewinding pools across vdev tree changes such as device replacement, addition, etc. Loading a pool from an external config file in a clustering environment also becomes much safer now since the pool will import even if the config is outdated and didn't, for instance, register a recent device addition.
64315 With this code in place, it became relatively easy to implement a long-sought-after feature: the ability to import a pool with missing top level (i.e. non-redundant) devices. Note that since this almost guarantees some loss Of data, this feature is for now restricted to a read-only import.</li>
64316 <li></p>
64317
64318 <ul><li><a href="https://svnweb.freebsd.org/base?view=revision&revision=329732">7614 zfs device evacuation/removal</a>
64319 This project allows top-level vdevs to be removed from the storage pool with “zpool remove”, reducing the total amount of storage in the pool. This operation copies all allocated regions of the device to be removed onto other devices, recording the mapping from old to new location. After the removal is complete, read and free operations to the removed (now “indirect”) vdev must be remapped and performed at the new location on disk. The indirect mapping table is kept in memory whenever the pool is loaded, so there is minimal performance overhead when doing operations on the indirect vdev.
64320 The size of the in-memory mapping table will be reduced when its entries become “obsolete” because they are no longer used by any block pointers in the pool. An entry becomes obsolete when all the blocks that use it are freed. An entry can also become obsolete when all the snapshots that reference it are deleted, and the block pointers that reference it have been “remapped” in all filesystems/zvols (and clones). Whenever an indirect block is written, all the block pointers in it will be “remapped” to their new (concrete) locations if possible. This process can be accelerated by using the “zfs remap” command to proactively rewrite all indirect blocks that reference indirect (removed) vdevs.
64321 Note that when a device is removed, we do not verify the checksum of the data that is copied. This makes the process much faster, but if it were used on redundant vdevs (i.e. mirror or raidz vdevs), it would be possible to copy the wrong data, when we have the correct data on e.g. the other side of the mirror. Therefore, mirror and raidz devices can not be removed.</li></ul></li>
64322 <li>You can use ‘zpool detach’ to downgrade a mirror to a single top-level device, so that you can then remove it</li>
64323 <li>
64324 <ul><li><a href="https://svnweb.freebsd.org/base?view=revision&revision=329681">7446 zpool create should support efi system partition</a></li></ul></li>
64325 <li>This one was not actually merged into FreeBSD, as it doesn’t apply currently, but I would like to switch the way FreeBSD deals with full disks to be closer to IllumOS to make automatic spare replacement a hands-off operation.
64326 Since we support whole-disk configuration for boot pool, we also will need whole disk support with UEFI boot and for this, zpool create should create efi-system partition. I have borrowed the idea from oracle solaris, and introducing zpool create -B switch to provide an way to specify that boot partition should be created. However, there is still an question, how big should the system partition be. For time being, I have set default size 256MB (thats minimum size for FAT32 with 4k blocks). To support custom size, the set on creation "bootsize" property is created and so the custom size can be set as: zpool create -B -o bootsize=34MB rpool c0t0d0. After the pool is created, the "bootsize" property is read only. When -B switch is not used, the bootsize defaults to 0 and is shown in zpool get output with no value. Older zfs/zpool implementations can ignore this property.</li>
64327 </ul>
64328
64329 <hr />
64330 </blockquote>
64331
64332 **Digital Ocean**
64333
64334
64335
64336 <h3><a href="https://www.postgresql.org/message-id/flat/CAEepm%3D0B9f0O7jLE3ipUTqC3V6NO2LNbwE9Hp%3D3BxGbZPqEyQg%40mail.gmail.com#CAEepm=0B9f0O7jLE3ipUTqC3V6NO2LNbwE9Hp=3BxGbZPqEyQg@mail.gmail.com">PostgreSQL developers find that every operating system other than FreeBSD and IllumOS might corrupt your data</a></h3>
64337
64338
64339
64340 <blockquote>
64341 <p>Some time ago I ran into an issue where a user encountered data corruption after a storage error. PostgreSQL played a part in that corruption by allowing checkpoint what should've been a fatal error.
64342 TL;DR: Pg should PANIC on fsync() EIO return. Retrying fsync() is not OK at least on Linux. When fsync() returns success it means "all writes since the last fsync have hit disk" but we assume it means "all writes since the last SUCCESSFUL fsync have hit disk".
64343 Pg wrote some blocks, which went to OS dirty buffers for writeback. Writeback failed due to an underlying storage error. The block I/O layer and XFS marked the writeback page as failed (AS<em>EIO), but had no way to tell the app about the failure. When Pg called fsync() on the FD during the next checkpoint, fsync() returned EIO because of the flagged page, to tell Pg that a previous async write failed. Pg treated the checkpoint as failed and didn't advance the redo start position in the control file.
64344 + All good so far.
64345 But then we retried the checkpoint, which retried the fsync(). The retry succeeded, because the prior fsync() *cleared the AS</em>EIO bad page flag*.
64346 The write never made it to disk, but we completed the checkpoint, and merrily carried on our way. Whoops, data loss.
64347 The clear-error-and-continue behaviour of fsync is not documented as far as I can tell. Nor is fsync() returning EIO unless you have a very new linux man-pages with the patch I wrote to add it. But from what I can see in the POSIX standard we are not given any guarantees about what happens on fsync() failure at all, so we're probably wrong to assume that retrying fsync() is safe.
64348 We already PANIC on fsync() failure for WAL segments. We just need to do the same for data forks at least for EIO. This isn't as bad as it seems because AFAICS fsync only returns EIO in cases where we should be stopping the world anyway, and many FSes will do that for us.
64349 + Upon further looking, it turns out it is not just Linux brain damage:
64350 Apparently I was too optimistic. I had looked only at FreeBSD, which keeps the page around and dirties it so we can retry, but the other BSDs apparently don't (<a href="https://github.com/freebsd/freebsd/commit/e4e8fec98ae986357cdc208b04557dba55a59266">FreeBSD changed that in 1999</a>).
64351 From what I can tell from the sources below, we have: Linux, OpenBSD, NetBSD: retrying fsync() after EIO lies
64352 FreeBSD, Illumos: retrying fsync() after EIO tells the truth
64353 + <a href="http://gnats.netbsd.org/53152">NetBSD PR to solve the issues </a>
64354 + I/O errors are not reported back to fsync at all.
64355 + Write errors during genfs_putpages that fail for any reason other than ENOMEM cause the data to be semi-silently discarded.
64356 + It appears that UVM pages are marked clean when they're selected to be written out, not after the write succeeds; so there are a bunch of potential races when writes fail.
64357 + It appears that write errors for buffercache buffers are semi-silently discarded as well.</p>
64358 </blockquote>
64359
64360 <hr />
64361
64362
64363
64364
64365
64366 <h2>Interview - Kevin Bowling: Senior Manager Engineering of LimeLight Networks - <a href="mailto:kbowling@llnw.com">kbowling@llnw.com</a> / <a href="https://twitter.com/kevinbowling1">@kevinbowling1</a></h2>
64367
64368 <ul>
64369 <li>BR: How did you first get introduced to UNIX and BSD?</li>
64370 <li>AJ: What got you started contributing to an open source project?</li>
64371 <li>BR: What sorts of things have you worked on it the past?</li>
64372 <li>AJ: Tell us a bit about LimeLight and how they use FreeBSD.</li>
64373 <li>BR: What are the biggest advantages of FreeBSD for LimeLight?</li>
64374 <li>AJ: What could FreeBSD do better that would benefit LimeLight?</li>
64375 <li>BR: What has LimeLight given back to FreeBSD?</li>
64376 <li>AJ: What have you been working on more recently?</li>
64377 <li>BR: What do you find to be the most valuable part of open source?</li>
64378 <li>AJ: Where do you think the most improvement in open source is needed?</li>
64379 <li>BR: Tell us a bit about your computing history collection. What are your three favourite pieces?</li>
64380 <li>AJ: How do you keep motivated to work on Open Source?</li>
64381 <li>BR: What do you do for fun?</li>
64382 <li>AJ: Anything else you want to mention?</li>
64383 </ul>
64384
64385 <p><hr /></p>
64386
64387 <h2>News Roundup</h2>
64388
64389 <h3><a href="http://www.bsdcan.org/2018/schedule/">BSDCan 2018 Selected Talks</a></h3>
64390
64391 <ul>
64392 <li>The schedule for BSDCan is up</li>
64393 <li>Lots of interesting content, we are looking forward to it</li>
64394 <li>We hope to see lots of you there. Make sure you come introduce yourselves to us. Don’t be shy.</li>
64395 <li>Remember, if this is your first BSDCan, checkout the newbie session on Thursday night. It’ll help you get to know a few people so you have someone you can ask for guidance.</li>
64396 <li>Also, check out the hallway track, the tables, and come to the hacker lounge.</li>
64397 </ul>
64398
64399 <p><hr /></p>
64400
64401 <p><strong>iXsystems</strong></p>
64402
64403 <h3><a href="http://latacora.singles/2018/04/03/cryptographic-right-answers.html">Cryptographic Right Answers</a></h3>
64404
64405 <ul>
64406 <li>Crypto can be confusing. We all know we shouldn’t roll our own, but what should we use?</li>
64407 <li>Well, some developers have tried to answer that question over the years, keeping an updated list of “Right Answers”</li>
64408 <li>2009: <a href="https://twitter.com/cperciva">Colin Percival</a> of FreeBSD</li>
64409 <li>2015: <a href="https://twitter.com/tqbf">Thomas H. Ptacek</a></li>
64410 <li>2018: <a href="https://twitter.com/latacora_team">Latacora</a> A consultancy that provides “Retained security teams for startups”, where Thomas Ptacek works.
64411
64412
64413 <blockquote>
64414 <p>We’re less interested in empowering developers and a lot more pessimistic about the prospects of getting this stuff right.</li>
64415 </ul>
64416 There are, in the literature and in the most sophisticated modern systems, “better” answers for many of these items. If you’re building for low-footprint embedded systems, you can use STROBE and a sound, modern, authenticated encryption stack entirely out of a single SHA-3-like sponge constructions. You can use NOISE to build a secure transport protocol with its own AKE. Speaking of AKEs, there are, like, 30 different password AKEs you could choose from.</p>
64417
64418 <p>But if you’re a developer and not a cryptography engineer, you shouldn’t do any of that. You should keep things simple and conventional and easy to analyze; “boring”, as the Google TLS people would say.</p>
64419 </blockquote>
64420
64421 <ul>
64422 <li><p>Cryptographic Right Answers</p></li>
64423 <li><p>Encrypting Data</p></li>
64424 </ul>
64425
64426 <blockquote>
64427 <p>Percival, 2009: AES-CTR with HMAC.
64428 Ptacek, 2015: (1) NaCl/libsodium’s default, (2) ChaCha20-Poly1305, or (3) AES-GCM.
64429 Latacora, 2018: KMS or XSalsa20+Poly1305</p>
64430 </blockquote>
64431
64432 <ul>
64433 <li>Symmetric key length</li>
64434 </ul>
64435
64436 <blockquote>
64437 <p>Percival, 2009: Use 256-bit keys.
64438 Ptacek, 2015: Use 256-bit keys.
64439 Latacora, 2018: Go ahead and use 256 bit keys.</p>
64440 </blockquote>
64441
64442 <ul>
64443 <li>Symmetric “Signatures”</li>
64444 </ul>
64445
64446 <blockquote>
64447 <p>Percival, 2009: Use HMAC.
64448 Ptacek, 2015: Yep, use HMAC.
64449 Latacora, 2018: Still HMAC.</p>
64450 </blockquote>
64451
64452 <ul>
64453 <li>Hashing algorithm</li>
64454 </ul>
64455
64456 <blockquote>
64457 <p>Percival, 2009: Use SHA256 (SHA-2).
64458 Ptacek, 2015: Use SHA-2.
64459 Latacora, 2018: Still SHA-2.</p>
64460 </blockquote>
64461
64462 <ul>
64463 <li>Random IDs</li>
64464 </ul>
64465
64466 <blockquote>
64467 <p>Percival, 2009: Use 256-bit random numbers.
64468 Ptacek, 2015: Use 256-bit random numbers.
64469 Latacora, 2018: Use 256-bit random numbers.</p>
64470 </blockquote>
64471
64472 <ul>
64473 <li>Password handling</li>
64474 </ul>
64475
64476 <blockquote>
64477 <p>Percival, 2009: scrypt or PBKDF2.
64478 Ptacek, 2015: In order of preference, use scrypt, bcrypt, and then if nothing else is available PBKDF2.
64479 Latacora, 2018: In order of preference, use scrypt, argon2, bcrypt, and then if nothing else is available PBKDF2.</p>
64480 </blockquote>
64481
64482 <ul>
64483 <li>Asymmetric encryption</li>
64484 </ul>
64485
64486 <blockquote>
64487 <p>Percival, 2009: Use RSAES-OAEP with SHA256 and MGF1+SHA256 bzzrt pop ffssssssst exponent 65537.
64488 Ptacek, 2015: Use NaCl/libsodium (box / crypto<em>box).
64489 Latacora, 2018: Use Nacl/libsodium (box / crypto</em>box).</p>
64490 </blockquote>
64491
64492 <ul>
64493 <li>Asymmetric signatures</li>
64494 </ul>
64495
64496 <blockquote>
64497 <p>Percival, 2009: Use RSASSA-PSS with SHA256 then MGF1+SHA256 in tricolor systemic silicate orientation.
64498 Ptacek, 2015: Use Nacl, Ed25519, or RFC6979.
64499 Latacora, 2018: Use Nacl or Ed25519.</p>
64500 </blockquote>
64501
64502 <ul>
64503 <li>Diffie-Hellman</li>
64504 </ul>
64505
64506 <blockquote>
64507 <p>Percival, 2009: Operate over the 2048-bit Group #14 with a generator of 2.
64508 Ptacek, 2015: Probably still DH-2048, or Nacl.
64509 Latacora, 2018: Probably nothing. Or use Curve25519.</p>
64510 </blockquote>
64511
64512 <ul>
64513 <li>Website security</li>
64514 </ul>
64515
64516 <blockquote>
64517 <p>Percival, 2009: Use OpenSSL.
64518 Ptacek, 2015: Remains: OpenSSL, or BoringSSL if you can. Or just use AWS ELBs
64519 Latacora, 2018: Use AWS ALB/ELB or OpenSSL, with LetsEncrypt</p>
64520 </blockquote>
64521
64522 <ul>
64523 <li>Client-server application security</li>
64524 </ul>
64525
64526 <blockquote>
64527 <p>Percival, 2009: Distribute the server’s public RSA key with the client code, and do not use SSL.
64528 Ptacek, 2015: Use OpenSSL, or BoringSSL if you can. Or just use AWS ELBs
64529 Latacora, 2018: Use AWS ALB/ELB or OpenSSL, with LetsEncrypt</p>
64530 </blockquote>
64531
64532 <ul>
64533 <li>Online backups</li>
64534 </ul>
64535
64536 <blockquote>
64537 <p>Percival, 2009: Use Tarsnap.
64538 Ptacek, 2015: Use Tarsnap.
64539 Latacora, 2018: Store PMAC-SIV-encrypted arc files to S3 and save fingerprints of your backups to an ERC20-compatible blockchain. Just kidding. You should still use Tarsnap.</p>
64540 </blockquote>
64541
64542 <ul>
64543 <li>Seriously though, use Tarsnap.</li>
64544 </ul>
64545
64546 <p><hr /></p>
64547
64548 <h3><a href="https://dan.langille.org/2018/03/19/adding-ipv6-to-an-existing-server/">Adding IPv6 to an existing server</a></h3>
64549
64550 <blockquote>
64551 <p>I am adding IPv6 addresses to each of my servers. This post assumes the server is up and running FreeBSD 11.1 and you already have an IPv6 address block. This does not cover the creation of an IPv6 tunnel, such as that provided by HE.net. This assumes native IPv6.</p>
64552
64553 <p>In this post, I am using the IPv6 addresses from the IPv6 Address Prefix Reserved for Documentation (i.e. 2001:DB8::/32). You should use your own addresses.</p>
64554
64555 <p>The IPv6 block I have been assigned is 2001:DB8:1001:8d00/64.</p>
64556
64557 <p>I added this to /etc/rc.conf:</p>
64558 </blockquote>
64559
64560 <p><code>
64561 ipv6_activate_all_interfaces="YES"
64562 ipv6_defaultrouter="2001:DB8:1001:8d00::1"
64563 ifconfig_em1_ipv6="inet6 2001:DB8:1001:8d00:d389:119c:9b57:396b prefixlen 64 accept_rtadv" # ns1
64564 </code></p>
64565
64566 <blockquote>
64567 <p>The IPv6 address I have assigned to this host is completely random (with the given block). I found a random IPv6 address generator and used it to select d389:119c:9b57:396b as the address for this service within my address block.</p>
64568
64569 <p>I don’t have the reference, but I did read that randomly selecting addresses within your block is a better approach.</p>
64570
64571 <p>In order to invoke these changes without rebooting, I issued these commands:</p>
64572 </blockquote>
64573
64574 <p>```
64575 [dan@tallboy:~] $ sudo ifconfig em1 inet6 2001:DB8:1001:8d00:d389:119c:9b57:396b prefixlen 64 accept_rtadv
64576 [dan@tallboy:~] $ </p>
64577
64578 <p>[dan@tallboy:~] $ sudo route add -inet6 default 2001:DB8:1001:8d00::1
64579 add net default: gateway 2001:DB8:1001:8d00::1
64580 ```</p>
64581
64582 <blockquote>
64583 <p>If you do the route add first, you will get this error:</p>
64584 </blockquote>
64585
64586 <p><code>
64587 [dan@tallboy:~] $ sudo route add -inet6 default 2001:DB8:1001:8d00::1
64588 route: writing to routing socket: Network is unreachable
64589 add net default: gateway 2001:DB8:1001:8d00::1 fib 0: Network is unreachable
64590 </code></p>
64591
64592 <p><hr /></p>
64593
64594 <h2>Beastie Bits</h2>
64595
64596 <ul>
64597 <li><a href="https://vermaden.wordpress.com/2018/03/15/ghost-in-the-shell-part-1/">Ghost in the Shell – Part 1</a></li>
64598 <li><a href="https://gist.github.com/dlangille/bcf918b22aaf9b3fd17408b39c97e8ce">Enabling compression on ZFS - a practical example</a></li>
64599 <li><a href="https://0x7e2.bsidesljubljana.si/modern-secure-devops-freebsd-goran-mekic/">Modern and secure DevOps on FreeBSD (Goran Mekić)</a></li>
64600 <li><a href="https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.0-relnotes.txt">LibreSSL 2.7.0 Released</a></li>
64601 <li><a href="https://zrepl.github.io/changelog.html">zrepl version 0.0.3 is out!</a></li>
64602 <li>[ZFS User Conference](http://zfs.datto.com/]</li>
64603 </ul>
64604
64605 <p><hr /></p>
64606
64607 <p><strong>Tarsnap</strong></p>
64608
64609 <h2>Feedback/Questions</h2>
64610
64611 <ul>
64612 <li>Benjamin - <a href="http://dpaste.com/1SXE1B9#wrap">BSD Personal Mailserver</a></li>
64613 <li>Warren - <a href="http://dpaste.com/0RN0S8X#wrap">ZFS volume size limit (show #233)</a></li>
64614 <li>Lars - <a href="http://dpaste.com/3RAM4Z7#wrap">AFRINIC</a></li>
64615 <li>Brad - <a href="http://dpaste.com/0M7XD71#wrap">OpenZFS vs OracleZFS</a></li>
64616 </ul>
64617
64618 <p><hr /></p>
64619
64620 <ul>
64621 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
64622 </ul>]]>
64623 </itunes:summary>
64624 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+egnnEVS3</fireside:playerURL>
64625 <fireside:playerEmbedCode>
64626 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+egnnEVS3" width="740" height="200" frameborder="0" scrolling="no">]]>
64627 </fireside:playerEmbedCode>
64628 </item>
64629 <item>
64630 <title>Episode 240: TCP Blackbox Recording | BSD Now 240</title>
64631 <link>https://www.bsdnow.tv/240</link>
64632 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-1717</guid>
64633 <pubDate>Sat, 07 Apr 2018 12:00:00 -0700</pubDate>
64634 <author>Allan Jude</author>
64635 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/b3126658-f33d-4d1b-9298-94929ae3e52e.mp3" length="47822501" type="audio/mp3"/>
64636 <itunes:episodeType>full</itunes:episodeType>
64637 <itunes:author>Allan Jude</itunes:author>
64638 <itunes:subtitle>New ZFS features landing in FreeBSD, MAP_STACK for OpenBSD, how to write safer C code with Clang’s address sanitizer, Michael W. Lucas on sponsor gifts, TCP blackbox recorder, and Dell disk system hacking.</itunes:subtitle>
64639 <itunes:duration>1:39:18</itunes:duration>
64640 <itunes:explicit>no</itunes:explicit>
64641 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
64642 <description>New ZFS features landing in FreeBSD, MAP_STACK for OpenBSD, how to write safer C code with Clang’s address sanitizer, Michael W. Lucas on sponsor gifts, TCP blackbox recorder, and Dell disk system hacking.
64643 <h2>Headlines</h2>
64644 <h3>[A number of Upstream ZFS features landed in FreeBSD this week]</h3>
64645
64646 <ul>
64647 <li><p><a href="https://svnweb.freebsd.org/base?view=revision&amp;revision=331711">9188 increase size of dbuf cache to reduce indirect block decompression</a></p>
64648
64649 <blockquote>
64650 <p>With compressed ARC (6950) we use up to 25% of our CPU to decompress indirect blocks, under a workload of random cached reads. To reduce this decompression cost, we would like to increase the size of the dbuf cache so that more indirect blocks can be stored uncompressed.
64651 If we are caching entire large files of recordsize=8K, the indirect blocks use 1/64th as much memory as the data blocks (assuming they have the same compression ratio). We suggest making the dbuf cache be 1/32nd of all memory, so that in this scenario we should be able to keep all the indirect blocks decompressed in the dbuf cache. (We want it to be more than the 1/64th that the indirect blocks would use because we need to cache other stuff in the dbuf cache as well.)
64652 In real world workloads, this won't help as dramatically as the example above, but we think it's still worth it because the risk of decreasing performance is low. The potential negative performance impact is that we will be slightly reducing the size of the ARC (by ~3%).</p>
64653 </blockquote></li>
64654 <li><p><a href="https://svnweb.freebsd.org/base?view=revision&amp;revision=331701">9166 zfs storage pool checkpoint</a></p>
64655
64656 <blockquote>
64657 <p>The idea of Storage Pool Checkpoint (aka zpool checkpoint) deals with exactly that. It can be thought of as a “pool-wide snapshot” (or a variation of extreme rewind that doesn’t corrupt your data). It remembers the entire state of the pool at the point that it was taken and the user can revert back to it later or discard it. Its generic use case is an administrator that is about to perform a set of destructive actions to ZFS as part of a critical procedure. She takes a checkpoint of the pool before performing the actions, then rewinds back to it if one of them fails or puts the pool into an unexpected state. Otherwise, she discards it. With the assumption that no one else is making modifications to ZFS, she basically wraps all these actions into a “high-level transaction”.</p>
64658 </blockquote></li>
64659 <li><p><a href="https://sdimitro.github.io/post/zpool-checkpoint/">More information</a></p></li>
64660 <li><p><a href="https://svnweb.freebsd.org/base?view=revision&amp;revision=331404">8484 Implement aggregate sum and use for arc counters</a></p>
64661
64662 <blockquote>
64663 <p>In pursuit of improving performance on multi-core systems, we should implements fanned out counters and use them to improve the performance of some of the arc statistics. These stats are updated extremely frequently, and can consume a significant amount of CPU time.</p>
64664 </blockquote></li>
64665 <li><p>And a small bug fix authored by me:</p></li>
64666 <li><a href="https://svnweb.freebsd.org/base?view=revision&amp;revision=331709">9321 arc<em>loan</em>compressed<em>buf() can increment arc</em>loaned<em>bytes by the wrong value</a>
64667
64668
64669 <blockquote>
64670 arc</em>loan<em>compressed</em>buf() increments arc<em>loaned</em>bytes by psize unconditionally In the case of zfs<em>compressed</em>arc<em>enabled=0, when the buf is returned via arc</em>return<em>buf(), if ARC</em>BUF<em>COMPRESSED(buf) is false, then arc</em>loaned<em>bytes is decremented by lsize, not psize.
64671 Switch to using arc</em>buf<em>size(buf), instead of psize, which will return psize or lsize, depending on the result of ARC</em>BUF_COMPRESSED(buf).</li>
64672 </ul>
64673 <hr />
64674 </blockquote>
64675
64676 <h3><a href="https://marc.info/?l=openbsd-tech&amp;m=152035796722258&amp;w=2">MAP_STACK for OpenBSD</a></h3>
64677
64678
64679
64680 <blockquote>
64681 <p>Almost 2 decades ago we started work on W^X. The concept was simple. Pages that are writable, should not be executable. We applied this concept object by object, trying to seperate objects with different qualities to different pages. The first one we handled was the signal trampoline at the top of the stack. We just kept making changes in the same vein. Eventually W^X came to some of our kernel address spaces also.
64682 The fundamental concept is that an object should only have the
64683 permissions necessary, and any other operation should fault. The only permission separations we have are kernel vs userland, and then read, write, and execute.
64684 How about we add another new permission! This is not a hardware permission, but a software permission. It is opportunistically enforced by the kernel.
64685 the permission is MAP<em>STACK. If you want to use memory as a stack, you must mmap it with that flag bit. The kernel does so automatically for the stack region of a process's stack. Two other types of stack occur: thread stacks, and alternate signal stacks. Those are handled in clever ways.
64686 When a system call happens, we check if the stack-pointer register points to such a page. If it doesn't, the program is killed. We have tightened the ABI. You may no longer point your stack register at non-stack memory. You'll be killed. This checking code is MI, so it works for all platforms.
64687 Since page-permissions are generally done on page boundaries, there is caveat that thread and altstacks must now be page-sized and page-aligned, so that we can enforce the MAP</em>STACK attribute correctly. It is possible that a few ports need some massaging to satisfy this condition, but we haven't found any which break yet. A syslog_r has been added so that we can identify these failure cases. Also, the faulting cases are quite verbose for now, to help identify the programs we need to repair.</p>
64688 </blockquote>
64689
64690 <hr />
64691
64692
64693
64694 **iXsystems**
64695
64696
64697
64698 <h3><a href="https://dev.to/loderunner/writing-safer-c-with-clang-address-sanitizer">Writing Safer C with the Clang Address Sanitizer</a></h3>
64699
64700
64701
64702 <blockquote>
64703 <p>We wanted to improve our password strength algorithm, and decided to go for the industry-standard zxcvbn, from the people at Dropbox. Our web front-end would use the default Javascript library, and for mobile and desktop, we chose to use the C implementation as it was the lowest common denominator for all platforms.
64704 Bootstrapping all of this together was done pretty fast. I had toyed around with a few sample passwords so I decided to run it through the test suite we had for the previous password strength evaluator. The test generates a large number of random passwords according to different rules and expects the strength to be in a given range. But the test runner kept crashing with segmentation faults.
64705 It turns out the library has a lot of buffer overflow cases that are usually "harmless", but eventually crash your program when you run the evaluator function too much. I started fixing the cases I could see, but reading someone else's algorithms to track down tiny memory errors got old pretty fast. I needed a tool to help me.
64706 That's when I thought of Clang's Address Sanitizer.
64707 AddressSanitizer is a fast memory error detector. It consists of a compiler instrumentation module and a run-time library
64708 Let's try the sanitizer on a simple program. We'll allocate a buffer on the heap, copy each character of a string into it, and print it to standard output.
64709 + The site walks through a simple example which contains an error, it writes past the end of a buffer
64710 + The code works as expected, and nothing bad happens. It must be fine…
64711 + Then they compile it again with the address sanitizer actived
64712 So what can we gather from that pile of hex? Let's go through it line by line.
64713 AddressSanitizer found a heap buffer overflow at 0x60200000ef3d, a seemingly valid address (not NULL or any other clearly faulty value).
64714 + ASAN points directly to the line of code that is causing the problem
64715 We're writing outside of the heap in this instruction. And AddressSanitizer isn't having it.
64716 This is definitely one of my favorite indications. In addition to telling which line in the code failed and where in the memory the failure happened, you get a complete description of the closest allocated region in memory (which is probably the region you were trying to access).
64717 + They then walk through combining this with lldb, the Clang debugger, to actually interactively inspect the state of the problem when an invalid memory access happens
64718 Back to my practical case, how did I put the address sanitizer to good use? I simply ran the test suite, compiled with the sanitizer, with lldb. Sure enough, it stopped on every line that could cause a crash. It turns out there were many cases where zxcvbn-c wrote past the end of allocated buffers, on the heap and on the stack. I fixed those cases in the C library and ran the tests again. Not a segfault in sight!
64719 I've used memory tools in the past, but they were usually unwieldy, or put such a toll on performance that they were useless in any real-life case. Clang's address sanitizer turned out to be detailed, reliable, and surprisingly easy to use. I've heard of the miracles of Valgrind but macOS hardly supports it, making it a pain to use on my MacBook Pro.
64720 Coupled with Clang's static analyzer, AddressSanitizer is going to become a mandatory stop for evaluating code quality. It's also going to be the first tool I grab when facing confusing memory issues. There are many more case where I could use early failure and memory history to debug my code. For example, if a program crashes when accessing member of a deallocated object, we could easily trace the event that caused the deallocation, saving hours of adding and reading logs to retrace just what happened.</p>
64721 </blockquote>
64722
64723 <hr />
64724
64725
64726
64727
64728
64729
64730
64731 <h2>News Roundup</h2>
64732
64733
64734
64735 <h3><a href="https://blather.michaelwlucas.com/archives/3131">On sponsor gifts</a></h3>
64736
64737
64738
64739 <blockquote>
64740 <p>Note the little stack of customs forms off to the side. It’s like I’ve learned a lesson from standing at the post office counter filling out those stupid forms. Sponsors should get their books soon.</p>
64741
64742 <p>This seems like an apropos moment to talk about what I do for print sponsors. I say I send them “a gift,” but what does that really mean? The obvious thing to ship them is a copy of the book I’ve written. Flat-out selling print books online has tax implications, though.</p>
64743
64744 <p>Sponsors might have guessed that they’d get a copy of the book. But I shipped them the hardcover, which isn’t my usual practice.</p>
64745
64746 <p>That’s because I send sponsors a gift. As it’s a gift, I get to choose what I send. I want to send them something nice, to encourage them to sponsor another book. It makes no sense for me to send a sponsor a Singing Wedgie-O-Gram. (Well, maybe a couple sponsors. You know who you are.)</p>
64747
64748 <p>The poor bastards who bought into my scam–er, sponsored my untitled book–have no idea what’s coming. As of right now, their sensible guesses are woefully incomplete.</p>
64749
64750 <p>Future books? They might get a copy of the book. They might get book plus something. They might just get the something. Folks who sponsor the jails book might get a cake with a file in it. Who knows?</p>
64751
64752 <p>It’s a gift. It’s my job to make that gift worthwhile.</p>
64753
64754 <p>And to amuse myself. Because otherwise, what’s the point?</p>
64755 </blockquote>
64756
64757 <hr />
64758
64759
64760
64761
64762
64763 <h3><a href="https://svnweb.freebsd.org/base?view=revision&amp;revision=331347">TCP Blackbox Recorder</a></h3>
64764
64765 ```
64766 Add the "TCP Blackbox Recorder" which we discussed at the developer
64767 summits at BSDCan and BSDCam in 2017.
64768
64769 The TCP Blackbox Recorder allows you to capture events on a TCP connection
64770 in a ring buffer. It stores metadata with the event. It optionally stores
64771 the TCP header associated with an event (if the event is associated with a
64772 packet) and also optionally stores information on the sockets.
64773
64774 It supports setting a log ID on a TCP connection and using this to correlate
64775 multiple connections that share a common log ID.
64776
64777 You can log connections in different modes. If you are doing a coordinated
64778 test with a particular connection, you may tell the system to put it in
64779 mode 4 (continuous dump). Or, if you just want to monitor for errors, you
64780 can put it in mode 1 (ring buffer) and dump all the ring buffers associated
64781 with the connection ID when we receive an error signal for that connection
64782 ID. You can set a default mode that will be applied to a particular ratio
64783 of incoming connections. You can also manually set a mode using a socket
64784 option.
64785
64786 This commit includes only basic probes. rrs@ has added quite an abundance
64787 of probes in his TCP development work. He plans to commit those soon.
64788
64789 There are user-space programs which we plan to commit as ports. These read
64790 the data from the log device and output pcapng files, and then let you
64791 analyze the data (and metadata) in the pcapng files.
64792
64793 Reviewed by: gnn (previous version)
64794 Obtained from: Netflix, Inc.
64795 Relnotes: yes
64796 Differential Revision: https://reviews.freebsd.org/D11085
64797 ```
64798
64799
64800
64801 <hr />
64802
64803
64804
64805 **Digital Ocean**
64806
64807
64808
64809 <h3><a href="https://euroquis.nl/bobulate/?p=1812">Outta the way, KDE4</a></h3>
64810
64811
64812
64813 <blockquote>
64814 <p>KDE4 has been rudely moved aside on FreeBSD. It still installs (use x11/kde4) and should update without a problem, but this is another step towards adding modern KDE (Plasma 5 and Applications) to the official FreeBSD Ports tree.
64815 This has taken a long time mostly for administrative reasons, getting all the bits lined up so that people sticking with KDE4 (which, right now, would be everyone using KDE from official ports and packages on FreeBSD) don’t end up with a broken desktop. We don’t want that. But now that everything Qt4 and kdelibs4-based has been moved aside by suffixing it with -kde4, we have the unsuffixed names free to indicate the latest-and-greatest from upstream.</p>
64816
64817 <p>KDE4 users will see a lot of packages moving around and being renamed, but no functional changes. Curiously, the KDE4 desktop depends on Qt5 and KDE Frameworks 5 — and it has for quite some time already, because the Oxygen icons are shared with KDE Frameworks, but primarily because FileLight was updated to the modern KDE Applications version some time ago (the KDE4 version had some serious bugs, although I can not remember what they were). Now that the names are cleaned up, we could consider giving KDE4 users the buggy version back.</p>
64818
64819 <p>From here on, we’ve got the following things lined up:</p>
64820 </blockquote>
64821
64822 <ul>
64823 <li>Qt 5.10 is being worked on, except for WebEngine (it would slow down an update way too much), because Plasma is going to want Qt 5.10 soon.</li>
64824 <li>CMake 3.11 is in the -rc stage, so that is being lined up.</li>
64825 <li>The kde5-import branch in KDE-FreeBSD’s copy of the FreeBSD ports tree (e.g. Area51) is being prepped and polished for a few big SVN commits that will add all the new bits.</li>
64826 </ul>
64827
64828 <blockquote>
64829 <p>So we’ve been saying Real Soon Now ™ for years, but things are Realer Sooner Nower ™ now.</p>
64830 </blockquote>
64831
64832 <hr />
64833 <h3><a href="http://blog.frankleonhardt.com/2017/del-fs12-nv7-and-other-2u-server-e-g-c6100-disk-system-hacking/">Dell FS12-NV7 and other 2U server (e.g. C6100) disk system hacking</a></h3>
64834
64835 <blockquote>
64836 <p>A while back I reviewed the Dell FS12-NV7 – a 2U rack server being sold cheap by all and sundry. It’s a powerful box, even by modern standards, but one of its big drawbacks is the disk system it comes with. But it needn’t be.</p>
64837
64838 <p>There are two viable solutions, depending on what you want to do. You can make use of the SAS backplane, using SAS and/or SATA drives, or you can go for fewer SATA drives and free up one or more PCIe slots as Plan B. You probably have an FS12 because it looks good for building a drive array (or even FreeNAS) so I’ll deal with Plan A first.</p>
64839
64840 <p>Like most Dell servers, this comes with a Dell PERC RAID SAS controller – a PERC6/i to be precise. This ‘I’ means it has internal connectors; the /E is the same but its sockets are external.</p>
64841
64842 <p>The PERC connects to a twelve-slot backplane forming a drive array at the front of the box. More on the backplane later; it’s the PERCs you need to worry about.</p>
64843
64844 <p>The PERC6 is actually an LSI Megaraid 1078 card, which is just the thing you need if you’re running an operating system like Windows that doesn’t support a volume manager, striping and other grown-up stuff. Or if your OS does have these features, but you just don’t trust it. If you are running such an OS you may as well stick to the PERC6, and good luck to you. If you’re using BSD (including FreeNAS), Solaris or a Linux distribution that handles disk arrays, read on. The PERC6 is a solution to a problem you probably don’t have, but in all other respects its a turkey. You really want a straightforward HBA (Host Bus Adapter) that allows your clever operating system to talk directly with the drives.</p>
64845
64846 <p>Any SAS card based on the 1078 (such as the PERC6) is likely to have problems with drives larger than 2Tb. I’m not completely sure why, but I suspect it only applies to SATA. Unfortunately I don’t have any very large SAS drives to test this theory. A 2Tb limit isn’t really such a problem when you’re talking about a high performance array, as lots of small drives are a better option anyway. But it does matter if you’re building a very large datastore and don’t mind slower access and very significant resilvering times when you replace a drive. And for large datastores, very large SATA drives save you a whole lot of cash. The best capacity/cost ratio is for 5Gb SATA drives</p>
64847
64848 <p>Some Dell PERCs can be re-flashed with LSI firmware and used as a normal HBA. Unfortunately the PERC6 isn’t one of them. I believe the PERC6/R can be, but those I’ve seen in a FS12 are just a bit too old. So the first thing you’ll need to do is dump them in the recycling or try and sell them on eBay.</p>
64849
64850 <p>There are actually two PERC6 cards in most machine, and they each support eight SAS channels through two SFF-8484 connectors on each card. Given there are twelve drives slots, one of the PERCs is only half used. Sometimes they have a cable going off to a battery located near the fans. This is used in a desperate attempt to keep the data in the card’s cache safe in order to avoid write holes corrupting NTFS during a power failure, although the data on the on-drive caches won’t be so lucky. If you’re using a file system like that, make sure you have a UPS for the whole lot.</p>
64851
64852 <p>But we’re going to put the PERCs out of our misery and replace them with some nice new LSI HBAs that will do our operating system’s bidding and let it talk to the drives as it knows best. But which to pick? First we need to know what we’re connecting.</p>
64853
64854 <p>Moving to the front of the case there are twelve metal drive slots with a backplane behind. Dell makes machines with either backplanes or expanders. A backplane has a 1:1 SAS channel to drive connection; an expander takes one SAS channel and multiplexes it to (usually) four drives. You could always swap the blackplane with an expander, but I like the 1:1 nature of a backplane. It’s faster, especially if you’re configured as an array. And besides, we don’t want to spend more money than we need to, otherwise we wouldn’t be hot-rodding a cheap 2U server in the first place – expanders are expensive. Bizarrely, HBAs are cheap in comparison. So we need twelve channels of SAS that will connect to the sockets on the backplane.</p>
64855
64856 <p>The HBA you will probably want to go with is an LSI, as these have great OS support. Other cards are available, but check that the drivers are also available. The obvious choice for SAS aficionados is the LSI 9211-8i, which has eight internal channels. This is based on an LSI 2000 series chip, the 2008, which is the de-facto standard. There’s also four-channel -4i version, so you could get your twelve channels using one of each – but the price difference is small these days, so you might as well go for two -8i cards. If you want cheaper there are 1068-based equivalent cards, and these work just fine at about half the price. They probably won’t work with larger disks, only operate at 3Gb and the original SAS standard. However, the 2000 series is only about £25 extra and gives you more options for the future. A good investment. Conversely, the latest 3000 series cards can do some extra stuff (particularly to do with active cables) but I can’t see any great advantage in paying megabucks for one unless you’re going really high-end – in which case the NV12 isn’t the box for you anyway. And you’d need some very fast drives and a faster backplane to see any speed advantage. And probably a new motherboard….</p>
64857
64858 <p>Whether the 6Gb SAS2 of the 9211-8i is any use on the backplane, which was designed for 3Gb, I don’t know. If it matters that much to you you probably need to spend a lot more money. A drive array with a direct 3Gb to each drive is going to shift fast enough for most purposes.</p>
64859
64860 <p>Once you have removed the PERCs and plugged in your modern-ish 9211 HBAs, your next problem is going to be the cable. Both the PERCs and the backplane have SFF-8484 multi-lane connectors, which you might not recognise. SAS is a point-to-point system, the same as SATA, and a multi-lane cable is simply four single cables in a bundle with one plug. (Newer versions of SAS have more). SFF-8484 multi-lane connectors are somewhat rare, (but unfortunately this doesn’t make them valuable if you were hoping to flog them on eBay). The world switched quickly to the SFF-8087 for multi-lane SAS. The signals are electrically the same, but the connector is not.</p>
64861
64862 <p>Please generate and paste your ad code here. If left empty, the ad location will be highlighted on your blog pages with a reminder to enter your code. Mid-Post
64863 So there are two snags with this backplane. Firstly it’s designed to work with PERC controllers; secondly it has the old SFF-8484 connectors on the back, and any SAS cables you find are likely to have SFF-8087.</p>
64864
64865 <p>First things first – there is actually a jumper on the backplane to tell it whether it’s talking to a PERC or a standard LSI HBA. All you need to do is find it and change it. Fortunately there are very few jumpers to choose from (i.e. two), and you know the link is already in the wrong place. So try them one at a time until it works. The one you want may be labelled J15, but I wouldn’t like to say this was the same on every variant.</p>
64866
64867 <p>Second problem: the cable. You can get cables with an SFF-8087 on one end and an SFF-8484 on the other. These should work. But they’re usually rather expensive. If you want to make your own, it’s a PITA but at least you have the connectors already (assuming you didn’t bin the ones on the PERC cables).</p>
64868
64869 <p>I don’t know what committee designed SAS cable connectors, but ease of construction wasn’t foremost in their collective minds. You’re basically soldering twisted pair to a tiny PCB. This is mechanically rubbish, of course, as the slightest force on the cable will lift the track. Therefore its usual to cover the whole joint in solidified gunk (technical term) to protect it. Rewiring SAS connectors is definitely not easy.</p>
64870
64871 <p>I’ve tried various ways of soldering to them, none of which were satisfactory or rewarding. One method is to clip the all bare wires you wish to solder using something like a bulldog clip so they’re at lined up horizontally and then press then adjust the clamp so they’re gently pressed to the tracks on the board, making final adjustments with a strong magnifying glass and a fine tweezers. You can then either solder them with a fine temperature-controlled iron, or have pre-coated the pads with solder paste and flash across it with an SMD rework station. I’d love to know how they’re actually manufactured – using a precision jig I assume.</p>
64872
64873 <p>The “easy” way is to avoid soldering the connectors at all; simply cut existing cables in half and join one to the other. I’ve used prototyping matrix board for this. Strip and twist the conductors, push them through a hole and solder. This keeps things compact but manageable. We’re dealing with twisted pair here, so maintain the twists as close as possible to the board – it actually works quite well.</p>
64874
64875 <p>However, I’ve now found a reasonably-priced source of the appropriate cable so I don’t do this any more. Contact me if you need some in the UK.</p>
64876
64877 <p>So all that remains is to plug your HBAs to the backplane, shove in some drives and you’re away. If you’re at this stage, it “just works”. The access lights for all the drives do their thing as they should. The only mystery is how you can get the ident LED to come on; this may be controlled by the PERC when it detects a failure using the so-called sideband channel, or it may be operated by the electronics on the backplane. It’s workings are, I’m afraid, something of a mystery still – it’s got too much electronics on board to be a completely passive backplane.</p>
64878
64879 <p>Plan B: SATA</p>
64880
64881 <p>If you plan to use only SATA drives, especially if you don’t intend using more than six, it makes little sense to bother with SAS at all. The Gigabyte motherboard comes with half a dozen perfectly good 3Gb SATA channels, and if you need more you can always put another controller in a PCIe slot, or even USB. The advantages are lower cost and you get to free up two PCIe slots for more interesting things.</p>
64882
64883 <p>The down-side is that you can’t use the SAS backplane, but you can still use the mounting bays.</p>
64884
64885 <p>Removing the backplane looks tricky, but it really isn’t when you look a bit closer. Take out the fans first (held in place by rubber blocks), undo a couple of screws and it just lifts and slides out. You can then slot and lock in the drives and connect the SATA connectors directly to the back of the drives. You could even slide them out again without opening the case, as long as the cable was long enough and you manually detached the cable it when it was withdrawn. And let’s face it – drives are likely to last for years so even with half a dozen it’s not that great a hardship to open the case occasionally.</p>
64886
64887 <p>Next comes power. The PSU has a special connector for the backplane and two standard SATA power plugs. You could split these three ways using an adapter, but if you have a lot of drives you might want to re-wire the cables going to the backplane plug. It can definitely power twelve drives.</p>
64888
64889 <p>And that’s almost all there is to it. Unfortunately the main fans are connected to the backplane, which you’ve just removed. You can power them from an adapter on the drive power cables, but there are unused fan connectors on the motherboard. I’m doing a bit more research on cooling options, but this approach has promising possibilities for noise reduction.</p>
64890 </blockquote>
64891
64892 <hr />
64893 <h2>Beastie Bits</h2>
64894
64895 <ul>
64896 <li><a href="https://euroquis.nl/bobulate/?p=1787">Adriaan de Groot’s post FOSDEM blog post</a></li>
64897 <li><a href="https://www.manios.ca/blog/2018/01/my-first-freenas/">My First FreeNAS</a></li>
64898 <li><a href="https://lists.freebsd.org/pipermail/freebsd-fs/2018-March/025997.html">smart(8) Call for Testing by Michael Dexter</a></li>
64899 <li><a href="https://www.freebsdfoundation.org/blog/bsdcan-2018-travel-grant-application-now-open/">BSDCan 2018 Travel Grant Application Now Open</a></li>
64900 <li><a href="https://divelog.blue/linus_torvalds.html">BSD Developer Kristaps Dzonsons interviews Linus Torvalds, about diving</a></li>
64901 <li><a href="https://twitter.com/michaeldexter/status/979236774667939840">Twitter vote - The secret to a faster FreeBSD default build world...</a></li>
64902 <li><a href="https://tmate.io/">tmate - Instant terminal sharing</a></li>
64903 </ul>
64904
64905 <hr />
64906 <p><strong>Tarsnap</strong></p>
64907
64908 <h2>Feedback/Questions</h2>
64909
64910 <ul>
64911 <li>Vikash - <a href="http://dpaste.com/05X35B1#wrap">Getting a port added</a></li>
64912 <li>Chris Wells - <a href="http://dpaste.com/05S7A6V#wrap">Quarterly Ports Branch</a></li>
64913 <li><a href="https://github.com/freebsd/freebsd-ci">FreeBSD-CI configs on Github</a></li>
64914 <li><a href="https://wiki.freebsd.org/Jenkins">Jenkins on the FreeBSD Wiki</a></li>
64915 <li>Gordon - <a href="http://dpaste.com/0HSVFE7#wrap">Centralised storage suggestions</a></li>
64916 </ul>
64917
64918 <hr />
64919 <ul>
64920 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
64921 </ul>
64922
64923 <hr />
64924 </description>
64925 <itunes:keywords>BSD,DragonflyBSD,freebsd,guide,howto,Interview,NetBSD,OpenBSD,trueos,tutorial</itunes:keywords>
64926 <content:encoded>
64927 <![CDATA[<p>New ZFS features landing in FreeBSD, MAP_STACK for OpenBSD, how to write safer C code with Clang’s address sanitizer, Michael W. Lucas on sponsor gifts, TCP blackbox recorder, and Dell disk system hacking.</p>
64928
64929 <h2>Headlines</h2>
64930
64931 <h3>[A number of Upstream ZFS features landed in FreeBSD this week]</h3>
64932
64933 <ul>
64934 <li><p><a href="https://svnweb.freebsd.org/base?view=revision&revision=331711">9188 increase size of dbuf cache to reduce indirect block decompression</a></p>
64935
64936 <blockquote>
64937 <p>With compressed ARC (6950) we use up to 25% of our CPU to decompress indirect blocks, under a workload of random cached reads. To reduce this decompression cost, we would like to increase the size of the dbuf cache so that more indirect blocks can be stored uncompressed.
64938 If we are caching entire large files of recordsize=8K, the indirect blocks use 1/64th as much memory as the data blocks (assuming they have the same compression ratio). We suggest making the dbuf cache be 1/32nd of all memory, so that in this scenario we should be able to keep all the indirect blocks decompressed in the dbuf cache. (We want it to be more than the 1/64th that the indirect blocks would use because we need to cache other stuff in the dbuf cache as well.)
64939 In real world workloads, this won't help as dramatically as the example above, but we think it's still worth it because the risk of decreasing performance is low. The potential negative performance impact is that we will be slightly reducing the size of the ARC (by ~3%).</p>
64940 </blockquote></li>
64941 <li><p><a href="https://svnweb.freebsd.org/base?view=revision&revision=331701">9166 zfs storage pool checkpoint</a></p>
64942
64943 <blockquote>
64944 <p>The idea of Storage Pool Checkpoint (aka zpool checkpoint) deals with exactly that. It can be thought of as a “pool-wide snapshot” (or a variation of extreme rewind that doesn’t corrupt your data). It remembers the entire state of the pool at the point that it was taken and the user can revert back to it later or discard it. Its generic use case is an administrator that is about to perform a set of destructive actions to ZFS as part of a critical procedure. She takes a checkpoint of the pool before performing the actions, then rewinds back to it if one of them fails or puts the pool into an unexpected state. Otherwise, she discards it. With the assumption that no one else is making modifications to ZFS, she basically wraps all these actions into a “high-level transaction”.</p>
64945 </blockquote></li>
64946 <li><p><a href="https://sdimitro.github.io/post/zpool-checkpoint/">More information</a></p></li>
64947 <li><p><a href="https://svnweb.freebsd.org/base?view=revision&revision=331404">8484 Implement aggregate sum and use for arc counters</a></p>
64948
64949 <blockquote>
64950 <p>In pursuit of improving performance on multi-core systems, we should implements fanned out counters and use them to improve the performance of some of the arc statistics. These stats are updated extremely frequently, and can consume a significant amount of CPU time.</p>
64951 </blockquote></li>
64952 <li><p>And a small bug fix authored by me:</p></li>
64953 <li><a href="https://svnweb.freebsd.org/base?view=revision&revision=331709">9321 arc<em>loan</em>compressed<em>buf() can increment arc</em>loaned<em>bytes by the wrong value</a>
64954
64955
64956 <blockquote>
64957 arc</em>loan<em>compressed</em>buf() increments arc<em>loaned</em>bytes by psize unconditionally In the case of zfs<em>compressed</em>arc<em>enabled=0, when the buf is returned via arc</em>return<em>buf(), if ARC</em>BUF<em>COMPRESSED(buf) is false, then arc</em>loaned<em>bytes is decremented by lsize, not psize.
64958 Switch to using arc</em>buf<em>size(buf), instead of psize, which will return psize or lsize, depending on the result of ARC</em>BUF_COMPRESSED(buf).</li>
64959 </ul>
64960 <hr />
64961 </blockquote>
64962
64963 <h3><a href="https://marc.info/?l=openbsd-tech&m=152035796722258&w=2">MAP_STACK for OpenBSD</a></h3>
64964
64965
64966
64967 <blockquote>
64968 <p>Almost 2 decades ago we started work on W^X. The concept was simple. Pages that are writable, should not be executable. We applied this concept object by object, trying to seperate objects with different qualities to different pages. The first one we handled was the signal trampoline at the top of the stack. We just kept making changes in the same vein. Eventually W^X came to some of our kernel address spaces also.
64969 The fundamental concept is that an object should only have the
64970 permissions necessary, and any other operation should fault. The only permission separations we have are kernel vs userland, and then read, write, and execute.
64971 How about we add another new permission! This is not a hardware permission, but a software permission. It is opportunistically enforced by the kernel.
64972 the permission is MAP<em>STACK. If you want to use memory as a stack, you must mmap it with that flag bit. The kernel does so automatically for the stack region of a process's stack. Two other types of stack occur: thread stacks, and alternate signal stacks. Those are handled in clever ways.
64973 When a system call happens, we check if the stack-pointer register points to such a page. If it doesn't, the program is killed. We have tightened the ABI. You may no longer point your stack register at non-stack memory. You'll be killed. This checking code is MI, so it works for all platforms.
64974 Since page-permissions are generally done on page boundaries, there is caveat that thread and altstacks must now be page-sized and page-aligned, so that we can enforce the MAP</em>STACK attribute correctly. It is possible that a few ports need some massaging to satisfy this condition, but we haven't found any which break yet. A syslog_r has been added so that we can identify these failure cases. Also, the faulting cases are quite verbose for now, to help identify the programs we need to repair.</p>
64975 </blockquote>
64976
64977 <hr />
64978
64979
64980
64981 **iXsystems**
64982
64983
64984
64985 <h3><a href="https://dev.to/loderunner/writing-safer-c-with-clang-address-sanitizer">Writing Safer C with the Clang Address Sanitizer</a></h3>
64986
64987
64988
64989 <blockquote>
64990 <p>We wanted to improve our password strength algorithm, and decided to go for the industry-standard zxcvbn, from the people at Dropbox. Our web front-end would use the default Javascript library, and for mobile and desktop, we chose to use the C implementation as it was the lowest common denominator for all platforms.
64991 Bootstrapping all of this together was done pretty fast. I had toyed around with a few sample passwords so I decided to run it through the test suite we had for the previous password strength evaluator. The test generates a large number of random passwords according to different rules and expects the strength to be in a given range. But the test runner kept crashing with segmentation faults.
64992 It turns out the library has a lot of buffer overflow cases that are usually "harmless", but eventually crash your program when you run the evaluator function too much. I started fixing the cases I could see, but reading someone else's algorithms to track down tiny memory errors got old pretty fast. I needed a tool to help me.
64993 That's when I thought of Clang's Address Sanitizer.
64994 AddressSanitizer is a fast memory error detector. It consists of a compiler instrumentation module and a run-time library
64995 Let's try the sanitizer on a simple program. We'll allocate a buffer on the heap, copy each character of a string into it, and print it to standard output.
64996 + The site walks through a simple example which contains an error, it writes past the end of a buffer
64997 + The code works as expected, and nothing bad happens. It must be fine…
64998 + Then they compile it again with the address sanitizer actived
64999 So what can we gather from that pile of hex? Let's go through it line by line.
65000 AddressSanitizer found a heap buffer overflow at 0x60200000ef3d, a seemingly valid address (not NULL or any other clearly faulty value).
65001 + ASAN points directly to the line of code that is causing the problem
65002 We're writing outside of the heap in this instruction. And AddressSanitizer isn't having it.
65003 This is definitely one of my favorite indications. In addition to telling which line in the code failed and where in the memory the failure happened, you get a complete description of the closest allocated region in memory (which is probably the region you were trying to access).
65004 + They then walk through combining this with lldb, the Clang debugger, to actually interactively inspect the state of the problem when an invalid memory access happens
65005 Back to my practical case, how did I put the address sanitizer to good use? I simply ran the test suite, compiled with the sanitizer, with lldb. Sure enough, it stopped on every line that could cause a crash. It turns out there were many cases where zxcvbn-c wrote past the end of allocated buffers, on the heap and on the stack. I fixed those cases in the C library and ran the tests again. Not a segfault in sight!
65006 I've used memory tools in the past, but they were usually unwieldy, or put such a toll on performance that they were useless in any real-life case. Clang's address sanitizer turned out to be detailed, reliable, and surprisingly easy to use. I've heard of the miracles of Valgrind but macOS hardly supports it, making it a pain to use on my MacBook Pro.
65007 Coupled with Clang's static analyzer, AddressSanitizer is going to become a mandatory stop for evaluating code quality. It's also going to be the first tool I grab when facing confusing memory issues. There are many more case where I could use early failure and memory history to debug my code. For example, if a program crashes when accessing member of a deallocated object, we could easily trace the event that caused the deallocation, saving hours of adding and reading logs to retrace just what happened.</p>
65008 </blockquote>
65009
65010 <hr />
65011
65012
65013
65014
65015
65016
65017
65018 <h2>News Roundup</h2>
65019
65020
65021
65022 <h3><a href="https://blather.michaelwlucas.com/archives/3131">On sponsor gifts</a></h3>
65023
65024
65025
65026 <blockquote>
65027 <p>Note the little stack of customs forms off to the side. It’s like I’ve learned a lesson from standing at the post office counter filling out those stupid forms. Sponsors should get their books soon.</p>
65028
65029 <p>This seems like an apropos moment to talk about what I do for print sponsors. I say I send them “a gift,” but what does that really mean? The obvious thing to ship them is a copy of the book I’ve written. Flat-out selling print books online has tax implications, though.</p>
65030
65031 <p>Sponsors might have guessed that they’d get a copy of the book. But I shipped them the hardcover, which isn’t my usual practice.</p>
65032
65033 <p>That’s because I send sponsors a gift. As it’s a gift, I get to choose what I send. I want to send them something nice, to encourage them to sponsor another book. It makes no sense for me to send a sponsor a Singing Wedgie-O-Gram. (Well, maybe a couple sponsors. You know who you are.)</p>
65034
65035 <p>The poor bastards who bought into my scam–er, sponsored my untitled book–have no idea what’s coming. As of right now, their sensible guesses are woefully incomplete.</p>
65036
65037 <p>Future books? They might get a copy of the book. They might get book plus something. They might just get the something. Folks who sponsor the jails book might get a cake with a file in it. Who knows?</p>
65038
65039 <p>It’s a gift. It’s my job to make that gift worthwhile.</p>
65040
65041 <p>And to amuse myself. Because otherwise, what’s the point?</p>
65042 </blockquote>
65043
65044 <hr />
65045
65046
65047
65048
65049
65050 <h3><a href="https://svnweb.freebsd.org/base?view=revision&revision=331347">TCP Blackbox Recorder</a></h3>
65051
65052 ```
65053 Add the "TCP Blackbox Recorder" which we discussed at the developer
65054 summits at BSDCan and BSDCam in 2017.
65055
65056 The TCP Blackbox Recorder allows you to capture events on a TCP connection
65057 in a ring buffer. It stores metadata with the event. It optionally stores
65058 the TCP header associated with an event (if the event is associated with a
65059 packet) and also optionally stores information on the sockets.
65060
65061 It supports setting a log ID on a TCP connection and using this to correlate
65062 multiple connections that share a common log ID.
65063
65064 You can log connections in different modes. If you are doing a coordinated
65065 test with a particular connection, you may tell the system to put it in
65066 mode 4 (continuous dump). Or, if you just want to monitor for errors, you
65067 can put it in mode 1 (ring buffer) and dump all the ring buffers associated
65068 with the connection ID when we receive an error signal for that connection
65069 ID. You can set a default mode that will be applied to a particular ratio
65070 of incoming connections. You can also manually set a mode using a socket
65071 option.
65072
65073 This commit includes only basic probes. rrs@ has added quite an abundance
65074 of probes in his TCP development work. He plans to commit those soon.
65075
65076 There are user-space programs which we plan to commit as ports. These read
65077 the data from the log device and output pcapng files, and then let you
65078 analyze the data (and metadata) in the pcapng files.
65079
65080 Reviewed by: gnn (previous version)
65081 Obtained from: Netflix, Inc.
65082 Relnotes: yes
65083 Differential Revision: https://reviews.freebsd.org/D11085
65084 ```
65085
65086
65087
65088 <hr />
65089
65090
65091
65092 **Digital Ocean**
65093
65094
65095
65096 <h3><a href="https://euroquis.nl/bobulate/?p=1812">Outta the way, KDE4</a></h3>
65097
65098
65099
65100 <blockquote>
65101 <p>KDE4 has been rudely moved aside on FreeBSD. It still installs (use x11/kde4) and should update without a problem, but this is another step towards adding modern KDE (Plasma 5 and Applications) to the official FreeBSD Ports tree.
65102 This has taken a long time mostly for administrative reasons, getting all the bits lined up so that people sticking with KDE4 (which, right now, would be everyone using KDE from official ports and packages on FreeBSD) don’t end up with a broken desktop. We don’t want that. But now that everything Qt4 and kdelibs4-based has been moved aside by suffixing it with -kde4, we have the unsuffixed names free to indicate the latest-and-greatest from upstream.</p>
65103
65104 <p>KDE4 users will see a lot of packages moving around and being renamed, but no functional changes. Curiously, the KDE4 desktop depends on Qt5 and KDE Frameworks 5 — and it has for quite some time already, because the Oxygen icons are shared with KDE Frameworks, but primarily because FileLight was updated to the modern KDE Applications version some time ago (the KDE4 version had some serious bugs, although I can not remember what they were). Now that the names are cleaned up, we could consider giving KDE4 users the buggy version back.</p>
65105
65106 <p>From here on, we’ve got the following things lined up:</p>
65107 </blockquote>
65108
65109 <ul>
65110 <li>Qt 5.10 is being worked on, except for WebEngine (it would slow down an update way too much), because Plasma is going to want Qt 5.10 soon.</li>
65111 <li>CMake 3.11 is in the -rc stage, so that is being lined up.</li>
65112 <li>The kde5-import branch in KDE-FreeBSD’s copy of the FreeBSD ports tree (e.g. Area51) is being prepped and polished for a few big SVN commits that will add all the new bits.</li>
65113 </ul>
65114
65115 <blockquote>
65116 <p>So we’ve been saying Real Soon Now ™ for years, but things are Realer Sooner Nower ™ now.</p>
65117 </blockquote>
65118
65119 <p><hr /></p>
65120
65121 <h3><a href="http://blog.frankleonhardt.com/2017/del-fs12-nv7-and-other-2u-server-e-g-c6100-disk-system-hacking/">Dell FS12-NV7 and other 2U server (e.g. C6100) disk system hacking</a></h3>
65122
65123 <blockquote>
65124 <p>A while back I reviewed the Dell FS12-NV7 – a 2U rack server being sold cheap by all and sundry. It’s a powerful box, even by modern standards, but one of its big drawbacks is the disk system it comes with. But it needn’t be.</p>
65125
65126 <p>There are two viable solutions, depending on what you want to do. You can make use of the SAS backplane, using SAS and/or SATA drives, or you can go for fewer SATA drives and free up one or more PCIe slots as Plan B. You probably have an FS12 because it looks good for building a drive array (or even FreeNAS) so I’ll deal with Plan A first.</p>
65127
65128 <p>Like most Dell servers, this comes with a Dell PERC RAID SAS controller – a PERC6/i to be precise. This ‘I’ means it has internal connectors; the /E is the same but its sockets are external.</p>
65129
65130 <p>The PERC connects to a twelve-slot backplane forming a drive array at the front of the box. More on the backplane later; it’s the PERCs you need to worry about.</p>
65131
65132 <p>The PERC6 is actually an LSI Megaraid 1078 card, which is just the thing you need if you’re running an operating system like Windows that doesn’t support a volume manager, striping and other grown-up stuff. Or if your OS does have these features, but you just don’t trust it. If you are running such an OS you may as well stick to the PERC6, and good luck to you. If you’re using BSD (including FreeNAS), Solaris or a Linux distribution that handles disk arrays, read on. The PERC6 is a solution to a problem you probably don’t have, but in all other respects its a turkey. You really want a straightforward HBA (Host Bus Adapter) that allows your clever operating system to talk directly with the drives.</p>
65133
65134 <p>Any SAS card based on the 1078 (such as the PERC6) is likely to have problems with drives larger than 2Tb. I’m not completely sure why, but I suspect it only applies to SATA. Unfortunately I don’t have any very large SAS drives to test this theory. A 2Tb limit isn’t really such a problem when you’re talking about a high performance array, as lots of small drives are a better option anyway. But it does matter if you’re building a very large datastore and don’t mind slower access and very significant resilvering times when you replace a drive. And for large datastores, very large SATA drives save you a whole lot of cash. The best capacity/cost ratio is for 5Gb SATA drives</p>
65135
65136 <p>Some Dell PERCs can be re-flashed with LSI firmware and used as a normal HBA. Unfortunately the PERC6 isn’t one of them. I believe the PERC6/R can be, but those I’ve seen in a FS12 are just a bit too old. So the first thing you’ll need to do is dump them in the recycling or try and sell them on eBay.</p>
65137
65138 <p>There are actually two PERC6 cards in most machine, and they each support eight SAS channels through two SFF-8484 connectors on each card. Given there are twelve drives slots, one of the PERCs is only half used. Sometimes they have a cable going off to a battery located near the fans. This is used in a desperate attempt to keep the data in the card’s cache safe in order to avoid write holes corrupting NTFS during a power failure, although the data on the on-drive caches won’t be so lucky. If you’re using a file system like that, make sure you have a UPS for the whole lot.</p>
65139
65140 <p>But we’re going to put the PERCs out of our misery and replace them with some nice new LSI HBAs that will do our operating system’s bidding and let it talk to the drives as it knows best. But which to pick? First we need to know what we’re connecting.</p>
65141
65142 <p>Moving to the front of the case there are twelve metal drive slots with a backplane behind. Dell makes machines with either backplanes or expanders. A backplane has a 1:1 SAS channel to drive connection; an expander takes one SAS channel and multiplexes it to (usually) four drives. You could always swap the blackplane with an expander, but I like the 1:1 nature of a backplane. It’s faster, especially if you’re configured as an array. And besides, we don’t want to spend more money than we need to, otherwise we wouldn’t be hot-rodding a cheap 2U server in the first place – expanders are expensive. Bizarrely, HBAs are cheap in comparison. So we need twelve channels of SAS that will connect to the sockets on the backplane.</p>
65143
65144 <p>The HBA you will probably want to go with is an LSI, as these have great OS support. Other cards are available, but check that the drivers are also available. The obvious choice for SAS aficionados is the LSI 9211-8i, which has eight internal channels. This is based on an LSI 2000 series chip, the 2008, which is the de-facto standard. There’s also four-channel -4i version, so you could get your twelve channels using one of each – but the price difference is small these days, so you might as well go for two -8i cards. If you want cheaper there are 1068-based equivalent cards, and these work just fine at about half the price. They probably won’t work with larger disks, only operate at 3Gb and the original SAS standard. However, the 2000 series is only about £25 extra and gives you more options for the future. A good investment. Conversely, the latest 3000 series cards can do some extra stuff (particularly to do with active cables) but I can’t see any great advantage in paying megabucks for one unless you’re going really high-end – in which case the NV12 isn’t the box for you anyway. And you’d need some very fast drives and a faster backplane to see any speed advantage. And probably a new motherboard….</p>
65145
65146 <p>Whether the 6Gb SAS2 of the 9211-8i is any use on the backplane, which was designed for 3Gb, I don’t know. If it matters that much to you you probably need to spend a lot more money. A drive array with a direct 3Gb to each drive is going to shift fast enough for most purposes.</p>
65147
65148 <p>Once you have removed the PERCs and plugged in your modern-ish 9211 HBAs, your next problem is going to be the cable. Both the PERCs and the backplane have SFF-8484 multi-lane connectors, which you might not recognise. SAS is a point-to-point system, the same as SATA, and a multi-lane cable is simply four single cables in a bundle with one plug. (Newer versions of SAS have more). SFF-8484 multi-lane connectors are somewhat rare, (but unfortunately this doesn’t make them valuable if you were hoping to flog them on eBay). The world switched quickly to the SFF-8087 for multi-lane SAS. The signals are electrically the same, but the connector is not.</p>
65149
65150 <p>Please generate and paste your ad code here. If left empty, the ad location will be highlighted on your blog pages with a reminder to enter your code. Mid-Post
65151 So there are two snags with this backplane. Firstly it’s designed to work with PERC controllers; secondly it has the old SFF-8484 connectors on the back, and any SAS cables you find are likely to have SFF-8087.</p>
65152
65153 <p>First things first – there is actually a jumper on the backplane to tell it whether it’s talking to a PERC or a standard LSI HBA. All you need to do is find it and change it. Fortunately there are very few jumpers to choose from (i.e. two), and you know the link is already in the wrong place. So try them one at a time until it works. The one you want may be labelled J15, but I wouldn’t like to say this was the same on every variant.</p>
65154
65155 <p>Second problem: the cable. You can get cables with an SFF-8087 on one end and an SFF-8484 on the other. These should work. But they’re usually rather expensive. If you want to make your own, it’s a PITA but at least you have the connectors already (assuming you didn’t bin the ones on the PERC cables).</p>
65156
65157 <p>I don’t know what committee designed SAS cable connectors, but ease of construction wasn’t foremost in their collective minds. You’re basically soldering twisted pair to a tiny PCB. This is mechanically rubbish, of course, as the slightest force on the cable will lift the track. Therefore its usual to cover the whole joint in solidified gunk (technical term) to protect it. Rewiring SAS connectors is definitely not easy.</p>
65158
65159 <p>I’ve tried various ways of soldering to them, none of which were satisfactory or rewarding. One method is to clip the all bare wires you wish to solder using something like a bulldog clip so they’re at lined up horizontally and then press then adjust the clamp so they’re gently pressed to the tracks on the board, making final adjustments with a strong magnifying glass and a fine tweezers. You can then either solder them with a fine temperature-controlled iron, or have pre-coated the pads with solder paste and flash across it with an SMD rework station. I’d love to know how they’re actually manufactured – using a precision jig I assume.</p>
65160
65161 <p>The “easy” way is to avoid soldering the connectors at all; simply cut existing cables in half and join one to the other. I’ve used prototyping matrix board for this. Strip and twist the conductors, push them through a hole and solder. This keeps things compact but manageable. We’re dealing with twisted pair here, so maintain the twists as close as possible to the board – it actually works quite well.</p>
65162
65163 <p>However, I’ve now found a reasonably-priced source of the appropriate cable so I don’t do this any more. Contact me if you need some in the UK.</p>
65164
65165 <p>So all that remains is to plug your HBAs to the backplane, shove in some drives and you’re away. If you’re at this stage, it “just works”. The access lights for all the drives do their thing as they should. The only mystery is how you can get the ident LED to come on; this may be controlled by the PERC when it detects a failure using the so-called sideband channel, or it may be operated by the electronics on the backplane. It’s workings are, I’m afraid, something of a mystery still – it’s got too much electronics on board to be a completely passive backplane.</p>
65166
65167 <p>Plan B: SATA</p>
65168
65169 <p>If you plan to use only SATA drives, especially if you don’t intend using more than six, it makes little sense to bother with SAS at all. The Gigabyte motherboard comes with half a dozen perfectly good 3Gb SATA channels, and if you need more you can always put another controller in a PCIe slot, or even USB. The advantages are lower cost and you get to free up two PCIe slots for more interesting things.</p>
65170
65171 <p>The down-side is that you can’t use the SAS backplane, but you can still use the mounting bays.</p>
65172
65173 <p>Removing the backplane looks tricky, but it really isn’t when you look a bit closer. Take out the fans first (held in place by rubber blocks), undo a couple of screws and it just lifts and slides out. You can then slot and lock in the drives and connect the SATA connectors directly to the back of the drives. You could even slide them out again without opening the case, as long as the cable was long enough and you manually detached the cable it when it was withdrawn. And let’s face it – drives are likely to last for years so even with half a dozen it’s not that great a hardship to open the case occasionally.</p>
65174
65175 <p>Next comes power. The PSU has a special connector for the backplane and two standard SATA power plugs. You could split these three ways using an adapter, but if you have a lot of drives you might want to re-wire the cables going to the backplane plug. It can definitely power twelve drives.</p>
65176
65177 <p>And that’s almost all there is to it. Unfortunately the main fans are connected to the backplane, which you’ve just removed. You can power them from an adapter on the drive power cables, but there are unused fan connectors on the motherboard. I’m doing a bit more research on cooling options, but this approach has promising possibilities for noise reduction.</p>
65178 </blockquote>
65179
65180 <p><hr /></p>
65181
65182 <h2>Beastie Bits</h2>
65183
65184 <ul>
65185 <li><a href="https://euroquis.nl/bobulate/?p=1787">Adriaan de Groot’s post FOSDEM blog post</a></li>
65186 <li><a href="https://www.manios.ca/blog/2018/01/my-first-freenas/">My First FreeNAS</a></li>
65187 <li><a href="https://lists.freebsd.org/pipermail/freebsd-fs/2018-March/025997.html">smart(8) Call for Testing by Michael Dexter</a></li>
65188 <li><a href="https://www.freebsdfoundation.org/blog/bsdcan-2018-travel-grant-application-now-open/">BSDCan 2018 Travel Grant Application Now Open</a></li>
65189 <li><a href="https://divelog.blue/linus_torvalds.html">BSD Developer Kristaps Dzonsons interviews Linus Torvalds, about diving</a></li>
65190 <li><a href="https://twitter.com/michaeldexter/status/979236774667939840">Twitter vote - The secret to a faster FreeBSD default build world...</a></li>
65191 <li><a href="https://tmate.io/">tmate - Instant terminal sharing</a></li>
65192 </ul>
65193
65194 <p><hr /></p>
65195
65196 <p><strong>Tarsnap</strong></p>
65197
65198 <h2>Feedback/Questions</h2>
65199
65200 <ul>
65201 <li>Vikash - <a href="http://dpaste.com/05X35B1#wrap">Getting a port added</a></li>
65202 <li>Chris Wells - <a href="http://dpaste.com/05S7A6V#wrap">Quarterly Ports Branch</a></li>
65203 <li><a href="https://github.com/freebsd/freebsd-ci">FreeBSD-CI configs on Github</a></li>
65204 <li><a href="https://wiki.freebsd.org/Jenkins">Jenkins on the FreeBSD Wiki</a></li>
65205 <li>Gordon - <a href="http://dpaste.com/0HSVFE7#wrap">Centralised storage suggestions</a></li>
65206 </ul>
65207
65208 <p><hr /></p>
65209
65210 <ul>
65211 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
65212 </ul>
65213
65214 <p><hr /></p>]]>
65215 </content:encoded>
65216 <itunes:summary>
65217 <![CDATA[<p>New ZFS features landing in FreeBSD, MAP_STACK for OpenBSD, how to write safer C code with Clang’s address sanitizer, Michael W. Lucas on sponsor gifts, TCP blackbox recorder, and Dell disk system hacking.</p>
65218
65219 <h2>Headlines</h2>
65220
65221 <h3>[A number of Upstream ZFS features landed in FreeBSD this week]</h3>
65222
65223 <ul>
65224 <li><p><a href="https://svnweb.freebsd.org/base?view=revision&revision=331711">9188 increase size of dbuf cache to reduce indirect block decompression</a></p>
65225
65226 <blockquote>
65227 <p>With compressed ARC (6950) we use up to 25% of our CPU to decompress indirect blocks, under a workload of random cached reads. To reduce this decompression cost, we would like to increase the size of the dbuf cache so that more indirect blocks can be stored uncompressed.
65228 If we are caching entire large files of recordsize=8K, the indirect blocks use 1/64th as much memory as the data blocks (assuming they have the same compression ratio). We suggest making the dbuf cache be 1/32nd of all memory, so that in this scenario we should be able to keep all the indirect blocks decompressed in the dbuf cache. (We want it to be more than the 1/64th that the indirect blocks would use because we need to cache other stuff in the dbuf cache as well.)
65229 In real world workloads, this won't help as dramatically as the example above, but we think it's still worth it because the risk of decreasing performance is low. The potential negative performance impact is that we will be slightly reducing the size of the ARC (by ~3%).</p>
65230 </blockquote></li>
65231 <li><p><a href="https://svnweb.freebsd.org/base?view=revision&revision=331701">9166 zfs storage pool checkpoint</a></p>
65232
65233 <blockquote>
65234 <p>The idea of Storage Pool Checkpoint (aka zpool checkpoint) deals with exactly that. It can be thought of as a “pool-wide snapshot” (or a variation of extreme rewind that doesn’t corrupt your data). It remembers the entire state of the pool at the point that it was taken and the user can revert back to it later or discard it. Its generic use case is an administrator that is about to perform a set of destructive actions to ZFS as part of a critical procedure. She takes a checkpoint of the pool before performing the actions, then rewinds back to it if one of them fails or puts the pool into an unexpected state. Otherwise, she discards it. With the assumption that no one else is making modifications to ZFS, she basically wraps all these actions into a “high-level transaction”.</p>
65235 </blockquote></li>
65236 <li><p><a href="https://sdimitro.github.io/post/zpool-checkpoint/">More information</a></p></li>
65237 <li><p><a href="https://svnweb.freebsd.org/base?view=revision&revision=331404">8484 Implement aggregate sum and use for arc counters</a></p>
65238
65239 <blockquote>
65240 <p>In pursuit of improving performance on multi-core systems, we should implements fanned out counters and use them to improve the performance of some of the arc statistics. These stats are updated extremely frequently, and can consume a significant amount of CPU time.</p>
65241 </blockquote></li>
65242 <li><p>And a small bug fix authored by me:</p></li>
65243 <li><a href="https://svnweb.freebsd.org/base?view=revision&revision=331709">9321 arc<em>loan</em>compressed<em>buf() can increment arc</em>loaned<em>bytes by the wrong value</a>
65244
65245
65246 <blockquote>
65247 arc</em>loan<em>compressed</em>buf() increments arc<em>loaned</em>bytes by psize unconditionally In the case of zfs<em>compressed</em>arc<em>enabled=0, when the buf is returned via arc</em>return<em>buf(), if ARC</em>BUF<em>COMPRESSED(buf) is false, then arc</em>loaned<em>bytes is decremented by lsize, not psize.
65248 Switch to using arc</em>buf<em>size(buf), instead of psize, which will return psize or lsize, depending on the result of ARC</em>BUF_COMPRESSED(buf).</li>
65249 </ul>
65250 <hr />
65251 </blockquote>
65252
65253 <h3><a href="https://marc.info/?l=openbsd-tech&m=152035796722258&w=2">MAP_STACK for OpenBSD</a></h3>
65254
65255
65256
65257 <blockquote>
65258 <p>Almost 2 decades ago we started work on W^X. The concept was simple. Pages that are writable, should not be executable. We applied this concept object by object, trying to seperate objects with different qualities to different pages. The first one we handled was the signal trampoline at the top of the stack. We just kept making changes in the same vein. Eventually W^X came to some of our kernel address spaces also.
65259 The fundamental concept is that an object should only have the
65260 permissions necessary, and any other operation should fault. The only permission separations we have are kernel vs userland, and then read, write, and execute.
65261 How about we add another new permission! This is not a hardware permission, but a software permission. It is opportunistically enforced by the kernel.
65262 the permission is MAP<em>STACK. If you want to use memory as a stack, you must mmap it with that flag bit. The kernel does so automatically for the stack region of a process's stack. Two other types of stack occur: thread stacks, and alternate signal stacks. Those are handled in clever ways.
65263 When a system call happens, we check if the stack-pointer register points to such a page. If it doesn't, the program is killed. We have tightened the ABI. You may no longer point your stack register at non-stack memory. You'll be killed. This checking code is MI, so it works for all platforms.
65264 Since page-permissions are generally done on page boundaries, there is caveat that thread and altstacks must now be page-sized and page-aligned, so that we can enforce the MAP</em>STACK attribute correctly. It is possible that a few ports need some massaging to satisfy this condition, but we haven't found any which break yet. A syslog_r has been added so that we can identify these failure cases. Also, the faulting cases are quite verbose for now, to help identify the programs we need to repair.</p>
65265 </blockquote>
65266
65267 <hr />
65268
65269
65270
65271 **iXsystems**
65272
65273
65274
65275 <h3><a href="https://dev.to/loderunner/writing-safer-c-with-clang-address-sanitizer">Writing Safer C with the Clang Address Sanitizer</a></h3>
65276
65277
65278
65279 <blockquote>
65280 <p>We wanted to improve our password strength algorithm, and decided to go for the industry-standard zxcvbn, from the people at Dropbox. Our web front-end would use the default Javascript library, and for mobile and desktop, we chose to use the C implementation as it was the lowest common denominator for all platforms.
65281 Bootstrapping all of this together was done pretty fast. I had toyed around with a few sample passwords so I decided to run it through the test suite we had for the previous password strength evaluator. The test generates a large number of random passwords according to different rules and expects the strength to be in a given range. But the test runner kept crashing with segmentation faults.
65282 It turns out the library has a lot of buffer overflow cases that are usually "harmless", but eventually crash your program when you run the evaluator function too much. I started fixing the cases I could see, but reading someone else's algorithms to track down tiny memory errors got old pretty fast. I needed a tool to help me.
65283 That's when I thought of Clang's Address Sanitizer.
65284 AddressSanitizer is a fast memory error detector. It consists of a compiler instrumentation module and a run-time library
65285 Let's try the sanitizer on a simple program. We'll allocate a buffer on the heap, copy each character of a string into it, and print it to standard output.
65286 + The site walks through a simple example which contains an error, it writes past the end of a buffer
65287 + The code works as expected, and nothing bad happens. It must be fine…
65288 + Then they compile it again with the address sanitizer actived
65289 So what can we gather from that pile of hex? Let's go through it line by line.
65290 AddressSanitizer found a heap buffer overflow at 0x60200000ef3d, a seemingly valid address (not NULL or any other clearly faulty value).
65291 + ASAN points directly to the line of code that is causing the problem
65292 We're writing outside of the heap in this instruction. And AddressSanitizer isn't having it.
65293 This is definitely one of my favorite indications. In addition to telling which line in the code failed and where in the memory the failure happened, you get a complete description of the closest allocated region in memory (which is probably the region you were trying to access).
65294 + They then walk through combining this with lldb, the Clang debugger, to actually interactively inspect the state of the problem when an invalid memory access happens
65295 Back to my practical case, how did I put the address sanitizer to good use? I simply ran the test suite, compiled with the sanitizer, with lldb. Sure enough, it stopped on every line that could cause a crash. It turns out there were many cases where zxcvbn-c wrote past the end of allocated buffers, on the heap and on the stack. I fixed those cases in the C library and ran the tests again. Not a segfault in sight!
65296 I've used memory tools in the past, but they were usually unwieldy, or put such a toll on performance that they were useless in any real-life case. Clang's address sanitizer turned out to be detailed, reliable, and surprisingly easy to use. I've heard of the miracles of Valgrind but macOS hardly supports it, making it a pain to use on my MacBook Pro.
65297 Coupled with Clang's static analyzer, AddressSanitizer is going to become a mandatory stop for evaluating code quality. It's also going to be the first tool I grab when facing confusing memory issues. There are many more case where I could use early failure and memory history to debug my code. For example, if a program crashes when accessing member of a deallocated object, we could easily trace the event that caused the deallocation, saving hours of adding and reading logs to retrace just what happened.</p>
65298 </blockquote>
65299
65300 <hr />
65301
65302
65303
65304
65305
65306
65307
65308 <h2>News Roundup</h2>
65309
65310
65311
65312 <h3><a href="https://blather.michaelwlucas.com/archives/3131">On sponsor gifts</a></h3>
65313
65314
65315
65316 <blockquote>
65317 <p>Note the little stack of customs forms off to the side. It’s like I’ve learned a lesson from standing at the post office counter filling out those stupid forms. Sponsors should get their books soon.</p>
65318
65319 <p>This seems like an apropos moment to talk about what I do for print sponsors. I say I send them “a gift,” but what does that really mean? The obvious thing to ship them is a copy of the book I’ve written. Flat-out selling print books online has tax implications, though.</p>
65320
65321 <p>Sponsors might have guessed that they’d get a copy of the book. But I shipped them the hardcover, which isn’t my usual practice.</p>
65322
65323 <p>That’s because I send sponsors a gift. As it’s a gift, I get to choose what I send. I want to send them something nice, to encourage them to sponsor another book. It makes no sense for me to send a sponsor a Singing Wedgie-O-Gram. (Well, maybe a couple sponsors. You know who you are.)</p>
65324
65325 <p>The poor bastards who bought into my scam–er, sponsored my untitled book–have no idea what’s coming. As of right now, their sensible guesses are woefully incomplete.</p>
65326
65327 <p>Future books? They might get a copy of the book. They might get book plus something. They might just get the something. Folks who sponsor the jails book might get a cake with a file in it. Who knows?</p>
65328
65329 <p>It’s a gift. It’s my job to make that gift worthwhile.</p>
65330
65331 <p>And to amuse myself. Because otherwise, what’s the point?</p>
65332 </blockquote>
65333
65334 <hr />
65335
65336
65337
65338
65339
65340 <h3><a href="https://svnweb.freebsd.org/base?view=revision&revision=331347">TCP Blackbox Recorder</a></h3>
65341
65342 ```
65343 Add the "TCP Blackbox Recorder" which we discussed at the developer
65344 summits at BSDCan and BSDCam in 2017.
65345
65346 The TCP Blackbox Recorder allows you to capture events on a TCP connection
65347 in a ring buffer. It stores metadata with the event. It optionally stores
65348 the TCP header associated with an event (if the event is associated with a
65349 packet) and also optionally stores information on the sockets.
65350
65351 It supports setting a log ID on a TCP connection and using this to correlate
65352 multiple connections that share a common log ID.
65353
65354 You can log connections in different modes. If you are doing a coordinated
65355 test with a particular connection, you may tell the system to put it in
65356 mode 4 (continuous dump). Or, if you just want to monitor for errors, you
65357 can put it in mode 1 (ring buffer) and dump all the ring buffers associated
65358 with the connection ID when we receive an error signal for that connection
65359 ID. You can set a default mode that will be applied to a particular ratio
65360 of incoming connections. You can also manually set a mode using a socket
65361 option.
65362
65363 This commit includes only basic probes. rrs@ has added quite an abundance
65364 of probes in his TCP development work. He plans to commit those soon.
65365
65366 There are user-space programs which we plan to commit as ports. These read
65367 the data from the log device and output pcapng files, and then let you
65368 analyze the data (and metadata) in the pcapng files.
65369
65370 Reviewed by: gnn (previous version)
65371 Obtained from: Netflix, Inc.
65372 Relnotes: yes
65373 Differential Revision: https://reviews.freebsd.org/D11085
65374 ```
65375
65376
65377
65378 <hr />
65379
65380
65381
65382 **Digital Ocean**
65383
65384
65385
65386 <h3><a href="https://euroquis.nl/bobulate/?p=1812">Outta the way, KDE4</a></h3>
65387
65388
65389
65390 <blockquote>
65391 <p>KDE4 has been rudely moved aside on FreeBSD. It still installs (use x11/kde4) and should update without a problem, but this is another step towards adding modern KDE (Plasma 5 and Applications) to the official FreeBSD Ports tree.
65392 This has taken a long time mostly for administrative reasons, getting all the bits lined up so that people sticking with KDE4 (which, right now, would be everyone using KDE from official ports and packages on FreeBSD) don’t end up with a broken desktop. We don’t want that. But now that everything Qt4 and kdelibs4-based has been moved aside by suffixing it with -kde4, we have the unsuffixed names free to indicate the latest-and-greatest from upstream.</p>
65393
65394 <p>KDE4 users will see a lot of packages moving around and being renamed, but no functional changes. Curiously, the KDE4 desktop depends on Qt5 and KDE Frameworks 5 — and it has for quite some time already, because the Oxygen icons are shared with KDE Frameworks, but primarily because FileLight was updated to the modern KDE Applications version some time ago (the KDE4 version had some serious bugs, although I can not remember what they were). Now that the names are cleaned up, we could consider giving KDE4 users the buggy version back.</p>
65395
65396 <p>From here on, we’ve got the following things lined up:</p>
65397 </blockquote>
65398
65399 <ul>
65400 <li>Qt 5.10 is being worked on, except for WebEngine (it would slow down an update way too much), because Plasma is going to want Qt 5.10 soon.</li>
65401 <li>CMake 3.11 is in the -rc stage, so that is being lined up.</li>
65402 <li>The kde5-import branch in KDE-FreeBSD’s copy of the FreeBSD ports tree (e.g. Area51) is being prepped and polished for a few big SVN commits that will add all the new bits.</li>
65403 </ul>
65404
65405 <blockquote>
65406 <p>So we’ve been saying Real Soon Now ™ for years, but things are Realer Sooner Nower ™ now.</p>
65407 </blockquote>
65408
65409 <p><hr /></p>
65410
65411 <h3><a href="http://blog.frankleonhardt.com/2017/del-fs12-nv7-and-other-2u-server-e-g-c6100-disk-system-hacking/">Dell FS12-NV7 and other 2U server (e.g. C6100) disk system hacking</a></h3>
65412
65413 <blockquote>
65414 <p>A while back I reviewed the Dell FS12-NV7 – a 2U rack server being sold cheap by all and sundry. It’s a powerful box, even by modern standards, but one of its big drawbacks is the disk system it comes with. But it needn’t be.</p>
65415
65416 <p>There are two viable solutions, depending on what you want to do. You can make use of the SAS backplane, using SAS and/or SATA drives, or you can go for fewer SATA drives and free up one or more PCIe slots as Plan B. You probably have an FS12 because it looks good for building a drive array (or even FreeNAS) so I’ll deal with Plan A first.</p>
65417
65418 <p>Like most Dell servers, this comes with a Dell PERC RAID SAS controller – a PERC6/i to be precise. This ‘I’ means it has internal connectors; the /E is the same but its sockets are external.</p>
65419
65420 <p>The PERC connects to a twelve-slot backplane forming a drive array at the front of the box. More on the backplane later; it’s the PERCs you need to worry about.</p>
65421
65422 <p>The PERC6 is actually an LSI Megaraid 1078 card, which is just the thing you need if you’re running an operating system like Windows that doesn’t support a volume manager, striping and other grown-up stuff. Or if your OS does have these features, but you just don’t trust it. If you are running such an OS you may as well stick to the PERC6, and good luck to you. If you’re using BSD (including FreeNAS), Solaris or a Linux distribution that handles disk arrays, read on. The PERC6 is a solution to a problem you probably don’t have, but in all other respects its a turkey. You really want a straightforward HBA (Host Bus Adapter) that allows your clever operating system to talk directly with the drives.</p>
65423
65424 <p>Any SAS card based on the 1078 (such as the PERC6) is likely to have problems with drives larger than 2Tb. I’m not completely sure why, but I suspect it only applies to SATA. Unfortunately I don’t have any very large SAS drives to test this theory. A 2Tb limit isn’t really such a problem when you’re talking about a high performance array, as lots of small drives are a better option anyway. But it does matter if you’re building a very large datastore and don’t mind slower access and very significant resilvering times when you replace a drive. And for large datastores, very large SATA drives save you a whole lot of cash. The best capacity/cost ratio is for 5Gb SATA drives</p>
65425
65426 <p>Some Dell PERCs can be re-flashed with LSI firmware and used as a normal HBA. Unfortunately the PERC6 isn’t one of them. I believe the PERC6/R can be, but those I’ve seen in a FS12 are just a bit too old. So the first thing you’ll need to do is dump them in the recycling or try and sell them on eBay.</p>
65427
65428 <p>There are actually two PERC6 cards in most machine, and they each support eight SAS channels through two SFF-8484 connectors on each card. Given there are twelve drives slots, one of the PERCs is only half used. Sometimes they have a cable going off to a battery located near the fans. This is used in a desperate attempt to keep the data in the card’s cache safe in order to avoid write holes corrupting NTFS during a power failure, although the data on the on-drive caches won’t be so lucky. If you’re using a file system like that, make sure you have a UPS for the whole lot.</p>
65429
65430 <p>But we’re going to put the PERCs out of our misery and replace them with some nice new LSI HBAs that will do our operating system’s bidding and let it talk to the drives as it knows best. But which to pick? First we need to know what we’re connecting.</p>
65431
65432 <p>Moving to the front of the case there are twelve metal drive slots with a backplane behind. Dell makes machines with either backplanes or expanders. A backplane has a 1:1 SAS channel to drive connection; an expander takes one SAS channel and multiplexes it to (usually) four drives. You could always swap the blackplane with an expander, but I like the 1:1 nature of a backplane. It’s faster, especially if you’re configured as an array. And besides, we don’t want to spend more money than we need to, otherwise we wouldn’t be hot-rodding a cheap 2U server in the first place – expanders are expensive. Bizarrely, HBAs are cheap in comparison. So we need twelve channels of SAS that will connect to the sockets on the backplane.</p>
65433
65434 <p>The HBA you will probably want to go with is an LSI, as these have great OS support. Other cards are available, but check that the drivers are also available. The obvious choice for SAS aficionados is the LSI 9211-8i, which has eight internal channels. This is based on an LSI 2000 series chip, the 2008, which is the de-facto standard. There’s also four-channel -4i version, so you could get your twelve channels using one of each – but the price difference is small these days, so you might as well go for two -8i cards. If you want cheaper there are 1068-based equivalent cards, and these work just fine at about half the price. They probably won’t work with larger disks, only operate at 3Gb and the original SAS standard. However, the 2000 series is only about £25 extra and gives you more options for the future. A good investment. Conversely, the latest 3000 series cards can do some extra stuff (particularly to do with active cables) but I can’t see any great advantage in paying megabucks for one unless you’re going really high-end – in which case the NV12 isn’t the box for you anyway. And you’d need some very fast drives and a faster backplane to see any speed advantage. And probably a new motherboard….</p>
65435
65436 <p>Whether the 6Gb SAS2 of the 9211-8i is any use on the backplane, which was designed for 3Gb, I don’t know. If it matters that much to you you probably need to spend a lot more money. A drive array with a direct 3Gb to each drive is going to shift fast enough for most purposes.</p>
65437
65438 <p>Once you have removed the PERCs and plugged in your modern-ish 9211 HBAs, your next problem is going to be the cable. Both the PERCs and the backplane have SFF-8484 multi-lane connectors, which you might not recognise. SAS is a point-to-point system, the same as SATA, and a multi-lane cable is simply four single cables in a bundle with one plug. (Newer versions of SAS have more). SFF-8484 multi-lane connectors are somewhat rare, (but unfortunately this doesn’t make them valuable if you were hoping to flog them on eBay). The world switched quickly to the SFF-8087 for multi-lane SAS. The signals are electrically the same, but the connector is not.</p>
65439
65440 <p>Please generate and paste your ad code here. If left empty, the ad location will be highlighted on your blog pages with a reminder to enter your code. Mid-Post
65441 So there are two snags with this backplane. Firstly it’s designed to work with PERC controllers; secondly it has the old SFF-8484 connectors on the back, and any SAS cables you find are likely to have SFF-8087.</p>
65442
65443 <p>First things first – there is actually a jumper on the backplane to tell it whether it’s talking to a PERC or a standard LSI HBA. All you need to do is find it and change it. Fortunately there are very few jumpers to choose from (i.e. two), and you know the link is already in the wrong place. So try them one at a time until it works. The one you want may be labelled J15, but I wouldn’t like to say this was the same on every variant.</p>
65444
65445 <p>Second problem: the cable. You can get cables with an SFF-8087 on one end and an SFF-8484 on the other. These should work. But they’re usually rather expensive. If you want to make your own, it’s a PITA but at least you have the connectors already (assuming you didn’t bin the ones on the PERC cables).</p>
65446
65447 <p>I don’t know what committee designed SAS cable connectors, but ease of construction wasn’t foremost in their collective minds. You’re basically soldering twisted pair to a tiny PCB. This is mechanically rubbish, of course, as the slightest force on the cable will lift the track. Therefore its usual to cover the whole joint in solidified gunk (technical term) to protect it. Rewiring SAS connectors is definitely not easy.</p>
65448
65449 <p>I’ve tried various ways of soldering to them, none of which were satisfactory or rewarding. One method is to clip the all bare wires you wish to solder using something like a bulldog clip so they’re at lined up horizontally and then press then adjust the clamp so they’re gently pressed to the tracks on the board, making final adjustments with a strong magnifying glass and a fine tweezers. You can then either solder them with a fine temperature-controlled iron, or have pre-coated the pads with solder paste and flash across it with an SMD rework station. I’d love to know how they’re actually manufactured – using a precision jig I assume.</p>
65450
65451 <p>The “easy” way is to avoid soldering the connectors at all; simply cut existing cables in half and join one to the other. I’ve used prototyping matrix board for this. Strip and twist the conductors, push them through a hole and solder. This keeps things compact but manageable. We’re dealing with twisted pair here, so maintain the twists as close as possible to the board – it actually works quite well.</p>
65452
65453 <p>However, I’ve now found a reasonably-priced source of the appropriate cable so I don’t do this any more. Contact me if you need some in the UK.</p>
65454
65455 <p>So all that remains is to plug your HBAs to the backplane, shove in some drives and you’re away. If you’re at this stage, it “just works”. The access lights for all the drives do their thing as they should. The only mystery is how you can get the ident LED to come on; this may be controlled by the PERC when it detects a failure using the so-called sideband channel, or it may be operated by the electronics on the backplane. It’s workings are, I’m afraid, something of a mystery still – it’s got too much electronics on board to be a completely passive backplane.</p>
65456
65457 <p>Plan B: SATA</p>
65458
65459 <p>If you plan to use only SATA drives, especially if you don’t intend using more than six, it makes little sense to bother with SAS at all. The Gigabyte motherboard comes with half a dozen perfectly good 3Gb SATA channels, and if you need more you can always put another controller in a PCIe slot, or even USB. The advantages are lower cost and you get to free up two PCIe slots for more interesting things.</p>
65460
65461 <p>The down-side is that you can’t use the SAS backplane, but you can still use the mounting bays.</p>
65462
65463 <p>Removing the backplane looks tricky, but it really isn’t when you look a bit closer. Take out the fans first (held in place by rubber blocks), undo a couple of screws and it just lifts and slides out. You can then slot and lock in the drives and connect the SATA connectors directly to the back of the drives. You could even slide them out again without opening the case, as long as the cable was long enough and you manually detached the cable it when it was withdrawn. And let’s face it – drives are likely to last for years so even with half a dozen it’s not that great a hardship to open the case occasionally.</p>
65464
65465 <p>Next comes power. The PSU has a special connector for the backplane and two standard SATA power plugs. You could split these three ways using an adapter, but if you have a lot of drives you might want to re-wire the cables going to the backplane plug. It can definitely power twelve drives.</p>
65466
65467 <p>And that’s almost all there is to it. Unfortunately the main fans are connected to the backplane, which you’ve just removed. You can power them from an adapter on the drive power cables, but there are unused fan connectors on the motherboard. I’m doing a bit more research on cooling options, but this approach has promising possibilities for noise reduction.</p>
65468 </blockquote>
65469
65470 <p><hr /></p>
65471
65472 <h2>Beastie Bits</h2>
65473
65474 <ul>
65475 <li><a href="https://euroquis.nl/bobulate/?p=1787">Adriaan de Groot’s post FOSDEM blog post</a></li>
65476 <li><a href="https://www.manios.ca/blog/2018/01/my-first-freenas/">My First FreeNAS</a></li>
65477 <li><a href="https://lists.freebsd.org/pipermail/freebsd-fs/2018-March/025997.html">smart(8) Call for Testing by Michael Dexter</a></li>
65478 <li><a href="https://www.freebsdfoundation.org/blog/bsdcan-2018-travel-grant-application-now-open/">BSDCan 2018 Travel Grant Application Now Open</a></li>
65479 <li><a href="https://divelog.blue/linus_torvalds.html">BSD Developer Kristaps Dzonsons interviews Linus Torvalds, about diving</a></li>
65480 <li><a href="https://twitter.com/michaeldexter/status/979236774667939840">Twitter vote - The secret to a faster FreeBSD default build world...</a></li>
65481 <li><a href="https://tmate.io/">tmate - Instant terminal sharing</a></li>
65482 </ul>
65483
65484 <p><hr /></p>
65485
65486 <p><strong>Tarsnap</strong></p>
65487
65488 <h2>Feedback/Questions</h2>
65489
65490 <ul>
65491 <li>Vikash - <a href="http://dpaste.com/05X35B1#wrap">Getting a port added</a></li>
65492 <li>Chris Wells - <a href="http://dpaste.com/05S7A6V#wrap">Quarterly Ports Branch</a></li>
65493 <li><a href="https://github.com/freebsd/freebsd-ci">FreeBSD-CI configs on Github</a></li>
65494 <li><a href="https://wiki.freebsd.org/Jenkins">Jenkins on the FreeBSD Wiki</a></li>
65495 <li>Gordon - <a href="http://dpaste.com/0HSVFE7#wrap">Centralised storage suggestions</a></li>
65496 </ul>
65497
65498 <p><hr /></p>
65499
65500 <ul>
65501 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
65502 </ul>
65503
65504 <p><hr /></p>]]>
65505 </itunes:summary>
65506 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+RD42T0jn</fireside:playerURL>
65507 <fireside:playerEmbedCode>
65508 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+RD42T0jn" width="740" height="200" frameborder="0" scrolling="no">]]>
65509 </fireside:playerEmbedCode>
65510 </item>
65511 <item>
65512 <title>Episode 239: The Return To ptrace | BSD Now 239</title>
65513 <link>https://www.bsdnow.tv/239</link>
65514 <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-1668</guid>
65515 <pubDate>Thu, 29 Mar 2018 08:00:00 -0700</pubDate>
65516 <author>Allan Jude</author>
65517 <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/17c4fe12-c4ee-47a7-8d14-1a73407e86f4.mp3" length="44655271" type="audio/mp3"/>
65518 <itunes:episodeType>full</itunes:episodeType>
65519 <itunes:author>Allan Jude</itunes:author>
65520 <itunes:subtitle>OpenBSD firewalling Windows 10, NetBSD’s return to ptrace, TCP Alternative Backoff, the BSD Poetic license, and AsiaBSDcon 2018 videos available.</itunes:subtitle>
65521 <itunes:duration>1:32:43</itunes:duration>
65522 <itunes:explicit>no</itunes:explicit>
65523 <itunes:image href="https://assets.fireside.fm/file/fireside-images/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
65524 <description>OpenBSD firewalling Windows 10, NetBSD’s return to ptrace, TCP Alternative Backoff, the BSD Poetic license, and AsiaBSDcon 2018 videos available.
65525 <h3>RSS Feeds:</h3>
65526 <p><a href="http://feeds.feedburner.com/BsdNowMp3">MP3 Feed</a> <strong>|</strong> <a href="https://itunes.apple.com/us/podcast/bsd-now-mp3/id701045710?mt=2">iTunes Feed</a> <strong>|</strong> <a href="http://feeds.feedburner.com/BsdNowHd">HD Vid Feed</a> <strong>|</strong> <a href="http://bitlove.org/jupiterbroadcasting/bsdnowhd/feed">HD Torrent Feed</a></p>
65527
65528 <h3><a href="http://www.patreon.com/jupitersignal">Become a supporter on Patreon</a>:</h3>
65529
65530 <p><a href="http://www.patreon.com/jupitersignal" rel="Support us on Patreon"><img src="http://i.imgur.com/2ioAf3Q.png" alt="Patreon" /></a></p>
65531
65532 <h3>- Show Notes: -</h3>
65533
65534 <h2>Headlines</h2>
65535
65536 <h3><a href="https://www.ibm.com/developerworks/community/blogs/karsten/entry/Preventing_Windows_10_and_untrusted_software_from_having_full_access_to_the_internet?lang=en">Preventing Windows 10 and untrusted software from having full access to the internet using OpenBSD</a></h3>
65537
65538 <blockquote>
65539 <p>Whilst setting up one of my development laptops to port some software to Windows I noticed Windows 10 doing crazy things like installing or updating apps and games by default after initial setup. The one I noticed in particular was Candy Crush Soda Saga which for those who don't know of it is some cheesy little puzzle game originally for consumer devices. I honestly did not want software like this near to a development machine. It has also been reported that Windows 10 now also updates core system software without notifying the user. Surely this destroys any vaguely deterministic behaviour, in my opinion making Windows 10 by default almost useless for development testbeds.</p>
65540
65541 <p>Deciding instead to start from scratch but this time to set the inbuilt Windows Firewall to be very restrictive and only allow a few select programs to communicate. In this case all I really needed to be online was Firefox, Subversion and Putty. To my amusement (and astonishment) I found out that the Windows firewall could be modified to give access very easily by programs during installation (usually because this task needs to be done with admin privileges). It also seems that Windows store Apps can change the windows firewall settings at any point. One way to get around this issue could be to install a 3rd party firewall that most software will not have knowledge about and thus not attempt to break through. However the only decent firewall I have used was Sygate Pro which unfortunately is no longer supported by recent operating systems. The last supported versions was 2003, XP and 2000. In short, I avoid 3rd party firewalls.</p>
65542
65543 <p>Instead I decided to trap Windows 10 (and all of it's rogue updaters) behind a virtual machine running OpenBSD. This effectively provided me with a full blown firewall appliance. From here I could then allow specific software I trusted through the firewall (via a proxy) in a safe, controlled and deterministic manner. For other interested developers (and security conscious users) and for my own reference, I have listed the steps taken here:</p>
65544 </blockquote>
65545
65546 <ul>
65547 <li><p>1) First and foremost disable the Windows DHCP service - this is so no IP can be obtained on any interface. This effectively stops any communication with any network on the host system. This can be done by running services.msc with admin privileges and stopping and disabling the service called DHCP Client.</p></li>
65548 <li><p>2) Install or enable your favorite virtualization software - I have tested this with both VirtualBox and Hyper-V. Note that on non-server versions of Windows, in order to get Hyper-V working, your processor also needs to support SLAT which is daft so to avoid faffing about, I recommend using VirtualBox to get round this seemingly arbitrary restriction.</p></li>
65549 <li><p>3) Install OpenBSD on the VM - Note, if you decide to use Hyper-V, its hardware support isn't 100% perfect to run OpenBSD and you will need to disable a couple of things in the kernel. At the initial boot prompt, run the following commands.</p></li>
65550 </ul>
65551
65552 <p><code>
65553 config -e -o /bsd /bsd
65554 disable acpi
65555 disable mpbios
65556 </code></p>
65557
65558 <ul>
65559 <li><p>4) Add a host only virtual adapter to the VM - This is the one which we are going to connect through the VM with. Look at the IP that VirtualBox assigns this in network manager on the host machine. Mine was [b]192.168.56.1[/b]. Set up the adapter in the OpenBSD VM to have a static address on the same subnet. For example [b]192.168.56.2[/b]. If you are using Hyper-V and OpenBSD, make sure you add a "Legacy Interface" because no guest additions are available. Then set up a virtual switch which is host only.</p></li>
65560 <li><p>5) Add a bridged adapter to the VM - then assign it to whichever interface you wanted to connect to the external network with. Note that if using Wireless, set the bridged adapters MAC address to the same as your physical device or the access point will reject it. This is not needed (or possible) on Hyper-V because the actual device is "shared" rather than bridged so the same MAC address is used. Again, if you use Hyper-V, then add another virtual switch and attach it to your chosen external interface. VMs in Hyper-V "share" an adapter within a virtual switch and there is the option to also disable the hosts ability to use this interface at the same time which is fine for an additional level of security if those pesky rogue apps and updaters can also enable / disable DHCP service one day which wouldn't be too surprising.</p></li>
65561 <li><p>6) Connect to your network in the host OS - In case of Wireless, select the correct network from the list and type in a password if needed. Windows will probably say "no internet available", it also does not assign an IP address which is fine.</p></li>
65562 <li><p>7) Install the Squid proxy package on the OpenBSD guest and enable the daemon</p></li>
65563 </ul>
65564
65565 <p>```</p>
65566
65567 <h4>pkg_add squid</h4>
65568
65569 <h4>echo 'squid_flags=""' >> /etc/rc.conf.local</h4>
65570
65571 <h4>/etc/rc.d/squid start</h4>
65572
65573 <p>```</p>
65574
65575 <blockquote>
65576 <p>We will use this service for a limited selection of "safe and trusted" programs to connect to the outside world from within the Windows 10 host. You can also use putty on the host to connect to the VM via SSH and create a SOCKS proxy which software like Firefox can also use to connect externally.</p>
65577 </blockquote>
65578
65579 <ul>
65580 <li><p>8) Configure the software you want to be able to access the external network with</p>
65581
65582 <ul><li>Firefox - go to the connection settings and specify the VMs IP address for the proxy.</li>
65583 <li>Subversion - modify the %HOME%\AppData\Roaming\Subversion\servers file and change the HTTP proxy field to the VMs IP. This is important to communicate with GitHub via https:// (Yes, GitHub also supports Subversion). For svn:// addresses you can use Putty to port forward.</li>
65584 <li>Chromium/Chrome - unfortunately uses the global Windows proxy settings which defeats much of the purpose of this exercise if we were going to allow <em>all</em> of Windows access to the internet via the proxy. It would become mayhem again. However we can still use Putty to create a SOCKS proxy and then launch the browser with the following flags:</li></ul></li>
65585 </ul>
65586
65587 <p><code>
65588 --proxy-server="socks5://&lt;VM IP&gt;:&lt;SOCKS PORT&gt;"
65589 --host-resolver-rules="MAP * 0.0.0.0 , EXCLUDE &lt;VM IP&gt;"
65590 </code></p>
65591
65592 <ul>
65593 <li>9) Congratulations, you are now done - Admittedly this process can be a bit fiddly to set up but it completely prevents Windows 10 from making a complete mess. This solution is probably also useful for those who like privacy or don't like the idea of their software "phoning home". Hope you find this useful and if you have any issues, please feel free to leave questions in the comments.</li>
65594 </ul>
65595
65596 <hr />
65597 <h3><a href="https://blog.netbsd.org/tnf/entry/lldb_restoration_and_return_to">LLDB restoration and return to ptrace(2)</a></h3>
65598
65599 <blockquote>
65600 <p>I've managed to unbreak the LLDB debugger as much as possible with the current kernel and hit problems with ptrace(2) that are causing issues with further work on proper NetBSD support. Meanwhile, I've upstreamed all the planned NetBSD patches to sanitizers and helped other BSDs to gain better or initial support.</p>
65601 </blockquote>
65602
65603 <ul>
65604 <li>LLDB</li>
65605 </ul>
65606
65607 <blockquote>
65608 <p>Since the last time I worked on LLDB, we have introduced many changes to the kernel interfaces (most notably related to signals) that apparently fixed some bugs in Go and introduced regressions in ptrace(2). Part of the regressions were noted by the existing ATF tests. However, the breakage was only marked as a new problem to resolve. For completeness, the ptrace(2) code was also cleaned up by Christos Zoulas, and we fixed some bugs with compat32.</p>
65609
65610 <p>I've fixed a crash in *NetBSD::Factory::Launch(), triggered on startup of the lldb-server application.</p>
65611
65612 <p>Here is the commit message:</p>
65613 </blockquote>
65614
65615 <p>```
65616 We cannot call process_up->SetState() inside
65617 the NativeProcessNetBSD::Factory::Launch
65618 function because it triggers a NULL pointer
65619 deference.</p>
65620
65621 <p>The generic code for launching a process in:
65622 GDBRemoteCommunicationServerLLGS::LaunchProcess
65623 sets the m<em>debugged</em>process<em>up pointer after
65624 a successful call to m</em>process<em>factory.Launch().
65625 If we attempt to call process</em>up->SetState()
65626 inside a platform specific Launch function we
65627 end up dereferencing a NULL pointer in
65628 NativeProcessProtocol::GetCurrentThreadID().</p>
65629
65630 <p>Use the proper call process<em>up->SetState(,false)
65631 that sets notify</em>delegates to false.
65632 ```</p>
65633
65634 <ul>
65635 <li>Sanitizers</li>
65636 </ul>
65637
65638 <blockquote>
65639 <p>I suspended development of new features in sanitizers last month, but I was still in the process of upstreaming of local patches. This process was time-consuming as it required rebasing patches, adding dedicated tests, and addressing all other requests and comments from the upstream developers.</p>
65640
65641 <p>I'm not counting hot fixes, as some changes were triggering build or test issues on !NetBSD hosts. Thankfully all these issues were addressed quickly. The final result is a reduction of local delta size of almost 1MB to less than 100KB (1205 lines of diff). The remaining patches are rescheduled for later, mostly because they depend on extra work with cross-OS tests and prior integration of sanitizers with the basesystem distribution. I didn't want to put extra work here in the current state of affairs and, I've registered as a mentor for Google Summer of Code for the NetBSD Foundation and prepared Software Quality improvement tasks in order to outsource part of the labour.</p>
65642 </blockquote>
65643
65644 <ul>
65645 <li>Userland changes</li>
65646 </ul>
65647
65648 <blockquote>
65649 <p>I've also improved documentation for some of the features of NetBSD, described in man-pages. These pieces of information were sometimes wrong or incomplete, and this makes covering the NetBSD system with features such as sanitizers harder as there is a mismatch between the actual code and the documented code.</p>
65650
65651 <p>Some pieces of software also require better namespacing support, these days mostly for the POSIX standard. I've fixed few low-hanging fruits there and requested pullups to NetBSD-8(BETA).</p>
65652
65653 <p>I thank the developers for improving the landed code in order to ship the best solutions for users.</p>
65654 </blockquote>
65655
65656 <ul>
65657 <li>BSD collaboration in LLVM</li>
65658 </ul>
65659
65660 <blockquote>
65661 <p>A One-man-show in human activity is usually less fun and productive than collaboration in a team. This is also true in software development. Last month I was helping as a reviewer to port LLVM features to FreeBSD and when possible to OpenBSD. This included MSan/FreeBSD, libFuzzer/FreeBSD, XRay/FreeBSD and UBSan/OpenBSD.</p>
65662
65663 <p>I've landed most of the submitted and reviewed code to the mainstream LLVM tree.</p>
65664
65665 <p>Part of the code also verified the correctness of NetBSD routes in the existing porting efforts and showed new options for improvement. This is the reason why I've landed preliminary XRay/NetBSD code and added missing NetBSD bits to ToolChain::getOSLibName(). The latter produced setup issues with the prebuilt LLVM toolchain, as the directory name with compiler-rt goodies were located in a path like ./lib/clang/7.0.0/lib/netbsd8.99.12 with a varying OS version. This could stop working after upgrades, so I've simplified it to "netbsd", similar to FreeBSD and Solaris.</p>
65666 </blockquote>
65667
65668 <ul>
65669 <li>Prebuilt toolchain for testers</li>
65670 </ul>
65671
65672 <blockquote>
65673 <p>I've prepared a build of Clang/LLVM with LLDB and compiler-rt features prebuilt on NetBSD/amd64 v. 8.99.12:</p>
65674 </blockquote>
65675
65676 <p><code>llvm-clang-compilerrt-lldb-7.0.0beta_2018-02-28.tar.bz2</code></p>
65677
65678 <ul>
65679 <li>Plan for the next milestone</li>
65680 </ul>
65681
65682 <blockquote>
65683 <p>With the approaching NetBSD 8.0 release I plan to finish backporting a few changes there from HEAD:</p>
65684 </blockquote>
65685
65686 <ul>
65687 <li>Remove one unused feature from ptrace(2), PT<em>SET</em>SIGMASK &amp; PT<em>GET</em>SIGMASK. I've originally introduced these operations with criu/rr-like software in mind, but they are misusing or even abusing ptrace(2) and are not regular process debuggers. I plan to remove this operation from HEAD and backport this to NetBSD-8(BETA), before the release, so no compat will be required for this call. Future ports of criu/rr should involve dedicated kernel support for such requirements.
65688 Finish the backport of <em>UC</em>MACHINE_FP() to NetBSD-8. This will allow use of the same code in sanitizers in HEAD and NetBSD-8.0.</li>
65689 <li>By popular demand, improve the regnsub(3) and regasub(3) API, adding support for more or less substitutions than 10.</li>
65690 </ul>
65691
65692 <blockquote>
65693 <p>Once done, I will return to ptrace(2) debugging and corrections.</p>
65694 </blockquote>
65695
65696 <hr />
65697 <p><strong>DigitalOcean</strong></p>
65698
65699 <h3><a href="https://t.pagef.lt/working-with-the-netbsd-kernel/">Working with the NetBSD kernel</a></h3>
65700
65701 <ul>
65702 <li>Overview</li>
65703 </ul>
65704
65705 <blockquote>
65706 <p>When working on complex systems, such as OS kernels, your attention span and cognitive energy are too valuable to be wasted on inefficiencies pertaining to ancillary tasks. After experimenting with different environmental setups for kernel debugging, some of which were awkward and distracting from my main objectives, I have arrived to my current workflow, which is described here. This approach is mainly oriented towards security research and the study of kernel internals.</p>
65707
65708 <p>Before delving into the details, this is the general outline of my environment:</p>
65709
65710 <p>My host system runs Linux. My target system is a QEMU guest.</p>
65711
65712 <p>I’m tracing and debugging on my host system by attaching GDB (with NetBSD x86-64 ABI support) to QEMU’s built-in GDB server.
65713 I work with NetBSD-current. All sources are built on my host system with the cross-compilation toolchain produced by build.sh.
65714 I use NFS to share the source tree and the build artifacts between the target and the host.
65715 I find IDEs awkward, so for codebase navigation I mainly rely on vim, tmux and ctags.
65716 For non-intrusive instrumentation, such as figuring out control flow, I’m using dtrace.</p>
65717 </blockquote>
65718
65719 <ul>
65720 <li><p>Preparing the host system</p>
65721
65722 <ul><li>QEMU</li>
65723 <li>GDB</li>
65724 <li>NFS Exports</li></ul></li>
65725 <li><p>Building NetBSD-current</p></li>
65726 <li><p>A word of warning</p>
65727
65728 <ul><li>Now is a great time to familiarize yourself with the build.sh tool and its options. Be especially carefull with the following options:</li></ul></li>
65729 </ul>
65730
65731 <p><code>
65732 -r Remove contents of TOOLDIR and DESTDIR before building.
65733 -u Set MKUPDATE=yes; do not run "make clean" first.
65734 Without this, everything is rebuilt, including the tools.
65735 </code></p>
65736
65737 <blockquote>
65738 <p>Chance are, you do not want to use these options once you’ve successfully built the cross-compilation toolchain and your entire userland, because building those takes time and there aren’t many good reasons to recompile them from scratch. Here’s what to expect:</p>
65739
65740 <p>On my desktop, running a quad-core Intel i5-3470 at 3.20GHz with 24GB of RAM and underlying directory structure residing on a SSD drive, the entire process took about 55 minutes. I was running make with -j12, so the machine was quite busy.
65741 On an old Dell D630 laptop, running Intel Core 2 Duo T7500 at 2.20GHz with 4GB of RAM and a slow hard drive (5400RPM), the process took approximatelly 2.5 hours. I was running make with -j4. Based on the temperature alerts and CPU clock throttling messages, it was quite a struggle.</p>
65742 </blockquote>
65743
65744 <ul>
65745 <li>Acquiring the sources</li>
65746 <li><p>Compiling the sources</p>
65747
65748 <ul><li>Preparing the guest system</li></ul></li>
65749 <li>Provisioning your guest</li>
65750 <li>Pkgin and NFS shares</li>
65751 <li>Tailoring the kernel for debugging</li>
65752 <li>Installing the new kernel</li>
65753 <li>Configuring DTrace</li>
65754 <li>Debugging the guest’s kernel</li>
65755 </ul>
65756
65757 <hr />
65758 <h2>News Roundup</h2>
65759
65760 <h3><a href="https://svnweb.freebsd.org/base?view=revision&amp;revision=331214">Add support for the experimental Internet-Draft "TCP Alternative Backoff”</a></h3>
65761
65762 <p>```
65763 Add support for the experimental Internet-Draft "TCP Alternative Backoff with
65764 ECN (ABE)" proposal to the New Reno congestion control algorithm module.
65765 ABE reduces the amount of congestion window reduction in response to
65766 ECN-signalled congestion relative to the loss-inferred congestion response.</p>
65767
65768 <p>More details about ABE can be found in the Internet-Draft:
65769 https://tools.ietf.org/html/draft-ietf-tcpm-alternativebackoff-ecn</p>
65770
65771 <p>The implementation introduces four new sysctls:</p>
65772
65773 <ul>
65774 <li><p>net.inet.tcp.cc.abe defaults to 0 (disabled) and can be set to non-zero to
65775 enable ABE for ECN-enabled TCP connections.</p></li>
65776 <li><p>net.inet.tcp.cc.newreno.beta and net.inet.tcp.cc.newreno.beta<em>ecn set the
65777 multiplicative window decrease factor, specified as a percentage, applied to
65778 the congestion window in response to a loss-based or ECN-based congestion
65779 signal respectively. They default to the values specified in the draft i.e.
65780 beta=50 and beta</em>ecn=80.</p></li>
65781 <li><p>net.inet.tcp.cc.abe_frlossreduce defaults to 0 (disabled) and can be set to
65782 non-zero to enable the use of standard beta (50% by default) when repairing
65783 loss during an ECN-signalled congestion recovery episode. It enables a more
65784 conservative congestion response and is provided for the purposes of
65785 experimentation as a result of some discussion at IETF 100 in Singapore.</p></li>
65786 </ul>
65787
65788 <p>The values of beta and beta<em>ecn can also be set per-connection by way of the
65789 TCP</em>CCALGOOPT TCP-level socket option and the new CC<em>NEWRENO</em>BETA or
65790 CC<em>NEWRENO</em>BETA_ECN CC algo sub-options.</p>
65791
65792 <p>Submitted by: Tom Jones <a href="&#x6D;&#x61;i&#x6C;&#x74;&#111;:&#x74;&#x6A;&#64;&#x65;&#x6E;&#x6F;&#x74;&#105;.&#x6D;&#101;">&#x74;&#x6A;&#64;&#x65;&#x6E;&#x6F;&#x74;&#105;.&#x6D;&#101;</a>
65793 Tested by: Tom Jones <a href="&#x6D;&#97;&#105;&#x6C;&#x74;&#x6F;:&#116;&#x6A;&#64;&#101;&#x6E;&#111;&#116;&#105;&#x2E;&#x6D;&#101;">&#116;&#x6A;&#64;&#101;&#x6E;&#111;&#116;&#105;&#x2E;&#x6D;&#101;</a>, Grenville Armitage <a href="&#109;&#x61;&#105;&#x6C;&#x74;&#x6F;:&#103;&#97;&#x72;&#109;&#x69;ta&#x67;&#x65;&#64;&#x73;&#119;&#105;&#x6E;.&#x65;d&#117;.&#97;&#117;">&#103;&#97;&#x72;&#109;&#x69;ta&#x67;&#x65;&#64;&#x73;&#119;&#105;&#x6E;.&#x65;d&#117;.&#97;&#117;</a>
65794 Relnotes: Yes
65795 Differential Revision: https://reviews.freebsd.org/D11616
65796 ```</p>
65797
65798 <hr />
65799 <h3><a href="https://undeadly.org/cgi?action=article;sid=20180228225937">Meltdown-mitigation syspatch/errata now available</a></h3>
65800
65801 <blockquote>
65802 <p>The recent changes in -current mitigating the Meltdown vulnerability have been backported to the 6.1 and 6.2 (amd64) releases, and the syspatch update (for 6.2) is now available.</p>
65803 </blockquote>
65804
65805 <ul>
65806 <li><a href="https://marc.info/?l=openbsd-cvs&amp;m=151964860620856&amp;w=2">6.1</a></li>
65807 </ul>
65808
65809 <p>```
65810 Changes by: bluhm@cvs.openbsd.org 2018/02/26 05:36:18
65811 Log message:
65812 Implement a workaround against the Meltdown flaw in Intel CPUs.
65813 The following changes have been backported from OpenBSD -current.</p>
65814
65815 <p>Changes by: guenther@cvs.openbsd.org 2018/01/06 15:03:13
65816 Log message:
65817 Handle %gs like %[def]s and reset set it in cpu_switchto() instead of on
65818 every return to userspace.</p>
65819
65820 <p>Changes by: mlarkin@cvs.openbsd.org 2018/01/06 18:08:20
65821 Log message:
65822 Add identcpu.c and specialreg.h definitions for the new Intel/AMD MSRs
65823 that should help mitigate spectre. This is just the detection piece, these
65824 features are not yet used.
65825 Part of a larger ongoing effort to mitigate meltdown/spectre. i386 will
65826 come later; it needs some machdep.c cleanup first.</p>
65827
65828 <p>Changes by: mlarkin@cvs.openbsd.org 2018/01/07 12:56:19
65829 Log message:
65830 remove all PG_G global page mappings from the kernel when running on
65831 Intel CPUs. Part of an ongoing set of commits to mitigate the Intel
65832 "meltdown" CVE. This diff does not confer any immunity to that
65833 vulnerability - subsequent commits are still needed and are being
65834 worked on presently.
65835 ok guenther, deraadt</p>
65836
65837 <p>Changes by: mlarkin@cvs.openbsd.org 2018/01/12 01:21:30
65838 Log message:
65839 IBRS -> IBRS,IBPB in identifycpu lines</p>
65840
65841 <p>Changes by: guenther@cvs.openbsd.org 2018/02/21 12:24:15
65842 Log message:
65843 Meltdown: implement user/kernel page table separation.
65844 On Intel CPUs which speculate past user/supervisor page permission checks,
65845 use a separate page table for userspace with only the minimum of kernel code
65846 and data required for the transitions to/from the kernel (still marked as
65847 supervisor-only, of course):
65848 - the IDT (RO)
65849 - three pages of kernel text in the .kutext section for interrupt, trap,
65850 and syscall trampoline code (RX)
65851 - one page of kernel data in the .kudata section for TLB flush IPIs (RW)
65852 - the lapic page (RW, uncachable)
65853 - per CPU: one page for the TSS+GDT (RO) and one page for trampoline
65854 stacks (RW)
65855 When a syscall, trap, or interrupt takes a CPU from userspace to kernel the
65856 trampoline code switches page tables, switches stacks to the thread's real
65857 kernel stack, then copies over the necessary bits from the trampoline stack.
65858 On return to userspace the opposite occurs: recreate the iretq frame on the
65859 trampoline stack, switch stack, switch page tables, and return to userspace.
65860 mlarkin@ implemented the pmap bits and did 90% of the debugging, diagnosing
65861 issues on MP in particular, and drove the final push to completion.
65862 Many rounds of testing by naddy@, sthen@, and others
65863 Thanks to Alex Wilson from Joyent for early discussions about trampolines
65864 and their data requirements.
65865 Per-CPU page layout mostly inspired by DragonFlyBSD.
65866 ok mlarkin@ deraadt@</p>
65867
65868 <p>Changes by: bluhm@cvs.openbsd.org 2018/02/22 13:18:59
65869 Log message:
65870 The GNU assembler does not understand 1ULL, so replace the constant
65871 with 1. Then it compiles with gcc, sign and size do not matter
65872 here.</p>
65873
65874 <p>Changes by: bluhm@cvs.openbsd.org 2018/02/22 13:27:14
65875 Log message:
65876 The compile time assertion for cpu info did not work with gcc.
65877 Rephrase the condition in a way that both gcc and clang accept it.</p>
65878
65879 <p>Changes by: guenther@cvs.openbsd.org 2018/02/22 13:36:40
65880 Log message:
65881 Set the PG_G (global) bit on the special page table entries that are shared
65882 between the u-k and u+k tables, because they're actually in <em>all</em> tables.</p>
65883
65884 <p>OpenBSD 6.1 errata 037
65885 ```</p>
65886
65887 <ul>
65888 <li>6.2</li>
65889 </ul>
65890
65891 <p>```
65892 Changes by: bluhm@cvs.openbsd.org 2018/02/26 05:29:48
65893 Log message:
65894 Implement a workaround against the Meltdown flaw in Intel CPUs.
65895 The following changes have been backported from OpenBSD -current.</p>
65896
65897 <p>Changes by: guenther@cvs.openbsd.org 2018/01/06 15:03:13
65898 Log message:
65899 Handle %gs like %[def]s and reset set it in cpu_switchto() instead of on
65900 every return to userspace.</p>
65901
65902 <p>Changes by: mlarkin@cvs.openbsd.org 2018/01/06 18:08:20
65903 Log message:
65904 Add identcpu.c and specialreg.h definitions for the new Intel/AMD MSRs
65905 that should help mitigate spectre. This is just the detection piece, these
65906 features are not yet used.
65907 Part of a larger ongoing effort to mitigate meltdown/spectre. i386 will
65908 come later; it needs some machdep.c cleanup first.</p>
65909
65910 <p>Changes by: mlarkin@cvs.openbsd.org 2018/01/07 12:56:19
65911 Log message:
65912 remove all PG_G global page mappings from the kernel when running on
65913 Intel CPUs. Part of an ongoing set of commits to mitigate the Intel
65914 "meltdown" CVE. This diff does not confer any immunity to that
65915 vulnerability - subsequent commits are still needed and are being
65916 worked on presently.</p>
65917
65918 <p>Changes by: mlarkin@cvs.openbsd.org 2018/01/12 01:21:30
65919 Log message:
65920 IBRS -> IBRS,IBPB in identifycpu lines</p>
65921
65922 <p>Changes by: guenther@cvs.openbsd.org 2018/02/21 12:24:15
65923 Log message:
65924 Meltdown: implement user/kernel page table separation.
65925 On Intel CPUs which speculate past user/supervisor page permission checks,
65926 use a separate page table for userspace with only the minimum of kernel code
65927 and data required for the transitions to/from the kernel (still marked as
65928 supervisor-only, of course):
65929 - the IDT (RO)
65930 - three pages of kernel text in the .kutext section for interrupt, trap,
65931 and syscall trampoline code (RX)
65932 - one page of kernel data in the .kudata section for TLB flush IPIs (RW)
65933 - the lapic page (RW, uncachable)
65934 - per CPU: one page for the TSS+GDT (RO) and one page for trampoline
65935 stacks (RW)
65936 When a syscall, trap, or interrupt takes a CPU from userspace to kernel the
65937 trampoline code switches page tables, switches stacks to the thread's real
65938 kernel stack, then copies over the necessary bits from the trampoline stack.
65939 On return to userspace the opposite occurs: recreate the iretq frame on the
65940 trampoline stack, switch stack, switch page tables, and return to userspace.
65941 mlarkin@ implemented the pmap bits and did 90% of the debugging, diagnosing
65942 issues on MP in particular, and drove the final push to completion.
65943 Many rounds of testing by naddy@, sthen@, and others
65944 Thanks to Alex Wilson from Joyent for early discussions about trampolines
65945 and their data requirements.
65946 Per-CPU page layout mostly inspired by DragonFlyBSD.</p>
65947
65948 <p>Changes by: bluhm@cvs.openbsd.org 2018/02/22 13:18:59
65949 Log message:
65950 The GNU assembler does not understand 1ULL, so replace the constant
65951 with 1. Then it compiles with gcc, sign and size do not matter
65952 here.</p>
65953
65954 <p>Changes by: bluhm@cvs.openbsd.org 2018/02/22 13:27:14
65955 Log message:
65956 The compile time assertion for cpu info did not work with gcc.
65957 Rephrase the condition in a way that both gcc and clang accept it.</p>
65958
65959 <p>Changes by: guenther@cvs.openbsd.org 2018/02/22 13:36:40
65960 Log message:
65961 Set the PG_G (global) bit on the special page table entries that are shared
65962 between the u-k and u+k tables, because they're actually in <em>all</em> tables.</p>
65963
65964 <p>OpenBSD 6.2 errata 009
65965 ```</p>
65966
65967 <ul>
65968 <li><a href="https://man.openbsd.org/syspatch">syspatch</a></li>
65969 </ul>
65970
65971 <hr />
65972 <p><strong>iXsystems</strong></p>
65973
65974 <h3><a href="https://undeadly.org/cgi?action=article;sid=20180302002131">a2k18 Hackathon Report: Ken Westerback on dhclient and more</a></h3>
65975
65976 <blockquote>
65977 <p>Ken Westerback (krw@) has sent in the first report from the (recently concluded) a2k18 hackathon:</p>
65978 </blockquote>
65979
65980 <ul>
65981 <li><p><a href="http://www.gcmap.com/mapui?P=YYZ-YVR-MEL-ZQN-CHC-DUD,DUD-WLG-AKL-SYD-BNE-YVR-YYZ">YYZ -> YVR -> MEL -> ZQN -> CHC -> DUD -> WLG -> AKL -> SYD -> BNE -> YVR -> YYZ</a></p></li>
65982 <li><p>For those of you who don’t speak Airport code:</p></li>
65983 <li>Toronto -> Vancouver -> Melbourne -> Queenstown -> Christchurch -> Dunedin</li>
65984 <li>Then: Dunedin -> Wellington -> Auckland -> Sydney -> Brisbane -> Vancouver -> Toronto</li>
65985 </ul>
65986
65987 <p>```</p>
65988
65989 <p>Whew.</p>
65990
65991 <p>Once in Dunedin the hacking commenced. The background was a regular tick of new meltdown diffs to test in addition to whatever work one was actually engaged in. I was lucky (?) in that none of the problems with the various versions cropped up on my laptop.
65992 ```</p>
65993
65994 <p>```
65995 I worked with rpe@ and tb@ to make the install script create the 'correct' FQDN when dhclient was involved. I worked with tb@ on some code cleanup in various bits of the base. dhclient(8) got some nice cleanup, further pruning/improving log messages in particular. In addition the oddball -q option was flipped into the more normal -v. I.e. be quiet by default and verbose on request.</p>
65996
65997 <p>More substantially the use of recorded leases was made less intrusive by avoiding continual reconfiguration of the interface with the same information. The 'request', 'require' and 'ignore' dhclient.conf(5) statement were changed so they are cumulative, making it easier to build longer lists of affected options.</p>
65998
65999 <p>I tweaked softraid(4) to remove a handrolled version of duid_format().</p>
66000
66001 <p>I sprinkled a couple of M_WAITOK into amd64 and i386 mpbios to document that there is really no need to check for NULL being returned from some malloc() calls.</p>
66002
66003 <p>I continued to help test the new filesystem quiescing logic that deraadt@ committed during the hackathon.</p>
66004
66005 <p>I only locked myself out of my room once!</p>
66006
66007 <p>Fueled by the excellent coffee from local institutions The Good Earth Cafe and The Good Oil Cafe, and the excellent hacking facilities and accommodations at the University of Otago it was another enjoyable and productive hackathon south of the equator. And I even saw penguins.</p>
66008
66009 <p>Thanks to Jim Cheetham and the support from the project and the OpenBSD Foundation that made it all possible
66010 ```</p>
66011
66012 <hr />
66013 <h3><a href="https://blog.gerv.net/2018/03/poetic-license/">Poetic License</a></h3>
66014
66015 <blockquote>
66016 <p>I found this when going through old documents. It looks like I wrote it and never posted it. Perhaps I didn’t consider it finished at the time. But looking at it now, I think it’s good enough to share. It’s a redrafting of the BSD licence, in poetic form. Maybe I had plans to do other licences one day; I can’t remember.</p>
66017
66018 <p>I’ve interleaved it with the original license text so you can see how true, or otherwise, I’ve been to it. Enjoy :-)</p>
66019 </blockquote>
66020
66021 <p>```
66022 Copyright (c) <YEAR>, <OWNER>
66023 All rights reserved.</p>
66024
66025 <p>Redistribution and use in source and binary forms, with or without
66026 modification, are permitted provided that the following conditions
66027 are met:
66028 ```</p>
66029
66030 <blockquote>
66031 <p>You may redistribute and use –
66032 as source or binary, as you choose,
66033 and with some changes or without –
66034 this software; let there be no doubt.
66035 But you must meet conditions three,
66036 if in compliance you wish to be.</p>
66037 </blockquote>
66038
66039 <p><code>
66040 1. Redistributions of source code must retain the above copyright
66041 notice, this list of conditions and the following disclaimer.
66042 2. Redistributions in binary form must reproduce the above copyright
66043 notice, this list of conditions and the following disclaimer in the
66044 documentation and/or other materials provided with the distribution.
66045 3. Neither the name of the nor the names of its
66046 contributors may be used to endorse or promote products derived
66047 from this software without specific prior written permission.
66048 </code></p>
66049
66050 <blockquote>
66051 <p>The first is obvious, of course –
66052 To keep this text within the source.
66053 The second is for binaries
66054 Place in the docs a copy, please.
66055 A moral lesson from this ode –
66056 Don’t strip the copyright on code.</p>
66057
66058 <p>The third applies when you promote:
66059 You must not take, from us who wrote,
66060 our names and make it seem as true
66061 we like or love your version too.
66062 (Unless, of course, you contact us
66063 And get our written assensus.)</p>
66064 </blockquote>
66065
66066 <p><code>
66067 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
66068 "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
66069 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
66070 FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
66071 COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
66072 INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
66073 BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
66074 LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
66075 CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
66076 LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
66077 ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
66078 POSSIBILITY OF SUCH DAMAGE.
66079 </code></p>
66080
66081 <blockquote>
66082 <p>One final point to be laid out
66083 (You must forgive my need to shout):
66084 THERE IS NO WARRANTY FOR THIS
66085 WHATEVER THING MAY GO AMISS.
66086 EXPRESS, IMPLIED, IT’S ALL THE SAME –
66087 RESPONSIBILITY DISCLAIMED.</p>
66088
66089 <p>WE ARE NOT LIABLE FOR LOSS
66090 NO MATTER HOW INCURRED THE COST
66091 THE TYPE OR STYLE OF DAMAGE DONE
66092 WHATE’ER THE LEGAL THEORY SPUN.
66093 THIS STILL REMAINS AS TRUE IF YOU
66094 INFORM US WHAT YOU PLAN TO DO.</p>
66095
66096 <p>When all is told, we sum up thus –
66097 Do what you like, just don’t sue us.</p>
66098 </blockquote>
66099
66100 <hr />
66101 <hr />
66102 <h2>Beastie Bits</h2>
66103
66104 <ul>
66105 <li><a href="https://www.youtube.com/playlist?list=PLnTFqpZk5ebDZwT-bmYcIwv76yhmTfl0l">AsiaBSDCon 2018 Videos</a></li>
66106 <li><a href="https://www.freebsdfoundation.org/past-issues/storage/">The January/February 2018 FreeBSD Journal is Here</a></li>
66107 <li><a href="https://mail-index.netbsd.org/pkgsrc-users/2018/01/04/msg026073.html">Announcing the pkgsrc-2017Q4 release (2018-01-04)</a></li>
66108 <li><a href="https://www.bsdhh.org/bsdhh-de-index.html">BSD Hamburg Event</a></li>
66109 <li><a href="http://zfs.datto.com/">ZFS User conference</a></li>
66110 <li><a href="https://www.phoronix.com/scan.php?page=news_item&amp;px=Unreal-Engine-4-FreeBSD">Unreal Engine 4 Being Brought Natively To FreeBSD By Independent Developer</a></li>
66111 </ul>
66112
66113 <hr />
66114 <p>Tarsnap ad</p>
66115
66116 <hr />
66117 <h2>Feedback/Questions</h2>
66118
66119 <ul>
66120 <li>Philippe - <a href="http://dpaste.com/2643BF5#wrap">I heart FreeBSD and other questions</a></li>
66121 <li>Cyrus - <a href="http://dpaste.com/3NTH14J#wrap">BSD Now is excellent</a></li>
66122 <li>Architect - <a href="http://dpaste.com/317BP8X#wrap">Combined Feedback</a></li>
66123 <li>Dale - <a href="http://dpaste.com/284G4TQ#wrap">ZFS on Linux moving to ZFS on FreeBSD</a></li>
66124 <li>Tommi - <a href="http://dpaste.com/1KGMRGM#wrap">New BUG in Finland</a></li>
66125 </ul>
66126
66127 <hr />
66128 <ul>
66129 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
66130 </ul>
66131
66132 <hr />
66133 </description>
66134 <itunes:keywords>BSD,DragonflyBSD,freebsd,guide,howto,Interview,NetBSD,OpenBSD,trueos,tutorial</itunes:keywords>
66135 <content:encoded>
66136 <![CDATA[<p>OpenBSD firewalling Windows 10, NetBSD’s return to ptrace, TCP Alternative Backoff, the BSD Poetic license, and AsiaBSDcon 2018 videos available.</p>
66137
66138 <h3>RSS Feeds:</h3>
66139
66140 <p><a href="http://feeds.feedburner.com/BsdNowMp3">MP3 Feed</a> <strong>|</strong> <a href="https://itunes.apple.com/us/podcast/bsd-now-mp3/id701045710?mt=2">iTunes Feed</a> <strong>|</strong> <a href="http://feeds.feedburner.com/BsdNowHd">HD Vid Feed</a> <strong>|</strong> <a href="http://bitlove.org/jupiterbroadcasting/bsdnowhd/feed">HD Torrent Feed</a></p>
66141
66142 <h3><a href="http://www.patreon.com/jupitersignal">Become a supporter on Patreon</a>:</h3>
66143
66144 <p><a href="http://www.patreon.com/jupitersignal" rel="Support us on Patreon"><img src="http://i.imgur.com/2ioAf3Q.png" alt="Patreon" /></a></p>
66145
66146 <h3>- Show Notes: -</h3>
66147
66148 <h2>Headlines</h2>
66149
66150 <h3><a href="https://www.ibm.com/developerworks/community/blogs/karsten/entry/Preventing_Windows_10_and_untrusted_software_from_having_full_access_to_the_internet?lang=en">Preventing Windows 10 and untrusted software from having full access to the internet using OpenBSD</a></h3>
66151
66152 <blockquote>
66153 <p>Whilst setting up one of my development laptops to port some software to Windows I noticed Windows 10 doing crazy things like installing or updating apps and games by default after initial setup. The one I noticed in particular was Candy Crush Soda Saga which for those who don't know of it is some cheesy little puzzle game originally for consumer devices. I honestly did not want software like this near to a development machine. It has also been reported that Windows 10 now also updates core system software without notifying the user. Surely this destroys any vaguely deterministic behaviour, in my opinion making Windows 10 by default almost useless for development testbeds.</p>
66154
66155 <p>Deciding instead to start from scratch but this time to set the inbuilt Windows Firewall to be very restrictive and only allow a few select programs to communicate. In this case all I really needed to be online was Firefox, Subversion and Putty. To my amusement (and astonishment) I found out that the Windows firewall could be modified to give access very easily by programs during installation (usually because this task needs to be done with admin privileges). It also seems that Windows store Apps can change the windows firewall settings at any point. One way to get around this issue could be to install a 3rd party firewall that most software will not have knowledge about and thus not attempt to break through. However the only decent firewall I have used was Sygate Pro which unfortunately is no longer supported by recent operating systems. The last supported versions was 2003, XP and 2000. In short, I avoid 3rd party firewalls.</p>
66156
66157 <p>Instead I decided to trap Windows 10 (and all of it's rogue updaters) behind a virtual machine running OpenBSD. This effectively provided me with a full blown firewall appliance. From here I could then allow specific software I trusted through the firewall (via a proxy) in a safe, controlled and deterministic manner. For other interested developers (and security conscious users) and for my own reference, I have listed the steps taken here:</p>
66158 </blockquote>
66159
66160 <ul>
66161 <li><p>1) First and foremost disable the Windows DHCP service - this is so no IP can be obtained on any interface. This effectively stops any communication with any network on the host system. This can be done by running services.msc with admin privileges and stopping and disabling the service called DHCP Client.</p></li>
66162 <li><p>2) Install or enable your favorite virtualization software - I have tested this with both VirtualBox and Hyper-V. Note that on non-server versions of Windows, in order to get Hyper-V working, your processor also needs to support SLAT which is daft so to avoid faffing about, I recommend using VirtualBox to get round this seemingly arbitrary restriction.</p></li>
66163 <li><p>3) Install OpenBSD on the VM - Note, if you decide to use Hyper-V, its hardware support isn't 100% perfect to run OpenBSD and you will need to disable a couple of things in the kernel. At the initial boot prompt, run the following commands.</p></li>
66164 </ul>
66165
66166 <p><code>
66167 config -e -o /bsd /bsd
66168 disable acpi
66169 disable mpbios
66170 </code></p>
66171
66172 <ul>
66173 <li><p>4) Add a host only virtual adapter to the VM - This is the one which we are going to connect through the VM with. Look at the IP that VirtualBox assigns this in network manager on the host machine. Mine was [b]192.168.56.1[/b]. Set up the adapter in the OpenBSD VM to have a static address on the same subnet. For example [b]192.168.56.2[/b]. If you are using Hyper-V and OpenBSD, make sure you add a "Legacy Interface" because no guest additions are available. Then set up a virtual switch which is host only.</p></li>
66174 <li><p>5) Add a bridged adapter to the VM - then assign it to whichever interface you wanted to connect to the external network with. Note that if using Wireless, set the bridged adapters MAC address to the same as your physical device or the access point will reject it. This is not needed (or possible) on Hyper-V because the actual device is "shared" rather than bridged so the same MAC address is used. Again, if you use Hyper-V, then add another virtual switch and attach it to your chosen external interface. VMs in Hyper-V "share" an adapter within a virtual switch and there is the option to also disable the hosts ability to use this interface at the same time which is fine for an additional level of security if those pesky rogue apps and updaters can also enable / disable DHCP service one day which wouldn't be too surprising.</p></li>
66175 <li><p>6) Connect to your network in the host OS - In case of Wireless, select the correct network from the list and type in a password if needed. Windows will probably say "no internet available", it also does not assign an IP address which is fine.</p></li>
66176 <li><p>7) Install the Squid proxy package on the OpenBSD guest and enable the daemon</p></li>
66177 </ul>
66178
66179 <p>```</p>
66180
66181 <h4>pkg_add squid</h4>
66182
66183 <h4>echo 'squid_flags=""' >> /etc/rc.conf.local</h4>
66184
66185 <h4>/etc/rc.d/squid start</h4>
66186
66187 <p>```</p>
66188
66189 <blockquote>
66190 <p>We will use this service for a limited selection of "safe and trusted" programs to connect to the outside world from within the Windows 10 host. You can also use putty on the host to connect to the VM via SSH and create a SOCKS proxy which software like Firefox can also use to connect externally.</p>
66191 </blockquote>
66192
66193 <ul>
66194 <li><p>8) Configure the software you want to be able to access the external network with</p>
66195
66196 <ul><li>Firefox - go to the connection settings and specify the VMs IP address for the proxy.</li>
66197 <li>Subversion - modify the %HOME%\AppData\Roaming\Subversion\servers file and change the HTTP proxy field to the VMs IP. This is important to communicate with GitHub via https:// (Yes, GitHub also supports Subversion). For svn:// addresses you can use Putty to port forward.</li>
66198 <li>Chromium/Chrome - unfortunately uses the global Windows proxy settings which defeats much of the purpose of this exercise if we were going to allow <em>all</em> of Windows access to the internet via the proxy. It would become mayhem again. However we can still use Putty to create a SOCKS proxy and then launch the browser with the following flags:</li></ul></li>
66199 </ul>
66200
66201 <p><code>
66202 --proxy-server="socks5://<VM IP>:<SOCKS PORT>"
66203 --host-resolver-rules="MAP * 0.0.0.0 , EXCLUDE <VM IP>"
66204 </code></p>
66205
66206 <ul>
66207 <li>9) Congratulations, you are now done - Admittedly this process can be a bit fiddly to set up but it completely prevents Windows 10 from making a complete mess. This solution is probably also useful for those who like privacy or don't like the idea of their software "phoning home". Hope you find this useful and if you have any issues, please feel free to leave questions in the comments.</li>
66208 </ul>
66209
66210 <p><hr /></p>
66211
66212 <h3><a href="https://blog.netbsd.org/tnf/entry/lldb_restoration_and_return_to">LLDB restoration and return to ptrace(2)</a></h3>
66213
66214 <blockquote>
66215 <p>I've managed to unbreak the LLDB debugger as much as possible with the current kernel and hit problems with ptrace(2) that are causing issues with further work on proper NetBSD support. Meanwhile, I've upstreamed all the planned NetBSD patches to sanitizers and helped other BSDs to gain better or initial support.</p>
66216 </blockquote>
66217
66218 <ul>
66219 <li>LLDB</li>
66220 </ul>
66221
66222 <blockquote>
66223 <p>Since the last time I worked on LLDB, we have introduced many changes to the kernel interfaces (most notably related to signals) that apparently fixed some bugs in Go and introduced regressions in ptrace(2). Part of the regressions were noted by the existing ATF tests. However, the breakage was only marked as a new problem to resolve. For completeness, the ptrace(2) code was also cleaned up by Christos Zoulas, and we fixed some bugs with compat32.</p>
66224
66225 <p>I've fixed a crash in *NetBSD::Factory::Launch(), triggered on startup of the lldb-server application.</p>
66226
66227 <p>Here is the commit message:</p>
66228 </blockquote>
66229
66230 <p>```
66231 We cannot call process_up->SetState() inside
66232 the NativeProcessNetBSD::Factory::Launch
66233 function because it triggers a NULL pointer
66234 deference.</p>
66235
66236 <p>The generic code for launching a process in:
66237 GDBRemoteCommunicationServerLLGS::LaunchProcess
66238 sets the m<em>debugged</em>process<em>up pointer after
66239 a successful call to m</em>process<em>factory.Launch().
66240 If we attempt to call process</em>up->SetState()
66241 inside a platform specific Launch function we
66242 end up dereferencing a NULL pointer in
66243 NativeProcessProtocol::GetCurrentThreadID().</p>
66244
66245 <p>Use the proper call process<em>up->SetState(,false)
66246 that sets notify</em>delegates to false.
66247 ```</p>
66248
66249 <ul>
66250 <li>Sanitizers</li>
66251 </ul>
66252
66253 <blockquote>
66254 <p>I suspended development of new features in sanitizers last month, but I was still in the process of upstreaming of local patches. This process was time-consuming as it required rebasing patches, adding dedicated tests, and addressing all other requests and comments from the upstream developers.</p>
66255
66256 <p>I'm not counting hot fixes, as some changes were triggering build or test issues on !NetBSD hosts. Thankfully all these issues were addressed quickly. The final result is a reduction of local delta size of almost 1MB to less than 100KB (1205 lines of diff). The remaining patches are rescheduled for later, mostly because they depend on extra work with cross-OS tests and prior integration of sanitizers with the basesystem distribution. I didn't want to put extra work here in the current state of affairs and, I've registered as a mentor for Google Summer of Code for the NetBSD Foundation and prepared Software Quality improvement tasks in order to outsource part of the labour.</p>
66257 </blockquote>
66258
66259 <ul>
66260 <li>Userland changes</li>
66261 </ul>
66262
66263 <blockquote>
66264 <p>I've also improved documentation for some of the features of NetBSD, described in man-pages. These pieces of information were sometimes wrong or incomplete, and this makes covering the NetBSD system with features such as sanitizers harder as there is a mismatch between the actual code and the documented code.</p>
66265
66266 <p>Some pieces of software also require better namespacing support, these days mostly for the POSIX standard. I've fixed few low-hanging fruits there and requested pullups to NetBSD-8(BETA).</p>
66267
66268 <p>I thank the developers for improving the landed code in order to ship the best solutions for users.</p>
66269 </blockquote>
66270
66271 <ul>
66272 <li>BSD collaboration in LLVM</li>
66273 </ul>
66274
66275 <blockquote>
66276 <p>A One-man-show in human activity is usually less fun and productive than collaboration in a team. This is also true in software development. Last month I was helping as a reviewer to port LLVM features to FreeBSD and when possible to OpenBSD. This included MSan/FreeBSD, libFuzzer/FreeBSD, XRay/FreeBSD and UBSan/OpenBSD.</p>
66277
66278 <p>I've landed most of the submitted and reviewed code to the mainstream LLVM tree.</p>
66279
66280 <p>Part of the code also verified the correctness of NetBSD routes in the existing porting efforts and showed new options for improvement. This is the reason why I've landed preliminary XRay/NetBSD code and added missing NetBSD bits to ToolChain::getOSLibName(). The latter produced setup issues with the prebuilt LLVM toolchain, as the directory name with compiler-rt goodies were located in a path like ./lib/clang/7.0.0/lib/netbsd8.99.12 with a varying OS version. This could stop working after upgrades, so I've simplified it to "netbsd", similar to FreeBSD and Solaris.</p>
66281 </blockquote>
66282
66283 <ul>
66284 <li>Prebuilt toolchain for testers</li>
66285 </ul>
66286
66287 <blockquote>
66288 <p>I've prepared a build of Clang/LLVM with LLDB and compiler-rt features prebuilt on NetBSD/amd64 v. 8.99.12:</p>
66289 </blockquote>
66290
66291 <p><code>llvm-clang-compilerrt-lldb-7.0.0beta_2018-02-28.tar.bz2</code></p>
66292
66293 <ul>
66294 <li>Plan for the next milestone</li>
66295 </ul>
66296
66297 <blockquote>
66298 <p>With the approaching NetBSD 8.0 release I plan to finish backporting a few changes there from HEAD:</p>
66299 </blockquote>
66300
66301 <ul>
66302 <li>Remove one unused feature from ptrace(2), PT<em>SET</em>SIGMASK & PT<em>GET</em>SIGMASK. I've originally introduced these operations with criu/rr-like software in mind, but they are misusing or even abusing ptrace(2) and are not regular process debuggers. I plan to remove this operation from HEAD and backport this to NetBSD-8(BETA), before the release, so no compat will be required for this call. Future ports of criu/rr should involve dedicated kernel support for such requirements.
66303 Finish the backport of <em>UC</em>MACHINE_FP() to NetBSD-8. This will allow use of the same code in sanitizers in HEAD and NetBSD-8.0.</li>
66304 <li>By popular demand, improve the regnsub(3) and regasub(3) API, adding support for more or less substitutions than 10.</li>
66305 </ul>
66306
66307 <blockquote>
66308 <p>Once done, I will return to ptrace(2) debugging and corrections.</p>
66309 </blockquote>
66310
66311 <p><hr /></p>
66312
66313 <p><strong>DigitalOcean</strong></p>
66314
66315 <h3><a href="https://t.pagef.lt/working-with-the-netbsd-kernel/">Working with the NetBSD kernel</a></h3>
66316
66317 <ul>
66318 <li>Overview</li>
66319 </ul>
66320
66321 <blockquote>
66322 <p>When working on complex systems, such as OS kernels, your attention span and cognitive energy are too valuable to be wasted on inefficiencies pertaining to ancillary tasks. After experimenting with different environmental setups for kernel debugging, some of which were awkward and distracting from my main objectives, I have arrived to my current workflow, which is described here. This approach is mainly oriented towards security research and the study of kernel internals.</p>
66323
66324 <p>Before delving into the details, this is the general outline of my environment:</p>
66325
66326 <p>My host system runs Linux. My target system is a QEMU guest.</p>
66327
66328 <p>I’m tracing and debugging on my host system by attaching GDB (with NetBSD x86-64 ABI support) to QEMU’s built-in GDB server.
66329 I work with NetBSD-current. All sources are built on my host system with the cross-compilation toolchain produced by build.sh.
66330 I use NFS to share the source tree and the build artifacts between the target and the host.
66331 I find IDEs awkward, so for codebase navigation I mainly rely on vim, tmux and ctags.
66332 For non-intrusive instrumentation, such as figuring out control flow, I’m using dtrace.</p>
66333 </blockquote>
66334
66335 <ul>
66336 <li><p>Preparing the host system</p>
66337
66338 <ul><li>QEMU</li>
66339 <li>GDB</li>
66340 <li>NFS Exports</li></ul></li>
66341 <li><p>Building NetBSD-current</p></li>
66342 <li><p>A word of warning</p>
66343
66344 <ul><li>Now is a great time to familiarize yourself with the build.sh tool and its options. Be especially carefull with the following options:</li></ul></li>
66345 </ul>
66346
66347 <p><code>
66348 -r Remove contents of TOOLDIR and DESTDIR before building.
66349 -u Set MKUPDATE=yes; do not run "make clean" first.
66350 Without this, everything is rebuilt, including the tools.
66351 </code></p>
66352
66353 <blockquote>
66354 <p>Chance are, you do not want to use these options once you’ve successfully built the cross-compilation toolchain and your entire userland, because building those takes time and there aren’t many good reasons to recompile them from scratch. Here’s what to expect:</p>
66355
66356 <p>On my desktop, running a quad-core Intel i5-3470 at 3.20GHz with 24GB of RAM and underlying directory structure residing on a SSD drive, the entire process took about 55 minutes. I was running make with -j12, so the machine was quite busy.
66357 On an old Dell D630 laptop, running Intel Core 2 Duo T7500 at 2.20GHz with 4GB of RAM and a slow hard drive (5400RPM), the process took approximatelly 2.5 hours. I was running make with -j4. Based on the temperature alerts and CPU clock throttling messages, it was quite a struggle.</p>
66358 </blockquote>
66359
66360 <ul>
66361 <li>Acquiring the sources</li>
66362 <li><p>Compiling the sources</p>
66363
66364 <ul><li>Preparing the guest system</li></ul></li>
66365 <li>Provisioning your guest</li>
66366 <li>Pkgin and NFS shares</li>
66367 <li>Tailoring the kernel for debugging</li>
66368 <li>Installing the new kernel</li>
66369 <li>Configuring DTrace</li>
66370 <li>Debugging the guest’s kernel</li>
66371 </ul>
66372
66373 <p><hr /></p>
66374
66375 <h2>News Roundup</h2>
66376
66377 <h3><a href="https://svnweb.freebsd.org/base?view=revision&revision=331214">Add support for the experimental Internet-Draft "TCP Alternative Backoff”</a></h3>
66378
66379 <p>```
66380 Add support for the experimental Internet-Draft "TCP Alternative Backoff with
66381 ECN (ABE)" proposal to the New Reno congestion control algorithm module.
66382 ABE reduces the amount of congestion window reduction in response to
66383 ECN-signalled congestion relative to the loss-inferred congestion response.</p>
66384
66385 <p>More details about ABE can be found in the Internet-Draft:
66386 https://tools.ietf.org/html/draft-ietf-tcpm-alternativebackoff-ecn</p>
66387
66388 <p>The implementation introduces four new sysctls:</p>
66389
66390 <ul>
66391 <li><p>net.inet.tcp.cc.abe defaults to 0 (disabled) and can be set to non-zero to
66392 enable ABE for ECN-enabled TCP connections.</p></li>
66393 <li><p>net.inet.tcp.cc.newreno.beta and net.inet.tcp.cc.newreno.beta<em>ecn set the
66394 multiplicative window decrease factor, specified as a percentage, applied to
66395 the congestion window in response to a loss-based or ECN-based congestion
66396 signal respectively. They default to the values specified in the draft i.e.
66397 beta=50 and beta</em>ecn=80.</p></li>
66398 <li><p>net.inet.tcp.cc.abe_frlossreduce defaults to 0 (disabled) and can be set to
66399 non-zero to enable the use of standard beta (50% by default) when repairing
66400 loss during an ECN-signalled congestion recovery episode. It enables a more
66401 conservative congestion response and is provided for the purposes of
66402 experimentation as a result of some discussion at IETF 100 in Singapore.</p></li>
66403 </ul>
66404
66405 <p>The values of beta and beta<em>ecn can also be set per-connection by way of the
66406 TCP</em>CCALGOOPT TCP-level socket option and the new CC<em>NEWRENO</em>BETA or
66407 CC<em>NEWRENO</em>BETA_ECN CC algo sub-options.</p>
66408
66409 <p>Submitted by: Tom Jones <a href="mailto:tj@enoti.me">tj@enoti.me</a>
66410 Tested by: Tom Jones <a href="mailto:tj@enoti.me">tj@enoti.me</a>, Grenville Armitage <a href="mailto:garmitage@swin.edu.au">garmitage@swin.edu.au</a>
66411 Relnotes: Yes
66412 Differential Revision: https://reviews.freebsd.org/D11616
66413 ```</p>
66414
66415 <p><hr /></p>
66416
66417 <h3><a href="https://undeadly.org/cgi?action=article;sid=20180228225937">Meltdown-mitigation syspatch/errata now available</a></h3>
66418
66419 <blockquote>
66420 <p>The recent changes in -current mitigating the Meltdown vulnerability have been backported to the 6.1 and 6.2 (amd64) releases, and the syspatch update (for 6.2) is now available.</p>
66421 </blockquote>
66422
66423 <ul>
66424 <li><a href="https://marc.info/?l=openbsd-cvs&m=151964860620856&w=2">6.1</a></li>
66425 </ul>
66426
66427 <p>```
66428 Changes by: bluhm@cvs.openbsd.org 2018/02/26 05:36:18
66429 Log message:
66430 Implement a workaround against the Meltdown flaw in Intel CPUs.
66431 The following changes have been backported from OpenBSD -current.</p>
66432
66433 <p>Changes by: guenther@cvs.openbsd.org 2018/01/06 15:03:13
66434 Log message:
66435 Handle %gs like %[def]s and reset set it in cpu_switchto() instead of on
66436 every return to userspace.</p>
66437
66438 <p>Changes by: mlarkin@cvs.openbsd.org 2018/01/06 18:08:20
66439 Log message:
66440 Add identcpu.c and specialreg.h definitions for the new Intel/AMD MSRs
66441 that should help mitigate spectre. This is just the detection piece, these
66442 features are not yet used.
66443 Part of a larger ongoing effort to mitigate meltdown/spectre. i386 will
66444 come later; it needs some machdep.c cleanup first.</p>
66445
66446 <p>Changes by: mlarkin@cvs.openbsd.org 2018/01/07 12:56:19
66447 Log message:
66448 remove all PG_G global page mappings from the kernel when running on
66449 Intel CPUs. Part of an ongoing set of commits to mitigate the Intel
66450 "meltdown" CVE. This diff does not confer any immunity to that
66451 vulnerability - subsequent commits are still needed and are being
66452 worked on presently.
66453 ok guenther, deraadt</p>
66454
66455 <p>Changes by: mlarkin@cvs.openbsd.org 2018/01/12 01:21:30
66456 Log message:
66457 IBRS -> IBRS,IBPB in identifycpu lines</p>
66458
66459 <p>Changes by: guenther@cvs.openbsd.org 2018/02/21 12:24:15
66460 Log message:
66461 Meltdown: implement user/kernel page table separation.
66462 On Intel CPUs which speculate past user/supervisor page permission checks,
66463 use a separate page table for userspace with only the minimum of kernel code
66464 and data required for the transitions to/from the kernel (still marked as
66465 supervisor-only, of course):
66466 - the IDT (RO)
66467 - three pages of kernel text in the .kutext section for interrupt, trap,
66468 and syscall trampoline code (RX)
66469 - one page of kernel data in the .kudata section for TLB flush IPIs (RW)
66470 - the lapic page (RW, uncachable)
66471 - per CPU: one page for the TSS+GDT (RO) and one page for trampoline
66472 stacks (RW)
66473 When a syscall, trap, or interrupt takes a CPU from userspace to kernel the
66474 trampoline code switches page tables, switches stacks to the thread's real
66475 kernel stack, then copies over the necessary bits from the trampoline stack.
66476 On return to userspace the opposite occurs: recreate the iretq frame on the
66477 trampoline stack, switch stack, switch page tables, and return to userspace.
66478 mlarkin@ implemented the pmap bits and did 90% of the debugging, diagnosing
66479 issues on MP in particular, and drove the final push to completion.
66480 Many rounds of testing by naddy@, sthen@, and others
66481 Thanks to Alex Wilson from Joyent for early discussions about trampolines
66482 and their data requirements.
66483 Per-CPU page layout mostly inspired by DragonFlyBSD.
66484 ok mlarkin@ deraadt@</p>
66485
66486 <p>Changes by: bluhm@cvs.openbsd.org 2018/02/22 13:18:59
66487 Log message:
66488 The GNU assembler does not understand 1ULL, so replace the constant
66489 with 1. Then it compiles with gcc, sign and size do not matter
66490 here.</p>
66491
66492 <p>Changes by: bluhm@cvs.openbsd.org 2018/02/22 13:27:14
66493 Log message:
66494 The compile time assertion for cpu info did not work with gcc.
66495 Rephrase the condition in a way that both gcc and clang accept it.</p>
66496
66497 <p>Changes by: guenther@cvs.openbsd.org 2018/02/22 13:36:40
66498 Log message:
66499 Set the PG_G (global) bit on the special page table entries that are shared
66500 between the u-k and u+k tables, because they're actually in <em>all</em> tables.</p>
66501
66502 <p>OpenBSD 6.1 errata 037
66503 ```</p>
66504
66505 <ul>
66506 <li>6.2</li>
66507 </ul>
66508
66509 <p>```
66510 Changes by: bluhm@cvs.openbsd.org 2018/02/26 05:29:48
66511 Log message:
66512 Implement a workaround against the Meltdown flaw in Intel CPUs.
66513 The following changes have been backported from OpenBSD -current.</p>
66514
66515 <p>Changes by: guenther@cvs.openbsd.org 2018/01/06 15:03:13
66516 Log message:
66517 Handle %gs like %[def]s and reset set it in cpu_switchto() instead of on
66518 every return to userspace.</p>
66519
66520 <p>Changes by: mlarkin@cvs.openbsd.org 2018/01/06 18:08:20
66521 Log message:
66522 Add identcpu.c and specialreg.h definitions for the new Intel/AMD MSRs
66523 that should help mitigate spectre. This is just the detection piece, these
66524 features are not yet used.
66525 Part of a larger ongoing effort to mitigate meltdown/spectre. i386 will
66526 come later; it needs some machdep.c cleanup first.</p>
66527
66528 <p>Changes by: mlarkin@cvs.openbsd.org 2018/01/07 12:56:19
66529 Log message:
66530 remove all PG_G global page mappings from the kernel when running on
66531 Intel CPUs. Part of an ongoing set of commits to mitigate the Intel
66532 "meltdown" CVE. This diff does not confer any immunity to that
66533 vulnerability - subsequent commits are still needed and are being
66534 worked on presently.</p>
66535
66536 <p>Changes by: mlarkin@cvs.openbsd.org 2018/01/12 01:21:30
66537 Log message:
66538 IBRS -> IBRS,IBPB in identifycpu lines</p>
66539
66540 <p>Changes by: guenther@cvs.openbsd.org 2018/02/21 12:24:15
66541 Log message:
66542 Meltdown: implement user/kernel page table separation.
66543 On Intel CPUs which speculate past user/supervisor page permission checks,
66544 use a separate page table for userspace with only the minimum of kernel code
66545 and data required for the transitions to/from the kernel (still marked as
66546 supervisor-only, of course):
66547 - the IDT (RO)
66548 - three pages of kernel text in the .kutext section for interrupt, trap,
66549 and syscall trampoline code (RX)
66550 - one page of kernel data in the .kudata section for TLB flush IPIs (RW)
66551 - the lapic page (RW, uncachable)
66552 - per CPU: one page for the TSS+GDT (RO) and one page for trampoline
66553 stacks (RW)
66554 When a syscall, trap, or interrupt takes a CPU from userspace to kernel the
66555 trampoline code switches page tables, switches stacks to the thread's real
66556 kernel stack, then copies over the necessary bits from the trampoline stack.
66557 On return to userspace the opposite occurs: recreate the iretq frame on the
66558 trampoline stack, switch stack, switch page tables, and return to userspace.
66559 mlarkin@ implemented the pmap bits and did 90% of the debugging, diagnosing
66560 issues on MP in particular, and drove the final push to completion.
66561 Many rounds of testing by naddy@, sthen@, and others
66562 Thanks to Alex Wilson from Joyent for early discussions about trampolines
66563 and their data requirements.
66564 Per-CPU page layout mostly inspired by DragonFlyBSD.</p>
66565
66566 <p>Changes by: bluhm@cvs.openbsd.org 2018/02/22 13:18:59
66567 Log message:
66568 The GNU assembler does not understand 1ULL, so replace the constant
66569 with 1. Then it compiles with gcc, sign and size do not matter
66570 here.</p>
66571
66572 <p>Changes by: bluhm@cvs.openbsd.org 2018/02/22 13:27:14
66573 Log message:
66574 The compile time assertion for cpu info did not work with gcc.
66575 Rephrase the condition in a way that both gcc and clang accept it.</p>
66576
66577 <p>Changes by: guenther@cvs.openbsd.org 2018/02/22 13:36:40
66578 Log message:
66579 Set the PG_G (global) bit on the special page table entries that are shared
66580 between the u-k and u+k tables, because they're actually in <em>all</em> tables.</p>
66581
66582 <p>OpenBSD 6.2 errata 009
66583 ```</p>
66584
66585 <ul>
66586 <li><a href="https://man.openbsd.org/syspatch">syspatch</a></li>
66587 </ul>
66588
66589 <p><hr /></p>
66590
66591 <p><strong>iXsystems</strong></p>
66592
66593 <h3><a href="https://undeadly.org/cgi?action=article;sid=20180302002131">a2k18 Hackathon Report: Ken Westerback on dhclient and more</a></h3>
66594
66595 <blockquote>
66596 <p>Ken Westerback (krw@) has sent in the first report from the (recently concluded) a2k18 hackathon:</p>
66597 </blockquote>
66598
66599 <ul>
66600 <li><p><a href="http://www.gcmap.com/mapui?P=YYZ-YVR-MEL-ZQN-CHC-DUD,DUD-WLG-AKL-SYD-BNE-YVR-YYZ">YYZ -> YVR -> MEL -> ZQN -> CHC -> DUD -> WLG -> AKL -> SYD -> BNE -> YVR -> YYZ</a></p></li>
66601 <li><p>For those of you who don’t speak Airport code:</p></li>
66602 <li>Toronto -> Vancouver -> Melbourne -> Queenstown -> Christchurch -> Dunedin</li>
66603 <li>Then: Dunedin -> Wellington -> Auckland -> Sydney -> Brisbane -> Vancouver -> Toronto</li>
66604 </ul>
66605
66606 <p>```</p>
66607
66608 <p>Whew.</p>
66609
66610 <p>Once in Dunedin the hacking commenced. The background was a regular tick of new meltdown diffs to test in addition to whatever work one was actually engaged in. I was lucky (?) in that none of the problems with the various versions cropped up on my laptop.
66611 ```</p>
66612
66613 <p>```
66614 I worked with rpe@ and tb@ to make the install script create the 'correct' FQDN when dhclient was involved. I worked with tb@ on some code cleanup in various bits of the base. dhclient(8) got some nice cleanup, further pruning/improving log messages in particular. In addition the oddball -q option was flipped into the more normal -v. I.e. be quiet by default and verbose on request.</p>
66615
66616 <p>More substantially the use of recorded leases was made less intrusive by avoiding continual reconfiguration of the interface with the same information. The 'request', 'require' and 'ignore' dhclient.conf(5) statement were changed so they are cumulative, making it easier to build longer lists of affected options.</p>
66617
66618 <p>I tweaked softraid(4) to remove a handrolled version of duid_format().</p>
66619
66620 <p>I sprinkled a couple of M_WAITOK into amd64 and i386 mpbios to document that there is really no need to check for NULL being returned from some malloc() calls.</p>
66621
66622 <p>I continued to help test the new filesystem quiescing logic that deraadt@ committed during the hackathon.</p>
66623
66624 <p>I only locked myself out of my room once!</p>
66625
66626 <p>Fueled by the excellent coffee from local institutions The Good Earth Cafe and The Good Oil Cafe, and the excellent hacking facilities and accommodations at the University of Otago it was another enjoyable and productive hackathon south of the equator. And I even saw penguins.</p>
66627
66628 <p>Thanks to Jim Cheetham and the support from the project and the OpenBSD Foundation that made it all possible
66629 ```</p>
66630
66631 <p><hr /></p>
66632
66633 <h3><a href="https://blog.gerv.net/2018/03/poetic-license/">Poetic License</a></h3>
66634
66635 <blockquote>
66636 <p>I found this when going through old documents. It looks like I wrote it and never posted it. Perhaps I didn’t consider it finished at the time. But looking at it now, I think it’s good enough to share. It’s a redrafting of the BSD licence, in poetic form. Maybe I had plans to do other licences one day; I can’t remember.</p>
66637
66638 <p>I’ve interleaved it with the original license text so you can see how true, or otherwise, I’ve been to it. Enjoy :-)</p>
66639 </blockquote>
66640
66641 <p>```
66642 Copyright (c) <YEAR>, <OWNER>
66643 All rights reserved.</p>
66644
66645 <p>Redistribution and use in source and binary forms, with or without
66646 modification, are permitted provided that the following conditions
66647 are met:
66648 ```</p>
66649
66650 <blockquote>
66651 <p>You may redistribute and use –
66652 as source or binary, as you choose,
66653 and with some changes or without –
66654 this software; let there be no doubt.
66655 But you must meet conditions three,
66656 if in compliance you wish to be.</p>
66657 </blockquote>
66658
66659 <p><code>
66660 1. Redistributions of source code must retain the above copyright
66661 notice, this list of conditions and the following disclaimer.
66662 2. Redistributions in binary form must reproduce the above copyright
66663 notice, this list of conditions and the following disclaimer in the
66664 documentation and/or other materials provided with the distribution.
66665 3. Neither the name of the nor the names of its
66666 contributors may be used to endorse or promote products derived
66667 from this software without specific prior written permission.
66668 </code></p>
66669
66670 <blockquote>
66671 <p>The first is obvious, of course –
66672 To keep this text within the source.
66673 The second is for binaries
66674 Place in the docs a copy, please.
66675 A moral lesson from this ode –
66676 Don’t strip the copyright on code.</p>
66677
66678 <p>The third applies when you promote:
66679 You must not take, from us who wrote,
66680 our names and make it seem as true
66681 we like or love your version too.
66682 (Unless, of course, you contact us
66683 And get our written assensus.)</p>
66684 </blockquote>
66685
66686 <p><code>
66687 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
66688 "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
66689 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
66690 FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
66691 COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
66692 INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
66693 BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
66694 LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
66695 CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
66696 LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
66697 ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
66698 POSSIBILITY OF SUCH DAMAGE.
66699 </code></p>
66700
66701 <blockquote>
66702 <p>One final point to be laid out
66703 (You must forgive my need to shout):
66704 THERE IS NO WARRANTY FOR THIS
66705 WHATEVER THING MAY GO AMISS.
66706 EXPRESS, IMPLIED, IT’S ALL THE SAME –
66707 RESPONSIBILITY DISCLAIMED.</p>
66708
66709 <p>WE ARE NOT LIABLE FOR LOSS
66710 NO MATTER HOW INCURRED THE COST
66711 THE TYPE OR STYLE OF DAMAGE DONE
66712 WHATE’ER THE LEGAL THEORY SPUN.
66713 THIS STILL REMAINS AS TRUE IF YOU
66714 INFORM US WHAT YOU PLAN TO DO.</p>
66715
66716 <p>When all is told, we sum up thus –
66717 Do what you like, just don’t sue us.</p>
66718 </blockquote>
66719
66720 <p><hr /></p>
66721
66722 <p><hr /></p>
66723
66724 <h2>Beastie Bits</h2>
66725
66726 <ul>
66727 <li><a href="https://www.youtube.com/playlist?list=PLnTFqpZk5ebDZwT-bmYcIwv76yhmTfl0l">AsiaBSDCon 2018 Videos</a></li>
66728 <li><a href="https://www.freebsdfoundation.org/past-issues/storage/">The January/February 2018 FreeBSD Journal is Here</a></li>
66729 <li><a href="https://mail-index.netbsd.org/pkgsrc-users/2018/01/04/msg026073.html">Announcing the pkgsrc-2017Q4 release (2018-01-04)</a></li>
66730 <li><a href="https://www.bsdhh.org/bsdhh-de-index.html">BSD Hamburg Event</a></li>
66731 <li><a href="http://zfs.datto.com/">ZFS User conference</a></li>
66732 <li><a href="https://www.phoronix.com/scan.php?page=news_item&px=Unreal-Engine-4-FreeBSD">Unreal Engine 4 Being Brought Natively To FreeBSD By Independent Developer</a></li>
66733 </ul>
66734
66735 <p><hr /></p>
66736
66737 <p>Tarsnap ad</p>
66738
66739 <p><hr /></p>
66740
66741 <h2>Feedback/Questions</h2>
66742
66743 <ul>
66744 <li>Philippe - <a href="http://dpaste.com/2643BF5#wrap">I heart FreeBSD and other questions</a></li>
66745 <li>Cyrus - <a href="http://dpaste.com/3NTH14J#wrap">BSD Now is excellent</a></li>
66746 <li>Architect - <a href="http://dpaste.com/317BP8X#wrap">Combined Feedback</a></li>
66747 <li>Dale - <a href="http://dpaste.com/284G4TQ#wrap">ZFS on Linux moving to ZFS on FreeBSD</a></li>
66748 <li>Tommi - <a href="http://dpaste.com/1KGMRGM#wrap">New BUG in Finland</a></li>
66749 </ul>
66750
66751 <p><hr /></p>
66752
66753 <ul>
66754 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
66755 </ul>
66756
66757 <p><hr /></p>]]>
66758 </content:encoded>
66759 <itunes:summary>
66760 <![CDATA[<p>OpenBSD firewalling Windows 10, NetBSD’s return to ptrace, TCP Alternative Backoff, the BSD Poetic license, and AsiaBSDcon 2018 videos available.</p>
66761
66762 <h3>RSS Feeds:</h3>
66763
66764 <p><a href="http://feeds.feedburner.com/BsdNowMp3">MP3 Feed</a> <strong>|</strong> <a href="https://itunes.apple.com/us/podcast/bsd-now-mp3/id701045710?mt=2">iTunes Feed</a> <strong>|</strong> <a href="http://feeds.feedburner.com/BsdNowHd">HD Vid Feed</a> <strong>|</strong> <a href="http://bitlove.org/jupiterbroadcasting/bsdnowhd/feed">HD Torrent Feed</a></p>
66765
66766 <h3><a href="http://www.patreon.com/jupitersignal">Become a supporter on Patreon</a>:</h3>
66767
66768 <p><a href="http://www.patreon.com/jupitersignal" rel="Support us on Patreon"><img src="http://i.imgur.com/2ioAf3Q.png" alt="Patreon" /></a></p>
66769
66770 <h3>- Show Notes: -</h3>
66771
66772 <h2>Headlines</h2>
66773
66774 <h3><a href="https://www.ibm.com/developerworks/community/blogs/karsten/entry/Preventing_Windows_10_and_untrusted_software_from_having_full_access_to_the_internet?lang=en">Preventing Windows 10 and untrusted software from having full access to the internet using OpenBSD</a></h3>
66775
66776 <blockquote>
66777 <p>Whilst setting up one of my development laptops to port some software to Windows I noticed Windows 10 doing crazy things like installing or updating apps and games by default after initial setup. The one I noticed in particular was Candy Crush Soda Saga which for those who don't know of it is some cheesy little puzzle game originally for consumer devices. I honestly did not want software like this near to a development machine. It has also been reported that Windows 10 now also updates core system software without notifying the user. Surely this destroys any vaguely deterministic behaviour, in my opinion making Windows 10 by default almost useless for development testbeds.</p>
66778
66779 <p>Deciding instead to start from scratch but this time to set the inbuilt Windows Firewall to be very restrictive and only allow a few select programs to communicate. In this case all I really needed to be online was Firefox, Subversion and Putty. To my amusement (and astonishment) I found out that the Windows firewall could be modified to give access very easily by programs during installation (usually because this task needs to be done with admin privileges). It also seems that Windows store Apps can change the windows firewall settings at any point. One way to get around this issue could be to install a 3rd party firewall that most software will not have knowledge about and thus not attempt to break through. However the only decent firewall I have used was Sygate Pro which unfortunately is no longer supported by recent operating systems. The last supported versions was 2003, XP and 2000. In short, I avoid 3rd party firewalls.</p>
66780
66781 <p>Instead I decided to trap Windows 10 (and all of it's rogue updaters) behind a virtual machine running OpenBSD. This effectively provided me with a full blown firewall appliance. From here I could then allow specific software I trusted through the firewall (via a proxy) in a safe, controlled and deterministic manner. For other interested developers (and security conscious users) and for my own reference, I have listed the steps taken here:</p>
66782 </blockquote>
66783
66784 <ul>
66785 <li><p>1) First and foremost disable the Windows DHCP service - this is so no IP can be obtained on any interface. This effectively stops any communication with any network on the host system. This can be done by running services.msc with admin privileges and stopping and disabling the service called DHCP Client.</p></li>
66786 <li><p>2) Install or enable your favorite virtualization software - I have tested this with both VirtualBox and Hyper-V. Note that on non-server versions of Windows, in order to get Hyper-V working, your processor also needs to support SLAT which is daft so to avoid faffing about, I recommend using VirtualBox to get round this seemingly arbitrary restriction.</p></li>
66787 <li><p>3) Install OpenBSD on the VM - Note, if you decide to use Hyper-V, its hardware support isn't 100% perfect to run OpenBSD and you will need to disable a couple of things in the kernel. At the initial boot prompt, run the following commands.</p></li>
66788 </ul>
66789
66790 <p><code>
66791 config -e -o /bsd /bsd
66792 disable acpi
66793 disable mpbios
66794 </code></p>
66795
66796 <ul>
66797 <li><p>4) Add a host only virtual adapter to the VM - This is the one which we are going to connect through the VM with. Look at the IP that VirtualBox assigns this in network manager on the host machine. Mine was [b]192.168.56.1[/b]. Set up the adapter in the OpenBSD VM to have a static address on the same subnet. For example [b]192.168.56.2[/b]. If you are using Hyper-V and OpenBSD, make sure you add a "Legacy Interface" because no guest additions are available. Then set up a virtual switch which is host only.</p></li>
66798 <li><p>5) Add a bridged adapter to the VM - then assign it to whichever interface you wanted to connect to the external network with. Note that if using Wireless, set the bridged adapters MAC address to the same as your physical device or the access point will reject it. This is not needed (or possible) on Hyper-V because the actual device is "shared" rather than bridged so the same MAC address is used. Again, if you use Hyper-V, then add another virtual switch and attach it to your chosen external interface. VMs in Hyper-V "share" an adapter within a virtual switch and there is the option to also disable the hosts ability to use this interface at the same time which is fine for an additional level of security if those pesky rogue apps and updaters can also enable / disable DHCP service one day which wouldn't be too surprising.</p></li>
66799 <li><p>6) Connect to your network in the host OS - In case of Wireless, select the correct network from the list and type in a password if needed. Windows will probably say "no internet available", it also does not assign an IP address which is fine.</p></li>
66800 <li><p>7) Install the Squid proxy package on the OpenBSD guest and enable the daemon</p></li>
66801 </ul>
66802
66803 <p>```</p>
66804
66805 <h4>pkg_add squid</h4>
66806
66807 <h4>echo 'squid_flags=""' >> /etc/rc.conf.local</h4>
66808
66809 <h4>/etc/rc.d/squid start</h4>
66810
66811 <p>```</p>
66812
66813 <blockquote>
66814 <p>We will use this service for a limited selection of "safe and trusted" programs to connect to the outside world from within the Windows 10 host. You can also use putty on the host to connect to the VM via SSH and create a SOCKS proxy which software like Firefox can also use to connect externally.</p>
66815 </blockquote>
66816
66817 <ul>
66818 <li><p>8) Configure the software you want to be able to access the external network with</p>
66819
66820 <ul><li>Firefox - go to the connection settings and specify the VMs IP address for the proxy.</li>
66821 <li>Subversion - modify the %HOME%\AppData\Roaming\Subversion\servers file and change the HTTP proxy field to the VMs IP. This is important to communicate with GitHub via https:// (Yes, GitHub also supports Subversion). For svn:// addresses you can use Putty to port forward.</li>
66822 <li>Chromium/Chrome - unfortunately uses the global Windows proxy settings which defeats much of the purpose of this exercise if we were going to allow <em>all</em> of Windows access to the internet via the proxy. It would become mayhem again. However we can still use Putty to create a SOCKS proxy and then launch the browser with the following flags:</li></ul></li>
66823 </ul>
66824
66825 <p><code>
66826 --proxy-server="socks5://<VM IP>:<SOCKS PORT>"
66827 --host-resolver-rules="MAP * 0.0.0.0 , EXCLUDE <VM IP>"
66828 </code></p>
66829
66830 <ul>
66831 <li>9) Congratulations, you are now done - Admittedly this process can be a bit fiddly to set up but it completely prevents Windows 10 from making a complete mess. This solution is probably also useful for those who like privacy or don't like the idea of their software "phoning home". Hope you find this useful and if you have any issues, please feel free to leave questions in the comments.</li>
66832 </ul>
66833
66834 <p><hr /></p>
66835
66836 <h3><a href="https://blog.netbsd.org/tnf/entry/lldb_restoration_and_return_to">LLDB restoration and return to ptrace(2)</a></h3>
66837
66838 <blockquote>
66839 <p>I've managed to unbreak the LLDB debugger as much as possible with the current kernel and hit problems with ptrace(2) that are causing issues with further work on proper NetBSD support. Meanwhile, I've upstreamed all the planned NetBSD patches to sanitizers and helped other BSDs to gain better or initial support.</p>
66840 </blockquote>
66841
66842 <ul>
66843 <li>LLDB</li>
66844 </ul>
66845
66846 <blockquote>
66847 <p>Since the last time I worked on LLDB, we have introduced many changes to the kernel interfaces (most notably related to signals) that apparently fixed some bugs in Go and introduced regressions in ptrace(2). Part of the regressions were noted by the existing ATF tests. However, the breakage was only marked as a new problem to resolve. For completeness, the ptrace(2) code was also cleaned up by Christos Zoulas, and we fixed some bugs with compat32.</p>
66848
66849 <p>I've fixed a crash in *NetBSD::Factory::Launch(), triggered on startup of the lldb-server application.</p>
66850
66851 <p>Here is the commit message:</p>
66852 </blockquote>
66853
66854 <p>```
66855 We cannot call process_up->SetState() inside
66856 the NativeProcessNetBSD::Factory::Launch
66857 function because it triggers a NULL pointer
66858 deference.</p>
66859
66860 <p>The generic code for launching a process in:
66861 GDBRemoteCommunicationServerLLGS::LaunchProcess
66862 sets the m<em>debugged</em>process<em>up pointer after
66863 a successful call to m</em>process<em>factory.Launch().
66864 If we attempt to call process</em>up->SetState()
66865 inside a platform specific Launch function we
66866 end up dereferencing a NULL pointer in
66867 NativeProcessProtocol::GetCurrentThreadID().</p>
66868
66869 <p>Use the proper call process<em>up->SetState(,false)
66870 that sets notify</em>delegates to false.
66871 ```</p>
66872
66873 <ul>
66874 <li>Sanitizers</li>
66875 </ul>
66876
66877 <blockquote>
66878 <p>I suspended development of new features in sanitizers last month, but I was still in the process of upstreaming of local patches. This process was time-consuming as it required rebasing patches, adding dedicated tests, and addressing all other requests and comments from the upstream developers.</p>
66879
66880 <p>I'm not counting hot fixes, as some changes were triggering build or test issues on !NetBSD hosts. Thankfully all these issues were addressed quickly. The final result is a reduction of local delta size of almost 1MB to less than 100KB (1205 lines of diff). The remaining patches are rescheduled for later, mostly because they depend on extra work with cross-OS tests and prior integration of sanitizers with the basesystem distribution. I didn't want to put extra work here in the current state of affairs and, I've registered as a mentor for Google Summer of Code for the NetBSD Foundation and prepared Software Quality improvement tasks in order to outsource part of the labour.</p>
66881 </blockquote>
66882
66883 <ul>
66884 <li>Userland changes</li>
66885 </ul>
66886
66887 <blockquote>
66888 <p>I've also improved documentation for some of the features of NetBSD, described in man-pages. These pieces of information were sometimes wrong or incomplete, and this makes covering the NetBSD system with features such as sanitizers harder as there is a mismatch between the actual code and the documented code.</p>
66889
66890 <p>Some pieces of software also require better namespacing support, these days mostly for the POSIX standard. I've fixed few low-hanging fruits there and requested pullups to NetBSD-8(BETA).</p>
66891
66892 <p>I thank the developers for improving the landed code in order to ship the best solutions for users.</p>
66893 </blockquote>
66894
66895 <ul>
66896 <li>BSD collaboration in LLVM</li>
66897 </ul>
66898
66899 <blockquote>
66900 <p>A One-man-show in human activity is usually less fun and productive than collaboration in a team. This is also true in software development. Last month I was helping as a reviewer to port LLVM features to FreeBSD and when possible to OpenBSD. This included MSan/FreeBSD, libFuzzer/FreeBSD, XRay/FreeBSD and UBSan/OpenBSD.</p>
66901
66902 <p>I've landed most of the submitted and reviewed code to the mainstream LLVM tree.</p>
66903
66904 <p>Part of the code also verified the correctness of NetBSD routes in the existing porting efforts and showed new options for improvement. This is the reason why I've landed preliminary XRay/NetBSD code and added missing NetBSD bits to ToolChain::getOSLibName(). The latter produced setup issues with the prebuilt LLVM toolchain, as the directory name with compiler-rt goodies were located in a path like ./lib/clang/7.0.0/lib/netbsd8.99.12 with a varying OS version. This could stop working after upgrades, so I've simplified it to "netbsd", similar to FreeBSD and Solaris.</p>
66905 </blockquote>
66906
66907 <ul>
66908 <li>Prebuilt toolchain for testers</li>
66909 </ul>
66910
66911 <blockquote>
66912 <p>I've prepared a build of Clang/LLVM with LLDB and compiler-rt features prebuilt on NetBSD/amd64 v. 8.99.12:</p>
66913 </blockquote>
66914
66915 <p><code>llvm-clang-compilerrt-lldb-7.0.0beta_2018-02-28.tar.bz2</code></p>
66916
66917 <ul>
66918 <li>Plan for the next milestone</li>
66919 </ul>
66920
66921 <blockquote>
66922 <p>With the approaching NetBSD 8.0 release I plan to finish backporting a few changes there from HEAD:</p>
66923 </blockquote>
66924
66925 <ul>
66926 <li>Remove one unused feature from ptrace(2), PT<em>SET</em>SIGMASK & PT<em>GET</em>SIGMASK. I've originally introduced these operations with criu/rr-like software in mind, but they are misusing or even abusing ptrace(2) and are not regular process debuggers. I plan to remove this operation from HEAD and backport this to NetBSD-8(BETA), before the release, so no compat will be required for this call. Future ports of criu/rr should involve dedicated kernel support for such requirements.
66927 Finish the backport of <em>UC</em>MACHINE_FP() to NetBSD-8. This will allow use of the same code in sanitizers in HEAD and NetBSD-8.0.</li>
66928 <li>By popular demand, improve the regnsub(3) and regasub(3) API, adding support for more or less substitutions than 10.</li>
66929 </ul>
66930
66931 <blockquote>
66932 <p>Once done, I will return to ptrace(2) debugging and corrections.</p>
66933 </blockquote>
66934
66935 <p><hr /></p>
66936
66937 <p><strong>DigitalOcean</strong></p>
66938
66939 <h3><a href="https://t.pagef.lt/working-with-the-netbsd-kernel/">Working with the NetBSD kernel</a></h3>
66940
66941 <ul>
66942 <li>Overview</li>
66943 </ul>
66944
66945 <blockquote>
66946 <p>When working on complex systems, such as OS kernels, your attention span and cognitive energy are too valuable to be wasted on inefficiencies pertaining to ancillary tasks. After experimenting with different environmental setups for kernel debugging, some of which were awkward and distracting from my main objectives, I have arrived to my current workflow, which is described here. This approach is mainly oriented towards security research and the study of kernel internals.</p>
66947
66948 <p>Before delving into the details, this is the general outline of my environment:</p>
66949
66950 <p>My host system runs Linux. My target system is a QEMU guest.</p>
66951
66952 <p>I’m tracing and debugging on my host system by attaching GDB (with NetBSD x86-64 ABI support) to QEMU’s built-in GDB server.
66953 I work with NetBSD-current. All sources are built on my host system with the cross-compilation toolchain produced by build.sh.
66954 I use NFS to share the source tree and the build artifacts between the target and the host.
66955 I find IDEs awkward, so for codebase navigation I mainly rely on vim, tmux and ctags.
66956 For non-intrusive instrumentation, such as figuring out control flow, I’m using dtrace.</p>
66957 </blockquote>
66958
66959 <ul>
66960 <li><p>Preparing the host system</p>
66961
66962 <ul><li>QEMU</li>
66963 <li>GDB</li>
66964 <li>NFS Exports</li></ul></li>
66965 <li><p>Building NetBSD-current</p></li>
66966 <li><p>A word of warning</p>
66967
66968 <ul><li>Now is a great time to familiarize yourself with the build.sh tool and its options. Be especially carefull with the following options:</li></ul></li>
66969 </ul>
66970
66971 <p><code>
66972 -r Remove contents of TOOLDIR and DESTDIR before building.
66973 -u Set MKUPDATE=yes; do not run "make clean" first.
66974 Without this, everything is rebuilt, including the tools.
66975 </code></p>
66976
66977 <blockquote>
66978 <p>Chance are, you do not want to use these options once you’ve successfully built the cross-compilation toolchain and your entire userland, because building those takes time and there aren’t many good reasons to recompile them from scratch. Here’s what to expect:</p>
66979
66980 <p>On my desktop, running a quad-core Intel i5-3470 at 3.20GHz with 24GB of RAM and underlying directory structure residing on a SSD drive, the entire process took about 55 minutes. I was running make with -j12, so the machine was quite busy.
66981 On an old Dell D630 laptop, running Intel Core 2 Duo T7500 at 2.20GHz with 4GB of RAM and a slow hard drive (5400RPM), the process took approximatelly 2.5 hours. I was running make with -j4. Based on the temperature alerts and CPU clock throttling messages, it was quite a struggle.</p>
66982 </blockquote>
66983
66984 <ul>
66985 <li>Acquiring the sources</li>
66986 <li><p>Compiling the sources</p>
66987
66988 <ul><li>Preparing the guest system</li></ul></li>
66989 <li>Provisioning your guest</li>
66990 <li>Pkgin and NFS shares</li>
66991 <li>Tailoring the kernel for debugging</li>
66992 <li>Installing the new kernel</li>
66993 <li>Configuring DTrace</li>
66994 <li>Debugging the guest’s kernel</li>
66995 </ul>
66996
66997 <p><hr /></p>
66998
66999 <h2>News Roundup</h2>
67000
67001 <h3><a href="https://svnweb.freebsd.org/base?view=revision&revision=331214">Add support for the experimental Internet-Draft "TCP Alternative Backoff”</a></h3>
67002
67003 <p>```
67004 Add support for the experimental Internet-Draft "TCP Alternative Backoff with
67005 ECN (ABE)" proposal to the New Reno congestion control algorithm module.
67006 ABE reduces the amount of congestion window reduction in response to
67007 ECN-signalled congestion relative to the loss-inferred congestion response.</p>
67008
67009 <p>More details about ABE can be found in the Internet-Draft:
67010 https://tools.ietf.org/html/draft-ietf-tcpm-alternativebackoff-ecn</p>
67011
67012 <p>The implementation introduces four new sysctls:</p>
67013
67014 <ul>
67015 <li><p>net.inet.tcp.cc.abe defaults to 0 (disabled) and can be set to non-zero to
67016 enable ABE for ECN-enabled TCP connections.</p></li>
67017 <li><p>net.inet.tcp.cc.newreno.beta and net.inet.tcp.cc.newreno.beta<em>ecn set the
67018 multiplicative window decrease factor, specified as a percentage, applied to
67019 the congestion window in response to a loss-based or ECN-based congestion
67020 signal respectively. They default to the values specified in the draft i.e.
67021 beta=50 and beta</em>ecn=80.</p></li>
67022 <li><p>net.inet.tcp.cc.abe_frlossreduce defaults to 0 (disabled) and can be set to
67023 non-zero to enable the use of standard beta (50% by default) when repairing
67024 loss during an ECN-signalled congestion recovery episode. It enables a more
67025 conservative congestion response and is provided for the purposes of
67026 experimentation as a result of some discussion at IETF 100 in Singapore.</p></li>
67027 </ul>
67028
67029 <p>The values of beta and beta<em>ecn can also be set per-connection by way of the
67030 TCP</em>CCALGOOPT TCP-level socket option and the new CC<em>NEWRENO</em>BETA or
67031 CC<em>NEWRENO</em>BETA_ECN CC algo sub-options.</p>
67032
67033 <p>Submitted by: Tom Jones <a href="mailto:tj@enoti.me">tj@enoti.me</a>
67034 Tested by: Tom Jones <a href="mailto:tj@enoti.me">tj@enoti.me</a>, Grenville Armitage <a href="mailto:garmitage@swin.edu.au">garmitage@swin.edu.au</a>
67035 Relnotes: Yes
67036 Differential Revision: https://reviews.freebsd.org/D11616
67037 ```</p>
67038
67039 <p><hr /></p>
67040
67041 <h3><a href="https://undeadly.org/cgi?action=article;sid=20180228225937">Meltdown-mitigation syspatch/errata now available</a></h3>
67042
67043 <blockquote>
67044 <p>The recent changes in -current mitigating the Meltdown vulnerability have been backported to the 6.1 and 6.2 (amd64) releases, and the syspatch update (for 6.2) is now available.</p>
67045 </blockquote>
67046
67047 <ul>
67048 <li><a href="https://marc.info/?l=openbsd-cvs&m=151964860620856&w=2">6.1</a></li>
67049 </ul>
67050
67051 <p>```
67052 Changes by: bluhm@cvs.openbsd.org 2018/02/26 05:36:18
67053 Log message:
67054 Implement a workaround against the Meltdown flaw in Intel CPUs.
67055 The following changes have been backported from OpenBSD -current.</p>
67056
67057 <p>Changes by: guenther@cvs.openbsd.org 2018/01/06 15:03:13
67058 Log message:
67059 Handle %gs like %[def]s and reset set it in cpu_switchto() instead of on
67060 every return to userspace.</p>
67061
67062 <p>Changes by: mlarkin@cvs.openbsd.org 2018/01/06 18:08:20
67063 Log message:
67064 Add identcpu.c and specialreg.h definitions for the new Intel/AMD MSRs
67065 that should help mitigate spectre. This is just the detection piece, these
67066 features are not yet used.
67067 Part of a larger ongoing effort to mitigate meltdown/spectre. i386 will
67068 come later; it needs some machdep.c cleanup first.</p>
67069
67070 <p>Changes by: mlarkin@cvs.openbsd.org 2018/01/07 12:56:19
67071 Log message:
67072 remove all PG_G global page mappings from the kernel when running on
67073 Intel CPUs. Part of an ongoing set of commits to mitigate the Intel
67074 "meltdown" CVE. This diff does not confer any immunity to that
67075 vulnerability - subsequent commits are still needed and are being
67076 worked on presently.
67077 ok guenther, deraadt</p>
67078
67079 <p>Changes by: mlarkin@cvs.openbsd.org 2018/01/12 01:21:30
67080 Log message:
67081 IBRS -> IBRS,IBPB in identifycpu lines</p>
67082
67083 <p>Changes by: guenther@cvs.openbsd.org 2018/02/21 12:24:15
67084 Log message:
67085 Meltdown: implement user/kernel page table separation.
67086 On Intel CPUs which speculate past user/supervisor page permission checks,
67087 use a separate page table for userspace with only the minimum of kernel code
67088 and data required for the transitions to/from the kernel (still marked as
67089 supervisor-only, of course):
67090 - the IDT (RO)
67091 - three pages of kernel text in the .kutext section for interrupt, trap,
67092 and syscall trampoline code (RX)
67093 - one page of kernel data in the .kudata section for TLB flush IPIs (RW)
67094 - the lapic page (RW, uncachable)
67095 - per CPU: one page for the TSS+GDT (RO) and one page for trampoline
67096 stacks (RW)
67097 When a syscall, trap, or interrupt takes a CPU from userspace to kernel the
67098 trampoline code switches page tables, switches stacks to the thread's real
67099 kernel stack, then copies over the necessary bits from the trampoline stack.
67100 On return to userspace the opposite occurs: recreate the iretq frame on the
67101 trampoline stack, switch stack, switch page tables, and return to userspace.
67102 mlarkin@ implemented the pmap bits and did 90% of the debugging, diagnosing
67103 issues on MP in particular, and drove the final push to completion.
67104 Many rounds of testing by naddy@, sthen@, and others
67105 Thanks to Alex Wilson from Joyent for early discussions about trampolines
67106 and their data requirements.
67107 Per-CPU page layout mostly inspired by DragonFlyBSD.
67108 ok mlarkin@ deraadt@</p>
67109
67110 <p>Changes by: bluhm@cvs.openbsd.org 2018/02/22 13:18:59
67111 Log message:
67112 The GNU assembler does not understand 1ULL, so replace the constant
67113 with 1. Then it compiles with gcc, sign and size do not matter
67114 here.</p>
67115
67116 <p>Changes by: bluhm@cvs.openbsd.org 2018/02/22 13:27:14
67117 Log message:
67118 The compile time assertion for cpu info did not work with gcc.
67119 Rephrase the condition in a way that both gcc and clang accept it.</p>
67120
67121 <p>Changes by: guenther@cvs.openbsd.org 2018/02/22 13:36:40
67122 Log message:
67123 Set the PG_G (global) bit on the special page table entries that are shared
67124 between the u-k and u+k tables, because they're actually in <em>all</em> tables.</p>
67125
67126 <p>OpenBSD 6.1 errata 037
67127 ```</p>
67128
67129 <ul>
67130 <li>6.2</li>
67131 </ul>
67132
67133 <p>```
67134 Changes by: bluhm@cvs.openbsd.org 2018/02/26 05:29:48
67135 Log message:
67136 Implement a workaround against the Meltdown flaw in Intel CPUs.
67137 The following changes have been backported from OpenBSD -current.</p>
67138
67139 <p>Changes by: guenther@cvs.openbsd.org 2018/01/06 15:03:13
67140 Log message:
67141 Handle %gs like %[def]s and reset set it in cpu_switchto() instead of on
67142 every return to userspace.</p>
67143
67144 <p>Changes by: mlarkin@cvs.openbsd.org 2018/01/06 18:08:20
67145 Log message:
67146 Add identcpu.c and specialreg.h definitions for the new Intel/AMD MSRs
67147 that should help mitigate spectre. This is just the detection piece, these
67148 features are not yet used.
67149 Part of a larger ongoing effort to mitigate meltdown/spectre. i386 will
67150 come later; it needs some machdep.c cleanup first.</p>
67151
67152 <p>Changes by: mlarkin@cvs.openbsd.org 2018/01/07 12:56:19
67153 Log message:
67154 remove all PG_G global page mappings from the kernel when running on
67155 Intel CPUs. Part of an ongoing set of commits to mitigate the Intel
67156 "meltdown" CVE. This diff does not confer any immunity to that
67157 vulnerability - subsequent commits are still needed and are being
67158 worked on presently.</p>
67159
67160 <p>Changes by: mlarkin@cvs.openbsd.org 2018/01/12 01:21:30
67161 Log message:
67162 IBRS -> IBRS,IBPB in identifycpu lines</p>
67163
67164 <p>Changes by: guenther@cvs.openbsd.org 2018/02/21 12:24:15
67165 Log message:
67166 Meltdown: implement user/kernel page table separation.
67167 On Intel CPUs which speculate past user/supervisor page permission checks,
67168 use a separate page table for userspace with only the minimum of kernel code
67169 and data required for the transitions to/from the kernel (still marked as
67170 supervisor-only, of course):
67171 - the IDT (RO)
67172 - three pages of kernel text in the .kutext section for interrupt, trap,
67173 and syscall trampoline code (RX)
67174 - one page of kernel data in the .kudata section for TLB flush IPIs (RW)
67175 - the lapic page (RW, uncachable)
67176 - per CPU: one page for the TSS+GDT (RO) and one page for trampoline
67177 stacks (RW)
67178 When a syscall, trap, or interrupt takes a CPU from userspace to kernel the
67179 trampoline code switches page tables, switches stacks to the thread's real
67180 kernel stack, then copies over the necessary bits from the trampoline stack.
67181 On return to userspace the opposite occurs: recreate the iretq frame on the
67182 trampoline stack, switch stack, switch page tables, and return to userspace.
67183 mlarkin@ implemented the pmap bits and did 90% of the debugging, diagnosing
67184 issues on MP in particular, and drove the final push to completion.
67185 Many rounds of testing by naddy@, sthen@, and others
67186 Thanks to Alex Wilson from Joyent for early discussions about trampolines
67187 and their data requirements.
67188 Per-CPU page layout mostly inspired by DragonFlyBSD.</p>
67189
67190 <p>Changes by: bluhm@cvs.openbsd.org 2018/02/22 13:18:59
67191 Log message:
67192 The GNU assembler does not understand 1ULL, so replace the constant
67193 with 1. Then it compiles with gcc, sign and size do not matter
67194 here.</p>
67195
67196 <p>Changes by: bluhm@cvs.openbsd.org 2018/02/22 13:27:14
67197 Log message:
67198 The compile time assertion for cpu info did not work with gcc.
67199 Rephrase the condition in a way that both gcc and clang accept it.</p>
67200
67201 <p>Changes by: guenther@cvs.openbsd.org 2018/02/22 13:36:40
67202 Log message:
67203 Set the PG_G (global) bit on the special page table entries that are shared
67204 between the u-k and u+k tables, because they're actually in <em>all</em> tables.</p>
67205
67206 <p>OpenBSD 6.2 errata 009
67207 ```</p>
67208
67209 <ul>
67210 <li><a href="https://man.openbsd.org/syspatch">syspatch</a></li>
67211 </ul>
67212
67213 <p><hr /></p>
67214
67215 <p><strong>iXsystems</strong></p>
67216
67217 <h3><a href="https://undeadly.org/cgi?action=article;sid=20180302002131">a2k18 Hackathon Report: Ken Westerback on dhclient and more</a></h3>
67218
67219 <blockquote>
67220 <p>Ken Westerback (krw@) has sent in the first report from the (recently concluded) a2k18 hackathon:</p>
67221 </blockquote>
67222
67223 <ul>
67224 <li><p><a href="http://www.gcmap.com/mapui?P=YYZ-YVR-MEL-ZQN-CHC-DUD,DUD-WLG-AKL-SYD-BNE-YVR-YYZ">YYZ -> YVR -> MEL -> ZQN -> CHC -> DUD -> WLG -> AKL -> SYD -> BNE -> YVR -> YYZ</a></p></li>
67225 <li><p>For those of you who don’t speak Airport code:</p></li>
67226 <li>Toronto -> Vancouver -> Melbourne -> Queenstown -> Christchurch -> Dunedin</li>
67227 <li>Then: Dunedin -> Wellington -> Auckland -> Sydney -> Brisbane -> Vancouver -> Toronto</li>
67228 </ul>
67229
67230 <p>```</p>
67231
67232 <p>Whew.</p>
67233
67234 <p>Once in Dunedin the hacking commenced. The background was a regular tick of new meltdown diffs to test in addition to whatever work one was actually engaged in. I was lucky (?) in that none of the problems with the various versions cropped up on my laptop.
67235 ```</p>
67236
67237 <p>```
67238 I worked with rpe@ and tb@ to make the install script create the 'correct' FQDN when dhclient was involved. I worked with tb@ on some code cleanup in various bits of the base. dhclient(8) got some nice cleanup, further pruning/improving log messages in particular. In addition the oddball -q option was flipped into the more normal -v. I.e. be quiet by default and verbose on request.</p>
67239
67240 <p>More substantially the use of recorded leases was made less intrusive by avoiding continual reconfiguration of the interface with the same information. The 'request', 'require' and 'ignore' dhclient.conf(5) statement were changed so they are cumulative, making it easier to build longer lists of affected options.</p>
67241
67242 <p>I tweaked softraid(4) to remove a handrolled version of duid_format().</p>
67243
67244 <p>I sprinkled a couple of M_WAITOK into amd64 and i386 mpbios to document that there is really no need to check for NULL being returned from some malloc() calls.</p>
67245
67246 <p>I continued to help test the new filesystem quiescing logic that deraadt@ committed during the hackathon.</p>
67247
67248 <p>I only locked myself out of my room once!</p>
67249
67250 <p>Fueled by the excellent coffee from local institutions The Good Earth Cafe and The Good Oil Cafe, and the excellent hacking facilities and accommodations at the University of Otago it was another enjoyable and productive hackathon south of the equator. And I even saw penguins.</p>
67251
67252 <p>Thanks to Jim Cheetham and the support from the project and the OpenBSD Foundation that made it all possible
67253 ```</p>
67254
67255 <p><hr /></p>
67256
67257 <h3><a href="https://blog.gerv.net/2018/03/poetic-license/">Poetic License</a></h3>
67258
67259 <blockquote>
67260 <p>I found this when going through old documents. It looks like I wrote it and never posted it. Perhaps I didn’t consider it finished at the time. But looking at it now, I think it’s good enough to share. It’s a redrafting of the BSD licence, in poetic form. Maybe I had plans to do other licences one day; I can’t remember.</p>
67261
67262 <p>I’ve interleaved it with the original license text so you can see how true, or otherwise, I’ve been to it. Enjoy :-)</p>
67263 </blockquote>
67264
67265 <p>```
67266 Copyright (c) <YEAR>, <OWNER>
67267 All rights reserved.</p>
67268
67269 <p>Redistribution and use in source and binary forms, with or without
67270 modification, are permitted provided that the following conditions
67271 are met:
67272 ```</p>
67273
67274 <blockquote>
67275 <p>You may redistribute and use –
67276 as source or binary, as you choose,
67277 and with some changes or without –
67278 this software; let there be no doubt.
67279 But you must meet conditions three,
67280 if in compliance you wish to be.</p>
67281 </blockquote>
67282
67283 <p><code>
67284 1. Redistributions of source code must retain the above copyright
67285 notice, this list of conditions and the following disclaimer.
67286 2. Redistributions in binary form must reproduce the above copyright
67287 notice, this list of conditions and the following disclaimer in the
67288 documentation and/or other materials provided with the distribution.
67289 3. Neither the name of the nor the names of its
67290 contributors may be used to endorse or promote products derived
67291 from this software without specific prior written permission.
67292 </code></p>
67293
67294 <blockquote>
67295 <p>The first is obvious, of course –
67296 To keep this text within the source.
67297 The second is for binaries
67298 Place in the docs a copy, please.
67299 A moral lesson from this ode –
67300 Don’t strip the copyright on code.</p>
67301
67302 <p>The third applies when you promote:
67303 You must not take, from us who wrote,
67304 our names and make it seem as true
67305 we like or love your version too.
67306 (Unless, of course, you contact us
67307 And get our written assensus.)</p>
67308 </blockquote>
67309
67310 <p><code>
67311 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
67312 "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
67313 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
67314 FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
67315 COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
67316 INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
67317 BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
67318 LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
67319 CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
67320 LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
67321 ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
67322 POSSIBILITY OF SUCH DAMAGE.
67323 </code></p>
67324
67325 <blockquote>
67326 <p>One final point to be laid out
67327 (You must forgive my need to shout):
67328 THERE IS NO WARRANTY FOR THIS
67329 WHATEVER THING MAY GO AMISS.
67330 EXPRESS, IMPLIED, IT’S ALL THE SAME –
67331 RESPONSIBILITY DISCLAIMED.</p>
67332
67333 <p>WE ARE NOT LIABLE FOR LOSS
67334 NO MATTER HOW INCURRED THE COST
67335 THE TYPE OR STYLE OF DAMAGE DONE
67336 WHATE’ER THE LEGAL THEORY SPUN.
67337 THIS STILL REMAINS AS TRUE IF YOU
67338 INFORM US WHAT YOU PLAN TO DO.</p>
67339
67340 <p>When all is told, we sum up thus –
67341 Do what you like, just don’t sue us.</p>
67342 </blockquote>
67343
67344 <p><hr /></p>
67345
67346 <p><hr /></p>
67347
67348 <h2>Beastie Bits</h2>
67349
67350 <ul>
67351 <li><a href="https://www.youtube.com/playlist?list=PLnTFqpZk5ebDZwT-bmYcIwv76yhmTfl0l">AsiaBSDCon 2018 Videos</a></li>
67352 <li><a href="https://www.freebsdfoundation.org/past-issues/storage/">The January/February 2018 FreeBSD Journal is Here</a></li>
67353 <li><a href="https://mail-index.netbsd.org/pkgsrc-users/2018/01/04/msg026073.html">Announcing the pkgsrc-2017Q4 release (2018-01-04)</a></li>
67354 <li><a href="https://www.bsdhh.org/bsdhh-de-index.html">BSD Hamburg Event</a></li>
67355 <li><a href="http://zfs.datto.com/">ZFS User conference</a></li>
67356 <li><a href="https://www.phoronix.com/scan.php?page=news_item&px=Unreal-Engine-4-FreeBSD">Unreal Engine 4 Being Brought Natively To FreeBSD By Independent Developer</a></li>
67357 </ul>
67358
67359 <p><hr /></p>
67360
67361 <p>Tarsnap ad</p>
67362
67363 <p><hr /></p>
67364
67365 <h2>Feedback/Questions</h2>
67366
67367 <ul>
67368 <li>Philippe - <a href="http://dpaste.com/2643BF5#wrap">I heart FreeBSD and other questions</a></li>
67369 <li>Cyrus - <a href="http://dpaste.com/3NTH14J#wrap">BSD Now is excellent</a></li>
67370 <li>Architect - <a href="http://dpaste.com/317BP8X#wrap">Combined Feedback</a></li>
67371 <li>Dale - <a href="http://dpaste.com/284G4TQ#wrap">ZFS on Linux moving to ZFS on FreeBSD</a></li>
67372 <li>Tommi - <a href="http://dpaste.com/1KGMRGM#wrap">New BUG in Finland</a></li>
67373 </ul>
67374
67375 <p><hr /></p>
67376
67377 <ul>
67378 <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv">feedback@bsdnow.tv</a></li>
67379 </ul>
67380
67381 <p><hr /></p>]]>
67382 </itunes:summary>
67383 <fireside:playerURL>https://fireside.fm/player/v2/FYhhasNR+Rc3pya8-</fireside:playerURL>
67384 <fireside:playerEmbedCode>
67385 <![CDATA[<iframe src="https://fireside.fm/player/v2/FYhhasNR+Rc3pya8-" width="740" height="200" frameborder="0" scrolling="no">]]>
67386 </fireside:playerEmbedCode>
67387 </item>
67388 </channel>
67389 </rss>