POPULARITY
2 episodes with delphix
2 episodes with delphix
In this episode, we're bringing listeners into the final conversations from the pop-up podcast booth at ELC Annual 2024! Patrick sat down with a few eng leaders attending the event to discuss takeaways from ELC Annual 2024 & eng leadership insights they want to share with others in the community. He chatted with Nick Hurlburt (Executive Director of the Aselo program @ Tech Matters), Manju Abraham (Vice President of Engineering, Primary Storage @ HPE), and Bhupesh Bansal (Head of Engineering - Product Server @ Square). These leaders share some of the guiding principles of their eng leadership careers, highlights from ELC Annual 2024, advice for first timers attending these types of events, and more.ABOUT NICK HURLBURTNick Hurlburt is the Executive Director of the Aselo program at Tech Matters, a nonprofit with a mission to bring the benefits of technology to all of humanity. Aselo is an open source contact center platform used by crisis helplines in over 15 countries. After completing an MS in Computer Science at the University of Illinois, Nick began his career developing early, large-scale AI software at Amazon. He then spent six years overseas working on conflict relief efforts in Burma and South Sudan before returning to the U.S., where he managed software teams at a San Francisco machine learning startup before building the initial version of Aselo as Tech Matters' first engineer. He gets excited about systems thinking, understanding different cultures, and walking through forests reminiscent of his rural Wisconsin childhood.ABOUT MANJU ABRAHAMManju Abraham was VP of Engineering for Primary Storage products at HPE. She has over 25 years of experience leading Engineering organizations to deliver enterprise products of high quality, building, scaling and leading transformation, as an effective change catalyst, across companies like HPE, Delphix, NetApp, HP etc.ABOUT BHUPESH BANSALEntrepreneur and technical leader passionate about making a positive impact in the world. 18+ years track record of building teams, large-scale distributed systems, and consumer products scaling to 100M+ users.SHOW NOTES:Why it's important to incorporate non-eng principles into engineering (1:52)Don't run if the people can't run (4:20)The importance of iterating & identifying patterns that work (5:57)Nick's ELC Annual 2024 highlights (7:35)Advice for first-time attendees to get the most out of ELC Annual (8:10)Challenges around cultural transformations (9:33)How transformations incorporate structure & order (11:35)Manju's experience at / takeaways from ELC Annual 2024 (15:14)Advice for folks on how to get the most out of an experience like this (18:19)Bhupesh's roundtable on managing yourself & learning to let go (20:17)When Bhupesh started to embody the principle of managing yourself (21:52)Frameworks for making the shift to identifying yourself as a leader (24:17)Top ways you can invest in yourself & final takeaways (26:27)This episode wouldn't have been possible without the help of our incredible production team:Patrick Gallagher - Producer & Co-HostJerry Li - Co-HostNoah Olberding - Associate Producer, Audio & Video Editor https://www.linkedin.com/in/noah-olberding/Dan Overheim - Audio Engineer, Dan's also an avid 3D printer - https://www.bnd3d.com/Ellie Coggins Angus - Copywriter, Check out her other work at https://elliecoggins.com/about/
In this episode, Lola speaks with Manju Abraham, an Engineering Leader with over 30 years of experience in delivering high-quality Enterprise Products on schedule, building, and scaling high-performing R&D teams across companies like HP, Netapp, and Delphix. She started her career in India as a Scientist at the Indian Space Research Organization. She is currently at HPE and leads Engineering Operations across HPE Storage Array Products. In every role in these organizations, she built a reputation as a bold, effective transformational leader, enabling change, across Engineering functions, to scale and elevate the outcome, productivity, and effectiveness of the organization. She is passionate about growing her team members and helping them to meet their true potential. She has won several awards across each of these companies for leadership affecting cultural, behavioral, and systemic improvements. In this episode, we discuss: The power of asking for help and learning to delegate to uplevel your life The 4 D's of decision making and how you can utilize these touchpoints to streamline your life Giving yourself permission to learn who you are and what you want out of life The power of evaluating your core values before advancing in your career Lessons learned from beating cancer, becoming a mentor for other women going through treatment, and deriving energy from helping others More about Manju: In addition to her role at HP, she is in the Board of Directors of ‘the CLUB - Connect Lead Unite Build'; an incubator for women leaders and a founding member of Shakti, a community for women to rise together , support and create leaders. She mentors South Asian women in the US and MBA Students at CalState East Bay. She counsels cancer patients and their families and supports organizations working on good causes supporting women and children. She is the President of Vanitha Charity Organization which is a non-profit, an Indian American association of women with a mission to provide "Help for the helpless and education for all". She led the Diversity and Inclusion Council alongside the CEO and his staff at Del-phix and sponsored the Women's ERG. She was an active participant and ally in the LGBTQ and Black ERGs. At HPE, she has been organizing and hosting events regularly to build awareness on diversity and inclusion, bringing in guest speak-ers or sharing stories of our colleagues during AAPI, Hispanic Heritage, Women's history, Pride, Neurodiversity awareness months and other celebrations. Manju is a graduate of Berkeley and College of Engineering, Trivandrum. She lives in the Bay Area, CA with her husband and is the proud mother of two daughters who teach her a lot about empathy and inclusion. She enjoys hiking, traveling, reading, painting, and bringing people together to serve a bigger purpose in our community. Connect with Manju: LinkedIn: https://www.linkedin.com/in/manju-abraham Facebook: https://www.facebook.com/manjuab Connect with Lola: NEW! Join our Membership: https://www.immigrantsincorporate.org/membership Facebook Group: https://www.facebook.com/groups/428192995622965 LinkedIn: https://www.linkedin.com/in/lolaaadeyemopm/ Instagram: https://www.instagram.com/immigrantsincorporate/ Apply to be on the podcast: shorturl.at/dnyEO More about Thriving in Intersectionality Podcast: Welcome to the “Thriving in Intersectionality” podcast. A podcast created to help you learn from professionals in the workplace who have multiple intersectional identities; from ethnic minorities, veterans transitioning into the workforce, individuals with disabilities, parents, and so many more. Hosted by Lola Adeyemo, who is the CEO of EQI Mindset and the founder of the nonprofit Immigrants in Corporate Inc, her mission is to work with organizations to build more inclusive workplaces. This podcast was built to amplify the voices of leaders and immigrants in the corporate workplace and to give insights and guidance so people can move past their “barriers” and advance in their professional careers. Through interviews and solo episodes, Lola will examine this global world of work. We hope that you can learn a thing or two from our guests, who have a range of experiences and stories to share. Join Lola as we meet new people who are successfully navigating the corporate space. For more information and additional resources, please visit www.immigrantsincorporate.org and www.eqimindset.com
Welcome to Get It Started, Get It Done, the Banyan Security podcast, covering the security industry and beyond. In this episode, our host and Banyan's Chief Security Officer, Den Jones, speaks with Banyan's Head of R&D, Colin Rand, about the threats and opportunities emerging AI technologies pose for security. We hope your enjoy Den's discussion with Colin Rand. About Colin Rand Colin has extensive experience in engineering leadership and product development working at a wide range of enterprise startups to late-stage and enterprise companies. Most recently Colin helped transform Delphix from an on-premise data management appliance to create their first SaaS offering with an integrated product strategy to create a hybrid platform. Before then, he led the platform initiative for Lookout, a BeyondCorp mobile security company, managing data, identity, and security services for ML-based mobile threat protection. Colin's wide experience brought him through Salesforce, AKQA (creative agency) as well as his own startups in NYC. Colin began his career as a hands-on developer after studying computer engineering at the University of Michigan. Key Takeaways: "It's questionable in my mind whether you'll be able to detect beyond chance whether anything is AI generated." Den speaks with Banyan's head of R&D Colin Rand on this week's GISGID podcast.Den Jones speaks with Banyan's head of R&D Colin Rand about the pitfalls and opportunities of AI on the Get It Started Get It Done podcast.Banyan head of R&D Colin Rand on the Get It Started Get It Done podcast: How AI will be used by bad actors and defenders alike.What Banyan is doing around AI for customers: R&D head Colin Rand on the Get It Started Get It Done Podcast."It'll be an enormous noise at the front door and you won't be able to tell what's real and what's fake." Banyan head of R&D Colin Rand outlines the real threats of AI—and some solutions—on this week's Get It Started Get It Done Podcast."Waiting for governance is nonsense." On this week's podcast, Banyan head of R&D Colin Rand explains why practitioners can't wait for regulators to address AI.
0:00 -- Intro.1:35 -- Start of interview.2:05 -- Penny's "origin story".3:38 -- Her experience as CEO of Simplex including its IPO (2001) and later sale (2002).6:32 -- Her experience as CEO of FirstRain.7:57 -- On her board journey. Public boards (past and present): Rambus, JDSU, Faurecia (France), Lumentum, Smart Global, Forvia, Embarck Trucks. Private tech software company boards: Delphix and Modern Health.9:17 -- On distinctions between private and public boards. "A private VC-backed board is much more of a heavy lift than a public board... it's very interesting and you may not get paid [because it's based on stock]."13:35-- On serving as an independent director in a private VC-backed company during the down-cycle. How VCs are reacting. "It's better to take a lower valuation from a high-quality strategic individual than it is to chase the highest valuation because a bad investor will hurt you faster than anything else."16:00 -- On serving as Chair of public companies. "The biggest difference [between Chair and other directors] is that as Chair, you are the last to speak. It's really important to know that the role of the Chair is [to seek] the high quality functioning of the board and the participation of all the directors, not to share your opinion." "Leadership by listening rather than by speaking."18:12 -- On the separation of Chair and CEO roles. "It's really important that you really do have an independent board."20:29 -- On dual-class stock and founder control. "The benefit of dual-class stock with the benefit of a good founder is clarity of the strategy [preventing distraction]." "But there is a trade-off."23:35 -- On the role of the board in strategy and innovation. "You have to create a culture to challenge at the board level."26:30 -- Her take on ESG and the anti-ESG backlash. "I'm very pro-ESG, particularly E." "You have to have courage to lead." 33:33 -- On geopolitics and tensions with China. "We need more of a balancing than a decoupling (which is naive and unhealthy)." "The US has a complete chokehold on China for semiconductor manufacturing." "The semiconductor equipment comes from the US and Holland, and the software to design chips comes from California (dominated by two companies: Synopsis and Cadence)."39:06 -- On the transition to EVs in the automotive industry.40:38 -- On the evolution of boardroom diversity. "The California laws (SB-826 and AB-979), whether constitutional or not, brought great momentum for more board diversity."42:59 -- On her experience serving on French (and EU) company boards (which have board diversity quotas and union representatives on the board).47:55 -- How the automotive industry will change through technology and innovation. 50:24 -- The books that have greatly influenced her life (in this case, these books re-wired her brain on European history): From the Holy Mountain, by William Dalrymple (1997)The Silk Roads, a New History of the World, by Peter Frankopan (2015)52:10 -- Her mentors, and what she learned from them. Harvey Jones, former CEO of Synopsis. "the power of the great strategy."53:40 -- On founders or CEOs transitioning to the Chair role of the board. "I think it really depends on the founder."56:00 -- Quotes she thinks of often or lives his life by: "Damn the torpedoes, full speed ahead." 56:30 -- An unusual habit or an absurd thing that he loves: She loves the city of Rome.57:13 -- On the differences between the US and the UK/EU from a professional and cultural perspective. "As a woman, I couldn't imagine working in Europe in the 1980s or 1990s, and having any kind of career." "California is the best employment environment in the world for women in tech." "But to your general question: I would like to work in California and live in Europe."58:22 -- The living person he most admires: her father.Penny Herscher serves on four public company boards: Lumentum, SGH (Smart Global), Embark Trucks and Forvia SA and two private company boards, Delphix and Modern Health. She was President & CEO of two technology companies, Simplex and FirstRain, over the last 25 years. She is an experienced technology CEO, based in Silicon Valley, who took her first company, Simplex Solutions, public and then sold it to Cadence Design Systems in 2002. She sold her second company, FirstRain, to Ignite Technologies in 2017. Prior to Simplex, Penny was a member of the executive leadership team at Synopsys, through the IPO, on the way to becoming the #1 EDA company.__ You can follow Evan on social media at:Twitter: @evanepsteinLinkedIn: https://www.linkedin.com/in/epsteinevan/ Substack: https://evanepstein.substack.com/__Music/Soundtrack (found via Free Music Archive): Seeing The Future by Dexter Britain is licensed under a Attribution-Noncommercial-Share Alike 3.0 United States License
Marco Aurelio is the Executive Advisor for SandboxAQ, an enterprise SaaS company that seeks to solve some of society's most challenging problems. With more than 30 years of information management experience, Marco is a recognized figure among businesses and a trusted consultant. He worked in executive roles at Amazon Web Services, Delphix, Oracle, and SAP, to name a few. He specializes in system development, managing global programs, and team building. In this episode… Creating great workplace cultures and connections with employees may seem exclusive to small businesses. Startups and minor companies have an easier time developing a positive culture because of their size. At larger, more expansive organizations, that same intimacy and unity can feel unattainable. Yet some leaders can accomplish the seemingly impossible. Marco Aurelio is a proven executive and consultant who has worked with Amazon, Oracle, SAP, and many other leading businesses. Despite the size of these brands, he cultivated quality cultures within them. His approach has been refined over a long and storied career, and now you can learn directly from him. In this episode of Next Wave Leadership, Dov Pollack has an insightful conversation with Marco Aurelio, Executive Advisor at SandboxAQ, to talk about the finer details of leadership and building great cultures. They discuss the difficulties and opportunities of working within larger businesses, nurturing relationships with employees, and bringing your authentic self to work. The two also touch on the power of inquiry over command and how to lead against the grain.
Some will argue that COVID has forced federal agencies to move to the cloud and drastically increased remote access. One of the unintended consequences of this transition is a realization that the data that is created in these environments must be managed much better than in traditional, on-premises circumstances. If agencies are all on the same page with classifying and managing data, that will reduce friction and allow agencies to get the maximum benefit of all this data and understand patterns and trends. Hannah Hunt is the Chief Product and Innovation Officer for the Army Software Factory. They are the leading edge at agile software development in a highly secure environment. To rapidly develop solutions, they may spin up environments where data exists for an hour. Given those constraints, it only makes sense to have continuous security and continuous compliance with the data. One obstacle to being able to work with data sets in an extremely flexible environment is starting with effective data management. Unfortunately, in the commercial world and the federal government, a lot of data management is still manual. No systems administrator would pause to automate the production of a new virtual environment, but eyebrows are raised when data is managed in an automated manner. During the discussion, the topic of Shadow IT was brought up. For example, if a system is set up for compliance and it takes days to get answers. Human beings, as they will, will find ways to circumvent these compliance models and subvert the system. That is why Dan Graves from Delphix suggests that if you produce a data management system that is compliant and fast, that will reduce the temptation for end users to set up apps that are independent of the compliance requirements.
On the PreSales Podcast, James Kaikis and Woody Evans connect on the topic “Business Discovery University.” Woody, Vice President, Global Presales at Delphix, discusses teaching and scaling business discovery within a PreSales Organization. Business Discovery University, or BDU, is a program Woody created to help Solutions Consultants improve the behavior that's hardest to learn, most valuable, and that needs the most practice: meta-cognition.
Bate papo com Bruna Bolorino, General Manager Latin America & Caribbean na Delphix, falamos sobre anonimização dos dados, estratégias para um ambiente mais seguro e resiliente, além de dicas práticas para garantir a seguranças dos dados das empresas. Confira aos episódios Shark IT Podcast Entre no grupo Papo Cloud Makers Roteiro do episódio em: papo.cloud/149 -------------------------------------------- Instagram / Twitter: @papocloud E-mail: contato@papo.cloud -------------------------------------------- Ficha técnica Direção e Produção: Vinicius Perrott Edição: Senhor A - editorsenhor-a.com.br Support the show: https://www.picpay.com/convite?@L7R7XH
Tom Fox is joined by Jed Yueh, founder and CEO of Delphix. They discuss his newest passion project with SustainableIT.org and their mission to advance global sustainability through technology and leadership. The Work of SustainableIT.org Many people believe that sustainability is somebody else's problem to solve, but Jed makes it clear that we cannot keep thinking that way if we want to make a difference. At SustainableIT.org, they collaborate with esteemed technology leaders to drive sustainability forward across the world's largest organizations. The Link Between Technology and ESG Jed tells Tom that companies must “take a hard look at how you govern technology programs so that they don't have adverse impacts on society and the environment.” Most companies view ESG as something in-demand, and so they independently chart the course they will take on ESG initiatives. At SustainableIT.org, they create and identify the best programs that can actually digitize the way a business functions while decreasing its carbon footprint. Making an Impact Facilitating change is not about one technology company being pro-environment. Jed names a number of SustainableIT.org's board members, explaining how many of these great technologists work for some of the world's biggest companies. “That's how we can have the biggest impact,” he says. RESOURCES Tom Fox's email Jedidiah Yueh | LinkedIn | Twitter | SustainableIT.org
Oxide and Friends Twitter Space: February 21st, 2022Engineering CultureWe've been holding a Twitter Space weekly on Mondays at 5p for about an hour. Even though it's not (yet?) a feature of Twitter Spaces, we have been recording them all; here is the recording for our Twitter Space for February 21st, 2022.In addition to Bryan Cantrill and Adam Leventhal, speakers on February 21st included Tom Lyon, Tom Killalea, Ian, Antranig Vartanian, Matt Campbell, Simeon Miteff, Matt Ranney and Aaron Hartwig. (Did we miss your name and/or get it wrong? Drop a PR!)Some of the topics we hit on, in the order that we hit them: Alex Heath's tweet on FB meeting about updated values: “meta, metamates, me” [@4:44](https://youtu.be/w9MQJbC26h4?t=284) Can an established company “change its values” in any sense? [@8:43](https://youtu.be/w9MQJbC26h4?t=523) Draw the owl > Twilio CEO: Yes, it was a meme, but it's a great representation of our job. > There is no instruction book and no one is going to tell us how to do our work. > It's now woven into our culture and used as a cheeky, but encouraging reply to > those who email colleagues at Twilio asking how to do something. [@12:42](https://youtu.be/w9MQJbC26h4?t=762) How do you establish engineering culture? Copy-paste values? [@20:44](https://youtu.be/w9MQJbC26h4?t=1244) When are values set down in a company's history? Amazon's brand image, expanding beyond books Assessing values when hiring [@27:51](https://youtu.be/w9MQJbC26h4?t=1671) Principles vs values Principles are absolutes, cannot be taken too far Values are about relative importance, in balance with other values ACM Code of Ethics Relative importance of values. Can some values be learned, while others cannot? [@45:11](https://youtu.be/w9MQJbC26h4?t=2711) “Turn-around CEOs”, trying to change an established company culture [@47:39](https://youtu.be/w9MQJbC26h4?t=2859) Sun culture, early days [@54:32](https://youtu.be/w9MQJbC26h4?t=3272) Connection between values and business model Urgency in context, requires nuance [@1:03:37](https://youtu.be/w9MQJbC26h4?t=3817) Values on the wall. When are values simply ignored? Jack Handey wiki, Deep Thoughts recurring SNL short sketches, eg Thanksgiving ~30secs “Sharpen fast” [@1:13:49](https://youtu.be/w9MQJbC26h4?t=4429) What are the important things to get set early? Bryan and Adam on Joyent and Delphix [@1:22:05](https://youtu.be/w9MQJbC26h4?t=4925) Matt Ranney on his time at Uber Trying to shape an established culture Leadership's values vs engineers Business ethics [@1:35:47](https://youtu.be/w9MQJbC26h4?t=5747) GE Thomas Gryta and Ted Mann (2020) Lights Out: Pride, Delusion, and the Fall of General Electric book [@1:37:03](https://youtu.be/w9MQJbC26h4?t=5823) Conclusions Adam: Get it right first, but it's not a lost cause if you don't. Bryan: Look for value alignment in organizations you might want to join, it's tough to change course after the fact. Matt: generous compensation has an effect on how closely one cares to scrutinize their organization's values ¯_(ツ)_/¯ If we got something wrong or missed something, please file a PR! Our next Twitter space will likely be on Monday at 5p Pacific Time; stay tuned to our Twitter feeds for details. We'd love to have you join us, as we always love to hear from new speakers!
Developing enterprise apps quickly is essential for business success, and securing data during the development process is imperative too. Jedidiah Yueh, the Founder and CEO of Delphix, suggests that though not as many people are talking about securing data in the app development process, they should be. Even more so, he argues they must secure this data or face huge consequences. Main TakeawaysSomething People Need to Talk About: Talking about data security is all the rage. But according to Yueh, securing development data is not discussed as much. Yueh contends that this lack of attention creates security vulnerabilities that bad actors can exploit. He believes that automated platforms built on zero trust principles can mitigate such risks.Out With the Old in With the New: The old way of testing apps in development involved a group of people all helping to gather production data and then copy that to the development territory. Of course, with so many hands in the process, the data was not very secure. Now, a platform, like Delphix, can make that process automatic; therefore, more secure. Setting Loftier IT Goals: Yueh argues that IT leaders are not setting high enough goals in terms of developing products quickly enough. In a conversation about his book, “Disrupt or Die,” he explains that the rate of acceleration is much faster than the typical business cycle so leaders must adapt the pace of their goals accordingly.IT Visionaries is brought to you by the Salesforce Platform - the #1 cloud platform for digital transformation of every experience. Build connected experiences, empower every employee, and deliver continuous innovation - with the customer at the center of everything you do. Learn more at salesforce.com/platform
Dan Graves, chief technology officer at Delphix, joins host John Gilroy on this week's Federal Tech Talk to discuss the challenges federal IT officials face when managing diverse data sets.
While DevOps offers IT organizations the tools required to deliver application transformation, it isn't until you start to incorporate an awareness of "Data" into a DevOps world that the real power to achieve digital transformation can be achieved. Host Steve McDowell, senior technology analyst at Moor Insights & Strategy, has a wide-ranging conversation with Delphix CEO and founder Jedidiah Yueh about the power of DevOps and why data is the "last automation frontier". They also talk about the intersection of DevOps, machine learning, and MLOps, as well as fostering a culture of innovation. 00:00 Roll the tape... 01:01 Jedidah Yueh's path from high-school teacher to Silicon Valley founder 03:30 Haven't we already solved all the hard DevOps problems? 04:47 DevOps as part of your cyber-security strategy 07:58 DevOps and Application Transformation 10:08 The Delphix Vision 12:06 Intersection of DevOps and MLOps 14:00 ML Models are Just Another Kind of Data 15:50 What's on the horizon in the world of data-driven DevOps? 17:20 Jed's book "Disrupt or Die" and how to foster a culture of innovation 20:20 Data is the last automation frontier 21:27 Wrapping up 21:44 .. the band plays us out Special Guest: Jedidiah Yueh.
Delphix is the industry leading data company for DevOps. Data is critical for testing application releases, modernization, cloud adoption, and AI/ML programs. Delphix provides an automated DevOps data platform, masking data for privacy compliance, securing data from ransomware, and delivering efficient, virtualized data for CI/CD and digital transformation. Interested in learning more about the Delphix DevOps Platform? https://www.delphix.com
Jedidiah Yueh is Tom Fox's guest this week on the Innovation in Compliance Podcast. Jedidiah is a data innovator, a best-selling author, and the founder and CEO of Delphix. He has spent the last two decades decoding innovation and collecting and testing frameworks that motivate many successful entrepreneurs in technology. Jedidiah has invented software products worth more than $4 billion in sales. He joins Tom Fox to discuss digital transformation and digital disruption, and what companies need to know and do about both. Technology, Creativity & Evolution “What's interesting about technology today is it's an incredibly broad white canvas,” Jed begins. Creativity is applied to the development of technology as much as it is to the liberal arts, he tells Tom. “If you think about some of the things that you do as an English major where you're really looking for these themes and these tropes within works of literature… You have to do that for the world of technology as well.” Tech evolves on so many levels that you have to see and analyze, similar to what's done in literary analysis. Digital Disruption When Jed first ventured into tech, his main objective was finding a concept or product that would give him a competitive advantage. He had the idea of taking the backup data from MP3 players and transitioning that into the technology enterprise. Jed says that he knew that the concept would be disruptive and that it would change the industry. “That's exactly what happened over the course of a decade,” he tells Tom. Delphix Tom asks Jed why he founded Delphix. In Jed's previous company, a lot of customers had issues where they had to be restoring data to other locations to be able to use it. The demands for data efficiency had risen. Jed created Delphix to answer this market need. “The idea was we wanted to build a new architecture that was focused on enabling the multi-use of data for all of these strategic and valuable use cases that drive innovation and differentiation for companies,” he remarks. COVID-19 & Beyond The pandemic and the relocation to remote work was a profitable opportunity for Jed's company. There was an acceleration of digital transformation. Tom asks Jed what companies need to focus on in the coming years. “I think companies really need to focus on what is real digital transformation and what is not,” Jed remarks. Real digital transformation changes the way your business operates. The overall ecosystem of the business has to be transformative. “If a company doesn't engage in a digital transformation and make its own data available to itself to make their business processes more efficient, frankly they're going to be left in the dust by their competitors who do so.” Resources Jedidiah Yueh | LinkedIn | Twitter Delphix Texas Tax rate at 80% of 8.25%
Gigi Beltrame presenta la ventiquattresima puntata della seconda stagione del #LateTechShow Ospiti: Giovanni Bergamaschi di Fitbit, Ugo Pollio di Delphix, Nico Donati di MyCIA (Healthy food) e Andrea Antoni e Orazio Spoto per il libro Instagram Community e Creatività
Shawnna Sumaoang: Hi, and welcome to the Sales Enablement PRO podcast. I am Shawnna Sumaoang. Sales enablement is a constantly evolving space and we’re here to help professionals stay up to date on the latest trends and best practices, so that they can be more effective in their jobs. Today, I’m excited to have Ken Millard join us from Delphix. Ken, I would love for you to introduce yourself, your role, and your organization to our audience. Ken Millard: Yeah. Hi. Thanks, Shawnna. As you said, Ken Millard here. I am English, as you can probably tell from my accent. But I have lived outside of the UK for the last 25 years in Italy, Germany, and Poland. In that time, I’ve worked for a variety of software companies. And for most of that time, I’ve been in an enablement role. Currently, I live in Germany, married with two kids and working for, as you said, Delphix as a senior sales enablement program manager. A quick word on Delphix, principally, it’s all about data for Delphix. They take the view that every company is a data company and also pretty much every large company is undergoing some form of digital transformation and where those two meet, where data meets digital transformation, is where Delphix really scores. SS: Well, Ken, I’m honored to have you join us today. So, thank you so much for making the time. In fact, you caught my eye because you wrote an article about the importance of mastering the basics: communication, context, focus, and connection. And you need all of these things essentially in order to succeed in sales. I’d love to hear from you, for our audience, what do the basics look like in a sales enablement context? How can sales enablement practitioners master those fundamentals? KM: Yeah, right. The focus of that article was to remind people that salespeople don’t need to master everything. In fact, hardly anybody needs to master everything but the basics. It’s a bit of a sporting analogy. Anybody that is a professional sportsperson, whether they’re hitting the ball or catching the ball, or sliding the puck along the ice or whatever it happens to be, they need to be able to do those simple things that are involved in that sport without thinking about them. And only once they’ve mastered those basics, can they then move on to the finer points. Maybe somebody is about to tackle them when they’re about to pass the ball and they still have to complete the pass. These kinds of things, the interruptions or the objections or whatever, get in the way of their normal communication. They know the basic business of selling and as a consequence, that salesperson or the sportsperson needs to be able to do those basics absolutely automatically without having to think about it. Only when they’ve got that, can they then start to do the finer points and make a 1% difference, which is the difference between succeeding and failing at the end of the day. In the context of sales enablement, the basic aims are that salespeople have to be able to confidently deliver the company message. Now, some people would call that a pitch. I’m not really in favor of the word pitch because it’s not just a standard pitch from a door-to-door salesman kind of background. It is something that is specific to each customer. In order for you to be able to deliver something specific to a customer, you need to understand absolutely the basics of your company’s message and how it might be applied to the customer. So, that’s the kind of pitch that you would do there as enablement people. We need to give them the confidence to deliver that well, and they need to be able to instill some kind of curiosity in salespeople and also a certain persistence in uncovering details within a company, uncovering points about the company where the product might be applicable for them. We need to teach familiarity with the product value add. Now, why, why do I say that? Because they need to be so familiar with it that whenever a customer starts talking about how they apply in a Delphix context, how they work with data or how they develop applications or how they’re moving to the cloud, the salesperson can take what they’re listening to and apply a particular value add from the set of values that they’ve been familiarized with by enablement. Lastly, A particular favorite of mine is enabling them to have the confidence in themselves and in the product to be humble when they receive an objection or they receive a particularly tough question from the customer. In each of those four cases, the salespeople need to be the ones that do it. We as individuals and enablement people don’t have to master all those things. We need to, as I said, encourage the salespeople to have an environment in which they can learn about these things and they can practice these things. That needs to be a safe environment. It’s a lot safer talking to me about issues they have with objection handling or how they might uncover more situations at a customer where Delphix might be applicable than it is trying to do it on the fly in front of the customer or on a virtual call with a customer. As enablement people, we’ve got to provide a way for them to learn. We’ve got to provide an environment that is safe for them to question, a way for them to practice and get feedback, an opportunity to discuss these things that they might not feel that they have with their sales manager and they definitely don’t want to be practicing it in front of the customer. SS: I think that’s a really fantastic point. Now, for newer sales enablement folks, when starting in a new role, what advice would you give to sales enablement practitioners to set themselves up for success and begin to identify priorities within the organization? KM: I think that there are two distinct points for enablement people. And that is that before they joined, so during the application process, they should try and appreciate it from the outside, but they should try and understand what the company is about from an enablement point of view and what kind of challenges that person might have within that company. I repeat, from the outside. They’re not going to know all the nuances. They’re not going to know necessarily all of the messaging, etc. But they need to think about what the person or the company might be struggling with in regard to the enablement of its salespeople. In the case of Delphix, when I went through the application process, I used Simon Sinek’s “Start With Why”. I tried to understand, why does Delphix do what it does and then how does it do it? Then, what does it use to do that? And with that, I was able to pull out a number of points that a startup like Delphix — when I say a startup, it’s been around for a long time, but it’s going through a hyper-growth at the moment so it’s kind of like a startup. It has an issue with a brand, so that’s one of the challenges. It has an issue with getting people to understand, “You can do that with data. You can virtualize data or mask data. That would have saved me so much time if only I’d known.” There’s an awful lot of issues that salespeople have in Delphix with regards to not only getting the brand out there, but also getting the understanding out there. It’s almost as if we have a solution for which they never knew that there was a possible solution for. During the application process, I uncovered that by using the start with the why and was able to pitch something as an outsider during the process. When I came in, most of what I’d uncovered, or I thought it uncovered actually wasn’t true, but it is something that you should go through as a way to demonstrate that you do understand them and you do understand how you would impact enablement. Then, when you start in a company, in talking with sales management, you get to appreciate what their priorities are with regards to the people that are working for them. Senior sales management will have goals that they want to achieve with regards to strategies, with regards to objectives and things like that. Some of those can be impacted by sales enablement. What sales managers looking for, maybe you would identify from them who their problem children are within the sales force. I don’t want to call the salespeople children, but it’s just a phrase that is used. Those individual salespeople, when you talk to them, they’re going to have their input as to what they’re missing and what they need to succeed. And it’s combining those three things: the individual’s needs, the needs of senior management, give you an idea about what you could start to work on in the first 30 days, what you would need to wait a little bit longer to work on, and what is coming up in terms of changes within the company. Maybe they’re introducing a new way to do pricing. Maybe they’re introducing a new way to use Salesforce, or maybe they’re using another CRM, maybe they’ve got new products coming out. Enablement can help in all of those areas. In summary, I would say when you are planning to join the organization, try and think about what kind of challenges that there might be and how you would approach them as part of your interview process. When you join, if you take the approach to listen a lot to those three groups that I mentioned and get input, try not to promise anything, even though it’s very tempting to get involved in solving problems. Try not to promise too much and try to get a plan. Get some buy-in with management as to what your plan is going to be for 30, 60, 90 days. Once you’ve spoken to a few people and then start to implement it and then comes the key point. Once you’ve implemented a few things, make a bit of noise about it. Do your own PR. Not only tell your boss, but tell everybody else that you’ve achieved these things. Maybe start a newsletter, maybe start a Slack channel. There are very many things that you can do to publicize this success. Once you’ve started to demonstrate your own value, people will come to you and start to ask you to do things for them, because they’ve seen that you can demonstrate that you understand what’s going on and that you can produce things that help them sell better. SS: I love that advice. I think that’s fantastic advice for those starting out in sales enablement. Now, you touched on this ever so briefly just a moment ago, but it’s around making sure that there is a centralized understanding of sales enablement within the organization once you start. In your experience, how can the definition of sales enablement vary from organization to organization? And are there any fundamentals that you think are critical for any enablement function to include in its strategy? KM: The whole topic of definition of sales enablement has been occupying a lot of people who are far cleverer than I am. But I do feel that at the moment, the industry and the profession of sales enablement is a little bit too new to have a definition that works across the board. What is very key, I think, is that the individuals who are involved in an enablement organization or enablement department of an organization decide what enablement is going to do within that organization. They write themselves a charter, and in that charter, they’re going to say what they want to do and what they want to influence as well as what they’re not going to do, because you can get pulled in all sorts of different directions and you need to be able to say, “here’s my charter. Here’s what has been agreed, and what it is going to do and what it’s not going to do.” Otherwise, you’re spread too thin across larger organizations and you can’t get the opportunity to succeed enough in an area to make a difference. The definition is difficult to pin down. The charter really helps in a particular case. If I can just give you one example of why I think that the definition is difficult to pin down, if you take one of my favorite topics, which is objection handling, if you are a salesperson for a real startup, you are in a position in which objection handling is really key to the success of a startup. Why? Because they are in that objection. They’re giving you an opportunity to give you some input as to which direction your brand-new products should go in. So, if you’re not able to really listen to that and take it back to product development or product management and say, “Oh, I just was at this excellent customer and they are right in our sweet spot and they could really do with this.” If you’re not listening to that and you’re not receiving it in the startup with a startup mind, then the startup is going to fail. Something different happens when a company gets a bit bigger, maybe it’s post-IPO, maybe it has distractions about shareholder meetings, or maybe it has other very important meetings that have to happen. Maybe you feel as if your product is already successful, you feel as if, “Oh you’re asking me questions about my product, but we are already the market leader. Why are you hassling me about this, that or the other?” And so, you have a slightly different approach to the objection or the question that a customer has for you. As a consequence, how you handle the objection is something that you almost have to relearn in a larger organization. It’s difficult to say even when should you teach people objection handling. I feel that you cannot say that given that the enablement is required and therefore the tasks or the objectives that they enable the department are going to be given will be dictated by where the company is in its own trajectory from startup through to corporate. On top of that, you’ve also got, what kind of customers are they talking to? If they’re a transactional seller, then they don’t want to go in for long sales cycles. So, you don’t teach them those things. You don’t put them in a situation where they can expect to sell in six months thereafter, a six weeks sale otherwise, and then move on to the next one. There are so many different variables. It’s difficult to pin down what is an enablement definition. However, very generally put, it’s about making salespeople successful, whether that’s training, whether that’s coaching, whether that’s the right kind of assets, whether that’s helping them to do their own discovery, whether it’s giving them a sounding board for a new proposal, whatever it happens to be. Enablement has to be a part of that. So, that’s my best definition. SS: I think that’s a fantastic definition. As you said, it’s all relatively unique. I’d love your perspective on how practitioners can build upon the enablement foundations to add their own unique flavor or value to the organization. KM: This is extremely important. Each individual has been hired because they have certain strengths that the hiring manager has seen in the interview and that they themselves believe that they have. Those are the things that they walk in the door with, and they can start to apply those, whether they’re excellent teachers, whether they’re excellent coaches or whether they are good at creating an e-learning that works. Whatever your strengths are, work with those. Use those in the first 30, 60 days. Then as I said before, once you’ve established yourself, there’s an excellent opportunity to start stretching yourself. Start with support from management or from sales management. Start looking at new areas that you can build yourself up on provided they fit in with what people are asking. Once the company has got a bit bigger, you might say, “okay, let’s roll out a whole learning management system.” You may never have done that before. I would advise you to ask the community that’s out there, how do I do this? And stretch yourself. Then you can put it on your CV. You can tick the box, “I’ve implemented an LMS at corporate and rolled out this number of courses, that number of courses, whatever.” So, you’ve got your own toolbox, but you’ve also got the opportunity to start new things given the right kind of support. That will obviously help you grow personally, as well. Doing things exactly like this podcast helps me grow personally and gives me an opportunity to try new things. SS: Well, Ken, I appreciate you joining this podcast. In closing, if we could just wrap up on this final question, how do you think enablement as a discipline could potentially evolve in the next year? KM: Yeah, this is obviously extremely important to every person that’s involved in enablement. As I said before, it’s a fairly new profession and you do get a lot of people that are coming into it also more and more organizations are getting involved in sales enablement. Some of those organizations have already started to call it revenue enablement, and that already spreads the remit into perhaps customer success or perhaps professional services, maybe even renewals are involved in revenue enablement. I think that there’s an opportunity for enablement as a general practice to cover every department of an organization. If I can use one example, let’s say the furthest removed from sales enablement, and that is let’s say, engineering. Engineering doesn’t just need training on how to develop or how to use the tools that engineering are working with. It also needs to get enablement on how to work with other departments, how to work with sales, how to understand sales. Also, if you take a thing that a company will very often do, which is make a big noise about the wins that it has among this customer base, which is great news, everyone loves to see wins success, but for engineering, you might be able to add to that win. If the winning includes which use cases were used by which company, then the engineering team or development team that built that piece of the software, the individuals that were involved can say, “wow, the bit of software that I developed is now being used by Company XYZ.” And as a consequence, they feel, “Oh, I’ve made a difference to that company.” That company might be a household name. Therefore, when they’re talking about their job among their peers or even amongst their friends and family, they can say, “Oh, my bit of software is now working with a Company XYZ.” Everybody gets a warm feeling about the contribution that that person may make to his job and to the other company. It’s not just, “Oh, I’m a developer. I work in whichever language” — which is all very techie — everyone can relate to that household name and everyone can relate to how good it feels for that engineering person to have developed something that the company is using. As a consequence, they are further enabled. They get a boost from that. So, I see that enablement has a future as a profession to impact way beyond the confines of sales enablement. I think that is one of the directions that the profession could go in, and become an enablement role across an organization. SS: I love that forward-looking view, Ken, thank you again so much for joining us today. I enjoyed the conversation. KM: Thank you so much. I really enjoyed talking about my profession. SS: To our audience, thanks for listening. For more insights, tips, and expertise from sales enablement leaders, visit salesenablement.pro. If there’s something you’d like to share or a topic you’d like to learn more about, please let us know. We’d love to hear from you.
In this podcast, Aaron Jensen, the Senior Solutions Engineer at Delphix and Arif Hajee, the Principal Solutions Engineer at Delphix explain how a programmable data infrastructure ensures test data can keep pace with high-velocity development and improve development productivity.
DANIEL GRAVES Daniel Graves is currently Vice President of Global Product Ecosystem at Delphix, responsible for strategy technology partnerships including AWS, GCP, IBM, Oracle, SAP and Microsoft. Graves is a software and cloud industry veteran of over 20 years with a diverse background in other functions including technology partnerships, business development, [...]
It’s cyber security week on the podcast as Priyanka Vergadia joins Mark Mirchandani to talk with the folks of the Chronicle Security Team. Our guests Ansh Patniak and Dr. Anton Chuvakin start the show off with a brief explanation of Chronicle, which is a security analytics platform that can identify threats and correct them. Anton details the threats facing clients today and why it’s important to continue to guard against old threats as well. Cyber security developers must constantly examine the landscape, adjust tools used, and think ahead to try to predict possible future problems. Ansh elaborates, pointing out that sometimes, all the security needed to protect against old, current, and potentially new threats can create a data overload that causes some threats to be lost in a jungle of notifications. Analyzing this data to gain insights about the health of a company’s cyber security is an important part of the process, and Chronicle can help with that. We discuss other challenges in the security analytics world and learn tips and tricks to help overcome them. Our guests wrap up the show explaining how Chronicle, as part of GCP, benefits Google Cloud customers. Dr. Anton Chuvakin Dr. Anton Chuvakin is now involved with security solution strategy at Google Cloud, where he arrived via Chronicle Security (an Alphabet company) acquisition in July 2019. Anton was, until recently, a Research Vice President and Distinguished Analyst at Gartner for Technical Professionals (GTP) Security and Risk Management Strategies team. Anton is a recognized security expert in the field of log management, SIEM and PCI DSS compliance. Ansh Patniak Ansh Patnaik is responsible for product marketing at Chronicle. Previously, he was VP of Product Management at Oracle where he defined and launched their Security Analytics Cloud service. Ansh has held product management, marketing and sales engineering roles at several cybersecurity and data segment market leaders including Delphix, ArcSight (acquired by HP), and BindView (acquired by Symantec). Cool things of the week UEFI, Shielded VM now the default for Google Compute Engine customers—no additional charge blog Anthos—driving business agility and efficiency blog Anthos 101 videos Interview Chronicle Security site Chronicle Security Blog blog Chronicle Security Resources site Why Your Security Data Lake Project Will FAIL! blog Question of the week Whats one thing you have seen users ask about security on Google Cloud? What’s something cool you’re working on? Our guests be doing the SANS Webinar on April 30th. 13 days of GCP Architecture series! We’re on day nine now, but you can catch up on Twitter with posts like Day 6 on Data Lake and join us for the next few!
On this episode we spoke with Peter Majeed who is the Head of Customer Success for EMEA at Qualtrics. Peter has previously held roles at Delphix and SAP, and has over 20 years of experience in solution selling and Customer Success within the Data...
One thing that you might not realize if you haven’t worked as a data scientist in very large companies is that the problems that arise at enterprise scale (and well as the skills that are needed to solve them) are completely different from those you’re likely to run into at a startup. Scale is a great thing for many reasons: it means access to more data sources, and usually more resources for compute and storage. But big companies can take advantage of these things only by fostering successful collaboration between and among large teams (which is really, really hard), and have to contend with unique data sanitation challenges that can’t be addressed without reinventing practically the entire data science life cycle. So I’d say it’s a good thing we booked Sanjeev Sharma, Vice President of Data Modernization and Strategy at Delphix, for today’s episode. Sanjeev’s specialty is helping huge companies with significant technical debt modernize and upgrade their data pipelines, and he’s seen the ins and outs of data science at enterprise scale for longer than almost anyone.
If your team develops software, you know that building API’s are the key to pretty much everything. But they get cluttered & messy. So Adam Leventhal decided to do something about it. Now, he’s Co-Founder and CEO of Transposit, one of SF’s fastest-growing tech companies. Adam was Chief Technology Officer of Delphix, and spent time in venture capital. Then he saw an opportunity create Transposit. In fact, they recently raised $12 million from top venture capital firms Sutter Hill Ventures, SignalFire, and Unusual Ventures. In this 20-minute conversation, Adam reveals how he’s building the team that’s building this great new product.
Today we are talking to Eric Schrock, the CTO at Delphix. And we discuss challenging yourself by exploring new dimensions of a business, how managing people is much different than managing a system and how Eric might just be the David Hasselhoff of technology writers. All of this, right now on the Modern CTO Podcast!
ZFS on Linux is becoming the official upstream project of all major ZFS implementations, even the BSDs. But recent kernel changes prevent ZFS from even building on Linux. Neal Gompa joins us to discuss why it all matters. Plus some surprising community news, and a few great picks! Special Guests: Dalton Durst and Neal Gompa.
The future of ZFS in FreeBSD, we pick highlights from the FreeBSD quarterly status report, flying with the raven, modern KDE on FreeBSD, many ways to launch FreeBSD in EC2, GOG installers on NetBSD, and more. Headlines The future of ZFS in FreeBSD The sources for FreeBSD’s ZFS support are currently taken directly from Illumos with local ifdefs to support the peculiarities of FreeBSD where the Solaris Portability Layer (SPL) shims fall short. FreeBSD has regularly pulled changes from Illumos and tried to push back any bug fixes and new features done in the context of FreeBSD. In the past few years the vast majority of new development in ZFS has taken place in DelphixOS and zfsonlinux (ZoL). Earlier this year Delphix announced that they will be moving to ZoL: https://www.delphix.com/blog/kickoff-future-eko-2018 This shift means that there will be little to no net new development of Illumos. While working through the git history of ZoL I have also discovered that many races and locking bugs have been fixed in ZoL and never made it back to Illumos and thus FreeBSD. This state of affairs has led to a general agreement among the stakeholders that I have spoken to that it makes sense to rebase FreeBSD’s ZFS on ZoL. Brian Behlendorf has graciously encouraged me to add FreeBSD support directly to ZoL https://github.com/zfsonfreebsd/ZoF so that we might all have a single shared code base. A port for ZoF can be found at https://github.com/miwi-fbsd/zof-port Before it can be committed some additional functionality needs to be added to the FreeBSD opencrypto framework. These can be found at https://reviews.freebsd.org/D18520 This port will provide FreeBSD users with multi modifier protection, project quotas, encrypted datasets, allocation classes, vectorized raidz, vectorized checksums, and various command line improvements. FreeBSD Quarterly Status Update With FreeBSD having gone all the way to 12, it is perhaps useful to take a look back at all the things that have been accomplished, in terms of many visible changes, as well as all the things that happen behind the scenes to ensure that FreeBSD continues to offer an alternative in both design, implementation, and execution. The things you can look forward to reading about are too numerous to summarize, but cover just about everything from finalizing releases, administrative work, optimizations and depessimizations, features added and fixed, and many areas of improvement that might just surprise you a little. Please have a cup of coffee, tea, hot cocoa, or other beverage of choice, and enjoy this culmulative set of reports covering everything that’s been done since October, 2017. —Daniel Ebdrup News Roundup One year of flying with the Raven: Ready for the Desktop? It has been a little over one year now that I’m with the Ravenports project. Time to reflect my involvement, my expectations and hopes. Ravenports Ravenports is a universal packaging framework for *nix operating systems. For the user it provides easy access to binary packages of common software for multiple platforms. It has been the long-lasting champion on Repology’s top 10 repositories regarding package freshness (rarely dropping below 96 percent while all other projects keep below 90!). For the porter it offers a well-designed and elegant means of writing cross-platform buildsheets that allow building the same version of the software with (completely or mostly) the same compile-time configuration on different operating systems or distributions. And for the developer it means a real-world project that’s written in modern Ada (ravenadm) and C (pkg) – as well as some Perl for support scripts and make. Things feel very optimized and fast. Not being a programmer though, I cannot really say anything about the actual code and thus leave it to the interested reader’s judgement. Modern KDE on FreeBSD New stuff in the official FreeBSD repositories! The X11 team has landed a newer version of libinput, opening up the way for KDE Plasma 5.14 in ports. That’s a pretty big update and it may frighten people with a new wallpaper. What this means is that the graphical stack is once again on-par with what Plasma upstream expects, and we can get back to chasing releases as soon as they happen, rather than gnashing our teeth at missing dependencies. The KDE-FreeBSD CI servers are in the process of being upgraded to 12-STABLE, and we’re integrating with the new experimental CI systems as well. This means we are chasing sensibly-modern systems (13-CURRENT is out of scope). The many ways to launch FreeBSD in EC2 Talking to FreeBSD users recently, I became aware that while I’ve created a lot of tools, I haven’t done a very good job of explaining how, and more importantly when to use them. So for all of the EC2-curious FreeBSD users out there: Here are the many ways to launch and configure FreeBSD in EC2 — ranging from the simplest to the most complicated (but most powerful): Launch FreeBSD and SSH in Launch FreeBSD and provide user-data Use the AMI Builder to create a customized FreeBSD AMI Build a FreeBSD AMI from a modified FreeBSD source tree Build your own disk image I hope I’ve provided tools which help you to run FreeBSD in EC2, no matter how common or unusual your needs are. If you find my work useful, please consider supporting my work in this area; while this is both something I enjoy working on and something which is useful for my day job (Tarsnap, my online backup service), having support would make it easier for me to prioritize FreeBSD/EC2 issues over other projects. Using the GOG.com installers for Linux, on NetBSD GOG.com prefers that you use their GOG Galaxy desktop app to download, install and manage all of your GOG games. But customers always have the option to install the game on their own terms, with a platform-specific installer. GOG offers these installers for Mac, Windows and/or Linux, depending on which platforms the game is available for. The installers truly are platform-specific: macOS games are distributed in a standard .pkg Windows games are distributed in a setup wizard .exe Linux games are distributed in a goofy shell archive Of course, none of those are NetBSD. So, if I wanted to even attempt to play a game distributed by GOG.com on NetBSD, which one should I pick? The obvious choice is the Linux installer, since Linux is the most similar to NetBSD, right? Au contraire! In practice, I found that it is easier to download the Windows installer. Here’s what I mean. For example, I ported the open source version of Aquaria to pkgsrc, but that package is only the game’s engine, not the multimedia data. The multimedia data is still copyrighted. Therefore, you need to get it from somewhere else. GOG is usually a good choice, because they distribute their games without DRM. And as mentioned earlier, picking the Linux installer seemed like a natural choice. Now, actually PLAYING the games on NetBSD is a separate matter entirely. The game I’ve got here, though, my current obsession Pyre, is built with MonoGame and therefore could theoretically work on NetBSD, too, with the help of a library called FNA and a script for OpenBSD called fnaify. I do hope to create a pkgsrc package for FNA and port the fnaify script to NetBSD at some point. Beastie Bits Software as a Reflection of Values With Bryan Cantrill Collection of bmc talks, updated 2018 wump: incorrect wumpus movement probability Debugging Rust with VSCode on FreeBSD SMB/CIFS on FreeBSD BSD Tattoo pkgsrc-2018Q4 branch announcement toying with wireguard on openbsd new USB audio class v2.0 driver Todd Mortimer Removing ROP Gadgets from OpenBSD EuroBSDCon 2018 OpenBSD 6.5 release page is online shell access to historical Unix versions in your browser Feedback/Questions Brad - ZFS Features and Upgrades Andre - Splitting ZFS array Michael - Priority/nice value for Jails? Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
This week on DisrupTV, we interviewed Scott Belsky, Author of "The Messy Middle: Finding Your Way Through the Hardest and Most Crucial Part of Any Bold Venture" and Chief Product Officer, Executive Vice President for Creative Cloud at Adobe. We also interviewed Jedidiah Yueh, Founder and Executive Chairman at Delphix, and Alan Lepofsky, VP & Principal Analyst at Constellation Research. DisrupTV is a weekly Web series with hosts R “Ray” Wang and Vala Afshar. The show airs live at 11:00 a.m. PT/ 2:00 p.m. ET every Friday. Brought to you by Constellation Executive Network: constellationr.com/CEN.
Advancement in technology has created a "disrupt or die" notion among large enterprises. To remain one step ahead of their competitors, leading CEOs understand that they need to bring in new technology and seek out partners who can help them achieve that goal. In this episode of Greymatter, Delphix CEO and President Chris Cook and Greylock Partner Asheem Chandna discuss how to lead during times of company uncertainty, what to look for in a new hire and how startups can effectively partner with large enterprises. Both Chris and Asheem know what it takes to scale enterprise startup companies. In 2016, Chris began as CEO and President at Delphix, whose mission is to free companies from data friction and accelerate innovation. Today, Delphix has nearly 400 employees in nine offices around the world and has grown the number of customer deals of more than $500,000 by 26% year over year. Prior, Chris served as President and COO of New Relic, a software analytics leader, where he spent over four years scaling the company's operations through a successful IPO. Asheem has helped create and grow multiple technology businesses to market-leading positions. He has served on 20 technology company boards including three public companies (Palo Alto Networks, Imperva, Sourcefire), and multiple companies that have been acquired in strong M&A outcomes including AppDynamics and Skyhigh Networks.
On this week's Silicon Valley Insider, Keith has returning guest Jedidiah Yueh, Founder and Chairman of Silicon Valley Data Management company Delphix. Jed is well known in Silcon Valley for starting software companies with billions of USD in revenue including Avamar (a company acquired by EMC in the mid 2000s) and now as the author of best-selling book on innoviation "Disrupt or Die - What the World needs to Learn from the Silicon Valley to Survive" Keith and Jed discussed Jed's concept of "Thin Tech" and how it relates to the challenge large companies have with "Turning the Titanic" (i.e. why is it so hard to innovate in large organizations). Jed gives very practical advice for companies to be able to innovate. Jed states: "There's a powerful paradox at work in the world today. It's getting easier every year to invent a product that can disrupt a longstanding industry, a phenomenon I call "thin tech." And yet, legacy enterprises are finding it harder than ever to innovate. Stop chasing shiny tech objects (e.g. blockchain, AI, etc.) and find your "what"--the product that will help you take control of the future of your industry." On an earlier episode of SVIN "Disrupt or Die" https://omny.fm/shows/the-silicon-valley-insider-show/svi-3-16-18-podcast-disrupt-or-die-with-jedidiah-y Jed discussed how many of the followed innovation books and models don't always work or yield the expected results. First airing is 1-2pm on 1220AM KDOW Download the podcast at 2pm Friday's For questions or comments, email: info@svin.biz Be sure to subscribe and listen to the podcast. You can also listen to past podcasts here: Non-iTunes: https://omny.fm/shows/the-silicon-valley-insider-show iTunes: https://itunes.apple.com/us/podcast/the-silicon-valley-insider-show/id1282637717?mt=2 Email us at info@svin.biz or find us here: https://stitchengine.drishinfo.com/index.jsp?sId=15540&source=sh
Jedidiah Yueh has led two waves of disruption in data management, first as founding CEO of Avamar (sold to EMC in 2006 for $165M), which pioneered data de-duplication and shipped one of the leading products in data backup and recovery, with over 20,000 customers and $4B in cumulative sales.After Avamar, Jed founded Delphix, which pioneered data virtualization, with over $200M in its first 7 years of sales (10x Avamar over the same period) and over 30% of the Global 100 as customers. At the 2010 Fall DEMO conference, Delphix won a DEMO God award, and in 2013, the San Francisco Business Times named Jed CEO of the Year. Well connected in the venture community, Jed has raised over $150M from over 10 VCs and has more than 25 patents in data management.After being designated a US Presidential Scholar by George H. Bush, Jed graduated Phi Beta Kappa, magna cum laude from Harvard. As Executive Chairman at Delphix, Jed partners with executives at industry leaders from Apple to Walmart to help them drive innovation through software.Learn More: https://www.delphix.comTransform. Ignite. Disrupt. with Steven L. Bluehttps://businessinnovatorsradio.com/transform-ignite-disrupt/
Jedidiah Yueh has led two waves of disruption in data management, first as founding CEO of Avamar (sold to EMC in 2006 for $165M), which pioneered data de-duplication and shipped one of the leading products in data backup and recovery, with over 20,000 customers and $4B in cumulative sales.After Avamar, Jed founded Delphix, which pioneered data virtualization, with over $200M in its first 7 years of sales (10x Avamar over the same period) and over 30% of the Global 100 as customers. At the 2010 Fall DEMO conference, Delphix won a DEMO God award, and in 2013, the San Francisco Business Times named Jed CEO of the Year. Well connected in the venture community, Jed has raised over $150M from over 10 VCs and has more than 25 patents in data management.After being designated a US Presidential Scholar by George H. Bush, Jed graduated Phi Beta Kappa, magna cum laude from Harvard. As Executive Chairman at Delphix, Jed partners with executives at industry leaders from Apple to Walmart to help them drive innovation through software.Learn More: https://www.delphix.comTransform. Ignite. Disrupt. with Steven L. Bluehttps://businessinnovatorsradio.com/transform-ignite-disrupt/
Eric Schrock is the CTO at Delphix, where he drives technology strategy and thought leadership around the future of enterprise data. He previously helped scale the Delphix product and team as VP of Engineering. His passion is for creating things, from woodworking and music to products and organizations. Prior to Delphix, Eric was a founding member of the team at Sun that built the ZFS Storage Appliance product. He started his career as a Solaris kernel hacker after earning a CS degree from Brown. LinkedIn: https://www.linkedin.com/in/ericschrock/ Twitter: https://twitter.com/ericschrock
Welcome back to the Tech Fugitives podcast. Jed Yueh is back! We get a book update, but we ALSO get our Delphix Geek on! In 5 short months, Jedidiah Yueh’s book, “Disrupt or Die: What the World Needs to Learn from Silicon Valley to Survive the Digital Era”, has become the de-facto roadmap for digital transformation. […] The post Episode 20 – Interview with Delphix Founder and Executive Chairman, Jedidiah Yueh appeared first on The Tech Fugitives Show!.
IT professionals Natalie Delemar (Senior Consultant at Ernst & Young, President, Board of Directors, ODTUG), Heli Helskyaho (CEO at Miracle Finland), Michelle Malcher (Security Architect at Extreme Scale Solutions), and Kellyn Pot'Vin-Gorman (Technical Intelligence Manager for the Office of CTO at Delphix, President, Board Of Directors, Denver SQL Server User Group) join panel organizer and moderator Laura Ramsey to share insight on what motivated them in their IT careers, and how they lend their expertise and energy in driving momentum in the effort to draw more women into technology. The Panelists Natalie Delamar, Senior Consultant with Ernst & Young, and a former president of ODTUG, the Oracle Developer Tools User Group Oracle ACE Director Heli Helskyaho, CEO with Miracle Finland, and an Ambassador for EMEA Oracle Usergroups Community Oracle ACE Director Michelle Malcher, Security Architect at Extreme Scale Solutions and a former president of the Independent Oracle Users Group Kellyn Pot'Vin-Gorman, President Of The Board Of Directors of the Denver SQL Server User Group, and Technical Intelligence Manager for the Office of CTO at Delphix Laura Ramsey, Manager, Database Technology and Developer Communities, Oracle America
We have a first PS4 kernel exploit, the long awaited OpenZFS devsummit report by Allan, DragonflyBSD 5.0 is out, we show you vmadm to manage jails, and parallel processing with Unix tools. This episode was brought to you by Headlines The First PS4 Kernel Exploit: Adieu (https://fail0verflow.com/blog/2017/ps4-namedobj-exploit/) The First PS4 Kernel Exploit: Adieu Plenty of time has passed since we first demonstrated Linux running on the PS4. Now we will step back a bit and explain how we managed to jump from the browser process into the kernel such that ps4-kexec et al. are usable. Over time, ps4 firmware revisions have progressively added many mitigations and in general tried to lock down the system. This post will mainly touch on vulnerabilities and issues which are not present on the latest releases, but should still be useful for people wanting to investigate ps4 security. Vulnerability Discovery As previously explained, we were able to get a dump of the ps4 firmware 1.01 kernel via a PCIe man-in-the-middle attack. Like all FreeBSD kernels, this image included “export symbols” - symbols which are required to perform kernel and module initialization processes. However, the ps4 1.01 kernel also included full ELF symbols (obviously an oversight as they have been removed in later firmware versions). This oversight was beneficial to the reverse engineering process, although of course not a true prerequisite. Indeed, we began exploring the kernel by examining built-in metadata in the form of the syscall handler table - focusing on the ps4-specific entries. Each process object in the kernel contains its own “idt” (ID Table) object. As can be inferred from the snippet above, the hash table essentially just stores pointers to opaque data blobs, along with a given kind and name. Entries may be accessed (and thus “locked”) with either read or write intent. Note that IDTTYPE is not a bitfield consisting of only unique powers of 2. This means that if we can control the kind of an identry, we may be able to cause a type confusion to occur (it is assumed that we may control name). Exploitation To an exploiter without ps4 background, it might seem that the easiest way to exploit this bug would be to take advantage of the write off the end of the malloc'd namedobjusrt object. However, this turns out to be impossible (as far as I know) because of a side effect of the ps4 page size being changed to 0x4000 bytes (from the normal of 0x1000). It appears that in order to change the page size globally, the ps4 kernel developers opted to directly change the related macros. One of the many changes resulting from this is that the smallest actual amount of memory which malloc may give back to a caller becomes 0x40 bytes. While this also results in tons of memory being completely wasted, it does serve to nullify certain exploitation techniques (likely completely by accident…). Adieu The namedobj exploit was present and exploitable (albeit using a slightly different method than described here) until it was fixed in firmware version 4.06. This vulnerability was also found and exploited by (at least) Chaitin Tech, so props to them! Taking a quick look at the 4.07 kernel, we can see a straightforward fix (4.06 is assumed to be identical - only had 4.07 on hand while writing this post): int sys_namedobj_create(struct thread *td, void *args) { // ... rv = EINVAL; kind = *((_DWORD *)args + 4) if ( !(kind & 0x4000) && *(_QWORD *)args ) { // ... (unchanged) } return rv; } And so we say goodbye to a nice exploit. I hope you enjoyed this blast from the past :) Keep hacking! OpenZFS Developer Summit 2017 Recap (https://www.ixsystems.com/blog/openzfs-devsummit-2017/) The 5th annual OpenZFS Developer Summit was held in San Francisco on October 24-25. Hosted by Delphix at the Children's Creativity Museum in San Francisco, over a hundred OpenZFS contributors from a wide variety of companies attended and collaborated during the conference and developer summit. iXsystems was a Gold sponsor and several iXsystems employees attended the conference, including the entire Technical Documentation Team, the Director of Engineering, the Senior Analyst, a Tier 3 Support Engineer, and a Tier 2 QA Engineer. Day 1 of the conference had 9 highly detailed, informative, and interactive technical presentations from companies which use or contribute to OpenZFS. The presentations highlighted improvements to OpenZFS developed “in-house” at each of these companies, with most improvements looking to be made available to the entire OpenZFS community in the near to long term. There's a lot of exciting stuff happening in the OpenZFS community and this post provides an overview of the presented features and proof-of-concepts. The keynote was delivered by Mark Maybee who spoke about the past, present, and future of ZFS at Oracle. An original ZFS developer, he outlined the history of closed-source ZFS development after Oracle's acquisition of Sun. ZFS has a fascinating history, as the project has evolved over the last decade in both open and closed source forms, independent of one another. While Oracle's proprietary internal version of ZFS has diverged from OpenZFS, it has implemented many of the same features. Mark was very proud of the work his team had accomplished over the years, claiming Oracle's ZFS products have accounted for over a billion dollars in sales and are used in the vast majority of Fortune 100 companies. However, with Oracle aggressively moving into cloud storage, the future of closed source ZFS is uncertain. Mark presented a few ideas to transform ZFS into a mainstream and standard file system, including adding more robust support for Linux. Allan Jude from ScaleEngine talked about ZStandard, a new compression method he is developing in collaboration with Facebook. It offers compression comparable to gzip, but at speeds fast enough to keep up with hard drive bandwidth. According to early testing, it improves both the speed and compression efficiency over the current LZ4 compression algorithm. It also offers a new “dictionary” feature for improving image compression, which is of particular interest to Facebook. In addition, when using ZFS send and receive, it will adapt the compression ratio to make the most efficient use of the network bandwidth. Currently, deleting a clone on ZFS is a time-consuming process, especially when dealing with large datasets that have diverged over time. Sara Hartse from Delphix described how “clone fast delete” speeds up clone deletion. Rather than traversing the entire dataset during clone deletion, changes to the clone are tracked in a “live list” which the delete process uses to determine which blocks to free. In addition, rather than having to wait for the clone to finish, the delete process backgrounds the task so you can keep working without any interruptions. Sara shared the findings of a test they ran on a clone with 500MB of data, which took 45 minutes to delete with the old method, and under a minute using the live list. This behavior is an optional property as it may not be appropriate for long-lived clones where deletion times are not a concern. At this time, it does not support promoted clones. Olaf Faaland from Lawrence Livermore National Labs demonstrated the progress his team has made to improve ZFS pool imports with MMP (Multi-Modifier Protection), a watchdog system to make sure that ZFS pools in clustered High Availability environments are not imported by more than one host at a time. MMP uses uberblocks and other low-level ZFS features to monitor pool import status and otherwise safeguard the import process. MMP adds fields to on-disk metadata so it does not depend on hardware, such as SAS. It supports multi-node HA configs and does not affect non-HA systems. However, it does have issues with long I/O delays so existing HA software is recommended as an additional fallback. Jörgen Lundman of GMO Internet gave an entertaining talk on the trials and tribulations of porting ZFS to OS X. As a bonus, he talked about porting ZFS to Windows, and showed a working demo. While not yet in a usable state, it demonstrated a proof-of-concept of ZFS support for other platforms. Serapheim Dimitropoulos from Delphix discussed Faster Allocation with the Log Spacemap as a means of optimizing ZFS allocation performance. He began with an in-depth overview of metaslabs and how log spacemaps are used to track allocated and freed blocks. Since blocks are only allocated from loaded metaslabs but freed blocks may apply to any metaslab, over time logging the freed blocks to each appropriate metaslab with every txg becomes less efficient. Their solution is to create a pool-wide metaslab for unflushed entries. Shailendra Tripathi from Tegile presented iFlash: Dynamic Adaptive L2ARC Caching. This was an interesting talk on what is required to allow very different classes of resources to share the same flash device–in their case, ZIL, L2ARC, and metadata. To achieve this, they needed to address the following differences for each class: queue priority, metaslab load policy, allocation, and data protection (as cache has no redundancy). Isaac Huang of Intel introduced DRAID, or parity declustered RAID. Once available, this will provide the same levels of redundancy as traditional RAIDZ, providing the administrator doubles the amount of options for providing redundancy for their use case. The goals of DRAID are to address slow resilvering times and the write throughput of a single replacement drive being a bottleneck. This solution skips block pointer tree traversal when rebuilding the pool after drive failure, which is the cause of long resilver times. This means that redundancy is restored quickly, mitigating the risk of losing additional drives before the resilver completes, but it does require a scrub afterwards to confirm data integrity. This solution supports logical spares, which must be defined at vdev creation time, which are used to quickly restore the array. Prakash Surya of Delphix described how ZIL commits currently occur in batches, where waiting threads have to wait for the batch to complete. His proposed solution was to replace batch commits and to instead notify the waiting thread after its ZIL commit in order to greatly increase throughput. A new tunable for the log write block timeout can also be used to log write blocks more efficiently. Overall, the quality of the presentations at the 2017 OpenZFS conference was high. While quite technical, they clearly explained the scope of the problems being addressed and how the proposed solutions worked. We look forward to seeing the described features integrated into OpenZFS. The videos and slides for the presentations should be made available over the next month or so at the OpenZFS website. OpenZFS Photo Album (https://photos.google.com/share/AF1QipNxYQuOm5RDxRgRQ4P8BhtoLDpyCuORKWiLPT0WlvUmZYDdrX3334zu5lvY_sxRBA?key=MW5fR05MdUdPaXFKVDliQVJEb3N3Uy1uMVFFdVdR) DragonflyBSD 5.0 (https://www.dragonflybsd.org/release50/) DragonFly version 5.0 brings the first bootable release of HAMMER2, DragonFly's next generation file system. HAMMER2 Preliminary HAMMER2 support has been released into the wild as-of the 5.0 release. This support is considered EXPERIMENTAL and should generally not yet be used for production machines and important data. The boot loader will support both UFS and HAMMER2 /boot. The installer will still use a UFS /boot even for a HAMMER2 installation because the /boot partition is typically very small and HAMMER2, like HAMMER1, does not instantly free space when files are deleted or replaced. DragonFly 5.0 has single-image HAMMER2 support, with live dedup (for cp's), compression, fast recovery, snapshot, and boot support. HAMMER2 does not yet support multi-volume or clustering, though commands for it exist. Please use non-clustered single images for now. ipfw Updates IPFW has gone through a number of updates in DragonFly and now offers better performance. pf and ipfw3 are also still supported. Improved graphics support The i915 driver has been brought up to match what's in the Linux 4.7.10 kernel. Intel GPUs are supported up to the Kabylake generation. vga_switcheroo(4) module added, allowing the use of Intel GPUs on hybrid-graphics systems. The new apple_gmux driver enables switching to the Intel video chipset on dual Intel/NVIDIA and Intel/Radeon Macbook computers. Other user-affecting changes efisetup(8) added. DragonFly can now support over 900,000 processes on a single machine. Client-side SSH by default does not try password authentication, which is the default behavior in newer versions of OpenSSH. Pass an explicit '-o PasswordAuthentication=yes' or change /etc/ssh/ssh_config if you need the old behavior. Public key users are unaffected. Clang status A starting framework has been added for using clang as the alternate base compiler in DragonFly, to replace gcc 4.7. It's not yet complete. Clang can of course be added as a package. Package updates Many package updates but I think most notably we need to point to chrome60 finally getting into dports with accelerated video and graphics support. 64-bit status Note that DragonFly is a 64-bit-only operating system as of 4.6, and will not run on 32-bit hardware. AMD Ryzen is supported and DragonFly 5.0 has a workaround for a hardware bug (http://lists.dragonflybsd.org/pipermail/commits/2017-August/626190.html). DragonFly quickly released a v5.0.1 with a few patches Download link (https://www.dragonflybsd.org/download/) News Roundup (r)vmadm – managing FreeBSD jails (https://blog.project-fifo.net/rvmadm-managing-freebsd-jails/) We are releasing the first version (0.1.0) of our clone of vmadm for FreeBSD jails today. It is not done or feature complete, but it does provides basic functionality. At this point, we think it would be helpful to get it out there and get some feedback. As of today, it allows basic management of datasets, as well as creating, starting, stopping, and destroying jails. Why another tool to manage jails However, before we go into details let's talk why we build yet another jail manager? It is not the frequent NIH syndrome, actually quite the opposite. In FiFo 0.9.2 we experimented with iocage as a way to control jails. While iocage is a useful tool when used as a CLI utility it has some issues when used programmatically. When managing jails automatically and not via a CLI tool things like performance, or a machine parsable interface matter. While on a CLI it is acceptable if a call takes a second or two, for automatically consuming a tool this delay is problematic. Another reason for the decision was that vmadm is an excellent tool. It is very well designed. SmartOs uses vmadm for years now. Given all that, we opted for adopting a proven interface rather than trying to create a new one. Since we already interface with it on SmartOS, we can reuse a majority of our management code between SmartOS and FreeBSD. What can we do Today we can manage datasets, which are jail templates in the form of ZFS volumes. We can list and serve them from a dataset-server, and fetch those we like want. At this point, we provide datasets for FreeBSD 10.0 to 11.1, but it is very likely that the list will grow. As an idea here is a community-driven list of datasets (https://datasets.at/) that exist for SmartOS today. Moreover, while those datasets will not work, we hope to see the same for BSD jails. After fetching the dataset, we can define jails by using a JSON file. This file is compatible with the zone description used on SmartOS. It does not provide all the same features but a subset. Resources such as CPU and memory can be defined, networking configured, a dataset selected and necessary settings like hostname set. With the jail created, vmadm allows managing its lifetime, starting, stopping it, accessing the console and finally destroying it. Updates to jails are supported to however as of today they are only taken into account after restarting the jail. However, this is in large parts not a technical impossibility but rather wasn't high up on the TODO list. It is worth mentioning that vmadm will not pick up jails created in other tools or manually. Only using vmadm created jails was a conscious decision to prevent it interfering with existing setups or other utilities. While conventional tools can manage jails set up with vmadm just fine we use some special tricks like nested jails to allow for restrictions required for multi-tenancy that are hard or impossible to achieve otherwise. Whats next First and foremost we hope to get some feedback and perhaps community engagement. In the meantime, as announced earlier this year (https://blog.project-fifo.net/fifo-in-2017/), we are hard at work integrating FreeBSD hypervisors in FiFo, and as of writing this, the core actions work quite well. Right now only the barebone functions are supported, some of the output is not as clear as we would like. We hope to eventually add support for behyve to vmadm the same way that it supports KVM on SmartOS. Moreover, the groundwork for this already exists in the nested jail techniques we are using. Other than that we are exploring ways to allow for PCI pass through in jails, something not possible in SmartOS zones right now that would be beneficial for some users. In general, we want to improve compatibility with SmartOS as much as possible and features that we add over time should make the specifications invalid for SmartOS. You can get the tool from github (https://github.com/project-fifo/r-vmadm). *** Parallel processing with unix tools (http://www.pixelbeat.org/docs/unix-parallel-tools.html) There are various ways to use parallel processing in UNIX: piping An often under appreciated idea in the unix pipe model is that the components of the pipe run in parallel. This is a key advantage leveraged when combining simple commands that do "one thing well" split -n, xargs -P, parallel Note programs that are invoked in parallel by these, need to output atomically for each item processed, which the GNU coreutils are careful to do for factor and sha*sum, etc. Generally commands that use stdio for output can be wrapped with the stdbuf -oL command to avoid intermixing lines from parallel invocations make -j Most implementations of make(1) now support the -j option to process targets in parallel. make(1) is generally a higher level tool designed to process disparate tasks and avoid reprocessing already generated targets. For example it is used very effictively when testing coreutils where about 700 tests can be processed in 13 seconds on a 40 core machine. implicit threading This goes against the unix model somewhat and definitely adds internal complexity to those tools. The advantages can be less data copying overhead, and simpler usage, though its use needs to be carefully considered. A disadvantage is that one loses the ability to easily distribute commands to separate systems. Examples are GNU sort(1) and turbo-linecount The example provided counts lines in parallel: The examples below will compare the above methods for implementing multi-processing, for the function of counting lines in a file. First of all let's generate some test data. We use both long and short lines to compare the overhead of the various methods compared to the core cost of the function being performed: $ seq 100000000 > lines.txt # 100M lines $ yes $(yes longline | head -n9) | head -n10000000 > long-lines.txt # 10M lines We'll also define the add() { paste -d+ -s | bc; } helper function to add a list of numbers. Note the following runs were done against cached files, and thus not I/O bound. Therefore we limit the number of processes in parallel to $(nproc), though you would generally benefit to raising that if your jobs are waiting on network or disk etc. + We'll use this command to count lines for most methods, so here is the base non multi-processing performance for comparison: $ time wc -l lines.txt $ time wc -l long-lines.txt split -n Note using -n alone is not enough to parallelize. For example this will run serially with each chunk, because since --filter may write files, the -n pertains to the number of files to split into rather than the number to process in parallel. $ time split -n$(nproc) --filter='wc -l' lines.txt | add You can either run multiple invocations of split in parallel on separate portions of the file like: $ time for i in $(seq $(nproc)); do split -n$i/$(nproc) lines.txt | wc -l& done | add Or split can do parallel mode using round robin on each line, but that's huge overhead in this case. (Note also the -u option significant with -nr): $ time split -nr/$(nproc) --filter='wc -l' lines.txt | add Round robin would only be useful when the processing per item is significant. Parallel isn't well suited to processing a large single file, rather focusing on distributing multiple files to commands. It can't efficiently split to lightweight processing if reading sequentially from pipe: $ time parallel --will-cite --block=200M --pipe 'wc -l' < lines.txt | add Like parallel, xargs is designed to distribute separate files to commands, and with the -P option can do so in parallel. If you have a large file then it may be beneficial to presplit it, which could also help with I/O bottlenecks if the pieces were placed on separate devices: split -d -n l/$(nproc) lines.txt l. Those pieces can then be processed in parallel like: $ time find -maxdepth 1 -name 'l.*' | xargs -P$(nproc) -n1 wc -l | cut -f1 -d' ' | add If your file sizes are unrelated to the number of processors then you will probably want to adjust -n1 to batch together more files to reduce the number of processes run in total. Note you should always specify -n with -P to avoid xargs accumulating too many input items, thus impacting the parallelism of the processes it runs. make(1) is generally used to process disparate tasks, though can be leveraged to provide low level parallel processing on a bunch of files. Note also the make -O option which avoids the need for commands to output their data atomically, letting make do the synchronization. We'll process the presplit files as generated for the xargs example above, and to support that we'll use the following Makefile: %: FORCE # Always run the command @wc -l < $@ FORCE: ; Makefile: ; # Don't include Makefile itself One could generate this and pass to make(1) with the -f option, though we'll keep it as a separate Makefile here for simplicity. This performs very well and matches the performance of xargs. $ time find -name 'l.*' -exec make -j$(nproc) {} + | add Note we use the POSIX specified "find ... -exec ... {} +" construct, rather than conflating the example with xargs. This construct like xargs will pass as many files to make as possible, which make(1) will then process in parallel. OpenBSD gives a hint on forgetting unlock mutex (http://nanxiao.me/en/openbsd-gives-a-hint-on-forgetting-unlock-mutex/) OpenBSD gives a hint on forgetting unlock mutex Check following simple C++ program: > ``` #include int main(void) { std::mutex m; m.lock(); return 0; } ``` The mutex m forgot unlock itself before exiting main function: m.unlock(); Test it on GNU/Linux, and I chose ArchLinux as the testbed: $ uname -a Linux fujitsu-i 4.13.7-1-ARCH #1 SMP PREEMPT Sat Oct 14 20:13:26 CEST 2017 x86_64 GNU/Linux $ clang++ -g -pthread -std=c++11 test_mutex.cpp $ ./a.out $ The process exited normally, and no more words was given. Build and run it on OpenBSD 6.2: clang++ -g -pthread -std=c++11 test_mutex.cpp ./a.out pthread_mutex_destroy on mutex with waiters! The OpenBSD prompts “pthreadmutexdestroy on mutex with waiters!“. Interesting! *** Beastie Bits Updates to the NetBSD operating system since OSHUG #57 & #58 (http://mailman.uk.freebsd.org/pipermail/ukfreebsd/2017-October/014148.html) Creating a jail with FiFo and Digital Ocean (https://blog.project-fifo.net/fifo-jails-digital-ocean/) I'm thinking about OpenBSD again (http://stevenrosenberg.net/blog/bsd/openbsd/2017_0924_openbsd) Kernel ASLR on amd64 (https://blog.netbsd.org/tnf/entry/kernel_aslr_on_amd64) Call for Participation - BSD Devroom at FOSDEM (https://people.freebsd.org/~rodrigo/fosdem18/) BSD Stockholm Meetup (https://www.meetup.com/BSD-Users-Stockholm/) *** Feedback/Questions architect - vBSDCon (http://dpaste.com/15D5SM4#wrap) Brad - Packages and package dependencies (http://dpaste.com/3MENN0X#wrap) Lars - dpb (http://dpaste.com/2SVS18Y) Alex re: PS4 Network Throttling (http://dpaste.com/028BCFA#wrap) ***
Jedidiah Yueh - Founder / Executive Chairman of Delphix discusses how Avamar deduplication technology was developed into one of the hottest technologies in the data storage and backup industry.
Welcome back to the Tech Fugitives podcast. On today’s show Kyle and Mark talk “Enterprise Transformation” with tech powerhouse, Jedidiah Yueh. Jed is the founder of Delphix, the market leader in DataOps, and Author of Disrupt or Die: What the World Needs to Learn from Silicon Valley to Survive the Digital Era . Zuckerberg wrote Facebook […] The post Episode 7 – Interview With Delphix founder and author of “Disrupt or Die”, Jedidiah Yueh. appeared first on The Tech Fugitives Show!.
EuroBSDcon trip report, how to secure OpenBSD's LDAP server, ZFS channel programs in FreeBSD HEAD and why software is storytelling. This episode was brought to you by Headlines EuroBSDcon Trip Report This is from Frank Moore, who has been supplying us with collections of links for the show and who we met at EuroBSDcon in Paris for the first time. Here is his trip report. My attendance at the EuroBSDCon 2017 conference in Paris was sprinkled with several 'firsts'. My first visit to Paris, my first time travelling on a EuroTunnel Shuttle train and my first time at any BSD conference. Hopefully, none of these will turn out to be 'lasts'. I arrived on the Wednesday afternoon before the conference started on Thursday morning. My hotel was conveniently located close to the conference centre in Paris' 3rd arrondissement. This area is well-known as a buzzy enclave of hip cafes, eateries, independent shops, markets, modern galleries and museums. It certainly lived up to its reputation. Even better, the weather held over the course of the conference, only raining once, with the rest of the time being both warm and sunny. The first two days were taken up with attending Dr Kirk McKusick's excellent tutorial 'An Introduction to the FreeBSD Open-Source Operating System'. This is training "straight from the horse's mouth". Kirk has worked extensively on The FreeBSD operating system since the 1980's, helping to design the original BSD filesystem (FFS) and later working on UFS as well. Not only is Kirk an engaging speaker, making what could be a dry topic very interesting, he also sprinkles liberal doses of history and war stories throughout his lectures. Want to know why a protocol was designed the way that it was? Or why a system flag has a particular value or position in a record? Kirk was there and has the first-hand answer. He reminisces about his meetings and work with other Unix and BSD luminaries and debunks and confirms common myths in equal measure. Kirk's teaching style and knowledge are impressive. Every section starts with an overview and a big picture diagram before drilling down into the nitty-gritty detail. Nothing feels superfluous, and everything fits together logically. It's easy to tell that the material and its delivery have been honed over many years, but without feeling stale. Topics covered included the kernel, processes, virtual memory, threads, I/O, devices, FFS, ZFS, and networking. The slides were just as impressive, with additional notes written by a previous student and every slide containing a reference back to the relevant page(s) in the 2nd edition of Kirk's operating system book. As well as a hard copy for those that requested it, Kirk also helpfully supplied soft copies of all the training materials. The breaks in between lectures were useful for meeting the students from the other tutorials and for recovering from the inevitable information overload. It's not often that you can get to hear someone as renowned as Dr McKusick give a lecture on something as important as the FreeBSD operating system. If you have any interest in FreeBSD, Unix history, or operating systems in general, I would urge you to grab the opportunity to attend one of his lectures. You won't be disappointed. The last two days of the conference consisted of various hour-long talks by members of each of the main BSD systems. All of them were fairly evenly represented except Dragonfly BSD which unfortunately only had one talk. With three talks going on at any one time, it was often difficult to pick which one to go to. At other times there might be nothing to pique the interest. Attendance at a talk is not mandatory, so for those times when no talks looked inviting, just hanging out in one of the lobby areas with other attendees was often just as interesting and informative. The conference centre itself was certainly memorable with the interior design of an Egyptian temple or pyramid. All the classrooms were more than adequate while the main auditorium was first-class and easily held the 300+ attendees comfortably. All in all, the facilities, catering and organisation were excellent. Kudos to the EuroBSDCon team, especially Bapt and Antoine for all their hard work and hospitality. As a long-time watcher and occasional contributor to the BSD Now podcast it was good to meet both Allan and Benedict in the flesh. And having done some proofreading for Michael Lucas previously, it was nice to finally meet him as well. My one suggestion to the organisers of the next conference would be to provide more hand-holding for newbies. As a first-time attendee at a BSD conference it would have been nice to have been formally introduced to various people within the projects as the goto people for their areas. I could do this myself, but it's not always easy finding the right person and wrangling an introduction. I also think it was a missed opportunity for each project to recruit new developers to their cause. Apparently, this is already in place at BSDCan, but should probably be rolled out across all BSD conferences. Having said all that, my aims for the conference were to take Dr McKusick's course, meet a few BSD people and make contacts within one of the BSD projects to start contributing. I was successful on all these fronts, so for me this was mission accomplished. Another first! autoconf/clang (No) Fun and Games (https://undeadly.org/cgi?action=article;sid=20170930133438) Robert Nagy (robert@) wrote in with a fascinating story of hunting down a recent problem with ports: You might have been noticing the amount of commits to ports regarding autoconf and nested functions and asking yourself… what the hell is this all about? I was hanging out at my friend Antoine (ajacoutot@)'s place just before EuroBSDCon 2017 started and we were having drinks and he told me that there is this weird bug where Gnome hangs completely after just a couple of seconds of usage and the gnome-shell process just sits in the fsleep state. This started to happen at the time when inteldrm(4) was updated, the default compiler was switched to clang(1) and futexes were turned on by default. The next day we started to have a look at the issue and since the process was hanging in fsleep, it seemed clear that the cause must be futexes, so we had to start bisecting the base system, which resulted in random success and failure. In the end we figured out that it is neither futex nor inteldrm(4) related, so the only thing that was left is the switch to clang. Now the problem is that we have to figure out what part of the system needs to be build with clang to trigger this issue, so we kept on going and systematically recompiled the base system with gcc until everything was ruled out … and it kept on hanging. We were drunk and angry that now we have to go and check hundreds of ports because gnome is not a small standalone port, so between two bottles of wine a build VM was fired up to do a package build with gcc, because manually building all the dependencies would just take too long and we had spent almost two days on this already. Next day ~200 packages were available to bisect and figure out what's going on. After a couple of tries it turned out that the hang is being caused by the gtk+3 package, which is bad since almost everything is using gtk+3. Now it was time to figure out what file the gtk+3 source being built by clang is causing the issue. (Compiler optimizations were ruled out already at this point.) So another set of bisecting happened, building each subdirectory of gtk+3 with clang and waiting for the hang to manifest … and it did not. What the $f? Okay so something else is going on and maybe the configure script of gtk+3 is doing something weird with different compilers, so I quickly did two configure runs with gcc and clang and simply diff'd the two directories. Snippets from the diff: -GDKHIDDENVISIBILITYCFLAGS = -fvisibility=hidden GDKHIDDENVISIBILITYCFLAGS = -ltcvprogcompilerrttiexceptions=no ltcvprogcompilerrttiexceptions=yes -#define GDKEXTERN attribute((visibility("default"))) extern -ltprogcompilernobuiltinflag=' -fno-builtin' +ltprogcompilernobuiltinflag=' -fno-builtin -fno-rtti -fno-exceptions' Okay, okay that's something, but wait … clang has symbol visibility support so what is going on again? Let's take a peek at config.log: configure:29137: checking for -fvisibility=hidden compiler flag configure:29150: cc -c -fvisibility=hidden -I/usr/local/include -I/usr/X11R6/include conftest.c >&5 conftest.c:82:17: error: function definition is not allowed here int main (void) { return 0; } ^ 1 error generated. Okay that's clearly an error but why exactly? autoconf basically generates a huge shell script that will check for whatever you throw at it by creating a file called conftest.c and putting chunks of code into it and then trying to compile it. In this case the relevant part of the code was: | int | main () | { | int main (void) { return 0; } | ; | return 0; | } That is a nested function declaration which is a GNU extension and it is not supported by clang, but that's okay, the question is why the hell would you use nested functions to check for simple compiler flags. The next step was to go and check what is going on in configure.ac to see how the configure script is generated. In the gtk+3 case the following snippet is used: AC_MSG_CHECKING([for -fvisibility=hidden compiler flag]) ACTRYCOMPILE([], [int main (void) { return 0; }], ACMSGRESULT(yes) enablefvisibilityhidden=yes, ACMSGRESULT(no) enablefvisibilityhidden=no) According to the autoconf manual the ACTRYCOMPILE macro accepts the following parameters: That clearly states that a function body has to be specified because the function definition is already provided automatically, so doing ACTRYCOMPILE([], [int main (void) { return 0;}], instead of ACTRYCOMPILE([],[] will result in a nested function declaration, which will work just fine with gcc, even though the autoconf usage is wrong. After fixing the autoconf macro in gtk+3 and rebuilding the complete port from scratch with clang, the hang completely went away as the proper CFLAGS and LDFLAGS were picked up by autoconf for the build. At this point we realized that most of the ports tree uses autoconf so this issue might be a lot bigger than we thought, so I asked sthen@ to do a grep on the ports object directory and just search for "function definition is not allowed here", which resulted in about ~60 additional ports affected. Out of the list of ports there were only two false positive matches. These were actually trying to test whether the compiler supports nested functions. The rest were a combination of several autoconf macros used in a wrong way, e.g: ACTRYCOMPILE, ACTRYLINK. Most of them were fixable by just removing the extra function declaration or by switching to other autoconf macros like ACLANGSOURCE where you can actually declare your own functions if need be. The conclusion is that this issue was a combination of people not reading documentation and just copy/pasting autoconf snippets, instead of reading their documentation and using the macros in the way they were intended, and the fact that switching to a new compiler is never easy and bugs or undefined behaviour are always lurking in the dark. Thanks to everyone who helped fixing all the ports up this quickly! Hopefully all of the changes can be merged upstream, so that others can benefit as well. Interview - David Carlier - @devnexen (https://twitter.com/devnexen) Software Engineer at Afilias *** News Roundup Setting up OpenBSD's LDAP Server (ldapd) with StartTLS and SASL (http://blog.databasepatterns.com/2017/08/setting-up-openbsds-ldap-server-ldapd.html) A tutorial on setting up OpenBSD's native LDAP server with TLS encryption and SASL authentication OpenBSD has its own LDAP server, ldapd. Here's how to configure it for use with StartTLS and SASL authentication Create a certificate (acme-client anyone?) Create a basic config file listen on em0 tls certificate ldapserver This will listen on the em0 interface with tls using the certificate called ldapserver.crt / ldapserver.key Validate the configuration: /usr/sbin/ldapd -n Enable and start the service: rcctl enable ldapd rcctl start ldapd On the client machine: pkg_add openldap-client Copy the certificate to /etc/ssl/trusted.crt Add this line to /etc/openldap/ldap.conf TLS_CACERT /etc/ssl/trusted.crt Enable and start the service rcctl enable saslauthd rcctl start saslauthd Connect to ldapd (-ZZ means force TLS, use -H to specify URI): ldapsearch -H ldap://ldapserver -ZZ FreeBSD Picks Up Support for ZFS Channel Programs in -current (https://svnweb.freebsd.org/base?view=revision&revision=324163) ZFS channel programs (ZCP) adds support for performing compound ZFS administrative actions via Lua scripts in a sandboxed environment (with time and memory limits). This initial commit includes both base support for running ZCP scripts, and a small initial library of API calls which support getting properties and listing, destroying, and promoting datasets. Testing: in addition to the included unit tests, channel programs have been in use at Delphix for several months for batch destroying filesystems. Take a simple task as an example: Create a snapshot, then set a property on that snapshot. In the traditional system for this, when you issue the snapshot command, that closes the currently open transaction group (say #100), and opens a new one, #101. While #100 is being written to disk, other writes are accumulated in #101. Once #100 is flushed to disk, the ‘zfs snapshot' command returns. You can then issue the ‘zfs set' command. This actually ends up going into transaction group #102. Each administrative action needs to wait for the transaction group to flush, which under heavy loads could take multiple seconds. Now if you want to create AND set, you need to wait for two or three transaction groups. Meanwhile, during transaction group #101, the snapshot existed without the property set, which could cause all kinds of side effects. ZFS Channel programs solves this by allowing you to perform a small scripted set of actions as a single atomic operation. In Delphix's appliance, they often needed to do as many as 15 operations together, which might take multiple minutes. Now with channel programs it is much faster, far safer, and has fewer chances of side effects BSDCan 2017 - Matt Ahrens: Building products based on OpenZFS, using channel programs -- Video Soon (http://www.bsdcan.org/2017/schedule/events/854.en.html) Software Is About Storytelling (http://bravenewgeek.com/software-is-about-storytelling/) Tyler Treat writes on the brave new geek blog: Software engineering is more a practice in archeology than it is in building. As an industry, we undervalue storytelling and focus too much on artifacts and tools and deliverables. How many times have you been left scratching your head while looking at a piece of code, system, or process? It's the story, the legacy left behind by that artifact, that is just as important—if not more—than the artifact itself. And I don't mean what's in the version control history—that's often useless. I mean the real, human story behind something. Artifacts, whether that's code or tools or something else entirely, are not just snapshots in time. They're the result of a series of decisions, discussions, mistakes, corrections, problems, constraints, and so on. They're the product of the engineering process, but the problem is they usually don't capture that process in its entirety. They rarely capture it at all. They commonly end up being nothing but a snapshot in time. It's often the sign of an inexperienced engineer when someone looks at something and says, “this is stupid” or “why are they using X instead of Y?” They're ignoring the context, the fact that circumstances may have been different. There is a story that led up to that point, a reason for why things are the way they are. If you're lucky, the people involved are still around. Unfortunately, this is not typically the case. And so it's not necessarily the poor engineer's fault for wondering these things. Their predecessors haven't done enough to make that story discoverable and share that context. I worked at a company that built a homegrown container PaaS on ECS. Doing that today would be insane with the plethora of container solutions available now. “Why aren't you using Kubernetes?” Well, four years ago when we started, Kubernetes didn't exist. Even Docker was just in its infancy. And it's not exactly a flick of a switch to move multiple production environments to a new container runtime, not to mention the politicking with leadership to convince them it's worth it to not ship any new code for the next quarter as we rearchitect our entire platform. Oh, and now the people behind the original solution are no longer with the company. Good luck! And this is on the timescale of about five years. That's maybe like one generation of engineers at the company at most—nothing compared to the decades or more software usually lives (an interesting observation is that timescale, I think, is proportional to the size of an organization). Don't underestimate momentum, but also don't underestimate changing circumstances, even on a small time horizon. The point is, stop looking at technology in a vacuum. There are many facets to consider. Likewise, decisions are not made in a vacuum. Part of this is just being an empathetic engineer. The corollary to this is you don't need to adopt every bleeding-edge tech that comes out to be successful, but the bigger point is software is about storytelling. The question you should be asking is how does your organization tell those stories? Are you deliberate or is it left to tribal knowledge and hearsay? Is it something you truly value and prioritize or simply a byproduct? Documentation is good, but the trouble with documentation is it's usually haphazard and stagnant. It's also usually documentation of how and not why. Documenting intent can go a long way, and understanding the why is a good way to develop empathy. Code survives us. There's a fantastic talk by Bryan Cantrill on oral tradition in software engineering (https://youtu.be/4PaWFYm0kEw) where he talks about this. People care about intent. Specifically, when you write software, people care what you think. As Bryan puts it, future generations of programmers want to understand your intent so they can abide by it, so we need to tell them what our intent was. We need to broadcast it. Good code comments are an example of this. They give you a narrative of not only what's going on, but why. When we write software, we write it for future generations, and that's the most underestimated thing in all of software. Documenting intent also allows you to document your values, and that allows the people who come after you to continue to uphold them. Storytelling in software is important. Without it, software archeology is simply the study of puzzles created by time and neglect. When an organization doesn't record its history, it's bound to repeat the same mistakes. A company's memory is comprised of its people, but the fact is people churn. Knowing how you got here often helps you with getting to where you want to be. Storytelling is how we transcend generational gaps and the inevitable changing of the old guard to the new guard in a maturing engineering organization. The same is true when we expand that to the entire industry. We're too memoryless—shipping code and not looking back, discovering everything old that is new again, and simply not appreciating our lineage. Beastie Bits 1st BSD Users Stockholm Meetup (https://www.meetup.com/en-US/BSD-Users-Stockholm/) Absolute FreeBSD, 3rd Edition draft completed (https://blather.michaelwlucas.com/archives/3020) Absolute FreeBSD, 3rd Edition Table of Contents (https://blather.michaelwlucas.com/archives/2995) t2k17 Hackathon Report: My first time (Aaron Bieber) (https://undeadly.org/cgi?action=article;sid=20170824193521) The release of pfSense 2.4.0 will be slightly delayed to apply patches for vulnerabilities in 3rd party packages that are part of pfSense (https://www.netgate.com/blog/no-plan-survives-contact-with-the-internet.html) Feedback/Questions Ben writes in that zrepl is in ports now (http://dpaste.com/1XMJYMH#wrap) Peter asks us about Netflix on BSD (http://dpaste.com/334WY4T#wrap) meka writes in about dhclient exiting (http://dpaste.com/3GSGKD3#wrap) ***
The NetBSD 8.0 release process is underway, we try to measure the weight of an electron, and look at stack clashing. This episode was brought to you by Headlines NetBSD 8.0 release process underway (https://mail-index.netbsd.org/netbsd-announce/2017/06/06/msg000267.html) Soren Jacobsen writes on NetBSD-announce: If you've been reading source-changes@, you likely noticed the recent creation of the netbsd-8 branch. If you haven't been reading source-changes@, here's some news: the netbsd-8 branch has been created, signaling the beginning of the release process for NetBSD 8.0. We don't have a strict timeline for the 8.0 release, but things are looking pretty good at the moment, and we expect this release to happen in a shorter amount of time than the last couple major releases did. At this point, we would love for folks to test out netbsd-8 and let us know how it goes. A couple of major improvements since 7.0 are the addition of USB 3 support and an overhaul of the audio subsystem, including an in-kernel mixer. Feedback about these areas is particularly desired. To download the latest binaries built from the netbsd-8 branch, head to [http://daily-builds.NetBSD.org/pub/NetBSD-daily/netbsd-8/(]http://daily-builds.NetBSD.org/pub/NetBSD-daily/netbsd-8/) Thanks in advance for helping make NetBSD 8.0 a stellar release! OpenIndiana Hipster 2017.04 is here (https://www.openindiana.org/2017/05/03/openindiana-hipster-2017-04-is-here/) Desktop software and libraries Xorg was updated to 1.18.4, xorg libraries and drivers were updated. Mate was updated to 1.16 Intel video driver was updated, the list of supported hardware has significantly extended (https://wiki.openindiana.org/oi/Intel+KMS+driver) libsmb was updated to 4.4.6 gvfs was updated to 1.26.0 gtk3 was updated to 3.18.9 Major text editors were updated (we ship vim 8.0.104, joe 4.4, emacs 25.2, nano 2.7.5 pulseaudio was updated to 10.0 firefox was updated to 45.9.0 thunderbird was updated to 45.8.0 critical issue in enlightenment was fixed, now it's operational again privoxy was updated to 3.0.26 Mesa was updated to 13.0.6 Nvidia driver was updated to 340.102 Development tools and libraries GCC 6 was added. Patches necessary to compile illumos-gate with GCC 6 were added (note, compiling illumos-gate with version other than illumos-gcc-4.4.4 is not supported) GCC 7.1 added to Hipster (https://www.openindiana.org/2017/05/05/gcc-7-1-added-the-hipster-and-rolling-forward/) Bison was updated to 3.0.4 Groovy 2.4 was added Ruby 1.9 was removed, Ruby 2.3 is the default Ruby now Perl 5.16 was removed. 64-bit Perl 5.24 is shipped. 64-bit OpenJDK 8 is the default OpenJDK version now. Mercurial was updated to 4.1.3 Git was updated to 2.12.2 ccache was updated to 3.3.3 QT 5.8.0 was added Valgrind was updated to 3.12.0 Server software PostgreSQL 9.6 was added, PostgreSQL 9.3-9.5 were updated to latest minor versions MongoDB 3.4 was added MariaDB 10.1 was added NodeJS 7 was added Percona Server 5.5/5.6/5.7 and MariaDB 5.5 were updated to latest minor versions OpenVPN was updated to 2.4.1 ISC Bind was updated to 9.10.4-P8 Squid was updated to 3.5.25 Nginx was updated to 1.12.0 Apache 2.4 was updated to 2.4.25. Apache 2.4 is the default Apache server now. Apache 2.2 will be removed before the next snapshot. ISC ntpd was updated to 4.2.8p10 OpenSSH was updated to 7.4p1 Samba was updated to 4.4.12 Tcpdump was updated to 4.9.0 Snort was updated to 2.9.9.0 Puppet was updated to 3.8.6 A lot of other bug fixes and minor software updates included. *** PKGSRC at The University of Wisconsin–Milwaukee (https://uwm.edu/hpc/software-management/) This piece is from the University of Wisconsin, Milwaukee Why Use Package Managers? Why Pkgsrc? Portability Flexibility Modernity Quality and Security Collaboration Convenience Growth Binary Packages for Research Computing The University of Wisconsin — Milwaukee provides binary pkgsrc packages for selected operating systems as a service to the research computing community. Unlike most package repositories, which have a fixed prefix and frequently upgraded packages, these packages are available for multiple prefixes and remain unchanged for a given prefix. Additional packages may be added and existing packages may be patched to fix bugs or security issues, but the software versions will not be changed. This allows researchers to keep older software in-place indefinitely for long-term studies while deploying newer software in later snapshots. Contributing to Pkgsrc Building Your Own Binary Packages Check out the full article and consider using pkgsrc for your own research purposes. PKGSrc Con is this weekend! (http://www.pkgsrc.org/pkgsrcCon/2017/) *** Measuring the weight of an electron (https://deftly.net/posts/2017-06-01-measuring-the-weight-of-an-electron.html) An interesting story of the struggles of one person, aided only by their pet Canary, porting Electron to OpenBSD. This is a long rant. A rant intended to document lunacy, hopefully aid others in the future and make myself feel better about something I think is crazy. It may seem like I am making an enemy of electron, but keep in mind that isn't my intention! The enemy here, is complexity! My friend Henry, a canary, is coming along for the ride! Getting the tools At first glance Electron seems like a pretty solid app, it has decent docs, it's consolidated in a single repository, has a lot of visibility, porting it shouldn't be a big deal, right? After cloning the repo, trouble starts: Reading through the doc, right off the bat there are a few interesting things: At least 25GB disk space. Huh, OK, some how this ~47M repository is going to blow up to 25G? Continuing along with the build, I know I have two versions of clang installed on OpenBSD, one from ports and one in base. Hopefully I will be able to tell the build to use one of these versions. Next, it's time to tell the bootstrap that OpenBSD exists as a platform. After that is fixed, the build-script runs. Even though cloning another git repo fails, the build happily continues. Wait. Another repository failed to clone? At least this time the build failed after trying to clone boto.. again. I am guessing it tried twice because something might have changed between now and the last clone? Off in the distance we catch a familiar tune, it almost sounds like Gnarls Barkley's song Crazy, can't tell for sure. As it turns out, if you are using git-fsck, you are unable to clone boto and requests. Obviously the proper fix for his is to not care about the validity of the git objects! So we die a little inside and comment out fsckobjects in our ~/.gitconfig. Next up, chromium-58 is downloaded… Out of curiosity we look at vendor/libchromiumcontent/script/update, it seems its purpose is to download / extract chromium clang and node, good thing we already specified --clang_dir or it might try to build clang again! 544 dots and 45 minutes later, we have an error! The chromium-58.0.3029.110.tar.xz file is mysteriously not there anymore.. Interesting. Wut. “Updating Clang…”. Didn't I explicitly say not to build clang? At this point we have to shift projects, no longer are we working on Electron.. It's libchromiumcontent that needs our attention. Fixing sub-tools Ahh, our old friends the dots! This is the second time waiting 45+ minutes for a 500+ MB file to download. We are fairly confident it will fail, delete the file out from under itself and hinder the process even further, so we add an explicit exit to the update script. This way we can copy the file somewhere safe! Another 45 minute chrome build and saving the downloaded executable to a save space seems in order. Fixing another 50 occurrences of error conditions let's the build continue - to another clang build. We remove the call to update_clang, because.. well.. we have two copies of it already and the Electron doc said everything would be fine if we had >= clang 3.4! More re-builds and updates of clang and chromium are being commented out, just to get somewhere close to the actual electron build. Fixing sub-sub-tools Ninja needs to be build and the script for that needs to be told to ignore this “unsupported OS” to continue. No luck. At this point we are faced with a complex web of python scripts that execute gn on GN files to produce ninja files… which then build the various components and somewhere in that cluster, something doesn't know about OpenBSD… I look at Henry, he is looking a photo of his wife and kids. They are sitting on a telephone wire, the morning sun illuminating their beautiful faces. Henry looks back at me and says “It's not worth it.” We slam the laptop shut and go outside. Interview - Dan McDonald - allcoms@gmail.com (mailto:allcoms@gmail.com) (danboid) News Roundup g4u 2.6 (ghosting for unix) released 18th birthday (https://mail-index.netbsd.org/netbsd-users/2017/06/08/msg019625.html) Hubert Feyrer writes in his mail to netbsd-users: After a five-year period for beta-testing and updating, I have finally released g4u 2.6. With its origins in 1999, I'd like to say: Happy 18th Birthday, g4u! About g4u: g4u ("ghosting for unix") is a NetBSD-based bootfloppy/CD-ROM that allows easy cloning of PC harddisks to deploy a common setup on a number of PCs using FTP. The floppy/CD offers two functions. The first is to upload the compressed image of a local harddisk to a FTP server, the other is to restore that image via FTP, uncompress it and write it back to disk. Network configuration is fetched via DHCP. As the harddisk is processed as an image, any filesystem and operating system can be deployed using g4u. Easy cloning of local disks as well as partitions is also supported. The past: When I started g4u, I had the task to install a number of lab machines with a dual-boot of Windows NT and NetBSD. The hype was about Microsoft's "Zero Administration Kit" (ZAK) then, but that did barely work for the Windows part - file transfers were slow, depended on the clients' hardware a lot (requiring fiddling with MS DOS network driver disks), and on the ZAK server the files for installing happened do disappear for no good reason every now and then. Not working well, and leaving out NetBSD (and everything else), I created g4u. This gave me the (relative) pain of getting things working once, but with the option to easily add network drivers as they appeared in NetBSD (and oh they did!), plus allowed me to install any operating system. The present: We've used g4u successfully in our labs then, booting from CDROM. I also got many donations from public and private institutions plus companies from many sectors, indicating that g4u does make a difference. In the meantime, the world has changed, and CDROMs aren't used that much any more. Network boot and USB sticks are today's devices of choice, cloning of a full disk without knowing its structure has both advantages but also disadvantages, and g4u's user interface is still command-line based with not much space for automation. For storage, FTP servers are nice and fast, but alternatives like SSH/SFTP, NFS, iSCSI and SMB for remote storage plus local storage (back to fun with filesystems, anyone? avoiding this was why g4u was created in the first place!) should be considered these days. Further aspects include integrity (checksums), confidentiality (encryption). This leaves a number of open points to address either by future releases, or by other products. The future: At this point, my time budget for g4u is very limited. I welcome people to contribute to g4u - g4u is Open Source for a reason. Feel free to get back to me for any changes that you want to contribute! The changes: Major changes in g4u 2.6 include: Make this build with NetBSD-current sources as of 2017-04-17 (shortly before netbsd-8 release branch), binaries were cross-compiled from Mac OS X 10.10 Many new drivers, bugfixes and improvements from NetBSD-current (see beta1 and beta2 announcements) Go back to keeping the disk image inside the kernel as ramdisk, do not load it as separate module. Less error prone, and allows to boot the g4u (NetBSD) kernel from a single file e.g. via PXE (Testing and documentation updates welcome!) Actually DO provide the g4u (NetBSD) kernel with the embedded g4u disk image from now on, as separate file, g4u-kernel.gz In addition to MD5, add SHA512 checksums Congratulation, g4u. Check out the g4u website (http://fehu.org/~feyrer/g4u/) and support the project if you are using it. *** Fixing FreeBSD Networking on Digital Ocean (https://wycd.net/posts/2017-05-19-fixing-freebsd-networking-on-digital-ocean.html) Most cloud/VPS providers use some form of semi-automated address assignment, rather than just regular static address configuration, so that newly created virtual machines can configure themselves. Sometimes, especially during the upgrade process, this can break. This is the story of one such user: I decided it was time to update my FreeBSD Digital Ocean droplet from the end-of-life version 10.1 (shame on me) to the modern version 10.3 (good until April 2018), and maybe even version 11 (good until 2021). There were no sensitive files on the VM, so I had put it off. Additionally, cloud providers tend to have shoddy support for BSDs, so breakages after messing with the kernel or init system are rampant, and I had been skirting that risk. The last straw for me was a broken pkg: /usr/local/lib/libpkg.so.3: Undefined symbol "openat" So the user fires up freebsd-update and upgrades to FreeBSD 10.3 I rebooted, and of course, it happened: no ssh access after 30 seconds, 1 minute, 2 minutes…I logged into my Digital Ocean account and saw green status lights for the instance, but something was definitely wrong. Fortunately, Digital Ocean provides console access (albeit slow, buggy, and crashes my browser every time I run ping). ifconfig revealed that the interfaces vtnet0 (public) and vtnet1 (private) haven't been configured with IP addresses. Combing through files in /etc/rc.*, I found a file called /etc/rc.digitalocean.d/${DROPLETID}.conf containing static network settings for this droplet (${DROPLETID} was something like 1234567). It seemed that FreeBSD wasn't picking up the Digital Ocean network settings config file. The quick and dirty way would have been to messily append the contents of this file to /etc/rc.conf, but I wanted a nicer way. Reading the script in /etc/rc.d/digitalocean told me that /etc/rc.digitalocean.d/${DROPLET_ID}.conf was supposed to have a symlink at /etc/rc.digitalocean.d/droplet.conf. It was broken and pointed to /etc/rc.digitalocean.d/.conf, which could happen when the curl command in /etc/rc.d/digitalocean fails Maybe the curl binary was also in need for an upgrade so failed to fetch the droplet ID Using grep to fish for files containing droplet.conf, I discovered that it was hacked into the init system via loadrcconfig() in /etc/rc.subr I would prefer if Digital Ocean had not customized the version of FreeBSD they ship quite so much I could fix that symlink and restart the services: set DROPLET_ID=$(curl -s http://169.254.169.254/metadata/v1/id) ln -s -f /etc/rc.digitalocean.d/${DROPLET_ID}.conf /etc/rc.digitalocean.d/droplet.conf /etc/rc.d/netif restart /etc/rc.d/routing restart Networking was working again, and I could then ssh into my server and run the following to finish the upgrade: freebsd-update install At this point, I decided that I didn't want to deal with this mess again until at least 2021, so I decided to go for 11.0-RELEASE freebsd-update -r 11.0-RELEASE update freebsd-update install reboot freebsd-update install pkg-static install -f pkg pkg update pkg upgrade uname -a FreeBSD hostname 11.0-RELEASE-p9 FreeBSD 11.0-RELEASE-p9 pkg -v 1.10.1 The problem was solved correctly, and my /etc/rc.conf remains free of generated cruft. The Digital Ocean team can make our lives easier by having their init scripts do more thorough system checking, e.g., catching broken symlinks and bad network addresses. I'm hopeful that collaboration of the FreeBSD team and cloud providers will one day result in automatic fixing of these situations, or at least a correct status indicator. The Digital Ocean team didn't really know many FreeBSD people when they made the first 10.1 images, they have improved a lot, but they of course could always use more feedback from BSD users ** Stack Clash (https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt) A 12-year-old question: "If the heap grows up, and the stack grows down, what happens when they clash? Is it exploitable? How? In 2005, Gael Delalleau presented "Large memory management vulnerabilities" and the first stack-clash exploit in user-space (against mod_php 4.3.0 on Apache 2.0.53) (http://cansecwest.com/core05/memory_vulns_delalleau.pdf) In 2010, Rafal Wojtczuk published "Exploiting large memory management vulnerabilities in Xorg server running on Linux", the second stack-clash exploit in user-space (CVE-2010-2240) (http://www.invisiblethingslab.com/resources/misc-2010/xorg-large-memory-attacks.pdf) Since 2010, security researchers have exploited several stack-clashes in the kernel-space, In user-space, however, this problem has been greatly underestimated; the only public exploits are Gael Delalleau's and Rafal Wojtczuk's, and they were written before Linux introduced a protection against stack-clashes (a "guard-page" mapped below the stack) (https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2240) In this advisory, we show that stack-clashes are widespread in user-space, and exploitable despite the stack guard-page; we discovered multiple vulnerabilities in guard-page implementations, and devised general methods for: "Clashing" the stack with another memory region: we allocate memory until the stack reaches another memory region, or until another memory region reaches the stack; "Jumping" over the stack guard-page: we move the stack-pointer from the stack and into the other memory region, without accessing the stack guard-page; "Smashing" the stack, or the other memory region: we overwrite the stack with the other memory region, or the other memory region with the stack. So this advisory itself, is not a security vulnerability. It is novel research showing ways to work around the mitigations against generic vulnerability types that are implemented on various operating systems. While this issue with the mitigation feature has been fixed, even without the fix, successful exploitation requires another application with its own vulnerability in order to be exploited. Those vulnerabilities outside of the OS need to be fixed on their own. FreeBSD-Security post (https://lists.freebsd.org/pipermail/freebsd-security/2017-June/009335.html) The issue under discussion is a limitation in a vulnerability mitigation technique. Changes to improve the way FreeBSD manages stack growth, and mitigate the issue demonstrated by Qualys' proof-of-concept code, are in progress by FreeBSD developers knowledgeable in the VM subsystem. FreeBSD address space guards (https://svnweb.freebsd.org/base?view=revision&revision=320317) HardenedBSD Proof of Concept for FreeBSD (https://github.com/lattera/exploits/blob/master/FreeBSD/StackClash/001-stackclash.c) HardenedBSD implementation: https://github.com/HardenedBSD/hardenedBSD/compare/de8124d3bf83d774b66f62d11aee0162d0cd1031...91104ed152d57cde0292b2dc09489fd1f69ea77c & https://github.com/HardenedBSD/hardenedBSD/commit/00ad1fb6b53f63d6e9ba539b8f251b5cf4d40261 Qualys PoC: freebsd_cve-2017-fgpu.c (https://www.qualys.com/2017/06/19/stack-clash/freebsd_cve-2017-fgpu.c) Qualys PoC: freebsd_cve-2017-fgpe.c (https://www.qualys.com/2017/06/19/stack-clash/freebsd_cve-2017-fgpe.c) Qualys PoC: freebsd_cve-2017-1085.c (https://www.qualys.com/2017/06/19/stack-clash/freebsd_cve-2017-1085.c) Qualys PoC: OpenBSD (https://www.qualys.com/2017/06/19/stack-clash/openbsd_at.c) Qualys PoC: NetBSD (https://www.qualys.com/2017/06/19/stack-clash/netbsd_cve-2017-1000375.c) *** Will ZFS and non-ECC RAM kill your data? (http://jrs-s.net/2015/02/03/will-zfs-and-non-ecc-ram-kill-your-data/) TL;DR: ECC is good, but even without, having ZFS is better than not having ZFS. What's ECC RAM? Is it a good idea? What's ZFS? Is it a good idea? Is ZFS and non-ECC worse than not-ZFS and non-ECC? What about the Scrub of Death? The article walks through ZFS folk lore, and talks about what can really go wrong, and what is just the over-active imagination of people on the FreeNAS forums But would using any other filesystem that isn't ZFS have protected that data? ‘Cause remember, nobody's arguing that you can lose data to evil RAM – the argument is about whether evil RAM is more dangerous with ZFS than it would be without it. I really, really want to use the Scrub Of Death in a movie or TV show. How can I make it happen? I don't care about your logic! I wish to appeal to authority! OK. “Authority” in this case doesn't get much better than Matthew Ahrens, one of the cofounders of ZFS at Sun Microsystems and current ZFS developer at Delphix. In the comments to one of my filesystem articles on Ars Technica, Matthew said “There's nothing special about ZFS that requires/encourages the use of ECC RAM more so than any other filesystem.” Beastie Bits EuroBSDcon 2017 Travel Grant Application Now Open (https://www.freebsdfoundation.org/blog/eurobsdcon-2017-travel-grant-application-now-open/) FreeBSD 11.1-BETA3 is out, please give it a test (https://lists.freebsd.org/pipermail/freebsd-stable/2017-June/087303.html) Allan and Lacey let us know the video to the Postgresql/ZFS talk is online (http://dpaste.com/1FE80FJ) Trapsleds (https://marc.info/?l=openbsd-tech&m=149792179514439&w=2) BSD User group in North Rhine-Westphalia, Germany (https://bsd.nrw/) *** Feedback/Questions Joe - Home Server Suggestions (http://dpaste.com/2Z5BJCR#wrap) Stephen - general BSD (http://dpaste.com/1VRQYAM#wrap) Eduardo - ZFS Encryption (http://dpaste.com/2TWADQ8#wrap) Joseph - BGP Kernel Error (http://dpaste.com/0SC0GAC#wrap) ***
This week on BSD Now, Adrian Chadd on bringing up 802.11ac in FreeBSD, a PFsense and OpenVPN tutorial, and we talk about an interesting ZFS storage pool checkpoint project. This episode was brought to you by Headlines Bringing up 802.11ac on FreeBSD (http://adrianchadd.blogspot.com/2017/04/bringing-up-80211ac-on-freebsd.html) Adrian Chadd has a new blog post about his work to bring 802.11ac support to FreeBSD 802.11ac allows for speeds up to 500mbps and total bandwidth into multiple gigabits The FreeBSD net80211 stack has reasonably good 802.11n support, but no 802.11ac support. I decided a while ago to start adding basic 802.11ac support. It was a good exercise in figuring out what the minimum set of required features are and another excuse to go find some of the broken corner cases in net80211 that needed addressing. 802.11ac introduces a few new concepts that the stack needs to understand. I decided to use the QCA 802.11ac parts because (a) I know the firmware and general chip stuff from the first generation 11ac parts well, and (b) I know that it does a bunch of stuff (like rate control, packet scheduling, etc) so I don't have to do it. If I chose, say, the Intel 11ac parts then I'd have to implement a lot more of the fiddly stuff to get good behaviour. Step one - adding VHT channels. I decided in the shorter term to cheat and just add VHT channels to the already very large ieee80211channel map. The linux way of there being a channel context rather than hundreds of static channels to choose from is better in the long run, but I wanted to get things up and running. So, that's what I did first - I added VHT flags for 20, 40, 80, 80+80 and 160MHz operating modes and I did the bare work required to populate the channel lists with VHT channels as well. Then I needed to glue it into an 11ac driver. My ath10k port was far enough along to attempt this, so I added enough glue to say "I support VHT" to the iccaps field and propagated it to the driver for monitor mode configuration. And yes, after a bit of dancing, I managed to get a VHT channel to show up in ath10k in monitor mode and could capture 80MHz wide packets. Success! By far the most fiddly was getting channel promotion to work. net80211 supports the concept of dumb NICs (like atheros 11abgn parts) very well, where you can have multiple virtual interfaces but the "driver" view of the right configuration is what's programmed into the hardware. For firmware NICs which do this themselves (like basically everything sold today) this isn't exactly all that helpful. So, for now, it's limited to a single VAP, and the VAP configuration is partially derived from the global state and partially derived from the negotiated state. It's annoying, but it is adding to the list of things I will have to fix later. the QCA chips/firmware do 802.11 crypto offload. They actually pretend that there's no key - you don't include the IV, you don't include padding, or anything. You send commands to set the crypto keys and then you send unencrypted 802.11 frames (or 802.3 frames if you want to do ethernet only.) This means that I had to teach net80211 a few things: + frames decrypted by the hardware needed to have a "I'm decrypted" bit set, because the 802.11 header field saying "I'm decrypted!" is cleared + frames encrypted don't have the "i'm encrypted" bit set + frames encrypted/decrypted have no padding, so I needed to teach the input path and crypto paths to not validate those if the hardware said "we offload it all." Now comes the hard bit of fixing the shortcomings before I can commit the driver. There are .. lots. The first one is the global state. The ath10k firmware allows what they call 'vdevs' (virtual devices) - for example, multiple SSID/BSSID support is implemented with multiple vdevs. STA+WDS is implemented with vdevs. STA+P2P is implemented with vdevs. So, technically speaking I should go and find all of the global state that should really be per-vdev and make it per-vdev. This is tricky though, because a lot of the state isn't kept per-VAP even though it should be. Anyway, so far so good. I need to do some of the above and land it in FreeBSD-HEAD so I can finish off the ath10k port and commit what I have to FreeBSD. There's a lot of stuff coming - including all of the wave-2 stuff (like multiuser MIMO / MU-MIMO) which I just plainly haven't talked about yet. Viva la FreeBSD wireless! pfSense and OpenVPN Routing (http://www.terrafoundry.net/blog/2017/04/12/pfsense-openvpn/) This article tries to be a simple guide on how to enable your home (or small office) https://www.pfsense.org/ (pfSense) setup to route some traffic via the vanilla Internet, and some via a VPN site that you've setup in a remote location. Reasons to Setup a VPN: Control Security Privacy Fun VPNs do not instantly guarantee privacy, they're a layer, as with any other measure you might invoke. In this example I used a server that's directly under my name. Sure, it was a country with strict privacy laws, but that doesn't mean that the outgoing IP address wouldn't be logged somewhere down the line. There's also no reason you have to use your own OpenVPN install, there are many, many personal providers out there, who can offer the same functionality, and a degree of anonymity. (If you and a hundred other people are all coming from one IP, it becomes extremely difficult to differentiate, some VPN providers even claim a ‘logless' setup.) VPNs can be slow. The reason I have a split-setup in this article, is because there are devices that I want to connect to the internet quickly, and that I'm never doing sensitive things on, like banking. I don't mind if my Reddit-browsing and IRC messages are a bit slower, but my Nintendo Switch and PS4 should have a nippy connection. Services like Netflix can and do block VPN traffic in some cases. This is more of an issue for wider VPN providers (I suspect, but have no proof, that they just blanket block known VPN IP addresses.) If your VPN is in another country, search results and tracking can be skewed. This is arguable a good thing, who wants to be tracked? But it can also lead to frustration if your DuckDuckGo results are tailored to the middle of Paris, rather than your flat in Birmingham. The tutorial walks through the basic setup: Labeling the interfaces, configuring DHCP, creating a VPN: Now that we have our OpenVPN connection set up, we'll double check that we've got our interfaces assigned With any luck (after we've assigned our OPENVPN connection correctly, you should now see your new Virtual Interface on the pfSense Dashboard We're charging full steam towards the sections that start to lose people. Don't be disheartened if you've had a few issues up to now, there is no “right” way to set up a VPN installation, and it may be that you have to tweak a few things and dive into a few man-pages before you're set up. NAT is tricky, and frankly it only exists because we stretched out IPv4 for much longer than we should have. That being said it's a necessary evil in this day and age, so let's set up our connection to work with it. We need NAT here because we're going to masque our machines on the LAN interface to show as coming from the OpenVPN client IP address, to the OpenVPN server. Head over to Firewall -> NAT -> Outbound. The first thing we need to do in this section, is to change the Outbound NAT Mode to something we can work with, in this case “Hybrid.” Configure the LAN interface to be NAT'd to the OpenVPN address, and the INSECURE interface to use your regular ISP connection Configure the firewall to allow traffic from the LAN network to reach the INSECURE network Then add a second rule allowing traffic from the LAN network to any address, and set the gateway the the OPENVPN connection And there you have it, traffic from the LAN is routed via the VPN, and traffic from the INSECURE network uses the naked internet connection *** Switching to OpenBSD (https://mndrix.blogspot.co.uk/2017/05/switching-to-openbsd.html) After 12 years, I switched from macOS to OpenBSD. It's clean, focused, stable, consistent and lets me get my work done without any hassle. When I first became interested in computers, I thought operating systems were fascinating. For years I would reinstall an operating system every other weekend just to try a different configuration: MS-DOS 3.3, Windows 3.0, Linux 1.0 (countless hours recompiling kernels). In high school, I settled down and ran OS/2 for 5 years until I graduated college. I switched to Linux after college and used it exclusively for 5 years. I got tired of configuring Linux, so I switched to OS X for the next 12 years, where things just worked. But Snow Leopard was 7 years ago. These days, OS X is like running a denial of service attack against myself. macOS has a dozen apps I don't use but can't remove. Updating them requires a restart. Frequent updates to the browser require a restart. A minor XCode update requires me to download a 4.3 GB file. My monitors frequently turn off and require a restart to fix. A system's availability is a function (http://techthoughts.typepad.com/managing_computers/2007/11/availability-mt.html) of mean time between failure and mean time to repair. For macOS, both numbers are heading in the wrong direction for me. I don't hold any hard feelings about it, but it's time for me to get off this OS and back to productive work. I found OpenBSD very refreshing, so I created a bootable thumb drive and within an hour had it up and running on a two-year old laptop. I've been using it for my daily work for the past two weeks and it's been great. Simple, boring and productive. Just the way I like it. The documentation is fantastic. I've been using Unix for years and have learned quite a bit just by reading their man pages. OS releases come like clockwork every 6 months and are supported for 12. Security and other updates seem relatively rare between releases (roughly one small patch per week during 6.0). With syspatch in 6.1, installing them should be really easy too. ZFS Storage Pool Checkpoint Project (https://sdimitro.github.io/post/zpool-checkpoint) During the OpenZFS summit last year (2016), Dan Kimmel and I quickly hacked together the zpool checkpoint command in ZFS, which allows reverting an entire pool to a previous state. Since it was just for a hackathon, our design was bare bones and our implementation far from complete. Around a month later, we had a new and almost complete design within Delphix and I was able to start the implementation on my own. I completed the implementation last month, and we're now running regression tests, so I decided to write this blog post explaining what a storage pool checkpoint is, why we need it within Delphix, and how to use it. The Delphix product is basically a VM running DelphixOS (a derivative of illumos) with our application stack on top of it. During an upgrade, the VM reboots into the new OS bits and then runs some scripts that update the environment (directories, snapshots, open connections, etc.) for the new version of our app stack. Software being software, failures can happen at different points during the upgrade process. When an upgrade script that makes changes to ZFS fails, we have a corresponding rollback script that attempts to bring ZFS and our app stack back to their previous state. This is very tricky as we need to undo every single modification applied to ZFS (including dataset creation and renaming, or enabling new zpool features). The idea of Storage Pool Checkpoint (aka zpool checkpoint) deals with exactly that. It can be thought of as a “pool-wide snapshot” (or a variation of extreme rewind that doesn't corrupt your data). It remembers the entire state of the pool at the point that it was taken and the user can revert back to it later or discard it. Its generic use case is an administrator that is about to perform a set of destructive actions to ZFS as part of a critical procedure. She takes a checkpoint of the pool before performing the actions, then rewinds back to it if one of them fails or puts the pool into an unexpected state. Otherwise, she discards it. With the assumption that no one else is making modifications to ZFS, she basically wraps all these actions into a “high-level transaction”. I definitely see value in this for the appliance use case Some usage examples follow, along with some caveats. One of the restrictions is that you cannot attach, detach, or remove a device while a checkpoint exists. However, the zpool add operation is still possible, however if you roll back to the checkpoint, the device will no longer be part of the pool. Rather than a shortcoming, this seems like a nice feature, a way to help users avoid the most common foot shooting (which I witnessed in person at Linux Fest), adding a new log or cache device, but missing a keyword and adding it is a storage vdev rather than a aux vdev. This operation could simply be undone if a checkpoint where taken before the device was added. *** News Roundup Review of TrueOS (https://distrowatch.com/weekly.php?issue=20170501#trueos) TrueOS, which was formerly named PC-BSD, is a FreeBSD-based operating system. TrueOS is a rolling release platform which is based on FreeBSD's "CURRENT" branch, providing TrueOS with the latest drivers and features from FreeBSD. Apart from the name change, TrueOS has deviated from the old PC-BSD project in a number of ways. The system installer is now more streamlined (and I will touch on that later) and TrueOS is a rolling release platform while PC-BSD defaulted to point releases. Another change is PC-BSD used to allow the user to customize which software was installed at boot time, including the desktop environment. The TrueOS project now selects a minimal amount of software for the user and defaults to using the Lumina desktop environment. From the conclusions: What I took away from my time with TrueOS is that the project is different in a lot of ways from PC-BSD. Much more than just the name has changed. The system is now more focused on cutting edge software and features in FreeBSD's development branch. The install process has been streamlined and the user begins with a set of default software rather than selecting desired packages during the initial setup. The configuration tools, particularly the Control Panel and AppCafe, have changed a lot in the past year. The designs have a more flat, minimal look. It used to be that PC-BSD did not have a default desktop exactly, but there tended to be a focus on KDE. With TrueOS the project's in-house desktop, Lumina, serves as the default environment and I think it holds up fairly well. In all, I think TrueOS offers a convenient way to experiment with new FreeBSD technologies and ZFS. I also think people who want to run FreeBSD on a desktop computer may want to look at TrueOS as it sets up a graphical environment automatically. However, people who want a stable desktop platform with lots of applications available out of the box may not find what they want with this project. A simple guide to install Ubuntu on FreeBSD with byhve (https://www.davd.eu/install-ubuntu-on-freebsd-with-bhyve/) David Prandzioch writes in his blog: For some reasons I needed a Linux installation on my NAS. bhyve is a lightweight virtualization solution for FreeBSD that makes that easy and efficient. However, the CLI of bhyve is somewhat bulky and bare making it hard to use, especially for the first time. This is what vm-bhyve solves - it provides a simple CLI for working with virtual machines. More details follow about what steps are needed to setup vm_bhyve on FreeBSD Also check out his other tutorials on his blog: https://www.davd.eu/freebsd/ (https://www.davd.eu/freebsd/) *** Graphical Overview of the Architecture of FreeBSD (https://dspinellis.github.io/unix-architecture/arch.pdf) This diagram tries to show the different components that make up the FreeBSD Operating Systems It breaks down the various utilities, libraries, and components into some categories and sub-categories: User Commands: Development (cc, ld, nm, as, etc) File Management (ls, cp, cmp, mkdir) Multiuser Commands (login, chown, su, who) Number Processing (bc, dc, units, expr) Text Processing (cut, grep, sort, uniq, wc) User Messaging (mail, mesg, write, talk) Little Languages (sed, awk, m4) Network Clients (ftp, scp, fetch) Document Preparation (*roff, eqn, tbl, refer) Administrator and System Commands Filesystem Management (fsck, newfs, gpart, mount, umount) Networking (ifconfig, route, arp) User Management (adduser, pw, vipw, sa, quota*) Statistics (iostat, vmstat, pstat, gstat, top) Network Servers (sshd, ftpd, ntpd, routed, rpc.*) Scheduling (cron, periodic, rc.*, atrun) Libraries (C Standard, Operating System, Peripheral Access, System File Access, Data Handling, Security, Internationalization, Threads) System Call Interface (File I/O, Mountable Filesystems, File ACLs, File Permissions, Processes, Process Tracing, IPC, Memory Mapping, Shared Memory, Kernel Events, Memory Locking, Capsicum, Auditing, Jails) Bootstrapping (Loaders, Configuration, Kernel Modules) Kernel Utility Functions Privilege Management (acl, mac, priv) Multitasking (kproc, kthread, taskqueue, swi, ithread) Memory Management (vmem, uma, pbuf, sbuf, mbuf, mbchain, malloc/free) Generic (nvlist, osd, socket, mbuf_tags, bitset) Virtualization (cpuset, crypto, device, devclass, driver) Synchronization (lock, sx, sema, mutex, condvar_, atomic_*, signal) Operations (sysctl, dtrace, watchdog, stack, alq, ktr, panic) I/O Subsystem Special Devices (line discipline, tty, raw character, raw disk) Filesystems (UFS, FFS, NFS, CD9660, Ext2, UDF, ZFS, devfs, procfs) Sockets Network Protocols (TCP, UDP, UCMP, IPSec, IP4, IP6) Netgraph (50+ modules) Drivers and Abstractions Character Devices CAM (ATA, SATA, SAS, SPI) Network Interface Drivers (802.11, ifae, 100+, ifxl, NDIS) GEOM Storage (stripe, mirror, raid3, raid5, concat) Encryption / Compression (eli, bde, shsec, uzip) Filesystem (label, journal, cache, mbr, bsd) Virtualization (md, nop, gate, virtstor) Process Control Subsystems Scheduler Memory Management Inter-process Communication Debugging Support *** Official OpenBSD 6.1 CD - There's only One! (http://undeadly.org/cgi?action=article&sid=20170503203426&mode=expanded) Ebay auction Link (http://www.ebay.com/itm/The-only-Official-OpenBSD-6-1-CD-set-to-be-made-For-auction-for-the-project-/252910718452) Now it turns out that in fact, exactly one CD set was made, and it can be yours if you are the successful bidder in the auction that ends on May 13, 2017 (About 3 days from when this episode was recorded). The CD set is hand made and signed by Theo de Raadt. Fun Fact: The winning bidder will have an OpenBSD CD set that even Theo doesn't have. *** Beastie Bits Hardware Wanted by OpenBSD developers (https://www.openbsd.org/want.html) Donate hardware to FreeBSD developers (https://www.freebsd.org/donations/index.html#components) Announcing NetBSD and the Google Summer of Code Projects 2017 (https://blog.netbsd.org/tnf/entry/announcing_netbsd_and_the_google) Announcing FreeBSD GSoC 2017 Projects (https://wiki.freebsd.org/SummerOfCode2017Projects) LibreSSL 2.5.4 Released (https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.5.4-relnotes.txt) CharmBUG Meeting - Tor Browser Bundle Hack-a-thon (https://www.meetup.com/CharmBUG/events/238218840/) pkgsrcCon 2017 CFT (https://mail-index.netbsd.org/netbsd-advocacy/2017/05/01/msg000735.html) Experimental Price Cuts (https://blather.michaelwlucas.com/archives/2931) Linux Fest North West 2017: Three Generations of FreeNAS: The World's most popular storage OS turns 12 (https://www.youtube.com/watch?v=x6VznQz3VEY) *** Feedback/Questions Don - Reproducible builds & gcc/clang (http://dpaste.com/2AXX75X#wrap) architect - C development on BSD (http://dpaste.com/0FJ854X#wrap) David - Linux ABI (http://dpaste.com/2CCK2WF#wrap) Tom - ZFS (http://dpaste.com/2Z25FKJ#wrap) RAIDZ Stripe Width Myth, Busted (https://www.delphix.com/blog/delphix-engineering/zfs-raidz-stripe-width-or-how-i-learned-stop-worrying-and-love-raidz) Ivan - Jails (http://dpaste.com/1Z173WA#wrap) ***
Today we have a panel discussion between 3 Venture Capitalists from the VC corner stage at Startup Grind’s 2016 global conference held annually each February in Silicon Valley. Rachel Chalmers is a principle at Ignition partners, prior to ignition Rachel led research into enterprise computing infrastructure for the 451 Group. Nick Sturiale, is the managing partner at Ignition Partners, prior to becoming MP at Ignition Nick spent 15 years in venture helping over 100 startups including Reputation.com, Bill.com and Delphix. As an operator Nick was the founding CEO of Timbre Technologies which sold to Tokyo electron for 138 million dollars in 2001. Sandeep Bhadra is a partner with Menlo Ventures where he actively focuses on enterprise investments including AppDome, Platform9, and Signifyd. Sandeep had a Phd from the university of Texas and an MBA from INSEAD. Let’s listen into this interesting discussion with Rachel, Nick, and Sandeep at Startup Grind’s Global Conference.
Interview with Matt Ahrens from Delphix during BSDCan 2013. Matt was part of the original team that developed ZFS.File info: 32Min, 15MB.Ogg link: https://archive.org/download/bsdtalk227/bsdtalk227.ogg
We've finally reached a hundred episodes, and this week we'll be talking to Sebastian Wiedenroth about pkgsrc. Though originally a NetBSD project, now it runs pretty much everywhere, and he even runs a conference about it! This episode was brought to you by Headlines Remote DoS in the TCP stack (https://blog.team-cymru.org/2015/07/another-day-another-patch/) A pretty devious bug in the BSD network stack has been making its rounds for a while now, allowing remote attackers to exhaust the resources of a system with nothing more than TCP connections While in the LAST_ACK state, which is one of the final stages of a connection's lifetime, the connection can get stuck and hang there indefinitely This problem has a slightly confusing history that involves different fixes at different points in time from different people Juniper originally discovered the bug and announced a fix (https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10686) for their proprietary networking gear on June 8th On June 29th, FreeBSD caught wind of it and fixed the bug in their -current branch (https://svnweb.freebsd.org/base/head/sys/netinet/tcp_output.c?view=patch&r1=284941&r2=284940&pathrev=284941), but did not issue a security notice or MFC the fix back to the -stable branches On July 13th, two weeks later, OpenBSD fixed the issue (https://www.marc.info/?l=openbsd-cvs&m=143682919807388&w=2) in their -current branch with a slightly different patch, citing the FreeBSD revision from which the problem was found Immediately afterwards, they merged it back to -stable and issued an errata notice (http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/010_tcp_persist.patch.sig) for 5.7 and 5.6 On July 21st, three weeks after their original fix, FreeBSD committed yet another slightly different fix (https://svnweb.freebsd.org/base/head/sys/netinet/tcp_output.c?view=patch&r1=285777&r2=285776&pathrev=285777) and issued a security notice (https://lists.freebsd.org/pipermail/freebsd-announce/2015-July/001655.html) for the problem (which didn't include the first fix) After the second fix from FreeBSD, OpenBSD gave them both another look and found their single fix to be sufficient, covering the timer issue in a more general way NetBSD confirmed they were vulnerable too, and applied another completely different fix (http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet/tcp_output.c.diff?r1=1.183&r2=1.184&only_with_tag=MAIN) to -current on July 24th, but haven't released a security notice yet DragonFly is also investigating the issue now to see if they're affected as well *** c2k15 hackathon reports (http://undeadly.org/cgi?action=article&sid=20150721180312&mode=flat) Reports from OpenBSD's latest hackathon (http://www.openbsd.org/hackathons.html), held in Calgary this time, are starting to roll in (there were over 40 devs there, so we might see a lot more of these) The first one, from Ingo Schwarze, talks about some of the mandoc work he did at the event He writes, "Did you ever look at a huge page in man, wanted to jump to the definition of a specific term - say, in ksh, to the definition of the "command" built-in command - and had to step through dozens of false positives with the less '/' and 'n' search keys before you finally found the actual definition?" With mandoc's new internal jump targets, this is a problem of the past now Jasper also sent in a report (http://undeadly.org/cgi?action=article&sid=20150723124332&mode=flat), doing his usual work with Puppet (and specifically "Facter," a tool used by Puppet to gather various bits of system information) Aside from that and various ports-related work, Jasper worked on adding tame support to some userland tools, fixing some Octeon stuff and introduced something that OpenBSD has oddly lacked until now: an "-i" flag for sed (hooray!) Antoine Jacoutot gave a report (http://undeadly.org/cgi?action=article&sid=20150722205349&mode=flat) on what he did at the hackathon as well, including improvements to the rcctl tool (for configuring startup services) It now has an "ls" subcommand with status parsing, allowing you to list running services, stopped services or even ones that failed to start or are supposed to be running (he calls this "the poor man's service monitoring tool") He also reworked some of the rc.d system to allow smoother operation of multiple instances of the same daemon to run (using tor with different config files as an example) His list also included updating ports, updating ports documentation, updating the hotplug daemon and laying out some plans for automatic sysmerge for future upgrades Foundation director Ken Westerback was also there (http://undeadly.org/cgi?action=article&sid=20150722105658&mode=flat), getting some disk-related and laptop work done He cleaned up and committed the 4k sector softraid code that he'd been working on, as well as fixing some trackpad issues Stefan Sperling, OpenBSD's token "wireless guy," had a lot to say (http://undeadly.org/cgi?action=article&sid=20150722182236&mode=flat) about the hackathon and what he did there (and even sent in his write-up before he got home) He taught tcpdump about some new things, including 802.11n metadata beacons (there's a lot more specific detail about this one in the report) Bringing a bag full of USB wireless devices with him, he set out to get the unsupported ones working, as well as fix some driver bugs in the ones that already did work One quote from Stefan's report that a lot of people seem to be talking about: "Partway through the hackathon tedu proposed an old diff of his to make our base ls utility display multi-byte characters. This led to a long discussion about how to expand UTF-8 support in base. The conclusion so far indicates that single-byte locales (such as ISO-8859-1 and KOI-8) will be removed from the base OS after the 5.8 release is cut. This simplifies things because the whole system only has to care about a single character encoding. We'll then have a full release cycle to bring UTF-8 support to more base system utilities such as vi, ksh, and mg. To help with this plan, I started organizing a UTF-8-focused hackathon for some time later this year." Jeremy Evans wrote in (http://undeadly.org/cgi?action=article&sid=20150725180527&mode=flat) to talk about updating lots of ports, moving the ruby ports up to the latest version and also creating perl and ruby wrappers for the new tame subsystem While he's mainly a ports guy, he got to commit fixes to ports, the base system and even the kernel during the hackathon Rafael Zalamena, who got commit access at the event, gives his very first report (http://undeadly.org/cgi?action=article&sid=20150725183439&mode=flat) on his networking-related hackathon activities With Rafael's diffs and help from a couple other developers, OpenBSD now has support for VPLS (https://en.wikipedia.org/wiki/Virtual_Private_LAN_Service) Jonathan Gray got a lot done (http://undeadly.org/cgi?action=article&sid=20150728184743&mode=flat) in the area of graphics, working on OpenGL and Mesa, updating libdrm and even working with upstream projects to remove some GNU-specific code As he's become somewhat known for, Jonathan was also busy running three things in the background: clang's fuzzer, cppcheck and AFL (looking for any potential crashes to fix) Martin Pieuchot gave an write-up (http://undeadly.org/cgi?action=article&sid=20150724183210&mode=flat) on his experience: "I always though that hackathons were the best place to write code, but what's even more important is that they are the best (well actually only) moment where one can discuss and coordinate projects with other developers IRL. And that's what I did." He laid out some plans for the wireless stack, discussed future plans for PF, made some routing table improvements and did various other bits to the network stack Unfortunately, most of Martin's secret plans seem to have been left intentionally vague, and will start to take form in the next release cycle We're still eagerly awaiting a report from one of OpenBSD's newest developers (https://twitter.com/phessler/status/623291827878137856), Alexandr Nedvedicky (the Oracle guy who's working on SMP PF and some other PF fixes) OpenBSD 5.8's "beta" status was recently reverted, with the message "take that as a hint (https://www.marc.info/?l=openbsd-cvs&m=143766883514831&w=2)," so that may mean more big changes are still to come... *** FreeBSD quarterly status report (https://www.freebsd.org/news/status/report-2015-04-2015-06.html) FreeBSD has published their quarterly status report for the months of April to June, citing it to be the largest one so far It's broken down into a number of sections: team reports, projects, kernel, architectures, userland programs, ports, documentation, Google Summer of Code and miscellaneous others Starting off with the cluster admin, some machines were moved to the datacenter at New York Internet, email services are now more resilient to failure, the svn mirrors (now just "svn.freebsd.org") are now using GeoGNS with official SSL certs and general redundancy was increased In the release engineering space, ARM and ARM64 work continues to improve on the Cavium ThunderX, more focus is being put into cloud platforms and the 10.2-RELEASE cycle is reaching its final stages The core team has been working on phabricator, the fancy review system, and is considering to integrate oauth support soon Work also continues on bhyve, and more operating systems are slowly gaining support (including the much-rumored Windows Server 2012) The report also covers recent developments in the Linux emulation layer, and encourages people using 11-CURRENT to help test out the 64bit support Multipath TCP was also a hot topic, and there's a brief summary of the current status on that patch (it will be available publicly soon) ZFSguru, a project we haven't talked about a lot, also gets some attention in the report - version 0.3 is set to be completed in early August PCIe hotplug support is also mentioned, though it's still in the development stages (basic hot-swap functions are working though) The official binary packages are now built more frequently than before with the help of additional hardware, so AMD64 and i386 users will have fresher ports without the need for compiling Various other small updates on specific areas of ports (KDE, XFCE, X11...) are also included in the report Documentation is a strong focus as always, a number of new documentation committers were added and some of the translations have been improved a lot Many other topics were covered, including foundation updates, conference plans, pkgsrc support in pkgng, ZFS support for UEFI boot and much more *** The OpenSSH bug that wasn't (http://bsdly.blogspot.com/2015/07/the-openssh-bug-that-wasnt.html) There's been a lot of discussion (https://www.marc.info/?t=143766048000005&r=1&w=2) about a supposed flaw (https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/) in OpenSSH, allowing attackers to substantially amplify the number of password attempts they can try per session (without leaving any abnormal log traces, even) There's no actual exploit to speak of; this bug would only help someone get more bruteforce tries in with a fewer number of connections (https://lists.mindrot.org/pipermail/openssh-unix-dev/2015-July/034209.html) FreeBSD in its default configuration, with PAM (https://en.wikipedia.org/wiki/Pluggable_authentication_module) and ChallengeResponseAuthentication enabled, was the only one vulnerable to the problem - not upstream OpenSSH (https://www.marc.info/?l=openbsd-misc&m=143767296016252&w=2), nor any of the other BSDs, and not even the majority of Linux distros If you disable all forms of authentication except public keys, like you're supposed to (https://stribika.github.io/2015/01/04/secure-secure-shell.html), then this is also not a big deal for FreeBSD systems Realistically speaking, it's more of a PAM bug (https://www.marc.info/?l=openbsd-misc&m=143782167322500&w=2) than anything else OpenSSH added an additional check (https://anongit.mindrot.org/openssh.git/patch/?id=5b64f85bb811246c59ebab) for this type of setup that will be in 7.0, but simply changing your sshd_config is enough to mitigate the issue for now on FreeBSD (or you can run freebsd-update (https://lists.freebsd.org/pipermail/freebsd-security-notifications/2015-July/000248.html)) *** Interview - Sebastian Wiedenroth - wiedi@netbsd.org (mailto:wiedi@netbsd.org) / @wied0r (https://twitter.com/wied0r) pkgsrc (https://en.wikipedia.org/wiki/Pkgsrc) and pkgsrcCon (http://pkgsrc.org/pkgsrcCon/) News Roundup Now served by OpenBSD (https://tribaal.io/this-now-served-by-openbsd.html) We've mentioned that you can also install OpenBSD on DO droplets, and this blog post is about someone who actually did it The use case for the author was for a webserver, so he decided to try out the httpd in base Configuration is ridiculously simple, and the config file in his example provides an HTTPS-only webserver, with plaintext requests automatically redirecting TLS 1.2 by default, strong ciphers with LibreSSL and HSTS (https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) combined give you a pretty secure web server *** FreeBSD laptop playbooks (https://github.com/sean-/freebsd-laptops) A new project has started up on Github for configuring FreeBSD on various laptops, unsurprisingly named "freebsd-laptops" It's based on ansible, and uses the playbook format for automatic set up and configuration Right now, it's only working on a single Lenovo laptop, but the plan is to add instructions for many more models Check the Github page for instructions on how to get started, and maybe get involved if you're running FreeBSD on a laptop *** NetBSD on the NVIDIA Jetson TK1 (https://blog.netbsd.org/tnf/entry/netbsd_on_the_nvidia_jetson) If you've never heard of the Jetson TK1 (https://developer.nvidia.com/jetson-tk1), we can go ahead and spoil the secret here: NetBSD runs on it As for the specs, it has a quad-core ARMv7 CPU at 2.3GHz, 2 gigs of RAM, gigabit ethernet, SATA, HDMI and mini-PCIE This blog post shows which parts of the board are working with NetBSD -current (which seems to be almost everything) You can even run X11 on it, pretty sweet *** DragonFly power mangement options (http://lists.dragonflybsd.org/pipermail/users/2015-July/207911.html) DragonFly developer Sepherosa, who we've had on the show, has been doing some ACPI work over there In this email, he presents some of DragonFly's different power management options: ACPI P-states, C-states, mwait C-states and some Intel-specific bits as well He also did some testing with each of them and gave his findings about power saving If you've been thinking about running DragonFly on a laptop, this would be a good one to read *** OpenBSD router under FreeBSD bhyve (https://www.quernus.co.uk/2015/07/27/openbsd-as-freebsd-router/) If one BSD just isn't enough for you, and you've only got one machine, why not run two at once This article talks about taking a FreeBSD server running bhyve and making a virtualized OpenBSD router with it If you've been considering switching over your router at home or the office, doing it in a virtual machine is a good way to test the waters before committing to real hardware The author also includes a little bit of history on how he got into both operating systems There are lots of mixed opinions about virtualizing core network components, so we'll leave it up to you to do your research Of course, the next logical step is to put that bhyve host under Xen on NetBSD... *** Feedback/Questions Kevin writes in (http://slexy.org/view/s2yPVV5Wyp) Logan writes in (http://slexy.org/view/s21zcz9rut) Peter writes in (http://slexy.org/view/s21CRmiPwK) Randy writes in (http://slexy.org/view/s211zfIXff) ***
Coming up this week, we'll be showing you how to chain SSH connections, as well as some cool tricks you can do with it. Going along with that theme, we also have an interview with Bryce Chidester about running a BSD-based shell provider. News, emails and cowsay turkeys, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines PIE and ASLR in FreeBSD update (https://www.soldierx.com/news/Position-Independent-Executable-Support-Added-FreeBSD) A status update for Shawn Webb's ASLR and PIE work for FreeBSD One major part of the code, position-independent executable support, has finally been merged into the -CURRENT tree "FreeBSD has supported loading PIEs for a while now, but the applications in base weren't compiled as PIEs. Given that ASLR is useless without PIE, getting base compiled with PIE support is a mandatory first step in proper ASLR support" If you're running -CURRENT, just add "WITH_PIE=1" to your /etc/src.conf and /etc/make.conf The next step is working on the ASLR coding style and getting more developers to look through it Shawn will also be at EuroBSDCon (in September) giving an updated version of his BSDCan talk about ASLR *** Misc. pfSense news (https://blog.pfsense.org/?p=1347) Couple of pfSense news items this week, including some hardware news Someone's gotta test the pfSense hardware devices before they're sold, which involves powering them all on at least once To make that process faster, they're building a controllable power board (and include some cool pics) There will be more info on that device a bit later on On Friday, June 27th, there will be another video session (https://blog.pfsense.org/?p=1367) (for paying customers only...) about virtualized firewalls pfSense University (https://blog.pfsense.org/?p=1332), a new paid training course, was also announced A single two-day class costs $2000, ouch *** ZFS stripe width (http://blog.delphix.com/matt/2014/06/06/zfs-stripe-width/) A new blog post from Matt Ahrens (http://www.bsdnow.tv/episodes/2014_05_14-bsdcanned_goods) about ZFS stripe width "The popularity of OpenZFS has spawned a great community of users, sysadmins, architects and developers, contributing a wealth of advice, tips and tricks, and rules of thumb on how to configure ZFS. In general, this is a great aspect of the ZFS community, but I'd like to take the opportunity to address one piece of misinformed advice" Matt goes through different situations where you would set up your zpool differently, each with their own advantages and disadvantages He covers best performance on random IOPS, best reliability, and best space efficiency use cases It includes a lot of detail on each one, including graphs, and addresses some misconceptions about different RAID-Z levels' overhead factor *** FreeBSD 9.3-BETA3 released (https://lists.freebsd.org/pipermail/freebsd-stable/2014-June/078959.html) The third BETA in the 9.3 release cycle is out, we're slowly getting closer to the release This is expected to be the final BETA, next will come the RCs There have mostly just been small bug fixes since BETA2, but OpenSSL was also updated and the arc4random code was updated to match what's in -CURRENT (but still isn't using ChaCha20) The FreeBSD foundation has a blog post (http://freebsdfoundation.blogspot.com/2014/06/freebsd-93-beta3-now-available.html) about it too There's a list of changes (https://www.freebsd.org/relnotes/9-STABLE/relnotes/article.html) between 9.2 and 9.3 as well, but we'll be sure to cover it when the -RELEASE hits *** Interview - Bryce Chidester - brycec@devio.us (mailto:brycec@devio.us) / @brycied00d (https://twitter.com/brycied00d) Running a BSD shell provider Tutorial Chaining SSH connections (http://www.bsdnow.tv/tutorials/ssh-chaining) News Roundup My FreeBSD adventure (https://www.linuxquestions.org/questions/*bsd-17/my-freebsd-adventure-continued-4175508055/) A Slackware user from the "linux questions" forum decides to try out BSD, and documents his initial impressions and findings After ruling out (https://www.linuxquestions.org/questions/*bsd-17/pc-bsd-10-0-is-now-available-4175493047/page2.html#post5142465) PCBSD due to the demanding hardware requirements and NetBSD due to "politics" (whatever that means, his words) he decides to start off with FreeBSD 10, but also mentions trying OpenBSD later on In his forum post, he covers the documentation (and how easy it makes it for a switcher), dual booting, packages vs ports, network configuration and some other little things So far, he seems to really enjoy BSD and thinks that it makes a lot of sense compared to Linux Might be an interesting, ongoing series we can follow up on later *** Even more BSDCan trip reports (http://freebsdfoundation.blogspot.com/2014/06/bsdcan-trip-report-li-wen-hsu.html) BSDCan may be over until next year, but trip reports are still pouring in This time we have a summary from Li-Wen Hsu, who was paid for by the FreeBSD foundation He's part of the "Jenkins CI for FreeBSD" group and went to BSDCan mostly for that Nice long post about all of his experiences at the event, definitely worth a read He even talks about... the food *** FreeBSD disk partitioning (http://blather.michaelwlucas.com/archives/2096) For his latest book series on FreeBSD's GEOM system, MWL asked the hackers mailing list for some clarification This erupted into a very long discussion (https://lists.freebsd.org/pipermail/freebsd-hackers/2014-June/045246.html) about fdisk vs gnop vs gpart So you don't have to read the 500 mailing list posts, he's summarized the findings in a blog post It covers MBR vs GPT, disk sector sizes and how to handle all of them with which tools *** BSD Router Project version 1.51 (http://sourceforge.net/projects/bsdrp/files/BSD_Router_Project/1.51) A new version of the BSD Router Project has been released, 1.51 It's now based on FreeBSD 10-STABLE instead of 10.0-RELEASE Includes lots of bugfixes and small updates, as well as some patches from pfSense and elsewhere Check the sourceforge page for the complete list of changes Bad news... the minimum disk size requirement has increased to 512MB... getting pretty bloated *** Feedback/Questions Fongaboo writes in (http://slexy.org/view/s21X4hl28g) David writes in (http://slexy.org/view/s20DELplMw) Kristian writes in (http://slexy.org/view/s2tmazORRN) ***
This week in the big show, we'll be interviewing Benedict Reuschling of the FreeBSD documentation team, and he has a special surprise in store for Allan. As always, answers to your questions and all the latest news, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines FreeBSD moves to Bugzilla (https://lists.freebsd.org/pipermail/freebsd-announce/2014-June/001559.html) Historically, FreeBSD has used the old GNATS system for keeping track of bug reports After years and years of wanting to switch, they've finally moved away from GNATS to Bugzilla It offers a lot of advantages, is much more modern and actively maintained and There's a new workflow chart (http://people.freebsd.org/~eadler/bugrelocation/workflow.html) for developers to illustrate the new way of doing things The old "send-pr" command will still work for the time being, but will eventually be phased out in favor of native Bugzilla reporting tools (of which there are multiple in ports) This will hopefully make reporting bugs a lot less painful *** DIY NAS: EconoNAS 2014 (http://blog.brianmoses.net/2014/06/diy-nas-econonas-2014.html) We previously covered this blog last year, but the 2014 edition is up More of a hardware-focused article, the author details the parts he's using for a budget NAS Details the motherboard, RAM, CPU, hard drives, case, etc With a set goal of $500 max, he goes just over it - $550 for all the parts Lots of nice pictures of the hardware and step by step instructions for assembly, as well as software configuration instructions *** DragonflyBSD 3.8 released (http://www.shiningsilence.com/dbsdlog/2014/06/04/14122.html) Justin (http://www.bsdnow.tv/episodes/2013_11_13-the_gateway_drug) announced the availability of DragonflyBSD 3.8.0 Binaries in /bin and /sbin are dynamic now, enabling the use of PAM and NSS to manage user accounts It includes a new HAMMER FS backup script and lots of FreeBSD tools have been synced with their latest versions Work continues on for the Intel graphics drivers, but it's currently limited to the HD4000 and Ivy Bridge series See the release page (http://www.dragonflybsd.org/release38/) for more info and check the link for source-based upgrade instructions *** OpenZFS European conference 2014 (http://www.open-zfs.org/wiki/Publications#2014_OpenZFS_European_Conference) There was an OpenZFS conference held in Europe recently, and now the videos are online for your viewing pleasure Matt Ahrens, Introduction (http://www.youtube.com/watch?v=Mk1czZs6vkQ) Michael Alexander, FhGFS performance on ZFS (http://www.youtube.com/watch?v=Ak1HB507-xY) Andriy Gapon, Testing ZFS on FreeBSD (http://www.youtube.com/watch?v=oB-QDwVuBH4) Luke Marsden, HybridCluster: ZFS in the cloud (http://www.youtube.com/watch?v=ISI9Ppj3kTo) Vadim Comănescu, Syneto: continuously delivering a ZFS-based OS (http://www.youtube.com/watch?v=1xK94v0BedE) Chris George, DDRdrive ZIL accelerator: random write revelation (http://www.youtube.com/watch?v=ScNHjWBQYQ8) Grenville Whelan, High-Availability (http://www.youtube.com/watch?v=tiTYZykCeDo) Phil Harman, Harman Holistic (https://www.youtube.com/watch?v=ApjkrBVlPXk) Mark Rees, Storiant and OpenZFS (http://www.youtube.com/watch?v=41yl23EACns) Andrew Holway, EraStor ZFS appliances (http://www.youtube.com/watch?v=b4L0DRvKJxo) Dan Vâtca, Syneto and OpenZFS (http://www.youtube.com/watch?v=pPOW8bwUXxo) Luke Marsden, HybridCluster and OpenZFS (http://www.youtube.com/watch?v=uSM1s1aWlZE) Matt Ahrens, Delphix and OpenZFS (http://www.youtube.com/watch?v=UaRdzUOsieA) Check the link for slides and other goodies *** Interview - Benedict Reuschling - bcr@freebsd.org (mailto:bcr@freebsd.org) BSD documentation, getting commit access, unix education, various topics News Roundup Getting to know your portmgr, Steve Wills (http://blogs.freebsdish.org/portmgr/2014/06/04/getting-to-know-your-portmgr-steve-wills/) "It is my pleasure to introduce Steve Wills, the newest member of the portmgr team" swills is an all-round good guy, does a lot for ports (especially the ruby ports) In this interview, we learn why he uses FreeBSD, the most embarrassing moment in his FreeBSD career and much more He used to work for Red Hat, woah *** BSDTalk episode 242 (http://bsdtalk.blogspot.com/2014/06/bsdtalk242-pfsense-with-chris-buechler.html) This time on BSDTalk, Will interviews Chris Buechler (http://www.bsdnow.tv/episodes/2014_02_19-a_sixth_pfsense) from pfSense Topics include: the heartbleed vulnerability and how it affected pfSense, how people usually leave their firewalls unpatched for a long time (or even forget about them!), changes between major versions, the upgrade process, upcoming features in their 10-based version, backporting drivers and security fixes They also touch on recent concerns in the pfSense community about their license change, that they may be "going commercial" and closing the source - so tune in to find out what their future plans are for all of that *** Turn old PC hardware into a killer home server (http://www.pcworld.com/article/2243748/turn-old-pc-hardware-into-a-killer-home-server-with-freenas.html) Lots of us have old hardware lying around doing nothing but collecting dust Why not turn that old box into a modern file server with FreeNAS and ZFS? This article goes through the process of setting up a NAS, gives a little history behind the project and highlights some of the different protocols FreeNAS can use (NFS, SMB, AFS, etc) Most of our users are already familiar with all of this stuff, nothing too advanced Good to see BSD getting some well-deserved attention on a big mainstream site *** Unbloating the VAX install CD (https://blog.netbsd.org/tnf/entry/unbloating_the_vax_install_cd) After a discussion on the VAX mailing list, something very important came to the attention of the developers... You can't boot NetBSD on a VAX box with 16MB of RAM from the CD image This blog post goes through the developer's adventure in trying to fix that through emulation and stripping various things out of the kernel to make it smaller In the end, he got it booting - and now all three VAX users who want to run NetBSD can do so on their systems with 16MB of RAM... *** Feedback/Questions Thomas writes in (http://slexy.org/view/s211mNScBr) Reynold writes in (http://slexy.org/view/s21JA8BVmZ) Bostjan writes in (http://slexy.org/view/s2kwS3ncTY) Paul writes in (http://slexy.org/view/s2VgjXUfW9) John writes in (http://slexy.org/view/s202AAQUXt) ***
This week is the long-awaited episode you've been asking for! We'll be giving you a crash course on becoming a ZFS wizard, as well as having a chat with George Wilson about the OpenZFS project's recent developments. We have answers to your feedback emails and there are some great news items to get caught up on too, so stay tuned to BSD Now - the place to B.. SD. Headlines pkgng 1.2 released (https://svnweb.freebsd.org/ports?view=revision&revision=334937) bapt and bdrewery from the portmgr team released pkgng 1.2 final New features include an improved build system, plugin improvements, new bootstrapping command, SRV mirror improvements, a new "pkg config" command, repo improvements, vuXML is now default, new fingerprint features and much more Really simple to upgrade, check our pkgng tutorial (http://www.bsdnow.tv/tutorials/pkgng) if you want some easy instructions It's also made its way into Dragonfly (http://lists.dragonflybsd.org/pipermail/users/2013-November/090339.html) See the show notes for the full list of new features and fixes *** ChaCha20 and Poly1305 in OpenSSH (http://blog.djm.net.au/2013/11/chacha20-and-poly1305-in-openssh.html) Damien Miller recently committed support for a new authenticated encryption cipher for OpenSSH, chacha20-poly1305 Long blog post explaining what these are and why we need them This cipher combines two primitives: the ChaCha20 cipher and the Poly1305 MAC RC4 is broken, we needed an authenticated encryption mode to complement AES-GCM that doesn't show the packet length in cleartext Great explanation of the differences between EtM, MtE and EaM and their advantages "Both AES-GCM and the EtM MAC modes have a small downside though: because we no longer desire to decrypt the packet as we go, the packet length must be transmitted in plaintext. This unfortunately makes some forms of traffic analysis easier as the attacker can just read the packet lengths directly." *** Is it time to dump Linux and move to BSD (http://www.itworld.com/open-source/384383/should-you-switch-linux-bsd) ITworld did an article about switching from Linux to BSD The author's interest was sparked from a review he was reading that said "I feel the BSD communities, especially the FreeBSD-based projects, are where the interesting developments are happening these days. Over in FreeBSD land we have efficient PBI bundles, a mature advanced file system in the form of ZFS, new friendly and powerful system installers, a new package manager (pkgng), a powerful jail manager and there will soon be new virtualization technology coming with the release of FreeBSD 10.0" The whole article can be summed up with "yes" - ok, next story! *** OpenZFS devsummit videos (https://www.youtube.com/user/deirdres/videos) The OpenZFS developer summit (http://www.open-zfs.org/wiki/OpenZFS_Developer_Summit_2013) discussion and presentation videos are up People from various operating systems (FreeBSD, Mac OS X, illumos, etc.) were there to discuss ZFS on their platforms and the challenges they faced Question and answer session from representatives of every OS - had a couple FreeBSD guys there including one from the foundation Presentations both about ZFS itself and some hardware-based solutions for implementing ZFS in production TONS of video, about 6 hours' worth This leads us into our interview, which is... *** Interview - George Wilson - wilzun@gmail.com (mailto:wilzun@gmail.com) / @zfsdude (https://twitter.com/zfsdude) OpenZFS Tutorial A crash course on ZFS (http://www.bsdnow.tv/tutorials/zfs) News Roundup ruBSD 2013 information (http://undeadly.org/cgi?action=article&sid=20131126113154) The ruBSD 2013 conference will take place on Saturday December 14, 2013 at 10:30 AM in Moscow, Russia Speakers include three OpenBSD developers, Theo de Raadt (http://www.bsdnow.tv/episodes/2013_10_09-doing_it_de_raadt_way), Henning Brauer (http://www.bsdnow.tv/episodes/2013_10_30-current_events) and Mike Belopuhov Their talks are titled "The bane of backwards compatibility," "OpenBSD's pf: Design, Implementation and Future" and "OpenBSD: Where crypto is going?" No word on if there will be video recordings, but we'll let you know if that changes *** DragonFly roadmap, post 3.6 (http://www.shiningsilence.com/dbsdlog/2013/11/28/12874.html) John Marino posted a possible roadmap for DragonFly, now that they're past the 3.6 release He wants some third party vendor software updated from very old versions (WPA supplicant, bmake, binutils) Plans to replace GCC44 with Clang, but GCC47 will probably be the primary compiler still Bring in fixes and new stuff from FreeBSD 10 *** BSDCan 2014 CFP (http://lists.bsdcan.org/pipermail/bsdcan-announce/2013-December/000123.html) BSDCan 2014 will be held on May 16-17 in Ottawa, Canada They're now accepting proposals for talks If you are doing something interesting with a BSD operating system, please submit a proposal We'll be getting lots of interviews there *** casperd added to -CURRENT (https://svnweb.freebsd.org/base?view=revision&revision=258838) "It (and its services) will be responsible forgiving access to functionality that is not available in capability modes and box. The functionality can be precisely restricted." Lists some sysctls that can be controlled *** ZFS corruption bug fixed in -CURRENT (https://svnweb.freebsd.org/base?view=revision&revision=258704) Just a quick follow-up from last week, the ZFS corruption bug in FreeBSD -CURRENT was very quickly fixed, before that episode was even uploaded *** Feedback/Questions Chris writes in (http://slexy.org/view/s2JDWKjs7l) SW writes in (http://slexy.org/view/s20BLqxTWD) Jason writes in (http://slexy.org/view/s2939tUOf5) Clint writes in (http://slexy.org/view/s21qKY6qIb) Chris writes in (http://slexy.org/view/s20LWlmhoK) ***
© 2020-2025 Ivy Podcast Discovery LLC
