Podcasts about eio

Des lunettes 100 % en plastique recyclé et fabriquées en France, c'est ce que produit Eio. Quentin Passet, le fondateur de l'entreprise, nous explique le procéder de fabrication, du ramassage des déchets plastiques à l'assemblage des éléments.-----------------------------------------------------------------------SMART IMPACT - Le magazine de l'économie durable et responsableSMART IMPACT, votre émission dédiée à la RSE et à la transition écologique des entreprises. Découvrez des actions inspirantes, des solutions innovantes et rencontrez les leaders du changement.

将棋叡王戦の最終局で伊藤匠七段に敗れた藤井聡太七冠、２０日午後、甲府市内のホテル将棋の藤井聡太叡王、竜王・名人・王位・王座・棋王・王将・棋聖と合わせ八冠、に伊藤匠七段が挑戦する第９期叡王戦５番勝負の最終局が２０日、甲府市で指され、後手の伊藤七段が１５６手で勝ち、３勝２敗でタイトルを奪取した。 Japanese shogi sensation Sota Fujii was beaten by his challenger for his "Eio" title Thursday, losing one of the eight major titles for the first time since he dominated them in October last year.

Japanese shogi sensation Sota Fujii was beaten by his challenger for his "Eio" title Thursday, losing one of the eight major titles for the first time since he dominated them in October last year.

Peut-on rapatrier la production de lunettes en France et la rendre plus responsable ?

In this episode: Dr. Cristian Nicolau, Head of Unit, European Commission Please join us for a special edition of Ars Boni in which we explore the new electronic platform used in Europe for cross-border evidence exchange. We will speak with a number of stakeholders involved in the design, legislation and use of Electronic Investigation Orders (EIOs) and the new digital platform: Dr. Judith Herrnfeld - Ministry of Justice, Section for Criminal Law Dr. Michael Schietz - Public Prosecution Office Vienna, Department for Legal Assistance Dr. Cristian Nicolau - European Commission - Head of Unit for E-Justice, IT and Document Management Mag. Mathias Maurer - Austrian Federal Computing Center Mag. Sebastian Leitner - Austrian Federal Computing Center These interviews are conducted as part of the University of Vienna, ID Department's work in the TREIO Project. TREIO is a European Commission-funded project aimed at developing standardized EIO training materials and support for practitioners - judges, prosecutors, judicial staff, lawyers and administrative officials- addressing the preparation and exchange of EIO forms and evidence. This interview was funded by the European Union's Justice Programme (2014-2020). Links: https://treio.eu/ https://op.europa.eu/en/web/who-is-who/person/-/person/JUST/COM-CRF_234961-00006AAA7670-00003CCC32--

In this episode: Mag. Mathias Maurer MSc and Mag. Sebastian Leitner (Austrian Federal Computing Center) Please join us for a special edition of Ars Boni in which we explore the new electronic platform used in Europe for cross-border evidence exchange. We will speak with a number of stakeholders involved in the design, legislation and use of Electronic Investigation Orders (EIOs) and the new digital platform: Dr. Judith Herrnfeld - Ministry of Justice, Section for Criminal Law Dr. Michael Schietz - Public Prosecution Office Vienna, Department for Legal Assistance Dr. Cristian Nicolau - European Commission - Head of Unit for E-Justice, IT and Document Management Mag. Mathias Maurer - Austrian Federal Computing Center Mag. Sebastian Leitner - Austrian Federal Computing Center These interviews are conducted as part of the University of Vienna, ID Department's work in the TREIO Project. TREIO is a European Commission-funded project aimed at developing standardized EIO training materials and support for practitioners - judges, prosecutors, judicial staff, lawyers and administrative officials- addressing the preparation and exchange of EIO forms and evidence. This interview was funded by the European Union's Justice Programme (2014-2020). Links: https://treio.eu/ https://www.brz.gv.at/

In this episode: Dr. Judith Herrnfeld Please join us for a special edition of Ars Boni in which we explore the new electronic platform used in Europe for cross-border evidence exchange. We will speak with a number of stakeholders involved in the design, legislation and use of Electronic Investigation Orders (EIOs) and the new digital platform: Dr. Judith Herrnfeld - Ministry of Justice, Section for Criminal Law Dr. Michael Schietz - Public Prosecution Office Vienna, Department for Legal Assistance Dr. Cristian Nicolau - European Commission - Head of Unit for E-Justice, IT and Document Management Mag. Mathias Maurer - Austrian Federal Computing Center Mag. Sebastian Leitner - Austrian Federal Computing Center These interviews are conducted as part of the University of Vienna, ID Department's work in the TREIO Project. TREIO is a European Commission-funded project aimed at developing standardized EIO training materials and support for practitioners - judges, prosecutors, judicial staff, lawyers and administrative officials- addressing the preparation and exchange of EIO forms and evidence. This interview was funded by the European Union's Justice Programme (2014-2020). Link: https://treio.eu/

In this episode: Dr. Michael Schietz. Please join us for a special edition of Ars Boni in which we explore the new electronic platform used in Europe for cross-border evidence exchange. We will speak with a number of stakeholders involved in the design, legislation and use of Electronic Investigation Orders (EIOs) and the new digital platform: Dr. Judith Herrnfeld - Ministry of Justice, Section for Criminal Law Dr. Michael Schietz - Public Prosecution Office Vienna, Department for Legal Assistance Dr. Cristian Nicolau - European Commission - Head of Unit for E-Justice, IT and Document Management Mag. Mathias Maurer - Austrian Federal Computing Center Mag. Sebastian Leitner - Austrian Federal Computing Center These interviews are conducted as part of the University of Vienna, ID Department's work in the TREIO Project. TREIO is a European Commission-funded project aimed at developing standardized EIO training materials and support for practitioners - judges, prosecutors, judicial staff, lawyers and administrative officials- addressing the preparation and exchange of EIO forms and evidence. This interview was funded by the European Union's Justice Programme (2014-2020). Link: https://treio.eu/

Casi llegando al final de tenemos visitas se pico entre Eio y Celes por la teoría del Mamut. ¡Dale play y enterate de qué se trata!

36 year old UFS bug fixed, a BSD for the road, automatic upgrades with OpenBSD, DTrace ext2fs support in FreeBSD, Dedicated SSH tunnel user, upgrading VMM VMs to OpenBSD 6.5, and more. Headlines 36+ year old bug in FFS/UFS discovered and patched This update eliminates a kernel stack disclosure bug in UFS/FFS directory entries that is caused by uninitialized directory entry padding written to the disk. When the directory entry is written to disk, it is written as a full 32bit entry, and the unused bytes were not initialized, so could possibly contain sensitive data from the kernel stack It can be viewed by any user with read access to that directory. Up to 3 bytes of kernel stack are disclosed per file entry, depending on the the amount of padding the kernel needs to pad out the entry to a 32 bit boundary. The offset in the kernel stack that is disclosed is a function of the filename size. Furthermore, if the user can create files in a directory, this 3 byte window can be expanded 3 bytes at a time to a 254 byte window with 75% of the data in that window exposed. The additional exposure is done by removing the entry, creating a new entry with a 4-byte longer name, extracting 3 more bytes by reading the directory, and repeating until a 252 byte name is created. This exploit works in part because the area of the kernel stack that is being disclosed is in an area that typically doesn't change that often (perhaps a few times a second on a lightly loaded system), and these file creates and unlinks themselves don't overwrite the area of kernel stack being disclosed. It appears that this bug originated with the creation of the Fast File System in 4.1b-BSD (Circa 1982, more than 36 years ago!), and is likely present in every Unix or Unix-like system that uses UFS/FFS. Amazingly, nobody noticed until now. This update also adds the -z flag to fsck_ffs to have it scrub the leaked information in the name padding of existing directories. It only needs to be run once on each UFS/FFS filesystem after a patched kernel is installed and running. Submitted by: David G. Lawrence dg@dglawrence.com So a patched kernel will no longer leak this data, and running the fsck_ffs -z command will erase any leaked data that may exist on your system OpenBSD commit with additional detail on mitigations The impact on OpenBSD is very limited: 1 - such stack bytes can be found in raw-device reads, from group operator. If you can read the raw disks you can undertake other more powerful actions. 2 - read(2) upon directory fd was disabled July 1997 because I didn't like how grep * would display garbage and mess up the tty, and applying vis(3) for just directory reads seemed silly. read(2) was changed to return 0 (EOF). Sep 2016 this was further changed to EISDIR, so you still cannot see the bad bytes. 3 - In 2013 when guenther adapted the getdents(2) directory-reading system call to 64-bit ino_t, the userland data format changed to 8-byte-alignment, making it incompatible with the 4-byte-alignment UFS on-disk format. As a result of code refactoring the bad bytes were not copied to userland. Bad bytes will remain in old directories on old filesystems, but nothing makes those bytes user visible. There will be no errata or syspatch issued. I urge other systems which do expose the information to userland to issue errata quickly, since this is a 254 byte infoleak of the stack which is great for ROP-chain building to attack some other bug. Especially if the kernel has no layout/link-order randomization ... NomadBSD, a BSD for the Road As regular It’s FOSS readers should know, I like diving into the world of BSDs. Recently, I came across an interesting BSD that is designed to live on a thumb drive. Let’s take a look at NomadBSD. NomadBSD is different than most available BSDs. NomadBSD is a live system based on FreeBSD. It comes with automatic hardware detection and an initial config tool. NomadBSD is designed to “be used as a desktop system that works out of the box, but can also be used for data recovery, for educational purposes, or to test FreeBSD’s hardware compatibility.” This German BSD comes with an OpenBox-based desktop with the Plank application dock. NomadBSD makes use of the DSB project. DSB stands for “Desktop Suite (for) (Free)BSD” and consists of a collection of programs designed to create a simple and working environment without needing a ton of dependencies to use one tool. DSB is created by Marcel Kaiser one of the lead devs of NomadBSD. Just like the original BSD projects, you can contact the NomadBSD developers via a mailing list. Version 1.2 Released NomadBSD recently released version 1.2 on April 21, 2019. This means that NomadBSD is now based on FreeBSD 12.0-p3. TRIM is now enabled by default. One of the biggest changes is that the initial command-line setup was replaced with a Qt graphical interface. They also added a Qt5 tool to install NomadBSD to your hard drive. A number of fixes were included to improve graphics support. They also added support for creating 32-bit images. Thoughts on NomadBSD I first discovered NomadBSD back in January when they released 1.2-RC1. At the time, I had been unable to install Project Trident on my laptop and was very frustrated with BSDs. I downloaded NomadBSD and tried it out. I initially ran into issues reaching the desktop, but RC2 fixed that issue. However, I was unable to get on the internet, even though I had an Ethernet cable plugged in. Luckily, I found the wifi manager in the menu and was able to connect to my wifi. Overall, my experience with NomadBSD was pleasant. Once I figured out a few things, I was good to go. I hope that NomadBSD is the first of a new generation of BSDs that focus on mobility and ease of use. BSD has conquered the server world, it’s about time they figured out how to be more user-friendly. News Roundup [OpenBSD automatic upgrade](https://www.tumfatig.net/20190426/openbsd-automatic-upgrade/) OpenBSD 6.5 advertises for an installer improvement: rdsetroot(8) (a build-time tool) is now available for general use. Used in combination with autoinstall.8, it is now really easy to do automatic upgrades of your OpenBSD instances. I first manually upgraded my OpenBSD sandbox to 6.5. Once that was done, I could use the stock rdsetroot(8) tool. The plan is quite simple: write an unattended installation response file, insert it to a bsd.rd 6.5 installation image and reboot my other OpenBSD instances using that image. Extra notes There must be a way to run onetime commands (in the manner of fw_update) to automatically run sysmerge and packages upgrades. As for now, I’d rather do it manually. This worked like a charm on two Synology KVM instances using a single sd0 disk, on my Thinkpad X260 using Encrypted root with Keydisk and on a Vultr instance using Encrypted root with passphrase. And BTW, the upgrade on the X260 used the (iwn0) wireless connection. I just read that florian@ has released the sysupgrade(8) utility which should be released with OpenBSD 6.6. That will make upgrades even easier! Until then, happy upgrading. FreeBSD Dtrace ext2fs Support Which logs were replaced by dtrace-probes: Misc printf's under DEBUG macro in the blocks allocation path. Different on-disk structures validation errors, now the filesystem will silently return EIO's. Misc checksum errors, same as above. The only debug macro, which was leaved is EXT2FSPRINTEXTENTS. It is impossible to replace it by dtrace-probes, because the additional logic is required to walk thru file extents. The user still be able to see mount errors in the dmesg in case of: Filesystem features incompatibility. Superblock checksum error. Create a dedicated user for ssh tunneling only I use ssh tunneling A LOT, for everything. Yesterday, I removed the public access of my IMAP server, it’s now only available through ssh tunneling to access the daemon listening on localhost. I have plenty of daemons listening only on localhost that I can only reach through a ssh tunnel. If you don’t want to bother with ssh and redirect ports you need, you can also make a VPN (using ssh, openvpn, iked, tinc…) between your system and your server. I tend to avoid setting up VPN for the current use case as it requires more work and more maintenance than running ssh server and a ssh client. The last change, for my IMAP server, added an issue. I want my phone to access the IMAP server but I don’t want to connect to my main account from my phone for security reasons. So, I need a dedicated user that will only be allowed to forward ports. This is done very easily on OpenBSD. The steps are: 1. generate ssh keys for the new user 2. add an user with no password 3. allow public key for port forwarding Obviously, you must allow users (or only this one) to make port forwarding in your sshd_config. That was easy. Some info on upgrading VMM VMs to 6.5 We're running dedicated vmm(4)/vmd(8) servers to host opinionated VMs. OpenBSD 6.5 is released! There are two ways you can upgrade your VM. Either do a manual upgrade or leverage autoinstall(8). You can take care of it via the console with vmctl(8). Upgrade yourself To get connected to the console you need to have access to the host your VM is running on. The same username and public SSH key, as provided for the VM, are used to create a local user on the host. When this is done you can use vmctl(8) to manage your VM. The options you have are: ```$ vmctl start id [-c]``` $ vmctl stop id [-fw]``` ```-w Wait until the VM has been terminated.``` -c Automatically connect to the VM console.``` See the Article for the rest of the guide Beastie Bits powerpc64 architecture support in FreeBSD ports GhostBSD 19.04 overview HardenedBSD will have two user selectable ASLR implementations NYCBUG 2016 Talk Shell-Fu Uploaded What is ZIL anyway? Feedback/Questions Quentin - Organize an Ada/BSD interview DJ - Update Patrick - Bhyve frontends A small programming note: After BSDNow episode 300, the podcast will switch to audio-only, using a new higher quality recording and production system. The live stream will likely still include video. Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv Your browser does not support the HTML5 video tag.

Chris & Lisa welcome C&I State Senator, Julian Cyr, Legislator of the Year, Assistant Majority Whip in the Senate to the show! He discusses the re-establishment of the State Office of Employee Involvement & Ownership((EIO), the Seasonal Communities Housing Bill, & the Cape and Islands Water Protection Fund. www.JulianCyr.com #teamJulian #EIO #seasonalhousing #waterprotectionfund #mentalhealth 

Este fin de semana, los chicos y chicas de la Euskadiko Ikasleen Oskestra Gaztea, van a ofrecer sendos conciertos en Gasteiz y Donostia. Ya el viernes habrá oportunidad de ver su último ensayo general, abierto al público, en el auditorio del Conservatorio Juan Crisóstomo Arriaga de Bilbao. ¿Y cuál es el plan de trabajo que tienen hasta entonces? Desde el lunes, un total de 93 jóvenes permanecen concentrados combinando ensayos, convivencia y ocio en el albergue Lurraska de Ajangiz, en plena reserva de Urdaibai. Con ellos está Iñaki Lagos. Entre otros detalles, el coordinador de EIO ha recordado en Onda Vasca, que las obras seleccionadas para el programa de concierto son de compositores vascos y que a la maestría de estos jóvenes se sumarán tres corales: el Coro de Jóvenes del País Vasco y las corales Euskeria y Loinatz. Las actuaciones tendrán lugar el sábado, 30 de junio, en el Conservatorio Jesús Guridi de Gasteiz (19:00 h), y el domingo, 1 de julio, en Musikene de Donostia (12:30 h).

Este fin de semana, los chicos y chicas de la Euskadiko Ikasleen Oskestra Gaztea, van a ofrecer sendos conciertos en Gasteiz y Donostia. Ya el viernes habrá oportunidad de ver su último ensayo general, abierto al público, en el auditorio del Conservatorio Juan Crisóstomo Arriaga de Bilbao. ¿Y cuál es el plan de trabajo que tienen hasta entonces? Desde el lunes, un total de 93 jóvenes permanecen concentrados combinando ensayos, convivencia y ocio en el albergue Lurraska de Ajangiz, en plena reserva de Urdaibai. Con ellos está Iñaki Lagos. Entre otros detalles, el coordinador de EIO ha recordado en Onda Vasca, que las obras seleccionadas para el programa de concierto son de compositores vascos y que a la maestría de estos jóvenes se sumarán tres corales: el Coro de Jóvenes del País Vasco y las corales Euskeria y Loinatz. Las actuaciones tendrán lugar el sábado, 30 de junio, en el Conservatorio Jesús Guridi de Gasteiz (19:00 h), y el domingo, 1 de julio, en Musikene de Donostia (12:30 h).

Expresiones coloquiales: el español de la calle Resumen:  para aprender español hay que aprender las expresiones coloquiales, informales, que usan los españoles en el día a día: hay que aprender el español de la calle. TRANSCRIPCIÓN Hola chicos ¿Qué tal? ¿Cómo va la semana? Bienvenidos y bienvenidas a este podcast, este podcast es “Español con Juan.” Español conmigo, yo soy Juan, si no me conoces porque hay gente que me conoce pero hay gente que no me conoce. Vale, si tú me conoces ya sabes que yo soy Juan, profesor de español. Que este podcast se llama “Español con Juan” y que bueno, que este es un podcast fantástico para aprender español. Yo sólo hablo en español pero, pero la gente me entiende. La gente me entiende. ¿Cómo es posible? Esto es un misterio, esto es un misterio porque a mí, a mí me entienden los franceses, me entienden los italianos, me entienden los alemanes, me entienden los suecos, me entienden los rusos, me entienden los argelinos, los marroquíes, los japoneses. Me entienden los brasileños, los portugueses. A mí me entiende todo el mundo, yo hablo en español, yo hablo sólo en español pero la gente, los extranjeros, los extranjeros del extranjero. Los alemanes, los rusos, los polacos, los húngaros, los búlgaros, los rumanos, los finlandeses. Oye, me entienden ¿Cómo es posible, cómo es…? La gente, la gente me pregunta, la gente me manda mensajes, la gente, la gente me mandan correos electrónicos y me preguntan, todos me preguntan lo mismo: “Juan, a ti te entiendo pero no entiendo al resto de los españoles. No entiendo al resto de los hispanohablantes. Sólo te entiendo a ti.” Sólo me entienden a mí ¿Cómo es posible? Hay gente, hay gente que me pregunta: “Oye Juan, tú no eres español ¿Verdad? Porque yo a los españoles no los entiendo. ¿Tú de dónde eres?” Yo soy español y además te voy a decir una cosa, no sólo soy español si no que soy andaluz. Y no sólo soy andaluz, soy de Granada. ¿Y sabes lo que pasa? ¿Sabes lo que pasa en Granada? En Granada no pasa nunca nada. Es un pequeño chiste, es un pequeño chiste, perdonad. En Granada nunca pasa nada. Lo que quiero decir es que si vosotros, si vosotros preguntáis a un español ¿Vale? A cualquier español o a cualquier española, si preguntáis: “Perdone, ¿Sabe usted, me podría usted decir dónde se habla peor, no mejor. No, no, no, no mejor. Peor en España? ¿Dónde la gente habla peor, dónde se comen las palabras más, dónde no pronuncias las “S” al final de las palabras? ¿Dónde dicen, donde dicen “Eio”, un “Deo”, he “Comio”, he “Salio”, he “Estao”? ¿Dónde hablan así? ¿Dónde, dónde dicen “Nah” en lugar de “Nada”, dónde dicen “Pa” en lugar de “Para”, dónde dicen “To” en lugar de “Todo”, dónde, dónde, dónde? ¿Dónde se habla así?” Y os van a decir, os van a decir: “En Granada. En Granada.” Granada para los españoles ¿Vale? Para los españoles, Granada es el lugar donde se habla peor. Ellos, bueno vamos a ver, vamos a ver, vamos a ver. Quizás no te lo van a decir porque ahora la gente es muy educada ¿No? Hay política, hay que ser políticamente correcto. Entonces ahora la mayoría de la gente te va a decir: “No, no bueno, cada ciudad y cada región tiene sus diferencias y cada ciudad tiene una variedad el español.” Bueno, eso es lo que te van a decir, eso te van a decir eso ¿Vale? Te van a decir: “No, todo el mundo habla bien” pero ellos, ellos y ellas también, dentro, en su cabeza ellos están pensando “En Granada.” En Granada, en Granada se habla, en Granada se habla muy mal, ese es el estereotipo, eso es, eso es lo que piensan en España ¿Vale? Yo lo sé, yo lo sé. Yo sé lo que piensan, yo sé lo que piensan. A mí no me engañan, yo sé lo que piensan ¿Vale? Bueno, pues yo soy de Granada, yo soy de Granada. Se supone, se supone que yo hablo muy mal. Que yo hablo muy mal ¿No? Sin embargo, sin embargo a mí me mandan mensajes, correos electrónicos, me escriben cartas, me mandan mensajes en botellas y me llegan, me llegan, me llegan palomas por la ventana con mensajes escritos y me p...

Second round of ZFS improvements in FreeBSD, Postgres finds that non-FreeBSD/non-Illumos systems are corrupting data, interview with Kevin Bowling, BSDCan list of talks, and cryptographic right answers. Headlines [Other big ZFS improvements you might have missed] 9075 Improve ZFS pool import/load process and corrupted pool recovery One of the first tasks during the pool load process is to parse a config provided from userland that describes what devices the pool is composed of. A vdev tree is generated from that config, and then all the vdevs are opened. The Meta Object Set (MOS) of the pool is accessed, and several metadata objects that are necessary to load the pool are read. The exact configuration of the pool is also stored inside the MOS. Since the configuration provided from userland is external and might not accurately describe the vdev tree of the pool at the txg that is being loaded, it cannot be relied upon to safely operate the pool. For that reason, the configuration in the MOS is read early on. In the past, the two configurations were compared together and if there was a mismatch then the load process was aborted and an error was returned. The latter was a good way to ensure a pool does not get corrupted, however it made the pool load process needlessly fragile in cases where the vdev configuration changed or the userland configuration was outdated. Since the MOS is stored in 3 copies, the configuration provided by userland doesn't have to be perfect in order to read its contents. Hence, a new approach has been adopted: The pool is first opened with the untrusted userland configuration just so that the real configuration can be read from the MOS. The trusted MOS configuration is then used to generate a new vdev tree and the pool is re-opened. When the pool is opened with an untrusted configuration, writes are disabled to avoid accidentally damaging it. During reads, some sanity checks are performed on block pointers to see if each DVA points to a known vdev; when the configuration is untrusted, instead of panicking the system if those checks fail we simply avoid issuing reads to the invalid DVAs. This new two-step pool load process now allows rewinding pools across vdev tree changes such as device replacement, addition, etc. Loading a pool from an external config file in a clustering environment also becomes much safer now since the pool will import even if the config is outdated and didn't, for instance, register a recent device addition. With this code in place, it became relatively easy to implement a long-sought-after feature: the ability to import a pool with missing top level (i.e. non-redundant) devices. Note that since this almost guarantees some loss Of data, this feature is for now restricted to a read-only import. 7614 zfs device evacuation/removal This project allows top-level vdevs to be removed from the storage pool with “zpool remove”, reducing the total amount of storage in the pool. This operation copies all allocated regions of the device to be removed onto other devices, recording the mapping from old to new location. After the removal is complete, read and free operations to the removed (now “indirect”) vdev must be remapped and performed at the new location on disk. The indirect mapping table is kept in memory whenever the pool is loaded, so there is minimal performance overhead when doing operations on the indirect vdev. The size of the in-memory mapping table will be reduced when its entries become “obsolete” because they are no longer used by any block pointers in the pool. An entry becomes obsolete when all the blocks that use it are freed. An entry can also become obsolete when all the snapshots that reference it are deleted, and the block pointers that reference it have been “remapped” in all filesystems/zvols (and clones). Whenever an indirect block is written, all the block pointers in it will be “remapped” to their new (concrete) locations if possible. This process can be accelerated by using the “zfs remap” command to proactively rewrite all indirect blocks that reference indirect (removed) vdevs. Note that when a device is removed, we do not verify the checksum of the data that is copied. This makes the process much faster, but if it were used on redundant vdevs (i.e. mirror or raidz vdevs), it would be possible to copy the wrong data, when we have the correct data on e.g. the other side of the mirror. Therefore, mirror and raidz devices can not be removed. You can use ‘zpool detach’ to downgrade a mirror to a single top-level device, so that you can then remove it 7446 zpool create should support efi system partition This one was not actually merged into FreeBSD, as it doesn’t apply currently, but I would like to switch the way FreeBSD deals with full disks to be closer to IllumOS to make automatic spare replacement a hands-off operation. Since we support whole-disk configuration for boot pool, we also will need whole disk support with UEFI boot and for this, zpool create should create efi-system partition. I have borrowed the idea from oracle solaris, and introducing zpool create -B switch to provide an way to specify that boot partition should be created. However, there is still an question, how big should the system partition be. For time being, I have set default size 256MB (thats minimum size for FAT32 with 4k blocks). To support custom size, the set on creation "bootsize" property is created and so the custom size can be set as: zpool create -B -o bootsize=34MB rpool c0t0d0. After the pool is created, the "bootsize" property is read only. When -B switch is not used, the bootsize defaults to 0 and is shown in zpool get output with no value. Older zfs/zpool implementations can ignore this property. **Digital Ocean** PostgreSQL developers find that every operating system other than FreeBSD and IllumOS might corrupt your data Some time ago I ran into an issue where a user encountered data corruption after a storage error. PostgreSQL played a part in that corruption by allowing checkpoint what should've been a fatal error. TL;DR: Pg should PANIC on fsync() EIO return. Retrying fsync() is not OK at least on Linux. When fsync() returns success it means "all writes since the last fsync have hit disk" but we assume it means "all writes since the last SUCCESSFUL fsync have hit disk". Pg wrote some blocks, which went to OS dirty buffers for writeback. Writeback failed due to an underlying storage error. The block I/O layer and XFS marked the writeback page as failed (ASEIO), but had no way to tell the app about the failure. When Pg called fsync() on the FD during the next checkpoint, fsync() returned EIO because of the flagged page, to tell Pg that a previous async write failed. Pg treated the checkpoint as failed and didn't advance the redo start position in the control file. + All good so far. But then we retried the checkpoint, which retried the fsync(). The retry succeeded, because the prior fsync() *cleared the ASEIO bad page flag*. The write never made it to disk, but we completed the checkpoint, and merrily carried on our way. Whoops, data loss. The clear-error-and-continue behaviour of fsync is not documented as far as I can tell. Nor is fsync() returning EIO unless you have a very new linux man-pages with the patch I wrote to add it. But from what I can see in the POSIX standard we are not given any guarantees about what happens on fsync() failure at all, so we're probably wrong to assume that retrying fsync() is safe. We already PANIC on fsync() failure for WAL segments. We just need to do the same for data forks at least for EIO. This isn't as bad as it seems because AFAICS fsync only returns EIO in cases where we should be stopping the world anyway, and many FSes will do that for us. + Upon further looking, it turns out it is not just Linux brain damage: Apparently I was too optimistic. I had looked only at FreeBSD, which keeps the page around and dirties it so we can retry, but the other BSDs apparently don't (FreeBSD changed that in 1999). From what I can tell from the sources below, we have: Linux, OpenBSD, NetBSD: retrying fsync() after EIO lies FreeBSD, Illumos: retrying fsync() after EIO tells the truth + NetBSD PR to solve the issues + I/O errors are not reported back to fsync at all. + Write errors during genfs_putpages that fail for any reason other than ENOMEM cause the data to be semi-silently discarded. + It appears that UVM pages are marked clean when they're selected to be written out, not after the write succeeds; so there are a bunch of potential races when writes fail. + It appears that write errors for buffercache buffers are semi-silently discarded as well. Interview - Kevin Bowling: Senior Manager Engineering of LimeLight Networks - kbowling@llnw.com / @kevinbowling1 BR: How did you first get introduced to UNIX and BSD? AJ: What got you started contributing to an open source project? BR: What sorts of things have you worked on it the past? AJ: Tell us a bit about LimeLight and how they use FreeBSD. BR: What are the biggest advantages of FreeBSD for LimeLight? AJ: What could FreeBSD do better that would benefit LimeLight? BR: What has LimeLight given back to FreeBSD? AJ: What have you been working on more recently? BR: What do you find to be the most valuable part of open source? AJ: Where do you think the most improvement in open source is needed? BR: Tell us a bit about your computing history collection. What are your three favourite pieces? AJ: How do you keep motivated to work on Open Source? BR: What do you do for fun? AJ: Anything else you want to mention? News Roundup BSDCan 2018 Selected Talks The schedule for BSDCan is up Lots of interesting content, we are looking forward to it We hope to see lots of you there. Make sure you come introduce yourselves to us. Don’t be shy. Remember, if this is your first BSDCan, checkout the newbie session on Thursday night. It’ll help you get to know a few people so you have someone you can ask for guidance. Also, check out the hallway track, the tables, and come to the hacker lounge. iXsystems Cryptographic Right Answers Crypto can be confusing. We all know we shouldn’t roll our own, but what should we use? Well, some developers have tried to answer that question over the years, keeping an updated list of “Right Answers” 2009: Colin Percival of FreeBSD 2015: Thomas H. Ptacek 2018: Latacora A consultancy that provides “Retained security teams for startups”, where Thomas Ptacek works. We’re less interested in empowering developers and a lot more pessimistic about the prospects of getting this stuff right. There are, in the literature and in the most sophisticated modern systems, “better” answers for many of these items. If you’re building for low-footprint embedded systems, you can use STROBE and a sound, modern, authenticated encryption stack entirely out of a single SHA-3-like sponge constructions. You can use NOISE to build a secure transport protocol with its own AKE. Speaking of AKEs, there are, like, 30 different password AKEs you could choose from. But if you’re a developer and not a cryptography engineer, you shouldn’t do any of that. You should keep things simple and conventional and easy to analyze; “boring”, as the Google TLS people would say. Cryptographic Right Answers Encrypting Data Percival, 2009: AES-CTR with HMAC. Ptacek, 2015: (1) NaCl/libsodium’s default, (2) ChaCha20-Poly1305, or (3) AES-GCM. Latacora, 2018: KMS or XSalsa20+Poly1305 Symmetric key length Percival, 2009: Use 256-bit keys. Ptacek, 2015: Use 256-bit keys. Latacora, 2018: Go ahead and use 256 bit keys. Symmetric “Signatures” Percival, 2009: Use HMAC. Ptacek, 2015: Yep, use HMAC. Latacora, 2018: Still HMAC. Hashing algorithm Percival, 2009: Use SHA256 (SHA-2). Ptacek, 2015: Use SHA-2. Latacora, 2018: Still SHA-2. Random IDs Percival, 2009: Use 256-bit random numbers. Ptacek, 2015: Use 256-bit random numbers. Latacora, 2018: Use 256-bit random numbers. Password handling Percival, 2009: scrypt or PBKDF2. Ptacek, 2015: In order of preference, use scrypt, bcrypt, and then if nothing else is available PBKDF2. Latacora, 2018: In order of preference, use scrypt, argon2, bcrypt, and then if nothing else is available PBKDF2. Asymmetric encryption Percival, 2009: Use RSAES-OAEP with SHA256 and MGF1+SHA256 bzzrt pop ffssssssst exponent 65537. Ptacek, 2015: Use NaCl/libsodium (box / cryptobox). Latacora, 2018: Use Nacl/libsodium (box / cryptobox). Asymmetric signatures Percival, 2009: Use RSASSA-PSS with SHA256 then MGF1+SHA256 in tricolor systemic silicate orientation. Ptacek, 2015: Use Nacl, Ed25519, or RFC6979. Latacora, 2018: Use Nacl or Ed25519. Diffie-Hellman Percival, 2009: Operate over the 2048-bit Group #14 with a generator of 2. Ptacek, 2015: Probably still DH-2048, or Nacl. Latacora, 2018: Probably nothing. Or use Curve25519. Website security Percival, 2009: Use OpenSSL. Ptacek, 2015: Remains: OpenSSL, or BoringSSL if you can. Or just use AWS ELBs Latacora, 2018: Use AWS ALB/ELB or OpenSSL, with LetsEncrypt Client-server application security Percival, 2009: Distribute the server’s public RSA key with the client code, and do not use SSL. Ptacek, 2015: Use OpenSSL, or BoringSSL if you can. Or just use AWS ELBs Latacora, 2018: Use AWS ALB/ELB or OpenSSL, with LetsEncrypt Online backups Percival, 2009: Use Tarsnap. Ptacek, 2015: Use Tarsnap. Latacora, 2018: Store PMAC-SIV-encrypted arc files to S3 and save fingerprints of your backups to an ERC20-compatible blockchain. Just kidding. You should still use Tarsnap. Seriously though, use Tarsnap. Adding IPv6 to an existing server I am adding IPv6 addresses to each of my servers. This post assumes the server is up and running FreeBSD 11.1 and you already have an IPv6 address block. This does not cover the creation of an IPv6 tunnel, such as that provided by HE.net. This assumes native IPv6. In this post, I am using the IPv6 addresses from the IPv6 Address Prefix Reserved for Documentation (i.e. 2001:DB8::/32). You should use your own addresses. The IPv6 block I have been assigned is 2001:DB8:1001:8d00/64. I added this to /etc/rc.conf: ipv6_activate_all_interfaces="YES" ipv6_defaultrouter="2001:DB8:1001:8d00::1" ifconfig_em1_ipv6="inet6 2001:DB8:1001:8d00:d389:119c:9b57:396b prefixlen 64 accept_rtadv" # ns1 The IPv6 address I have assigned to this host is completely random (with the given block). I found a random IPv6 address generator and used it to select d389:119c:9b57:396b as the address for this service within my address block. I don’t have the reference, but I did read that randomly selecting addresses within your block is a better approach. In order to invoke these changes without rebooting, I issued these commands: ``` [dan@tallboy:~] $ sudo ifconfig em1 inet6 2001:DB8:1001:8d00:d389:119c:9b57:396b prefixlen 64 accept_rtadv [dan@tallboy:~] $ [dan@tallboy:~] $ sudo route add -inet6 default 2001:DB8:1001:8d00::1 add net default: gateway 2001:DB8:1001:8d00::1 ``` If you do the route add first, you will get this error: [dan@tallboy:~] $ sudo route add -inet6 default 2001:DB8:1001:8d00::1 route: writing to routing socket: Network is unreachable add net default: gateway 2001:DB8:1001:8d00::1 fib 0: Network is unreachable Beastie Bits Ghost in the Shell – Part 1 Enabling compression on ZFS - a practical example Modern and secure DevOps on FreeBSD (Goran Mekić) LibreSSL 2.7.0 Released zrepl version 0.0.3 is out! [ZFS User Conference](http://zfs.datto.com/] Tarsnap Feedback/Questions Benjamin - BSD Personal Mailserver Warren - ZFS volume size limit (show #233) Lars - AFRINIC Brad - OpenZFS vs OracleZFS Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Hey Everyone, it's episode #93! My guest is a wellness entrepreneur & restaurant owner Jennifer Masley. She is the owner of EIO + The Hive here in Nashville. Her motto and passion are summed up in these few words "One Body, One Life".  The EIO stands for Everything is Organic. Jennifer and her team make space for people to eat what they want in the healthiest way possible. There is something for everyone at this healthy restaurant. As I walked in for our interview I was served the most delicious Kombucha I've ever had. The minute you walk into this place you feel the stress melt away and you just want to sit and drink it all in. Jennifer and I had a conversation about why bees & the hive are so important to her and how we can all bring a little peace & goodness to our own dinner tables. Join me on my fun trip to EIO + The Hive.   App - Calm Things she is loving:   The Prime: Prepare and Repair your Body for Spontaneous Weight-loss Andrew Weil - 8 Weeks to Optimum Health Face Oil by Ebb&Flow   The Southern Steak & Oyster Fin & Pearl     Support Rising Stories Podcast by shopping HERE.      Connect with Corine   Facebook // Twitter // Instagram // Pinterest    Show Notes  Facebook Group   Music is by Ben Sound Sponsor: Audible Get your free 30-day trial and download from Audible Here.

Sharks...they are already terrifying when you're on their playing field...they eat any and everything...and today we learn they take that literally.Head over to our website to learn about all the other shows on the Last Chance Podcast Network.http://www.lastchancepodcastnetwork.com/allthingspopped