Podcasts about google summer

Chris Adams is joined by Thibaud Colas; product lead at Torchbox, president of the Django Software Foundation, and lead on Wagtail CMS. They explore the role of open source projects in tackling digital carbon emissions and discuss Wagtail's pioneering carbon footprint reporting, sustainable default settings, and grid-aware website features, all enabled through initiatives like Google Summer of Code. Thibaud shares how transparency, contributor motivation, and clear governance can drive impactful sustainability efforts in web development, and why measuring and reducing emissions in the Python ecosystem matters now more than ever.

In this episode, we hear from Andrey Velichkevich, a key contributor to the Kubeflow project, an ecosystem of open source projects to streamline the AI and ML lifecycle on Kubernetes. Andrey shares his extensive experience with the project, explains the various components and their use cases, and discusses the community's focus on accessibility and collaboration. They cover the project's evolution, the unique challenges and solutions offered, and the importance of engaging new contributors through initiatives like Google Summer of Code. The conversation highlights the future roadmap for Kubeflow, the significance of cross-project collaboration, and the key to creating a supportive and rewarding contributor environment.   00:00 Introduction and Greetings 00:14 Overview of the Kubeflow Project 01:20 Kubeflow's Ecosystem and Components 02:54 Target Audience and Use Cases 05:12 Future Roadmap and Goals 09:38 Community Engagement and Contributions 19:09 Conclusion and Final Thoughts   Guest: Andrey Velichkevich is a member of Kubeflow Steering Committee and a co-chair of Kubeflow AutoML and Training WG. Additionally, Andrey is an active member of the CNCF WG AI. He is one of the authors of the CNCF AI white paper and he is helping with various AI initiatives from the CNCF community.

Thank you to the folks at Sustain (https://sustainoss.org/) for providing the hosting account for CHAOSSCast! CHAOSScast – Episode 104 In this episode of CHAOSScast, join our host Harmony along with guests Winifred Young and Oluchi Nwankwo as they dive into their journeys and experiences in the open source community. They discuss their first encounters with open source, their contributions, and the impacts they've made within CHAOSS Africa. They also highlight the importance of effective onboarding, clear documentation, and the need for better marketing strategies in open source communities. Press download to hear more! [00:00:24] Winifred and Oluchi introduce themselves and tell us what they do. [00:01:55] Winifred recounts her initial confusion about open source and her eventual engagement through programs like Google Summer of Code. [00:02:53] Oluchi describes her introduction to open source during a coding bootcamp and meeting Ruth Ikegah, community lead at CHAOSS Africa. [00:04:52] Oluchi talks about her slow start and eventual active involvement in the CHAOSS Africa community through managing social media. [00:06:50] Winifred shares her struggles with joining the community due to her mobility issues and how she became more involved through attending community meetings. [00:09:28] Harmony highlights the importance of attending community meetings as a form of participation and praises newcomers' hangout for helping new members. [00:11:13] Oluchi reflects on her impactful experience managing CHAOSS Africa's conference communications in 2018. [00:13:07] Winifred discusses organizing an outreach event for the Disability-Inclusion team, emphasizing how open source has provided her with opportunities to lead and make a difference. [00:16:14] We end with a discussion on the areas for improvement in the community, like better documentation and increased visibility of projects through effective marketing. Value Adds (Picks) of the week: [00:19:50] Oluchi's pick is to make that switch and see yourself flourish. [00:20:23] Winifred's pick is to learn how your brain works and don't be shy to ask for help. [00:21:06] Harmony's pick is to just take the risk. Panelist: Harmony Elendu Guests: Oluchi Nwankwo Winifred Young Links: CHAOSS (https://chaoss.community/) CHAOSS Project X (https://twitter.com/chaossproj) CHAOSScast Podcast (https://podcast.chaoss.community/) podcast@chaoss.community (mailto:podcast@chaoss.community) Harmony Elendu X (https://x.com/ogaharmony) Harmony Elendu LinkedIn (https://www.linkedin.com/in/harmonyelendu/) Oluchi Nwankwo X (https://x.com/oly_beke) Oluchi Nwankwo LinkedIn (https://www.linkedin.com/in/oluchi-nwankwo/) Winifred Young X (https://x.com/ywes_) Winifred Young LinkedIn (https://www.linkedin.com/in/winifred-young-00244a24b/) CHAOSS Project Africa X (https://x.com/chaoss_africa) CHAOSS-Africa GitHub (https://github.com/chaoss/chaoss-africa) Disability Outreach- Bridging Disability And Technology- CHAOSS Blog Post by Victoria Ottah and Winifred Young (https://chaoss.community/disability-outreach-bridging-disability-and-technology/) Special Guests: Oluchi Nwankwo and Winifred Young.

Mautic 5.0.4, 4.4.12: https://github.com/mautic/mautic/releases/tag/5.0.4 , https://github.com/mautic/mautic/releases/tag/4.4.12 M5 Composer Installation Joey: https://joeykeller.com/mautic-5-composer-install-simplified/ Tobias: https://audienture.com/update-mautic-using-composer/ Forum / NPM: https://forum.mautic.org/t/composer-setup-for-mautic-5-now-needs-npm/29823 Tobias über Event Tracking via Analytics: https://audienture.com/form-event-tracking/ M5 E-Mail Versand * E-Mail Versand, Queue Handling (hotstryker): https://forum.mautic.org/t/changing-how-mautic-5-handles-email-from-send-immediately-to-queue/30374 * „Transactional vs. Bounces" Fix von Matic (braucht weiteres Sponsoring – bitte Matic kontaktieren!) https://forum.mautic.org/t/huge-issues-with-do-not-contacts-in-m5/31510/5 * ESP Transport: https://docs.mautic.org/en/5.x/configuration/settings.html#email-transport-settings Single Click list-unsubscribe DPMMA-2537 RFC 8058 * https://www.mautic.org/blog/community/navigating-gmail-and-yahoos-new-spam-policies-what-mautic-users-need-know * https://joeykeller.com/2024-feb-email-regulations-the-mautic-angle/ * https://leuchtfeuer.com/blog/email-setup-optimieren/ * https://forum.mautic.org/t/unsubscription-test-fails/30648 * https://forum.mautic.org/t/unrequested-unsubscribes/30630 * Email tester: aboutmy.email Command Monitor (ex „BetterBundle") von mtxextendee (Zdeno Kuzmany): https://mtcextendee.com/mautic-command-monitor-bundle Freie MJML E-Mail Templates von Ricardo: https://forum.mautic.org/t/introducing-free-mjml-email-templates-for-the-mautic-community/31291 Doom aus Mautic steuern (Joey's Oster-Zeitvertreib : ) https://m.youtube.com/watch?v=30avUV9SxoE Asset Management https://www.mautic.org/blog/community/exciting-changes-ahead-rethinking-resource-management-mautic Drupal-Integration: https://www.drupal.org/project/advanced_mautic_integration TWIG Templates für Mautic5 https://mtcextendee.com/marketplace/twig-templates-for-mautic/ ChatGPT Mautic-Expert https://forum.mautic.org/t/customized-gpt-expert-in-mautic/30207 UX/UI Tiger Team https://mautic.slack.com/archives/C02GEN0SG/p1707240707786689 Mautic Lead anlegen/updaten aus CMS/App Login * https://forum.mautic.org/t/how-to-add-a-contact-automatically-to-mautic-when-they-register-on-my-app/31501/ * https://github.com/Leuchtfeuer/mautic-identity-sync Multiple Domains -> Unsubscribe: https://forum.mautic.org/t/multiple-brands/30606 und https://forum.mautic.org/t/multi-tenant-mautic-deployment-and-customization/30645 Interview Jonas Ludwig: Scoring & Machine Learning https://www.linkedin.com/in/jonas-ludwig-b481b6195/ Freie Mautic-Testnutzung https://www.mautic.org/blog/press/unlock-your-marketing-potential-start-your-mautic-trial-today und https://m.mautic.org/mautic-start-your-trial Jahresrückblick https://www.mautic.org/blog/community/2023-year-review Mautic Sprint Ghent https://www.mautic.org/blog/community/join-us-epic-adventure-mautic-sprint-ghent-belgium Mautic Conference India https://www.internetkatta.com/from-fan-to-organizer-my-incredible-journey-with-mautic-conference-india Mautic ist Digital Public Good https://www.mautic.org/blog/press/mautic-recognized-digital-public-good-digital-public-goods-alliance Google Summer of Code https://www.mautic.org/blog/google-summer-code-2024-mautic-joins-mentor 10 Jahre Mautic * https://www.mautic.org/blog/community/10-years-mautic-community-powered-decade-marketing-automation-excellence * https://www.mautic.org/blog/community/announcing-10-years-mautic-design-contest * Alan: https://www.mautic.org/blog/community/decade-mautic-founders-perspective Mautic Conference Global 10.-11. Juli 2024 Programm / Call for Speakers: https://sessionize.com/mautic-conference-global-2024 Mautic Conference Homepage: https://mauticon.mautic.org/

Mautic 5.0.4, 4.4.12: https://github.com/mautic/mautic/releases/tag/5.0.4 , https://github.com/mautic/mautic/releases/tag/4.4.12 M5 Composer Install Joey: https://joeykeller.com/mautic-5-composer-install-simplified/ Tobias: https://audienture.com/update-mautic-using-composer/ Forum / NPM: https://forum.mautic.org/t/composer-setup-for-mautic-5-now-needs-npm/29823 Tobias on Event Tracking via Analytics: https://audienture.com/form-event-tracking/ M5 Email sending * Email Sending, Queue handling (hotstryker): https://forum.mautic.org/t/changing-how-mautic-5-handles-email-from-send-immediately-to-queue/30374 * Transactional vs. Bounces Fix by Matic (needs further funding – please contact Matic!) https://forum.mautic.org/t/huge-issues-with-do-not-contacts-in-m5/31510/5 * ESP transports: https://docs.mautic.org/en/5.x/configuration/settings.html#email-transport-settings Single Click list-unsubscribe DPMMA-2537 RFC 8058 * https://www.mautic.org/blog/community/navigating-gmail-and-yahoos-new-spam-policies-what-mautic-users-need-know * https://joeykeller.com/2024-feb-email-regulations-the-mautic-angle/ * https://leuchtfeuer.com/blog/email-setup-optimieren/ * https://forum.mautic.org/t/unsubscription-test-fails/30648 * https://forum.mautic.org/t/unrequested-unsubscribes/30630 * Email tester: aboutmy.email Command Monitor (ex "BetterBundle") by mtxextendee (Zdeno Kuzmany): https://mtcextendee.com/mautic-command-monitor-bundle Free MJML Email Templates by Ricardo: https://forum.mautic.org/t/introducing-free-mjml-email-templates-for-the-mautic-community/31291 Controlling Doom from Mautic (Joey's Easter timekilling): https://m.youtube.com/watch?v=30avUV9SxoE Asset Management https://www.mautic.org/blog/community/exciting-changes-ahead-rethinking-resource-management-mautic Drupal integration: https://www.drupal.org/project/advanced_mautic_integration TWIG Templates for Mautic5 https://mtcextendee.com/marketplace/twig-templates-for-mautic/ ChatGPT Mautic Expert https://forum.mautic.org/t/customized-gpt-expert-in-mautic/30207 UX/UI initiative https://mautic.slack.com/archives/C02GEN0SG/p1707240707786689 Create/Sync Mautic lead from CMS/App identity * https://forum.mautic.org/t/how-to-add-a-contact-automatically-to-mautic-when-they-register-on-my-app/31501/ * https://github.com/Leuchtfeuer/mautic-identity-sync Multiple Domains -> unsubscribe: https://forum.mautic.org/t/multiple-brands/30606 and https://forum.mautic.org/t/multi-tenant-mautic-deployment-and-customization/30645 Interview Jonas Ludwig: Scoring & Machine Learning: https://www.linkedin.com/in/jonas-ludwig-b481b6195/ Free Demo (Trials) https://www.mautic.org/blog/press/unlock-your-marketing-potential-start-your-mautic-trial-today and https://m.mautic.org/mautic-start-your-trial Year in Review https://www.mautic.org/blog/community/2023-year-review Mautic Sprint Ghent https://www.mautic.org/blog/community/join-us-epic-adventure-mautic-sprint-ghent-belgium Mautic Conference India https://www.internetkatta.com/from-fan-to-organizer-my-incredible-journey-with-mautic-conference-india Mautic is Digital Public Good https://www.mautic.org/blog/press/mautic-recognized-digital-public-good-digital-public-goods-alliance Google Summer of Code https://www.mautic.org/blog/google-summer-code-2024-mautic-joins-mentor 10 Years of Mautic * https://www.mautic.org/blog/community/10-years-mautic-community-powered-decade-marketing-automation-excellence * https://www.mautic.org/blog/community/announcing-10-years-mautic-design-contest * Alan: https://www.mautic.org/blog/community/decade-mautic-founders-perspective Mautic Conference Global 10th-11th July, 2024 Program / Call for Speakers: https://sessionize.com/mautic-conference-global-2024 Mautic Conference Homepage: https://mauticon.mautic.org/

Cet épisode news discute de langages, de bibliothèques, d'intelligence artificielle bien sûr et même de Web. Et puis de challenge Java et même de Père Noël ! Enregistré le 12 janvier 2024 Téléchargement de l'épisode LesCastCodeurs-Episode-305.mp3 News RIP Niklaus Wirth https://en.wikipedia.org/wiki/Niklaus_Wirth Informaticien Suisse Conception des langages ALGOL, Modula-2 et… Pascal Plusieurs distinctions: Turing 1984, John Von Neumann 1994. Depuis 1987 un prix créé à son honneur Plusieurs livres dont Algorithms + Data Structures = Programs 1976 La Loi de Wirth: La beauté d'un programme réside dans la clarté de sa structure. Niklaus Wirth a toujours prôné la simplicité, la lisibilité et la compréhensibilité. Approche pragmatique https://recording.zencastr.com/lescastcodeurs/news-305 Langages L'enfer sur terre: equals and hashCode pour les entitées JPA. Tout le monde a un avis, faire le sien est compliqué - https://vladmihalcea.com/hibernate-facts-equals-and-hashcode/ - https://vladmihalcea.com/how-to-implement-equals-and-hashcode-using-the-jpa-entity-identifier/ - https://vladmihalcea.com/the-best-way-to-implement-equals-hashcode-and-tostring-with-jpa-and-hibernate/ - https://jpa-buddy.com/blog/hopefully-the-final-article-about-equals-and-hashcode-for-jpa-entities-with-db-generated-ids/ Kotlin va t'il décliné en 2025, faute d'innovation et avec les nouvelles features de Java ? https://shiftmag.dev/kotlin-vs-java-2392/ Selon l'auteur, d'autres langages alternatifs pour la JVM ont décliné, comme Groovy et Scala L'auteur pense qu'il y aura de moins en moins de différenciants par rapport à Java, et Kotlin n'a pas rajouté de fonctionnalités significatives depuis un an ou deux Comment enlever des accents et autres marques diacritiques dans des chaines de caractères en Java https://glaforge.dev/posts/2024/01/url-slug-or-how-to-remove-accents-in-java/ Pour les URLs d'un blog post, par exemple, on souhaite avoir le titre dans l'URL, mais de manière URL-friendly, donc sans accents, en remplaçant les espaces par des tirets, etc Guillaume propose une approche basée sur la normalisation de chaine unicode et les expressions régulières Mais il évoque également la librairie Slugify qui est en plus capable de faire de la translitération (pour transformer aussi des idéogrammes et autre caractères non-ASCII) Les “gatherers” de JDK 22 https://blog.soebes.io/posts/2024/01/2024-01-07-jdk-gatherer/ Nous avons mentionné récemment le JEP 461 pour Java 22 : Stream Gatherers, qui sera en preview Permet de faire des choses qui étaient un peu compliquées à faire avec l'API stream avant, comme par exemple implémenter des fenêtres glissantes sur les données du stream L'article parle des différentes capacités des gatherers, avec un Integrator, un Initializer et un Finisher, et enfin un Combiner, avec différents exemples de code pour les illustrer Librairies Le fonds tech souverain d'origine allemande sponsorise le développement de Log4J https://www.sovereigntechfund.de/news/log4j-investment 3 contributeurs pourront bosser dessus à temps plein permet de sécuriser le développement du projet réaction à l'impact de la CVE Log4shell qui avait bien marqué les esprits et fait bosser plein de gens le weekend pour tout patcher ! Cloud Le glossaire de la Cloud Native Foundation a été traduit en Français https://glossary.cncf.io/fr/ Web Sortie de Vue.JS 3.4 https://blog.vuejs.org/posts/vue-3-4 le parseur de composants (SFC) est 2x plus rapide amélioration du système de réactivité en particulier pour les propriétés “computed” (recalculées) le namespace JSX deprecated a été supprimé Cédric Exbrayat de NinjaSquad couvre également les nouveautés dans cet article https://blog.ninja-squad.com/2023/12/29/what-is-new-vue-3.4/ Astro JS 4.1 https://astro.build/blog/astro-410/ Découverte de ce FW grâce à Petipois https://medium.com/front-end-weekly/create-a-website-using-astro-in-2024-f5963003c19c Astro est le framework web pour la construction de sites web axés sur le contenu tels que les blogs, le marketing et le commerce électronique. Astro est surtout connu pour être le pionnier d'une nouvelle architecture frontend afin de réduire la surcharge et la complexité de JavaScript par rapport aux autres frameworks Architecture en “Astrot Islands” (interface en composants isolés) SSG et SSR (Static Site Generator ey Server Side Rendering) 0 Javascript si tu veux Tu utilises React, Angular ou Vue pour tes composants Lis plus ici : https://kinsta.com/fr/blog/astro-js/ React à 10 ans… et là ma découverte de React Server Components https://www.joshwcomeau.com/react/server-components/#introduction-to-react-server-components-3 “At a high level, React Server Components is the name for a brand-new paradigm. In this new world, we can create components that run exclusively on the server.” L'idée est de n'est pas faire des composants entiers en react dans le backend, et de n'est pas déléguer aux rendering client pour ces composants Prédictions 2024 https://thenewstack.io/2024-predictions-by-javascript-frontend-framework-maintainers/ Angular: Optional Zone.JS Next.js (nouveau compilateur, + backend ?) React: adoption de React Server Components, SPA ne suffit pas. React auto-memorizing (useCallback/useMemo deprecate) Solid 2.0 viendra après SolidStart (framework web) Data et Intelligence Artificielle Retour d'experience sur faire du RAG avec des LLMs https://x.com/taranjeetio/status/1742587923189596531?s=20 Gunnar Morling a lancé le 1 billion row challenge : https://www.morling.dev/blog/one-billion-row-challenge/ L'idée est de calculer le min / max, la moyenne, de températures, indiquées ligne par ligne dans un énorme fichier Il y a énormément de contributions. Les plus rapides ont utilisé des memory mapped files, ou bien des instructions SIMD Le challenge était en pur Java, mais d'autres personnes ont tenté l'expérience avec diverses bases de données ou autres langages de programmation Didier Girard parle de Shadow AI https://www.linkedin.com/posts/didiergirard_shadowai-genai-gouvernance-activity-7150031627006464000-IF1G/ Comme on a parlé de “shadow IT” à une époque, la nouvelle ombre du jour, c'est l'intelligence artificielle Pour être plus productifs, les employés utilisent l'IA, sans forcément le dire à leur employeur Le problème étant qu'avec certains système d'IA, les données que vous envoyées peuvent être sauvegardées et utilisées pour ré-entrainer l'IA… et potentiellement, l'IA pourrait recracher verbatim du texte provenant de ces données à d'autres utilisateurs. D'où une brèche dans la sécurité des données de l'entreprise Appel de fonction avec le LLM Gemini de Google https://glaforge.dev/posts/2023/12/22/gemini-function-calling/ Les Large Language Model sont limités par les connaissances qu'ils ont acquises lors de leur entrainement Une approche possible pour se baser sur une base documentaire est d'utiliser l'approche Retrieval Augmented Generation (RAG) où l'on utilise une base de données vectorielle pour récupérer des passages de texte qui correspondent à la requête demandée Mais il existe aussi une approche intéressante qui permet d'appeler des systèmes externes (APIs, service local, etc) en permettant au LLM de savoir qu'il peut répondre à une demande donnée en se basant sur l'appel d'une fonction. Dans cette approche, le LLM répond qu'il faudrait appeler une fonction (par exemple pour connaitre la météo à Paris) et il indique quels paramètres passer (“Paris”). Le développeur ensuite appel cette fonction et retourne le résultat de l'invocation au LLM, qui va ensuite pouvoir générer du texte avec ces données. C'est l'approche “function calling” qui permet d'étendre à un LLM pour lui donner accès à des données live, derrière une API, etc Méthodologies Une video sur le père Noël et la pensé critique de la Tronce en Biais https://youtu.be/tqlYKO_asFw?si=g1Fq5OfCvQONNb2i Vidéo interessante pour comprendre comment nous, dans la tech, on peut tomber facilement sur des croyances qui sont doutantes si on développe pas l'esprit critique. Le père Noël, véritable complot planétaire des adultes, magasins, médias … d'un mensonge Un enfant qui essaie d'appliquer le procédé épistémologique, il n'a pas d'autre source pour vérifier que le père noël n'existe pas, tous ses sources fiables duquel il apprend le monde (parents, profs, medias, histoires, medias) valident que le père noël existe. Expliquer les incoherences par la magie, c'est quelque chose de complément banal dans l'univers d'un enfant à qui on parle en permanence de magie La découverte de la mensonge aux alentours de 7 ans, l'age de la raison, est une bonne opportunité pour aborder l'esprit critique avec les enfants Loi, société et organisation EU AI Act cheat sheet https://www.linkedin.com/posts/yann-lecun_eu-ai-act-cheat-sheet-understand-activity-7139980837013331971-TDqI?utm_source=share&utm_medium=member_ios Les entreprises vont avoir 1 ou 2 ans pour s'y conformer Basics: Definition de l'AI, extraterritorialité, exceptions (oss, r&D, mais aussi défense …), classification par niveaux de risks (Prohibited > High Risk > Limited Risk > Minimal Risk) Prohibited: Biometrique, social credit scoring, detection d'emotions, renforcement des lois basées sur l'identification biometrique en public High (des régles sont définies pour controler ces usages: transparence, qualité, risque …): Le matériel médical, les véhicules, l'éducation, les élections, … General: Transparence et information ChatGPT n'est pas un super médecin https://x.com/drhughharvey/status/1736308984288563550?s=46&t=C18cckWlfukmsB_Fx0FfxQ ces d'utilisation ChatGPT en copilote Trop de non déterminisme dans les réponses à la même question 41% des réponses dans le consensus médical 7% dangereuse Faire du rag n'a monté que de quelques pourcents 5 Transcription de la conférence donnée PGConf EU par Laetitia Avrot et Karen Jex (expertes Postgresql): Trying to be Barbie in Ken's Mojo Dojo Casa House https://karenjex.blogspot.com/2023/12/trying-to-be-barbie-in-kens-mojo-dojo.html Il s'agit d'une conférence en sociologie. En sociologie, il suffit que quelque chose soit vrai pour la majorité des cas pour être considéré comme une vérité, car cela repose sur des statistiques. Sujet donné pour susciter de l'attention sur un problème qui existe bien dans la tech. Elles ont réalisé que la grande majorité de la population n'en était pas consciente (barbie)! Le film Barbie les a fait comprendre qu'elles doivent expliquer ce à quoi les femmes sont confrontées au quotidien, afin que les autres puissent comprendre à quel point cela peut être épuisant. Très bien documenté avec bcp de liens et références au delà de l'expérience personnelle Transcription et slides dans l'article Lien entre film Barbie et la place des femmes dans la tech. Idées non neuves mais cela a été un impact Les biais en général ne sont pas particuliers à un genre, sont globales. Test sur les biais implicites Il existe un déficit de talents technologiques (estimé atteindre de 1,4 million à 3,9 millions de personnes d'ici 2027 dans les pays de l'UE-27), qui pourrait potentiellement être comblé en doublant la proportion de femmes dans le secteur technologique. Cependant, la part des femmes dans les rôles technologiques connaît sa plus basse représentation dans les domaines en pleine croissance tels que DevOps et le cloud. plus de la moitié des femmes quittent l'industrie technologique 10 à 20 ans après le début de leur carrière, soit le double du taux des hommes. (manque d'opportunités, difficultés face aux biais, se sentir comme une outsider etc…) La part des femmes dans les rôles technologiques en Europe risque de diminuer pour atteindre 21% d'ici 2027. Solutions: roles modèles, combattre nos biais (si on ne les reconnait pas, on ne peut pas le combattre), mentoring, faire attention à donner de la voix etc… New York Times porte plainte à open ai https://www.bbc.com/news/technology-67826601 réclame des billions en copy right, suit aussi Microsoft et Bing qui utilise open ai on peut trouver des extraits des articles avec suscription disponibles Si on demande à chat gpt sur des news actuelles, reprend des explications tirés du NYT sans le mentionner Sur bing on peut trouver aussi des extraits sans citer ni linker la source Conséquences pour NYT: moins d'accès à leur site, moins de consultations, moins des clicks, chute des suscriptions, pertes monétaires importantes Réponse de OpenAI au NYT https://openai.com/blog/openai-and-journalism We collaborate with news organizations and are creating new opportunities Training is fair use, but we provide an opt-out because it's the right thing to do “Regurgitation” is a rare bug that we are working to drive to zero The New York Times is not telling the full story Outils de l'épisode Userscripts https://github.com/quoid/userscripts: extension pour changer le CSS et JS des sites dans votre navigateur Rubrique débutant Guillaume a publié 2 “codelabs” pour démarrer sur LangChain4J, en utilisant le LLM PaLM de Google https://glaforge.dev/posts/2023/12/18/get-hands-on-codelabs-to-dabble-with-llms/ Ces 2 tutoriels pratiques permettent de découvrir les deux modèles text et chat de PaLM Différentes tâches sont illustrées pour faire de simples questions/réponses, de simples chat, mais aussi comment extraire des données structurées d'un texte, comment faire de la classification (avec un exemple d'analyse de sentiment) Google Summer of Code - appel aux projets https://summerofcode.withgoogle.com/ Conférences La liste des conférences provenant de Developers Conferences Agenda/List par Aurélie Vache et contributeurs : 31 janvier 2024-3 février 2024 : SnowCamp - Grenoble (France) 1 février 2024 : AgiLeMans - Le Mans (France) 6 février 2024 : DevFest Paris - Paris (France) 8-9 février 2024 : Touraine Tech - Tours (France) 15-16 février 2024 : Scala.IO - Nantes (France) 6-7 mars 2024 : FlowCon 2024 - Paris (France) 14-15 mars 2024 : pgDayParis - Paris (France) 19 mars 2024 : AppDeveloperCon - Paris (France) 19 mars 2024 : ArgoCon - Paris (France) 19 mars 2024 : BackstageCon - Paris (France) 19 mars 2024 : Cilium + eBPF Day - Paris (France) 19 mars 2024 : Cloud Native AI Day Europe - Paris (France) 19 mars 2024 : Cloud Native Wasm Day Europe - Paris (France) 19 mars 2024 : Data on Kubernetes Day - Paris (France) 19 mars 2024 : Istio Day Europe - Paris (France) 19 mars 2024 : Kubeflow Summit Europe - Paris (France) 19 mars 2024 : Kubernetes on Edge Day Europe - Paris (France) 19 mars 2024 : Multi-Tenancy Con - Paris (France) 19 mars 2024 : Observabiity Day Europe - Paris (France) 19 mars 2024 : OpenTofu Day Europe - Paris (France) 19 mars 2024 : Platform Engineering Day - Paris (France) 19 mars 2024 : ThanosCon Europe - Paris (France) 19-21 mars 2024 : IT & Cybersecurity Meetings - Paris (France) 19-22 mars 2024 : KubeCon + CloudNativeCon Europe 2024 - Paris (France) 21 mars 2024 : IA & Data Day Strasbourg - Strasbourg (France) 22-23 mars 2024 : Agile Games France - Valence (France) 26-28 mars 2024 : Forum INCYBER Europe - Lille (France) 28-29 mars 2024 : SymfonyLive Paris 2024 - Paris (France) 28-30 mars 2024 : DrupalCamp Roazhon - Rennes (France) 4-6 avril 2024 : Toulouse Hacking Convention - Toulouse (France) 17-19 avril 2024 : Devoxx France - Paris (France) 18-20 avril 2024 : Devoxx Greece - Athens (Greece) 22 avril 2024 : React Connection 2024 - Paris (France) 23 avril 2024 : React Native Connection 2024 - Paris (France) 25-26 avril 2024 : MiXiT - Lyon (France) 25-26 avril 2024 : Android Makers - Paris (France) 8-10 mai 2024 : Devoxx UK - London (UK) 16-17 mai 2024 : Newcrafts Paris - Paris (France) 22-25 mai 2024 : Viva Tech - Paris (France) 24 mai 2024 : AFUP Day Nancy - Nancy (France) 24 mai 2024 : AFUP Day Poitiers - Poitiers (France) 24 mai 2024 : AFUP Day Lille - Lille (France) 24 mai 2024 : AFUP Day Lyon - Lyon (France) 2 juin 2024 : PolyCloud - Montpellier (France) 6-7 juin 2024 : DevFest Lille - Lille (France) 6-7 juin 2024 : Alpes Craft - Grenoble (France) 11-12 juin 2024 : OW2con - Paris (France) 12-14 juin 2024 : Rencontres R - Vannes (France) 14 juin 2024 : DevQuest - Niort (France) 27-28 juin 2024 : Agi Lille - Lille (France) 4-5 juillet 2024 : Sunny Tech - Montpellier (France) 19-20 septembre 2024 : API Platform Conference - Lille (France) & Online 7-11 octobre 2024 : Devoxx Belgium - Antwerp (Belgium) 10-11 octobre 2024 : Volcamp - Clermont-Ferrand (France) 10-11 octobre 2024 : Forum PHP - Marne-la-Vallée (France) 17-18 octobre 2024 : DevFest Nantes - Nantes (France) 6 novembre 2024 : Master Dev De France - Paris (France) Nous contacter Pour réagir à cet épisode, venez discuter sur le groupe Google https://groups.google.com/group/lescastcodeurs Contactez-nous via twitter https://twitter.com/lescastcodeurs Faire un crowdcast ou une crowdquestion Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Tous les épisodes et toutes les infos sur https://lescastcodeurs.com/

Интервью с участников Google Summer of Code, который занялся адаптацией Organic Maps для Android Auto

GSoC und Musik am Ende

Host Chris Adams is joined by executive director of the Green Software Foundation, Asim Hussain as they dive into another mailbag session, bringing you the unanswered questions from the recent live virtual event on World Environment Day that was hosted by the Green Software Foundation on June 5 2023. Asim and Chris start with a discussion on the complexities of capturing energy consumed by memory, I/O operations, and network calls in the SCI. They explore real examples of measuring SCI on pipelines of CI/CD, showcasing projects like Green Metrics Tool and the Google Summer of Code Wagtail project. The conversation shifts to the carbon efficiency of GPUs and their environmental impact, touching on the tech industry's increasing hardware demands. They also address the potential for reusing cooling water from data centers, considering various cooling designs and their impact on water consumption.

Guests Bob Killen | Navendu Pottekkat Panelist Richard Littauer Show Notes Hello and welcome to Sustain! The podcast where we talk about sustaining open source for the long haul. This is a special podcast and one of several in this series for GitHub's Maintainer Month. We're interviewing maintainers to ask them about what their experience is of maintainership and open source. Today, we're very excited to have two guests joining us. Our first guest is Bob Killen, who's a Program Manager at Google, serves the Kubernetes project as a Steering Committee member and chair of the Contributor Experience Special Interest Group. Bob talks about the mentoring cohort approach the Kubernetes community has, the importance of titles, and the value of a defined contributor ladder to recognize and motivate contributors. Our next guest is Navendu Pottekkat, who's a Maintainer of Apache APISIX, the Cloud Native API Gateway. Navendu tells us about his experience in contributing to building, scaling, and maintaining open source projects, his involvement in mentorship programs, and the importance of people focusing on balancing the code with the community aspect. Download this episode now to hear much more! Bob: [00:02:00] Bob's role at Google encourages him to contribute and to be active in the Kubernetes community and being part of the OSPO, where he's focused on maintaining the overall health of the project and keeping track of various services. [00:03:02] He's been in the open source space since mid-2000s and was already working on Kubernetes before joining Google. [00:04:16] We hear about the Contributor Experience Special Interest Group, what Bob does there, and the mentoring cohort approach the Kubernetes community has to help grow people into maintainer roles. [00:07:56] Since Kubernetes avoids private Slack channels, Bob explains how he asks questions in an open place. [00:08:45] Bob finds it challenging to maintain his role in special interest groups while working full-time, as there is always an endless backlog of issues and prioritizing and triaging can be difficult. [00:09:45] What keeps Bob working there? Well, he enjoys the people he works with and going to KubeCon events has helped him connect with so many people. [00:11:45] Something Bob is looking forward to doing is stepping down from some of his leadership roles and mentoring others to replace him. [00:13:15] Bob shares some advice to his potential replacement, and he discusses the importance of titles in helping people understand the time investment and leadership responsibilities of being a maintainer. [00:16:12] He explains the value of a defined contributor ladder to recognize and motivate contributors. [00:16:50] Find out where you can read more about Bob and his work on the web. Navendu: [00:19:29] Our next guest is Navendu, and he tells us about APISIX. [00:21:03] Navendu talks about how he got involved in open source and how he mentors students and new developers who are interested in building stuff in the cloud. Also, he tells us about being a part of the Linux Foundation mentorship program. [00:23:35] We hear about Navendu's involvement in mentorship programs like Google Summer of Code and the Linux Foundation mentorship program. [00:25:30] There's a discussion on the importance of stipends for students and how mentorship is an important aspect of open source projects. [00:26:42] Navendu mentions that it's easy to convince him company and the APISIX community about the importance of mentorship and community in open source. [00:28:24] What's hard about open source for Navendu? He mentions that working on open source projects can be overwhelming especially when there are always issues that need to be addressed and pull requests that need to be reviewed. [00:30:11] We hear some tips for people to step up to take of the community, and Navendu encourages users and community members to get involved. [00:32:20] Find out where you can learn more about Navendu and APISIX online. Quotes Quote from Bob: [00:14:23] “That title winds up being a much bigger thing because it's easier to explain than hey, I'm a lead of this.” Quotes from Navendu: [00:23:11] “Being online 24/7 is taking a toll on my health and is not sustainable.” [00:26:52] “There is always some aspect of mentorship when you're working on open source projects.” [00:29:46] “If you have people focus on community it helps.” [00:30:41] “At some point, some maintainers have to step up and take care of the community.” Links SustainOSS (https://sustainoss.org/) SustainOSS Twitter (https://twitter.com/SustainOSS?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) SustainOSS Discourse (https://discourse.sustainoss.org/) podcast@sustainoss.org (mailto:podcast@sustainoss.org) SustainOSS Mastodon (https://mastodon.social/tags/sustainoss) Richard Littauer Twitter (https://twitter.com/richlitt?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) Richard Littauer Mastodon (https://mastodon.social/@richlitt) Bob Killen Website (https://mrbobbytabl.es/) Bob Killen Twitter (https://twitter.com/mrbobbytables) Bob Killen Mastodon (https://hachyderm.io/@mrbobbytables) KubeCon 2023 North America (https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/) KubeCon 2023 China (https://www.lfasiallc.com/kubecon-cloudnativecon-open-source-summit-china/) Navendu Pottekkat Website (https://navendu.me/) Apache APISIX (https://apisix.apache.org/) Apache APISIX-How to Contribute (https://apisix.apache.org/docs/general/how-to-contribute/) Credits Produced by Richard Littauer (https://www.burntfen.com/) Edited by Paul M. Bahr at Peachtree Sound (https://www.peachtreesound.com/) Show notes by DeAnn Bahr Peachtree Sound (https://www.peachtreesound.com/) Special Guests: Bob Killen and Navendu Pottekkat.

Guests Smera Goel | Dotan Horovits Panelist Richard Littauer Show Notes Hello and welcome to Sustain! On this episode, Richard is at the FOSS Backstage 2023 that is held in Berlin every year. Today, Richard has two guests joining him. He meets up with Smera Goel who was featured on Episode 3 of our Sustain Open Source Design Podcast. Richard catches up with her and what has been going on the past year and a half. Smera is a Product Designer and an Outreachy Mentor for Fedora. She is also the Mentor Project Representative for Fedora, in charge of looking after the participation of Fedora in different mentorship programs such as Outreachy and Google Summer of Code. Smera works for a startup in Berlin that has some open-source offerings, and she got her job from an open-source design job board. Richard and Smera discuss mentoring mentors and mentees in the context of software sustainability. Richard's next guest is Dotan Horovits, who's the Principal Developer Advocate at Logz.io. and he tells us about his own podcast called "OpenObservability Talks." He explains the dominance of closed-source vendors in the observability space, which has led to a siloed and vendor-locked situation. They also discuss how observability is important for cloud-based web applications and large production systems and how open-source projects should have an open door to the CNCF and how collaborations between different foundations can be beneficial. Download this episode to hear more! Links SustainOSS (https://sustainoss.org/) SustainOSS Twitter (https://twitter.com/SustainOSS?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) SustainOSS Discourse (https://discourse.sustainoss.org/) podcast@sustainoss.org (mailto:podcast@sustainoss.org) Richard Littauer Twitter (https://twitter.com/richlitt?lang=en) FOSS Backstage 2023 (https://foss-backstage.de/) Smera Goel Website (https://smera.notion.site/) Smera Goel LinkedIn (https://www.linkedin.com/in/smera-goel/) Fedora (https://getfedora.org/) Sustain Open Source Design Podcast-Episode 3-Smera Goel on Designing in the Fedora Project, Outreachy, and India (https://sosdesign.sustainoss.org/3) Dotan Horovits LinkedIn (https://il.linkedin.com/in/horovits) Dotan Horovits Twitter (https://twitter.com/horovits) OpenObservability Talks Podcast (https://podcasters.spotify.com/pod/show/openobservability) Logz.io (https://logz.io/hp-sandbox/) OpenObservability Talks on the podcast apps (https://podcasters.spotify.com/pod/show/openobservability) OpenObservability Talks on YouTube (videocast) (https://www.youtube.com/@openobservabilitytalks) Is “vendor owned open source” an oxymoron? (https://horovits.medium.com/is-vendor-owned-open-source-an-oxymoron-b5486a4de1c6) Open Source for Better Observability (https://horovits.medium.com/open-source-for-better-observability-8c65b5630561) Credits Produced by Richard Littauer (https://www.burntfen.com/) Edited by Paul M. Bahr at Peachtree Sound (https://www.peachtreesound.com/) Show notes by DeAnn Bahr Peachtree Sound (https://www.peachtreesound.com/) Special Guests: Dotan Horovits and Smera Goel.

This episode explores an open source software vulnerability scanner called CVE Binary Tool, which scans binaries and component lists in your project and reports back known vulnerabilities based on data from NIST's National Vulnerability Database (NVD) list of Common Vulnerabilities and Exposures (CVEs). My guest is Dr. Terry Oda, a security researcher at Intel and the lead maintainer of CVE Binary Tool, and co-host Chris Norman, Intel Open Source Evangelist joins us to explore the inner workings of the project and discuss contribution, community and the importance of developer-focused initiatives like Google Summer of Code. Guest: Terri Oda has a PhD in horribleness, assuming we can all agree that web security is kind of horrible.   She specializes in saying “no” and explaining things in varied roles as an open source security professional, a parent, and the volunteer coordinator of a summer mentoring program for Python.

Antonio, Guillaume et Emmanuel discutent de licence Oracle pour Oracle JDK, de JEPs, de Flutter, d'Hibernate, de Mokito, de Kafka, de (not so) Big Data, du parsing de YAML, de ChatGPT, de licenciements, de platform engineering, et de nombres flottants. Enregistré le 10 février 2023 Téléchargement de l'épisode LesCastCodeurs-Episode–291.mp3 News Langages Oracle a changé une des licences de Oracle Java https://redresscompliance.com/oracle-java-licensing-changes-explaned-free/ plus d'utilisateurs nommé mais basé sur tous les employés et même les employés de vos soustraitant Bref, ca va faire cher et si vous itulisez plus de 50k processeurs, vous payez en plus Un autre article d'IDC https://blogs.idc.com/2023/01/30/oracle-java-subscription-changes-what-is-the-impact-to-customers/ Message a caractère informatif: il y a d'autres distributions de OpenJDK supportées de différents vendeurs ; ou la version non supportée InfoQ fait un résumé des dernières nouvelles Java, les mises à jour sur les JEPs, les dernières releases https://www.infoq.com/news/2023/01/java-news-roundup-jan23–2023/ sur Java specificquement des mises à jour de drafts autour du projet amber (primitive types in patterns etc) Une JEP pour discuter du future process des JEP (evolutions) JDK 20 en rampdown phase avec en nouvelles features: scoped values, record patterms, pattern matching for switches, virtual threads, structured concurrency - toutes en incubation ou preview https://www.infoq.com/news/2023/02/java-news-roundup-jan30–2023/ Le framework RIFE fait son grand retour ! Sortie de Go 1.20 https://go.dev/doc/go1.20 mais pas de gros changements, juste des améliorations de la toolchain, des librairies… Recap de la conférence Flutter Forward 2023 https://medium.com/@flutterqueen/flutter-forward–2023-recap–8f6da4876e3 Annonces de Flutter 3.7 et Dart 2.19 Amélioration de la performance graphique (utilisation de Impeller au lieu de Skia) Layout adaptatif Barres et sous-barres de menu Validation de release iOS Support de Material 3 Nouveaux widgets Support de ses propres shaders Facilitation de l'intégration native avec FFIgen et JNIgen Support de la 3D Support de WebAssembly Support de RISC-V Possibilité d'intégrer une app Flutter comme un élément HTML dans un page HTML Un toolkit spécifique pour les applis de News Côté langage Dart, il devrait bientôt y avoir du pattern matching Librairies Les bonnes pratiques d'accessibilité pour les applications en Flutter https://medium.com/flutter-community/creating-inclusive-apps-with-flutter-best-practices-for-accessibility-c7cebe0beb4d 4 grands thèmes dans l'article : l'accessibilité dans Flutter, les fonctionnalités intégrées à Flutter pour l'accessibilité, les meilleurs pratiques pour rendre les apps Flutter accessibles, et tester / débugguer l'accessibilité Flutter supporte le text contrast, les screen readers, les labels sémantiques, l'utilisation au clavier Comment logger les requetes Hibernate ORM https://www.adeliosys.fr/articles/hibernate-monitoring/ log brut via un logger les requetes lentes (plus lentes que n millisecondes) les metriques plus avancées (Statement, requetes, temps acquisition de connections, cache) Exposable via JMX le pool de connexion Sortie de Mockito 5, avec la possibilité de mocker des constructeurs, des méthodes statiques et des classes finales https://www.infoq.com/news/2023/01/mockito–5/ avant, c'était déjà possible de le faire avec mockito-inline mais maintenant c'est “out of the box” la version Java minimale passe de Java 8 à Java 11 Cloud Kubernetes Java client ajouté le support de kubernetes 1.25 https://www.infoq.com/news/2023/01/kubernetes-java-client/?utm_campaign=infoq_content&utm_source=twitter&utm_medium=feed&utm_term=java ajout d'APIs dynamique pour faire du monitoring générique L'article montre l'API utilisée en alternative a certaines commandes kubectl fabric8 est une alternative Data Big data est mort https://motherduck.com/blog/big-data-is-dead/ fondateur de BigQuery Puis regardé comment les utiilsateurs utilisaent Big Query Et pas un probleme de big data Retour des moteurs classiques MySQL / PostgreSQL vs MongoDB etc la plupart des utilisaeur de big query etaient sous les 1Tb et 50% at 100GB ou moins doncle deluge de données n'est pas arrivé le shift moderne c'est de detacher le stockage du compute les données grossissent plus vite que les besoin en compute sur ces données la taille du workload est sur un petit sous ensemble de la taille des données entiéres (90% des requetes bigquery sont sur 100M de données) bases de données modernes sont force a travailler sur un sous ensemble des données pression pour scocker moins de données sur les equipes données sont requetees dans la journée, dans la semaine et ensuite rarement touchées donc big data = whatever doesn't fit on a single machine, est de moins en moins vrai map reduce en 2004 et machines de maintenant entre 2 et 4 ordre de grandeurs de RAM en plus avant on se foutait de supprimer des données mais GDPR et responsabilité pénales change la donne data putrefaction comme le bit rot questionnaire pour savoir si les prochaines generations de data processing seront suffisant pour vous distribution est une raison par contre Outillage Tous les soucis avec YAML https://ruudvanasseldonk.com/2023/01/11/the-yaml-document-from-hell article qui explique la complexité de YAML et ses incohérences Comparaison a la simplicité de JSON les commentaires JSON enlevés en 2005 parce que les gens mettaient des meta instructions pour les parseurs et l'implementation des commentaire était très complexe 22:22 est une nombre en base 60 vs 80:80 qui ne l'est pas (enleve en YAML 1.2 - **.png est invalide, ** est une reference vers une ancre - !.git est parsé différemment par les parseurs: ! est une echape pour exprimer un type natif du langage (e.g. Java) - ca veut dire que charger un YAML inconnu est non sûr - fr - de - no retourne ["fr", "de", no] le problème Norvège | changé en tre YAML 1./1 et 1.2 mais l;es parseurs gardent les anciens comportements:. Boolean: on, yes, y on: "let's go" est convertit en { "True": "let's go" } parce que on est boolean et accepté en clé non String dans YAML version: [ 9.5.1, 12.13] -> { "version": [ "9.5.1", 12,13 ] } les chiffres non echapé par un guillement syntax highlighting est donc dependant les templates dans yaml ca court a la cata altewrnatives: TOML, JSON, sous ensemble de YAML (toujours quoter les chaines) ChatGPT, on lui attribue plus de magie qu'il n'en a https://arxiv.org/pdf/2212.03551.pdf un article scientifique mais de 8 pages seulement ChatGPT entant que large language models (LLM) et un prompt Engineering au dessus (le conversational agent) ChatGPT c'est une exécution du modèle Next Token Prediction C'est de la statistique brute mais excrément versatile dans ses usages Tendance à anthropomorphismes parce qu'on a passé la sensation de uncanny valley Considérant la distribution statistique des mots du corpus public, quels mots ont le plus de chance de venir après Pas de relation au monde, aux objets et aux interactions d'êtres partageant le même langage Pas des faits, ChatGPT ne sait pas, n'a pas d'intention C'est donc un outil génial pour éliminer un paquet du bullshit work de tous les jours, pas les gens qui le font Est-ce que les capacités sont émergentes ? LLM fondamentalement est hors du concept Le méta tutoriel sur le parsing avec Antlr https://tomassetti.me/antlr-mega-tutorial/ Couvre différents langages don't Java, Python, JavaScript et C# Explique les différentes phases de lexing, de parsing Comment résoudre les ambiguïtés avec les prédicats sémantiques Comment transformer du code Comment tester son parseur Et autre trucs et astuces Un tutoriel sur comment releaser un module Java avec Maven, JReleaser et Github Actions https://foojay.io/today/how-to-release-a-java-module-with-jreleaser-to-maven-central-with-github-actions/ montre le setup necessaire (clé GPG, pripriété du groupid, config maven etc montre comment faire la release à la main comment l'automatiser via GitHub actions Un tutoriel expliquant comment utiliser CRaC pour vos applis Java dans un conteneur https://foojay.io/today/how-to-run-a-java-application-with-crac-in-a-docker-container/ Coordinated Restore at Checkpoint (développé par Azul) Permet de créer des snapshots d'une application Java Pour qu'elle puisse être relancée rapidement après son démarrage, son warmup Une intro à Kafka en français https://blog.octo.com/kafka-repond-il-a-mon-besoin/ Maven 3.9 sorti https://lists.apache.org/thread/0tfr7t2j2ddbv4gjvxm47yohtk3dg6b3 https://maven.apache.org/docs/3.9.0/release-notes.html Java 8 nécessaire pour lancer Maven Pas mal de nettoyage de code et de dépendances pour préparer Maven 4. Certains plugins mal conçus (ex: qui ne déclare pas la dep plexus-util) peuvent être incompatibles. .mvn/maven.config dit désormais avoir 1 arg par ligne Maven avertit maintenant sur l'utilisation de plugins obsolètes, objectifs, paramètres, etc. Ajout de la prise en charge de l'invocation « mvn pluginPrefix:version:goal » et mise à jour des logs (pour simplifier le copier/coller). Ajout d'activation de profil par packaging. Maven 3.9.0 est désormais entièrement compatible avec la nouvelle ligne 3.x d'installation et de déploiement de plugins (les versions précédentes préviennent à ce sujet). Ajout du support du repo local partagé - https://maven.apache.org/resolver/local-repository.html#shared-access-to-local-repository Ajout de la possibilité de splitter le repo local (releases, vs snapshots…) et possibilité de gérer des workspaces - https://maven.apache.org/resolver/local-repository.html#split-local-repository Filtrage des dependences par repository - https://maven.apache.org/resolver/remote-repository-filtering.html Chained local repository (pour l'isolation entre “outer” and “inner” builds) - https://issues.apache.org/jira/browse/MNG–7612 Attention: Il y aurait une regression (10%) sur les perfs de gros projets - https://issues.apache.org/jira/browse/MNG–7677 Les bisounours Méthodologies De operation engineering vers platform engineering https://www.infoq.com/news/2022/10/platform-devops-summary/ et quand le sysadmin devient de nouveau sexy grosse tendance et beaucoup de discussions autour du la platform engineering une plateforme imposée aux devs mais sexy donc c'est bon cette fois: plus serieusement customer focus - la fameuse developer experience Requilibrage entre dev vs ops puis devops plat et maintenant ceci. Sans enlever devops car devops amene une charge mentale lourde objectif developper la “core business value” et donc supporter cela avec une Internal DEveloper Platform Backstage est la GUI au dessus mais une IDP est plus profonde Infra Platform dev teams IDP: ne pas avoir a faire tourner l'infra (pour une equipe dev metier) Et cela permet d'ajouter des controles “entreprise”: cout, gouvernance etc C'est un pendule qui se reequilibre, mais n'oublions pas que les devs aime le jeu, comme les otaries. Pas pisser du code metier le plus vite possible. Est-ce que les IDP seront populaires, c'est la grande question un contre point dans l'articl;e: IDP are expensive and hard to do, offer a mediocre service at best, destroy velocity, and create bad incentives lié a la notion de golden path Sécurité Une liste de binaires Unix qui peuvent être utilisés pour bypasser des systèmes malconfigurés https://gtfobins.github.io/ apparemment même des images type distroless peuvent être affectées risques potentiels : accès à un shell, des privilèges élevés, transférer des fichiers, etc. Loi, société et organisation Twitter desactive l'API pour les clients qui n'affichent pas les pubs de Twitter (comme Tweetbot https://twitter.com/tweetbot/status/1613763746437947394) et paf le support de twitter sur ton ordi Ola Bini déclaré innocent https://peoplesdispatch.org/2023/02/01/digital-rights-activist-ola-bini-declared-innocent-by-ecuadorian-court Arrété en 2019 en Equateur Accusé d'avoir eu access à des ordinateurs et des systemes de communication En même temps que Julian Assange était renvoyé de l'ambassage Equatorienne de Londres Il a fait 70 jours de prison Google a viré son équipe Open Source https://www.infoworld.com/article/3686511/google-blew-it-with-open-source-layoffs.html gros efforts autour de l'open sourcing (Kubernetes, Tensor flow) paie des dividendes viré par les tetes de gondoles mais ceux qui avaient fait des différences Open Source program, Google Summer of Code Grosse influeence interne qui se perd, risque pour le futur ca reste l'opinion de Matt Asay ( :stuck_out_tongue_winking_eye: ) Dans la saga Twitter, après l'arrêt des clients Twitter tiers, maintenant l'accès même à l'API va devenir payant https://twitter.com/twitterdev/status/1621026986784337922 donc par exemple, on ne pourra même plus créer des bots gratuitement, comme faire des annonces automatiques de release, etc ah bah merde c'est ce que je fais pour les cast codeurs :/ On peut rajouter son Mastodon sur son profil Github https://github.blog/changelog/2023–02–02-add-more-social-links-to-your-user-profile/ Pratique pour la vérification Mastodon ! On pouvait seulement mettre un lien vers Twitter, maintenant on peut avoir plusieurs profils de médias sociaux différents Rubrique débutant Julia Evans a écrit deux articles intéressants sur les problèmes avec les nombres flottants et avec les nombres entiers https://jvns.ca/blog/2023/01/13/examples-of-floating-point-problems/ https://jvns.ca/blog/2023/01/18/examples-of-problems-with-integers/ les problèmes classiques d'overflow le grand écart entre les grands nombres flottants des cas concrets de valeur approchée (proche à epsilon près), ou avec JavaScript qui interprète les entiers comme des flottants et du coup interprète mal des grands ID en JSON des clés primaires trop petites, les bizarreries de l'encodage des nombres signés ou non Quels sont les types de mémoires dans la JVM ? https://www.baeldung.com/java-jvm-memory-types Heap Stack Native Direct je pense que l'article a des incoherences, Ent ous cas native vs direct est mal expliqué. Un truc pas super clair mais plus clair est ici sur native vs direct: https://stackoverflow.com/questions/30622818/what-is-the-difference-between-off-heap-native-heap-direct-memory-and-native-m c'est en gros direct vers du hardware (IO/ network etc) memory mapped file permet d'aller au dela de la limit e de memoire vive du systeme Conférences La liste des conférences provenant de Developers Conferences Agenda/List par Aurélie Vache et contributeurs : 9–11 février 2023 : World AI Cannes Festival - Cannes (France) 16–19 février 2023 : PyConFR - Bordeaux (France) 7 mars 2023 : Kubernetes Community Days France - Paris (France) 15–18 mars 2023 : JChateau - Cheverny in the Châteaux of the Loire Valley (France) 23–24 mars 2023 : SymfonyLive Paris - Paris (France) 23–24 mars 2023 : Agile Niort - Niort (France) 30 mars 2023 : Archilocus - Online (France) 31 mars 2023–1 avril 2023 : Agile Games France - Grenoble (France) 1–2 avril 2023 : JdLL - Lyon 3e (France) 4 avril 2023 : AWS Summit Paris - Paris (France) 5–7 avril 2023 : FIC - Lille Grand Palais (France) 12–14 avril 2023 : Devoxx France - Paris (France) 20–21 avril 2023 : Toulouse Hacking Convention 2023 - Toulouse (France) 27–28 avril 2023 : AndroidMakers by droidcon - Montrouge (France) 4–6 mai 2023 : Devoxx Greece - Athens (Greece) 10–12 mai 2023 : Devoxx UK - London (UK) 12 mai 2023 : AFUP Day - lle & Lyon (France) 25–26 mai 2023 : Newcrafts Paris - Paris (France) 26 mai 2023 : Devfest Lille - Lille (France) 27 mai 2023 : Polycloud - Montpellier (France) 31 mai 2023–2 juin 2023 : Devoxx Poland - Krakow (Poland) 31 mai 2023–2 juin 2023 : Web2Day - Nantes (France) 1 juin 2023 : Javaday - Paris (France) 1 juin 2023 : WAX - Aix-en-Provence (France) 7 juin 2023 : Serverless Days Paris - Paris (France) 15–16 juin 2023 : Le Camping des Speakers - Baden (France) 29–30 juin 2023 : Sunny Tech - Montpellier (France) 8 septembre 2023 : JUG Summer Camp - La Rochelle (France) 19 septembre 2023 : Salon de la Data Nantes - Nantes (France) & Online 21–22 septembre 2023 : API Platform Conference - Lille (France) & Online 2–6 octobre 2023 : Devoxx Belgium - Antwerp (Belgium) 12 octobre 2023 : Cloud Nord - Lille (France) 12–13 octobre 2023 : Volcamp 2023 - Clermont-Ferrand (France) 6–7 décembre 2023 : Open Source Experience - Paris (France) 31 janvier 2024–3 février 2024 : SnowCamp - Grenoble (France) 1–3 février 2024 : SnowCamp - Grenoble (France) Nous contacter Pour réagir à cet épisode, venez discuter sur le groupe Google https://groups.google.com/group/lescastcodeurs Contactez-nous via twitter https://twitter.com/lescastcodeurs Faire un crowdcast ou une crowdquestion Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Tous les épisodes et toutes les infos sur https://lescastcodeurs.com/

Okan Aşık - Robotlardan Amazona Uzanan Yolculuk - Konuşmacımız Okan Aşık'ın Özgeçmişi: Okan Aşık, Boğaziçi Üniversitesi Bilgisayar ve Öğretim Teknolojileri Eğitimi bölümünden birincilikle mezun oldu. Mezun olduğu yaz, Oyak Teknoloji'de e-öğrenme biriminde yazılım geliştiricisi olarak çalıştı. Kısa iş deneyiminden sonra Boğaziçi Üniversitesi Bilgisayar Mühendisliği'nde robot laboratuvarında çoklu karar verme algoritmaları üzerine yüksek lisans yaptı. Yüksek lisanstan sonra yine aynı bölümde aynı konu üzerine Doktora eğitimine devam etti. Doktora ve yüksek lisans egitimi boyunca robot futbol takımıyla ve arama kurtarma simulasyon takımıyla RoboCup yarışmalarına katıldı. Doktora süresince araştırma görevlisi olarak çalıştı. Yine doktora süresince Open Source Robotics Foundation (OSRF) ve JdeRobotics açık kaynak projelerinde Google Summer of Code kapsamında çalıştı, ayrıca JdeRobot projesinde mentorluk yaptı. 2019 yılında Devpaths ile silikon vadisi mülakatlarına hazırlandı ve 2020 yılında Amazon Intech'den teklif aldı. 2020 yılından beri Amazon Intech'de yazılım geliştirme mühendisi olarak çalışıyor. - Hakkımızda Kesişen Yollar Derneği, eğitim ve sosyal hizmet alanlarında Türkiye'ye yönelik çeşitli projeler geliştirmekte ve etkinlikler düzenlemektedir. Bu projeler ve etkinliklerdeki amacımız eğitimde fırsat eşitsizliğini azaltmak ve bunu yaparken de bambaşka dünyaları ve farklı hayat tarzlarını kesiştirmek, birbirimizden öğrenmek, esinlenmek ve birbirimize ilham kaynağı olmak. Her şeyin başı eğitim fakat biz bunun farklılıklara saygıyı, hoşgörüyü, empatiyi ve sosyal sorumluluk bilincini aşılayan bir eğitim olduğuna inanıyoruz. Bu inancı bizimle paylaşan ve bize destek olmak isteyen, etnik kökeni, inancı, siyasi görüşü, cinsiyeti, cinsel yönelimi ve yaşı ne olursa olsun herkesle ortak bir paydada buluşabileceğimize inanıyoruz. - Sosyal Medya ve İletişim : https://allmylinks.com/crossingpaths Bize destek olmak için : http://bit.ly/cpathsdonation

Panelists Richard Littauer | Eriol Fox | Memo Esparza | Georgia Bullen Show Notes Hello and welcome to Sustain Open Source Design! The podcast where we talk about sustaining open source with design. Learn how we, as designers, interface with open source in a sustainable way, how we integrate into different communities, and how we as coders, work with other designers. On today's episode, we wanted to have a reintroduction to us as a group and find out what's going on with us and what we're all doing these days since we don't get to talk very much. Also, this is the last podcast of the 2022 season, and it's truly been an exciting one for us. So, on this last episode, we're going to talk a little bit about some past things we discussed before, current events of the day, stuff we're working on, and then we'll discuss some cool things we would like to happen on this podcast for the 2023 season which is only a few months away. Go ahead and download this episode now to find out more! [00:03:34] Each panelist shares things they've been thinking about lately to do with Open Source Design, things they've been working on a personal level around open source and their design efforts. Eriol starts by telling us what they've been doing to help out the Open Source Design Community with internships, fellowships, and supporting the mentoring process. [00:09:22] Eriol talks about the challenges they've had, ways people could help out, and where people can follow along. [00:12:20] Richard tells us his story, what he's doing with Open Source Collective, and how he's figuring out how to help open source projects to spend the money they got. [00:16:31] Georgia brings up topics for the future and talks about community development that is a design process, and how she thinks about what we could do more of is to take a challenge like Eriol talked about with designing an internship program and to make it a collaborative thinking space by talking with other people. [00:17:39] We find out what Memo is up to with his work, growing the design team at Open Collective, things he's focusing on, and ideas with what he would like to see happen on the podcast next season. [00:20:50] Memo tells us some other cool stuff he's working on. [00:23:58] Georgia brings up having future conversations to have about what it takes to serve the design industry with tools. [00:26:11] Memo shares his thoughts about expanding our circles further, and Georgia fills us in on everything that's going on in her world at Simply Secure. [00:36:05] Find out where you can reach out to the discourse, podcast, and panelists to find out more and if you are interested in talking to us about ideas for this podcast. Links Open Source Design Twitter (https://twitter.com/opensrcdesign) Open Source Design (https://opensourcedesign.net/) sosdpodcast@sustainoss.org (mailto:sosdpodcast@sustainoss.org) Sustain Design & UX working group (https://discourse.sustainoss.org/t/design-ux-working-group/348) SustainOSS Discourse (https://discourse.sustainoss.org/) Sustain Open Source Twitter (https://twitter.com/sustainoss?lang=en) Richard Littauer Twitter (https://twitter.com/richlitt?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) richard@oscollective.org (mailto:richard@oscollective.org) Eriol Fox Twitter (https://twitter.com/EriolDoesDesign?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) eriol@simplysecure.org (mailto:eriol@simplysecure.org) Georgia Bullen Twitter (https://twitter.com/georgiamoon?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) georgia@simplysecure.org (mailto:georgia@simplysecure.org) Memo Esparza Twitter (https://twitter.com/memo_es_) memo@opencollective.com (mailto:memo@opencollective.com) Outreachy (https://www.outreachy.org/) Google Summer of Code (https://summerofcode.withgoogle.com/) Open Source Design Discourse (https://discourse.opensourcedesign.net/) Open Source Design-Open Collective (https://opencollective.com/opensourcedesign) Deciding on how to use your money-Open Source Collective (https://docs.oscollective.org/guides/deciding-on-how-to-use-your-money) Tech Policy Design Lab (https://techlab.webfoundation.org/) What's next for ‘Simply Secure'? Part 1: Revisiting our name and identity (https://simplysecure.org/blog/simply-secure-rebranding-survey/) What's next for ‘Simply Secure'? Part 2: Refreshing our name and identity (https://simplysecure.org/blog/simply-secure-refreshing-our-name-and-identity-part-2/) Usable Software Ecosystem Research (https://docs.google.com/forms/d/1db9akanLAcsFQvR4eZIzMjW_D8F2YRGSwnMUlURTg7c/viewform?edit_requested=true) Credits Produced by Richard Littauer (https://www.burntfen.com/) Edited by Paul M. Bahr at Peachtree Sound (https://www.peachtreesound.com/) Show notes by DeAnn Bahr Peachtree Sound (https://www.peachtreesound.com/)

https://go.dok.community/slack https://dok.community/ With: Oleg Nenashev - Community Builder and Developer Advocate, Dynatrace Bart Farrell - Head of Community, Data on Kubernetes Community ABSTRACT OF THE TALK With the evolution of software delivery methods, feature flags became one of the ways to deliver features and get user feedback. Modern applications may have hundreds of feature flags describing customizations, preview features and environment specifics. Feature flags are not just a single toggle anymore, their values are often determined at runtime depending on the instance, user context and inputs from the control plane. In this session we will talk about OpenFeature - a new collaboration by many feature flag vendors and end users. OpenFeature, a CNCF sandbox project, is an open standard for feature flag management, created to support a robust feature flag ecosystem using cloud native technologies and to basically make feature flags a commodity. OpenFeature provides a unified API and SDKs, and a developer-first, cloud-native implementation, with extensibility for open source and commercial offerings. BIO Oleg works on open source programs and Keptn community at the Dynatrace Open Source Program Office. He is a TOC chair and community ambassador in the Continuous Delivery Foundation. Oleg is a core maintainer and board member in Jenkins where he writes code, mentors contributors, and organizes community events and Google Summer of Code in the project. Open source software and open hardware advocate. Oleg has a PhD degree in hardware design and volunteers in the Free and Open Source Silicon Foundation. KEY TAKE-AWAYS FROM THE TALK Feature flags at scale 101. Feature flags are an important topic for stateful apps in K8s, and for progressive delivery and other modern approaches. OpenFeature is like OTel but for feature flags. You can try it now, here is a live demo to follow.

This week we are joined by Sebastian Ruder. He is a research scientist at DeepMind, London. He has also worked at a variety of institutions such as AYLIEN, Microsoft, IBM's Extreme Blue, Google Summer of Code, and SAP. These experiences were completed in tangent with his studies which included studying Computational Linguistics at the University of Heidelberg, Germany and at Trinity College, Dublin before undertaking a PhD in Natural Language Processing and Deep Learning at the Insight Research Centre for Data Analytics.This week we discuss language independence and diversity in natural language processing whilst also taking a look at the attempts to identify material properties from images.As discussed in the podcast if you would like to donate to the current campaign of "CREATE DONATE EDUCATE" which supports Stop Hate UK then please find the link below:https://www.shorturl.at/glmszPlease also find additional links to help support black colleagues in the area of research;Black in AI twitter account: https://twitter.com/black_in_aiMentoring and proofreading sign-up to support our Black colleagues in research: https://twitter.com/le_roux_nicolas/status/1267896907621433344?s=20Underrated ML Twitter: https://twitter.com/underrated_mlSebastian Ruder Twitter: https://twitter.com/seb_ruderPlease let us know who you thought presented the most underrated paper in the form below: https://forms.gle/97MgHvTkXgdB41TC8Links to the papers:“On Achieving and Evaluating Language-Independence in NLP” - https://journals.linguisticsociety.org/elanguage/lilt/article/view/2624.html"The State and Fate of Linguistic Diversity and Inclusion in the NLP World” - https://arxiv.org/abs/2004.09095"Recognizing Material Properties from Images" - https://arxiv.org/pdf/1801.03127.pdfAdditional Links:Student perspectives on applying to NLP PhD programs: https://blog.nelsonliu.me/2019/10/24/student-perspectives-on-applying-to-nlp-phd-programs/Tim Dettmer's post on how to pick your grad school: https://timdettmers.com/2020/03/10/how-to-pick-your-grad-school/Rachel Thomas' blog post on why you should blog: https://medium.com/@racheltho/why-you-yes-you-should-blog-7d2544ac1045Emily Bender's The Gradient article: https://thegradient.pub/the-benderrule-on-naming-the-languages-we-study-and-why-it-matters/Paper on order-sensitive vs order-free methods: https://www.aclweb.org/anthology/N19-1253.pdf"Exploring the Origins and Prevalence of Texture Bias in Convolutional Neural Networks": https://arxiv.org/abs/1911.09071Sebastian's website where you can find all his blog posts: https://ruder.io/

We talked about: Merve's background Merve's first contributions to open source What Merve currently does at Hugging Face (Hub, Spaces) What is means to be a developer advocacy engineer at Hugging Face The best way to get open source experience (Google Summer of Code, Hacktoberfest, and sprints) The peculiarities of hiring as it relates to code contributions Best resources to learn about NLP besides Hugging Face Good first projects for NLP The most important topics in NLP right now NLP ML Engineer vs NLP Data Scientist Project recommendations and other advice to catch the eye of recruiters Merve on Twitch and her podcast Finding Merve online Merve and Mario Kart Links: Hugging Face Course: https://hf.co/course Natural Language Processing in TensorFlow: https://www.coursera.org/learn/natural-language-processing-tensorflow Github ML Poetry: https://github.com/merveenoyan/ML-poetry Tackling multiple tasks with a single visual language model: https://www.deepmind.com/blog/tackling-multiple-tasks-with-a-single-visual-language-model Hugging Face big science/TOpp: https://huggingface.co/bigscience/T0pp Pathways Language Model (PaLM) blog: https://ai.googleblog.com/2022/04/pathways-language-model-palm-scaling-to.html MLOps Zoomcamp: https://github.com/DataTalksClub/mlops-zoomcamp Join DataTalks.Club: https://datatalks.club/slack.html Our events: https://datatalks.club/events.html

Guest Mike McQuaid | Nina Breznik Panelists Richard Littauer Show Notes Hello and welcome to a special episode of Sustain, where we interview Maintainers as part of GitHub Maintainer Month! On this episode, Richard is interviewing a few open source maintainers to talk about what it's like to be a maintainer, how awesome they are, and what issues they may have being a maintainer. My first guest is Mike McQuaid, who works for GitHub and is one of the maintainers of Homebrew. Mike tells us all about Homebrew, how you can contribute, and the most fun thing about being a maintainer there. Also joining me is Nina Breznik, another awesome maintainer, Founder of RefugeesWork, Partner and Open Source Developer at Playproject, Community Organizer at Wizard Amigos, and she works on a DatDot project with serapath. Nina shares how it is for her being a maintainer, how she helps other people see it as art, not just science and math, but a more creative thing, and she tells us the project she had the most fun working on. Go ahead and download this episode now to learn more! Mike: [00:00:48] Mike explains what Homebrew is, the size of the community, and the usage. [00:01:46] How did Mike come to maintain Homebrew and the other twenty people and how did he pivot and make the switch elegantly? [00:04:08] Richard asks if Mike has any resources he can suggest to other maintainers. [00:05:04] Mike talks about burnout and when he works on Homebrew. [00:07:19] Mike shares advice to a first time open source person, and he tells us what advice he wishes someone had given him back in the day. [00:09:00] We learn from Mike the most fun thing about being a maintainer at Homebrew. [00:09:47] Find out how you can contribute to Mike's project and where you can follow him on the web. Nina: [00:11:48] We have Nina joining us now and Richard shares her bio with us. We also hear what Nina is maintaining these days and what her code looks like. [00:14:41] Nina tells us about the number of projects she maintains in the sense of commit access and the size of the community that she's working with. [00:17:30] Find out the hardest part for Nina when it comes to maintaining code. [00:18:47] Nina shares more about the RefugeesWork project she started which was the most magical experience for her. [00:21:36] What is Nina most looking forward to over the next five to ten years as a maintainer and what does she want to see happen with her work? [00:22:57] Nina shares what she wishes people had told her to make it easier for her when she first started coding. [00:24:27] We learn what Nina does in her community to ensure that designers or tech writers, etc., feel involved in the projects she works on. [00:27:15] Find out where you can follow Nina and her projects on the web. Quotes [00:01:59] “The best way to get involved with open source was solving a problem I had for myself.” [00:04:23] “Everything we do breaks down to human relationships and managing those and trying to have an environment where people are happy with each other.” [00:07:19] “What advice would you give to a first-time open source person? I think just strict boundaries.” [00:20:34] “I transitioned from social sciences and arts into coding because I wanted to get a skill. I wanted to be able to build something on my own and this was the first time I felt the power that I built something.” [00:21:45] “I would love to see more people learning to code, which is one of the reasons why I started Wizards Amigos Project because I feel that this really is literacy of the future.” [00:23:06] “They should have told me this is not all about math, but more like art.” Links SustainOSS (https://sustainoss.org/) SustainOSS Twitter (https://twitter.com/SustainOSS?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) SustainOSS Discourse (https://discourse.sustainoss.org/) podcast@sustainoss.org (mailto:podcast@sustainoss.org) Richard Littauer Twitter (https://twitter.com/richlitt?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) Mike McQuaid Twitter (https://twitter.com/mikemcquaid?lang=en) Mike McQuaid Website (https://mikemcquaid.com/) Homebrew (https://brew.sh/) Sustain Podcast-Episode 117: Mike McQuaid of Homebrew on Sustainability Working on OSS Projects (https://podcast.sustainoss.org/117) Nina Breznik Twitter (https://twitter.com/ninabreznik?lang=en) serapath Twitter (https://twitter.com/serapath) Google Summer of Code 2022 Program Announced (https://summerofcode.withgoogle.com/) Rails Girls (http://railsgirls.com/) Wizard Amigos (https://wizardamigos.com/) DatDot (https://datdot.org/) Dat Ecosystem (https://dat-ecosystem.org/) Mathias Buus (https://github.com/mafintosh) Ok Distribute Blog (https://okdistribute.xyz/) Dat Foundation Governance (https://dat.foundation/about/people/) Credits Produced by Richard Littauer (https://www.burntfen.com/) Edited by Paul M. Bahr at Peachtree Sound (https://www.peachtreesound.com/) Show notes by DeAnn Bahr Peachtree Sound (https://www.peachtreesound.com/) Special Guests: Mike McQuaid and Nina Breznik.

FEATURED VOICES IN THIS EPISODEClint BruceClint Bruce is a former Navy Special Warfare Officer, a graduate of the US Naval Academy, decorated athlete, and seasoned entrepreneur. A 4-year letter winner at Navy playing middle linebacker, captain and MVP of the '96 Aloha Bowl Championship team, he was named to multiple all-star teams his senior year. He enjoyed opportunities with both the Baltimore Ravens and New Orleans Saints and was inducted into the Navy/Marine Corps Stadium Hall of Fame in 2009. Clint's desire to serve was deep and firmly rooted. He left the NFL to pursue becoming a Navy SEAL and successfully completed BUDS (Basic Underwater Demolition SEAL Training) in 1998 with Class 217. Joining SEAL Team FIVE, Clint completed multiple deployments pre and post-911 directly involved in counter-terrorism and national security missions globally. He is a co-founder of Carry the Load, which was founded to restore true meaning to Memorial Day and celebrate the service and sacrifice of Police, Fire, and Rescue personnel and their families during the month of May. Clint lives in Dallas with his college sweetheart and three daughters who are not impressed that he played football or was a Navy SEAL.Patrick GrayPatrick Gray is the producer and presenter of the Risky Business weekly information security podcast, a weekly podcast that launched in 2007. He formerly was a journalist for publications including Wired.com, ZDNet Australia, The Sydney Morning Herald, The Age, The Bulletin (magazine) and Men's Style Australia.Eric OlsonEric Olson is the Director of Threat Intelligence for Jet Blue Airways. A threat intelligence professional for more than 20 years, Eric has had executive roles including Senior Vice President of Product Management and Vice President, Intellugence Operations, at LookingGlass Cyber Solutions, and was VP of Product Strategy at Cyveillance.Allan FriedmanAllan Friedman is Senior Advisor and Strategist at the United States Cybersecurity and Infrastructure Security Agency, and one of the nation's leading experts on Software Bill of Materials. Allan leads CISA's efforts to coordinate SBOM initiatives inside and outside the US government, and around the world. He is known for applying technical and policy expertise to help audiences understand the pathways to change in an engaging fashion, and is frequently invited to speak or keynote to industry, academic, and public audiences. Wearing the hats of both a technologist and a policy maker, Allan has over 15 years of experience in international cybersecurity and technology policy. His experience and research focuses on economic and market analyses of information security. On the practical side, he has designed, convened, and facilitated national and international multistakeholder processes that have produced real results, helping diverse organizations finding common ground on contentious, cutting edge issues.Evan Sultanik, PhDEvan Sultanik is a Principal Computer Security Researcher at Trail of Bits. A computer scientist with extensive experience both in industry (as a software engineer) and academia, Evan is an active contributor to open source software. He is author of more than two dozen peer-reviewed academic papers, and is particularly interested in intelligent, distributed/peer-to-peer systems. Evan is editor of and frequent contributor to the International Journal of PoC||GTFO. William WoodruffWilliam Woodruff is a senior security engineer at Trail of Bits, contributing to the engineering and research practices in work for corporate and governmental clients. He has developed several of our open-source projects (e.g., twa, winchecksec, KRF, and mishegos). His work focuses on fuzzing, program analysis, and automated vulnerability reasoning. Outside of Trail of Bits, William helps to maintain the Homebrew project, the dominant macOS package manager. Before joining Trail of Bits, he was a software engineering intern at Cipher Tech Solutions, a small defense subcontractor. He has participated in the Google Summer of Code for four years (two as a student, two as a mentor) and taught a class in ethical hacking as a college senior. William holds a BA in philosophy from the University of Maryland (2018).HOST: Nick SelbyAn accomplished information and physical security professional, Nick leads the Software Assurance Practice at Trail of Bits, giving customers at some of the world's most targeted companies a comprehensive understanding of their security landscape. He is the creator of the Trail of Bits podcast, and does everything from writing scripts to conducting interviews to audio engineering to Foley (e.g. biting into pickles). Prior to Trail of Bits, Nick was Director of Cyber Intelligence and Investigations at the NYPD; the CSO of a blockchain startup; and VP of Operations at an industry analysis firm.PRODUCTION STAFFStory Editor: Chris JulinAssociate Editor: Emily HaavikExecutive Producer: Nick SelbyExecutive Producer: Dan GuidoRECORDINGRecorded at Rocky Hill Studios, Ghent, NY - Nick Selby, Engineer;22Springroad Tonstudio, Übersee, Germany - Volker Lesch, EngineerRemote recordings were conducted at Whistler, BC, Canada (Nick Selby); Clint Bruce was recorded in a Google Meet session; Patrick Gray provided recordings of himself from Australia, courtesy of the Risky Business podcast. Eric Olson recorded himself on an iPhone. Washington, DC (tape sync of Allan Friedman by George Mocharko). Trail of Bits supports and adheres to the Tape Syncers United Fair Rates Card.Edited by Emily Haavik and Chris JulinMastered by Chris JulinMUSICDispatches From Technology's Future, the Trail of Bits theme, Chris JulinEVERYBODY GET UP - No Vocals & FX - Ian PostJD SCAVENGER by Randy SharpRIPPLES by Tamuz DekelFUTURE PERFECT, Evgeny BardyuzhaTHE SWINDLER, The Original Orchestra]BLUE - ALTERNATIVE - INSTRUMENTAL VERSION by Faith RichardsOU ALLONS NOUS D'ICI - INSTRUMENTAL, Dan ZeituneLITTLE EDGY, Chris JulinSCAPES: Gray NorthReproductionWith the exception of any Copyrighted music herein, Trail of Bits Season 1 Episode 3; It Depends © 2022 by Trail of Bits is licensed under Attribution-NonCommercial-NoDerivatives 4.0 International. This license allows reuse: reusers may copy and distribute the material in any medium or format in unadapted form and for noncommercial purposes only (noncommercial means not primarily intended for or directed towards commercial advantage or monetary compensation), provided that reusers give credit to Trail of Bits as the creator. No derivatives or adaptations of this work are permitted. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-nd/4.0/.Referenced in this Episode:The original blog post announcing the availability of It Depends describes the history you just heard with more technical specificity, and also of course links to the GitHub repository where you can download It Depends and try it for yourself. That blog post also links to the repository where you can download pip-audit, and give that a whirl.In the 2021 Executive Order on Improving the Nation's Cybersecurity, the Biden Administration announced that it would require SBOMs for all software vendors selling to the federal government.Dependabot is a tool available to GitHub users. If you're interested in the catalog of open source projects Trail of Bits participates in and contributes to, please read the blog post Celebrating our 2021 Open Source Contributions. There, you can read about our work contributing for example to LLVM - the compiler and toolchain technologies we discuss in the Podcast episode Future - to Pwndbg, a GDB plug-in that makes debugging with GDB “suck less.” The post includes links to contributions our engineer consultants have made to a huge range of open source projects from assert-rs to ZenGo-X.Meet the Team:CHRIS JULINChris Julin has spent years telling audio stories and helping other people tell theirs. These days he works as a story editor and producer for news outlets like APM Reports, West Virginia Public Broadcasting, and Marketplace. He has also taught and mentored hundreds of young journalists as a professor. For the Trail of Bits podcast, he serves as story and music editor, sound designer, and mixing and mastering engineer.EMILY HAAVIKFor the past 10 years Emily Haavik has worked as a broadcast journalist in radio, television, and digital media. She's spent time writing, reporting, covering courts, producing investigative podcasts, and serving as an editorial manager. She now works as an audio producer for several production shops including Us & Them from West Virginia Public Broadcasting and PRX, and APM Reports. For the Trail of Bits podcast, she helps with scripting, interviews, story concepts, and audio production.

On this episode of This Week in Linux: Linux 5.18, System76 & HP Team Up To Make HP Dev One Laptop, the State of the Budgie Desktop, KDE Plasma 5.25 Beta Released, KDE Participating in Google Summer of Code, Ubuntu Improving Firefox Snap Performance, Clonezilla Live 3.0 Released, SteamOS 3.2 Released, iFixIt's Steam Deck Repair […]

We talked about: Jessica's background Giving a talk at a tech conference about coffee Jessica's transition into tech (How to get started) Going from learning to actually making money Landing your first job in tech Does your age matter when you're trying to get a job? Challenges that Jessica faced in the beginning of her career Jessica's role at PyLadies Fighting the Imposter Syndrome Generational differences in digital literacy and how to improve it Events organized by PyLadies Jessica's beginnings at PyLadies (organizing events) Jessica's experience with public speaking The impact of public speaking on your career Tips for public speaking Jessica's work at Ecosia Discrimination in the tech industry (and in general) Finding Jessica online Links: Ecosia's website: https://www.ecosia.org/ Ecosia's blog: https://blog.ecosia.org/ecosia-financial-reports-tree-planting-receipts/ PyLadies Berlin: https://berlin.pyladies.com/ PyLadies' Meetup: https://meetup.com/PyLadies-Berlin Code Academy: https://www.codecademy.com/ Freecodecamp: https://www.freecodecamp.org/ Coursera Machine Learning: https://www.coursera.org/learn/machine-learning ML Bookcamp code: https://github.com/alexeygrigorev/mlbookcamp-code/tree/master/course-zoomcamp Google Summer code: https://summerofcode.withgoogle.com/ Outreachy website: https://www.outreachy.org/ Alumni Interview: https://railsgirlssummerofcode.org/blog/2020-03-17-alumni-interview-jessica Python pizza: https://python.pizza/ Pycon: https://pycon.it/en Pycon 2022: https://2022.pycon.de/ Join DataTalks.Club: https://datatalks.club/slack.html Our events: https://datatalks.club/events.html

Новости мобильной разработки: Google Play вводит строгие политик, Android Jetpack (androidx) переписывают на Kotlin, jetpack compose будет скролиться плавнее и всё больше отмены разработчиков из России и Беларуси ( РАБОТАТЬ ВМЕСТЕ С КИРИЛЛОМ — Отправляйте свои резюме и вопросы на kirill@androidbroadcast.dev с обязательным указанием контактного номера телефона и email. РОЗЫГРЫШ КНИГ проходит на YouTube https://youtu.be/Eh1UUUiT0e0

Controlling Resource Limits with rctl in FreeBSD, It's always DNS, Google Summer of Code in BSD Projects, Rsync Technical Notes - Q4 2021, Userland CPU frequency scheduling for OpenBSD, and more. NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) and the BSDNow Patreon (https://www.patreon.com/bsdnow) Headlines Controlling Resource Limits with rctl in FreeBSD (https://klarasystems.com/articles/controlling-resource-limits-with-rctl-in-freebsd/) It's DNS. Of course it's DNS, it's always DNS. (https://utcc.utoronto.ca/~cks/space/blog/sysadmin/DNSVariabilityProblems) News Roundup GSOC • [Work with FreeBSD in Google Summer of Code](https://freebsdfoundation.org/blog/work-with-freebsd-in-google-summer-of-code/) • [The NetBSD Foundation is a mentoring organization at Google Summer of Code 2022](https://blog.netbsd.org/tnf/entry/the_netbsd_foundation_is_a) Rsync Technical Notes - Q4 2021 (https://www.rsync.net/resources/notes/2021-q4-rsync.net_technotes.html) Userland CPU frequency scheduling for OpenBSD (https://tildegit.org/solene/obsdfreqd) Beastie Bits Unofficial HardenedBSD liveCD (https://groups.google.com/a/hardenedbsd.org/g/users/c/QUTUJfm30Dg/m/0VNKUeVhHgAJ) The eurobsdcon 2022 CFP is open (https://2022.eurobsdcon.org/the-call-for-talk-and-presentation-proposals-for-eurobsdcon-2022-is-now-open/) Testing parallel forwarding (http://undeadly.org/cgi?action=article;sid=20220319123157) OpenBSD iwx(4) gains 11ac 80MHz channel support (https://www.undeadly.org/cgi?action=article;sid=20220315070043) OpenBSD/arm64 on Apple M1 systems (https://undeadly.org/cgi?action=article;sid=20220320115932) FreeBSD on the CubieBoard2 (https://www.cambus.net/freebsd-on-the-cubieboard2/) Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Eric - periodic notifications (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/448/feedback/Eric%20-%20periodic%20notifications.md) Kevin - no question (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/448/feedback/Kevin%20-%20no%20question.md) Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) ***

Wywiad z Adrianem Boguszewskim - AI evangelist z Intela. Rozmowę prowadził Michał DulembaRozmawiamy m.in o:- czym jest pakiet OpenVINO i do czego służy- na czym polega praca AI evangelist- optymalizacji sieci neuronowych- przetwarzaniu zdjęć lotniczych i satelitarnych- kiedy warto korzystać z Neural Compute Stick 2- warsztatach Google Summer of CodeOpenVINO - repozytoriahttps://github.com/openvinotoolkit/openvino https://github.com/openvinotoolkit/openvino_notebooks https://github.com/openvinotoolkit/openvino_contrib OpenVINO - download i case studieshttps://www.intel.com/content/www/us/en/developer/tools/openvino-toolkit/download.html https://www.intel.com/content/www/us/en/developer/articles/community/sdp-case-studies.html#OpenVINOGoogle Summer of Code https://github.com/openvinotoolkit/openvino/wiki/GoogleSummerOfCode Przetwarzanie zdjęć satelitarnych - Landcover AIhttps://landcover.ai/ https://arxiv.org/abs/2005.02264 https://www.kaggle.com/adrianboguszewski/landcoveraiJak nagrać podcast - książka "Jak zacząć podcast" - Michał DulembaMontaż podcastu - Dobra EdycjaPosłuchaj więcej odcinków na:nieliniowy.pl - podcast o data science, machine learning i sztucznej inteligencjiNapisz do mnie:Michal Dulemba | LinkedInSubskrybuj podcast:Apple PodcastsSpotifyGoogle PodcastsPodcast AddictRSSKorzystam z: Buzzsprout (hosting odcinków):https://www.buzzsprout.com/?referrer_id=1783532Riverside (aplikacja do zdalnego nagrywania):https://www.riverside.fm/?via=dulemba

Hello and welcome to CHAOSScast Community podcast, where we share use cases and experiences with measuring open source community health. Elevating conversations about metrics, analytics, and software from the Community Health Analytics Open Source Software, or short CHAOSS Project, to wherever you like to listen. On today's episode, we have joining us as our guest, Dhruv Sachdev, who's an undergraduate Computer Engineering student at Mumbai University and was a Google Summer of Code 2021 student for CHAOSS. Dhruv is here to talk about his path to open source and the project he did with the Google Summer of Code 2021. We hear about his experience managing his time as a student and working on this project, what projects he's excited about doing in the near future, and he shares advice if you are new to open source or if you're looking to explore the world of open source. Download this episode now to find out much more, and don't forget to subscribe for free to this podcast on your favorite podcast app and share this podcast with your friends and colleagues! [00:02:00] Dhruv tells us his path to open source, when he started working on an open source project, how he found out about it, and what he finds cool about CHAOSS. [00:03:40] Sean wonders what it is about the measurement and analytics field that is so fascinating to Dhruv. [00:06:28] We hear more about Dhruv's project he did with the Google Summer of Code. [00:10:34] Dhruv tells us what resources really helped him when he started with the Augur team to better understand the software components and more about how CHAOSS was structured. [00:12:17] Sophia talks about a research article evaluating hackathons and how effective they are on open source projects, and Sean tells us about the benefits and impacts of Google Summer of Code. [00:15:33] Dhruv explains his experience as a student, how he thought about time management, and volunteering his time in this space while still in school. [00:21:00] Sean talks about Dhruv's pieces that he did of Augur that looked at metrics and wonders why dependencies are so important right now, and Sophia explains why. [00:25:45] Sean explains what happened in the OpenSSL security breach and talks about Heartbleed. Sophia brings up a previous episode with Avi Press, Founder of Scarf, which is an analytics tool, and explains about the vulnerabilities with tools. [00:29:50] Find out what Dhruv is most excited about doing in the near future with projects. [00:32:54] Dhruv shares advice if you are new to open source or students who are looking to explore the vast ecosystem of open source. Value Adds (Picks) of the week: [00:35:04] Sean's pick is Discord's emergence. [00:36:11] Sophia's pick is cats and daylight savings time. [00:38:11] Dhruv's pick is having so much fun at the MahaShivRatri festival. Panelists: Sean Goggins Sophia Vargas Guest: Dhruv Sachdev Sponsor: SustainOSS (https://sustainoss.org/) Links: CHAOSS (https://chaoss.community/) CHAOSS Project Twitter (https://twitter.com/chaossproj?lang=en) CHAOSScast Podcast (https://podcast.chaoss.community/) podcast@chaoss.community (mailto:podcast@chaoss.community) Ford Foundation (https://www.fordfoundation.org/) Sean Goggins Twitter (https://twitter.com/sociallycompute) Sophia Vargas Twitter (https://twitter.com/sophia_iv?lang=en) Dhruv Sachdev Website (https://dhruvsachdev.me/) Dhruv Sachdev Twitter (https://twitter.com/dhruvhsachdev) Dhruv Sachdev LinkedIn (https://www.linkedin.com/in/dhruv-sachdev-19b1b3143/) Dhruv Sachdev project submission-Google Summer of Code 2021 for CHAOSS (https://github.com/Dhruv-Sachdev1313/GSoC-2021-CHAOSS) Security Scorecards (https://github.com/ossf/scorecard) CHAOSS Augur (https://github.com/chaoss/augur) CHAOSS Risk Metrics Working Group (https://github.com/chaoss/wg-risk) CHAOSS Community Handbook (https://handbook.chaoss.community/community-handbook/) CHAOSScast Podcast-Episode 53: Gathering Open Source Usage Data with Avi Press (https://podcast.chaoss.community/53) SwiftOnSecurity Twitter (https://twitter.com/SwiftOnSecurity?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) Sam Stepanyan Twitter (https://twitter.com/securestep9) MahaShivRatri 2022 (https://isha.sadhguru.org/mahashivratri/?gclid=Cj0KCQjwuMuRBhCJARIsAHXdnqPHxLi6oWCF8vdEMzIo17gnKUEd4XThyD6zrMLlU2ohO6XCVIBG5ZUaAjDfEALw_wcB) Special Guest: Dhruv Sachdev.

Felipe Borges é Senior Software Engineer no Desktop Team da Red Hat. Ele é responsável por diversos componentes no projeto GNOME tais como o GNOME Boxes, GNOME Connections e vários dos paineis de configurações no GNOME Settings. Interessado na sustentabilidade da comunidades de software livre, Felipe também é membro do Board of Directors da Fundação GNOME e gerencía a participação do projeto em programas como o Google Summer of Code e Outreachy. Além disso, ele colabora para remediar a fragmentação do Linux no desktop participando de projetos como o Fedora Silverblue e Flatpak. Links Twitter do Felipe Blog do Felipe GUADEC FOSDEM VALA Linux Música Don L OsProgramadores Site do OsProgramadores Grupo do OsProgramadores no Telegram Canal do Youtube do OsProgramadores Twitter do Marcelo Pinheiro Edição do Episódio por: Thiago Costa Barbosa

Recording date: Dec 30, 2021John Papa @John_PapaWard Bell @WardBellDan Wahlin @DanWahlinCraig Shoemaker @craigshoemakerSantosh Yadav @SantoshYadavDevBrought to you byAG GridIonicResources:GitHub Stars programInDepthDevNgRxOpen Learning InitiativeRxJs CourseNgRx CourseYouTube ChannelThis Is Tech TalksHow to make your first pull request on GitHubCreate your first pull requestGitHub docs - creating a pull requestGoogle Summer of Code (GSoC) programAngularGoogle GDE'sMinesweeperGit version control systemGitHubVisual Studio CodeGit cheat sheetDesktop for githubBreeze repo on GitHubFork a repoSetup Git (GitHub docs)Clone a repositoryEasiest way to edit a repo in github.com with github.devGitHub CodespacesSetting guidelines for contributorsAdding a contributing fileBreeze JSVikram Subramanian from GoogleTimejumps00:53 Wards M1 purchase03:46 Guest introduction04:30 What's GitHub star?06:49 Advice for getting started on open source?08:24 Why should someone get involved in contributing to open source?10:38 Sponsor: Ionic11:18 What's Google Summer of Code?15:22 Git vs GitHub?19:47 What's cloning, pulling, pushing?21:38 Marker 1021:59 How do I make my first contribution to a repo?23:23 What's a fork?24:56 What's a clone?25:34 Sponsor: Ag Grid26:39 How do I fix the code?28:23 Editing on GitHub31:03 What are Codespaces?35:43 Using GitHub dev online38:20 What's a pull request?40:36 What got you excited about coding?46:36 What is a Push?Podcast editing on this episode done by Chris Enns of Lemon Productions.

Jasper Van der Jeug is interviewed by Niki Vazou and Joachim Breitner. Jasper plays an important role in the Haskell community, helping with haskell.org, the Google Summer of Code project, ZuriHac and the ICPF programming contest, so there is much to talk about.

ResourcesGoogle Summer Of CodeMy GSoC Experience Episode Picks:Hassan: Talk: The Wholesome Engineer - م احمد عصام من شركة ابلRetro Tech S2Remelo - Remind me laterAlfy: Horizon Zero Dawn™ Complete EditionLuay: Besohat بيسوهات - YouTube 

On this episode of This Week in Linux, Ubuntu announced that they are working on a new Desktop Installer. CloudLinux announced the Beta Release for their CentOS Replacement called AlmaLinux. There are some big changes for this year's Google Summer of Code and it has some people disappointed and even considering about not participating. We've also got a lot more Distro News to discuss with a follow up to the iPad-like tablet distro, JingOS, as well as an update for Solus and EndeavourOS. Then we'll check out some new updates for a new supported devices website for Ubuntu Touch, and in app news we've got new releases for KDE's App Suite and LibreOffice's new Community edition. All that and much more on Your Weekly Source for Linux GNews! SPONSORED BY: Digital Ocean ►► https://do.co/dln Bitwarden ►► https://bitwarden.com/dln TWITTER ►► https://twitter.com/michaeltunnell MASTODON ►► https://mastodon.social/@MichaelTunnell DLN COMMUNITY ►► https://destinationlinux.network/contact FRONT PAGE LINUX ►► https://frontpagelinux.com MERCH ►► https://dlnstore.com BECOME A PATRON ►► https://tuxdigital.com/contribute This Week in Linux is produced by the Destination Linux Network: https://destinationlinux.network SHOW NOTES ►► https://tuxdigital.com/twil137 00:00 = Welcome to TWIL 137 01:11 = TWIL & DLN News 01:53 = Ubuntu News: 20.04.2 New Desktop Installer & More 10:04 = AlmaLinux Beta Released (CentOS Replacement by CloudLinux) 12:06 = 2021 Google Summer of Code Disappoints 14:30 = Digital Ocean - VPS & App Platform ( https://do.co/dln ) 15:55 = JingOS Alpha Released (iPad-like Tablet Distro) 18:51 = Solus 4.2 “Fortitude” Released 21:07 = EndeavourOS 2021.02.03 Released 24:04 = Bitwarden Password Manager ( https://bitwarden.com/dln ) 26:54 = UBports' Big Update To Ubuntu Touch Devices Website 30:00 = LibreOffice 7.1 Released Plus New "Community" Label 32:30 = KDE's New Kongress App & More 34:48 = Outro Sylvia Ritter's Art Hirsute Hippo = https://www.deviantart.com/sylviaritter/art/Hirsute-Hippo-869076072 Groovy Gorilla = https://www.deviantart.com/sylviaritter/art/Groovy-Gorilla-850935052 Disco Dingo = https://www.deviantart.com/sylviaritter/art/Disco-Dingo-786327017 Other Videos: 7 Reasons Why Firefox Is My Favorite Web Browser: https://youtu.be/bGTBH9yr8uw How To Use Firefox's Best Feature, Multi-Account Containers: https://youtu.be/FfN5L5zAJUo 5 Reasons Why I Use KDE Plasma: https://youtu.be/b0KA6IsO1M8 6 Cool Things You Didn't Know About Linux's History: https://youtu.be/u9ZY41mNB9I Thanks For Watching! Linux #OpenSource #TechNews

Special Guests: Brian Douglas and Bex Warner of GitHub. In this episode, the panelists talk about automating GitHub with Probot. The origins of Probot are discussed, as well as making GitHub apps with the GitHub API, automating workflows with Probot, must-have Probots for every repo, and GitHub's V4 GraphQL API. References: Microstates README Probot github.com/integrations/slack github.com/marketplace/pull-reminders platform.github.community/c/integrations probot.github.io/apps/unfurl-links/ probot.github.io/docs/deployment/ probot.github.io/docs/extensions/#scheduler probot.github.io/community This show was produced by Mandy Moore, aka @therubyrep of DevReps, LLC. TRANSCRIPT: ROBERT: Hello everyone and welcome to Episode 105 of The Frontside Podcast. I'm Robert DeLuca, the director of open source here at the Frontside and I'll be your episode host. Today, we're going to be discussing automating GitHub with Probot with Brian Douglas and Bex Warner. I'm really excited about this topic. The idea of automating GitHub workflows with bots is amazing. This is something that I've been wishing the GitHub have the platform support for since I even started using GitHub for open source. Just being able to have a bot to take care of certain things like somebody doesn't leave enough of a PR description and they open up a PR, you can have a bot that just responds to it and saying, "Can you provide more information?" It's pretty awesome. With me as co-host today is Charles Lowell, who is also a developer here at the Frontside. Hey, Charles. CHARLES: Hey, Robert. ROBERT: Before we get into the discussion, I like to make a tiny little announcement. We've been building a composable and an immutable state container called Microstates. I'm sure Charles can talk about this more at length, then we will in the next podcast episode -- 106, but I would like to make a small announcement that Taras who is an awesome developer here just wrapped up a month's worth of work, creating a new ReadMe to describe the vision of Microstates and what you can do with them and everything about Microstates. If you're interested in that, I highly recommend checking out the ReadMe. I'll drop a link in the show notes for you that are interested. CHARLES: If I can add, it really is [inaudible] because it isn't like any other state management solution out there. ROBERT: No, absolutely not. I've been building something with it in React Native over the weekend of the 4th of July and it's amazing. But enough about that, you'll hear about that next episode. For this episode, I want to talk about Probot with Brian and Bex. Hi are you two doing? BRIAN: I'm well. BEX: I'm good. Thanks for having us. ROBERT: No, thank you for joining. This is really exciting. Like I said in the intro, I've been really excited about this project. I do a good amount of open source, I would say and this has been really helpful in all of our repos. We have, I think like 78 open source repos on the Frontside. We have Microstates, like we just talked about and Big Test and all of those repos use some combination of Probots that people have built and it's really nice, especially with the new Checks API that has just come out. You can integrate Probot into that, right? BEX: Yes. I, actually am currently working on shifting one of our bots from using the commits Statuses API to the Checks API. ROBERT: That's awesome. Before we go too deep into it because I want to come back to that because that sounds really cool and what the integration of that is like and what changes because I'm not even really that familiar with it. I just know it was released. I kind of want to go from the beginning here. Where did Probot come from and can we get a little bit of a history for everybody that might not know what Probot is? BEX: Sure. Probot originally started out as this simple idea to make GitHub scriptable. The original idea was you have a single file in your repository that would be like a JavaScript file and it would essentially spell out how the bot would act on your repository and the goal was to make GitHub apps accessible to people because if you ever look through our GitHub apps documentation, I think it can be a little tough to get started. There's, honestly, a lot of nonsense that you have to go through in order to get set up. For one thing, the way our GitHub app authentication works is it requires a JSON web token followed by using that JSON web token to request an installation access token and that process would be really tough for new people to get started. ROBERT: Yeah, it sounds like it. BEX: Yeah, so Probot was created to abstract all of that away and handle all of that authentication automatically and simply leave you with the payload that you get from listening on web token events and in authenticated GitHub client to make authenticated API requests while authenticating as an app. ROBERT: Cool, so that's where it started like a flat JavaScript file in the root but today, you use like EMO files and a .GitHub folder. How do that kind of progress? BEX: Originally, their use case was much simpler and it quickly became clear that a single JavaScript file in the GitHub repo was not scriptable enough and not easy enough to understand. The goal was to make like an API that could make that JavaScript file really, really easy to customize for every API of GitHub and it quickly became clear that that was not really a feasible thing to do. as time went on, it turned into this way to build Node JS applications and essentially, what the configuration files you're referring to are the way in which we make it customizable because right now, there's no way to be officially supported GitHub apps channels to pass secrets because it means you're a [inaudible] and the owners of GitHub apps, so that was just a way to kind of stop that problem. ROBERT: Gotcha, okay. BEX: The actual code for GitHub apps still lives in a Node JS module basically and the configuration file just specifies how that module runs. ROBERT: Right, so they're deployed like Heroku instances, if you want, like anywhere you can host a node app. BEX: Yup. Heroku, Now, yeah. ROBERT: Interesting. BRIAN: As a reason to that, some explorations of doing serverless deployments for Probot, I think there's a couple of issues of them. I'm not sure if anybody's shipped anything like the way they at but it's pretty much it's possible to. BEX: Just a week ago, we even released a new version in which we update our core from Node JS to TypeScript and now that things are typed, we have big plans for serverless. ROBERT: Nice. That's awesome, so then you'll be able to deploy to a Lambda and off to [inaudible]. BEX: Exactly. CHARLES: Can I actually interject here, as kind of a person who doesn't really know the relationship between GitHub apps and the GitHub marketplace and what exactly a Probot is before we hear the origin story. I would love to hear a very high level view of how this ecosystem fits together. BRIAN: I think a lot of people are pretty familiar with interacting with the GitHub API and OAuth integrations. I think I've just spent a lot of time at different companies previously to GitHub, just like making calls, either to cURL or through Node JS or more recently, [inaudible]. GitHub apps itself are a way to take all the things that you had to do to make an integration to GitHub much easier. It has a lot of cool things like OAuth, scopings, so you no longer have ask for all your repos ask access whenever someone logs in with GitHub and the connection between like, "Now have gone from OAuth to Now to GitHub apps," there was a lot of, as Bex mentioned earlier, ceremony that happens to getting set up with GitHub apps and integrations that Probot is like this tool to speed up the process of getting to the point where you just want to script some automation or some sort of workflow and it gives you all that bullet play for you. I don't know if that was a good high level for you Charles. CHARLES: Yeah. I've kind of witnessed this second hand with Robert installing a bunch of things here, so let's use an example, like you did some sort of automation on our repos, Robert, where when someone files a ticket, there's this workflow that automatically adds a triage label, so that we know that this thing hasn't even been dealt with, so we really need to address that issue. It doesn't need to be as a high priority. It doesn't need to be closed as a duplicate of something. One of the different aspects that you described there, how do they fit in terms of serving this workflow onto the end user? Or was that a good example, even? BRIAN: One of the cool thing about GitHub apps and what Probot does for you is that normally, if you want to add a label to an issue, either you Charles or Robert, would have to be admin or maintainer on the team for the Frontside and you could add labels. But somebody who opens up an issue, doesn't have that ability to have write access to your content, which is adding a label. What a GitHub app does, it actually takes a spot as if you would have another user on your platform, instead of creating a dummy account or a dummy user. Probot is basically building a bot for you to then, give you the ability to add that issue. That's sort of workflow that normally would have to happen through an actual real human could not happen through a bot without taking up a spot of like, "I guess, I probably shouldn't speak so ignorant about our platform and what we actually pay for nowadays for GitHub," but I know we used to have like a limited amount of seats for organization, like that seat no longer has now taken up and now, it could be just be used a bot can do something that normally us would take. ROBERT: Right. You no longer have to create a user to do these things. BRIAN: Correct. BEX: [inaudible] within GitHub. It's sort of built in a way that apps can take a lot of power in your repositories. CHARLES: So then, what is the relationship between Probot and an app? BEX: Probot is essentially the framework for building an app. You can definitely make the equivalent of any Probot app outside of Probot. It abstracts away all of, basically, the horrible parts and leave the easy part. CHARLES: Now, I think I'm ready to participate in this discussion. ROBERT: That was perfect, though. That's a great intro because I actually didn't have a total grasp or understanding of the relationship between GitHub apps and Probots. That's really good. BEX: Yeah. Additionally, going back a second. You mentioned the marketplace before. One thing to note that is that there actually are several Probot apps on the marketplace right now. The marketplace is essentially the home for any larger, usually third-party companies that have made apps and Probot is essentially supporting some of those. ROBERT: Interesting, so then my question would then be, do you know anybody selling their Probots. Does the marketplace charge? I'm going to assume it does. BEX: Yes. ROBERT: Okay. Is there anybody charging for their Probot? BEX: Yes. There is a quite a few, in-fact, charging for it. Recently, a pretty popular example is the GitHub Slack integration, which is if you open new issues, you can have them appear in your Slack channel. That whole application was recently rewritten by GitHub. It was previously owned by Slack and that was built on top of Probot. CHARLES: And I actually remember, we upgraded to that version. It's actually way, way, way better. BEX: I'm glad you feel that way. CHARLES: I didn't know the story behind there. I was like, "Oh, I just got a lot of... Awesome," you know? Although I don't know what's the costing. BEX: Yeah, I think that integration is actually free, so that wasn't the best example. I think it's for open source projects, at the very least. BRIAN: Brandon, one of the maintainers for the Slack integration and work at GitHub, also did a really cool talk at the SlackDev Conference a couple of weeks ago, so if you're interested what were the behind the scenes. That integration is all open source as well, so if you have request or you have features that you would like to add to the Slack integration, you can pop into the repo that hopefully will show up on the show notes because I'm not sure if it's like GitHub/Slack, but I guess we'll find that out in the show notes later on. BEX: It's Integration/Slack. BRIAN: But for an example of a paid app of a non-third party, we're not talking like Travis or Circle or another one with the big names but rather, a solo dev created. It's Pull Reminders, which is on the marketplace as of today and essentially, this gives you reminders of your pull quest, so you can actually ping inside the comments and tell Pull Reminders to say, "Tell me about the pull request like next week because it's Friday and I don't have time to look at this." ROBERT: That's awesome. I've also seen the one that's kind of related, that is like you can set your out of office at GitHub, which is actually kind of a neat concept. BEX: Was that the one where we are already changing that profile photos to have the overlay or the one where is just auto-replying to messages because I've seen a couple of -- ROBERT: I think, it's just auto-replies. BEX: Okay. CHARLES: So, it can change like your profile pictures and really, not just related to repo and history related activities but everything? BEX: Anything that you can access via the GitHub API, you can almost access via GitHub apps. There's a list of end points that I specifically enable for GitHub apps because there's something such as delete a repository that there's basically, a very few circumstances under which you want to give that permission to an app. Also, to things very specific like your profile or your personal page. About a year ago, there was an official internal audit of all of the API endpoints because there are lots of inconsistencies over what was and what wasn't enabled for GitHub apps, so they went there and kind of decided, what endpoints should be enabled and what endpoints actually get enabled. Now, that list is much longer than it was a year ago. Now, it's much more comprehensive. ROBERT: That's awesome and is this for the Rest API and the GraphQL API? BEX: Yes. Probot does support both. The Rest API is the one that specifically had all of these endpoints audited. The GraphQL, since it's a bit newer, we sort of built those and more. ROBERT: Cool. I really like working with the GraphQL API with GitHub. It makes it easier than trying to do a bunch of Rest calls. BRIAN: Yeah, there's a community form, it's like a discourse form that the API team actually manages and sort of pipes in there. Again, going back to like, if there's not something in the Slack integration that you would like to have, the form, that community is actually in there, if there's something not in the GraphQL API, that you would like to see. No promises on shipping it within an x amount of time but if enough people are requesting it obviously, there's going to be some resources [inaudible] at. ROBERT: What do you mean? We're doing open source. It has to be done yesterday. BRIAN: Yeah, exactly. And that form is at Platform.GitHub.Community, just a URL to get there. ROBERT: Awesome, that will be helpful to look through and get some recommendations in there. One of my favorite things I was going to say about the new integration for Slack and GitHub is the fact that I can highlight line numbers, paste that linked in and then it just expands it and the chat in Slack. That is so nice and I use it all the time. BEX: Yeah, I love that they built that feature. Actually, the original feature that was built on GitHub to allow those line expansions in the first place, like on GitHub itself, was actually built last summer by some folks who were also a part of my intern class at GitHub last year. ROBERT: Hey, intern power. That's awesome. BEX: Yeah. ROBERT: Everyone there is doing amazing work. I'm also following along with somebody that is also an intern and it's building a weekly digest program. BEX: Oh, yeah. That's actually a Google Summer of Code student. ROBERT: Oh, interesting. BEX: So, being sponsored through Google Summer of Code by Probot as an open source support. ROBERT: Is there anything more to unpack there? That sounds really interesting. BEX: Essentially, we submitted an application for Google Summer of Code because we thought it'd be a cool way to get more people, more students, a mentorship opportunity for the maintainers, basically and we were honestly overwhelmed. We got like almost 100 applications and it ended up being a huge of a deal but we're -- ROBERT: That's a great problem. BEX: Yeah, definitely a good problem but we were really happy. We, initially wanted to accept more students but Google limited us to only two students, so we have two Google Summer of Code students working on projects and one team of women from Rails Girls Summer of Code working on Probot. ROBERT: That would be awesome. What do they working on? BEX: I'm not sure yet. They actually just started a couple of days ago but the other Google Summer of Code student is working on a background checks API to eventually do sentiment analysis of comment history of someone new to your repository. ROBERT: That's interesting. That sounds like there will be some machine learning in there. I might just throwing out buzzwords? BEX: Most likely, I think they're just using some sentiment analysis API, like the perspective API. I don't think they're actually doing that themselves. ROBERT: Okay. CHARLES: Actually, I have a couple questions. Back on the subject of Probot. How does this square with the classic mode of integration because there was a lot out there? I think the first one that I remember that stuck in my mind was like Travis and I don't know if there had to be like a special relationship between the Travis developers and the GitHub developers, that's like, they was able to make that integration happen so many years ago. I don't know how that happened. I just remember it popped up and I was like, "Woah. This is incredible," and we see kind of the integrations gets more and more rich. For someone who's got, like you mentioned a couple of the big names, is the idea that eventually those would be able to be completely supported is GitHub apps or is it they're always going to be kind of a separate track for kind of the really deep integrations? BRIAN: I wasn't around when Travis first integrated with Lyft GitHub and I think that's a really cool integration and I know they have a very nice sized team that's able to do that. I think if we zoom back out like Probot, the way to get started with Probot is that we have the CLI command, which is to create Probot app. I believe it was intentionally copied off of create React app and the cool thing about create React app and create Probot app is that they abstract all the ceremony and boilerplate to get started really quickly. It was like, what developers or smaller teams can get started with integrating with GitHub apps. I highly doubt that Travis is going to rewrite their entire application with something like create Probot app but they're definitely going to be moving towards the new API calls, which would have been like GitHub apps. Part of the Checks API that we had launched at the end of May, Travis had blog post on how their integration with the Checks API works. They're making, though they have a lot of what Legacy endpoints and a lot of Legacy integrations in the way they integrate with GitHub, they are actively moving towards a GitHub app. I don't know if I could actually comment on their status of where they are today, to be honest but actively, we want all new apps and new integrations to follow the model of being a GitHub app, so that way, out of the box, you have access to all the newer features. You have all the access to all the newer GraphQL endpoints, if you want to use GraphQL and that way, we can serve one market, as opposed to everybody who had a GitHub integration from five or six years ago, that was all piecemeal together and sort of duct tape, like we run move away from duct tape everything together. CHARLES: I see. BEX: I definitely agree that I don't think Travis is going to switch to using Probot anytime soon and I don't think most of the large companies will be doing that but I do think, there will be shift towards GitHub apps in general. For those companies that don't already have the buildings of the GitHub app started, I think that Probot could be, in time to free some of them. BRIAN: In addition to that too, Travis and Circle and all the CI integrations, they're doing a really good job. I think the cool thing about GitHub apps is what you take away all that ceremony of getting your checks to work, now we can start opening up the door of like what's the next sort of CICD thing like? There's another term or another, I guess category of applications that can now be built to improve GitHub. CHARLES: The most amazing thing about having a great platform is the apps that you don't foresee, like it just come completely out of left field and you're like, "Woah. I can't believe that's actually a possibility now." When you have started to see some of those, some Probot or GitHub apps, you're like, "Man, I didn't see that coming. That's awesome." BEX: A hundred percent. I think it's the most exciting part of Probot because I think GitHub as a platform, we all know GitHub is the largest developer platform in the world and I think the idea that developers can build on top of this platform is the most exciting idea right now. I have honestly already seen apps that really excites me. The other day, I saw this app that was definitely not near completion but it was essentially updating and issue a comment box over and over and taking response through like checking a box and then listening on that common edit, in order to specify your coffee order. ROBERT: Woah. BEX: I was like, "Do you want an ice coffee or regular? Do you want milk or sugar and cream?" and it was going one at a time. It didn't actually order you your coffee at the end but it was super exciting to watch that. You're just editing the comment. I had never seen that before. ROBERT: That's pretty slick and that's taking the API pretty far. I'm sure there were some parsing in there and each Webhook response are like, "Was this box edited or not." That interesting. CHARLES: Yeah. Actually, now that we're having this discussion is kind of like changing my mind a little bit. Robert and I were actually talking yesterday about trying to standardize on our release management and our plan was basically to have some software that was going to run inside of our CI provider and have kind of a shared library, just a little ntm package that was shared by all of our repos but I'm thinking now, man, we should really explore doing this as a GitHub app. ROBERT: Yes, please. I've had three ideas that I really want to build out as a Probot. I'm just going to list them off and then we can build them all together and take equity and you know. I'm kidding. But the two that really excite me, that I kind of want to do is one concept that we work on this open source project for our clients and if somebody from the outside that doesn't have commit bits to be able to push to master, it would be really cool if we had a Probot that after it had an approved on the PR, from the maintainer, that the person that open the PR could then tell a Probot say, "This is approved by somebody that manages this project. Can we merge?" and then the Probot would then actually merge. I don't know if that's possible. That's something that I definitely wanted to explore. Then the other one, which is less cool, would just be like if we have a couple branches on some of our projects that we want to continue and we're not ready to put it back into master but we want to continuously run the test suite against it, so the idea there would be to have a Probot that would watch for changes on master and rebase as needed and continue to run the test suite and see where you're at. Those are the two things that I'm really excited about to do with Probot but I just want to automate everything with GitHub now. CHARLES: Right. BEX: Yeah, definitely, that first idea was actually pretty viable. I'm curious to know like how you actually get those commit links -- is that what you called it? ROBERT: Commit bits are more like commit permissions, I guess. BEX: Oh, I see. ROBERT: An outside contributor. CHARLES: Yeah, we want to push responsibility to the person who is the maintainer who can approve it but actually, the way we do it at Frontside is the person who actually is making the change is responsible for merging it. Once you get approval, you still have to hit the go button and that's just going to make sure that you're taking responsibility for saying it's done but that doesn't work for open source because people coming off the internet are going to have the right to push but we would like to give it to them, maybe via an app, if there is a maintainer who's approved it. BEX: Yeah. That's definitely something you can do. I've seen quite a few apps that, essentially add outside collaborators to the repo. Are you familiar with the... I forgot what it is called, like the all contributor section, where you cite everyone in your repo and everything and who's worked on it. There was a GitHub app that would add someone automatically after they merge their first change. CHARLES: That's awesome. ROBERT: I may have seen that on React State Museum but I'm not sure. It's a repo that we've contributed to and it has all the contributors at the bottom. It seemingly just kind of popped up there. BRIAN: There's an app that, I would like to mention too that I'm pretty excited about, that it sounds trivial too and it's almost similar... Not similar but it's sort of related to what you were talking about, Rob, with your first app, which is the WIP bot, which is the work-in-progress bot. This is a pattern of whenever I open a PR and I might not ready for a merge but I want to share my code so I can get feedback earlier on, I'll type in WIP so that append to my title of my PR. What this engineer did was every time you do WIP, it's going to go into the GitHub API and actually block the PR for merging, which is a feature available to GitHub. It's nested in your settings but the cool thing about this it actually blocks the PR for merging, so you don't have to worry about getting your, sort of like show and tell code merging the master without being ready. ROBERT: That's one of the first bots that I installed on all of our repos and then you can correct me if I'm wrong, it didn't always have the ability to block the PR from being merged but with the new Checks API, is that something that was introduced? BEX: Not exactly. The way that blocking of merging works is if you set it as the required status, so you can install any sort of CI on your account and have it not being required and ignore it whenever you feel like it, so it's really up to you to make it required. Otherwise, it just isn't checked and that's true for anyone who uses the Statuses or the Checks API. ROBERT: Okay, so that's a Statuses API. Okay, sorry. BEX: Yes. ROBERT: Also, the cool thing about that that I noticed when that was rolled out was I was now able to pick and choose and use workflows on Circle CI and each workflow is broken out as a different status check. I am now required like linting and the build and the test have to pass for these browsers before it can merge, which is really cool to be able to pick and choose. BEX: Yeah. It's awesome. I know personally on some of my repos, I have a few checks that I just don't require because I know I have to make them pass. ROBERT: Yeah. Speaking specifically about the work-in-progress bot, do you know how that works? It's open source, so I am sure I can go look. I think we want to go make a PR. We had some back and forth about this, Charles. CHARLES: I actually just [inaudible] we disagree. ROBERT: Yes. Charles opened a PR and one of his first commits in the PR had work in progress and the title had work in progress and we have this this Probot on our website and it was a blog post. You know, you make a couple more commits and you're further down, you move the work in progress in the title but the PR were still blocked because the first commit on a PR have work in progress in it. I think if it's the most recent commit or if it's in your PR title with work in progress, it should block but otherwise, it should not and Charles feels differently. CHARLES: I have about six commits and the very first one have WIP in the title or in the commit message and it blocked the whole thing but I kind of felt like it actually made me go back and I had to squash it down to two commits because I actually feel that your commit history should tell the story of the development, not like it should an absolute one-to-one journal of what happens but what you are intending. I actually felt that it could help me out because there's six commits that we're kind of all over the place and just kind of slapdash together have made me kind of go back, rethink it and tell a coherent story. I think it did me a service but it was not obvious. I definitely agree with that but I was like, "Why? Why were you still blocking?" ROBERT: Do I really [inaudible] admin privileges? BEX: I would say, I am friends with the creator of the web app. His name is Gregory Mantis and he is actually got a huge work in progress PR shifting work in progress over to using the Checks API and one of the features that he's using with the Checks API is essentially this mark as now work in progress button that will add the special line, like feel free to merge or something like that into your original PR description at the bottom. If that is there, the work in progress app will no longer be blocking. It's essentially like a hard override and honestly, that's the power at the Checks API versus the Statuses API. That's really exciting. ROBERT: Because I have seen the work in progress bot to get into a weird state, where I did remove the work in progress from the title but it didn't quite update and I'm still blocked. It's okay for me because I have admin privileges but other people on the team maybe not and they might be blocked from something that's actually work in progress. It's a lot like that hard override will be probably pretty helpful. BEX: Yeah, definitely. I think sometimes, there's some confusion with that just because of the way what perks work on GitHub and the way our pages are rendered, that you may need to refresh the page before you actually see it take effect. ROBERT: Right, yeah. Overall though, I love that bot. I go weekly, probably to the Probot apps listing and just go shopping. BEX: Wow. I'm actually the person who approves all the Probot apps to the listings so that's pretty motivating there. ROBERT: It's really nice. I am not even joking when I say shopping, I go through and I open up a bunch of tabs, I read through them, "Oh, this could be useful," that kind of thing. BEX: The first app you mentioned, which was like the one that requests more info is actually one that I built, so that was kind of funny. I guess you got that from the Probot apps too. ROBERT: Yup. That one, we definitely use on a couple of our organizations and repos. It has yelled at me a couple of times because of a blank PR. BEX: It yells at me all the time. I think I get yelled at more than people who are actually doing it wrong. ROBERT: I'm a little embarrassed like, "I should do better. I need to set an example." BEX: Definitely. ROBERT: Cool. I'm curious what both of your favorite Probot app is. This ought to be interesting. BRIAN: The app that I'm really impressed with so far, that I actually only use on a junk project at the moment, is the weekly digest one and it's mainly because I built something for this in my previous role at the company but then we shift it, which is basically go through every single repo. I worked at a company called Netlify previously and we had way too many repos to maintain... Oh, sorry, to keep track of and I was moving further and further away from the backend at the time so I was unable to keep up to date with all that was changing. I built a Lambda to watch Webhooks and then give me a digest of what was shipped like issues and PRs closed. It was way over-engineered and I never actually shipped that to actually make it work. But then the weekly digesting came out maybe a couple of weeks ago and it blew me away because I was like, "This is exactly what I needed," and I was trying to make it overly complicated through like a Lambda and like a bunch of Webhooks and this person, with only a few weeks, has the scaffolding of what I needed. That's the one thing I'm pretty excited about. It was already mentioned earlier too, as well. BEX: I guess, I would say one of my favorite ones is the unfurl a link app. I think that one it so simple but so nice. I don't know. I think having that unfurl link preview is just beautiful. Essentially what it does is it listens on issue comment creation or pull request comment creation or issues your pull request or whatever and read through the text or whatever was that issue or pull request and looks for links and then, essentially unfurls them so you can get a really nice preview of what you're going to. I think that's really beautiful and just so simple. ROBERT: Yeah. I love that one too. I have that added to all of our repos. BEX: It's so much nicer. Why would you not unfurl your links when you could unfurl your links? ROBERT: Exactly. CHARLES: I actually have a question. I think it's been touched on, probably at least twice throughout the conversation. I want to actually create a Probot, how do I actually go about deploying it? What does that look like? What does it look like to deploy and maintain it? BEX: We have a page on our docs about deployment and essentially the TL;DR is you can deploy it on any normal cloud hosting service that you wanted to deploy it. There are a few things you need to specify. For example, GitHub gives you a private key that you need to create your JWT and that private key means to be passed into your hosting service however you do that and then, there's a few bits of information that need to be pass in. We have pretty intense docs about it. Honestly, I'm not a deployment person. I usually try to let other people do that and I have never had a problem going through our docs and just getting it working immediately. BRIAN: It's also mentioned that there are examples like Heroku and Now and a couple of other ones. If you have a service that you already like, it's possible it's already in the docs, like steps to how to get that deployed. BEX: Yup and any other services are more than welcome to be added to the docs. Pull request are welcome. ROBERT: Sweet. It sounds like we need to set up a hack date to create a Probot, Charles. CHARLES: Seriously, my mind is brewing. ROBERT: I guess it's not directly related to GraphQL but there's something that I've always wanted to build. For prior history to everybody [inaudible], then the podcast, Brian and I used to work at a company called IZEA and one of the things that we built and I worked on a lot was we would create a collect metrics on people's social accounts that they're connected and do that and graph it over time. This idea came from when I was building up that feature all the way back in 2013, I want to graph the change in GitHub stars. Is there an API available for me to see like weekly GitHub stars or is that something that I still have to manually store and track? BEX: There's definitely an API endpoint to get the amount of stars and I don't see why you couldn't just do that on weekly basis and compare but I don't think there's any track that change API. ROBERT: Gotcha, like a history of it. I could do this by just stealing and looking at what the weekly digest Probot is doing because there is a change in stars section in there. I was just curious if there was now an API that was available. BRIAN: Yeah, that's more unlikely. I'm going to say no without looking at all the reference documentation. I think as far as that database, it's something you'd probably have to collect on your own but it's also a good candidate for a GitHub app, where you build a service that you can actually track stars once you've installed it and then if you want to monetize it, you can actually pay for private repo or whatever stuff like that, if you wanted to. But it sounds like a great opportunity to see this in the GitHub/Probot listings. BEX: I actually just look this app really quick in our docs because I was curious but apparently, you can receive the star creation timestamps. That could be doable through timestamp usage. ROBERT: Oh, and then I just kind of loop through back and build your graph in there. BEX: Yeah. ROBERT: Interesting. All right. Well, [inaudible] I was going to do today. BEX: Yeah. But I think it's exciting to bot the weekly digest and then what you could extract from that into stargazing is that Probot scheduler, which is essentially this all Probot extension we made that triggers a Webhook on a scheduled time period because right now, the way GitHub apps works are so centered around Webhooks. It can be difficult to find a way to trigger an action on something outside of a Webhook, like on a schedule basis. ROBERT: Yeah, that would be really helpful. I can definitely see how that would be a problem, if it's very, very central to reacting to Webhooks and events that happen on the system. BEX: Exactly. ROBERT: You're just hoping that somebody comes through and creates an event at a specific time. CHARLES: Can I ask you a question about, it's definitely on topic of extending GitHub but currently, just a question about, where the line is between what you can and cannot extend? You mentioned, for example in the rewrite of the WIP bot, being able to throw out a big button that says override this merge. Are there any plans to be able to actually extend the UI in novel ways? Everything there right now is happening with API calls, with I assume, UI elements that are related but the UI elements are static. If someone wants to put a novel piece of the UI, that button is going to require an extension of the GitHub UI by GitHub itself. Are there any plans to be able to, I know it's a dangerous waters, perhaps at a limited fashion at first but maybe more so, add different interactions and the actual application. BEX: I think this is actually the most exciting future of GitHub as a platform. In the past, GitHub APIs have only specifically supporting things that you can do through the command line or you can do through GitHub's UI itself. The Checks API introduced the very first non-integration specific UI element essentially and the merge button that I was referring to in WIP is exactly that. It's essentially this button that you can change the text of it to be whatever you want and you can listen on that action and then you can do as an integration or an app, anything that you want based on that. I think that's the most exciting direction for GitHub. Because if you look at Slack, Slack is a platform that has sort of really impressive integrations in that response. Your apps on Slack can really do all of these things, use custom UI elements, so I think the most exciting features for GitHub as a platform is all of this customization and giving the power to the apps. ROBERT: Yeah, that sounds an awesome way to be able to extend GitHub without having to try and throw the feature on to GitHub developers. BEX: Exactly. I feel that a lot of the struggle right now is that there aren't these nice ways of communicating via apps because I feel lot of the apps and bots end up just commenting on issues and pull requests and taking up a ton of screen real estate as a result and I just think that that's not the way that bot should ideally interact with the GitHub platform. They should have their own space to exist and that's the feature I'm most excited for. CHARLES: Yeah. I can think of having like progress bars for CI checks and your various appointments. It's too exciting. I'm glad. That's definitely the response I was hoping to hear. BEX: Yeah. We're excited for it too. ROBERT: Basically, you all have a massive community of a bunch of developers that would want to do this and are willing to get their hands dirty on it. Enabling that community is probably the root of all Probot is about. That's super awesome. BEX: Yup. CHARLES: That's a good place to end, because gosh, it's going to be so exciting to have the millions of developers on the planet, just like surgeon to the APIs that you're developing. BRIAN: One thing to add to that too, about the whole million developers, there's a number that's been thrown out from Stack Overflow and also, some other people who are saying like there's 50 million developers, there's 24 million developers. As far as GitHub, our public user number is 28 million, the cool thing about Probot and GitHub apps is that there's a good chance that all those people that are using GitHub today are not actually developers. They're like PMs or designers and what's really cool about this, like having interactions with that kind of platform in this way is that you can now enable all the non-developers to be able to interact with your GitHub repos and start bringing more designers and PMs onto to the GitHub platform to interact with the developers. ROBERT: That is an interesting point. That is awesome and something that I'm always looking for is a different ways to collaborate with non-developers on my team because... I don't know, developers tend to think everything is always centered around code but it's not. The shifting at work that are awesome, needs a lot of collaboration from non-devs and non-dev skills. That would be really interesting to see. I'm excited for that to play out. BRIAN: Yeah. There's a blog post that was published a month ago, I think about where the design team, design system teams rather, built the integration to Figma to update their icons effectively. I just posted that in the chat to look into but they also built this as a Probot app as well. ROBERT: That is awesome. BEX: Yeah, that one is super exciting. You would have the app comment, the diff between what the old icon versus what the new icon look like and it's just such a beautiful design change to be able to see that shift. ROBERT: Man, I'm happy that this is happening. The future seems super bright. Where can we direct people to get resources to contribute, to get involved and start really going at this? BEX: Basically, Probot.GitHub.io has all the Probot stuff, /app has all the listings for apps you can install today, /docs is where the docs are, if you want to get started and hopefully from there, we link up to the necessary things that you need to do. BRIAN: Also, what I mentioned too via Probot Slack channel, there's a Slack channel as well and they do a weekly call. I think, it's weekly or bi-weekly call to actually chat with the Probot community. If you have questions, you can actually bring your questions to the team. BEX: Yeah, we call it 'Office Hours' and it's once a week and it's under our community page, where we also have a link to our Slack. We have a link to another podcast we run and basically, how to get involved in the Probot community. ROBERT: Those are really helpful resources. I do remember seeing that Office Hours. It's on Thursdays, right? BEX: Yes. ROBERT: I was going to drop in for one and then, I actually forgot. Actually, it might be going on as we talk right now in this podcast. BEX: It starts in half an hour, I think. ROBERT: That's awesome. Cool. Well, thank you Brian and Bex for having a conversation about Probot. This is really awesome. Is there anything that you would like to plug for yourselves? How people can get in contact with you? BRIAN: Yeah, I am BdougieYO on Twitter. Everything you need to know about me is there and I am happy to say hello. I'm also helping with the GitHub developer program, which is sort of getting a soon-to-be announced rebranding. If you go to Develop.GitHub.com/Program and you want to have more conversation about the API and GitHub apps on the GitHub side, you can go there to sign up. BEX: And I am HiImBexo on Twitter. You can ping me in any Probot stuff. I'd be happy to look at any Probot code. I've been looking at it for a while now so I'm happy to do that. ROBERT: That's awesome. Thank you all for having a conversation with us. This was really fun. I'm so excited about everything you can do with Probot. This is a really fun project. I'm happy that this is happening and I will make a Probot in the future. CHARLES: I'm looking forward too. Robert has been excited for quite some time and he definitely talks a lot about it and now, I have some insight as to what -- ROBERT: It's happening, I'm telling you. Well. Thank you for being here and we are the Frontside. We build UI that you can stake your future on. We are specializing in JavaScript. We can build anything that you want throw at us. We do functional programming, React testing, Vue, anything in JavaScript, we specialize in. As always if you want to suggest anything for us to have on the podcast or talk about, you can reach out to us at Contact@Frontside.io and like I teased earlier in the podcast, next episode is going to be all about Microstates, the immutable and functional state container, composable model system that we've been building, it's controls as a brainchild for the past two years. That is next episode and I'm really excited about that. It's a really fun API and expressive to build models with. Thank you, Mandy for producing our podcast and we'll see you next episode.

We explain the physics behind ZFS, DTrace switching to the GPL, Emacs debugging, syncookies coming to PF & FreeBSD's history on EC2. This episode was brought to you by Headlines 128 bit storage: Are you high? (https://blogs.oracle.com/bonwick/128-bit-storage:-are-you-high) For people who have heard about ZFS boiling oceans and wonder where that is coming from, we dug out this old piece from 2004 on the blog of ZFS co-creator Jeff Bonwick, originally from the Sun website. 64 bits would have been plenty ... but then you can't talk out of your ass about boiling oceans then, can you? Well, it's a fair question. Why did we make ZFS a 128-bit storage system? What on earth made us think it's necessary? And how do we know it's sufficient? Let's start with the easy one: how do we know it's necessary? Some customers already have datasets on the order of a petabyte, or 2^50 bytes. Thus the 64-bit capacity limit of 2^64 bytes is only 14 doublings away. Moore's Law for storage predicts that capacity will continue to double every 9-12 months, which means we'll start to hit the 64-bit limit in about a decade. Storage systems tend to live for several decades, so it would be foolish to create a new one without anticipating the needs that will surely arise within its projected lifetime. If 64 bits isn't enough, the next logical step is 128 bits. That's enough to survive Moore's Law until I'm dead, and after that, it's not my problem. But it does raise the question: what are the theoretical limits to storage capacity? Although we'd all like Moore's Law to continue forever, quantum mechanics imposes some fundamental limits on the computation rate and information capacity of any physical device. In particular, it has been shown that 1 kilogram of matter confined to 1 liter of space can perform at most 10^51 operations per second on at most 10^31 bits of information [see Seth Lloyd, "Ultimate physical limits to computation." Nature 406, 1047-1054 (2000)]. A fully-populated 128-bit storage pool would contain 2^128 blocks = 2^137 bytes = 2^140 bits; therefore the minimum mass required to hold the bits would be (2^140 bits) / (10^31 bits/kg) = 136 billion kg. That's a lot of gear. To operate at the 1031 bits/kg limit, however, the entire mass of the computer must be in the form of pure energy. By E=mc^2, the rest energy of 136 billion kg is 1.2x1028 J. The mass of the oceans is about 1.4x1021 kg. It takes about 4,000 J to raise the temperature of 1 kg of water by 1 degree Celcius, and thus about 400,000 J to heat 1 kg of water from freezing to boiling. The latent heat of vaporization adds another 2 million J/kg. Thus the energy required to boil the oceans is about 2.4x106 J/kg * 1.4x1021 kg = 3.4x1027 J. Thus, fully populating a 128-bit storage pool would, literally, require more energy than boiling the oceans. Best part of all: you don't have to understand any of this to use ZFS. Rest assured that you won't hit any limits with that filesystem for a long time. You still have to buy bigger disks over time, though... *** dtrace for Linux, Oracle relicenses dtrace (https://gnu.wildebeest.org/blog/mjw/2018/02/14/dtrace-for-linux-oracle-does-the-right-thing/) At Fosdem we had a talk on dtrace for linux in the Debugging Tools devroom. Not explicitly mentioned in that talk, but certainly the most exciting thing, is that Oracle is doing a proper linux kernel port: ``` commit e1744f50ee9bc1978d41db7cc93bcf30687853e6 Author: Tomas Jedlicka tomas.jedlicka@oracle.com Date: Tue Aug 1 09:15:44 2017 -0400 dtrace: Integrate DTrace Modules into kernel proper This changeset integrates DTrace module sources into the main kernel source tree under the GPLv2 license. Sources have been moved to appropriate locations in the kernel tree. ``` That is right, dtrace dropped the CDDL and switched to the GPL! The user space code dtrace-utils and libdtrace-ctf (a combination of GPLv2 and UPL) can be found on the DTrace Project Source Control page. The NEWS file mentions the license switch (and that it is build upon elfutils, which I personally was pleased to find out). The kernel sources (GPLv2+ for the core kernel and UPL for the uapi) are slightly harder to find because they are inside the uek kernel source tree, but following the above commit you can easily get at the whole linux kernel dtrace directory. The UPL is the Universal Permissive License, which according to the FSF is a lax, non-copyleft license that is compatible with the GNU GPL. Thank you Oracle for making everyone's life easier by waving your magic relicensing wand! Now there is lots of hard work to do to actually properly integrate this. And I am sure there are a lot of technical hurdles when trying to get this upstreamed into the mainline kernel. But that is just hard work. Which we can now start collaborating on in earnest. Like systemtap and the Dynamic Probes (dprobes) before it, dtrace is a whole system observability tool combining tracing, profiling and probing/debugging techniques. Something the upstream linux kernel hackers don't always appreciate when presented as one large system. They prefer having separate small tweaks for tracing, profiling and probing which are mostly separate from each other. It took years for the various hooks, kprobes, uprobes, markers, etc. from systemtap (and other systems) to get upstream. But these days they are. And there is now even a byte code interpreter (eBPF) in the mainline kernel as originally envisioned by dprobes, which systemtap can now target through stapbpf. So with all those techniques now available in the linux kernel it will be exciting to see if dtrace for linux can unite them all. Debugging Emacs or: How I Learned to Stop Worrying and Love DTrace (http://nullprogram.com/blog/2018/01/17/) For some time Elfeed was experiencing a strange, spurious failure. Every so often users were seeing an error (spoiler warning) when updating feeds: “error in process sentinel: Search failed.” If you use Elfeed, you might have even seen this yourself. From the surface it appeared that curl, tasked with the responsibility for downloading feed data, was producing incomplete output despite reporting a successful run. Since the run was successful, Elfeed assumed certain data was in curl's output buffer, but, since it wasn't, it failed hard. Unfortunately this issue was not reproducible. Manually running curl outside of Emacs never revealed any issues. Asking Elfeed to retry fetching the feeds would work fine. The issue would only randomly rear its head when Elfeed was fetching many feeds in parallel, under stress. By the time the error was discovered, the curl process had exited and vital debugging information was lost. Considering that this was likely to be a bug in Emacs itself, there really wasn't a reliable way to capture the necessary debugging information from within Emacs Lisp. And, indeed, this later proved to be the case. A quick-and-dirty work around is to use condition-case to catch and swallow the error. When the bizarre issue shows up, rather than fail badly in front of the user, Elfeed could attempt to swallow the error — assuming it can be reliably detected — and treat the fetch as simply a failure. That didn't sit comfortably with me. Elfeed had done its due diligence checking for errors already. Someone was lying to Elfeed, and I intended to catch them with their pants on fire. Someday. I'd just need to witness the bug on one of my own machines. Elfeed is part of my daily routine, so surely I'd have to experience this issue myself someday. My plan was, should that day come, to run a modified Elfeed, instrumented to capture extra data. I would have also routinely run Emacs under GDB so that I could inspect the failure more deeply. For now I just had to wait to hunt that zebra. Bryan Cantrill, DTrace, and FreeBSD Over the holidays I re-discovered Bryan Cantrill, a systems software engineer who worked for Sun between 1996 and 2010, and is most well known for DTrace. My first exposure to him was in a BSD Now interview in 2015. I had re-watched that interview and decided there was a lot more I had to learn from him. He's become a personal hero to me. So I scoured the internet for more of his writing and talks. Some interesting operating system technology came out of Sun during its final 15 or so years — most notably DTrace and ZFS — and Bryan speaks about it passionately. Almost as a matter of luck, most of it survived the Oracle acquisition thanks to Sun releasing it as open source in just the nick of time. Otherwise it would have been lost forever. The scattered ex-Sun employees, still passionate about their prior work at Sun, along with some of their old customers have since picked up the pieces and kept going as a community under the name illumos. It's like an open source flotilla. Naturally I wanted to get my hands on this stuff to try it out for myself. Is it really as good as they say? Normally I stick to Linux, but it (generally) doesn't have these Sun technologies available. The main reason is license incompatibility. Sun released its code under the CDDL, which is incompatible with the GPL. Ubuntu does infamously include ZFS, but other distributions are unwilling to take that risk. Porting DTrace is a serious undertaking since it's got its fingers throughout the kernel, which also makes the licensing issues even more complicated. Linux has a reputation for Not Invented Here (NIH) syndrome, and these licensing issues certainly contribute to that. Rather than adopt ZFS and DTrace, they've been reinvented from scratch: btrfs instead of ZFS, and a slew of partial options instead of DTrace. Normally I'm most interested in system call tracing, and my go to is strace, though it certainly has its limitations — including this situation of debugging curl under Emacs. Another famous example of NIH is Linux's epoll(2), which is a broken version of BSD kqueue(2). So, if I want to try these for myself, I'll need to install a different operating system. I've dabbled with OmniOS, an OS built on illumos, in virtual machines, using it as an alien environment to test some of my software (e.g. enchive). OmniOS has a philosophy called Keep Your Software To Yourself (KYSTY), which is really just code for “we don't do packaging.” Honestly, you can't blame them since they're a tiny community. The best solution to this is probably pkgsrc, which is essentially a universal packaging system. Otherwise you're on your own. There's also openindiana, which is a more friendly desktop-oriented illumos distribution. Still, the short of it is that you're very much on your own when things don't work. The situation is like running Linux a couple decades ago, when it was still difficult to do. If you're interested in trying DTrace, the easiest option these days is probably FreeBSD. It's got a big, active community, thorough documentation, and a huge selection of packages. Its license (the BSD license, duh) is compatible with the CDDL, so both ZFS and DTrace have been ported to FreeBSD. What is DTrace? I've done all this talking but haven't yet described what DTrace really is. I won't pretend to write my own tutorial, but I'll provide enough information to follow along. DTrace is a tracing framework for debugging production systems in real time, both for the kernel and for applications. The “production systems” part means it's stable and safe — using DTrace won't put your system at risk of crashing or damaging data. The “real time” part means it has little impact on performance. You can use DTrace on live, active systems with little impact. Both of these core design principles are vital for troubleshooting those really tricky bugs that only show up in production. There are DTrace probes scattered all throughout the system: on system calls, scheduler events, networking events, process events, signals, virtual memory events, etc. Using a specialized language called D (unrelated to the general purpose programming language D), you can dynamically add behavior at these instrumentation points. Generally the behavior is to capture information, but it can also manipulate the event being traced. Each probe is fully identified by a 4-tuple delimited by colons: provider, module, function, and probe name. An empty element denotes a sort of wildcard. For example, syscall::open:entry is a probe at the beginning (i.e. “entry”) of open(2). syscall:::entry matches all system call entry probes. Unlike strace on Linux which monitors a specific process, DTrace applies to the entire system when active. To run curl under strace from Emacs, I'd have to modify Emacs' behavior to do so. With DTrace I can instrument every curl process without making a single change to Emacs, and with negligible impact to Emacs. That's a big deal. So, when it comes to this Elfeed issue, FreeBSD is much better poised for debugging the problem. All I have to do is catch it in the act. However, it's been months since that bug report and I'm not really making this connection yet. I'm just hoping I eventually find an interesting problem where I can apply DTrace. Bryan Cantrill: Talks I have given (http://dtrace.org/blogs/bmc/2018/02/03/talks/) *** News Roundup a2k18 Hackathon preview: Syncookies coming to PF (https://undeadly.org/cgi?action=article;sid=20180207090000) As you may have heard, the a2k18 hackathon is in progress. As can be seen from the commit messages, several items of goodness are being worked on. One eagerly anticipated item is the arrival of TCP syncookies (read: another important tool in your anti-DDoS toolset) in PF. Henning Brauer (henning@) added the code in a series of commits on February 6th, 2018, with this one containing the explanation: ``` syncookies for pf. when syncookies are on, pf will blindly answer each and every SYN with a syncookie-SYNACK. Upon reception of the ACK completing the 3WHS, pf will reconstruct the original SYN, shove it through pf_test, where state will be created if the ruleset permits it. Then massage the freshly created state (we won't see the SYNACK), set up the sequence number modulator, and call into the existing synproxy code to start the 3WHS with the backend host. Add an - somewhat basic for now - adaptive mode where syncookies get enabled if a certain percentage of the state table is filled up with half-open tcp connections. This makes pf firewalls resilient against large synflood attacks. syncookies are off by default until we gained more experience, considered experimental for now. see http://bulabula.org/papers/2017/bsdcan/ for more details. joint work with sashan@, widely discussed and with lots of input by many ``` The first release to have this feature available will probably be the upcoming OpenBSD 6.3 if a sufficient number of people test this in their setups (hint, hint). More info is likely to emerge soon in post-hackathon writeups, so watch this space! [Pale Moon] A Perfect example of how not to approach OS developers/packagers Removed from OpenBSD Ports due to Licensing Issues (https://github.com/jasperla/openbsd-wip/issues/86) FreeBSD Palemoon branding violation (https://lists.freebsd.org/pipermail/freebsd-ports/2018-February/112455.html) Mightnight BSD's response (https://twitter.com/midnightbsd/status/961232422091280386) *** FreeBSD EC2 History (http://www.daemonology.net/blog/2018-02-12-FreeBSD-EC2-history.html) A couple years ago Jeff Barr published a blog post with a timeline of EC2 instances. I thought at the time that I should write up a timeline of the FreeBSD/EC2 platform, but I didn't get around to it; but last week, as I prepared to ask for sponsorship for my work I decided that it was time to sit down and collect together the long history of how the platform has evolved and improved over the years. Normally I don't edit blog posts after publishing them (with the exception of occasional typographical corrections), but I do plan on keeping this post up to date with future developments. August 25, 2006: Amazon EC2 launches. It supports a single version of Ubuntu Linux; FreeBSD is not available. December 13, 2010: I manage to get FreeBSD running on EC2 t1.micro instances. March 22, 2011: I manage to get FreeBSD running on EC2 "cluster compute" instances. July 8, 2011: I get FreeBSD 8.2 running on all 64-bit EC2 instance types, by marking it as "Windows" in order to get access to Xen/HVM virtualization. (Unfortunately this meant that users had to pay the higher "Windows" hourly pricing.) January 16, 2012: I get FreeBSD 9.0 running on 32-bit EC2 instances via the same "defenestration" trick. (Again, paying the "Windows" prices.) August 16, 2012: I move the FreeBSD rc.d scripts which handle "EC2" functionality (e.g., logging SSH host keys to the console) into the FreeBSD ports tree. October 7, 2012: I rework the build process for FreeBSD 9.1-RC1 and later to use "world" bits extracted from the release ISOs; only the kernel is custom-built. Also, the default SSH user changes from "root" to "ec2-user". October 31, 2012: Amazon launches the "M3" family of instances, which support Xen/HVM without FreeBSD needing to pay the "Windows" tax. November 21, 2012: I get FreeBSD added to the AWS Marketplace. October 2, 2013: I finish merging kernel patches into the FreeBSD base system, and rework the AMI build (again) so that FreeBSD 10.0-ALPHA4 and later use bits extracted from the release ISOs for the entire system (world + kernel). FreeBSD Update can now be used for updating everything (because now FreeBSD/EC2 uses a GENERIC kernel). October 27, 2013: I add code to EC2 images so that FreeBSD 10.0-BETA2 and later AMIs will run FreeBSD Update when they first boot in order to download and install any critical updates. December 1, 2013: I add code to EC2 images so that FreeBSD 10.0-BETA4 and later AMIs bootstrap the pkg tool and install packages at boot time (by default, the "awscli" package). December 9, 2013: I add configinit to FreeBSD 10.0-RC1 and later to allow systems to be easily configured via EC2 user-data. July 1, 2014: Amazon launches the "T2" family of instances; now the most modern family for every type of EC2 instance (regular, high-memory, high-CPU, high-I/O, burstable) supports HVM and there should no longer be any need for FreeBSD users to pay the "Windows tax". November 24, 2014: I add code to FreeBSD 10.2 and later to automatically resize their root filesystems when they first boot; this means that a larger root disk can be specified at instance launch time and everything will work as expected. April 1, 2015: I integrate the FreeBSD/EC2 build process into the FreeBSD release building process; FreeBSD 10.2-BETA1 and later AMIs are built by the FreeBSD release engineering team. January 12, 2016: I enable Intel 82599-based "first generation EC2 Enhanced Networking" in FreeBSD 11.0 and later. June 9, 2016: I enable the new EC2 VGA console functionality in FreeBSD 11.0 and later. (The old serial console also continues to work.) June 24, 2016: Intel 82599-based Enhanced Networking works reliably in FreeBSD 11.0 and later thanks to discovering and working around a Xen bug. June 29, 2016: I improve throughput on Xen blkfront devices (/dev/xbd*) by enabling indirect segment I/Os in FreeBSD 10.4 and later. (I wrote this functionality in July 2015, but left it disabled by default a first because a bug in EC2 caused it to hurt performance on some instances.) July 7, 2016: I fix a bug in FreeBSD's virtual memory initialization in order to allow it to support boot with 128 CPUs; aka. FreeBSD 11.0 and later support the EC2 x1.32xlarge instance type. January 26, 2017: I change the default configuration in FreeBSD 11.1 and later to support EC2's IPv6 networking setup out of the box (once you flip all of the necessary switches to enable IPv6 in EC2 itself). May 20, 2017: In collaboration with Rick Macklem, I make FreeBSD 11.1 and later compatible with the Amazon "Elastic File System" (aka. NFSv4-as-a-service) via the newly added "oneopenown" mount option (and lots of bug fixes). May 25, 2017: I enable support for the Amazon "Elastic Network Adapter" in FreeBSD 11.1 and later. (The vast majority of the work — porting the driver code — was done by Semihalf with sponsorship from Amazon.) December 5, 2017: I change the default configuration in FreeBSD 11.2 and later to make use of the Amazon Time Sync Service (aka. NTP-as-a-service). The current status The upcoming FreeBSD release (11.2) supports: IPv6, Enhanced Networking (both generations), Amazon Elastic File System, Amazon Time Sync Service, both consoles (Serial VGA), and every EC2 instance type (although I'm not sure if FreeBSD has drivers to make use of the FPGA or GPU hardware on those instances). Colin's Patreon' page if you'd like to support him (https://www.patreon.com/cperciva) X network transparency X's network transparency has wound up mostly being a failure (https://utcc.utoronto.ca/~cks/space/blog/unix/XNetworkTransparencyFailure) I was recently reading Mark Dominus's entry about some X keyboard problems, in which he said in passing (quoting himself): I have been wondering for years if X's vaunted network transparency was as big a failure as it seemed: an interesting idea, worth trying out, but one that eventually turned out to be more trouble than it was worth. [...] My first reaction was to bristle, because I use X's network transparency all of the time at work. I have several programs to make it work very smoothly, and some core portions of my environment would be basically impossible without it. But there's a big qualification on my use of X's network transparency, namely that it's essentially all for text. When I occasionally go outside of this all-text environment of xterms and emacs and so on, it doesn't go as well. X's network transparency was not designed as 'it will run xterm well'; originally it was to be something that should let you run almost everything remotely, providing a full environment. Even apart from the practical issues covered in Daniel Stone's slide presentation, it's clear that it's been years since X could deliver a real first class environment over the network. You cannot operate with X over the network in the same way that you do locally. Trying to do so is painful and involves many things that either don't work at all or perform so badly that you don't want to use them. In my view, there are two things that did in general X network transparency. The first is that networks turned out to not be fast enough even for ordinary things that people wanted to do, at least not the way that X used them. The obvious case is web browsers; once the web moved to lots of images and worse, video, that was pretty much it, especially with 24-bit colour. (It's obviously not impossible to deliver video across the network with good performance, since YouTube and everyone else does it. But their video is highly encoded in specialized formats, not handled by any sort of general 'send successive images to the display' system.) The second is that the communication facilities that X provided were too narrow and limited. This forced people to go outside of them in order to do all sorts of things, starting with audio and moving on to things like DBus and other ways of coordinating environments, handling sophisticated configuration systems, modern fonts, and so on. When people designed these additional communication protocols, the result generally wasn't something that could be used over the network (especially not without a bunch of setup work that you had to do in addition to remote X). Basic X clients that use X properties for everything may be genuinely network transparent, but there are very few of those left these days. (Not even xterm is any more, at least if you use XFT fonts. XFT fonts are rendered in the client, and so different hosts may have different renderings of the same thing, cf.) < What remains of X's network transparency is still useful to some of us, but it's only a shadow of what the original design aimed for. I don't think it was a mistake for X to specifically design it in (to the extent that they did, which is less than you might think), and it did help X out pragmatically in the days of X terminals, but that's mostly it. (I continue to think that remote display protocols are useful in general, but I'm in an usual situation. Most people only ever interact with remote machines with either text mode SSH or a browser talking to a web server on the remote machine.) PS: The X protocol issues with synchronous requests that Daniel Stone talks about don't help the situation, but I think that even with those edges sanded off X's network transparency wouldn't be a success. Arguably X's protocol model committed a lesser version of part of the NeWS mistake. X's network transparency was basically free at the time (https://utcc.utoronto.ca/~cks/space/blog/unix/XFreeNetworkTransparency) I recently wrote an entry about how X's network transparency has wound up mostly being a failure for various reasons. However, there is an important flipside to the story of X's network transparency, and that is that X's network transparency was almost free at the time and in the context it was created. Unlike the situation today, in the beginning X did not have to give up lots of performance or other things in order to get network transparency. X originated in the mid 1980s and it was explicitly created to be portable across various Unixes, especially BSD-derived ones (because those were what universities were mostly using at that time). In the mid to late 1980s, Unix had very few IPC methods, especially portable ones. In particular, BSD systems did not have shared memory (it was called 'System V IPC' for the obvious reasons). BSD had TCP and Unix sockets, some System V machines had TCP (and you could likely assume that more would get it), and in general your safest bet was to assume some sort of abstract stream protocol and then allow for switchable concrete backends. Unsurprisingly, this is exactly what X did; the core protocol is defined as a bidirectional stream of bytes over an abstracted channel. (And the concrete implementation of $DISPLAY has always let you specify the transport mechanism, as well as allowing your local system to pick the best mechanism it has.) Once you've decided that your protocol has to run over abstracted streams, it's not that much more work to make it network transparent (TCP provides streams, after all). X could have refused to make the byte order of the stream clear or required the server and the client to have access to some shared files (eg for fonts), but I don't think either would have been a particularly big win. I'm sure that it took some extra effort and care to make X work across TCP from a different machine, but I don't think it took very much. (At the same time, my explanation here is probably a bit ahistorical. X's initial development seems relatively strongly tied to sometimes having clients on different machines than the display, which is not unreasonable for the era. But it doesn't hurt to get a feature that you want anyway for a low cost.) I believe it's important here that X was intended to be portable across different Unixes. If you don't care about portability and can get changes made to your Unix, you can do better (for example, you can add some sort of shared memory or process to process virtual memory transfer). I'm not sure how the 1980s versions of SunView worked, but I believe they were very SunOS dependent. Wikipedia says SunView was partly implemented in the kernel, which is certainly one way to both share memory and speed things up. PS: Sharing memory through mmap() and friends was years in the future at this point and required significant changes when it arrived. Beastie Bits Grace Hopper Celebration 2018 Call for Participation (https://www.freebsdfoundation.org/news-and-events/call-for-papers/grace-hopper-celebration-2018-call-for-participation/) Google Summer of Code: Call for Project Ideas (https://www.freebsdfoundation.org/blog/google-summer-of-code-call-for-project-ideas/) The OpenBSD Foundation 2018 Fundraising Campaign (https://undeadly.org/cgi?action=article;sid=20180129190641) SSH Mastery 2/e out (https://blather.michaelwlucas.com/archives/3115) AsiaBSDcon 2018 Registration is open (https://2018.asiabsdcon.org/) Tarsnap support for Bitcoin ending April 1st; and a Chrome bug (http://mail.tarsnap.com/tarsnap-announce/msg00042.html) Feedback/Questions Todd - Couple Questions (http://dpaste.com/195HGHY#wrap) Seth - Tar Snap (http://dpaste.com/1N7NQVQ#wrap) Alex - sudo question (http://dpaste.com/3D9P1DW#wrap) Thomas - FreeBSD on ARM? (http://dpaste.com/24NMG47#wrap) Albert - Austria BSD User Group (http://dpaste.com/373CRX7#wrap)

The costs of open sourcing a project are explored, we discover why PS4 downloads are so slow, delve into the history of UNIX man pages, and more. This episode was brought to you by Headlines The Cost Of Open Sourcing Your Project (https://meshedinsights.com/2016/09/20/open-source-unlikely-to-be-abandonware/) Accusing a company of “dumping” their project as open source is probably misplaced – it's an expensive business no-one would do frivolously. If you see an active move to change software licensing or governance, it's likely someone is paying for it and thus could justify the expense to an executive. A Little History Some case study cameos may help. From 2004 onwards, Sun Microsystems had a policy of all its software moving to open source. The company migrated almost all products to open source licenses, and had varying degrees of success engaging communities around the various projects, largely related to the outlooks of the product management and Sun developers for the project. Sun occasionally received requests to make older, retired products open source. For example, Sun acquired a company called Lighthouse Design which created a respected suite of office productivity software for Steve Jobs' NeXT platform. Strategy changes meant that software headed for the vault (while Jonathan Schwartz, a founder of Lighthouse, headed for the executive suite). Members of the public asked if Sun would open source some of this software, but these requests were declined because there was no business unit willing to fund the move. When Sun was later bought by Oracle, a number of those projects that had been made open source were abandoned. “Abandoning” software doesn't mean leaving it for others; it means simply walking away from wherever you left it. In the case of Sun's popular identity middleware products, that meant Oracle let the staff go and tried to migrate customers to other products, while remaining silent in public on the future of the project. But the code was already open source, so the user community was able to pick up the pieces and carry on, with help from Forgerock. It costs a lot of money to open source a mature piece of commercial software, even if all you are doing is “throwing a tarball over the wall”. That's why companies abandoning software they no longer care about so rarely make it open source, and those abandoning open source projects rarely move them to new homes that benefit others. If all you have thought about is the eventual outcome, you may be surprised how expensive it is to get there. Costs include: For throwing a tarball over the wall: Legal clearance. Having the right to use the software is not the same as giving everyone in the world an unrestricted right to use it and create derivatives. Checking every line of code to make sure you have the rights necessary to release under an OSI-approved license is a big task requiring high-value employees on the “liberation team”. That includes both developers and lawyers; neither come cheap. Repackaging. To pass it to others, a self-contained package containing all necessary source code, build scripts and non-public source and tool dependencies has to be created since it is quite unlikely to exist internally. Again, the liberation team will need your best developers. Preserving provenance. Just because you have confidence that you have the rights to the code, that doesn't mean anyone else will. The version control system probably contains much of the information that gives confidence about who wrote which code, so the repackaging needs to also include a way to migrate the commit information. Code cleaning. The file headers will hopefully include origin information but the liberation team had better check. They also need to check the comments for libel and profanities, not to mention trade secrets (especially those from third parties) and other IP issues. For a sustainable project, all the above plus: Compliance with host governance. It is a fantastic idea to move your project to a host like Apache, Conservancy, Public Software and so on. But doing so requires preparatory work. As a minimum you will need to negotiate with the new host organisation, and they may well need you to satisfy their process requirements. Paperwork obviously, but also the code may need conforming copyright statements and more. That's more work for your liberation team. Migration of rights. Your code has an existing community who will need to migrate to your new host. That includes your staff – they are community too! They will need commit rights, governance rights, social media rights and more. Your liberation team will need your community manager, obviously, but may also need HR input. Endowment. Keeping your project alive will take money. It's all been coming from you up to this point, but if you simply walk away before the financial burden has been accepted by the new community and hosts there may be a problem. You should consider making an endowment to your new host to pay for their migration costs plus the cost of hosting the community for at least a year. Marketing. Explaining the move you are making, the reasons why you are making it and the benefits for you and the community is important. If you don't do it, there are plenty of trolls around who will do it for you. Creating a news blog post and an FAQ — the minimum effort necessary — really does take someone experienced and you'll want to add such a person to your liberation team. Motivations There has to be some commercial reason that makes the time, effort and thus expense worth incurring. Some examples of motivations include: Market Strategy. An increasing number of companies are choosing to create substantial, openly-governed open source communities around software that contributes to their business. An open multi-stakeholder co-developer community is an excellent vehicle for innovation at the lowest cost to all involved. As long as your market strategy doesn't require creating artificial scarcity. Contract with a third party. While the owner of the code may no longer be interested, there may be one or more parties to which they owe a contractual responsibility. Rather than breaching that contract, or buying it out, a move to open source may be better. Some sources suggest a contractual obligation to IBM was the reason Oracle abandoned OpenOffice.org by moving it over to the Apache Software Foundation for example. Larger dependent ecosystem. You may have no further use for the code itself, but you may well have other parts of your business which depend on it. If they are willing to collectively fund development you might consider an “inner source” strategy which will save you many of the costs above. But the best way to proceed may well be to open the code so your teams and those in other companies can fund the code. Internal politics. From the outside, corporations look monolithic, but from the inside it becomes clear they are a microcosm of the market in which they exist. As a result, they have political machinations that may be addressed by open source. One of Oracle's motivations for moving NetBeans to Apache seems to have been political. Despite multiple internal groups needing it to exist, the code was not generating enough direct revenue to satisfy successive executive owners, who allegedly tried to abandon it on more than one occasion. Donating it to Apache meant that couldn't happen again. None of this is to say a move to open source guarantees the success of a project. A “Field of Dreams” strategy only works in the movies, after all. But while it may be tempting to look at a failed corporate liberation and describe it as “abandonware”, chances are it was intended as nothing of the kind. Why PS4 downloads are so slow (https://www.snellman.net/blog/archive/2017-08-19-slow-ps4-downloads/) From the blog that brought us “The origins of XXX as FIXME (https://www.snellman.net/blog/archive/2017-04-17-xxx-fixme/)” and “The mystery of the hanging S3 downloads (https://www.snellman.net/blog/archive/2017-07-20-s3-mystery/)”, this week it is: “Why are PS4 downloads so slow?” Game downloads on PS4 have a reputation of being very slow, with many people reporting downloads being an order of magnitude faster on Steam or Xbox. This had long been on my list of things to look into, but at a pretty low priority. After all, the PS4 operating system is based on a reasonably modern FreeBSD (9.0), so there should not be any crippling issues in the TCP stack. The implication is that the problem is something boring, like an inadequately dimensioned CDN. But then I heard that people were successfully using local HTTP proxies as a workaround. It should be pretty rare for that to actually help with download speeds, which made this sound like a much more interesting problem. Before running any experiments, it's good to have a mental model of how the thing we're testing works, and where the problems might be. If nothing else, it will guide the initial experiment design. The speed of a steady-state TCP connection is basically defined by three numbers. The amount of data the client is will to receive on a single round-trip (TCP receive window), the amount of data the server is willing to send on a single round-trip (TCP congestion window), and the round trip latency between the client and the server (RTT). To a first approximation, the connection speed will be: speed = min(rwin, cwin) / RTT With this model, how could a proxy speed up the connection? The speed through the proxy should be the minimum of the speed between the client and proxy, and the proxy and server. It should only possibly be slower With a local proxy the client-proxy RTT will be very low; that connection is almost guaranteed to be the faster one. The improvement will have to be from the server-proxy connection being somehow better than the direct client-server one. The RTT will not change, so there are just two options: either the client has a much smaller receive window than the proxy, or the client is somehow causing the server's congestion window to decrease. (E.g. the client is randomly dropping received packets, while the proxy isn't). After setting up a test rig, where the PS4's connection was bridged through a linux box so packets could be captured, and artificial latency could be added, some interested results came up: The differences in receive windows at different times are striking. And more important, the changes in the receive windows correspond very well to specific things I did on the PS4 When the download was started, the game Styx: Shards of Darkness was running in the background (just idling in the title screen). The download was limited by a receive window of under 7kB. This is an incredibly low value; it's basically going to cause the downloads to take 100 times longer than they should. And this was not a coincidence, whenever that game was running, the receive window would be that low. Having an app running (e.g. Netflix, Spotify) limited the receive window to 128kB, for about a 5x reduction in potential download speed. Moving apps, games, or the download window to the foreground or background didn't have any effect on the receive window. Playing an online match in a networked game (Dreadnought) caused the receive window to be artificially limited to 7kB. I ran a speedtest at a time when downloads were limited to 7kB receive window. It got a decent receive window of over 400kB; the conclusion is that the artificial receive window limit appears to only apply to PSN downloads. When a game was started (causing the previously running game to be stopped automatically), the receive window could increase to 650kB for a very brief period of time. Basically it appears that the receive window gets unclamped when the old game stops, and then clamped again a few seconds later when the new game actually starts up. I did a few more test runs, and all of them seemed to support the above findings. The only additional information from that testing is that the rest mode behavior was dependent on the PS4 settings. Originally I had it set up to suspend apps when in rest mode. If that setting was disabled, the apps would be closed when entering in rest mode, and the downloads would proceed at full speed. The PS4 doesn't make it very obvious exactly what programs are running. For games, the interaction model is that opening a new game closes the previously running one. This is not how other apps work; they remain in the background indefinitely until you explicitly close them. So, FreeBSD and its network stack are not to blame Sony used a poor method to try to keep downloads from interfering with your gameplay The impact of changing the receive window is highly dependant upon RTT, so it doesn't work as evenly as actual traffic shaping or queueing would. An interesting deep dive, it is well worth reading the full article and checking out the graphs *** OpenSSH 7.6 Released (http://www.openssh.com/releasenotes.html#7.6) From the release notes: This release includes a number of changes that may affect existing configurations: ssh(1): delete SSH protocol version 1 support, associated configuration options and documentation. ssh(1)/sshd(8): remove support for the hmac-ripemd160 MAC. ssh(1)/sshd(8): remove support for the arcfour, blowfish and CAST Refuse RSA keys

Steven Bristol co-founded, built, marketed, supported and sold a multi-million dollar SaaS software product called LessAccounting. LessAccounting is an easy-to-use small business-accounting software that allows clients to easily track online invoices and carry out their bookkeeping tasks conveniently.   He is also the co-founder of LessEverything, a company that builds software for different clients, creates integrations between products, and improves companies' conversion rates. His program adventure started as a 9 year old writing BASIC. In the past 28 years he has written many languages, become a Ruby on Rails core contributor, and a 2007 Google Summer of Code Mentor.  He is a former motorcycle racer and has gone over 150 miles per hour with his knee on the ground. He is also a proud father of three.  Core Revenue streams  Steven jointly runs LessEverything, Inc. with his co-founder Allan Branch. They have two revenue streams with the first being offering consulting services to people who want to build successful businesses. He has been applying his talents and 10-year business experience in helping different SaaS products get to market and do better in the market.  Their second revenue stream is a business division called LessFilms.com which makes marketing videos for diverse clients.  Starting out in business  Never wanted to be an entrepreneur because from observing his entrepreneur parents, he felt it was too much work. He never really held a job for long and eventually felt formal employment was not for him. After he left his last job, he partnered up with Allan Branch to start working on LessAccounting. They also started the umbrella company LessEverything, Inc.  The viability of LessAccounting  He thinks they succeeded with the LessAccounting idea out of sheer arrogance and non-belief in failure. Their bar of success was also very low so they just needed the idea to generate enough money for them to sustain their company's operations and meet their personal financial obligations.   The tech world was not very saturated with similar products back then and therefore it was easier for them to market LessAccounting and secure enough users to generate considerable revenue.  Main competitor issues  QuickBooks, their biggest competitor, saw them as a threat, and being an established company, they had an upper hand in terms of marketing. With their limited marketing budget, Steven and Allan became the first Twitter trolls. They discovered that majority of the Twitter reviews related to QuickBooks were negative so they created a website called weallhatequickbooks.com to leverage on the negative reviews.  Steven believes that QuickBooks used to replicate some of the features on LessAccounting into their product.  Getting the first paying clients  Steven and Allan had a lot of friends on Twitter who were either in the tech world, offering consulting services or starting their own business. They leveraged on that by tweeting out that they had launched LessAccounting and people immediately signed up for the free trial. At that point, Steven had not even developed the billing code but built it within a month so that they could start charging people to use the software. At first, they had about 4 paying customers and that number grew steadily from month to month.  Growth strategy in the beginning  Never really had a growth strategy but concentrated more on building LessAccounting. Steven and Allan did consulting work in order to generate enough income to finance the development of LessAccounting.  They used a lot of word of mouth by attending conferences to make friends who would recommend them to clients. Steven used to speak at Ruby on Rails/tech conferences globally. That approach proved to be fruitful in terms of marketing.  Dealing with the accounting aspect of LessAccounting  The philosophy behind LessAccounting for Steven was to make software that didn't require users to have a...

This week on BSD Now, Adrian Chadd on bringing up 802.11ac in FreeBSD, a PFsense and OpenVPN tutorial, and we talk about an interesting ZFS storage pool checkpoint project. This episode was brought to you by Headlines Bringing up 802.11ac on FreeBSD (http://adrianchadd.blogspot.com/2017/04/bringing-up-80211ac-on-freebsd.html) Adrian Chadd has a new blog post about his work to bring 802.11ac support to FreeBSD 802.11ac allows for speeds up to 500mbps and total bandwidth into multiple gigabits The FreeBSD net80211 stack has reasonably good 802.11n support, but no 802.11ac support. I decided a while ago to start adding basic 802.11ac support. It was a good exercise in figuring out what the minimum set of required features are and another excuse to go find some of the broken corner cases in net80211 that needed addressing. 802.11ac introduces a few new concepts that the stack needs to understand. I decided to use the QCA 802.11ac parts because (a) I know the firmware and general chip stuff from the first generation 11ac parts well, and (b) I know that it does a bunch of stuff (like rate control, packet scheduling, etc) so I don't have to do it. If I chose, say, the Intel 11ac parts then I'd have to implement a lot more of the fiddly stuff to get good behaviour. Step one - adding VHT channels. I decided in the shorter term to cheat and just add VHT channels to the already very large ieee80211channel map. The linux way of there being a channel context rather than hundreds of static channels to choose from is better in the long run, but I wanted to get things up and running. So, that's what I did first - I added VHT flags for 20, 40, 80, 80+80 and 160MHz operating modes and I did the bare work required to populate the channel lists with VHT channels as well. Then I needed to glue it into an 11ac driver. My ath10k port was far enough along to attempt this, so I added enough glue to say "I support VHT" to the iccaps field and propagated it to the driver for monitor mode configuration. And yes, after a bit of dancing, I managed to get a VHT channel to show up in ath10k in monitor mode and could capture 80MHz wide packets. Success! By far the most fiddly was getting channel promotion to work. net80211 supports the concept of dumb NICs (like atheros 11abgn parts) very well, where you can have multiple virtual interfaces but the "driver" view of the right configuration is what's programmed into the hardware. For firmware NICs which do this themselves (like basically everything sold today) this isn't exactly all that helpful. So, for now, it's limited to a single VAP, and the VAP configuration is partially derived from the global state and partially derived from the negotiated state. It's annoying, but it is adding to the list of things I will have to fix later. the QCA chips/firmware do 802.11 crypto offload. They actually pretend that there's no key - you don't include the IV, you don't include padding, or anything. You send commands to set the crypto keys and then you send unencrypted 802.11 frames (or 802.3 frames if you want to do ethernet only.) This means that I had to teach net80211 a few things: + frames decrypted by the hardware needed to have a "I'm decrypted" bit set, because the 802.11 header field saying "I'm decrypted!" is cleared + frames encrypted don't have the "i'm encrypted" bit set + frames encrypted/decrypted have no padding, so I needed to teach the input path and crypto paths to not validate those if the hardware said "we offload it all." Now comes the hard bit of fixing the shortcomings before I can commit the driver. There are .. lots. The first one is the global state. The ath10k firmware allows what they call 'vdevs' (virtual devices) - for example, multiple SSID/BSSID support is implemented with multiple vdevs. STA+WDS is implemented with vdevs. STA+P2P is implemented with vdevs. So, technically speaking I should go and find all of the global state that should really be per-vdev and make it per-vdev. This is tricky though, because a lot of the state isn't kept per-VAP even though it should be. Anyway, so far so good. I need to do some of the above and land it in FreeBSD-HEAD so I can finish off the ath10k port and commit what I have to FreeBSD. There's a lot of stuff coming - including all of the wave-2 stuff (like multiuser MIMO / MU-MIMO) which I just plainly haven't talked about yet. Viva la FreeBSD wireless! pfSense and OpenVPN Routing (http://www.terrafoundry.net/blog/2017/04/12/pfsense-openvpn/) This article tries to be a simple guide on how to enable your home (or small office) https://www.pfsense.org/ (pfSense) setup to route some traffic via the vanilla Internet, and some via a VPN site that you've setup in a remote location. Reasons to Setup a VPN: Control Security Privacy Fun VPNs do not instantly guarantee privacy, they're a layer, as with any other measure you might invoke. In this example I used a server that's directly under my name. Sure, it was a country with strict privacy laws, but that doesn't mean that the outgoing IP address wouldn't be logged somewhere down the line. There's also no reason you have to use your own OpenVPN install, there are many, many personal providers out there, who can offer the same functionality, and a degree of anonymity. (If you and a hundred other people are all coming from one IP, it becomes extremely difficult to differentiate, some VPN providers even claim a ‘logless' setup.) VPNs can be slow. The reason I have a split-setup in this article, is because there are devices that I want to connect to the internet quickly, and that I'm never doing sensitive things on, like banking. I don't mind if my Reddit-browsing and IRC messages are a bit slower, but my Nintendo Switch and PS4 should have a nippy connection. Services like Netflix can and do block VPN traffic in some cases. This is more of an issue for wider VPN providers (I suspect, but have no proof, that they just blanket block known VPN IP addresses.) If your VPN is in another country, search results and tracking can be skewed. This is arguable a good thing, who wants to be tracked? But it can also lead to frustration if your DuckDuckGo results are tailored to the middle of Paris, rather than your flat in Birmingham. The tutorial walks through the basic setup: Labeling the interfaces, configuring DHCP, creating a VPN: Now that we have our OpenVPN connection set up, we'll double check that we've got our interfaces assigned With any luck (after we've assigned our OPENVPN connection correctly, you should now see your new Virtual Interface on the pfSense Dashboard We're charging full steam towards the sections that start to lose people. Don't be disheartened if you've had a few issues up to now, there is no “right” way to set up a VPN installation, and it may be that you have to tweak a few things and dive into a few man-pages before you're set up. NAT is tricky, and frankly it only exists because we stretched out IPv4 for much longer than we should have. That being said it's a necessary evil in this day and age, so let's set up our connection to work with it. We need NAT here because we're going to masque our machines on the LAN interface to show as coming from the OpenVPN client IP address, to the OpenVPN server. Head over to Firewall -> NAT -> Outbound. The first thing we need to do in this section, is to change the Outbound NAT Mode to something we can work with, in this case “Hybrid.” Configure the LAN interface to be NAT'd to the OpenVPN address, and the INSECURE interface to use your regular ISP connection Configure the firewall to allow traffic from the LAN network to reach the INSECURE network Then add a second rule allowing traffic from the LAN network to any address, and set the gateway the the OPENVPN connection And there you have it, traffic from the LAN is routed via the VPN, and traffic from the INSECURE network uses the naked internet connection *** Switching to OpenBSD (https://mndrix.blogspot.co.uk/2017/05/switching-to-openbsd.html) After 12 years, I switched from macOS to OpenBSD. It's clean, focused, stable, consistent and lets me get my work done without any hassle. When I first became interested in computers, I thought operating systems were fascinating. For years I would reinstall an operating system every other weekend just to try a different configuration: MS-DOS 3.3, Windows 3.0, Linux 1.0 (countless hours recompiling kernels). In high school, I settled down and ran OS/2 for 5 years until I graduated college. I switched to Linux after college and used it exclusively for 5 years. I got tired of configuring Linux, so I switched to OS X for the next 12 years, where things just worked. But Snow Leopard was 7 years ago. These days, OS X is like running a denial of service attack against myself. macOS has a dozen apps I don't use but can't remove. Updating them requires a restart. Frequent updates to the browser require a restart. A minor XCode update requires me to download a 4.3 GB file. My monitors frequently turn off and require a restart to fix. A system's availability is a function (http://techthoughts.typepad.com/managing_computers/2007/11/availability-mt.html) of mean time between failure and mean time to repair. For macOS, both numbers are heading in the wrong direction for me. I don't hold any hard feelings about it, but it's time for me to get off this OS and back to productive work. I found OpenBSD very refreshing, so I created a bootable thumb drive and within an hour had it up and running on a two-year old laptop. I've been using it for my daily work for the past two weeks and it's been great. Simple, boring and productive. Just the way I like it. The documentation is fantastic. I've been using Unix for years and have learned quite a bit just by reading their man pages. OS releases come like clockwork every 6 months and are supported for 12. Security and other updates seem relatively rare between releases (roughly one small patch per week during 6.0). With syspatch in 6.1, installing them should be really easy too. ZFS Storage Pool Checkpoint Project (https://sdimitro.github.io/post/zpool-checkpoint) During the OpenZFS summit last year (2016), Dan Kimmel and I quickly hacked together the zpool checkpoint command in ZFS, which allows reverting an entire pool to a previous state. Since it was just for a hackathon, our design was bare bones and our implementation far from complete. Around a month later, we had a new and almost complete design within Delphix and I was able to start the implementation on my own. I completed the implementation last month, and we're now running regression tests, so I decided to write this blog post explaining what a storage pool checkpoint is, why we need it within Delphix, and how to use it. The Delphix product is basically a VM running DelphixOS (a derivative of illumos) with our application stack on top of it. During an upgrade, the VM reboots into the new OS bits and then runs some scripts that update the environment (directories, snapshots, open connections, etc.) for the new version of our app stack. Software being software, failures can happen at different points during the upgrade process. When an upgrade script that makes changes to ZFS fails, we have a corresponding rollback script that attempts to bring ZFS and our app stack back to their previous state. This is very tricky as we need to undo every single modification applied to ZFS (including dataset creation and renaming, or enabling new zpool features). The idea of Storage Pool Checkpoint (aka zpool checkpoint) deals with exactly that. It can be thought of as a “pool-wide snapshot” (or a variation of extreme rewind that doesn't corrupt your data). It remembers the entire state of the pool at the point that it was taken and the user can revert back to it later or discard it. Its generic use case is an administrator that is about to perform a set of destructive actions to ZFS as part of a critical procedure. She takes a checkpoint of the pool before performing the actions, then rewinds back to it if one of them fails or puts the pool into an unexpected state. Otherwise, she discards it. With the assumption that no one else is making modifications to ZFS, she basically wraps all these actions into a “high-level transaction”. I definitely see value in this for the appliance use case Some usage examples follow, along with some caveats. One of the restrictions is that you cannot attach, detach, or remove a device while a checkpoint exists. However, the zpool add operation is still possible, however if you roll back to the checkpoint, the device will no longer be part of the pool. Rather than a shortcoming, this seems like a nice feature, a way to help users avoid the most common foot shooting (which I witnessed in person at Linux Fest), adding a new log or cache device, but missing a keyword and adding it is a storage vdev rather than a aux vdev. This operation could simply be undone if a checkpoint where taken before the device was added. *** News Roundup Review of TrueOS (https://distrowatch.com/weekly.php?issue=20170501#trueos) TrueOS, which was formerly named PC-BSD, is a FreeBSD-based operating system. TrueOS is a rolling release platform which is based on FreeBSD's "CURRENT" branch, providing TrueOS with the latest drivers and features from FreeBSD. Apart from the name change, TrueOS has deviated from the old PC-BSD project in a number of ways. The system installer is now more streamlined (and I will touch on that later) and TrueOS is a rolling release platform while PC-BSD defaulted to point releases. Another change is PC-BSD used to allow the user to customize which software was installed at boot time, including the desktop environment. The TrueOS project now selects a minimal amount of software for the user and defaults to using the Lumina desktop environment. From the conclusions: What I took away from my time with TrueOS is that the project is different in a lot of ways from PC-BSD. Much more than just the name has changed. The system is now more focused on cutting edge software and features in FreeBSD's development branch. The install process has been streamlined and the user begins with a set of default software rather than selecting desired packages during the initial setup. The configuration tools, particularly the Control Panel and AppCafe, have changed a lot in the past year. The designs have a more flat, minimal look. It used to be that PC-BSD did not have a default desktop exactly, but there tended to be a focus on KDE. With TrueOS the project's in-house desktop, Lumina, serves as the default environment and I think it holds up fairly well. In all, I think TrueOS offers a convenient way to experiment with new FreeBSD technologies and ZFS. I also think people who want to run FreeBSD on a desktop computer may want to look at TrueOS as it sets up a graphical environment automatically. However, people who want a stable desktop platform with lots of applications available out of the box may not find what they want with this project. A simple guide to install Ubuntu on FreeBSD with byhve (https://www.davd.eu/install-ubuntu-on-freebsd-with-bhyve/) David Prandzioch writes in his blog: For some reasons I needed a Linux installation on my NAS. bhyve is a lightweight virtualization solution for FreeBSD that makes that easy and efficient. However, the CLI of bhyve is somewhat bulky and bare making it hard to use, especially for the first time. This is what vm-bhyve solves - it provides a simple CLI for working with virtual machines. More details follow about what steps are needed to setup vm_bhyve on FreeBSD Also check out his other tutorials on his blog: https://www.davd.eu/freebsd/ (https://www.davd.eu/freebsd/) *** Graphical Overview of the Architecture of FreeBSD (https://dspinellis.github.io/unix-architecture/arch.pdf) This diagram tries to show the different components that make up the FreeBSD Operating Systems It breaks down the various utilities, libraries, and components into some categories and sub-categories: User Commands: Development (cc, ld, nm, as, etc) File Management (ls, cp, cmp, mkdir) Multiuser Commands (login, chown, su, who) Number Processing (bc, dc, units, expr) Text Processing (cut, grep, sort, uniq, wc) User Messaging (mail, mesg, write, talk) Little Languages (sed, awk, m4) Network Clients (ftp, scp, fetch) Document Preparation (*roff, eqn, tbl, refer) Administrator and System Commands Filesystem Management (fsck, newfs, gpart, mount, umount) Networking (ifconfig, route, arp) User Management (adduser, pw, vipw, sa, quota*) Statistics (iostat, vmstat, pstat, gstat, top) Network Servers (sshd, ftpd, ntpd, routed, rpc.*) Scheduling (cron, periodic, rc.*, atrun) Libraries (C Standard, Operating System, Peripheral Access, System File Access, Data Handling, Security, Internationalization, Threads) System Call Interface (File I/O, Mountable Filesystems, File ACLs, File Permissions, Processes, Process Tracing, IPC, Memory Mapping, Shared Memory, Kernel Events, Memory Locking, Capsicum, Auditing, Jails) Bootstrapping (Loaders, Configuration, Kernel Modules) Kernel Utility Functions Privilege Management (acl, mac, priv) Multitasking (kproc, kthread, taskqueue, swi, ithread) Memory Management (vmem, uma, pbuf, sbuf, mbuf, mbchain, malloc/free) Generic (nvlist, osd, socket, mbuf_tags, bitset) Virtualization (cpuset, crypto, device, devclass, driver) Synchronization (lock, sx, sema, mutex, condvar_, atomic_*, signal) Operations (sysctl, dtrace, watchdog, stack, alq, ktr, panic) I/O Subsystem Special Devices (line discipline, tty, raw character, raw disk) Filesystems (UFS, FFS, NFS, CD9660, Ext2, UDF, ZFS, devfs, procfs) Sockets Network Protocols (TCP, UDP, UCMP, IPSec, IP4, IP6) Netgraph (50+ modules) Drivers and Abstractions Character Devices CAM (ATA, SATA, SAS, SPI) Network Interface Drivers (802.11, ifae, 100+, ifxl, NDIS) GEOM Storage (stripe, mirror, raid3, raid5, concat) Encryption / Compression (eli, bde, shsec, uzip) Filesystem (label, journal, cache, mbr, bsd) Virtualization (md, nop, gate, virtstor) Process Control Subsystems Scheduler Memory Management Inter-process Communication Debugging Support *** Official OpenBSD 6.1 CD - There's only One! (http://undeadly.org/cgi?action=article&sid=20170503203426&mode=expanded) Ebay auction Link (http://www.ebay.com/itm/The-only-Official-OpenBSD-6-1-CD-set-to-be-made-For-auction-for-the-project-/252910718452) Now it turns out that in fact, exactly one CD set was made, and it can be yours if you are the successful bidder in the auction that ends on May 13, 2017 (About 3 days from when this episode was recorded). The CD set is hand made and signed by Theo de Raadt. Fun Fact: The winning bidder will have an OpenBSD CD set that even Theo doesn't have. *** Beastie Bits Hardware Wanted by OpenBSD developers (https://www.openbsd.org/want.html) Donate hardware to FreeBSD developers (https://www.freebsd.org/donations/index.html#components) Announcing NetBSD and the Google Summer of Code Projects 2017 (https://blog.netbsd.org/tnf/entry/announcing_netbsd_and_the_google) Announcing FreeBSD GSoC 2017 Projects (https://wiki.freebsd.org/SummerOfCode2017Projects) LibreSSL 2.5.4 Released (https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.5.4-relnotes.txt) CharmBUG Meeting - Tor Browser Bundle Hack-a-thon (https://www.meetup.com/CharmBUG/events/238218840/) pkgsrcCon 2017 CFT (https://mail-index.netbsd.org/netbsd-advocacy/2017/05/01/msg000735.html) Experimental Price Cuts (https://blather.michaelwlucas.com/archives/2931) Linux Fest North West 2017: Three Generations of FreeNAS: The World's most popular storage OS turns 12 (https://www.youtube.com/watch?v=x6VznQz3VEY) *** Feedback/Questions Don - Reproducible builds & gcc/clang (http://dpaste.com/2AXX75X#wrap) architect - C development on BSD (http://dpaste.com/0FJ854X#wrap) David - Linux ABI (http://dpaste.com/2CCK2WF#wrap) Tom - ZFS (http://dpaste.com/2Z25FKJ#wrap) RAIDZ Stripe Width Myth, Busted (https://www.delphix.com/blog/delphix-engineering/zfs-raidz-stripe-width-or-how-i-learned-stop-worrying-and-love-raidz) Ivan - Jails (http://dpaste.com/1Z173WA#wrap) ***

This week on the show we interview Wendell from Level1Techs, cover Google Summer of Code on the different BSD projects, cover YubiKey usage, dive into how NICs work & This episode was brought to you by Headlines Google summer of code for BSDs FreeBSD (https://www.freebsd.org/projects/summerofcode.html) FreeBSD's existing list of GSoC Ideas for potential students (https://wiki.freebsd.org/SummerOfCodeIdeas) FreeBSD/Xen: import the grant-table bus_dma(9) handlers from OpenBSD Add support for usbdump file-format to wireshark and vusb-analyzer Write a new boot environment manager Basic smoke test of all base utilities Port OpenBSD's pf testing framework and tests Userspace Address Space Annotation zstandard integration in libstand Replace mergesort implementation Test Kload (kexec for FreeBSD) Kernel fuzzing suite Integrate MFSBSD into the release building tools NVMe controller emulation for bhyve Verification of bhyve's instruction emulation VGA emulation improvements for bhyve audit framework test suite Add more FreeBSD testing to Xen osstest Lua in bootloader POSIX compliance testing framework coreclr: add Microsoft's coreclr and corefx to the Ports tree. NetBSD (https://wiki.netbsd.org/projects/gsoc/) Kernel-level projects Medium ISDN NT support and Asterisk integration LED/LCD Generic API NetBSD/azure -- Bringing NetBSD to Microsoft Azure OpenCrypto swcrypto(4) enhancements Scalable entropy gathering Userland PCI drivers Hard Real asynchronous I/O Parallelize page queues Tickless NetBSD with high-resolution timers Userland projects Easy Inetd enhancements -- Add new features to inetd Curses library automated testing Medium Make Anita support additional virtual machine systems Create an SQL backend and statistics/query page for ATF test results Light weight precision user level time reading Query optimizer for find(1) Port launchd Secure-PLT - supporting RELRO binaries Sysinst alternative interface Hard Verification tool for NetBSD32 pkgsrc projects Easy Version control config files Spawn support in pkgsrc tools Authentication server meta-package Medium pkgin improvements Unify standard installation tasks Hard Add dependency information to binary packages Tool to find dependencies precisely LLVM (http://llvm.org/OpenProjects.html#gsoc17) Fuzzing the Bitcode reader Description of the project: The optimizer is 25-30% slower when debug info are enabled, it'd be nice to track all the places where we don't do a good job about ignoring them! Extend clang AST to provide information for the type as written in template instantiations. Description of the project: When instantiating a template, the template arguments are canonicalized before being substituted into the template pattern. Clang does not preserve type sugar when subsequently accessing members of the instantiation. Clang should "re-sugar" the type when performing member access on a class template specialization, based on the type sugar of the accessed specialization. Shell auto-completion support for clang. Bash and other shells support typing a partial command and then automatically completing it for the user (or at least providing suggestions how to complete) when pressing the tab key. This is usually only supported for popular programs such as package managers (e.g. pressing tab after typing "apt-get install late" queries the APT package database and lists all packages that start with "late"). As of now clang's frontend isn't supported by any common shell. Clang-based C/C++ diff tool. Description of the project: Every developer has to interact with diff tools daily. The algorithms are usually based on detecting "longest common subsequences", which is agnostic to the file type content. A tool that would understand the structure of the code may provide a better diff experience by being robust against, for example, clang-format changes. Find dereference of pointers. Description of the project: Find dereference of pointer before checking for nullptr. Warn if virtual calls are made from constructors or destructors. Description of the project: Implement a path-sensitive checker that warns if virtual calls are made from constructors and destructors, which is not valid in case of pure virtual calls and could be a sign of user error in non-pure calls. Improve Code Layout Description of the project: The goal for the project is trying to improve the layout/performances of the generated executable. The primary object format considered for the project is ELF but this can be extended to other object formats. The project will touch both LLVM and lld. Why Isn't OpenBSD in Google Summer of Code 2017? (http://marc.info/?l=openbsd-misc&m=149119308705465&w=2) Hacker News Discussion Thread (https://news.ycombinator.com/item?id=14020814) Turtles on the Wire: Understanding How the OS Uses the Modern NIC (http://dtrace.org/blogs/rm/2016/09/15/turtles-on-the-wire-understanding-how-the-os-uses-the-modern-nic/) The Simple NIC MAC Address Filters and Promiscuous Mode Problem: The Single Busy CPU A Swing and a Miss Nine Rings for Packets Doomed to be Hashed Problem: Density, Density, Density A Brief Aside: The Virtual NIC Always Promiscuous? The Classification Challenge Problem: CPUs are too ‘slow' Problem: The Interrupts are Coming in too Hot Solution One: Do Less Work Solution Two: Turn Off Interrupts Recapping Future Directions and More Reading Make Dragonfly BSD great again! (http://akat1.pl/?id=3) Recently I spent some time reading Dragonfly BSD code. While doing so I spotted a vulnerability in the sysvsem subsystem that let user to point to any piece of memory and write data through it (including the kernel space). This can be turned into execution of arbitrary code in the kernel context and by exploiting this, we're gonna make Dragonfly BSD great again! Dragonfly BSD is a BSD system which originally comes from the FreeBSD project. In 2003 Matthew Dillon forked code from the 4.x branch of the FreeBSD and started a new flavour. I thought of Dragonfly BSD as just another fork, but during EuroBSDCon 2015 I accidentally saw the talk about graphical stack in the Dragonfly BSD. I confused rooms, but it was too late to escape as I was sitting in the middle of a row, and the exit seemed light years away from me. :-) Anyway, this talk was a sign to me that it's not just a niche of a niche of a niche of a niche operating system. I recommend spending a few minutes of your precious time to check out the HAMMER file system, Dragonfly's approach to MP, process snapshots and other cool features that it offers. Wikipedia article is a good starter With the exploit, they are able to change the name of the operating system back to FreeBSD, and escalate from an unprivileged user to root. The Bug itself is located in the semctl(2) system call implementation. bcopy(3) in line 385 copies semid_ds structure to memory pointed by arg->buf, this pointer is fully controlled by the user, as it's one of the syscall's arguments. So the bad thing here is that we can copy things to arbitrary address, but we have not idea what we copy yet. This code was introduced by wrongly merging code from the FreeBSD project, bah, bug happens. Using this access, the example code shows how to overwrite the function pointers in the kernel used for the open() syscall, and how to overwrite the ostype global, changing the name of the operating system. In the second example, the reference to the credentials of the user trying to open a file are used to overwrite that data, making the user root. The bug was fixed in uber fast manner (within few hours!) by Matthew Dillon, version 4.6.1 released shortly after that seems to be safe. In case you care, you know what to do! Thanks to Mateusz Kocielski for the detailed post, and finding the bug *** Interview - Wendell - wendell@level1techs.com (mailto:wendell@level1techs.com) / @tekwendell (https://twitter.com/tekwendell) Host of Level1Techs website, podcast and YouTube channel News Roundup Using yubikeys everywhere (http://www.tedunangst.com/flak/post/using-yubikeys-everywhere) Ted Unangst is back, with an interesting post about YUBI Keys Everybody is getting real excited about yubikeys recently, so I figured I should get excited, too. I have so far resisted two factor authorizing everything, but this seemed like another fun experiment. There's a lot written about yubikeys and how you should use one, but nothing I've read answered a few of the specific questions I had To begin with, I ordered two yubikeys. One regular sized 4 and one nano. I wanted to play with different form factors to see which is better for various uses, and I wanted to test having a key and a backup key. Everybody always talks about having one yubikey. And then if you lose it, terrible things happen. Can this problem be alleviated with two keys? I'm also very curious what happens when I try to login to a service with my phone after enabling U2F. We've got three computers (and operating systems) in the mix, along with a number of (mostly web) services. Wherever possible, I want to use a yubikey both to login to the computer and to authorize myself to remote services. I started my adventure on my chromebook. Ultimate goal would be to use the yubikey for local logins. Either as a second factor, or as an alternative factor. First things first and we need to get the yubikey into the account I use to sign into the chromebook. Alas, there is apparently no way to enroll only a security key for a Google account. Every time I tried, it would ask me for my phone number. That is not what I want. Zero stars. Giving up on protecting the chromebook itself, at least maybe I can use it to enable U2F with some other sites. U2F is currently limited to Chrome, but it sounds like everything I want. Facebook signup using U2F was pretty easy. Go to account settings, security subheading, add the device. Tap the button when it glows. Key added. Note that it's possible to add a key without actually enabling two factor auth, in which case you can still login with only a password, but no way to login with no password and only a USB key. Logged out to confirm it would check the key, and everything looked good, so I killed all my other active sessions. Now for the phone test. Not quite as smooth. Tried to login, the Facebook app then tells me it has sent me an SMS and to enter the code in the box. But I don't have a phone number attached. I'm not getting an SMS code. Meanwhile, on my laptop, I have a new notification about a login attempt. Follow the prompts to confirm it's me and permit the login. This doesn't have any effect on the phone, however. I have to tap back, return to the login screen, and enter my password again. This time the login succeeds. So everything works, but there are still some rough patches in the flow. Ideally, the phone would more accurately tell me to visit the desktop site, and then automatically proceed after I approve. (The messenger app crashed after telling me my session had expired, but upon restarting it was able to borrow the Facebook app credentials and I was immediately logged back in.) Let's configure Dropbox next. Dropbox won't let you add a security key to an account until after you've already set up some other mobile authenticator. I already had the Duo app on my phone, so I picked that, and after a short QR scan, I'm ready to add the yubikey. So the key works to access Dropbox via Chrome. Accessing Dropbox via my phone or Firefox requires entering a six digit code. No way to use a yubikey in a three legged configuration I don't use Github, but I know they support two factors, so let's try them next. Very similar to Dropbox. In order to set up a key, I must first set up an authenticator app. This time I went with Yubico's own desktop authenticator. Instead of scanning the QR code, type in some giant number (on my Windows laptop), and it spits out an endless series of six digit numbers, but only while the yubikey is inserted. I guess this is kind of what I want, although a three pound yubikey is kind of unwieldy. As part of my experiment, I noticed that Dropbox verifies passwords before even looking at the second auth. I have a feeling that they should be checked at the same time. No sense allowing my password guessing attack to proceed while I plot how to steal someone's yubikey. In a sense, the yubikey should serve as a salt, preventing me from mounting such an attack until I have it, thus creating a race where the victim notices the key is gone and revokes access before I learn the password. If I know the password, the instant I grab the key I get access. Along similar lines, I was able to complete a password reset without entering any kind of secondary code. Having my phone turn into a second factor is a big part of what I'm looking to avoid with the yubikey. I'd like to be able to take my phone with me, logged into some sites but not all, and unable to login to the rest. All these sites that require using my phone as mobile authenticator are making that difficult. I bought the yubikey because it was cheaper than buying another phone! Using the Yubico desktop authenticator seems the best way around that. The article also provides instructions for configuring the Yubikey on OpenBSD A few notes about OTP. As mentioned, the secret key is the real password. It's stored on whatever laptop or server you login to. Meaning any of those machines can take the key and use it to login to any other machine. If you use the same yubikey to login to both your laptop and a remote server, your stolen laptop can trivially be used to login to the server without the key. Be mindful of that when setting up multiple machines. Also, the OTP counter isn't synced between machines in this setup, which allows limited replay attacks. Ted didn't switch his SSH keys to the Yubikey, because it doesn't support ED25519, and he just finished rotating all of his keys and doesn't want to do it again. I did most of my experimenting with the larger yubikey, since it was easier to move between machines. For operations involving logging into a web site, however, I'd prefer the nano. It's very small, even smaller than the tiniest wireless mouse transcievers I've seen. So small, in fact, I had trouble removing it because I couldn't find anything small enough to fit through the tiny loop. But probably a good thing. Most other micro USB gadgets stick out just enough to snag when pushing a laptop into a bag. Not the nano. You lose a port, but there's really no reason to ever take it out. Just leave it in, and then tap it whenever you login to the tubes. It would not be a good choice for authenticating to the local machine, however. The larger device, sized to fit on a keychain, is much better for that. It is possible to use two keys as backups. Facebook and Dropbox allow adding two U2F keys. This is perhaps a little tiresome if there's lots of sites, as I see no way to clone a key. You have to login to every service. For challenge response and OTP, however, the personalization tool makes it easy to generate lots of yubikeys with the same secrets. On the other hand, a single device supports an infinite number of U2F sites. The programmable interfaces like OTP are limited to only two slots, and the first is already used by the factory OTP setup. What happened to my vlan (http://www.grenadille.net/post/2017/02/13/What-happened-to-my-vlan) A long term goal of the effort I'm driving to unlock OpenBSD's Network Stack is obviously to increase performances. So I'd understand that you find confusing when some of our changes introduce performance regressions. It is just really hard to do incremental changes without introducing temporary regressions. But as much as security is a process, improving performance is also a process. Recently markus@ told me that vlan(4) performances dropped in last releases. He had some ideas why but he couldn't provide evidences. So what really happened? Hrvoje Popovski was kind enough to help me with some tests. He first confirmed that on his Xeon box (E5-2643 v2 @ 3.50GHz), forwarding performances without pf(4) dropped from 1.42Mpps to 880Kpps when using vlan(4) on both interfaces. Together vlaninput() and vlanstart() represent 25% of the time CPU1 spends processing packets. This is not exactly between 33% and 50% but it is close enough. The assumption we made earlier is certainly too simple. If we compare the amount of work done in process context, represented by ifinputprocess() we clearly see that half of the CPU time is not spent in etherinput(). I'm not sure how this is related to the measured performance drop. It is actually hard to tell since packets are currently being processed in 3 different contexts. One of the arguments mikeb@ raised when we discussed moving everything in a single context, is that it is simpler to analyse and hopefully make it scale. With some measurements, a couple of nice pictures, a bit of analysis and some educated guesses we are now in measure of saying that the performances impact observed with vlan(4) is certainly due to the pseudo-driver itself. A decrease of 30% to 50% is not what I would expect from such pseudo-driver. I originally heard that the reason for this regression was the use of SRP but by looking at the profiling data it seems to me that the queuing API is the problem. In the graph above the CPU time spent in ifinput() and ifenqueue() from vlan(4) is impressive. Remember, in the case of vlan(4) these operations are done per packet! When ifinput() has been introduced the queuing API did not exist and putting/taking a single packet on/from an interface queue was cheap. Now it requires a mutex per operation, which in the case of packets received and sent on vlan(4) means grabbing three mutexes per packets. I still can't say if my analysis is correct or not, but at least it could explain the decrease observed by Hrvoje when testing multiple vlan(4) configurations. vlaninput() takes one mutex per packet, so it decreases the number of forwarded packets by ~100Kpps on this machine, while vlanstart() taking two mutexes decreases it by ~200Kpps. An interesting analysis of the routing performance regression on OpenBSD I have asked Olivier Cochard-Labbe about doing a similar comparison of routing performance on FreeBSD when a vlan pseudo interface is added to the forwarding path *** NetBSD: the first BSD introducing a modern process plugin framework in LLDB (https://blog.netbsd.org/tnf/entry/netbsd_the_first_bsd_introducing) Clean up in ptrace(2) ATF tests We have created some maintanance burden for the current ptrace(2) regression tests. The main issues with them is code duplication and the splitting between generic (Machine Independent) and port-specific (Machine Dependent) test files. I've eliminated some of the ballast and merged tests into the appropriate directory tests/lib/libc/sys/. The old location (tests/kernel) was a violation of the tests/README recommendation PTRACE_FORK on !x86 ports Along with the motivation from Martin Husemann we have investigated the issue with PTRACE_FORK ATF regression tests. It was discovered that these tests aren't functional on evbarm, alpha, shark, sparc and sparc64 and likely on other non-x86 ports. We have discovered that there is a missing SIGTRAP emitted from the child, during the fork(2) handshake. The proper order of operations is as follows: parent emits SIGTRAP with sicode=TRAPCHLD and pesetevent=pid of forkee child emits SIGTRAP with sicode=TRAPCHLD and pesetevent=pid of forker Only the x86 ports were emitting the second SIGTRAP signal. PTSYSCALL and PTSYSCALLEMU With the addition of PTSYSCALLEMU we can implement a virtual kernel syscall monitor. It means that we can fake syscalls within a debugger. In order to achieve this feature, we need to use the PTSYSCALL operation, catch SIGTRAP with sicode=TRAPSCE (syscall entry), call PTSYSCALLEMU and perform an emulated userspace syscall that would have been done by the kernel, followed by calling another PTSYSCALL with sicode=TRAPSCX. What has been done in LLDB A lot of work has been done with the goal to get breakpoints functional. This target penetrated bugs in the existing local patches and unveiled missing features required to be added. My initial test was tracing a dummy hello-world application in C. I have sniffed the GDB Remote Protocol packets and compared them between Linux and NetBSD. This helped to streamline both versions and bring the NetBSD support to the required Linux level. Plan for the next milestone I've listed the following goals for the next milestone. watchpoints support floating point registers support enhance core(5) and make it work for multiple threads introduce PTSETSTEP and PTCLEARSTEP in ptrace(2) support threads in the NetBSD Process Plugin research F_GETPATH in fcntl(2) Beyond the next milestone is x86 32-bit support. LibreSSL 2.5.2 released (https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.5.2-relnotes.txt) Added the recallocarray(3) memory allocation function, and converted various places in the library to use it, such as CBB and BUFMEMgrow. recallocarray(3) is similar to reallocarray. Newly allocated memory is cleared similar to calloc(3). Memory that becomes unallocated while shrinking or moving existing allocations is explicitly discarded by unmapping or clearing to 0. Added new root CAs from SECOM Trust Systems / Security Communication of Japan. Added EVP interface for MD5+SHA1 hashes. Fixed DTLS client failures when the server sends a certificate request. Correct handling of padding when upgrading an SSLv2 challenge into an SSLv3/TLS connection. Allow protocols and ciphers to be set on a TLS config object in libtls. Improved nc(1) TLS handshake CPU usage and server-side error reporting. Beastie Bits HardenedBSD Stable v46.16 released (http://hardenedbsd.org/article/op/2017-03-30/stable-release-hardenedbsd-stable-11-stable-v4616) KnoxBUG looking for OpenBSD people in Knoxville TN area (https://www.reddit.com/r/openbsd/comments/5vggn7/knoxbug_looking_for_openbsd_people_in_knoxville/) KnoxBUG Tuesday, April 18, 2017 - 6:00pm : Caleb Cooper: Advanced BASH Scripting](http://knoxbug.org/2017-04-18) e2k17 Nano hackathon report from Bob Beck (http://undeadly.org/cgi?action=article&sid=20170405110059) Noah Chelliah, Host of the Linux Action Show calls Linux a ‘Bad Science Project' and ditches Linux for TrueOS](https://youtu.be/yXB85_olYhQ?t=3238) *** Feedback/Questions James - ZFS Mounting (http://dpaste.com/1H43JGV#wrap) Kevin - Virtualization (http://dpaste.com/18VNAJK#wrap) Ben - Jails (http://dpaste.com/0R7CRZ7#wrap) Florian - ZFS and Migrating Linux userlands (http://dpaste.com/2Z1P23T#wrap) q5sys - question for the community (http://dpaste.com/26M453F#wrap)

This week on BSDNow, Allan and I are in Tokyo for AsiaBSDCon, but not to worry, we have a full episode lined up and ready to go. Hackathon reports This episode was brought to you by Headlines OpenBSD A2k17 hackathon reports a2k17 hackathon report: Patrick Wildt on the arm64 port (http://undeadly.org/cgi?action=article&sid=20170131101827) a2k17 hackathon report: Antoine Jacoutot on syspatch, rc.d improvements and more (http://undeadly.org/cgi?action=article&sid=20170203232049) a2k17 hackathon report: Martin Pieuchot on NET_LOCK and much more (http://undeadly.org/cgi?action=article&sid=20170127154356) a2k17 hackathon report: Kenneth Westerback on the hidden wonders of the build system, the network stack and more (http://undeadly.org/cgi?action=article&sid=20170127031836) a2k17 hackathon report: Bob Beck on LibreSSL progress and more (http://undeadly.org/cgi?action=article&sid=20170125225403) *** NetBSD is now reproducible (https://blog.netbsd.org/tnf/entry/netbsd_fully_reproducible_builds) Christos Zoulas posts to the NetBSD blog that he has completed his project to make fully reproducible NetBSD builds for amd64 and sparc64 I have been working on and off for almost a year trying to get reproducible builds (the same source tree always builds an identical cdrom) on NetBSD. I did not think at the time it would take as long or be so difficult, so I did not keep a log of all the changes I needed to make. I was also not the only one working on this. Other NetBSD developers have been making improvements for the past 6 years. I would like to acknowledge the NetBSD build system (aka build.sh) which is a fully portable cross-build system. This build system has given us a head-start in the reproducible builds work. I would also like to acknowledge the work done by the Debian folks who have provided a platform to run, test and analyze reproducible builds. Special mention to the diffoscope tool that gives an excellent overview of what's different between binary files, by finding out what they are (and if they are containers what they contain) and then running the appropriate formatter and diff program to show what's different for each file. Finally other developers who have started, motivated and did a lot of work getting us here like Joerg Sonnenberger and Thomas Klausner for their work on reproducible builds, and Todd Vierling and Luke Mewburn for their work on build.sh. Some of the stumbling blocks that were overcome: Timestamps Date/time/author embedded in source files Timezone sensitive code Directory order / build order Non-sanitized data stored in files Symbolic links / paths General tool inconsistencies: including gcc profiling, the fact that GPT partition tables, are by definition, globally unique each time they are created, and the iso9660 standard calls for a timestamp with a timezone. Toolchain Build information / tunables / environment. NetBSD now has a knob ‘MKREPRO', if set to YES it sets a long list of variables to a consistent set of a values. The post walks through how these problems where solves Future Work: Vary more parameters and find more inconsistencies Verify that cross-building is reproducible Verify that unprivileged builds are reproducible Test on other platforms *** Features are faults redux (http://www.tedunangst.com/flak/post/features-are-faults-redux) From Ted Unangst Last week I gave a talk for the security class at Notre Dame based on features are faults but with some various commentary added. It was an exciting trip, with the opportunity to meet and talk with the computer vision group as well. Some other highlights include the Indiana skillet I had for breakfast, which came with pickles and was amazing, and explaining the many wonders of cvs to the Linux users group over lunch. After that came the talk, which went a little something like this. I got started with OpenBSD back about the same time I started college, although I had a slightly different perspective then. I was using OpenBSD because it included so many security features, therefore it must be the most secure system, right? For example, at some point I acquired a second computer. What's the first thing anybody does when they get a second computer? That's right, set up a kerberos domain. The idea that more is better was everywhere. This was also around the time that ipsec was getting its final touches, and everybody knew ipsec was going to be the most secure protocol ever because it had more options than any other secure transport. We'll revisit this in a bit. There's been a partial attitude adjustment since then, with more people recognizing that layering complexity doesn't result in more security. It's not an additive process. There's a whole talk there, about the perfect security that people can't or won't use. OpenBSD has definitely switched directions, including less code, not more. All the kerberos code was deleted a few years ago. Let's assume about one bug per 100 lines of code. That's probably on the low end. Now say your operating system has 100 million lines of code. If I've done the math correctly, that's literally a million bugs. So that's one reason to avoid adding features. But that's a solveable problem. If we pick the right language and the right compiler and the right tooling and with enough eyeballs and effort, we can fix all the bugs. We know how to build mostly correct software, we just don't care. As we add features to software, increasing its complexity, new unexpected behaviors start to emerge. What are the bounds? How many features can you add before craziness is inevitable? We can make some guesses. Less than a thousand for sure. Probably less than a hundred? Ten maybe? I'll argue the answer is quite possibly two. Interesting corollary is that it's impossible to have a program with exactly two features. Any program with two features has at least a third, but you don't know what it is My first example is a bug in the NetBSD ftp client. We had one feature, we added a second feature, and just like that we got a third misfeature (http://marc.info/?l=oss-security&m=141451507810253&w=2) Our story begins long ago. The origins of this bug are probably older than I am. In the dark times before the web, FTP sites used to be a pretty popular way of publishing files. You run an ftp client, connect to a remote site, and then you can browse the remote server somewhat like a local filesystem. List files, change directories, get files. Typically there would be a README file telling you what's what, but you don't need to download a copy to keep. Instead we can pipe the output to a program like more. Right there in the ftp client. No need to disconnect. Fast forward a few decades, and http is the new protocol of choice. http is a much less interactive protocol, but the ftp client has some handy features for batch downloads like progress bars, etc. So let's add http support to ftp. This works pretty well. Lots of code reused. http has one quirk however that ftp doesn't have. Redirects. The server can redirect the client to a different file. So now you're thinking, what happens if I download http://somefile and the server sends back 302 http://|reboot. ftp reconnects to the server, gets the 200, starts downloading and saves it to a file called |reboot. Except it doesn't. The function that saves files looks at the first character of the name and if it's a pipe, runs that command instead. And now you just rebooted your computer. Or worse. It's pretty obvious this is not the desired behavior, but where exactly did things go wrong? Arguably, all the pieces were working according to spec. In order to see this bug coming, you needed to know how the save function worked, you needed to know about redirects, and you needed to put all the implications together. The post then goes into a lot more detail about other issues. We just don't have time to cover it all today, but you should go read it, it is very enlightening What do we do about this? That's a tough question. It's much easier to poke fun at all the people who got things wrong. But we can try. My attitudes are shaped by experiences with the OpenBSD project, and I think we are doing a decent job of containing the complexity. Keep paring away at dependencies and reducing interactions. As a developer, saying “no” to all feature requests is actually very productive. It's so much faster than implementing the feature. Sometimes users complain, but I've often received later feedback from users that they'd come to appreciate the simplicity. There was a question about which of these vulnerabilities were found by researchers, as opposed to troublemakers. The answer was most, if not all of them, but it made me realize one additional point I hadn't mentioned. Unlike the prototypical buffer overflow vulnerability, exploiting features is very reliable. Exploiting something like shellshock or imagetragick requires no customized assembly and is independent of CPU, OS, version, stack alignment, malloc implementation, etc. Within about 24 hours of the initial release of shellshock, I had logs of people trying to exploit it. So unless you're on about a 12 hour patch cycle, you're going to have a bad time. reimplement zfsctl (.zfs) support (https://svnweb.freebsd.org/changeset/base/314048) avg@ (Andriy Gapon) has rewritten the .zfs support in FreeBSD The current code is written on top of GFS, a library with the generic support for writing filesystems, which was ported from Illumos. Because of significant differences between illumos VFS and FreeBSD VFS models, both the GFS and zfsctl code were heavily modified to work on FreeBSD. Nonetheless, they still contain quite a few ugly hacks and bugs. This is a reimplementation of the zfsctl code where the VFS-specific bits are written from scratch and only the code that interacts with the rest of ZFS is reused. Some ideas are picked from an independent work by Will (wca@) This work improves the overall quality of the ZFS port to FreeBSD The code that provides support for ZFS .zfs/ directory functionality has been reimplemented. It is no longer possible to create a snapshot by mkdir under .zfs/snapshot/. That should be the only user visible change. TIL: On IllumOS, you can create, rename, and destroy snapshots, by manipulating the virtual directories in the .zfs/snapshots directory. If enough people would find this feature useful, maybe it could be implemented (rm and rename have never existed on FreeBSD). At the same time, it seems like rather a lot of work, when the ZFS command line tools work so well. Although wca@ pointed out on IRC, it can be useful to be able to create a snapshot over NFS, or SMB. Interview - Konrad Witaszczyk - def@freebsd.org (mailto:def@freebsd.org) Encrypted Kernel Crash Dumps *** News Roundup PBKDF2 Performance improvements on FreeBSD (https://svnweb.freebsd.org/changeset/base/313962) Joe Pixton did some research (https://jbp.io/2015/08/11/pbkdf2-performance-matters/) and found that, because of the way the spec is written, most PBKDF2 implementations are 2x slower than they need to be. Since the PBKDF is used to derive a key, used for encryption, this poses a problem. The attacker can derive a key twice as fast as you can. On FreeBSD the PBKDF2 was configured to derive a SHA512-HMAC key that would take approximately 2 seconds to calculate. That is 2 seconds on one core. So an attacker can calculate the same key in 1 second, and use many cores. Luckily, 1 second is still a long time for each brute force guess. On modern CPUs with the fast algorithm, you can do about 500,000 iterations of PBKDF per second (per core). Until a recent change, OpenBSD used only 8192 iterations. It now uses a similar benchmark of ~2 seconds, and uses bcrypt instead of a SHA1-HMAC. Joe's research showed that the majority of implementations were done the ‘slow' way. Calculating the initial part of the outer round each iteration, instead of reusing the initial calculation over and over for each round. Joe submitted a match to FreeBSD to solve this problem. That patch was improved, and a test of tests were added by jmg@, but then work stalled I picked up the work, and fixed some merge conflicts in the patch that had cropped up based on work I had done that moved the HMAC code to a separate file. This work is now committed. With this change, all newly generated GELI keys will be approximately 2x as strong. Previously generated keys will take half as long to calculate, resulting in faster mounting of encrypted volumes. Users may choose to rekey, to generate a new key with the larger default number of iterations using the geli(8) setkey command. Security of existing data is not compromised, as ~1 second per brute force attempt is still a very high threshold. If you are interested in the topic, I recommend the video of Joe's presentation from the Passwords15 conference in Las Vegas *** Quick How-To: Updating a screenshot in the TrueOS Handbook (https://www.trueos.org/blog/quick-updating-screenshot-trueos-handbook/) Docs writers, might be time to pay attention. This week we have a good walk-through of adding / updating new screenshots to the TrueOS Sphinx Documentation. For those who have not looked in the past, TrueOS and FreeNAS both have fantastic docs by the team over at iXsystems using Sphinx as their doc engine. Often we get questions from users asking what “they can do to help” but don't necessarily have programming skills to apply. The good news is that using Sphinx is relatively easy, and after learning some minio rst syntax you can easily help fix, or even contribute to new sections of the TrueOS (Or FreeNAS) documentation. In this example, Tim takes us through the process of replacing an old out of date screenshot in the handbook with the latest hotness. Starting with a .png file, he then locates the old screenshot name and adds the updated version “lumina-e.png” to “lumina-f.png”. With the file added to the tree, the relevant section of .rst code can be adjusted and the sphinx build run to verify the output HTML looks correct. Using this method you can easily start to get involved with other aspects of documentation and next thing you know you'll be writing boot-loaders like Allan! *** Learn C Programming With 9 Excellent Open Source Books (https://www.ossblog.org/learn-c-programming-with-9-excellent-open-source-books/) Now that you've easily mastered all your documentation skills, you may be ready to take on a new challenge. (Come on, that boot-loader isn't going to write itself!) We wanted to point out some excellent resources to get you started on your journey into writing C. Before you think, “oh, more books to purchase”, wait there's good news. These are the top-9 open-source books that you can download in digital form free of charge. Now I bet we got your attention. We start the rundown with “The C Book”, by Mike Banahan, Declan Brady and Mark Doran, which will lay the groundwork with your introduction into the C language and concepts. Next up, if you are going to do anything, do it with style, so take a read through the “C Elements of Style” which will make you popular at all the parties. (We can't vouch for that statement) From here we have a book on using C to build your own minimal “lisp” interpreter, reference guides on GNU C and some other excellent introduction / mastery books to help round-out your programming skill set. Your C adventure awaits, hopefully these books can not only teach you good C, but also make you feel confident when looking at bits of the FreeBSD world or kernel with a proper foundation to back it up. *** Running a Linux VM on OpenBSD (http://eradman.com/posts/linuxvm-on-openbsd.html) Over the past few years we've talked a lot about Virtualization, Bhyve or OpenBSD's ‘vmm', but qemu hasn't gotten much attention. Today we have a blog post with details on how to deploy qemu to run Linux on top of an OpenBSD host system. The starts by showing us how to first provision the storage for qemu, using the handy ‘qemu-img' command, which in this example only creates a 4GB disk, you'll probably want more for real-world usage though. Next up the qemu command will be run, pay attention to the particular flags for network and memory setup. You'll probably want to bump it up past the recommended 256M of memory. Networking is always the fun part, as the author describes his intended setup I want OpenBSD and Debian to be able to obtain an IP via DHCP on their wired interfaces and I don't want external networking required for an NFS share to the VM. To accomplish this I need two interfaces since dhclient will erase any other IPv4 addresses already assigned. We can't assign an address directly to the bridge, but we can configure a virtual Ethernet device and add it. The setup for this portion involves touching a few more files, but isn't that painless. Some “pf” rules to enable NAT for and dhcpd setup to assign a “fixed” IP to the vm will get us going, along with some additional details on how to configure the networking for inside the debian VM. Once those steps are completed you should be able to mount NFS and share data from the host to the VM painlessly. Beastie Bits MacObserver: Interview with Open Source Developer & Former Apple Manager Jordan Hubbard (https://www.macobserver.com/podcasts/background-mode-jordan-hubbard/) 2016 Google Summer of Code Mentor Summit and MeetBSD Trip Report: Gavin Atkinson (https://www.freebsdfoundation.org/blog/2016-google-summer-of-code-mentor-summit-and-meetbsd-trip-report-gavin-atkinson/) Feedback/Questions Joe - BGP / Vultr Followup (http://pastebin.com/TNyHBYwT) Ryan Moreno asks about Laptops (http://pastebin.com/s4Ypezsz) ***

This week on BSDNow, we've got voting news for you (No not that election), a closer look at This episode was brought to you by Headlines ARIN 38 involvement, vote! (http://lists.nycbug.org/pipermail/talk/2016-October/016878.html) Isaac (.Ike) Levy, one of our interview guests from earlier this year, is running for a seat on the 15 person ARIN Advisory Council His goal is to represent the entire *BSD community at this important body that makes decisions about how IP addresses are allocated and managed Biographies and statements for all of the candidates are available here (https://www.arin.net/participate/elections/candidate_bios.pdf) The election ends Friday October 28th If elected, Ike will be looking for input from the community *** LibreSSL not just available but default (DragonFlyBSD) (https://www.dragonflydigest.com/2016/10/19/18794.html) DragonFly has become the latest BSD to join the growing LibreSSL family. As mentioned a few weeks back, they were in the process of wiring it up as a replacement for OpenSSL. With this latest commit, you can now build the entire base and OpenSSL isn't built at all. Congrats, and hopefully more BSDs (and Linux) jump on the bandwagon Compat_43 is gone (http://lists.dragonflybsd.org/pipermail/commits/2016-October/624734.html) RiP 4.3 Compat support.. Well for DragonFly anyway. This commit finally puts out to pasture the 4.3 support, which has been disabled by default in DragonFly for almost 5 years now. This is a nice cleanup of their tree, removing more than a thousand lines of code and some of the old cruft still lingering from 4.3. *** Create your first FreeBSD kernel module (http://meltmes.kiloreux.me/create-your-first-freebsd-kernel-module/) This is an interesting tutorial from Abdelhadi Khiati, who is currently a master's student in AI and robotics I have been lucky enough to participate in Google Summer of Code with the FreeBSD foundation. I was amazed by the community surrounding it which was noob friendly and very helpful (Thank you FreeBSD We will run two storage controllers (ctrl-a, ctrl-b) and a host (cln-1). A virtual SAS drive (da0) of 256 MB is configured as “shareable” in Virtual Media Manager and simultaneously connected with both storage controllers The basic settings are applied to both controllers One interesting setting is: kern.cam.ctl.harole – configures default role for the node. So ctrl-a is set as 0 (primary node), ctrl-b – 1 (secondary node). The role also can be specified on per-LUN basis which allows to distribute LUNs over both controllers evenly. Note, kern.cam.ctl.haid and kern.cam.ctl.ha_mode are read-only parameters and must be set only via the /boot/loader.conf file. Once kern.cam.ctl.ha_peer is set, and the peers connect to each other, the log messages should reflect this: CTL: HA link status changed from 0 to 1 CTL: HA link status changed from 1 to 2 The link states can be: 0 – not configured, 1 – configured but not established and 2 – established Then ctld is configured to export /dev/da0 on each of the controllers Then the client is booted, and uses iscsid to connect to each of the exposed targets sysctl kern.iscsi.failondisconnection=1 on the client is needed to drop connection with one of the controllers in case of its failure As we know that da0 and da1 on the client are the same drive, we can put them under multipathing control: gmultipath create -A HA /dev/da0 /dev/da1 The document them shows a file being copied continuously to simulate load. Because the multipath is configured in ‘active/active' mode, the traffic is split between the two controllers Then the secondary controller is turned off, and iscsi disconnects that path, and gmultipath adapts and sends all of the traffic over the primary path. When the secondary node is brought back up, but the primary is taken down, traffic stops The console on the client is filled with errors: “Logical unit not accessible, asymmetric access state transition” The ctl(4) man page explains: > If there is no primary node (both nodes are secondary, or secondary node has no connection to primary one), secondary node(s) report Transitioning state. > Therefore, it looks like a “normal” behavior of CTL HA cluster in a case of disaster and loss of the primary node. It also means that a very lucky administrator can restore the failed primary controller before timeouts are elapsed. If the primary is down, the secondary needs to be promoted by some other process (CARP maybe?): sysctl kern.cam.ctl.ha_role=0 Then traffic follows again This is a very interesting look at this new feature, and I hope to see more about it in the future *** Is SPF Simply Too Hard for Application Developers? (http://bsdly.blogspot.com/2016/10/is-spf-simply-too-hard-for-application.html) Peter Hansteen asks an interesting question: The Sender Policy Framework (SPF) is unloved by some, because it conflicts with some long-established SMTP email use cases. But is it also just too hard to understand and to use correctly for application developers? He tells a story about trying to file his Norwegian taxes, and running into a bug Then in August 2016, I tried to report a bug via the contact form at Altinn.no, the main tax authorities web site. The report in itself was fairly trivial: The SMS alert I had just received about an invoice for taxes due contained one date, which turned out to be my birth date rather than the invoice due date. Not a major issue, but potentially confusing to the recipient until you actually log in and download the invoice as PDF and read the actual due date and other specifics. The next time I checked my mail at bsdly.net, I found this bounce: support@altinn.no: SMTP error from remote mail server after RCPT TO:: host mx.isp.as2116.net [193.75.104.7]: 550 5.7.23 SPF validation failed which means that somebody, somewhere tried to send a message to support@altinn.no, but the message could not be delivered because the sending machine did not match the published SPF data for the sender domain. What happened is actually quite clear even from the part quoted above: the host mx.isp.as2116.net [193.75.104.7] tried to deliver mail on my behalf (I received the bounce, remember), and since I have no agreement for mail delivery with the owners and operators of that host, it is not in bsdly.net's SPF record either, and the delivery fails. After having a bunch of other problems, he finally gets a message back from the tax authority support staff: It looks like you have Sender Policy Framework (SPF) enabled on your mailserver, It is a known weakness of our contact form that mailervers with SPF are not supported. The obvious answer should be, as you will agree if you're still reading: The form's developer should place the user's email address in the Reply-To: field, and send the message as its own, valid local user. That would solve the problem. Yes, I'm well aware that SPF also breaks traditional forwarding of the type generally used by mailing lists and a few other use cases. Just how afraid should we be when those same developers come to do battle with the followup specifications such as DKIM and (shudder) the full DMARC specification? Beastie Bits Looking for a very part-time SysAdmin (https://lists.freebsd.org/pipermail/freebsd-jobs/2016-October/000930.html) If anyone wants to build the latest nodejs on OpenBSD... (https://twitter.com/qb1t/status/789610796380598272) IBM considers donating Power8 servers to OpenBSD (https://marc.info/?l=openbsd-misc&m=147680858507662&w=2) Install and configure DNS server in FreeBSD (https://galaxy.ansible.com/vbotka/freebsd-dns/) bhyve vulnerability in FreeBSD 11.0 (https://www.freebsd.org/security/advisories/FreeBSD-SA-16:32.bhyve.asc) Feedback/Questions Larry - Pkg Issue (http://pastebin.com/8hwDVQjL) Larry - Followup (http://pastebin.com/3nswwk90) Jason - TrueOS (http://pastebin.com/pjfYWdXs) Matias - ZFS HALP! (http://pastebin.com/2tAmR5Wz) Robroy - User/Group (http://pastebin.com/7vWvUr8K) ***

This week on BSDNow, Allan is back in down from Europe! We'll get to hear some of his wrap-up and get caught up on the latest BSD This episode was brought to you by Headlines FreeBSD Quarterly Report (http://www.freebsd.org/news/status/report-2016-01-2016-03.html) This quarterly status report starts with a rather interesting introduction by Warren Block ASLR Porting CEPH to FreeBSD RCTL I/O Rate Limiting The Graphics Stack on FreeBSD (Haswell is in, work is progressing on the next update) CAM I/O Scheduler NFS Server updates, working around the 16 group limit, and implementing pNFS, allowing NFS to scale beyond a single server Static Analysis of the FreeBSD Kernel with PVS Studio PCI-express HotPlug GitLab Port committed! WITHFASTDEPEND and other improvements to the FreeBSD build system Lots of other interesting stuff *** A Prog By Any Other Name (http://www.tedunangst.com/flak/post/a-prog-by-any-other-name) Ted Unangst looks at what goes into the name of a program “Sometimes two similar programs are really the same program with two names. For example, grep and egrep are two commands that perform very similar functions and are therefore implemented as a single program. Running ls -i and observing the inode number of each file will reveal that there is only one file. Calling the program egrep is a shorthand for -E and does the same thing.” So BSD provides __progname in libc, so a program can tell what its name is But, what if it has more than one name? “In fact, every program has three names: its name in the filesystem, the name it has been invoked with, and whatever it believes its own name to be.” Of course it is not that easy. “there's another set of choices for each name, the full path and the basename” “It's even possible on some systems for argv[0] to be NULL.” He then goes on to rename doas (the OpenBSD light replacement for sudo) to banana and discuss what happens “On that note, another possible bug is to realize that syslog by default uses progname. A user may be able to evade log monitoring by invoking doas with a different name. (Just fixed.)” Another interesting article from our friend Ted *** FreeBSD (https://summerofcode.withgoogle.com/organizations/4892834293350400/) and NetBSD (https://summerofcode.withgoogle.com/organizations/6246531984261120/) Google Summer of Code projects have been announced Some FreeBSD highlights: Add SCSI passthrough to CTL (share an optical drive via iSCSI) Add USB target mode driver based on CTL (share a USB device via iSCSI) API to link created /dev entries to sysctl nodes Implement Ethernet Ring Protection Switching (ERPS) HD Audio device model in userspace for bhyve Some NetBSD highlights: Implement Ext4fs support in ReadOnly mode NPF and blacklistd web interface Port U-Boot so it can be compiled on NetBSD Split debug symbols for pkgsrc builds *** libressl - more vague priomises (http://www.tedunangst.com/flak/post/libressl-more-vague-promises) We haven't had a Ted U article on the show as of late, however this week we get several! In his next entry “LibreSSL, more vague promises” He then goes into some detail on what has happened with LibreSSL in the past while, as well as future plans going forward. “With an eye to the future, what new promises can we make? Some time ago I joked that we only promised to make a better TLS implementation, not a better TLS. Remains true, but fortunately there are people working on that, too. TLS 1.3 support is on the short term watchlist. The good news is we may be ahead of the game, having already removed compression. How much more work can there be?” “LibreSSL integrated the draft chacha20-poly1305 construction from BoringSSL. The IETF has since standardized a slightly different version because if it were the same it wouldn't be different. Support for standard variant, and the beginning of deprecation for the existing code, should be landing very shortly. Incidentally, some people got bent out of shape because shipping chacha20 meant exposing non IANA approved numbers to Internet. No promises that won't happen again.” *** Interview - Samy Al Bahra - @0xF390 (https://twitter.com/0xF390) Backtrace *** News Roundup systrace(1) is removed for OpenBSD 6.0 (http://marc.info/?l=openbsd-cvs&m=146161167911029&w=2) OpenBSD has removed systrace, an older mechanism for limiting what syscalls an application can make It is mostly replaced by the pledge() system OpenBSD was the first implementation, most others have been unmaintained for some time The last reported Linux version was for kernel 2.6.1 NetBSD removed systrace in 2007 *** pfSense Video Series: Comprehensive Guide To pfSense 2.3 (https://www.youtube.com/playlist?list=PLE726R7YUJTePGvo0Zga2juUBxxFTH4Bk) A series of videos (11 so far), about pfSense Covers Why you would use it, how to pick your hardware, and installation Then the series covers some networking basics, to make sure you are up to speed before configuring your pfSense Then a comprehensive tour of the WebUI Then goes on to cover graphing, backing up and restoring configuration There are also videos on running DHCP, NTP, and DNS servers *** DuckDuckGo announces its 2016 FOSS Donations (https://duck.co/blog/post/303/2016-foss-donations-announcement) The theme is “raising the standard of trust online” Supported projects include: OpenBSD Foundation announces DuckDuckGo as a Gold Sponsor (http://undeadly.org/cgi?action=article&sid=20160503085227&mode=expanded) the Freedom of the Press Foundation for SecureDrop the Freenet Project the CrypTech Project the Tor Project Fight for the Future for Save Security Open Source Technology Improvement Fund for VeraCrypt (based on TrueCrypt) Riseup Labs for LEAP (LEAP Encryption Access Project) GPGTools for GPGMail *** Larry the BSD Guy hangs up his hat at FOSS Force (http://fossforce.com/2016/04/bsd-linuxfest-northwest/) After 15 years, Larry the BSD Guy has decided to hang it up, and walk into the sunset! (Figuratively of course) After wrapping up coverage of recent LinuxFest NorthWest (Which he didn't attend), Larry has decided it's time for a change and is giving up his column over at FOSS Force, as well as stepping away from all things technical. His last write-up is a good one, and he has some nice plugs for both Dru Lavigne and Michael Dexter of the BSD community. He will be missed, but we wish him all the luck with the future! He also puts out the plug that FOSS Force will be needing a new columnist in the near future, so if you are interested please let them know! *** Beastie Bits If you sponsored “FreeBSD Mastery: Advanced ZFS”, check your mail box (http://blather.michaelwlucas.com/archives/2648) pkg-1.7.0 is an order of magnitude slower than pkg-1.6.4 (https://marc.info/?l=freebsd-ports&m=146001143408868&w=2) -- Caused by a problem not in pkg LinuxFest Northwest 2016 Recap (https://www.ixsystems.com/blog/linuxfest-northwest-2016/) Dru Lavigne's 'Doc like an Egyption' talk from LFNW (https://www.linuxfestnorthwest.org/2016/sessions/doc-egyptian) Michael Dexters' 'Switching to BSD from Linux' talk from LFNW (https://www.linuxfestnorthwest.org/2016/sessions/devil-details-switching-bsd-linux) Michael Dexters' 'Secrets to enduring user groups' talk from LFNW (https://www.linuxfestnorthwest.org/2016/sessions/20-year-and-counting-secrets-enduring-user-groups) January issue of Freebsd Journal online for free (https://www.freebsdfoundation.org/journal/) Ghost BSD releases 10.3 Alpha1 for testing (http://ghostbsd.org/10.3_alpha1) EuroBSDcon 2016 - Call for Papers - Dealine: May 8th (https://www.freebsdnews.com/2016/04/15/eurobsdcon-2016-call-for-papers/) KnoxBUG Initial Meeting (http://www.knoxbug.org/content/knoxbug-maiden-voyage) Photos, slides, and videos from the Open Source Data Center Conference (https://www.netways.de/en/events_trainings/osdc/archive/osdc2016/) *** Feedback/Questions Mohammad - Replication (http://pastebin.com/KDnyWf6Y) John - Rolling new packages (http://pastebin.com/mAbRwbEF) Clint - Unicast (http://pastebin.com/BNa6pyir) Bill - GhostBSD (http://pastebin.com/KDjS2Hxa) Charles - BSD Videos (http://pastebin.com/ABUUtzWM) ***

This week on the show, we have an interview with Jamie This episode was brought to you by Headlines BSDCan 2016 List of Talks (http://www.bsdcan.org/2016/list-of-talks.txt) We are all looking forward to BSDCan Make sure you arrive in time for the Goat BoF, the evening of Tuesday June 7th at the Royal Oak, just up the street from the university residence There will also be a ZFS BoF during lunch of one of the conference days, be sure to grab your lunch and bring it to the BoF room Also, don't forget to get signed up for the various DevSummits taking place at BSDCan. *** What does Load Average really mean (https://utcc.utoronto.ca/~cks/space/blog/unix/ManyLoadAveragesOfUnix) Chris Siebenmann, a sysadmin at the University of Toronto, does some comparison of what “Load Average” means on different unix systems, including Solaris/IllumOS, FreeBSD, NetBSD, OpenBSD, and Linux It seems that no two OSes use the same definition, so comparing load averages is impossible On FreeBSD, where I/O does not affect load average, you can divide the load average by the number of CPU cores to be able to compare across machines with different core counts *** GPL violations related to combining ZFS and Linux (http://sfconservancy.org/blog/2016/feb/25/zfs-and-linux/) As we mentioned in last week's episode, Ubuntu was preparing to release their next version with native ZFS support. + As expected, the Software Freedom Conservancy has issued a statement detailing the legal argument why they believe this is a violation of the GPL license for the Linux kernel. It's a pretty long and complete article, but we wanted to bring you the summary of the whole, and encourage you to read the rest, since it's good to be knowledgeable about the various open-source projects and their license conditions. “We are sympathetic to Canonical's frustration in this desire to easily support more features for their users. However, as set out below, we have concluded that their distribution of zfs.ko violates the GPL. We have written this statement to answer, from the point of view of many key Linux copyright holders, the community questions that we've seen on this matter. Specifically, we provide our detailed analysis of the incompatibility between CDDLv1 and GPLv2 — and its potential impact on the trajectory of free software development — below. However, our conclusion is simple: Conservancy and the Linux copyright holders in the GPL Compliance Project for Linux Developers believe that distribution of ZFS binaries is a GPL violation and infringes Linux's copyright. We are also concerned that it may infringe Oracle's copyrights in ZFS. As such, we again ask Oracle to respect community norms against license proliferation and simply relicense its copyrights in ZFS under a GPLv2-compatible license.” The Software Freedom Law Center's take on the issue (https://softwarefreedom.org/resources/2016/linux-kernel-cddl.html) Linux SCSI subsystem Maintainer, James Bottomley, asks “where is the harm” (http://blog.hansenpartnership.com/are-gplv2-and-cddl-incompatible/) FreeBSD and ZFS (http://freebsdfoundation.blogspot.ca/2016/02/freebsd-and-zfs.html) *** DragonFly i915 reaches Linux 4.2 (https://www.phoronix.com/scan.php?page=news_item&px=DragonFlyBSD-i915-4.2) The port of the Intel i915 DRM/KMS Linux driver to DragonFlyBSD has been updated to match Linux kernel 4.2 Various improvements and better support for new hardware are included One big difference, is that DragonFlyBSD will not require the binary firmware blob that Linux does François Tigeot explains: "starting from Linux 4.2, a separate firmware blob is required to save and restore the state of display engines in some low-power modes. These low-power modes have been forcibly disabled in the DragonFly version of this driver in order to keep it blob-free." Obviously this will have some disadvantage, but as those modes were never available on DragonFlyBSD before, users are not likely to miss them *** Interview - Jamie McParland - mcparlandj@newberg.k12.or.us (mailto:mcparlandj@newberg.k12.or.us) / @nsdjamie (https://twitter.com/nsdjamie) FreeBSD behind the chalkboard *** iXsystems My New IXSystems Mail Server (https://www.reddit.com/r/LinuxActionShow/comments/48c9nt/my_new_ixsystems_mail_server/) News Roundup Installing ELK on FreeBSD, Tutorial Part 1 (https://blog.gufi.org/2016/02/15/elk-first-part/) Are you an ELK user, or interested in becoming one? If so, Gruppo Utenti has a nice blog post / tutorial on how to get started with it on FreeBSD. Maybe you haven't heard of ELK, but its not the ELK in ports, specifically in this case he is referring to “ElasticSearch/Logstash/Kibana” as a stack. Getting started is relatively simply, first we install a few ports/packages: textproc/elasticsearch sysutils/logstash textproc/kibana43 www/nginx After enabling the various services for those (hint: sysrc may be easier), he then takes us through the configuration of ElasticSearch and LogStash. For the most part they are fairly straightforward, but you can always copy and paste his example config files as a template. Follow up to Installing ELK on FreeBSD (https://blog.gufi.org/2016/02/23/elk-second-part/) Jumping directly into the next blog entry, he then takes us through the “K” part of ELK, specifically setting up Kibana, and exposing it via nginx publically. At this point most of the CLI work is finished, and we have a great walkthrough of doing the Kibana configuration via their UI. We are still awaiting the final entry to the series, where the setup of ElastAlert will be detailed, and we will bring that to your attention when it lands. *** From 1989: An Empirical Study of the Reliablity of Unix Utilities (http://ftp.cs.wisc.edu/paradyn/technical_papers/fuzz.pdf) A paper from 1989 on the results of fuzz testing various unix utilities across a range of available unix operating systems Very interesting results, it is interesting to look back at before the start of the modern BSD projects New problems are still being found in utilities using similar testing methodologies, like afl (American Fuzzy lop) *** Google Summer of Code Both FreeBSD (https://summerofcode.withgoogle.com/organizations/4892834293350400/) and NetBSD (https://summerofcode.withgoogle.com/organizations/6246531984261120/) Are running 2016 Google Summer of Code projects. Students can start submitting proposals on March 14th. In the meantime, if you have any ideas, please post them to the Summer Of Code Ideas Page (https://wiki.freebsd.org/SummerOfCodeIdeas) on the FreeBSD wiki Students can start looking at the list now and try to find mentors to get a jump start on their project. *** High Availablity Sync for ipfw3 in Dragonfly (http://lists.dragonflybsd.org/pipermail/commits/2016-February/459424.html) Similar to pfsync, this new protocol allows firewall dynamic rules (state) to be synchronized between two firewalls that are working together in HA with CARP Does not yet sync NAT state, it seems libalias will need some modernization first Apparently it will be relatively easy to port to FreeBSD This is one of the only features ipfw lacks when compared to pf *** Beastie Bits FreeBSD 10.3-BETA3 Now Available (https://lists.freebsd.org/pipermail/freebsd-stable/2016-February/084238.html) LibreSSL isnt affected by the OpenSSL DROWN attack (http://undeadly.org/cgi?action=article&sid=20160301141941&mode=expanded) NetBSD machines at the Open Source Conference 2016 in Toyko (http://mail-index.netbsd.org/netbsd-advocacy/2016/02/29/msg000703.html) OpenBSD removes Linux Emulation (https://marc.info/?l=openbsd-ports-cvs&m=145650279825695&w=2) Time is an illusion - George Neville-Neil (https://queue.acm.org/detail.cfm?id=2878574) OpenSSH 7.2 Released (http://www.openssh.com/txt/release-7.2) Feedback/Questions Shane - IPSEC (http://slexy.org/view/s2qCKWWKv0) Darrall - 14TB Zpool (http://slexy.org/view/s20CP3ty5P) Pedja - ZFS setup (http://slexy.org/view/s2qp7K9KBG) ***

We've finally reached a hundred episodes, and this week we'll be talking to Sebastian Wiedenroth about pkgsrc. Though originally a NetBSD project, now it runs pretty much everywhere, and he even runs a conference about it! This episode was brought to you by Headlines Remote DoS in the TCP stack (https://blog.team-cymru.org/2015/07/another-day-another-patch/) A pretty devious bug in the BSD network stack has been making its rounds for a while now, allowing remote attackers to exhaust the resources of a system with nothing more than TCP connections While in the LAST_ACK state, which is one of the final stages of a connection's lifetime, the connection can get stuck and hang there indefinitely This problem has a slightly confusing history that involves different fixes at different points in time from different people Juniper originally discovered the bug and announced a fix (https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10686) for their proprietary networking gear on June 8th On June 29th, FreeBSD caught wind of it and fixed the bug in their -current branch (https://svnweb.freebsd.org/base/head/sys/netinet/tcp_output.c?view=patch&r1=284941&r2=284940&pathrev=284941), but did not issue a security notice or MFC the fix back to the -stable branches On July 13th, two weeks later, OpenBSD fixed the issue (https://www.marc.info/?l=openbsd-cvs&m=143682919807388&w=2) in their -current branch with a slightly different patch, citing the FreeBSD revision from which the problem was found Immediately afterwards, they merged it back to -stable and issued an errata notice (http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/010_tcp_persist.patch.sig) for 5.7 and 5.6 On July 21st, three weeks after their original fix, FreeBSD committed yet another slightly different fix (https://svnweb.freebsd.org/base/head/sys/netinet/tcp_output.c?view=patch&r1=285777&r2=285776&pathrev=285777) and issued a security notice (https://lists.freebsd.org/pipermail/freebsd-announce/2015-July/001655.html) for the problem (which didn't include the first fix) After the second fix from FreeBSD, OpenBSD gave them both another look and found their single fix to be sufficient, covering the timer issue in a more general way NetBSD confirmed they were vulnerable too, and applied another completely different fix (http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet/tcp_output.c.diff?r1=1.183&r2=1.184&only_with_tag=MAIN) to -current on July 24th, but haven't released a security notice yet DragonFly is also investigating the issue now to see if they're affected as well *** c2k15 hackathon reports (http://undeadly.org/cgi?action=article&sid=20150721180312&mode=flat) Reports from OpenBSD's latest hackathon (http://www.openbsd.org/hackathons.html), held in Calgary this time, are starting to roll in (there were over 40 devs there, so we might see a lot more of these) The first one, from Ingo Schwarze, talks about some of the mandoc work he did at the event He writes, "Did you ever look at a huge page in man, wanted to jump to the definition of a specific term - say, in ksh, to the definition of the "command" built-in command - and had to step through dozens of false positives with the less '/' and 'n' search keys before you finally found the actual definition?" With mandoc's new internal jump targets, this is a problem of the past now Jasper also sent in a report (http://undeadly.org/cgi?action=article&sid=20150723124332&mode=flat), doing his usual work with Puppet (and specifically "Facter," a tool used by Puppet to gather various bits of system information) Aside from that and various ports-related work, Jasper worked on adding tame support to some userland tools, fixing some Octeon stuff and introduced something that OpenBSD has oddly lacked until now: an "-i" flag for sed (hooray!) Antoine Jacoutot gave a report (http://undeadly.org/cgi?action=article&sid=20150722205349&mode=flat) on what he did at the hackathon as well, including improvements to the rcctl tool (for configuring startup services) It now has an "ls" subcommand with status parsing, allowing you to list running services, stopped services or even ones that failed to start or are supposed to be running (he calls this "the poor man's service monitoring tool") He also reworked some of the rc.d system to allow smoother operation of multiple instances of the same daemon to run (using tor with different config files as an example) His list also included updating ports, updating ports documentation, updating the hotplug daemon and laying out some plans for automatic sysmerge for future upgrades Foundation director Ken Westerback was also there (http://undeadly.org/cgi?action=article&sid=20150722105658&mode=flat), getting some disk-related and laptop work done He cleaned up and committed the 4k sector softraid code that he'd been working on, as well as fixing some trackpad issues Stefan Sperling, OpenBSD's token "wireless guy," had a lot to say (http://undeadly.org/cgi?action=article&sid=20150722182236&mode=flat) about the hackathon and what he did there (and even sent in his write-up before he got home) He taught tcpdump about some new things, including 802.11n metadata beacons (there's a lot more specific detail about this one in the report) Bringing a bag full of USB wireless devices with him, he set out to get the unsupported ones working, as well as fix some driver bugs in the ones that already did work One quote from Stefan's report that a lot of people seem to be talking about: "Partway through the hackathon tedu proposed an old diff of his to make our base ls utility display multi-byte characters. This led to a long discussion about how to expand UTF-8 support in base. The conclusion so far indicates that single-byte locales (such as ISO-8859-1 and KOI-8) will be removed from the base OS after the 5.8 release is cut. This simplifies things because the whole system only has to care about a single character encoding. We'll then have a full release cycle to bring UTF-8 support to more base system utilities such as vi, ksh, and mg. To help with this plan, I started organizing a UTF-8-focused hackathon for some time later this year." Jeremy Evans wrote in (http://undeadly.org/cgi?action=article&sid=20150725180527&mode=flat) to talk about updating lots of ports, moving the ruby ports up to the latest version and also creating perl and ruby wrappers for the new tame subsystem While he's mainly a ports guy, he got to commit fixes to ports, the base system and even the kernel during the hackathon Rafael Zalamena, who got commit access at the event, gives his very first report (http://undeadly.org/cgi?action=article&sid=20150725183439&mode=flat) on his networking-related hackathon activities With Rafael's diffs and help from a couple other developers, OpenBSD now has support for VPLS (https://en.wikipedia.org/wiki/Virtual_Private_LAN_Service) Jonathan Gray got a lot done (http://undeadly.org/cgi?action=article&sid=20150728184743&mode=flat) in the area of graphics, working on OpenGL and Mesa, updating libdrm and even working with upstream projects to remove some GNU-specific code As he's become somewhat known for, Jonathan was also busy running three things in the background: clang's fuzzer, cppcheck and AFL (looking for any potential crashes to fix) Martin Pieuchot gave an write-up (http://undeadly.org/cgi?action=article&sid=20150724183210&mode=flat) on his experience: "I always though that hackathons were the best place to write code, but what's even more important is that they are the best (well actually only) moment where one can discuss and coordinate projects with other developers IRL. And that's what I did." He laid out some plans for the wireless stack, discussed future plans for PF, made some routing table improvements and did various other bits to the network stack Unfortunately, most of Martin's secret plans seem to have been left intentionally vague, and will start to take form in the next release cycle We're still eagerly awaiting a report from one of OpenBSD's newest developers (https://twitter.com/phessler/status/623291827878137856), Alexandr Nedvedicky (the Oracle guy who's working on SMP PF and some other PF fixes) OpenBSD 5.8's "beta" status was recently reverted, with the message "take that as a hint (https://www.marc.info/?l=openbsd-cvs&m=143766883514831&w=2)," so that may mean more big changes are still to come... *** FreeBSD quarterly status report (https://www.freebsd.org/news/status/report-2015-04-2015-06.html) FreeBSD has published their quarterly status report for the months of April to June, citing it to be the largest one so far It's broken down into a number of sections: team reports, projects, kernel, architectures, userland programs, ports, documentation, Google Summer of Code and miscellaneous others Starting off with the cluster admin, some machines were moved to the datacenter at New York Internet, email services are now more resilient to failure, the svn mirrors (now just "svn.freebsd.org") are now using GeoGNS with official SSL certs and general redundancy was increased In the release engineering space, ARM and ARM64 work continues to improve on the Cavium ThunderX, more focus is being put into cloud platforms and the 10.2-RELEASE cycle is reaching its final stages The core team has been working on phabricator, the fancy review system, and is considering to integrate oauth support soon Work also continues on bhyve, and more operating systems are slowly gaining support (including the much-rumored Windows Server 2012) The report also covers recent developments in the Linux emulation layer, and encourages people using 11-CURRENT to help test out the 64bit support Multipath TCP was also a hot topic, and there's a brief summary of the current status on that patch (it will be available publicly soon) ZFSguru, a project we haven't talked about a lot, also gets some attention in the report - version 0.3 is set to be completed in early August PCIe hotplug support is also mentioned, though it's still in the development stages (basic hot-swap functions are working though) The official binary packages are now built more frequently than before with the help of additional hardware, so AMD64 and i386 users will have fresher ports without the need for compiling Various other small updates on specific areas of ports (KDE, XFCE, X11...) are also included in the report Documentation is a strong focus as always, a number of new documentation committers were added and some of the translations have been improved a lot Many other topics were covered, including foundation updates, conference plans, pkgsrc support in pkgng, ZFS support for UEFI boot and much more *** The OpenSSH bug that wasn't (http://bsdly.blogspot.com/2015/07/the-openssh-bug-that-wasnt.html) There's been a lot of discussion (https://www.marc.info/?t=143766048000005&r=1&w=2) about a supposed flaw (https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/) in OpenSSH, allowing attackers to substantially amplify the number of password attempts they can try per session (without leaving any abnormal log traces, even) There's no actual exploit to speak of; this bug would only help someone get more bruteforce tries in with a fewer number of connections (https://lists.mindrot.org/pipermail/openssh-unix-dev/2015-July/034209.html) FreeBSD in its default configuration, with PAM (https://en.wikipedia.org/wiki/Pluggable_authentication_module) and ChallengeResponseAuthentication enabled, was the only one vulnerable to the problem - not upstream OpenSSH (https://www.marc.info/?l=openbsd-misc&m=143767296016252&w=2), nor any of the other BSDs, and not even the majority of Linux distros If you disable all forms of authentication except public keys, like you're supposed to (https://stribika.github.io/2015/01/04/secure-secure-shell.html), then this is also not a big deal for FreeBSD systems Realistically speaking, it's more of a PAM bug (https://www.marc.info/?l=openbsd-misc&m=143782167322500&w=2) than anything else OpenSSH added an additional check (https://anongit.mindrot.org/openssh.git/patch/?id=5b64f85bb811246c59ebab) for this type of setup that will be in 7.0, but simply changing your sshd_config is enough to mitigate the issue for now on FreeBSD (or you can run freebsd-update (https://lists.freebsd.org/pipermail/freebsd-security-notifications/2015-July/000248.html)) *** Interview - Sebastian Wiedenroth - wiedi@netbsd.org (mailto:wiedi@netbsd.org) / @wied0r (https://twitter.com/wied0r) pkgsrc (https://en.wikipedia.org/wiki/Pkgsrc) and pkgsrcCon (http://pkgsrc.org/pkgsrcCon/) News Roundup Now served by OpenBSD (https://tribaal.io/this-now-served-by-openbsd.html) We've mentioned that you can also install OpenBSD on DO droplets, and this blog post is about someone who actually did it The use case for the author was for a webserver, so he decided to try out the httpd in base Configuration is ridiculously simple, and the config file in his example provides an HTTPS-only webserver, with plaintext requests automatically redirecting TLS 1.2 by default, strong ciphers with LibreSSL and HSTS (https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) combined give you a pretty secure web server *** FreeBSD laptop playbooks (https://github.com/sean-/freebsd-laptops) A new project has started up on Github for configuring FreeBSD on various laptops, unsurprisingly named "freebsd-laptops" It's based on ansible, and uses the playbook format for automatic set up and configuration Right now, it's only working on a single Lenovo laptop, but the plan is to add instructions for many more models Check the Github page for instructions on how to get started, and maybe get involved if you're running FreeBSD on a laptop *** NetBSD on the NVIDIA Jetson TK1 (https://blog.netbsd.org/tnf/entry/netbsd_on_the_nvidia_jetson) If you've never heard of the Jetson TK1 (https://developer.nvidia.com/jetson-tk1), we can go ahead and spoil the secret here: NetBSD runs on it As for the specs, it has a quad-core ARMv7 CPU at 2.3GHz, 2 gigs of RAM, gigabit ethernet, SATA, HDMI and mini-PCIE This blog post shows which parts of the board are working with NetBSD -current (which seems to be almost everything) You can even run X11 on it, pretty sweet *** DragonFly power mangement options (http://lists.dragonflybsd.org/pipermail/users/2015-July/207911.html) DragonFly developer Sepherosa, who we've had on the show, has been doing some ACPI work over there In this email, he presents some of DragonFly's different power management options: ACPI P-states, C-states, mwait C-states and some Intel-specific bits as well He also did some testing with each of them and gave his findings about power saving If you've been thinking about running DragonFly on a laptop, this would be a good one to read *** OpenBSD router under FreeBSD bhyve (https://www.quernus.co.uk/2015/07/27/openbsd-as-freebsd-router/) If one BSD just isn't enough for you, and you've only got one machine, why not run two at once This article talks about taking a FreeBSD server running bhyve and making a virtualized OpenBSD router with it If you've been considering switching over your router at home or the office, doing it in a virtual machine is a good way to test the waters before committing to real hardware The author also includes a little bit of history on how he got into both operating systems There are lots of mixed opinions about virtualizing core network components, so we'll leave it up to you to do your research Of course, the next logical step is to put that bhyve host under Xen on NetBSD... *** Feedback/Questions Kevin writes in (http://slexy.org/view/s2yPVV5Wyp) Logan writes in (http://slexy.org/view/s21zcz9rut) Peter writes in (http://slexy.org/view/s21CRmiPwK) Randy writes in (http://slexy.org/view/s211zfIXff) ***

Coming up this time on the show, we'll be speaking with Christos Zoulas, a NetBSD security officer. He's got a new project called blacklistd, with some interesting possibilities for stopping bruteforce attacks. We've also got answers to your emails and all this week's news, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines New PAE support in OpenBSD (https://www.marc.info/?l=openbsd-cvs&m=142990524317070&w=2) OpenBSD has just added Physical Address Extention (https://en.wikipedia.org/wiki/Physical_Address_Extension) support to the i386 architecture, but it's probably not what you'd think of when you hear the term In most operating systems, PAE's main advantage is to partially circumvent the 4GB memory limit on 32 bit platforms - this version isn't for that Instead, this change specifically allows the system to use the No-eXecute Bit (https://en.wikipedia.org/wiki/NX_bit#OpenBSD) of the processor for the userland, further hardening the in-place memory protections Other operating systems enable the CPU feature without doing anything to the page table entries (https://en.wikipedia.org/wiki/Page_table#Role_of_the_page_table), so they do get the available memory expansion, but don't get the potential security benefit As we discussed in a previous episode (http://www.bsdnow.tv/episodes/2015_01_14-common_sense_approach), the AMD64 platform already saw some major W^X kernel and userland improvements - the i386 kernel reworking will begin shortly Not all CPUs support this feature, but, if yours supports NX, this will improve upon the previous version of W^X that was already there The AMD64 improvements will be in 5.7, due out in just a couple days as of when we're recording this, but the i386 improvements will likely be in 5.8 *** Booting Windows in bhyve (https://twitter.com/nahannisys/status/591733319357730816) Work on FreeBSD's bhyve (http://www.bsdnow.tv/episodes/2014_01_15-bhyve_mind) continues, and a big addition is on the way Thus far, bhyve has only been able to boot operating systems with a serial console - no VGA, no graphics, no Windows This is finally changing, and a teasing screenshot of Windows Server was recently posted on Twitter Graphics emulation is still in the works; this image was taken by booting headless and using RDP A lot of the needed code is being committed to -CURRENT now, but the UEFI portion of it requires a bit more development (and the aim for that is around the time of BSDCan) Not a lot of details on the matter currently, but we'll be sure to bring you more info as it comes out Are you more interested in bhyve or Xen on FreeBSD? Email us your thoughts *** MidnightBSD 0.6 released (http://www.midnightbsd.org/notes/) MidnightBSD is a smaller project we've not covered a lot on the show before It's an operating system that was forked from FreeBSD back in the 6.1 days, and their focus seems to be on ease-of-use They also have their own, smaller version of FreeBSD ports, called "mports" If you're already using it, this new version is mainly a security and bugfix release It syncs up with the most recent FreeBSD security patches and gets a lot of their ports closer to the latest versions You can check their site (http://www.midnightbsd.org/about/) for more information about the project We're trying to get the lead developer to come on for an interview, but haven't heard anything back yet *** OpenBSD rewrites the file utility (https://www.marc.info/?l=openbsd-cvs&m=142989267412968&w=4) We're all probably familiar with the traditional file (https://en.wikipedia.org/wiki/File_%28command%29) command - it's been around since the 1970s (http://darwinsys.com/file/) For anyone who doesn't know, it's used to determine what type of file something actually is This tool doesn't see a lot of development these days, and it's had its share of security issues as well Some of those security issues remain (https://www.marc.info/?l=openbsd-tech&m=141857001403570&w=2) unfixed (https://www.marc.info/?l=freebsd-security&m=142980545021888&w=2) in various BSDs even today, despite being publicly known for a while It's not uncommon for people to run file on random things they download from the internet, maybe even as root, and some of the previous bugs have allowed file to overwrite other files or execute code as the user running it When you think about it, file was technically designed to be used on untrusted files OpenBSD developer Nicholas Marriott, who also happens to be the author of tmux, decided it was time to do a complete rewrite - this time with modern coding practices and the usual OpenBSD scrutiny This new version will, by default, run as an unprivileged user (https://www.marc.info/?l=openbsd-cvs&m=143014212727213&w=2) with no shell, and in a systrace sandbox (https://www.marc.info/?l=openbsd-cvs&m=143014276127454&w=2), strictly limiting what system calls can be made With these two things combined, it should drastically reduce the damage a malicious file could potentially do Ian Darwin, the original author of the utility, saw the commit and replied (https://www.marc.info/?l=openbsd-cvs&m=142989483913635&w=4), in what may be a moment in BSD history to remember It'll be interesting to see if the other BSDs, OS X, Linux or other UNIXes consider adopting this implementation in the future - someone's already thrown together an unofficial portable version Coincidentally, the lead developer and current maintainer of file just happens to be our guest today… *** Interview - Christos Zoulas - christos@netbsd.org (mailto:christos@netbsd.org) blacklistd (https://www.youtube.com/watch?v=0UKCAsezF3Q) and NetBSD advocacy News Roundup GSoC-accepted BSD projects (https://www.google-melange.com/gsoc/projects/list/google/gsoc2015) The Google Summer of Code people have published a list of all the projects that got accepted this year, and both FreeBSD and OpenBSD are on that list FreeBSD's list (https://wiki.freebsd.org/SummerOfCode2015Projects) includes: NE2000 device model in userspace for bhyve, updating Ficl in the bootloader, type-aware kernel virtual memory access for utilities, JIT compilation for firewalls, test cluster automation, Linux packages for pkgng, an mtree parsing and manipulation library, porting bhyve to ARM-based platforms, CD-ROM emulation in CTL, libc security extensions, gptzfsboot support for dynamically discovering BEs during startup, CubieBoard support, a bhyve version of the netmap virtual passthrough for VMs, PXE support for FreeBSD guests in bhyve and finally.. memory compression and deduplication OpenBSD's list (http://www.openbsdfoundation.org/gsoc2015.html) includes: asynchronous USB transfer submission from userland, ARM SD/MMC & controller driver in libsa, improving USB userland tools and ioctl, automating module porting, implementing a KMS driver to the kernel and, wait for it... porting HAMMER FS to OpenBSD We'll be sure to keep you up to date on developments from both projects Hopefully the other BSDs will make the cut too next year *** FreeBSD on the Gumstix Duovero (http://www.jumpnowtek.com/gumstix-freebsd/FreeBSD-Duovero-build-workstation-setup.html) If you're not familiar with the Gumstix Duovero, it's an dual core ARM-based computer-on-module (https://store.gumstix.com/index.php/coms/duovero-coms.html) They actually look more like a stick of RAM than a mini-computer This article shows you how to build a FreeBSD -CURRENT image to run on them, using crochet-freebsd (https://github.com/freebsd/crochet) If anyone has any interesting devices like this that they use BSD on, write up something about it and send it to us *** EU study recommends OpenBSD (https://joinup.ec.europa.eu/community/osor/news/ep-study-%E2%80%9Ceu-should-finance-key-open-source-tools%E2%80%9D) A recent study by the European Parliament was published, explaining that more funding should go into critical open source projects and tools This is especially important, in all countries, after the mass surveillance documents came out "[...] the use of open source computer operating systems and applications reduces the risk of privacy intrusion by mass surveillance. Open source software is not error free, or less prone to errors than proprietary software, the experts write. But proprietary software does not allow constant inspection and scrutiny by a large community of experts." The report goes on to mention users becoming more and more security and privacy-aware, installing additional software to help protect themselves and their traffic from being spied on Alongside Qubes, a Linux distro focused on containment and isolation, OpenBSD got a special mention: "Proactive security and cryptography are two of the features highlighted in the product together with portability, standardisation and correctness. Its built-in cryptography and packet filter make OpenBSD suitable for use in the security industry, for example on firewalls, intrusion-detection systems and VPN gateways" Reddit, Undeadly and Hacker News also had (https://www.reddit.com/r/programming/comments/340xh3/eu_study_recommends_use_of_openbsd_for_its/) some (http://undeadly.org/cgi?action=article&sid=20150427093546) discussion (https://news.ycombinator.com/item?id=9445831), particularly about corporations giving back to the BSDs that they make use of in their infrastructure - something we've discussed with Voxer (http://www.bsdnow.tv/episodes/2014_10_08-behind_the_masq) and M:Tier (http://www.bsdnow.tv/episodes/2015_04_22-business_as_usual) before *** FreeBSD workflow with Git (https://lists.freebsd.org/pipermail/freebsd-current/2015-April/055551.html) If you're interested in contributing to FreeBSD, but aren't a big fan of SVN, they have a Github mirror too This mailing list post talks about interacting between (https://wiki.freebsd.org/GitWorkflow/GitSvn) the official source repository and the Git mirror This makes it easy to get pull requests merged into the official tree, and encourages more developers to get involved *** Feedback/Questions Sean writes in (http://slexy.org/view/s2vjh3ogvG) Bryan writes in (http://slexy.org/view/s20GMcWvKE) Sean writes in (http://slexy.org/view/s21M1imT3d) Charles writes in (http://slexy.org/view/s25ScxQSwb) ***

Coming up this week on the show, we'll be talking to Kamila Součková, a Google intern. She's been working on the FreeBSD pager daemon, and also tells us about her initial experiences trying out BSD and going to a conference. As always, all the week's news and answers to your emails, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines Major changes coming in PCBSD 11 (http://blog.pcbsd.org/2015/04/huge-announcement-for-pc-bsd/) The PCBSD team has announced that version 11.0 will have some more pretty big changes (as they've been known to do lately with NTP daemons and firewalls) Switching from PF to IPFW provided some benefits for VIMAGE, but the syntax was just too complicated for regular everyday users To solve this, they've ported over Linux's iptables, giving users a much more straightforward configuration (http://dpaste.com/2F1KM6T.txt) While ZFS has served them well as the default filesystem for a while, Kris decided that Btrfs would be a better choice going forward Since the FreeBSD kernel doesn't support it natively, all filesystem calls will be through FUSE from now on - performance is Good Enough People often complain about PCBSD's huge ISO download, so, to save space, the default email client will be switched to mutt, and KDE will be replaced with DWM as the default window manager To reconfigure it, or make any appearance changes, users just need to edit a simple C header file and recompile - easy peasy As we've mentioned on the show, PCBSD has been promoting safe backup solutions for a long time with its "life preserver" utility, making it simple to manage multiple snapshots too To test if people have been listening to this advice, Kris recently activated the backdoor he put in life preserver that deletes all the users' files - hope you had that stuff backed up *** NetBSD and FreeBSD join forces (http://www.freebsddiary.org/fretbsd.php) The BSD community has been running into one of the same problems Linux has lately: we just have too many different BSDs to choose from What's more, none of them have any specific areas they focus on or anything like that (they're all basically the same) That situation is about to improve somewhat, as FreeBSD and NetBSD have just merged codebases... say hello to FretBSD Within a week, all mailing lists and webservers for the legacy NetBSD and FreeBSD projects will be terminated - the mailing list for the new combined project will be hosted from the United Nations datacenter on a Microsoft Exchange server As UN monitors will be moderating the mailing lists to prevent disagreements and divisive arguments before they begin, this system is expected to be adequate for the load With FretBSD, your toaster can now run ZFS, so you'll never need to worry about the bread becoming silently corrupted again *** Puffy in the cloud (http://homing-on-code.blogspot.com/2015/03/puffy-in-cloud.html) If you've ever wanted to set up a backup server, especially for family members or someone who's not as technology-savvy, you've probably realized there are a lot of options This post explores the option of setting up your own Dropbox-like service with Owncloud and PostgreSQL, running atop the new OpenBSD http daemon Doing it this way with your own setup, you can control all the security aspects - disk encryption, firewall rules, who can access what and from where, etc He also mentions our pf tutorial (http://www.bsdnow.tv/tutorials/pf) being helpful in blocking script kiddies from hammering the box Be sure to encourage your less-technical friends to always back up their important data *** NetBSD at AsiaBSDCon (https://blog.netbsd.org/tnf/entry/asiabsdcon_2015) Some NetBSD developers have put together a report of what they did at the most recent event in Tokyo It includes a wrap-up of the event, as well as a list of presentations (https://www.netbsd.org/gallery/presentations/#asiabsdcon2015) that NetBSD developers gave Have you ever wanted even more pictures of NetBSD running on lots of devices? There's a never-ending supply, apparently At the BSD research booth of AsiaBSDCon, there were a large number of machines on display, and someone has finally uploaded pictures of all of them (http://www.ki.nu/~makoto/p15/20150315/) There's also a video (https://www.youtube.com/watch?v=K1y9cdmLFjw) of an OMRON LUNA-II running the luna68k port *** Interview - Kamila Součková - kamila@ksp.sk (mailto:kamila@ksp.sk) / @anotherkamila (https://twitter.com/anotherkamila) BSD conferences, Google Summer of Code, various topics News Roundup FreeBSD foundation March update (https://www.freebsdfoundation.org/press/2015marchupdate.pdf) The FreeBSD foundation has published their March update for fundraising and sponsored projects In the document, you'll find information about upcoming ARMv8 enhancements, some event recaps and a Google Summer of Code status update They also mention our interview with the foundation president (http://www.bsdnow.tv/episodes/2015_03_11-the_pcbsd_tour_ii) - be sure to check it out if you haven't *** Inside OpenBSD's new httpd (http://sdtimes.com/inside-openbsds-new-httpd-web-server/) BSD news continues to dominate mainstream tech news sites… well not really, but they talk about it once in a while The SD Times is featuring an article about OpenBSD's in-house HTTP server, after seeing Reyk's AsiaBSDCon presentation (http://www.openbsd.org/papers/httpd-slides-asiabsdcon2015.pdf) about it (which he's giving at BSDCan this year, too) In this article, they talk about the rapid transition of webservers in the base system - apache being replaced with nginx, only to be replaced with httpd shortly thereafter Since the new daemon has had almost a full release cycle to grow, new features and fixes have been pouring in The post also highlights some of the security features: everything runs in a chroot with privsep by default, and it also leverages strong TLS 1.2 defaults (including Perfect Forward Secrecy) *** Using poudriere without OpenSSL (http://bsdxbsdx.blogspot.com/2015/04/build-packages-in-poudriere-without.html) Last week we talked about (http://www.bsdnow.tv/episodes/2015_03_25-ssl_in_the_wild) using LibreSSL in FreeBSD for all your ports One of the problems that was mentioned is that some ports are configured improperly, and end up linking against the OpenSSL in the base system even when you tell them not to This blog post shows how to completely strip OpenSSL out of the poudriere (http://www.bsdnow.tv/tutorials/poudriere) build jails, something that's a lot more difficult than you'd think If you're a port maintainer, pay close attention to this post, and get your ports fixed to adhere to the make.conf options properly *** HAMMER and GPT in OpenBSD (https://www.marc.info/?l=openbsd-tech&m=142755452428573&w=2) Someone, presumably a Google Summer of Code student, wrote in to the lists about his HAMMER FS (http://www.bsdnow.tv/tutorials/hammer) porting proposal He outlined the entire process and estimated timetable, including what would be supported and which aspects were beyond the scope of his work (like the clustering stuff) There's no word yet on if it will be accepted, but it's an interesting idea to explore, especially when you consider that HAMMER really only has one developer In more disk-related news, Ken Westerback (http://www.bsdnow.tv/episodes/2015_02_25-from_the_foundation_2) has been committing quite a lot of GPT-related fixes (https://www.marc.info/?l=openbsd-cvs&w=2&r=1&s=gpt&q=b) recently Full GPT support will most likely be finished before 5.8, but anything involving HAMMER FS is still anyone's guess *** Feedback/Questions Morgan writes in (http://slexy.org/view/s20e30p4qf) Dustin writes in (http://slexy.org/view/s20clKByMP) Stan writes in (http://slexy.org/view/s20aBlmaT5) Mica writes in (http://slexy.org/view/s2ufFrZY9y) *** Mailing List Gold Developers in freefall (https://lists.freebsd.org/pipermail/freebsd-current/2015-April/055281.html) Xorg thieves pt. 1 (https://www.marc.info/?l=openbsd-cvs&m=142786808725483&w=4) Xorg thieves pt. 2 (https://www.marc.info/?l=openbsd-cvs&m=142790740405547&w=4) ***

Coming up this time on the show, we'll be talking to Sean Bruno. He's been using poudriere and QEMU to cross compile binary packages, and has some interesting stories to tell about it. We've also got answers to viewer-submitted questions and all this week's news, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines AsiaBSDCon 2015 schedule (http://2015.asiabsdcon.org/timetable.html.en) Almost immediately after we finished recording an episode last week, the 2015 AsiaBSDCon schedule went up This year's conference will be between 12-15 March at the Tokyo University of Science in Japan The first and second days are for tutorials, as well as the developer summit and vendor summit Days four and five are the main event with the presentations, which Kris and Allan both made the cut for once again Not counting the ones that have yet to be revealed (as of the day we're recording this), there will be thirty-six different talks in all - four BSD-neutral, four NetBSD, six OpenBSD and twenty-two FreeBSD Summaries of all the presentations are on the timetable page if you scroll down a bit *** FreeBSD foundation updates and more (https://www.freebsdfoundation.org/press/2015febupdate.pdf) The FreeBSD foundation (http://www.bsdnow.tv/episodes/2015_02_04-from_the_foundation_1) has posted a number of things this week, the first of which is their February 2015 status update It provides some updates on the funded projects, including PCI express hotplugging and FreeBSD on the POWER8 platform There's a FOSDEM recap and another update of their fundraising goal for 2015 They also have two new blog posts: a trip report from SCALE13x (http://freebsdfoundation.blogspot.com/2015/02/scale-13x-trip-report-michael-dexter.html) and a featured "FreeBSD in the trenches (http://freebsdfoundation.blogspot.com/2015/02/freebsd-from-trenches-zfs-and-how-to.html)" article about how a small typo caused a lot of ZFS chaos in the cluster "Then panic ensued. The machine didn't panic -- I did." *** OpenBSD improves browser security (https://www.marc.info/?l=openbsd-misc&m=142523501726732&w=2) No matter what OS you run on your desktop, the most likely entry point for an exploit these days is almost certainly the web browser Ted Unangst writes in to the OpenBSD misc list to introduce a new project he's working on, simply titled "improving browser security" He gives some background on the W^X memory protection (https://en.wikipedia.org/wiki/W%5EX) in the base system, but also mentions that some applications in ports don't adhere to it For it to be enforced globally instead of just recommended, at least one browser (or specifically, one JIT (https://en.wikipedia.org/wiki/Just-in-time_compilation) engine) needs to be fixed to use it "A system that is 'all W^X except where it's not' is the same as a system that's not W^X. We've worked hard to provide a secure foundation for programs; we'd like to see them take advantage of it." The work is being supported by the OpenBSD foundation (http://www.bsdnow.tv/episodes/2015_02_25-from_the_foundation_2), and we'll keep you updated on this undertaking as more news about it is released There's also some discussion on Hacker News (https://news.ycombinator.com/item?id=9128360) and Undeadly (http://undeadly.org/cgi?action=article&sid=20150303075848&mode=expanded) about it *** NetBSD at Open Source Conference 2015 Tokyo (https://mail-index.netbsd.org/netbsd-advocacy/2015/02/28/msg000680.html) The Japanese NetBSD users group has once again invaded a conference, this time in Tokyo There's even a spreadsheet (https://docs.google.com/spreadsheets/d/1DTJbESfnOUgOiVkFG8vsrxTq6oCGRpf8PkRcMkhWYWQ/edit#gid=0) of all the different platforms they were showing off at the booth (mostly ARM, MIPS, PowerPC and Landisk this time around) If you just can't get enough strange devices running BSD, check the mailing list post for lots of pictures Their next target is, as you might guess, AsiaBSDCon 2015 - maybe we'll run into them *** Interview - Sean Bruno - sbruno@freebsd.org (mailto:sbruno@freebsd.org) / @franknbeans (https://twitter.com/franknbeans) Cross-compiling packages with poudriere (http://www.bsdnow.tv/tutorials/poudriere) and QEMU News Roundup The Crypto Bone (http://crypto-bone.com/what.html) The Crypto Bone is a new device (http://www.crypto-bone.com/) that's aimed at making encryption and secure communications easier (http://crypto-bone.com/cbb-usersview.html) and more accessible Under the hood, it's actually just a Beaglebone (http://beagleboard.org/bone) board, running stock OpenBSD with a few extra packages It includes a web interface (http://crypto-bone.com/release/root/var/www/apache/html/) for configuring keys and secure tunnels The source code (http://crypto-bone.com/release/root/) is freely available for anyone interested in hacking on it (or auditing the crypto), and there's a technical overview (http://crypto-bone.com/cbb-technicalview.html) of how everything works on their site If you don't want to teach your mom how to use PGP, buy her one of these(?) *** BSD in the 2015 Google Summer of Code (https://www.google-melange.com/gsoc/document/show/gsoc_program/google/gsoc2015/about_page) For those who don't know, GSoC is a way for students to get paid to work on a coding project for an open source organization Good news: both FreeBSD and OpenBSD were accepted (https://www.google-melange.com/gsoc/org/list/public/google/gsoc2015) for the 2015 event FreeBSD has a wiki page (https://wiki.freebsd.org/SummerOfCodeIdeas) of ideas for people to work on OpenBSD also has an ideas page (http://www.openbsdfoundation.org/gsoc2015.html) where you can see some of the initial things that might be interesting If you're a student looking to get involved with BSD development, this might be a great opportunity to even get paid to do it Who knows, you may even end up on the show (http://www.bsdnow.tv/episodes/2015_01_07-system_disaster) if you work on a cool project GSoC will be accepting idea proposals starting March 16th, so you have some time to think about what you'd like to hack on *** pfSense 2.3 roadmap (https://blog.pfsense.org/?p=1588) The pfSense team has posted a new blog entry, detailing some of their plans for future versions PPTP will finally be deprecated, PHP will be updated to 5.6 and other packages will also get updated to newer versions PBIs are scheduled to be replaced with native pkgng packages Version 3.0, something coming much later, will be a major rewrite that gets rid of PHP entirely Their ultimate goal is for pfSense to be a package you can install atop of a regular FreeBSD install, rather than a repackaged distribution *** PCBSD 10.1.2 security features (http://blog.pcbsd.org/2015/03/a-look-at-the-upcoming-features-for-10-1-2/) PCBSD 10.1.2 will include a number of cool security features, some of which are detailed in a new blog post A new "personacrypt" utility is introduced, which allows for easy encryption and management of external drives for your home directory Going along with this, it also has a "stealth mode" that allows for one-time temporary home directories (but it doesn't self-destruct, don't worry) The LibreSSL integration also continues, and now packages will be built with it by default If you're using the Life Preserver utility for backups, it will encrypt the remote copy of your files in the next update They've also been working on introducing some new options to enable tunneling your traffic through Tor There will now be a fully-transparent proxy option that utilizes the switch to IPFW we mentioned last week A small disclaimer: remember that many things can expose your true IP when using Tor, so use this option at your own risk if you require full anonymity Look forward to Kris wearing a Tor shirt (https://www.torproject.org/getinvolved/tshirt.html) in future episodes *** Feedback/Questions Antonio writes in (http://slexy.org/view/s2ofBPRT5n) Chris writes in (http://slexy.org/view/s26LsYcoJF) Van writes in (http://slexy.org/view/s28Rho0jvL) Stu writes in (http://slexy.org/view/s21AkGbniU) *** Mailing List Gold H (https://lists.freebsd.org/pipermail/freebsd-ports/2015-February/098183.html) Pay up, mister Free (https://lists.freebsd.org/pipermail/freebsd-chat/2015-February/007024.html) Heritage protected (https://www.mail-archive.com/tech%40openbsd.org/msg22663.html) Blind leading the blind (https://lists.freebsd.org/pipermail/freebsd-questions/2015-February/264466.html) What are the chances (https://lists.freebsd.org/pipermail/svn-src-head/2015-February/068682.html) ***

This week on the show, it's all about Lumina. We'll be giving you a visual walkthrough of the new BSD-exclusive desktop environment, as well as chatting with the main developer. There's also answers to your emails and all the latest news, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines Portscout ported to OpenBSD (http://blog.jasper.la/portscout-for-openbsd/) Portscout is a popular utility used in the FreeBSD ports infrastructure It lets port maintainers know when there's a new version of the upstream software available by automatically checking the distfile mirror Now OpenBSD porters can enjoy the same convenience, as it's been ported over You can view the status online (http://portscout.jasper.la/) to see how it works and who maintains what (http://portscout.jasper.la/index-total.html) The developer who ported it is working to get all the current features working on OpenBSD, and added a few new features as well He decided to fork and rename it (https://jasperla.github.io/portroach/) a few days later *** Sysadmins and systemd refugees flocking to BSD (https://www.reddit.com/r/freebsd/comments/2fgb90/you_have_your_windows_in_my_linux_or_why_many/) With all the drama in Linux land about the rapid changes to their init system, a lot of people are looking at BSD alternatives This "you got your Windows in my Linux (http://www.infoworld.com/d/data-center/you-have-your-windows-in-my-linux-249483)" article (and accompanying comments) give a nice glimpse into the minds of some of those switchers Both server administrators and regular everyday users are switching away from Linux, as more and more distros give them no choice but to use systemd Fortunately, the BSD communities are usually very welcoming of switchers - it's pretty nice on this side! *** OpenBSD's versioning schemes (http://www.tedunangst.com/flak/post/OpenBSD-version-numbers) Ted Unangst explains the various versioning systems within OpenBSD, from the base to libraries to other included software In contrast to FreeBSD's release cycle, OpenBSD isn't as concerned with breaking backwards compatibility (but only if it's needed to make progress) This allows them to innovate and introduce new features a lot more easily, and get those features in a stable release that everyone uses He also details the difference between branches, their errata system and lack of "patch levels" for security Some other things in OpenBSD don't have version numbers at all, like tmux "Every release adds some new features, fixes some old bugs, probably adds a new bug or two, and, if I have anything to say about it, removes some old features." *** VAXstation 4000 Model 90 booting NetBSD (https://www.youtube.com/watch?v=zLsgFPaMPyg) We found a video of NetBSD booting on a 22 year old VAX workstation, circa 1992 This system has a monstrous 71 MHz CPU and 128MB of ECC RAM It continues in part two (https://www.youtube.com/watch?v=YKzDXKmn66U), where we learn that it would've cost around $25,000 when it was released! The uploader talks about his experiences getting NetBSD on it, what does and doesn't work, etc It's interesting to see that such old hardware isn't necessarily obsolete just because newer things have come out since then (but maybe don't try to build world on it...) *** Interview - Ken Moore - ken@pcbsd.org (mailto:ken@pcbsd.org) The Lumina desktop environment Special segment Lumina walkthrough News Roundup Suricata for IDS on pfSense (http://pfsensesetup.com/suricata-intrusion-detection-system-part-one) While most people are familiar with Snort as an intrusion detection system, Suricata is another choice This guide goes through the steps of installing and configuring it on a public-facing pfSense box Part two (http://pfsensesetup.com/suricata-intrusion-detection-system-part-two/) details some of the configuration steps One other cool thing about Suricata - it's compatible with Snort rules, so you can use the same updates There's also another recent post (http://www.allamericancomputerrepair.com/Blog/Post/29/Install-Snort-on-FreeBSD) about snort as well, if that's more your style If you run pfSense (or any BSD) as an edge router for a lot of users, this might be worth looking into *** OpenBSD's systemd API emulation project (http://bsd.slashdot.org/story/14/09/08/0250207/gsoc-project-works-to-emulate-systemd-for-openbsd) This story was pretty popular in the mainstream news this week For the Google Summer of Code, a student is writing emulation wrappers for some of systemd's functions (https://twitter.com/blakkheim/status/509092821773848577) There was consideration from some Linux users to port over the finished emulation back to Linux, so they wouldn't have to run the full systemd One particularly interesting Slashdot comment snippet (http://bsd.slashdot.org/comments.pl?sid=5663319&cid=47851361): "We are currently migrating a large number (much larger than planned after initial results) of systems from RHEL to BSD - a decision taken due to general unhappiness with RHEL6, but SystemD pushed us towards BSD rather than another Linux distro - and in some cases are seeing throughput gains of greater than 10% on what should be equivalent Linux and BSD server builds. The re-learning curve wasn't as steep as we expected, general system stability seems to be better too, and BSD's security reputation goes without saying." It will NOT be in the base system - only in ports, and only installed as a dependency for things like newer GNOME (http://blogs.gnome.org/ovitters/2014/09/07/systemd-in-gnome-3-14-and-beyond/) that require such APIs In the long run, BSD will still be safe from systemd's reign of terror, but will hopefully still be compatible with some third party packages like GNOME that insist on using it *** GhostBSD 4 previewed (http://www.linuxbsdos.com/2014/05/19/preview-of-ghostbsd-4-0/) The GhostBSD project is moving along, slowly getting closer to the 4 release This article shows some of the progress made, and includes lots of screenshots and interesting graphical frontends If you're not too familiar with GhostBSD, we interviewed the lead developer (http://www.bsdnow.tv/episodes/2014_03_12-ghost_of_partition) a little while back *** NetBSD on the Banana Pi (http://rizzoandself.blogspot.com/2014/09/netbsd-on-banana-pi.html) The Banana Pi is a tasty alternative to the Raspberry Pi, with similar hardware specs In this blog post, a NetBSD developer details his experiences in getting NetBSD to run on it After studying how the prebuilt Linux image booted, he made some notes and started hacking Ethernet, one of the few things not working, is being looked into and he's hoping to get it fully supported for the upcoming NetBSD 7.0 They're only about $65 as of the time we're recording this, so it might be a fun project to try *** Feedback/Questions Antonio writes in (http://slexy.org/view/s28iKdBEbm) Garegin writes in (http://slexy.org/view/s21Wfnv87h) Erno writes in (http://slexy.org/view/s2Fzryxhdz) Brandon writes in (http://slexy.org/view/s2ILcqdFfF) ***

We're back again! On this week's packed show, we've got one of the biggest tutorials we've done in a while. It's an in-depth look at PF, OpenBSD's firewall, with some practical examples and different use cases. We'll also be talking to Peter Hansteen about the new edition of "The Book of PF." Of course, we've got news and answers to your emails too, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines ALTQ removed from PF (http://undeadly.org/cgi?action=article&sid=20140419151959) Kicking off our big PF episode... The classic packet queueing system, ALTQ, was recently removed from OpenBSD -current There will be a transitional phase between 5.5 and 5.6 where you can still use it by replacing the "queue" keyword with "oldqueue" in your pf.conf As of 5.6, due about six months from now, you'll have to change your ruleset to the new syntax if you're using it for bandwidth shaping After more than ten years, bandwidth queueing has matured quite a bit and we can finally put ALTQ to rest, in favor of the new queueing subsystem This doesn't affect FreeBSD, PCBSD, NetBSD or DragonflyBSD since all of their PFs are older and maintained separately. *** FreeBSD Quarterly Status Report (https://www.freebsd.org/news/status/report-2014-01-2014-03.html) The quarterly status report from FreeBSD is out, detailing some of the project's ongoing tasks Some highlights include the first "stable" branch of ports, ARM improvements (including SMP), bhyve improvements, more work on the test suite, desktop improvements including the new vt console driver and UEFI booting support finally being added We've got some specific updates from the cluster admin team, core team, documentation team, portmgr team, email team and release engineering team LOTS of details and LOTS of topics to cover, give it a read *** OpenBSD's OpenSSL rewrite continues with m2k14 (http://undeadly.org/cgi?action=article&sid=20140417184158) A mini OpenBSD hackathon (http://www.openbsd.org/hackathons.html) begins in Morocco, Africa You can follow the changes in the -current CVS log (http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/src/ssl/), but a lot of work (http://undeadly.org/cgi?action=article&sid=20140418063443) is mainly going towards the OpenSSL cleaning We've got two trip (http://undeadly.org/cgi?action=article&sid=20140429121423) reports (http://undeadly.org/cgi?action=article&sid=20140425115340) so far, hopefully we'll have some more to show you in a future episode You can see some of the more interesting quotes (http://opensslrampage.org/) from the tear-down or see everything (http://freshbsd.org/commit/openbsd/e5136d69ece4682e6167c8f4a8122270236898bf) Apparently (http://undeadly.org/cgi?action=article&sid=20140423045847) they are going to call the fork "LibreSSL (https://news.ycombinator.com/item?id=7623789)" .... What were the OpenSSL developers thinking (http://freshbsd.org/commit/openbsd/e5136d69ece4682e6167c8f4a8122270236898bf)? The RSA private key was used to seed the entropy! We also got some mainstream news coverage (http://www.zdnet.com/openbsd-forks-prunes-fixes-openssl-7000028613/) and another post from Ted (http://www.tedunangst.com/flak/post/origins-of-libressl) about the history of the fork Definitely consider donating to the OpenBSD foundation (http://www.openbsdfoundation.org/donations.html), this fork will benefit all the other BSDs too *** NetBSD 6.1.4 and 6.0.5 released (https://blog.netbsd.org/tnf/entry/netbsd_6_1_4_and) New updates for the 6.1 and 6.0 branches of NetBSD, focusing on bugfixes The main update is - of course - the heartbleed vulnerability Also includes fixes for other security issues and even a kernel panic... on Atari Patch your Ataris right now, this is serious business *** Interview - Peter Hansteen - peter@bsdly.net (mailto:peter@bsdly.net) / @pitrh (https://twitter.com/pitrh) The Book of PF: 3rd edition Tutorial BSD Firewalls: PF (http://www.bsdnow.tv/tutorials/pf) News Roundup New Xorg now the default in FreeBSD (https://svnweb.freebsd.org/ports?view=revision&revision=351411) For quite a while now, FreeBSD has had two versions of X11 in ports The older, stable version was the default, but you could install a newer one by having "WITHNEWXORG" in /etc/make.conf They've finally made the switch for 10-STABLE and 9-STABLE Check this wiki page (https://wiki.freebsd.org/Graphics) for more info *** GSoC-accepted BSD projects (https://www.google-melange.com/gsoc/org2/google/gsoc2014/openbsdfoundation) The Google Summer of Code team has got the list of accepted project proposals uploaded so we can see what's planned OpenBSD's list includes DHCP configuration parsing improvements, systemd replacements, porting capsicum, GPT and UEFI support, and modernizing the DHCP daemon The FreeBSD list (https://www.google-melange.com/gsoc/org2/google/gsoc2014/freebsd) was also posted Theirs includes porting FreeBSD to the Android emulator, CTF in the kernel debugger, improved unicode support, converting firewall rules to a C module, pkgng improvements, MicroBlaze support, PXE fixes, bhyve caching, bootsplash and lots more Good luck to all the students participating, hopefully they become full time BSD users *** Complexity of FreeBSD VFS using ZFS as an example (http://www.hybridcluster.com/blog/complexity-freebsd-vfs-using-zfs-example-part-2/) HybridCluster posted the second part of their VFS and ZFS series This new post has lots of technical details once again, definitely worth reading if you're a ZFS guy Of course, also watch episode 24 (http://www.bsdnow.tv/episodes/2014_02_12-the_cluster_the_cloud) for our interview with HybridCluster - they do really interesting stuff *** PCBSD weekly digest (http://blog.pcbsd.org/2014/04/weekly-feature-digest-26-the-lumina-project-and-preload/) Preload has been ported over, it's a daemon that prefetches applications PCBSD is developing their own desktop environment, Lumina (there's also an FAQ (http://blog.pcbsd.org/2014/04/quick-lumina-desktop-faq/)) It's still in active development, but you can try it out by installing from ports We'll be showing a live demo of it in a few weeks (when development settles down a bit) Some kid in Australia subjects his poor mother to being on camera (https://www.youtube.com/watch?v=ETxhbf3-z18) while she tries out PCBSD and gives her impressions of it ***

On this week's episode we'll show you how to securely run graphical applications in a jail, we sit down and chat with OpenBSD founder Theo de Raadt and, as always, get you caught up on all the latest news. All that and more, this week on BSD Now - the place to B.. SD. Headlines HAMMER2 GSOC improvements merged (http://lists.dragonflybsd.org/pipermail/commits/2013-September/198111.html) A student from the Google Summer of Code's patches were committed to upstream Dragonfly It focuses mainly on compression and updating the I/O infrastructure to work with compression The ability to boot from (http://lists.dragonflybsd.org/pipermail/commits/2013-September/198166.html) HAMMER2 volumes was also added Check the show notes for a full list of additions and improvements We'll have someone on the show to talk about HAMMER FS in the future *** OSNews starts a "BSD family" segment (http://www.osnews.com/story/27348/The_BSD_family_pt_1_FreeBSD_9_1) An OSNews reader decided to share some info about the BSDs He's writing a three-part series covering FreeBSD, OpenBSD and NetBSD Pretty good info for Linux switchers *** pkgsrc-2013Q3 branch announcement (http://mail-index.netbsd.org/tech-pkg/2013/10/04/msg012093.html) pkgsrc is similar to the ports concept, but for 21 different OSes The pkgsrc developers make a new release every three months. 13184 total packages for AMD64 If there's any interest, we'll try to get a pkgsrc tutorial written in the future *** PCBSD 9.2 released (http://lists.pcbsd.org/pipermail/announce/2013-October/000055.html) Shortly after the official FreeBSD 9.2 release, PCBSD follows up Highlights include bootable ZFS boot environments, a rewritten life-preserver utility for backups, improved pkgng support, updated appcafe, major improvements to warden, a GUI pkgng management system, filesystem-based encryption for home directories and much more *** Interview - Theo de Raadt - deraadt@openbsd.org (mailto:deraadt@openbsd.org) The OpenBSD project Tutorial Jailed VNC sessions (http://www.bsdnow.tv/tutorials/jailedvnc) News Roundup Curve25519 patch for OpenSSH (https://lists.mindrot.org/pipermail/openssh-unix-dev/2013-September/031659.html) Because of recent NSA news, someone implemented an alternative key exchange mechanism It uses Curve25519 instead of the traditional Diffie-Hellman Comes from the developer of libssh and is already implemented there *** FreeBSD 10-ALPHA5 is out (https://lists.freebsd.org/pipermail/freebsd-current/2013-October/045097.html) Includes the big removal of BIND More GNU stuff removed Bhyve and XEN improvements Some LLVM fixes *** M:Tier offering "Long Time Support" for OpenBSD ports (http://www.mtier.org/index.php/news/openbsd-ports-lt-support/) Starting with 5.4, M:Tier will be offering a subscription for LTS support, in addition to their free 6 month version OpenBSD releases are only supported for 1 year normally (5.2 becomes unsupported when 5.4 comes out, etc.) This model makes it easier to keep your ports patched for security in a corporate environment *** Ohio Linuxfest talks uploaded (https://ia801008.us.archive.org/7/items/OhioLinuxfest2013/) The OLF 2013 talks have been uploaded Includes Kirk Mckusick's keynote about building an open source community and Ken Moore's talk about lots of new PCBSD stuff *** Theo's absence and other updates (http://marc.info/?l=openbsd-misc&m=138110694921068&w=2) In an uncharacteristic manner, Theo started a thread on misc@ instead of finishing it For the last year, he's not been as involved in OpenBSD development He's been busy with setting up an Internet Exchange in Calgary Also mentions some troubles with an imposter Twitter account *** Feedback/Questions Kenneth writes in (http://slexy.org/view/s24yODHGaW) Jason writes in (http://slexy.org/view/s21SbqaOPi) Alex writes in (http://slexy.org/view/s2yY3vHoIo) Henson writes in (http://slexy.org/view/s20fT5VHBC) ***