POPULARITY
AP Tests, Hyper-V, Notepad, Google, Nova Scotia, NHI, Bond, Josh Marpet, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-480
It's Week D, do you know where your preview update is? 23H2 is out - 24H2, not so much! No surprises in the new features list, but are more new features on the way? Windows New text actions in Click to Do - Practice in Reading Coach and Read with Immersive Reader - in Dev and Beta (24H2) Find cloud-based (OneDrive-based) photos using Semantic search - Comes to EEA, Snapdragon X only for now, Dev and Beta Voice access improvements - add words to custom dictionary - Dev and Beta Updated green screen UI - latest Canary build, from today Minor update to the Beta/23H2 channel, no new features Ubuntu 25.04 is out and there's a native Arm64 ISO (!) and BitLocker support Hands-on with WSL (which is stuck at 24.xx) and in Hyper-V on a Copilot+ PC Is dual-boot even possible on Arm? (Yet) Friday night update to identity caused accounts to be marked as leaked for 50,000 partner accounts AI We're in a new wave: Microsoft 365 Copilot updated, new Agent Store and more on the way Copilot Vision is now free for everyone in Microsoft Edge Google is giving Gemini Advanced/Google One AI Premium away for free to US college students Google estimates its Gemini AI chatbot had 35M DAUs and 350M MAUs worldwide as of last month while ChatGPT had 160M DAUs and 600M MAUs (Erin Woo/The Information) Perplexity is coming to Samsung and Motorola phones - and Microsoft is apparently coming to Motorola too Antitrust It's getting real - 20 years after US v. Microsoft, Big Tech is finally getting a reckoning Google has now lost two major US antitrust cases in less than a year US v. Google (search): DOJ wants Judge to break up Google US v. Google (ads): Google found to have another illegal monopoly What's the "right" outcome for Chrome and Google's ad businesses? OpenAI says it would be happy to buy Chrome from Google- hilarious Google just killed Privacy Sandbox, cites regulatory climate Apple, Meta fined by EU for not conforming to the DMA Apple Intelligence is no longer "available now" (Siri: Is it raining?) Xbox/gaming Elder Scrolls IV Remastered lands on Xbox, PC, PS5 and Game Pass Xbox app arrives on LG smart TVs It's (back) on: Nintendo Switch 2 pre-orders rescheduled to April 24 with no price change And the demand is higher than expected, Nintendo says Tips and Picks Tip of the week: It's time to look at Google Fi again HARDWARE pick of the week: Microsoft keyboards and mice are back, baby RunAs Radio this week: Agentic AI for IT Pros with Tim Warner Brown liquor pick of the week: Dark Harmony No. 3 Black IPA Cask Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsor: spaceship.com/twit
It's Week D, do you know where your preview update is? 23H2 is out - 24H2, not so much! No surprises in the new features list, but are more new features on the way? Windows New text actions in Click to Do - Practice in Reading Coach and Read with Immersive Reader - in Dev and Beta (24H2) Find cloud-based (OneDrive-based) photos using Semantic search - Comes to EEA, Snapdragon X only for now, Dev and Beta Voice access improvements - add words to custom dictionary - Dev and Beta Updated green screen UI - latest Canary build, from today Minor update to the Beta/23H2 channel, no new features Ubuntu 25.04 is out and there's a native Arm64 ISO (!) and BitLocker support Hands-on with WSL (which is stuck at 24.xx) and in Hyper-V on a Copilot+ PC Is dual-boot even possible on Arm? (Yet) Friday night update to identity caused accounts to be marked as leaked for 50,000 partner accounts AI We're in a new wave: Microsoft 365 Copilot updated, new Agent Store and more on the way Copilot Vision is now free for everyone in Microsoft Edge Google is giving Gemini Advanced/Google One AI Premium away for free to US college students Google estimates its Gemini AI chatbot had 35M DAUs and 350M MAUs worldwide as of last month while ChatGPT had 160M DAUs and 600M MAUs (Erin Woo/The Information) Perplexity is coming to Samsung and Motorola phones - and Microsoft is apparently coming to Motorola too Antitrust It's getting real - 20 years after US v. Microsoft, Big Tech is finally getting a reckoning Google has now lost two major US antitrust cases in less than a year US v. Google (search): DOJ wants Judge to break up Google US v. Google (ads): Google found to have another illegal monopoly What's the "right" outcome for Chrome and Google's ad businesses? OpenAI says it would be happy to buy Chrome from Google- hilarious Google just killed Privacy Sandbox, cites regulatory climate Apple, Meta fined by EU for not conforming to the DMA Apple Intelligence is no longer "available now" (Siri: Is it raining?) Xbox/gaming Elder Scrolls IV Remastered lands on Xbox, PC, PS5 and Game Pass Xbox app arrives on LG smart TVs It's (back) on: Nintendo Switch 2 pre-orders rescheduled to April 24 with no price change And the demand is higher than expected, Nintendo says Tips and Picks Tip of the week: It's time to look at Google Fi again HARDWARE pick of the week: Microsoft keyboards and mice are back, baby RunAs Radio this week: Agentic AI for IT Pros with Tim Warner Brown liquor pick of the week: Dark Harmony No. 3 Black IPA Cask Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsor: spaceship.com/twit
It's Week D, do you know where your preview update is? 23H2 is out - 24H2, not so much! No surprises in the new features list, but are more new features on the way? Windows New text actions in Click to Do - Practice in Reading Coach and Read with Immersive Reader - in Dev and Beta (24H2) Find cloud-based (OneDrive-based) photos using Semantic search - Comes to EEA, Snapdragon X only for now, Dev and Beta Voice access improvements - add words to custom dictionary - Dev and Beta Updated green screen UI - latest Canary build, from today Minor update to the Beta/23H2 channel, no new features Ubuntu 25.04 is out and there's a native Arm64 ISO (!) and BitLocker support Hands-on with WSL (which is stuck at 24.xx) and in Hyper-V on a Copilot+ PC Is dual-boot even possible on Arm? (Yet) Friday night update to identity caused accounts to be marked as leaked for 50,000 partner accounts AI We're in a new wave: Microsoft 365 Copilot updated, new Agent Store and more on the way Copilot Vision is now free for everyone in Microsoft Edge Google is giving Gemini Advanced/Google One AI Premium away for free to US college students Google estimates its Gemini AI chatbot had 35M DAUs and 350M MAUs worldwide as of last month while ChatGPT had 160M DAUs and 600M MAUs (Erin Woo/The Information) Perplexity is coming to Samsung and Motorola phones - and Microsoft is apparently coming to Motorola too Antitrust It's getting real - 20 years after US v. Microsoft, Big Tech is finally getting a reckoning Google has now lost two major US antitrust cases in less than a year US v. Google (search): DOJ wants Judge to break up Google US v. Google (ads): Google found to have another illegal monopoly What's the "right" outcome for Chrome and Google's ad businesses? OpenAI says it would be happy to buy Chrome from Google- hilarious Google just killed Privacy Sandbox, cites regulatory climate Apple, Meta fined by EU for not conforming to the DMA Apple Intelligence is no longer "available now" (Siri: Is it raining?) Xbox/gaming Elder Scrolls IV Remastered lands on Xbox, PC, PS5 and Game Pass Xbox app arrives on LG smart TVs It's (back) on: Nintendo Switch 2 pre-orders rescheduled to April 24 with no price change And the demand is higher than expected, Nintendo says Tips and Picks Tip of the week: It's time to look at Google Fi again HARDWARE pick of the week: Microsoft keyboards and mice are back, baby RunAs Radio this week: Agentic AI for IT Pros with Tim Warner Brown liquor pick of the week: Dark Harmony No. 3 Black IPA Cask Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsor: spaceship.com/twit
It's Week D, do you know where your preview update is? 23H2 is out - 24H2, not so much! No surprises in the new features list, but are more new features on the way? Windows New text actions in Click to Do - Practice in Reading Coach and Read with Immersive Reader - in Dev and Beta (24H2) Find cloud-based (OneDrive-based) photos using Semantic search - Comes to EEA, Snapdragon X only for now, Dev and Beta Voice access improvements - add words to custom dictionary - Dev and Beta Updated green screen UI - latest Canary build, from today Minor update to the Beta/23H2 channel, no new features Ubuntu 25.04 is out and there's a native Arm64 ISO (!) and BitLocker support Hands-on with WSL (which is stuck at 24.xx) and in Hyper-V on a Copilot+ PC Is dual-boot even possible on Arm? (Yet) Friday night update to identity caused accounts to be marked as leaked for 50,000 partner accounts AI We're in a new wave: Microsoft 365 Copilot updated, new Agent Store and more on the way Copilot Vision is now free for everyone in Microsoft Edge Google is giving Gemini Advanced/Google One AI Premium away for free to US college students Google estimates its Gemini AI chatbot had 35M DAUs and 350M MAUs worldwide as of last month while ChatGPT had 160M DAUs and 600M MAUs (Erin Woo/The Information) Perplexity is coming to Samsung and Motorola phones - and Microsoft is apparently coming to Motorola too Antitrust It's getting real - 20 years after US v. Microsoft, Big Tech is finally getting a reckoning Google has now lost two major US antitrust cases in less than a year US v. Google (search): DOJ wants Judge to break up Google US v. Google (ads): Google found to have another illegal monopoly What's the "right" outcome for Chrome and Google's ad businesses? OpenAI says it would be happy to buy Chrome from Google- hilarious Google just killed Privacy Sandbox, cites regulatory climate Apple, Meta fined by EU for not conforming to the DMA Apple Intelligence is no longer "available now" (Siri: Is it raining?) Xbox/gaming Elder Scrolls IV Remastered lands on Xbox, PC, PS5 and Game Pass Xbox app arrives on LG smart TVs It's (back) on: Nintendo Switch 2 pre-orders rescheduled to April 24 with no price change And the demand is higher than expected, Nintendo says Tips and Picks Tip of the week: It's time to look at Google Fi again HARDWARE pick of the week: Microsoft keyboards and mice are back, baby RunAs Radio this week: Agentic AI for IT Pros with Tim Warner Brown liquor pick of the week: Dark Harmony No. 3 Black IPA Cask Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsor: spaceship.com/twit
It's Week D, do you know where your preview update is? 23H2 is out - 24H2, not so much! No surprises in the new features list, but are more new features on the way? Windows New text actions in Click to Do - Practice in Reading Coach and Read with Immersive Reader - in Dev and Beta (24H2) Find cloud-based (OneDrive-based) photos using Semantic search - Comes to EEA, Snapdragon X only for now, Dev and Beta Voice access improvements - add words to custom dictionary - Dev and Beta Updated green screen UI - latest Canary build, from today Minor update to the Beta/23H2 channel, no new features Ubuntu 25.04 is out and there's a native Arm64 ISO (!) and BitLocker support Hands-on with WSL (which is stuck at 24.xx) and in Hyper-V on a Copilot+ PC Is dual-boot even possible on Arm? (Yet) Friday night update to identity caused accounts to be marked as leaked for 50,000 partner accounts AI We're in a new wave: Microsoft 365 Copilot updated, new Agent Store and more on the way Copilot Vision is now free for everyone in Microsoft Edge Google is giving Gemini Advanced/Google One AI Premium away for free to US college students Google estimates its Gemini AI chatbot had 35M DAUs and 350M MAUs worldwide as of last month while ChatGPT had 160M DAUs and 600M MAUs (Erin Woo/The Information) Perplexity is coming to Samsung and Motorola phones - and Microsoft is apparently coming to Motorola too Antitrust It's getting real - 20 years after US v. Microsoft, Big Tech is finally getting a reckoning Google has now lost two major US antitrust cases in less than a year US v. Google (search): DOJ wants Judge to break up Google US v. Google (ads): Google found to have another illegal monopoly What's the "right" outcome for Chrome and Google's ad businesses? OpenAI says it would be happy to buy Chrome from Google- hilarious Google just killed Privacy Sandbox, cites regulatory climate Apple, Meta fined by EU for not conforming to the DMA Apple Intelligence is no longer "available now" (Siri: Is it raining?) Xbox/gaming Elder Scrolls IV Remastered lands on Xbox, PC, PS5 and Game Pass Xbox app arrives on LG smart TVs It's (back) on: Nintendo Switch 2 pre-orders rescheduled to April 24 with no price change And the demand is higher than expected, Nintendo says Tips and Picks Tip of the week: It's time to look at Google Fi again HARDWARE pick of the week: Microsoft keyboards and mice are back, baby RunAs Radio this week: Agentic AI for IT Pros with Tim Warner Brown liquor pick of the week: Dark Harmony No. 3 Black IPA Cask Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsor: spaceship.com/twit
It's Week D, do you know where your preview update is? 23H2 is out - 24H2, not so much! No surprises in the new features list, but are more new features on the way? Windows New text actions in Click to Do - Practice in Reading Coach and Read with Immersive Reader - in Dev and Beta (24H2) Find cloud-based (OneDrive-based) photos using Semantic search - Comes to EEA, Snapdragon X only for now, Dev and Beta Voice access improvements - add words to custom dictionary - Dev and Beta Updated green screen UI - latest Canary build, from today Minor update to the Beta/23H2 channel, no new features Ubuntu 25.04 is out and there's a native Arm64 ISO (!) and BitLocker support Hands-on with WSL (which is stuck at 24.xx) and in Hyper-V on a Copilot+ PC Is dual-boot even possible on Arm? (Yet) Friday night update to identity caused accounts to be marked as leaked for 50,000 partner accounts AI We're in a new wave: Microsoft 365 Copilot updated, new Agent Store and more on the way Copilot Vision is now free for everyone in Microsoft Edge Google is giving Gemini Advanced/Google One AI Premium away for free to US college students Google estimates its Gemini AI chatbot had 35M DAUs and 350M MAUs worldwide as of last month while ChatGPT had 160M DAUs and 600M MAUs (Erin Woo/The Information) Perplexity is coming to Samsung and Motorola phones - and Microsoft is apparently coming to Motorola too Antitrust It's getting real - 20 years after US v. Microsoft, Big Tech is finally getting a reckoning Google has now lost two major US antitrust cases in less than a year US v. Google (search): DOJ wants Judge to break up Google US v. Google (ads): Google found to have another illegal monopoly What's the "right" outcome for Chrome and Google's ad businesses? OpenAI says it would be happy to buy Chrome from Google- hilarious Google just killed Privacy Sandbox, cites regulatory climate Apple, Meta fined by EU for not conforming to the DMA Apple Intelligence is no longer "available now" (Siri: Is it raining?) Xbox/gaming Elder Scrolls IV Remastered lands on Xbox, PC, PS5 and Game Pass Xbox app arrives on LG smart TVs It's (back) on: Nintendo Switch 2 pre-orders rescheduled to April 24 with no price change And the demand is higher than expected, Nintendo says Tips and Picks Tip of the week: It's time to look at Google Fi again HARDWARE pick of the week: Microsoft keyboards and mice are back, baby RunAs Radio this week: Agentic AI for IT Pros with Tim Warner Brown liquor pick of the week: Dark Harmony No. 3 Black IPA Cask Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsor: spaceship.com/twit
Windows Server is back! Directions on Microsoft analyst Jim Gaynor and Mary Jo Foley delve into the new features and capabilities coming with Windows Server 2025 worth knowing about, including new Active Directory and security features, GPU partitioning for Hyper-V, hotpatching – and the Azure services you need to use them.
Join Automox's cybersecurity experts as they discuss the latest Patch Tuesday updates, focusing on vulnerabilities in Active Directory, Hyper-V, and macOS 15.2. They highlight the importance of staying updated and the evolving threat landscape, particularly with the rise of phishing attacks and the need for robust security measures in enterprise environments.
Ce mois-ci Yann nous parle de la disponibilité de NAbox pour de nouvelles plateformes de virtualisation ! Si votre hyperviseur est basé sur KVM ou Hyper-V, vous pouvez maintenant déployer NAbox !Worm et ARP sont maintenant inclus avec Cloud Volumes ONTAP sans coûts additionnels.VMware vCloud fondation est supporté avec NetAppTrident 24-06 supporte SnapMirror et les ONTAP Tools pour VMware supportent ActiveSync !Ne ratez pas les NetApp Insider's club et NetApp Insight Xtra !NFS supporte maintenant NFS-over-TLS et bien sûr on parle de NetApp Insight !Yann Bizeul (Linked-In)Guillaume Sowinski (Linked-In)Yves Weisser (Linked-In)
Wie sieht die Virtualisierungs-Landschaft im Jahr 2024 aus? Und mit welcher Lösung erfüllen Sie Ihre individuellen Anforderungen am effizientesten? Unsere Virtualisierungs-Experten Lukas Stadler, Florian Müller und Jonas Sterr nehmen Sie mit auf einen Streifzug durch VMware, Hyper-V und Proxmox und besprechen die Vorzüge und Besonderheiten ihres jeweiligen Fachgebiets. Viel Spaß beim Hören!
Gene Leyzarovich, Founder at JetStor shares insights on the evolution of data storage from tapes and magnetic disks to modern flash and hybrid systems. We discuss the significant impact of the Broadcom and VMware acquisition on licensing costs, prompting many organizations to explore alternatives like Proxmox and Hyper-V.
In this episode of the Security Swarm Podcast, host Andy and recurring guest, Paul, talk about the challenges and opportunities organizations face amidst the Broadcom acquisition of VMware. They discuss the steep price hikes for VMware licenses and the security vulnerabilities recently discovered in VMware products. This acquisition has prompted many businesses to consider alternative solutions, and the episode provides a comprehensive overview of the available options within the Microsoft ecosystem. They cover a range of migration strategies, including moving to the Microsoft ecosystem through Azure, Azure Stack HCI, and on-premises Hyper-V solutions. Andy and Paul offer valuable insights into ensuring a secure and seamless transition away from VMware, making this episode essential listening for IT professionals navigating these significant changes. Key takeaways: Broadcom's Acquisition of VMware is Causing Major Disruption due to massive license cost increases of 300-500% for many organizations. Microsoft Hyper-V is a Viable Alternative to VMware. It offers a mature, enterprise-ready hypervisor that can be a cost-effective replacement for VMware. Azure Stack HCI Provides an On-Premises VMware Alternative. It provides a hyperconverged infrastructure solution with Hyper-V at the core, along with integration to Azure services for management and modernization. Security pitfalls can arise when organizations rush to migrate away from VMware due to the Broadcom situation. Proper planning, understanding the security posture of the new platform, and ensuring critical configurations like backup are in place are essential to mitigate risks. Timestamps: (02:51) - Vulnerabilities in VMware (07:30) - Migrating to the Microsoft Ecosystem (13:38) - On-Premises Microsoft Options (38:45) - Security Considerations for Migrations (44:52) - Pragmatic Approach to Platform Selection Episode Resources: Microsoft and Broadcom to Support License Portability Paul's article on options for migrating from VMware to Microsoft VMware Sandbox Escape Bugs
Sich die Virtualisierungs-Distribution Proxmox anzuschauen, ist nicht nur sinnvoll, wenn man zufällig gerade von VMware weg möchte. Auch zum Zusammenfassen eines Haufens Smart-Home-Raspis auf einer einzigen Kiste ist es geeignet, oder einfach für Testinstallationen von Betriebssystemen und Software. Die c't-Kollegen Niklas Dierking und Peter Siering haben nicht nur Artikel zum Thema Proxmox geschrieben, sondern sie sind auch zu Gast in dieser Folge des c't uplink. Wir sprechen darüber, was Proxmox kann, woraus es besteht, für wen es sich eignet und mehr. Unseren Proxmox-Schwerpunkt lesen Sie in c't 9/2024.
Windows Server is back! Directions on Microsoft analyst Jim Gaynor and Mary Jo Foley delve into the new features and capabilities coming with Windows Server 2025 worth knowing about, including new Active Directory and security features, GPU partitioning for Hyper-V, hotpatching – and the Azure services you need to use them.
Windows Server is back, baby! Directions on Microsoft analyst Jim Gaynor and Mary Jo Foley delve into a lot of the new goodies coming with Windows Server 2025. Hotpatching, new Active Directory and security features, GPU partitioning for Hyper-V and more are slated to arrive later this year. Here's what IT pros need to know.
Microsoft fixes critical flaws in Windows Kerberos, Hyper-V
Welcome to episode 240! It's a doozy this week! Justin, Ryan, Jonathan and Matthew are your hosts in this supersized episode. Today we talk about Google Gemini, the GCP sales force (you won't believe the numbers) and Google feudalism. (There's some lovely filth over here!) Plus we discuss the latest happenings over at HashiCorp, Broadcom, and the Code family of software. So put away your ugly sweaters and settle in for episode 240 of The Cloud Pod podcast - where the forecast is always cloudy! Titles we almost went with this week:
In this episode of Business Ninjas, Andrew is joined by Damien Stevens, Founder and CEO of Servosity—world-class backup and disaster recovery software.Servosity combines industry leading Support with Disaster Recovery for Virtual, Physical, and Cloud to be protected On-premise, Off-site, and the Cloud. Servosity's suite of products offer Disaster Recovery for VMware, Hyper-V, Microsoft Windows, Linux, and Mac protection. In the event of a disaster, Service Providers can launch business operations in minutes.Find out more: https://www.servosity.com/ -----Do you want to be interviewed for your business? Schedule time with us, and we'll create a podcast like this for your business: https://www.WriteForMe.io/-----https://www.facebook.com/writeforme.iohttps://www.instagram.com/writeforme.io/https://twitter.com/writeformeiohttps://www.linkedin.com/company/writeforme/ https://www.pinterest.com/andysteuer/Want to be interviewed on our Business Ninjas podcast? Schedule time with us now, and we'll make it happen right away! Check out WriteForMe, more than just a Content Agency! See the Faces Behind The Voices on our YouTube Channel!
In today's episode, hosts Andy Leonard and Frank La Vigne catch up on their recent activities, including Frank's presentations at the Red Hat Summit Connect. They discuss the event and the focus on AI and government agencies. Frank also shares his experiences with a new product called Ansible Lightspeed with Watson code assist, which is enhancing the use of large language models.Moving on, Andy and Frank talk about their home lab projects. They both express their excitement for building a powerful system that allows them to explore AI capabilities locally. While Andy's lab is focused on AI, Frank is delving into the world of Red Hat OpenShift and containers to expand his knowledge. They discuss the importance of hands-on learning and the practicality of setting up a home lab.The conversation takes an interesting turn as they discuss Andy's initial miscalculation with the GPU size and his daughter starting college, leading to budget changes. Frank shares his hardware journey over the past year, including his experience with the Apple Silicon M2 computer and its incredible performance.Tune in to this episode of "Data Driven" to hear more about the Red Hat Summit, the latest developments in AI, and the adventures of building a home lab. So grab your favorite beverage, sit back, and get ready to dive into the world of data-driven insights!LinksRed Hat OpenShift AI in Higher Education Webinar https://qrcodes.at/aidata-edu-webinar-oct19Show Notes[00:00:45] Red Hat holds an annual summit, usually in Boston, featuring sessions for developers.[00:05:16] Recounting difficulty using AI engines, but eventually having success. Mistake of underestimating GPU capacity.[00:07:08] This 8 gig memory is supernatural, like a cool oasis at a conference.[00:09:48] The text discusses trying different operating systems on an old device, including Fedora and Chrome OS Flex.[00:15:17] This machine has 96 gigs and can run multiple VMs.[00:17:12] The author plans to install Hyper V on Windows Server to run multiple Linux VMs, eventually migrating to Red Hat Enterprise Linux. They are waiting for a developer license key.[00:19:46] The person is setting up a NAS to store and access files from different devices. They currently use OneDrive as a temporary solution.
In today's episode, Andy has a special guest from our product development team at Hornetsecurity - Jean Paul (JP) Callus. The episode goes into an insightful discussion on how threats have morphed over the years. Andy and Jean Paul recount the days when backup primarily served as a safety net against accidental data loss and hardware failures. Fast forward to today, and backups have become a key weapon in the fight against ransomware and other sophisticated attacks. Tune in to discover the power of modern backups in the ever-evolving world of cybersecurity and how organizations can establish seamless data protection measures, ensuring minimal data loss and downtime in the face of cyber threats. Timestamps: (2:16) – Ransomware continues to drive backup and recovery decisions. (10:10) – How has the industry traditionally mitigated ransomware and how are things done now? (14:13) – Revisiting the 3-2-1 backup strategy and adding an extra “1” (16:10) – Cloud backups and WORM (Write Once Read Many) states. (19:10) – What other backup technologies play a role in security? (23:43) – Deduplication, Immutability, and Backup Episode resources: Podcast EP01: We Used ChatGPT to Create Ransomware Podcast EP05: What is Immutability and Why Do Ransomware Gangs Hate it? Hornetsecurity Ransomware Attack Survey VM Backup V9 The Backup Bible Find Andy on LinkedIn, Twitter or Mastadon Find Jean Paul on LinkedIn This SysAdmin Day, win with Hornetsecurity! If you are a System/IT Admin and use Hyper-V or VMware, celebrate with us by signing up & trialling VM Backup V9 for a chance to win a Pixel Tablet! Find out more information here.
Move on-premises VMware or Hyper-V workloads to the cloud with Azure Migrate. Discover and assess your VMs, generate a business case for moving Windows and Linux VMs into Azure, and use integrated tools to replicate and migrate your VMs into production running on Azure. Get Extended Security Updates until October 2026 along with upgrade rights to a supported Windows Server release if you're migrating Windows Server 2012 VMs to Azure. Azure expert, Matt McSpirit, gives a quick overview of how to migrate your VMware virtual machines to Azure. ► QUICK LINKS: 00:00 - Introduction 00:31 - Prerequisites 01:12 - VM discovery 03:15 - Discovered servers 04:12 - New business case assessment 05:55 - Create an assessment to migrate VMs into Azure 06:54 - Replicate VMs into Azure 08:35 - Run test migrations 09:14 - Migrate VMs into production 09:47 - Wrap up ► Link References: Set up permissions in Azure at https://aka.ms/VMwarePrereqs Details to migrate complete VMware environments and run them in Azure at https://aka.ms/AVSmechanics For expert migration help go to https://azure.com/AMMP ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
Bret and Matt are joined by Corey Quinn to talk about AWS and containers.Corey Quinn is the Chief Cloud Economist at the Duckbill Group. You may have seen or heard some of his in-depth AWS content, including his Last Week in AWS newsletter and blog, Corey's podcast Screaming in the Cloud and the AWS Morning Brief, or his highly produced YouTube videos on the Last Week in AWS channel. Corey runs the Duckbill Group, a company of people focused on helping clients understand and manage their cloud spend. If I had to describe Corey in a sentence, he's a quick thinking AWS expert who is one part cloud strategist, and one part sarcasm. The inspiration for this show came from his blog series, focused on all the ways to run containers on AWS, which is to say there's a lot. Dozens of ways, in fact, which I took as a testament to how containers have won the cloud as the primary way to package and deploy software to servers. Now, the hard part for us is to figure out which method we're going to choose for running those containers. We go on lots of tangents, but overall it was a fun conversation and I hope you enjoy this episode.Live recording of the complete show from May 4, 2023 is on YouTube (Ep. #214).★Topics★The Cloud Resume ChallengeLast Week in AWS17 ways to run containers on AWS17 MORE ways to run containers on AWSSupport this show and get exclusive benefits on Patreon, YouTube, or bretfisher.com!★Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansGrab some merch at Bret's Loot BoxHomepage bretfisher.comCreators & Guests Bret Fisher - Host Cristi Cotovan - Editor Beth Fisher - Producer Matt Williams - Host Corey Quinn - Guest (00:00) - Intro (07:19) - 17 Ways to Run Containers on AWS (09:57) - If you're using the cloud, use the cloud! (13:32) - Data loss and it's only on the internet forever (17:58) - Recommended ways to run containers on AWS (22:49) - Biggest burn on people's AWS bills (29:33) - Docker Desktop on top of AWS EC2 in Windows and do you need bare metal? (30:13) - Bare metal required for Hyper-V (32:39) - AWS App Runner (40:26) - Services AWS has dropped (41:39) - Workloads inside the container; where the container should run (44:13) - Building experience...hands-on projects vs getting certifications (55:31) - Migrating. Leaving Kubernetes. (01:00:57) - Chat GPT Star Wars jokes
Gallery in File Explorer, Bing in SwiftKey, Ubisoft+ Multi Access Bing/AI Samsung allegedly is considering replacing Google Search with Bing. Can they even do that? Bing chatbot comes to Swiftkey and Microsoft Start. And now you can remove the Bing button from Swiftkey. Sound familiar? Microsoft is all-in on AI hardware Microsoft brings more AI to developers ahead of Build Amazon announces Bedrock generative AI tool for developers. Speaking of which, where's Apple in all this? Windows 11 New Dev channel build: remove time/date from the system tray, "new" hover behavior on search New Beta channel build: Content Adaptive Brightness Control (CABC) on plugged in PCs, a PC maker-enabled feature - plus RDC redesign for Windows 11 Photo Gallery view comes to File Explorer in Insider Program This isn't the first time a Photos app feature has shown up elsewhere this year Surface Microsoft can't seem to escape the trap of its one successful Surface design Xbox Minecraft Legends, more on tap for Xbox Game Pass Ubisoft+ Multi Access comes to Xbox The exodus from 343 Industries continues Microsoft: just kidding on the latest Xbox Dashboard UI Sega buys Rovio for the same reason Microsoft wants AB Tips & Picks Tip of the week: Hyper-V or Windows Sandbox? App pick of the week: Xbox Game Pass Ultimate/Xbox app for Windows 11 RunAs Radio this week: Project Zero Trust with George Finney Brown liquor pick of the week: Woodford Reserve Hosts: Paul Thurrott, Richard Campbell, and Mikah Sargent Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: Miro.com/podcast meraki.cisco.com/twit cachefly.com
Gallery in File Explorer, Bing in SwiftKey, Ubisoft+ Multi Access Bing/AI Samsung allegedly is considering replacing Google Search with Bing. Can they even do that? Bing chatbot comes to Swiftkey and Microsoft Start. And now you can remove the Bing button from Swiftkey. Sound familiar? Microsoft is all-in on AI hardware Microsoft brings more AI to developers ahead of Build Amazon announces Bedrock generative AI tool for developers. Speaking of which, where's Apple in all this? Windows 11 New Dev channel build: remove time/date from the system tray, "new" hover behavior on search New Beta channel build: Content Adaptive Brightness Control (CABC) on plugged in PCs, a PC maker-enabled feature - plus RDC redesign for Windows 11 Photo Gallery view comes to File Explorer in Insider Program This isn't the first time a Photos app feature has shown up elsewhere this year Surface Microsoft can't seem to escape the trap of its one successful Surface design Xbox Minecraft Legends, more on tap for Xbox Game Pass Ubisoft+ Multi Access comes to Xbox The exodus from 343 Industries continues Microsoft: just kidding on the latest Xbox Dashboard UI Sega buys Rovio for the same reason Microsoft wants AB Tips & Picks Tip of the week: Hyper-V or Windows Sandbox? App pick of the week: Xbox Game Pass Ultimate/Xbox app for Windows 11 RunAs Radio this week: Project Zero Trust with George Finney Brown liquor pick of the week: Woodford Reserve Hosts: Paul Thurrott, Richard Campbell, and Mikah Sargent Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: Miro.com/podcast meraki.cisco.com/twit cachefly.com
Gallery in File Explorer, Bing in SwiftKey, Ubisoft+ Multi Access Bing/AI Samsung allegedly is considering replacing Google Search with Bing. Can they even do that? Bing chatbot comes to Swiftkey and Microsoft Start. And now you can remove the Bing button from Swiftkey. Sound familiar? Microsoft is all-in on AI hardware Microsoft brings more AI to developers ahead of Build Amazon announces Bedrock generative AI tool for developers. Speaking of which, where's Apple in all this? Windows 11 New Dev channel build: remove time/date from the system tray, "new" hover behavior on search New Beta channel build: Content Adaptive Brightness Control (CABC) on plugged in PCs, a PC maker-enabled feature - plus RDC redesign for Windows 11 Photo Gallery view comes to File Explorer in Insider Program This isn't the first time a Photos app feature has shown up elsewhere this year Surface Microsoft can't seem to escape the trap of its one successful Surface design Xbox Minecraft Legends, more on tap for Xbox Game Pass Ubisoft+ Multi Access comes to Xbox The exodus from 343 Industries continues Microsoft: just kidding on the latest Xbox Dashboard UI Sega buys Rovio for the same reason Microsoft wants AB Tips & Picks Tip of the week: Hyper-V or Windows Sandbox? App pick of the week: Xbox Game Pass Ultimate/Xbox app for Windows 11 RunAs Radio this week: Project Zero Trust with George Finney Brown liquor pick of the week: Woodford Reserve Hosts: Paul Thurrott, Richard Campbell, and Mikah Sargent Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: Miro.com/podcast meraki.cisco.com/twit cachefly.com
Gallery in File Explorer, Bing in SwiftKey, Ubisoft+ Multi Access Bing/AI Samsung allegedly is considering replacing Google Search with Bing. Can they even do that? Bing chatbot comes to Swiftkey and Microsoft Start. And now you can remove the Bing button from Swiftkey. Sound familiar? Microsoft is all-in on AI hardware Microsoft brings more AI to developers ahead of Build Amazon announces Bedrock generative AI tool for developers. Speaking of which, where's Apple in all this? Windows 11 New Dev channel build: remove time/date from the system tray, "new" hover behavior on search New Beta channel build: Content Adaptive Brightness Control (CABC) on plugged in PCs, a PC maker-enabled feature - plus RDC redesign for Windows 11 Photo Gallery view comes to File Explorer in Insider Program This isn't the first time a Photos app feature has shown up elsewhere this year Surface Microsoft can't seem to escape the trap of its one successful Surface design Xbox Minecraft Legends, more on tap for Xbox Game Pass Ubisoft+ Multi Access comes to Xbox The exodus from 343 Industries continues Microsoft: just kidding on the latest Xbox Dashboard UI Sega buys Rovio for the same reason Microsoft wants AB Tips & Picks Tip of the week: Hyper-V or Windows Sandbox? App pick of the week: Xbox Game Pass Ultimate/Xbox app for Windows 11 RunAs Radio this week: Project Zero Trust with George Finney Brown liquor pick of the week: Woodford Reserve Hosts: Paul Thurrott, Richard Campbell, and Mikah Sargent Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: Miro.com/podcast meraki.cisco.com/twit cachefly.com
In this episode I talk with Dustin Milberg, Field CTO at InterVision. InterVision is strategic service provider focused on helping commercial and public sector organizations transform their technology strategy, improve risk management and gain a competitive edge. InterVision look to solve crucial IT challenges by delivering the right technology, deployed on the right premises and managed through the right service model. The specialize in datacenter and professional services around Resiliency, Cloud, Communications, Infrastructure and more. Dustin and I talk about the evolution of what it is to be a modern day Service Provider in a world where hybrid cloud rules and security and data protection is paramount to their clients. InterVision was founded in 1993 and is head quartered out of Santa Clara, California, United States. ☑️ But me a coffee? - https://ko-fi.com/gtwgt ☑️ Technology and Technology Partners Mentioned: VMware, Hyper-V, Nutanix, Veeam, Microsoft, AWS, Azure, Kubernetes, Containers, Storage, Networking, DRaaS, BaaS, Security ☑️ Raw Talking Points: History and founding First 10 years + CAD begins Early days of hosting Transitioning through hosting to infrastructure to virtualisation to cloud Acquisitions - Bluelock Public Cloud Services AWS and Azure Security and Ransomeware Managed vs Unmanaged Ransomware, backup and DR Optimizing workloads question Power of the Data Platforms ☑️ Web: https://intervision.com/ ☑️ Interested in being on #GTwGT? Contact via Twitter @GTwGTPodcast or go to https://www.gtwgt.com ☑️ Subscribe to YouTube: https://www.youtube.com/@GTwGTPodcast?sub_confirmation=1 ☑️ Music: https://www.bensound.com
In this episode I talk with Yan Ness, Chief Executive Officer at Verge.io. Verge.io is a single piece of hyper-converged virtualization software that makes it easy to use existing resources to create secure multi-tenant private clouds. Verge.io provides a simpler way to virtualize data centers and end IT infrastructure complexity. The company's Verge OS software is the first and only fully integrated virtual cloud software stack to build, deploy and manage virtual data centers. Verge-OS delivers significant capital savings, increased operational efficiencies, reduced risk, and rapid scalability. Yan and I talk about the shift from traditional de-coupled platforms like VMware and how even the Public Cloud is overly complex. Through simplicity of the stack, Verge.io is able to allow service providers and organizations function without the hassles associated with standard hardware platforms. Verge.io was borne from YottaByte, founded in 2010 as a replacement for on-premises infrastructure. Eventually, YottaByte rebranded to Verge.io and is head quartered out of Greater Detroit Area, Great Lakes. ☑️ But me a coffee? - https://ko-fi.com/gtwgt ☑️ Technology and Technology Partners Mentioned: VMware, KVM, Hyper-V, Nutanix, Veeam, Microsoft, AWS, Azure, Kubernetes, Containers, Storage, Networking ☑️ Raw Talking Points: Lead with the product Early years starting up... ISP/Dial Up to colo cloud - comparison Retirement Encapsulation of the datacenter above storage Art of simplcity Yottabyte Technology Virtualizing the Datacenter holistically Cost pressures of AWS/Azure Public cloud Verge.io Stack? Install? VMware replacement and Migrations Scale The Verge.io Recipe Engine Management and Dashboard and API MSP and SP space vs on-prem Modern Platforms Kubevirt Kubernetes Profile and impact of Verge.io ☑️ Web: https://verge.io ☑️ Sign up for a 14 day Test Drive: https://www.verge.io/test-drive ☑️ Interested in being on #GTwGT? Contact via Twitter @GTwGTPodcast or go to https://www.gtwgt.com ☑️ Subscribe to YouTube: https://www.youtube.com/@GTwGTPodcast?sub_confirmation=1 ☑️ Music: https://www.bensound.com
## Sophos SFOS Sicherheitslücke Es gab kürzlich wieder eine Sicherheitslücke im SFOS, welche unterstreicht, wie wichtig es ist, seine Firewall immer auf dem neusten Stand zu halten. Wir nennen euch drei zentrale Punkte, welche bei der Nutzung einer Firewall erfüllt werden sollten. ## UTM News - kein Core-Produkt mehr Ab Januar 2023 wird der Core-Produkt-Status der UTM-Serie entzogen. Dadurch wird es für einen Sophos-Partner noch uninteressanter, diese Produkte zu verkaufen. Aus unserer Sicht ist dies ein weiterer Schritt von Sophos, sich langsam aber sicher einem EOS Datum zu nähern.
Kdybyste sháněli tip, kam na pěkný celodenní výlet, jeden bych pro vás měl. Ať už bydlíte kdekoli, je to tam od vás blízko a je tam krásně za každého ročního období a v jakémkoli počasí.Všechny díly podcastu Rozhlasový sloupek můžete pohodlně poslouchat v mobilní aplikaci mujRozhlas pro Android a iOS nebo na webu mujRozhlas.cz.
We've got Microsoft MVP Eric Siron for a conversation about the end of Hyper-V Server (the free SKU of Hyper-V). Again, to confirm, we're talking about the free SKU of Hyper-V. The normal paid SKUs - the well-known role within Windows Server - will be remaining. This announcement came abruptly and was something of a shock to many people. Hyper-V server was the primary test/dev hypervisor for many organizations, not to mention it was great for licensing in VDI scenarios. News of its untimely demise has created some angst in the community. Many IT Pros see this move by Microsoft as a way to takeaway a great free tool and use the situation to start pushing Azure Stack HCI, which many organizations are not ready to adopt at this time. The good news is that Hyper-V Server 2019 is going to continue to be supported until its extended support lifecycle runs out in 2029. This means that many organizations will have plenty of time to migrate to an alternative. What do you think? Is this change going to be impactful for you? Let us know! In this episode on free Hyper-V: What is Hyper-V Server? - 2:10 Is Hyper-V Server being discontinued? - 11:04 Where do Hyper-V Server users go from here? - 18:15 What are some alternatives to Hyper-V Server? - 21:49 Resources for Hyper-V Server: Hyper-V Server on the DOJO Azure Stack HCI on the DOJO ESXi Hypervisor on the DOJO Link to Communities Thread discussing Hyper-V Server's discontinuation Hyper-V Server Lifecycle Episode with Ben Armstrong on Hyper-V Server Episode with Ben Armstrong on AKS on Azure Stack HCI Client Hyper-V vs. Virtualbox - Which is Best for You? Azure Stack HCI Webinar on the DOJO For more on this episode on free Hyper-V >
In this episode I talk with Boyan Krosnov Chief Product Officer and co-founder at StorPool. StorPool a market leading Software defined storage vendor, offering reliable and speedy storage platforms with a focus on low latency throughput... covering Public and private clouds platforms, servicing managed cloud and Service providers as well as enterprises, and SaaS vendors. Boyan an myself talk about how StorPool leverages an agnostic approach to hardware to allow StorPool to run across multiple hardware platforms and configurations while still maintaining reliable and speedy storage and how they have ridden the alternative new age IT stacks to success. StorPool was founded in 2011 and is Head Quartered out of the Sofia, Bulgaria. ☑️ Technology and Technology Partners Mentioned: Block Storage, Storage, NVMe, Object Storage, Kubernetes, VMware, KVM, Hyper-V, OpenStack, Cloudstack, Software Defined Storage ☑️ Raw Talking Points: MSP Angle Cloud Platforms SDS 2.0 Hows it designed and architected Filesystem? Object Storage Based? Pooling of capacity and performance Standard storage, storage and compute PERFORMANCE methodology IOPS/Latency/Storage Consumption Decreasing latency Proper Benchmarking Resiliency Failure domains/resolution Differential? Storage Protocols Distributed Storage? Running on any hardware Future of storage with public cloud and more managed data platforms Continuous Improvement process New-Age IT Stacks ☑️ Web: https://storpool.com/ ☑️ Interested in being on #GTwGT? Contact via Twitter @GTwGTPodcast or go to https://www.gtwgt.com ☑️ Music: https://www.bensound.com
This week we look at 5 mistakes people make with their TV Settings and how to fix them and long time listener Jerry documents his transition from the Insteon Home Hub to Home Assistant. We have no email but we do discuss some of the week's news in an episode that includes a discussion about Mead, Bourbon, Beer, and Moonshine! News: Harman Kardon Citation MultiBeam 1100 soundbar boasts Dolby Atmos audio Roku welcomes Apple Music to its lineup Alexa can tell you when your security camera detects a person or package Wyze takes on Ecobee, Nest with new room sensors for its smart thermostat 5 mistakes everyone makes with LG OLED TVs, and how to fix them Thanks to their irresistible combination of futuristic, super-slim designs and consistently outstanding picture quality, LG OLED TVs have become the darlings of the high-end TV world – they're not only among the best OLED TVs, but the best TVs of any kind. The problem is that few TVs are set up to deliver their best possible viewing experience out of the box, so if you haven't picked the right settings, you're not getting the most from your TV. So let's look here at some of the most common set up mistakes LG OLED owners make that may be stopping them from getting the viewing experience they deserve. Full article here… Cheat Sheet for Insteon Replacement with HomeAssistant (2.0) Like many I was shocked to see my Insteon hub with a permanent red light and my expensive IOT devices inoperative. A good number of ex-Insteon users are looking to other implementations of home management system and I soon discovered that HomeAssistant does work with Insteon Devices. The help pages are well done and explain the procedures well. I am back up and running with HomeAssistant following the instructions, but it is not simple and here are some of the fine points. The definitive solution involves either the HomeAssistant server hardware or a Rasberry Pi with the software installed. You can run the system using Virtual system implement ations such as Microsofts's Hyper-V or VirtualBox. I suggest you try Virtual Box before you decide to buy dedicated hardware. I found the Hyper-V unusable, as I have with other implementations, but the VBox works… though was not stable enough in my hands for a permanent install. So with Ara's financing I bought a Raspberry Pi on Amazon with the additional bits and pieces you NEED: mico-SD card for the system; mini-HDMI connector for a display as well as getting a mouse and keyboard to attach and of course an ethernet cable. Here are the nice install instructions: https://www.home-assistant.io/installation/raspberrypi/ The set-up is self generated and you really just follow the questions. If you did this right, the home screen will appear on any web browser populated by a lot of devices you never thought you had, including the hub.. Each of these will then show up on your home screen which is your interface, as well as on your smart phone. My goal was to get the cameras that I use in my astronomical observatory to work, which I did https://www.astrobin.com/users/jerryyyyy/ There are many viable “canned” interfaces and contingency programming and the home page is entirely customizable… I am still learning and a real time sink. The biggest problem is initializing some devices. The hub interface seems worthless as it never showed all my devices and I basically had to add them back in one by one. I made a spreadsheet with the MAC address and set fixed IP addresses for many… If you do not know what I am talking about when I mention MAC addresses or IP addresses, you will be in trouble because you need to mess with your router and set up “fixed IP addresses” for some devices… also cameras have BOTH Wi-Fi and Ethernet MAC Addresses… On the other hand, if you know what I am talking about, this is a piece of cake. My to-do list: Get the motion sensor up and running (Appears to be impossible). See if there is a way to pan work the cameras (Maybe learning more Python). Get the GPS location off my iPhone into the system… yes you can get this through the App. Find some good models for home pages and automations… there are tons but hard to choose. The one I have is pretty basic. Bottom line, all in all this is a viable option if you are familiar with the basics of networking. Essential Afterthought: How to back-up your installation. I learned that to shut down the Pi you do not pull the power cord… you go to the Linux shell and “sudo halt” luckily my install came back after that adventure. You can backup and reinstall the SD card contents using Win32 Disk Imager: https://sourceforge.net/projects/win32diskimager/ If you put this system together, you do not want to lose it!
Welcome to the second of a two-part series on the management and tooling ecosystem for Hyper-V, for on-prem and hybrid cloud. In part one, our host Andy Syrewicze and guest Eric Siron discussed the traditional on-prem Hyper-V management tools at length. This included tools such as Hyper-V Manager, PowerShell, and Failover Cluster Manager amongst others. In part two, the guys peer into the modern era and the future of virtualization management in the Microsoft space. For example, Windows Admin Center is Microsoft's next generation Windows Server management tool, but how does it stack up to managing Hyper-V? Where does Azure Arc fit in? Are they ready for prime-time? All these questions and more are covered in the episode! Join the webinar How Azure Stack HCI is forcing changes in your datacenter In this episode on Hyper-V management tools for hybrid cloud: Hyper-V management and Windows Admin Center - 0:52 Where does Windows Admin Center work best? - 8:14 What is Azure Arc? - 12:00 Which Hyper-V Management tool should you use and when? - 14:30 Resources for Hyper-V Management Tools Eric's Windows Admin Center eBook Introduction to Windows Admin Center on the DOJO Learn more about Azure Arc on the DOJO IT Pro resources at the DOJO The DOJO Forums Webinar on Azure Stack HCI
When we sat down to record this episode we ended up in a situation like we did with our episode with Ben Armstrong, too much content for one episode! To those familiar with Hyper-V, this likely doesn't come as a surprise being we're discussing the various management tools that are available for Hyper-V, along with the overall management story for Microsoft's hypervisor. In this episode, we sit down with Eric Siron to discuss modern day usage of the traditional Hyper-V management tools which include: Hyper-V Manager Failover Cluster Manager PowerShell System Center Virtual Machine Manager (SCVMM) In the next episode, we'll focus on the new management tools for Hyper-V such as Windows Admin Center and Azure Arc. In this episode Hyper-V Management vs. VMware Management - 2:05 An example of management assumptions for VMware admins trying Hyper-V - 8:43 Networking woes in Windows Server - 12:12 Why choice of tools is a strength of Hyper-V - 17:12 Thoughts on System Center Virtual Machine Manager - 24:08 An example of where VMM does NOT fit - 28:00 Resources for Hyper-V Management Tools Andy's Hyper-V Datacenter Deployment Script Andy's VMware Datacenter Deployment Script PowerShell Direct Ben Armstrong on Twitter Ben Armstrong as a Guest on the Sysadmin Dojo Podcast talking about Hyper-V Webinar on Azure Stack HCI
At Black Hat USA 2021, two researchers presented how they used their own fuzzer designed for hypervisors to find a critical vulnerability in Microsoft Azure. Ophir Harpaz and Peleg Hadar join The Hacker Mind to discuss their journey from designing a custom hypervisor fuzzer to identifying a vulnerability within Hyper-V and how their new research tool, hAFL1, can benefit others looking to secure cloud architectures.
We try out the new GNOME "Orbis" release and chat about Microsoft's new Linux kernel patches that make it clear Windows 10 is on the path to a hybrid Windows/Linux system. Plus, the major re-architecture work underway for Chrome OS with significant ramifications for Desktop Linux.
Sponsors Circle CI Episode on CI/CD with Circle CI Show DetailsIn this episode, we cover the following topics: Hypervisor implementations Hyper-V Type 1 hypervisor from Microsoft Architecture Implements isolation of virtual machines in terms of a partition Partition is logical unit of isolation in which each guest OS executes Parent partition Virtualization software runs in parent partition and has direct access to hardware Requires supported version of Windows Server There must be at least one parent partition Parent partition creates child partitions which host the guest OSes Done via Hyper-V "hypercall" API Parent partitions run a Virtualization Service Provider (VSP) which connects to the VMBus Handles device access requests from child partition Child partition Does not have direct access to hardware Has virtual view of processor and runs in Guest Virtual Address (not necessarily the entire virtual address space) Hypervisor handles interrupts to processor, and redirects to respective partition Any request to the virtual devices is redirected via the VMBus to the devices in the parent partition VMBus Logical channel which enables inter-partition communication KVM (Kernel-based Virtual Machine) Virtualization module in Linux kernel Turns Linux kernel into hypervisor Available in mainline Linux since 2007 Can run multiple VMs running unmodified Linux or Windows images Leverages hardware virtualization Via CPU virtualization extensions (Intel VT or AMD-V) But also provides paravirtualization support for Linux/FreeBSD/NetBSD/Windows using VirtIO API Architecture Kernel component Consists of: Loadable kernel module, kvm.ko, that provides the core virtualization infrastructure Processor specific module, kvm-intel.ko or kvm-amd.ko Userspace component QEMU (Quick Emulator) Userland program that does hardware emulation Used by KVM for I/O emulations AWS hypervisor choices & history AWS uses custom hardware for faster EC2 VM performance Original EC2 technology ran highly customized version of Xen hypervisor VMs can run using either paravirtualization (PV) or hardware virtual machine (HVM) HVM guests are fully virtualized VMs on top of hypervisor are not aware they are sharing with other VMs Memory allocated to guest OSes is scrubbed by hypervisor when it is de-allocated Only AWS admins have access to hypervisors AWS found that Xen has many limitations that impede their growth Engineers improved performance by moving parts of software stack to purpose-built hardware components C3 instance family (2013) Debut of custom chips in Amazon EC2 Custom network interface for faster bandwidth and throughput C4 instance family (2015) Offload network virtualization to custom hardware with ASIC optimized for storage services C5 instance family (2017) Project Nitro Traditional hypervisors do everything Protect the physical hardware and bios, virtualize the CPU, storage, networking, management tasks Nitro breaks apart those functions, offloading to dedicated hardware and software Replace Xen with a highly optimized KVM hypervisor tightly coupled with an ASIC Very fast VMs approaching performance of bare metal server Amazon EC2 – Bare metal instances (2017) Use Project Nitro Links Xen Project Kernel Virtual Machine QEMU Mastering KVM Virtualization Hyper-V AWS Nitro System AWS re:Invent 2018: Powering Next-Gen EC2 Instances: Deep Dive into the Nitro System AWS re:Invent 2017: C5 Instances and the Evolution of Amazon EC2 Virtualization End SongFax - StagesFor a full transcription of this episode, please visit the episode webpage.We'd love to hear from you! You can reach us at: Web: https://mobycast.fm Voicemail: 844-818-0993 Email: ask@mobycast.fm Twitter: https://twitter.com/hashtag/mobycast
Jeremy Grossmann (creator of GNS3) discusses GNS3 2.2 features with David Bombal. Features discussed include Hyper-V support, migration to 2.2, link status and the Web UI. Menu: Link Detection Status: 0:10 Hyper-V support: 4:44 Web-UI: 7:45 New GNS3 VM = Ubuntu 18.04: 10:00 More in the next video Full details here: https://docs.google.com/document/d/1auCG_fHgJrG73iwvQuvONsacknnIYfmayeYRcpt70sE/preview David's details: YouTube: https://www.youtube.com/davidbombal Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co Website: http://www.davidbombal.com #GNS3 #GNS3v2 #GNS3
What can HashiCorp's Packer do for you? Carl and Richard talk to Jamie Phillips about how Packer helps to make golden images of hypervisor machines - that would be Hyper-V, VMWare or any of the container solutions so that you can ship them out to whoever needs them. The images can be used as part of your pipeline to push cloud products into a store, or for developers to work from production-configured images, and so on. Packer is a powerful open source solution that can be part of your CI/CD pipeline!Support this podcast at — https://redcircle.com/net-rocks/donations
What can HashiCorp's Packer do for you? Carl and Richard talk to Jamie Phillips about how Packer helps to make golden images of hypervisor machines - that would be Hyper-V, VMWare or any of the container solutions so that you can ship them out to whoever needs them. The images can be used as part of your pipeline to push cloud products into a store, or for developers to work from production-configured images, and so on. Packer is a powerful open source solution that can be part of your CI/CD pipeline!Support this podcast at — https://redcircle.com/net-rocks/donations
Amazing new version of GNS3 coming very soon! Web UI, Hyper-V support, link-state notifications and many other great new features. Jeremy, the creator of GNS3 tells us about the new features in 2.2 What's new in GNS3 2.2 document: http://bit.ly/2DyZ7ZI GNS3 community: https://gns3.com/community/latest The way you host the gns3 vm changes. No longer do you need to use VMware Workstation Pro, but you can run the gns3 vm in Hyper-V instead of being required to be a gns3 vmware user. Lots of changes to qemu in this version as well. It doesn't matter if you are studying for your ccna, ccnp or ccie, GNS3 can help you lab. Menu: GNS3 2.2: 00:38 New GNS3 Web UI: 00:45 REST API / Thick Client / Web UI: 2:00 Dates for 2.2.0 and 2.2.1: 3:57 Will the desktop client still be used: 4:55 Web UI browser support: 6:40 Upgrade process: 7:05 Python requirements: 9:10 Detect when a link is plugged/unplugged for Qemu VMs: 9:51 New way to add template: 17:10 Custom adapters configuration 17:55 Console auto start 18:37 Save state for Qemu VMs 19:11 Hyper-V support for the GNS3 VM (experimental) 21:41 Support for Qemu with HAXM acceleration (experimental) 24:15 Infinity symbols 29:31 Console support for clouds (like Visio) 30:56 Allow to copy Dynamips, IOU, Qemu and Docker templates in preferences 33:17 Support for none console type 33:35 Lock or unlock 34:24 Support for differing grid sizes for nodes and drawings 35:11 Privileged access for uBridge required only when necessary 35:50 Refactored import/export portable project 37:22 Restrict the list of available Ethernet/TAP adapters 38:45 New node information dialog 39:26 The MacOS app is code signed allowing it to pass the Gatekeeper check when the Application is opened. 41:04 Lots of other changes 41:51 APIS 43:35 Date for 2.2.0 and 2.2.1: 44:10 David's details: YouTube: www.youtube.com/davidbombal Twitter: twitter.com/davidbombal Instagram: www.instagram.com/davidbombal/ LinkedinIn: www.linkedin.com/in/davidbombal/ #GNS3 #gns3 #gns3 2.2 #gns3 2.2.0a1 #gns3 2.2.0
In this episode of the Xamarin Podcast, Pierce Boggan and James Montemagno discuss news from Build 2018 for mobile developers, including Xamarin.Forms 3.0, Hyper-V support for the Android emulator, Xamarin Essentials, and updates to Visual Studio 2017 and Visual Studio for Mac. 6:20 What's new in Visual Studio 2017 version 15.7 6:30 New XAML IntelliSense engine 9:55 Automatic iOS provisioning 13:00 Eager deployment for Android app development 14:15 Android SDK management 16:00 New Xamarin.iOS and Xamarin.Android project templates 17:10 Hyper-V support for the Android emulator 24:30 Xamarin.Essentials 33:30 Xamarin.Forms 3.0 All Things Xamarin at Build 2018 (https://blog.xamarin.com/xamarin-build-2018/) Visual Studio 2017 version 15.7 (https://blogs.msdn.microsoft.com/visualstudio/2018/05/07/visual-studio-2017-version-15-7-and-version-15-8-preview-1/) New Xamarin.Forms IntelliSense (https://blog.xamarin.com/new-xamarin-forms-xaml-intellisense-visual-studio-2017/) Automatic Provisioning in Visual Studio 2017 (https://blog.xamarin.com/automatic-provisioning-visual-studio-2017/) Eager Deployment (https://blog.xamarin.com/visual-studio-2017-version-15-7-preview-3/) New Xamarin.iOS and Xamarin.Android Project Templates (https://blog.xamarin.com/new-xamarin-android-ios-templates/) Hyper-V support for the Android emulator (https://blogs.msdn.microsoft.com/visualstudio/2018/05/08/hyper-v-android-emulator-support/) Xamarin Essentials Documentation (https://docs.microsoft.com/en-us/xamarin/essentials/) Xamarin.Forms 3.0 (https://blog.xamarin.com/xamarin-forms-3-0-released/) Visual State Manager (https://docs.microsoft.com/xamarin/xamarin-forms/user-interface/visual-state-manager) FlexLayout (https://docs.microsoft.com/xamarin/xamarin-forms/user-interface/layouts/flex-layout) CSS (https://docs.microsoft.com/xamarin/xamarin-forms/user-interface/styles/css) Right-to-left Localization (https://docs.microsoft.com/xamarin/xamarin-forms/app-fundamentals/localization/rtl) Follow Us: James: Twitter (https://twitter.com/jamesmontemagno), Blog (http://motzcod.es/), GitHub (http://github.com/jamesmontemagno), Merge Conflict Podcast (http://mergeconflict.fm) Pierce: Twitter (https://twitter.com/pierceboggan), GitHub (https://github.com/pierceboggan) Subscribe: iTunes (https://itunes.apple.com/us/podcast/xamarin-podcast/id691368176?mt=2) Google Play Music (https://play.google.com/music/listen?u=0#/ps/Ifcss44ww5lc375esulsuettsey) Overcast (https://overcast.fm/itunes691368176/xamarin-podcast)
This week on BSD Now, we review the EuroBSDcon schedule, we explore the mysteries of Docker on OpenBSD, and show you how to run PostgreSQL on ZFS. This episode was brought to you by Headlines EuroBSDcon 2017 - Talks & Schedule published (https://2017.eurobsdcon.org/2017/05/26/talks-schedule-published/) The EuroBSDcon website was updated with the tutorial and talk schedule for the upcoming September conference in Paris, France. Tutorials on the 1st day: Kirk McKusick - An Introduction to the FreeBSD Open-Source Operating System, George Neville-Neil - DTrace for Developers, Taylor R Campbell - How to untangle your threads from a giant lock in a multiprocessor system Tutorials on the 2nd day: Kirk continues his Introduction lecture, Michael Lucas - Core concepts of ZFS (half day), Benedict Reuschling - Managing BSD systems with Ansible (half day), Peter Hessler - BGP for developers and sysadmins Talks include 3 keynotes (2 on the first day, beginning and end), another one at the end of the second day by Brendan Gregg Good mixture of talks of the various BSD projects Also, a good amount of new names and faces Check out the full talk schedule (https://2017.eurobsdcon.org/talks-schedule/). Registration is not open yet, but will be soon. *** OpenBSD on the Xiaomi Mi Air 12.5" (https://jcs.org/2017/05/22/xiaomiair) The Xiaomi Mi Air 12.5" (https://xiaomi-mi.com/notebooks/xiaomi-mi-notebook-air-125-silver/) is a basic fanless 12.5" Ultrabook with good build quality and decent hardware specs, especially for the money: while it can usually be had for about $600, I got mine for $489 shipped to the US during a sale about a month ago. Xiaomi offers this laptop in silver and gold. They also make a 13" version but it comes with an NVidia graphics chip. Since these laptops are only sold in China, they come with a Chinese language version of Windows 10 and only one or two distributors that carry them ship to the US. Unfortunately that also means they come with practically no warranty or support. Hardware > The Mi Air 12.5" has a fanless, 6th generation (Skylake) Intel Core m3 processor, 4Gb of soldered-on RAM, and a 128Gb SATA SSD (more on that later). It has a small footprint of 11.5" wide, 8" deep, and 0.5" thick, and weighs 2.3 pounds. > A single USB-C port on the right-hand side is used to charge the laptop and provide USB connectivity. A USB-C ethernet adapter I tried worked fine in OpenBSD. Whether intentional or not, a particular design touch I appreciated was that the USB-C port is placed directly to the right of the power button on the keyboard, so you don't have to look or feel around for the port when plugging in the power cable. > A single USB 3 type-A port is also available on the right side next to the USB-C port. A full-size HDMI port and a headphone jack are on the left-hand side. It has a soldered-on Intel 8260 wireless adapter and Bluetooth. The webcam in the screen bezel attaches internally over USB. > The chassis is all aluminum and has sufficient rigidity in the keyboard area. The 12.5" 1920x1080 glossy IPS screen has a fairly small bezel and while its hinge is properly weighted to allow opening the lid with one hand (if you care about that kind of thing), the screen does have a bit of top-end wobble when open, especially when typing on another laptop on the same desk. > The keyboard has a roomy layout and a nice clicky tactile with good travel. It is backlit, but with only one backlight level. When enabled via Fn+F10 (which is handled by the EC, so no OpenBSD support required), it will automatically shut off after not typing for a short while, automatically turning back once a key is pressed. Upgrades > An interesting feature of the Mi Air is that it comes with a 128Gb SATA SSD but also includes an open PCI-e slot ready to accept an NVMe SSD. > I upgraded mine with a Samsung PM961 256Gb NVMe SSD (left), and while it is possible to run with both drives in at the same time, I removed the Samsung CM871a 128Gb SATA (right) drive to save power. > The bottom case can be removed by removing the seven visible screws, in addition to the one under the foot in the middle back of the case, which just pries off. A spudger tool is needed to release all of the plastic attachment clips along the entire edge of the bottom cover. > Unfortunately this upgrade proved to be quite time consuming due to the combination of the limited UEFI firmware on the Mi Air and a bug in OpenBSD. A Detour into UEFI Firmware Variables > Unlike a traditional BIOS where one can boot into a menu and configure the boot order as well as enabling and disabling options such as "USB Hard Drive", the InsydeH2O UEFI firmware on the Xiaomi Air only provides the ability to adjust the boot order of existing devices. Any change or addition of boot devices must be done from the operating system, which is not possible under OpenBSD. > I booted to a USB key with OpenBSD on it and manually partitioned the new NVME SSD, then rsynced all of the data over from the old drive, but the laptop would not boot to the new NVME drive, instead showing an error message that there was no bootable OS. > Eventually I figured out that the GPT table that OpenBSD created on the NVMe disk was wrong due to a [one-off bug in the nvme driver](https://github.com/openbsd/src/commit/dc8298f669ea2d7e18c8a8efea509eed200cb989) which was causing the GPT table to be one sector too large, causing the backup GPT table to be written in the wrong location (and other utilities under Linux to write it over the OpenBSD area). I'm guessing the UEFI firmware would fail to read the bad GPT table on the disk that the boot variable pointed to, then declare that disk as missing, and then remove any variables that pointed to that disk. OpenBSD Support > The Mi Air's soldered-on Intel 8260 wireless adapter is supported by OpenBSD's iwm driver, including 802.11n support. The Intel sound chip is recognized by the azalia driver. > The Synaptics touchpad is connected via I2C, but is not yet supported. I am actively hacking on my dwiic driver to make this work and the touchpad will hopefully operate as a Windows Precision Touchpad via imt so I don't have to write an entirely new Synaptics driver. > Unfortunately since OpenBSD's inteldrm support that is ported from Linux is lagging quite a bit behind, there is no kernel support for Skylake and Kaby Lake video chips. Xorg works at 1920x1080 through efifb so the machine is at least usable, but X is not very fast and there is a noticeable delay when doing certain redrawing operations in xterm. Screen backlight can be adjusted through my OpenBSD port of intel_backlight. Since there is no hardware graphics support, this also means that suspend and resume do not work because nothing is available to re-POST the video after resume. Having to use efifb also makes it impossible to adjust the screen gamma, so for me, I can't use redshift for comfortable night-time hacking. Flaws > Especially taking into account the cheap price of the laptop, it's hard to find faults with the design. One minor gripe is that the edges of the case along the bottom are quite sharp, so when carrying the closed laptop, it can feel uncomfortable in one's hands. > While all of those things could be overlooked, unfortunately there is also a critical flaw in the rollover support in the keyboard/EC on the laptop. When typing certain combinations of keys quickly, such as holding Shift and typing "NULL", one's fingers may actually hold down the Shift, N, and U keys at the same time for a very brief moment before releasing N. Normally the keyboard/EC would recognize U being pressed after N is already down and send an interrupt for the U key. Unfortunately on this laptop, particular combinations of three keys do not interrupt for the third key at all until the second key is lifted, usually causing the third key not to register at all if typed quickly. I've been able to reproduce this problem in OpenBSD, Linux, and Windows, with the combinations of at least Shift+N+U and Shift+D+F. Holding Shift and typing the two characters in sequence quickly enough will usually fail to register the final character. Trying the combinations without Shift, using Control or Alt instead of Shift, or other character pairs does not trigger the problem. This might be a problem in the firmware on the Embedded Controller, or a defect in the keyboard circuitry itself. As I mentioned at the beginning, getting technical support for this machine is difficult because it's only sold in China. Docker on OpenBSD 6.1-current (https://medium.com/@dave_voutila/docker-on-openbsd-6-1-current-c620513b8110) Dave Voutila writes: So here's the thing. I'm normally a macOS user…all my hardware was designed in Cupertino, built in China. But I'm restless and have been toying with trying to switch my daily machine over to a non-macOS system sort of just for fun. I find Linux messy, FreeBSD not as Apple-laptop-friendly as it should be, and Windows a non-starter. Luckily, I found a friend in Puffy. Switching some of my Apple machines over to dual-boot OpenBSD left a gaping hole in my workflow. Luckily, all the hard work the OpenBSD team has done over the last year seems to have plugged it nicely! OpenBSD's hypervisor support officially made it into the 6.1 release, but after some experimentation it was rather time consuming and too fragile to get a Linux guest up and running (i.e. basically the per-requisite for Docker). Others had reported some success starting with QEMU and doing lots of tinkering, but after a wasted evening I figured I'd grab the latest OpenBSD snapshot and try what the openbsd-misc list suggested was improved Linux support in active development. 10 (11) Steps to docker are provided Step 0 — Install the latest OpenBSD 6.1 snapshot (-current) Step 1 — Configure VMM/VMD Step 2 — Grab an Alpine Linux ISO Step 3 — Make a new virtual disk image Step 4 — Boot Alpine's ISO Step 5 — Inhale that fresh Alpine air Step 6 — Boot Alpine for Reals Step 7 — Install Docker Step 8 — Make a User Step 9 — Ditch the Serial Console Step 10 — Test out your Docker instance I haven't done it yet, but I plan on installing docker-compose via Python's pip package manager. I prefer defining containers in the compose files. PostgreSQL + ZFS Best Practices and Standard Procedures (https://people.freebsd.org/~seanc/postgresql/scale15x-2017-postgresql_zfs_best_practices.pdf) Slides from Sean Chittenden's talk about PostgreSQL and ZFS at Scale 15x this spring Slides start with a good overview of Postgres and ZFS, and how to use them together To start, it walks through the basics of how PostgreSQL interacts with the filesystem (any filesystem) Then it shows the steps to take a good backup of PostgreSQL, then how to do it even better with ZFS Then an intro to ZFS, and how Copy-on-Write changes host PostgreSQL interacts with the filesystem Overview of how ZFS works ZFS Tuning tips: Compression, Recordsize, atime, when to use mostly ARC vs sharedbuffer, plus pgrepack Followed by a discussion of the reliability of SSDs, and their Bit Error Rate (BER) A good SSD has a 4%/year chance of returning the wrong data. A cheap SSD 34% If you put 20 SSDs in a database server, that means 58% (Good SSDs) to 99.975% (Lowest quality commercially viable SSD) chance of an error per year Luckily, ZFS can detect and correct these errors This applies to all storage, not just SSDs, every device fails More Advice: Use quotas and reservations to avoid running out of space Schedule Periodic Scrubs One dataset per database Backups: Live demo of rm -rf'ing the database and getting it back Using clones to test upgrades on real data Naming Conventions: Use a short prefix not on the root filesystem (e.g. /db) Encode the PostgreSQL major version into the dataset name Give each PostgreSQL cluster its own dataset (e.g. pgdb01) Optional but recommended: one database per cluster Optional but recommended: one app per database Optional but recommended: encode environment into DB name Optional but recommended: encode environment into DB username using ZFS Replication Check out the full detailed PDF and implement a similar setup for your database needs *** News Roundup TrueOS Evolving Its "Stable" Release Cycle (https://www.trueos.org/blog/housekeeping-update-infrastructure-trueos-changes/) TrueOS is reformulating its Stable branch based on feedback from users. The goal is to have a “release” of the stable branch every 6 months, for those who do not want to live on the edge with the rapid updates of the full rolling release Most of the TrueOS developers work for iX Systems in their Tennessee office. Last month, the Tennessee office was moved to a different location across town. As part of the move, we need to move all our servers. We're still getting some of the infrastructure sorted before moving the servers, so please bear with us as we continue this process. As we've continued working on TrueOS, we've heard a significant portion of the community asking for a more stable “STABLE” release of TrueOS, maybe something akin to an old PC-BSD version release. In order to meet that need, we're redefining the TrueOS STABLE branch a bit. STABLE releases are now expected to follow a six month schedule, with more testing and lots of polish between releases. This gives users the option to step back a little from the “cutting edge” of development, but still enjoy many of the benefits of the “rolling release” style and the useful elements of FreeBSD Current. Critical updates like emergency patches and utility bug fixes are still expected to be pushed to STABLE on a case-by-case basis, but again with more testing and polish. This also applies to version updates of the Lumina and SysAdm projects. New, released work from those projects will be tested and added to STABLE outside the 6 month window as well. The UNSTABLE branch continues to be our experimental “cutting edge” track, and users who want to follow along with our development and help us or FreeBSD test new features are still encouraged to follow the UNSTABLE track by checking that setting in their TrueOS Update Manager. With boot environments, it will be easy to switch back and forth, so you can have the best of both worlds. Use the latest bleeding edge features, but knowing you can fall back to the stable branch with just a reboot As TrueOS evolves, it is becoming clearer that one role of the system is to function as a “test platform” for FreeBSD. In order to better serve this role, TrueOS will support both OpenRC and the FreeBSD RC init systems, giving users the choice to use either system. While the full functionality isn't quite ready for the next STABLE update, it is planned for addition after the last bit of work and testing is complete. Stay tuned for an upcoming blog post with all the details of this change, along with instructions how to switch between RC and OpenRC. This is the most important change for me. I used TrueOS as an easy way to run the latest version of -CURRENT on my laptop, to use it as a user, but also to do development. When TrueOS deviates from FreeBSD too much, it lessens the power of my expertise, and complicates development and debugging. Being able to switch back to RC, even if it takes another minute to boot, will bring TrueOS back to being FreeBSD + GUI and more by default, instead of a science project. We need both of those things, so having the option, while more work for the TrueOS team, I think will be better for the entire community *** Logical Domains on SunFire T2000 with OpenBSD/sparc64 (http://www.h-i-r.net/2017/05/logical-domains-on-sunfire-t2000-with.html) A couple of years ago, I picked up a Sun Fire T2000. This is a 2U rack mount server. Mine came with four 146GB SAS drives, a 32-core UltraSPARC T1 CPU and 32GB of RAM. Sun Microsystems incorporated Logical Domains (LDOMs) on this class of hardware. You don't often need 32 threads and 32GB of RAM in a single server. LDOMs are a kind of virtualization technology that's a bit closer to bare metal than vmm, Hyper-V, VirtualBox or even Xen. It works a bit like Xen, though. You can allocate processor, memory, storage and other resources to virtual servers on-board, with a blend of firmware that supports the hardware allocation, and some software in userland (on the so-called primary or control domain, similar to Xen DomU) to control it. LDOMs are similar to what IBM calls Logical Partitions (LPARs) on its Mainframe and POWER series computers. My day job from 2006-2010 involved working with both of these virtualization technologies, and I've kind of missed it. While upgrading OpenBSD to 6.1 on my T2000, I decided to delve into LDOM support under OpenBSD. This was pretty easy to do, but let's walk through it Resources: The ldomctl(8) man page (http://man.openbsd.org/OpenBSD-current/man8/sparc64/ldomctl.8) tedu@'s write-up on Flak (for a different class of server) (http://www.tedunangst.com/flak/post/OpenBSD-on-a-Sun-T5120) A Google+ post by bmercer@ (https://plus.google.com/101694200911870273983/posts/jWh4rMKVq97) Once you get comfortable with the fact that there's a little-tiny computer (the ALOM) powered by VXWorks inside that's acting as the management system and console (there's no screen or keyboard/mouse input), Installing OpenBSD on the base server is pretty straightforward. The serial console is an RJ-45 jack, and, yes, the ubiquitous blue-colored serial console cables you find for certain kinds of popular routers will work fine. OpenBSD installs quite easily, with the same installer you find on amd64 and i386. I chose to install to /dev/sd0, the first SAS drive only, leaving the others unused. It's possible to set them up in a hardware RAID configuration using tools available only under Solaris, or use softraid(4) on OpenBSD, but I didn't do this. I set up the primary LDOM to use the first ethernet port, em0. I decided I wanted to bridge the logical domains to the second ethernet port. You could also use a bridge and vether interface, with pf and dhcpd to create a NAT environment, similar to how I networked the vmm(4) systems. Create an LDOM configuration file. You can put this anywhere that's convenient. All of this stuff was in a "vm" subdirectory of my home. I called it ldom.conf: domain primary { vcpu 8 memory 8G } domain puffy { vcpu 8 memory 4G vdisk "/home/axon/vm/ldom1" vnet } Make as many disk images as you want, and make as many additional domain clauses as you wish. Be mindful of system resources. I couldn't actually allocate a full 32GB of RAM across all the LDOMs I eventually provisioned seven LDOMs (in addition to the primary) on the T2000, each with 3GB of RAM and 4 vcpu cores. If you get creative with use of network interfaces, virtual ethernet, bridges and pf rules, you can run a pretty complex environment on a single chassis, with services that are only exposed to other VMs, a DMZ segment, and the internal LAN. A nice tutorial, and an interesting look at an alternative platform that was ahead of its time *** documentation is thoroughly hard (http://www.tedunangst.com/flak/post/documentation-is-thoroughly-hard) Ted Unangst has a new post this week about documentation: Documentation is good, so therefore more documentation must be better, right? A few examples where things may have gotten out of control A fine example is the old OpenBSD install instructions. Once you've installed OpenBSD once or twice, the process is quite simple, but you'd never know this based on reading the instructions. Compare the files for 4.8 INSTALL and 5.8 INSTALL. Both begin with a brief intro to the project. Then 4.8 has an enormous list of mirrors, which seems fairly redundant if you've already found the install file. Followed by an enormous list of every supported variant of every supported device. Including a table of IO port configurations for ISA devices. Finally, after 1600 lines of introduction we get to the actual installation instructions. (Compared to line 231 for 5.8.) This includes a full page of text about how to install from tape, which nobody ever does. It took some time to recognize that all this documentation was actually an impediment to new users. Attempting to answer every possible question floods the reader with information for questions they were never planning to ask. Part of the problem is how the information is organized. Theoretically it makes sense to list supported hardware before instructions. After all, you can't install anything if it's not supported, right? I'm sure that was considered when the device list was originally inserted above the install instructions. But as a practical matter, consulting a device list is neither the easiest nor fastest way to determine what actually works. In the FreeBSD docs tree, we have been doing a facelift project, trying to add ‘quick start' sections to each chapter to let you get to the more important information first. It is also helpful to move data in the forms of lists and tables to appendices or similar, where they can easily be references, but are not blocking your way to the information you are actually hunting for An example of nerdview signage (http://languagelog.ldc.upenn.edu/nll/?p=29866). “They have in effect provided a sign that will tell you exactly what the question is provided you can already supply the answer.” That is, the logical minds of technical people often decide to order information in an order that makes sense to them, rather than in the order that will be most useful to the reader In the end, I think “copy diskimage to USB and follow prompts” is all the instructions one should need, but it's hard to overcome the unease of actually making the jump. What if somebody is confused or uncertain? Why is this paragraph more redundant than that paragraph? (And if we delete both, are we cutting too much?) Sometimes we don't need to delete the information. Just hide it. The instructions to upgrade to 4.8 and upgrade to 5.8 are very similar, with a few differences because every release is a little bit different. The pages look very different, however, because the not at all recommended kernel free procedure, which takes up half the page, has been hidden from view behind some javascript and only expanded on demand. A casual browser will find the page and figure the upgrade process will be easy, as opposed to some long ordeal. This is important as well, it was my original motivation for working on the FreeBSD Handbook's ZFS chapter. The very first section of the chapter was the custom kernel configuration required to run ZFS on i386. That scared many users away. I moved that to the very end, and started with why you might want to use ZFS. Much more approachable. Sometimes it's just a tiny detail that's overspecified. The apmd manual used to explain exactly which CPU idle time thresholds were used to adjust frequency. Those parameters, and the algorithm itself, were adjusted occasionally in response to user feedback, but sometimes the man page lagged behind. The numbers are of no use to a user. They're not adjustable without recompiling. Knowing that the frequency would be reduced at 85% idle vs 90% idle doesn't really offer much guidance as to whether to enable auto scaling or not. Deleting this detail ensured the man page was always correct and spares the user the cognitive load of trying to solve an unnecessary math problem. For fun: For another humorous example, it was recently observed that the deja-dup package provides man page translations for Australia, Canada, and Great Britain. I checked, the pages are in fact not quite identical. Some contain typo fixes that didn't propagate to other translations. Project idea: attempt to identify which country has the most users, or most fastidious users, by bug fixes to localized man pages. lldb on BeagleBone Black (https://lists.freebsd.org/pipermail/freebsd-arm/2017-May/016260.html) I reliably managed to build (lldb + clang/lld) from the svn trunk of LLVM 5.0.0 on my Beaglebone Black running the latest snapshot (May 20th) of FreeBSD 12.0-CURRENT, and the lldb is working very well, and this includes single stepping and ncurses-GUI mode, while single stepping with the latest lldb 4.0.1 from the ports does not work. In order to reliably build LLVM 5.0.0 (svn), I set up a 1 GB swap partition for the BBB on a NFSv4 share on a FreeBSD fileserver in my network - I put a howto of the procedure on my BLog: https://obsigna.net/?p=659 The prerequesites on the Beaglebone are: ``` pkg install tmux pkg install cmake pkg install python pkg install libxml2 pkg install swig30 pkg install ninja pkg install subversion ``` On the FreeBSD fileserver: ``` /pathtothe/bbb_share svn co http://llvm.org/svn/llvm-project/llvm/trunk llvm cd llvm/tools svn co http://llvm.org/svn/llvm-project/cfe/trunk clang svn co http://llvm.org/svn/llvm-project/lld/trunk lld svn co http://llvm.org/svn/llvm-project/lldb/trunk lldb ``` + On the Beaglebone Black: # mount_nfs -o noatime,readahead=4,intr,soft,nfsv4 server:/path_to_the/bbb_share /mnt # cd /mnt # mkdir build # cmake -DLLVM_TARGETS_TO_BUILD="ARM" -DCMAKE_BUILD_TYPE="MinSizeRel" -DLLVM_PARALLEL_COMPILE_JOBS="1" -DLLVM_PARALLEL_LINK_JOBS="1" -G Ninja .. I execute the actual build command from within a tmux session, so I may disconnect during the quite long (40 h) build: ``` tmux new "ninja lldb install" ``` When debugging in GUI mode using the newly build lldb 5.0.0-svn, I see only a minor issue, namely UTF8 strings are not displayed correctly. This happens in the ncurses-GUI only, and this is an ARM issue, since it does not occur on x86 machines. Perhaps this might be related to the signed/unsigned char mismatch between ARM and x86. Beastie Bits Triangle BSD Meetup on June 27th (https://www.meetup.com/Triangle-BSD-Users-Group/events/240247251/) Support for Controller Area Networks (CAN) in NetBSD (http://www.feyrer.de/NetBSD/bx/blosxom.cgi/nb_20170521_0113.html) Notes from Monday's meeting (http://mailman.uk.freebsd.org/pipermail/ukfreebsd/2017-May/014104.html) RunBSD - A site about the BSD family of operating systems (http://runbsd.info/) BSDCam(bridge) 2017 Travel Grant Application Now Open (https://www.freebsdfoundation.org/blog/bsdcam-2017-travel-grant-application-now-open/) New BSDMag has been released (https://bsdmag.org/download/nearly-online-zpool-switching-two-freebsd-machines/) *** Feedback/Questions Philipp - A show about byhve (http://dpaste.com/390F9JN#wrap) Jake - byhve Support on AMD (http://dpaste.com/0DYG5BD#wrap) CY - Pledge and Capsicum (http://dpaste.com/1YVBT12#wrap) CY - OpenSSL relicense Issue (http://dpaste.com/3RSYV23#wrap) Andy - Laptops (http://dpaste.com/0MM09EX#wrap) ***
This week on BSDNow, Allan & Kris are out at MeetBSD, but we never forget our loyal listeners. We have a great interview Allan did with Scott Long of Netflix & FreeBSD fame, as well as your questions on the place to B...SD! This episode was brought to you by Interview - Scott Long - scottl@freebsd.org (mailto:scottl@freebsd.org) FreeBSD & Netflix *** Feedback/Questions Zack - USB Config (http://pastebin.com/u77LE0Md) Jens - VMs, Jails and Containers (http://pastebin.com/8KwDK6ay) Ranko - Tarsnap Keys (http://pastebin.com/Kie3EcjN) Alex - OpenBSD in Hyper-V (http://pastebin.com/nRJQ7UPZ) Curt - Discussion Segment (http://pastebin.com/ndx25pQA)
This week on BSDNow! We've got Netflix + FreeBSD news to discuss, always a crowd pleaser, that plus EuroBSDCon is just around the corner. Stick around for your place This episode was brought to you by Headlines Protecting Netflix Viewing Privacy at Scale, with FreeBSD (http://techblog.netflix.com/search/label/FreeBSD) This blog post from Netflix tells the story of how Netflix developed in-kernel TLS to speed up delivery of video via HTTPS Since the beginning of the Open Connect program we have significantly increased the efficiency of our OCAs - from delivering 8 Gbps of throughput from a single server in 2012 to over 90 Gbps from a single server in 2016. We contribute to this effort on the software side by optimizing every aspect of the software for our unique use case - in particular, focusing on the open source FreeBSD operating system and the NGINX web server that run on the OCAs. In the modern internet world, we have to focus not only on efficiency, but also security. There are many state-of-the-art security mechanisms in place at Netflix, including Transport Level Security (TLS) encryption of customer information, search queries, and other confidential data. We have always relied on pre-encoded Digital Rights Management (DRM) to secure our video streams. Over the past year, we've begun to use Secure HTTP (HTTP over TLS or HTTPS) to encrypt the transport of the video content as well. This helps protect member privacy, particularly when the network is insecure - ensuring that our members are safe from eavesdropping by anyone who might want to record their viewing habits. The goal is to ensure that your government, ISP, and wifi sniffing neighbour cannot tell which Netflix videos you are watching Netflix Open Connect serves over 125 million hours of content per day, all around the world. Given our scale, adding the overhead of TLS encryption calculations to our video stream transport had the potential to greatly reduce the efficiency of our global infrastructure. We evaluated available and applicable ciphers and decided to primarily use the Advanced Encryption Standard (AES) cipher in Galois/Counter Mode (GCM), available starting in TLS 1.2. We chose AES-GCM over the Cipher Block Chaining (CBC) method, which comes at a higher computational cost. The AES-GCM cipher algorithm encrypts and authenticates the message simultaneously - as opposed to AES-CBC, which requires an additional pass over the data to generate keyed-hash message authentication code (HMAC). CBC can still be used as a fallback for clients that cannot support the preferred method. All revisions of Open Connect Appliances also have Intel CPUs that support AES-NI, the extension to the x86 instruction set designed to improve encryption and decryption performance. We needed to determine the best implementation of AES-GCM with the AES-NI instruction set, so we investigated alternatives to OpenSSL, including BoringSSL and the Intel Intelligent Storage Acceleration Library (ISA-L). Netflix and NGINX had previously worked together to improve our HTTP client request and response time via the use of sendfile calls to perform a zero-copy data flow from storage (HDD or SSD) to network socket, keeping the data in the kernel memory address space and relieving some of the CPU burden. The Netflix team specifically added the ability to make the sendfile calls asynchronous - further reducing the data path and enabling more simultaneous connections. However, TLS functionality, which requires the data to be passed to the application layer, was incompatible with the sendfile approach. To retain the benefits of the sendfile model while adding TLS functionality, we designed a hybrid TLS scheme whereby session management stays in the application space, but the bulk encryption is inserted into the sendfile data pipeline in the kernel. This extends sendfile to support encrypting data for TLS/SSL connections. We tested the BoringSSL and ISA-L AES-GCM implementations with our sendfile improvements against a baseline of OpenSSL (with no sendfile changes), under typical Netflix traffic conditions on three different OCA hardware types. Our changes in both the BoringSSL and ISA-L test situations significantly increased both CPU utilization and bandwidth over baseline - increasing performance by up to 30%, depending on the OCA hardware version. We chose the ISA-L cipher implementation, which had slightly better results. With these improvements in place, we can continue the process of adding TLS to our video streams for clients that support it, without suffering prohibitive performance hits. If you would like more detail, check out the papers from AsiaBSDCon 2015 (https://people.freebsd.org/~rrs/asiabsd_2015_tls.pdf) and the updated one from 2016 (https://people.freebsd.org/~rrs/asiabsd_tls_improved.pdf) *** OpenBSD on HP Stream 7 (http://www.tedunangst.com/flak/post/OpenBSD-on-HP-Stream-7) Recent events have rocked the mobile computing world to its core. OpenBSD retired the zaurus port, leaving users in desperate need of a new device. And not long before that, Microsoft released the Anniversary Update to Windows 10, but with free space requirements such that it's nigh impossible to install on cheap 32GB eMMC equipped devices such as the HP Stream series, leaving users searching for a new lightweight operating system. With necessity as both mother and father, the scene is set for a truly epic pairing. OpenBSD on the HP Stream 7. The HP Stream line is a series of budget computers in a couple form factors. The Stream 11 is a fairly typical netbook. However, the Stream 7 and 8 are tablets. They look like cheap Android devices, but inside the case, they're real boys, er PCs, with Intel Atom CPUs. To install OpenBSD on such a device, we need a few parts. Obviously, the tablet itself. There's a dearth of ports on these things, but there is a micro USB port. Attaching anything useful requires an OTG “on the go” cable that creates a type A port. Attaching more than one useful thing requires a mini hub. And completing the install requires one each USB stick, keyboard, and network adapter. First, we need to prep the machine to boot from USB. Actually, before doing anything, make sure you have a full charge. It's going to be battery only from here on out. Plug everything in. Flash drive, keyboard, and network into the hub, hub into the OTG cable, cable into the port on top of the Stream. Turn on the machine while holding the volume down button. This launches a mini menu from which we can enter the BIOS. There's a little on screen keyboard in the corner, so this can be done even without a keyboard attached, but the USB keyboard should work. We need to change two settings in the boot section. First, turn off secure boot. Second, switch boot order to prefer USB. Save and exit. The first reboot reveals a confirmation screen checking that we really want to disable secure boot. We must enter a PIN and press enter. Enter the PIN shown on the screen and press enter. And we are go. Then boot up OpenBSD from the USB drive Ted then works there a number of kernel panics and device driver issues, but after disabling ACPI and IntelDRM, the device boots OpenBSD. Of course, there's no X at this point. And definitely no touch screen. And no internal networking. However, by keeping our USB hub attached, we can drive the console and access the network. At least until the battery is depleted, even if we have no way of knowing how long that will be since we disabled all the ACPI devices, which also means no suspend or resume. With some xorg.conf hacking, he did get Xorg working *** DragonflyBSD steps towards base LibreSSL (http://lists.dragonflybsd.org/pipermail/commits/2016-September/624493.html) Project: DragonFlyBSD / Switch base to use private LibreSSL libraries (http://freshbsd.org/commit/dfbsd/304ca408000cd34559ef5319b4b5a6766d6eb35b) DragonFly BSD adopts uses of LibreSSL (http://undeadly.org/cgi?action=article&sid=20160911231651) The number of projects beginning to switch over to LibreSSL is growing and it appears we can now throw DragonFly into that camp. Following something that sounds vaguely familiar (Allan!) DFLY is now creating “private” LibreSSL libraries which are only linked against by base system binaries. For the moment OpenSSL is still built, primarily so that various ports and 3rd party apps can continue to function as before. A NO_OPENSSL option has also been added, but doesn't really do much (yet), since it'll still build and install headers / libraries even if set. *** OpenBSD g2k16 Hackathon g2k16 Hackathon Report: Antoine Jacoutot on Binary Patches (http://undeadly.org/cgi?action=article&sid=20160911012316) g2k16 Hackathon Report: Matthieu Herrb on xenodm (http://undeadly.org/cgi?action=article&sid=20160911231712) g2k16 Hackathon Report: Vincent Gross on iked(8), armv7 and sys/netinet[6] (http://undeadly.org/cgi?action=article&sid=20160911000337) g2k16 Hackathon Report: Florian Obser on httpd, networking, acme-client, and more (http://undeadly.org/cgi?action=article&sid=20160911000052) g2k16 Hackathon Report: Jasper Lievisse Adriaanse on ddb(4) and more (http://undeadly.org/cgi?action=article&sid=20160909012520) g2k16 Hackathon Report: Christian Weisgerber on gettext progress, RTC work, removing kernel cruft (http://undeadly.org/cgi?action=article&sid=20160908002430) g2k16 Hackathon Report: Brent Cook on Chromebooks, crypto, and more (http://undeadly.org/cgi?action=article&sid=20160907131655) g2k16 Hackathon Report: Ted Unangst on doas, signify, code removal (http://undeadly.org/cgi?action=article&sid=20160906230610) g2k16 Hackathon Report: Marc Espie on package signing evolution (http://undeadly.org/cgi?action=article&sid=20160905235911) g2k16 Hackathon Report: Adam Wolk on ports, wireless drivers and more (http://undeadly.org/cgi?action=article&sid=20160906004915) g2k16 Hackathon Report: Mike Larkin on vmm + vmd progress (http://undeadly.org/cgi?action=article&sid=20160905134009&mode=expanded) *** News Roundup OpenBSD (with encrypted softraid) on the Chromebook Pixel (https://jcs.org/notaweblog/2016/08/26/openbsd_chromebook/) Looking for a Laptop to make your OpenBSD road-warrior? If so, we have a great blog tutorial on getting OpenBSD setup on the Chromebook Pixel with encrypted softraid! Author Joshua Stein gives us a very verbose look at how to install and dial-in the laptop perfectly. But first for those wondering about the hardware in the pixel: The Chromebook Pixel LS (2015) has an Intel Core i7 processor (Broadwell) at 2.4Ghz, 16Gb of RAM, a 2560x1700 400-nit IPS screen (239ppi), and Intel 802.11ac wireless. It has a Kingston 64Gib flash chip, of which about 54Gib can be used by OpenBSD when dual-booting with a 1Gb Chrome OS partition. Due to this being a chromebook with seaBIOS, some manual key-press trickery will be required to initially get the OpenBSD Installer up and running. From here you'll want to pay special close attention to the disk partitioning. In particular Joshua will show us how to shrink the existing encrypted /home that ChromeOS uses, keeping the dual-boot intact. This will become important if you ever plan on updating the device. From here, we move back to a more traditional setup, but with the added bonus of doing a soft-raid setup. But the fun isn't over yet! If you want to make OpenBSD the default boot, that'll require cracking the lid on the device and removing a special pink write-protect screw. And of course if you want to remove the default splash-screen image, Joshua has you covered as well, although some flashrom magic will be required. At this point you are nearly done. Final details on enabling specific bits of hardware are discussed. Most things work, apart from Audio and Bluetooth as of right now. *** doas mastery (http://www.tedunangst.com/flak/post/doas-mastery) “doas” mastery - Paging MWL! Our buddy Ted Unangst has written up a great ‘mastery' guide of the doas command, which can come in handy if you are among the un-initiated in doas land. UNIX systems have two classes of user, the super user and regular users. The super user is super, and everybody else is not. This concentration of power keeps things simple, but also means that often too much power is granted. Usually we only need super user powers to perform one task. We would rather not have such power all the time. Think of the responsibility that would entail! Like the sudo command, doas allows for subdivision of super user privileges, granting them only for specific tasks. He starts with the basic doas.conf setup, which starts with an empty config file The doas config is much like a pf ruleset, the default is to block everything > We add the root rule second because doas evaluates rules in a last match manner. root is in the wheel group, so the first rule will match, and then we need to override that with a second rule. Remember to always start with general rules, then make them more specific. *** iXsystems iXsystems to host MeetBSD (https://www.ixsystems.com/blog/ixsystems-host-meetbsd-california-2016-uc-berkeley/) FreeBSD Foundation Welcomes New Board Members New Board Members (https://www.freebsdfoundation.org/blog/freebsd-foundation-welcomes-new-board-members/) The FreeBSD Foundation has added two new board members Interview with Kylie Liang (https://www.freebsdfoundation.org/blog/new-board-member-interview-kylie-liang/) Kylie will focus on representing FreeBSD at conferences and businesses in China I live in China. There, I can act as a bridge between Chinese companies and the FreeBSD community to help drive FreeBSD adoption. Through my leadership role in the FreeBSD Foundation, I will help promote FreeBSD in China and also represent the Foundation at conferences and events in my region. Kylie leads the team the ensures FreeBSD runs well on Hyper-V and Azure, including providing commercial support for customers who run FreeBSD or FreeBSD based appliances on the Azure Cloud I joined Microsoft and started to lead the project called FreeBSD Integration Service to get FreeBSD running well on Hyper-V and Azure. To promote our work and to understand the FreeBSD ecosystem, I started to participate in FreeBSD events where I was inspired by this technical community. Interview with Philip Paeps (https://www.freebsdfoundation.org/blog/new-board-member-interview-philip-paeps/) Philip started with FreeBSD in the early 2000s and got his commit bit in 2004 The patches I submitted to make ACPI and input devices work on that laptop led to a src commit bit in 2004. While I haven't worked on ACPI or input devices since, I have been contributing to different areas of the kernel. Taking up maintainership of some ports I cared about also got me a ports commit bit after some time. Philip will continue to help run EuroBSDCon, but is also spreading the word about FreeBSD in India and Africa Primarily, I think I can be useful! I attend (and organize) a number of conferences around the world every year, particularly in regions that have a mostly “stealthy” FreeBSD community. While I clearly don't need to be on the FreeBSD Foundation board to advocate for FreeBSD, joining as a director will provide an additional asset when working in areas of the world where organizational affiliations are meaningful. Philip has also developed network drivers and various other bits and pieces, and has extensive experience working with and for hardware vendors and appliance vendors Despite intending to eventually contribute their code to the FreeBSD Project as open source, many hardware vendors still find it very difficult to engage directly with the FreeBSD development community. The Foundation helps bridge that gap and helps facilitate collaboration between commercial vendors and the FreeBSD community. I hope to make FreeBSD more visible in regions of the world where it is historically under-represented. I expect I will be attending even more conferences and getting myself invited to even more organizations. more, less, and a story of typical Unix fossilization (https://utcc.utoronto.ca/~cks/space/blog/unix/MoreAndUnixFossilization) Chris Siebenmann from the University of Toronto digs into the history of the difference between ‘less' and ‘more' In the beginning, by which we mean V7, Unix didn't have a pager at all. That was okay; Unix wasn't very visual in those days, partly because it was still sort of the era of the hard copy terminal. Then along came Berkeley and BSD. People at Berkeley were into CRT terminals, and so BSD Unix gave us things like vi and the first pager program, more (which showed up quite early, in 3BSD, although this isn't as early as vi, which appears in 2BSD). Calling a pager more is a little bit odd but it's a Unix type of name and from the beginning more prompted you with '--More--' at the bottom of the screen. All of the Unix vendors that based their work on BSD Unix (like Sun and DEC) naturally shipped versions of more along with the rest of the BSD programs, and so more spread around the BSD side of things. However, more was by no means the best pager ever; as you might expect, it was actually a bit primitive and lacking in features. So fairly early on Mark Nudelman wrote a pager with somewhat more features and it wound up being called less as somewhat of a joke. In a sane world, Unix vendors would have either replaced their version of more with the clearly superior less or at least updated their version of more to the 4.3 BSD version. Maybe less wouldn't have replaced more immediately, but certainly over say the next five years, when it kept on being better and most people kept preferring it when they had a choice.” + “This entire history has led to a series of vaguely absurd outcomes on various modern Unixes. On Solaris derivatives more is of course the traditional version with source code that can probably trace itself all the way back to 3BSD, carefully updated to SUS compliance. Solaris would never dream of changing what more is, not even if the replacement is better. Why, it might disturb someone. Oddly, FreeBSD has done the most sensible thing; they've outright replaced more with less. There is a /usr/bin/more but it's the same binary as less and as you can see the more manpage is just the less manpage. OpenBSD has done the same thing but has a specific manpage for more instead of just giving you the less manpage. So, now you can see why I say that less is more, or more, or both, at several levels. less is certainly more than more, and sometimes less literally is more (or rather more is less, to put it the right way around). Beastie Bits PC-BSD listed in the top 8 'best' alternatives to Windows 10 (http://www.computerworlduk.com/galleries/operating-systems/-free-alternatives-windows-10-3639433/) Creating a quick DNS server with a Rapsberry Pi2 and FreeBSD 11.0-RC1 (http://bsdimp.blogspot.co.uk/2016/08/creating-quick-dns-server-with.html) Dual Boot OpenBSD and Linux + UEFI (https://bsdlaptops.wordpress.com/2016/03/07/vaio-pro-11-part-2/) DesktopBSD 2.0 various versions available (Gnome, Lumina, KDE, LXDE) (http://desktopbsd.boards.net/board/10/announcements) FreeBSD gets new ZFS features including: Compressed ARC (https://svnweb.freebsd.org/base?view=revision&revision=305323) and ZFS Allocation Throttle (https://svnweb.freebsd.org/base?view=revision&revision=305331) One Floppy NetBSD Distribution (https://github.com/user340/fdgw2) A Compendium of BUGs (https://github.com/q5sys/BUGtracker) Feedback/Questions Galahad - OpenBSD X setup (http://pastebin.com/b7W6NHqs) Tang - Subtitles (http://pastebin.com/P4MUs3Pa) Ivan - Zpool Options (http://pastebin.com/LQ8yTp0G) Brad - Replication Issue (http://pastebin.com/XTK5gXMU) MJ - HBA (http://pastebin.com/TdYTMSj9) ***
This week on BSDNow, we have a variety of news to discuss, covering quite the spectrum of BSD. (Including a new DragonFly release!). This episode was brought to you by Headlines my int is too big (http://www.tedunangst.com/flak/post/my-int-is-too-big) “The NCC Group report (http://marc.info/?l=oss-security&m=146853062403622&w=2) describes the bugs, but not the history of the code.” “Several of them, as reported by NCC, involved similar integer truncation issues. Actually, they involved very similar modern 64 bit code meeting classic 32 bit code” “The thrsleep system call is a part of the kernel code that supports threads. As the name implies, it gives userland a measure of control over scheduling and lets a thread sleep until something happens. As such, it takes a timeout in the form of a timespec. The kernel, however, internally implements time keeping using ticks (there are HZ, 100, ticks per second). The tsleep function (t is for timed) takes an int number of ticks and performs basic validation by checking that it's not negative. A negative timeout would indicate that the caller has miscalculated. The kernel panics so you can fix the bug, instead of stalling forever.” “The trouble therefore is when userland is allowed to specify a timeout that could be negative. The existing code made an attempt to handle various tricks by converting the timespec to a ticks value stored as a 64 bit long long which was checked against INTMAX before passing to sleep. Any value over INTMAX would be truncated, so we can't allow that. Instead, we saturate the value to INT_MAX. Unfortunately, this check didn't account for the possibility that the tick conversion from the timespec could also overflow and result in a negative value.” Then there is the description of the kqueue flaw: “Every kqueue keeps a list of all the attached events it's watching for. A simple array is used to store file events, indexed by fd.” “This array is scaled to accommodate the largest fd that needs to be stored. This would obviously cause trouble, consuming too much memory, if the identifier were not validated first. Which is exactly what kqueue tries to do. The fdgetfile function checks that the identifier is a file that the process has open. One wrinkle. fdgetfile takes an int argument but ident is a uintptr_t, possibly 64 bits. An ident of 2^32 + 2 will look like a valid file descriptor, but then cause the array to be resized to gargantuan proportions.” “Again, the fix is pretty simple. We must check that the ident is bounded by INTMAX before calling fdgetfile. This bug likely would have been exploitable beyond a panic, but the array allocation was changed to use mallocarray instead of multiplying arguments by hand, thus preventing another overflow.” Then there is a description of the anonymous mmap flaw, and the “secret magic” _MAPNOFAULT flag *** FreeBSD Quarterly Status Report Q2 2016 (https://www.freebsd.org/news/status/report-2016-04-2016-06.html) It's time for another round of FreeBSD Quarterly Status Reports! In this edition, we have status updates from the various teams, including IRC/Bugs/RE/Ports/Core and Foundation We also have updates on some specific projects, including from Konstantin on the on-going work for his implementation of ASLR, including the new ‘proccontrol' command which provides the following: > “The proccontrol(1) utility was written to manage and query ASLR enforcement on a per-process basis. It is required for analyzing ASLR failures in specific programs. This utility leverages the procctl(2) interface which was added to the previous version of the patch, with some bug fixes.” Next are updates on porting CEPH to FreeBSD, the ongoing work to improve EFI+GELI (touched on last week) and more robust Mutexes. Additionally we have an update from Matt Macy and the Xorg team discussing the current work to update FreeBSD's graphic stack: > “All Intel GPUs up to and including the unreleased Kaby Lake are supported. The xf86-video-intel driver will be updated soon. Updating this driver requires updating Xorg, which in turn is blocked on Nvidia updates.” The kernel also got some feature status updates, including on the new Allwinner SoC support, an update on FreeBSD in Hyper-V and VIMAGE In addition to a quick update on the arm64 architecture (It's getting there, RPi3 is almost a thing), we also have a slew of port updates, including support for GitLab in ports, updates on GNOME / KDE and some additional Intel-specific networking tools. *** Vulnerabilities discovered in freebsd-update and portsnap (https://lists.freebsd.org/pipermail/freebsd-security/2016-July/009016.html) There are two vulnerabilities discovered in freebsd-update and portsnap, where an attacker could place files in the portsnap directory and they would be used without being subject to having their checksum verified (but this requires root access), and the second where a man-in-the-middle attacker could guess the name of a file you will fetch by exploiting the time-gap between when you download the initial snapshot, and when you fetch the updated files. There are a number of vulnerabilities that were discovered in libarchive/tar as well There is also an issue with bspatch. A security advisory for bspatch has already been released, as this vulnerabilities was also discovered by the Chromium team, which uses this same code. The patch discussed in this mailing list thread is larger, but secteam@ believes at least one of the additional checks introduced is incorrect and may prevent a valid patch from being applied. The smaller patch was pushed out first, to solve the main attack vector, while the larger patch is investigated. Automated fuzz testing is underway. Great care is being taken fixing bspatch, as if it is broken installing future updates becomes much more difficult secteam@ and core@ would like to emphasize that the FreeBSD project takes these issue very seriously and are working on it > “As a general rule, secteam@ does not announce vulnerabilities for which we don't have patches, but we concede that we should have considered making an exception in this case” Work is underway to re-architect freebsd-update and portsnap to do signature verification on all files before they are passed to libarchive/tar, to help protect users from any future vulnerabilities in libarchive. However, this requires changes to the metadata format to provide these additional signatures, and backwards compatibilities must be preserved, so people can update to the newer versions to get these additional security features There is also discussion of using HTTPS for delivery of the files, but certificate verification and trust are always an issue. FreeBSD does not distribute a certificate trust store by default. There will be more on this in the coming days. *** OpenSSH 7.3 Released (http://www.openssh.com/txt/release-7.3) OpenSSH 7.3 has landed! Primarily a bug-fix release, the release notes do mention the pending deprecation of some more legacy Crypto in the future, including denying all RSA keys < 1024bit, and removal of SSHv1 support. (Already disabled via compile option) On the bug side, there was a security issue addressed in sshd: “sshd(8): Mitigate a potential denial-of-service attack against the system's crypt(3) function via sshd(8). An attacker could send very long passwords that would cause excessive CPU use in crypt(3). sshd(8) now refuses to accept password authentication requests of length greater than 1024 characters” Also a timing issue was resolved in regard to password auth, which could possibly allow an attacker to discern between valid/invalid account names. On the feature side, we have the new ProxyJump option (-J flag) which allows you to do simplified indirection through various SSH jump hosts. Various bugs were fixed, and some compile failures resolved in the portable version to auto-disable some ciphers not supported by OpenSSL. News Roundup OpenBSD Ports - Integrating Third Party Applications [pdf] (http://jggimi.homeip.net/semibug.pdf) A talk from Josh Grosse, presented at SEMIBUG (South-East Michigan BSD Users Group), about OpenBSD Ports It opens by explaining the separation of the ‘base system' from ‘packages', as is common in most all BSDs It explains the contents of OpenBSD package tar file, which contain some metadata files (+CONTENTS and +DESC) and then the actual package files The talk goes on to explain the different branches (-release, -stable, and -current), and warn users that there are no official -stable packages from the project Then it goes on into the development model, including what new contributors should expect Then it walks through the entire process of creating a port and getting it contributed *** NetBSD removes last RWX page in amd64 kernel (http://mail-index.netbsd.org/source-changes/2016/07/27/msg076413.html) NetBSD has purged the last holdout RWX page on the amd64 platform > “Use UVMPROTALL only if UVMKMFEXEC is given as argument. Otherwise, if UVMKMFPAGEABLE is also given as argument, only the VA is allocated and UVM waits for the page to fault before kentering it. When kentering it, it will use the UVMPROT flag that was passed to uvm_map; which means that it will kenter it as RWX. With this change, the number of RWX pages in the amd64 kernel reaches strictly zero.” Break out the party favors! Hopefully any last stragglers in any of the other BSD's gets retired soon as well. *** DragonFly BSD 4.6 launches with home-grown support for NVMe Controllers (http://linux.softpedia.com/blog/dragonfly-bsd-4-6-0-launches-with-home-grown-support-for-nvme-controllers-506908.shtml) Softpedia picked up on the release of DragonFlyBSD 4.6, specifically about their new home-grown NVMe driver. > “We now have a NVMe driver (PCIe SSDs). It currently must be kldloaded with nvme_load="YES" in /boot/loader.conf. The driver uses all concurrency features offered by the chip and will distribute queues and interrupts across multiple CPUs to maximize performance. It has been tested up to around 1.05M IOPS @4K, and roughly 6.5 GBytes/sec @32K (random read from urandom-filled partition, physio, many threads), with the 2xE5-2620v4 (xeon) test server 78% idle in the IOPS test and 72% idle on the bandwidth test. In other words, we maxed out the three NVMe devices we had plugged in and the system still had plenty of suds left over. Please note that a machine's ability to boot from an NVMe device depends on the BIOS, and not DragonFly. Most BIOSes cannot boot from NVMe devices and those that can probably only do it through UEFI. Info on device state is available with the new utility nvmectl.“ In addition to this improved support, 4.6 also brings in the improved graphics support, matching what is in Linux 4.4 and support for Broadwell/Skylake. SMP also got some love: > “SMP performance was already very good. As part of the NVMe driver work we revamped the buffer cache subsystem and a number of other I/O related paths, further reducing lock contention and IPI signalling overheads. We also put topology-aware cpu cache localization into the kernel memory allocator (primarily helps multi-socket systems and systems with high core counts). The network subsystem also continues to receive significant improvement, with modest machine configurations now capable of handling upwards of 580K conns/sec.“ +Full Release Notes (https://www.dragonflybsd.org/release46/) *** The powerd++ daemon monitors the system load and adjusts the CPU clock accordingly and is a drop-in replacement for FreeBSD's native powerd(8). (http://www.freshports.org/sysutils/powerdxx/) As mentioned in our EuroBSDCon 2016 rundown, Dominic Fandrey will be giving a presentation about his powerd replacement, powerd++ The source code is already available on github, and is in ports The major difference is the newer design handle many-core systems much better. The original powerd was written at a time when most laptops only had a single core, and maybe a hyperthread. The new design decides which CPU frequency to use by looking at the busiest core, rather than the average across the cores, resulting in a more meaningful result. It also supports averaging over a longer period of time, to avoid jumping to a higher frequency to quickly powerd++ also avoids ‘slewing' the cpu frequency, ratching it up and down one step at a time, and instead jumps directly to the target frequency. Often times, you will use less battery by jumping to maximum frequency, finishing the work, and going back to a low power state, than trying to do that work over a longer period of time in low power mode *** Beastie Bits Hyper-V: Unmapped I/O improves userland direct disk performance by 35% ~ 135% (https://svnweb.freebsd.org/base?view=revision&revision=303474) One does not simply remove FreeBSD (https://imgur.com/a/gjGoq) A new BSD Podcast "BSD Synergy" has started (https://www.youtube.com/channel/UCBua6yMtJ6W5ExYSREnS3UQ) KnoxBug - Next Meeting - Aug 30th (http://knoxbug.org/content/2016-08-30) Feedback/Questions Daniel - Root/Wheel (http://pastebin.com/8sMyKm6c) Joe - IPV6 Frag (http://pastebin.com/r5Y0gbxf) Paul - ChicagoBug (http://pastebin.com/iVYPYcVs) Chris - SSH BruteBlock (http://pastebin.com/597m9gHa) Todd - Jails (http://pastebin.com/xjbKwSaz) ***
Kris is on vacation this week, so allan flies solo, provides a recap of BSDCan & cover's a boatload of news including Microsoft This episode was brought to you by Headlines BSDCan Recap and Live Stream Videos (http://www.bsdcan.org/2016/) OpenBSD BSDCan 2016 papers now available (http://www.openbsd.org/papers) Allan's slides (http://allanjude.com/bsd/BSDCan2016_-_GELIBoot.pdf) and Paper (http://allanjude.com/bsd/AsiaBSDCon2016_geliboot_pdf1a.pdf) Michael W Lucas presents Allan with a gift (https://www.youtube.com/watch?v=LFgxAHkrSTg) “FreeBSD Mastery: Advanced ZedFS” (http://blather.michaelwlucas.com/archives/2698) Highlighted Tweets: Groff Arrives at BSDCan (https://twitter.com/Keltounet/status/740344735194320896) FreeBSD Foundation recognizes the contributions of Bryan Drewery, Rod Grimes, Warren Block, & Gleb Smirnoff (https://twitter.com/freebsdfndation/status/742456950676393984) A moment of silence and shots in memory in Benjamin Perrault @creepingfur (https://twitter.com/__briancallahan/status/741854476340858880) @gvnn3 sells the FreeBSD Foundation shirt off of his back for Charity (https://twitter.com/Keltounet/status/741763867471155201) Michael W. Lucas asks Matt Ahrens how to pronounce ZFS, “You can pronounce ZFS however you like, but if you pronounce it 'reiserfs', people might be confused.” (https://twitter.com/cperciva/status/741375414967410688) Sysadmin T-Shirt (https://twitter.com/BSDCan/status/741420633007874050) FreeBSD Dev Summit ran out of room on the chalkboards listing accomplishments of 11.0 (https://twitter.com/SeanChittenden/status/740904105388978176) List of things people have or want for FreeBSD 12 (https://twitter.com/Keltounet/status/740928627471159296) Matt Ahrens signing Allan's ZFS book (https://twitter.com/kprovst/status/741322268480049152?cn=bWVudGlvbg%3D%3D&refsrc=email) FreeBSD's new marketing strategy (https://twitter.com/cperciva/status/741707948469157889) Charity Auction: systemd whoopie cushion (https://twitter.com/HippyWizard/status/741768670704066560) Embarass OpenBSD's @HenningBrauer by donating $10 to charity for a selfie with him wearing a Linux t-shirt (https://twitter.com/juliefriday/status/741948048788586496) @GroffTheBSDGoat changes handlers, from @HenningBrauer to @GavinAtkinson (https://twitter.com/GroffTheBSDGoat/status/742415390798716928) Day 1 Video (https://www.youtube.com/watch?v=AOidjSS7Hsg) Day 2 Video (https://www.youtube.com/watch?v=z7pDnBO5wSM) Allan's GELIBoot talk (day 2) (https://www.youtube.com/watch?v=z7pDnBO5wSM&feature=youtu.be&list=PLeF8ZihVdpFfoEV67dBSrKfA8ifpUr6qC&t=4440) *** Media Coverage of Microsoft + FreeBSD story (https://azure.microsoft.com/en-us/blog/freebsd-now-available-in-azure-marketplace/) Microsoft has released their own custom image of FreeBSD 10.3 for the Azure Cloud “This means that not only can you quickly bring-up a FreeBSD VM in Azure, but also that in the event you need technical support, Microsoft support engineers can assist.” “Microsoft is the publisher of the FreeBSD image in the marketplace rather than the FreeBSD Foundation. The FreeBSD Foundation is supported by donations from the FreeBSD community, including companies that build their solutions on FreeBSD. They are not a solution provider or an ISV with a support organization but rather rely on a very active community that support one another. In order to ensure our customers have an enterprise SLA for their FreeBSD VMs running in Azure, we took on the work of building, testing, releasing and maintaining the image in order to remove that burden from the Foundation. We will continue to partner closely with the Foundation as we make further investments in FreeBSD on Hyper-V and in Azure.” "It's quite a significant milestone for FreeBSD community and for Microsoft to publish a supported FreeBSD image on Azure Marketplace. We really appreciate Microsoft's commitment and investment in FreeBSD project". - Justin T. Gibbs, President of FreeBSD Foundation Microsoft took a FreeBSD 10.3-RELEASE image and added additional patches, most of which they have upstreamed but that were too late for the regular 10.3 release cycle. Rather than requiring users to use a snapshot of the stable/10 branch, which would complicate the user experience, and complicate the job of the Microsoft support engineers, they created their own “certified” release This allows Microsoft to selectively deploy errata fixes to the image as well It is not clear how this affects update mechanisms like freebsd-update(8) The Register (http://www.theregister.co.uk/2016/06/09/microsoft_freebsd/) The Inquirer (http://www.theinquirer.net/inquirer/news/2461070/microsoft-creates-own-distribution-of-freebsd-for-azure-developers) Infoworld (http://www.infoworld.com/article/3082090/open-source-tools/is-microsoft-publishing-its-own-freebsd-yes-and-no.html) The Hacker News (http://thehackernews.com/2016/06/microsoft-azure-freebsd.html) Windows Report (http://windowsreport.com/microsoft-freebsd-10-3-ready-made-vm-image-azure/) Windows Club (http://news.thewindowsclub.com/microsoft-freebsd-operating-system-84375/) *** Select works poorly (http://www.tedunangst.com/flak/post/select-works-poorly) “At the bottom of the OpenBSD man page for select is a little note. “Internally to the kernel, select() and pselect() work poorly if multiple processes wait on the same file descriptor.” There's a similar warning in the poll man page. Where does this warning come from and what does it mean?” Ted found that at first glance, OpenBSD's select() appears to be quite bad: “whenever some data gets written, we call wakeup(&selwait);. Based on what we've seen so far, one can conclude that this is likely to be inefficient. Every time any socket has some data available, we wake up every selecting process in the system. Works poorly indeed.” After further investigation, it turns out to not be quite as bad When the select() is first setup, the PID of the process that cares about the FD is recorded in the selinfo struct If a second process runs select() on the same FD, the SI_COLL (Select Collision) flag is set on the selinfo struct When selwakeup() is called, if SI_COLL is set, all select()ing processes are woken up, and the sysctl kern.nselcoll is incremented. If the flag is not set, and only a single PID is waiting for activity on that FD, only that process is woken up “This is not an intractable problem. kevent avoids it entirely. Other implementations may too. But practically, does it need to be solved? My laptop says it's happened 43 times. A server with substantially more uptime says 0. Doesn't seem so bad.” *** Interview - Hans Petter Selasky - hps@freebsd.org (mailto:hps@freebsd.org) / @twitter (https://twitter.com/user) Designing FreeBSD's USB drivers, hooking up a piano to FreeBSD & more! *** News Roundup Timeline of libexpat random vulnerability (http://www.tedunangst.com/flak/post/timeline-of-libexpat-random-vulnerability) Do you use FreeBSD as web server? Why or why not? (https://news.ycombinator.com/item?id=11804565) 20 years of NetBSD code Bloat (http://kristerw.blogspot.sg/2016/05/20-years-of-netbsd-code-bloat.html) HP Chromebook 13 now booting OpenBSD (https://jcs.org/statuses/2016/06/08/740606952149942272/) UNIX for Poets (https://web.stanford.edu/class/cs124/lec/124-UnixForPoets.pdf) Comparing live version upgrade methods (https://distrowatch.com/weekly.php?issue=20160530#upgrades) My life with FreeBSD on a Thinkpad X220 (https://www.reddit.com/r/BSD/comments/4n3flx/my_life_with_freebsd_on_a_thinkpad_x220/)
I’ve got a big list of news items for you mostly centered around Microsoft but some networking and home automation as well. Some Community news, Patreon, Meetup, and I’ve bought something and returned something...