Podcast appearances and mentions of John Baldwin

  • 34PODCASTS
  • 59EPISODES
  • 47mAVG DURATION
  • 1MONTHLY NEW EPISODE
  • May 20, 2025LATEST

POPULARITY

20172018201920202021202220232024


Best podcasts about John Baldwin

Latest podcast episodes about John Baldwin

The Cook & Joe Show
The Limitless Express - Tush push, Joel Klatt's top college FB quarterbacks

The Cook & Joe Show

Play Episode Listen Later May 20, 2025 9:02


John Baldwin and Lance Jeter were inducted into the Beaver County Hall of Fame. Chase Daniel thinks the tush push will be banned. We think the tush push should remain in effect. Bengals first-round pick Shemar Stewart is in a contract dispute with the organization. Joel Klatt's top 10 college football quarterbacks.

Paroles d'histoire
382. Relire Saint Louis, avec Marie Dejoux

Paroles d'histoire

Play Episode Listen Later May 19, 2025 58:26


L'invitée : Marie Dejoux, MCF à Paris-I et membre du Lamop Le livre : Saint Louis après Jacques Le Goff: Nouveaux regards sur le roi et son gouvernement, Rennes, PUR, 2025. La discussion :· Un essai déguisé en monument (1:00)· La genèse du livre de Le Goff (5:30)· La recherche de l'individu Louis IX pour accéder à un moment clé du processus d'individuation et de naissance du sujet (18:30)· Un livre de son temps, avec des angles morts (22:15)· La réception de l'ouvrage (26:50)· La recherche sur Saint Louis après Le Goff (32:00)· Le règne au prisme du frère et de la sœur de Louis (42:15)· Un roi guerrier et pacificateur, aspects au second plan chez Le Goff (47:20)· Une relecture critique de la politique de Saint Louis contre les juifs (53:20) Les références évoquées dans la discussion :· Pierre Bourdieu, « L'illusion biographique », Actes de la recherche en sciences sociales, 1986.· John Baldwin, Philippe Auguste et son gouvernement. Les fondations du pouvoir royal en France au Moyen Age, Paris, Fayard, 1991.· Liêm Tuttle, Marie Dejoux, Pierre-Anne Forcadet, Vincent Martin, La justice de Saint Louis. Dans l'ombre du chêne, Paris, PUF, 2024.· William Chester Jordan, La prunelle de ses yeuxUn podcast créé, animé et produit par André Loez et distribué par Binge Audio. Contact pub : project@binge.audioDistribué par Audiomeans. Visitez audiomeans.fr/politique-de-confidentialite pour plus d'informations.

Rock N Roll Pantheon
Ugly American Werewolf in London: Becoming Led Zeppelin Review

Rock N Roll Pantheon

Play Episode Listen Later Mar 22, 2025 73:47


As long-time followers of our show are aware, The Wolf and Action Jackson are HUGE Led Zeppelin fans. When it was announced several years back that there would be a Led Zep documentary coming, we were psyched and knew that we'd not only have to go see it on the big screen but do a review on UAWIL. However, we we didn't know that director Bernard MacMahon had not only unearthed and cleaned up video of a performance by the band in Bath from 1969, but he also uncovered a never-before-heard audio interview of John Bonham. Thanks to that interview, he was able to get reflections from all four members of Led Zeppelin on their journey to becoming the biggest band in the world. Instead of being a complete career retrospective, this film focused on the back stories of each member - how they grew up, when they became fascinated with rock music, which artists turned them on and how they found their way into the music business. Most fans know that Jimmy Page was on tv with his skiffle group as a kid before becoming a premier session guitarist in London. But did you know that John Paul Jones learned so much from his father, pianist John Baldwin, and was a choirmaster at age 14? Did you know Robert Plant would try many different types of groups, hairstyles and scenes before he ever became a Golden God? Learning how Jimmy Page put the first record together so he would have leverage with record companies to not only get better royalties but to not be forced into releasing singles is just one amazing insight into how Led Zeppelin became the juggernaut, especially in the US, that would define their legacy. Action went to great lengths to see this movie and offer his perspective so give us a listen and see this film in the theaters while you can - the video and sound is amazing!! Check out our new website: Ugly American Werewolf in London Website Visit our sponsor RareVinyl.com and use the code UGLY to save 10%! Twitter Threads Instagram YouTube LInkTree www.pantheonpodcasts.com Learn more about your ad choices. Visit megaphone.fm/adchoices

The Ugly American Werewolf in London Rock Podcast
UAWIL #225: Becoming Led Zeppelin Review

The Ugly American Werewolf in London Rock Podcast

Play Episode Listen Later Mar 20, 2025 73:47


As long-time followers of our show are aware, The Wolf and Action Jackson are HUGE Led Zeppelin fans. When it was announced several years back that there would be a Led Zep documentary coming, we were psyched and knew that we'd not only have to go see it on the big screen but do a review on UAWIL. However, we we didn't know that director Bernard MacMahon had not only unearthed and cleaned up video of a performance by the band in Bath from 1969, but he also uncovered a never-before-heard audio interview of John Bonham. Thanks to that interview, he was able to get reflections from all four members of Led Zeppelin on their journey to becoming the biggest band in the world. Instead of being a complete career retrospective, this film focused on the back stories of each member - how they grew up, when they became fascinated with rock music, which artists turned them on and how they found their way into the music business. Most fans know that Jimmy Page was on tv with his skiffle group as a kid before becoming a premier session guitarist in London. But did you know that John Paul Jones learned so much from his father, pianist John Baldwin, and was a choirmaster at age 14? Did you know Robert Plant would try many different types of groups, hairstyles and scenes before he ever became a Golden God? Learning how Jimmy Page put the first record together so he would have leverage with record companies to not only get better royalties but to not be forced into releasing singles is just one amazing insight into how Led Zeppelin became the juggernaut, especially in the US, that would define their legacy. Action went to great lengths to see this movie and offer his perspective so give us a listen and see this film in the theaters while you can - the video and sound is amazing!! Check out our new website: Ugly American Werewolf in London Website Visit our sponsor RareVinyl.com and use the code UGLY to save 10%! Twitter Threads Instagram YouTube LInkTree www.pantheonpodcasts.com Learn more about your ad choices. Visit megaphone.fm/adchoices

Speaks Volumes
SE02 | EP03 - John Baldwin - Shepherding The Record

Speaks Volumes

Play Episode Listen Later Jan 20, 2025 49:20


Our guest today is John Baldwin - a mastering engineer from Nashville, TN. John has worked with Lou Reed, Sly Stone, Emmylou Harris, Nancy Sinatra, Glossary, and The Jesus Lizard. We talk about persistence in getting an internship, not convoluting the process, leaning on Brian Eno for guidance, retraining yourself to not “grind” yourself until defeat, and getting outside to do things unrelated to mastering. This episode's music is brought to you by Maggie Mae from Philadelphia, PA. For more information on Maggie Mae, head to: https://www.maggiemaemusic.com For more information about John: Check out https://johnbaldwinmastering.com And you can find him on Instagram: @johnbaldwinmastering

Mercer County Podcast Club
Season 5 Episode 2 (5.2) Homecoming/Halloween/Ms. Ward/John Baldwin

Mercer County Podcast Club

Play Episode Listen Later Oct 25, 2024 88:07


Lots of info in this October Podcast! First we have Claire Fowler, Payton Ruggles and Tikeena Lang talk about how Homecoming 2024 went. Then we will have our 2nd Student Talk with Emerson Price, Ingrid Hays and Molly Dixon. They have 3 random topics to discuss which mostly deal with Halloween. Our Faculty Interview is with Ms. Ward and Elsie Cook does a great job with this one! Lastly we have Trace Zietler interviewing Junior John Baldwin about the football and about his football fantasy team. Thanks for listening!

Gun Sports Radio
San Diego County Gun Owners Celebrates Win on the 1-in-30 Restriction on Gun Purchases

Gun Sports Radio

Play Episode Listen Later Aug 21, 2024 97:36


It's a Nguyen-WIN situation! The 1 in 30 restrictions on firearm purchases have been removed! If you are a San Diego County Gun Owners member, you were part of the lawsuit that shut down this infringement. Learn about off-grid communications from John Baldwin at the Gun Show on September 7. What are the top 3 lessons that gun owners should know from executive protection? Listen to the segment with Mike Dasargo from Stronghold Dynamic. Don't forget to sign up for Mike's rifle class at the San Diego Gun Show. Jim Miller, who is running for Cajon Valley Unified School District shares a new, cutting edge accomplishments to protect parents' rights. USCCA's Adam Bendas, joins the show to share why they're such strong supporters of the San Diego / Escondido Gun show. Get your Gun Prom Tickets today! https://gunprom.com Get more info and tickets the off-grid communications class and Mike Dasargo's rifle class at the San Diego Gun Show, sponsored by USCCA – https://gunownersradio.com/gun-show Do you have legal protection as a gun owner? Call Adam Bendas today: 619-318-6803 -- Like, subscribe, and share to help restore the Second Amendment in California! Make sure Big Tech can't censor your access to our content and subscribe to our email list: https://gunownersradio.com/subscribe #2a #guns #gunowners #2ndAmendment #2ACA #ca42a #gunownersradio #gunrights #gunownersrights #rkba #shallnotbeinfringed #pewpew -- The right to self-defense is a basic human right. Gun ownership is an integral part of that right. If you want to keep your Second Amendment rights, defend them by joining San Diego County Gun Owners (SDCGO), Orange County Gun Owners (OCGO), or Inland Empire Gun Owners (IEGO). https://www.sandiegocountygunowners.com https://orangecountygunowners.com http://inlandempiregunowners.com Support the cause by listening to Gun Owners Radio live on Sunday afternoon or on any podcast app at your leisure. Together we will win. SUPPORT THE BUSINESSES THAT SUPPORT YOUR SELF DEFENSE RIGHTS! Get expert legal advice on any firearm-related issues: https://dillonlawgp.com Smarter web development and digital marketing help: https://www.sagetree.com Learn to FLY at SDFTI! San Diego Flight Training International: https://sdfti.com Clean your guns easier, faster, and safer! https://seal1.com Stay cool this summer with Straight Shooter Heating & Cooling! https://straightshooter.ac

Read Together UMCNA
Read Together 2024.34

Read Together UMCNA

Play Episode Listen Later Aug 20, 2024 15:56


As we journey together, Rev. John Baldwin reminds us to be intentional and considerate as we share the gifts God has given each of us.

KCSB
The New Research on Incel's Dating Habits and Psychology

KCSB

Play Episode Listen Later Mar 29, 2024 8:30


In light of the 2014 Isla Vista shooting, KCSB's Abigail Alberti reviews research on incel behavior and dating habits, sitting down with UCSB sociology professor Dr. John Baldwin to discuss why this research is so late to take place.

Delta Green: The Yellow King Sequence
COC LA 1949 The Strange Case of Susan Wilton and Lara Swann - Episode 11

Delta Green: The Yellow King Sequence

Play Episode Listen Later Jan 7, 2024 13:16


John Baldwin escorts June Allyson to a jaded party in the Malibu hills while Michael, Gary and Roger head to Pasadena to speak with Hans Schmidt. ADULT THEMES 18+ The Wolff's party scene owes a conceptual debt to Stanley Kubrick's 'Eyes Wide Shut'. It would be fair to say that the stars of that film - Tom Cruise and Nicole Kidman would be ideal casting for Armand and Anastasia Wolff.

Recording Studio Rockstars
RSR434 - Pete Lyman, John Baldwin & Brandon Towles - Atmos Mixing & Mastering & Vinyl at Infrasonic Sound East

Recording Studio Rockstars

Play Episode Listen Later Dec 29, 2023 116:09


How many engineers can you fit on a podcast? Pete, John and Brandon talked about the good and bad of a shared studio, Atmos mixing and mastering, how to make great bass, vinyl records, and why their worst day is better than most jobs' best days! Get access to FREE mixing mini-course: https://MixMasterBundle.com My guests today are Pete Lyman, John Baldwin & Brandon Towles mixing, mastering, and cutting vinyl at Infrasonic Sound East here in Nashville. Pete Lyman who has been a guest on episode RSR165 is a GRAMMY-nominated mastering engineer, and owner of Infrasonic Mastering, an audio and vinyl mastering studio with locations in Los Angeles, CA and Nashville, TN. Pete's digital and vinyl mastering career spans thousands of titles with clients like Chris Stapleton, Jason Isbell, Brandi Carlile, Sturgill Simpson, John Prine, Weezer, Panic! At the Disco and more.   John Baldwin is a GRAMMY-nominated mastering engineer based in Nashville, TN. In 2010 John launched John Baldwin Mastering out of a studio he built in his house, eventually moving to Historic RCA Studio A. John joined the Infrasonic Mastering roster in 2021, bringing a wide spectrum of genres and skills, including restoring and remastering from vinyl and tape. His discography includes artists such as Nancy Sinatra, Deer Tick, Emmylou Harris, The Jesus Lizard, Sly Stone, The Stone Roses, Margo Price, Delta Spirit, and many others INCLUDING Twiggs II a record I produced at The Toy Box Studio. Brandon Towles is a Mixing Engineer and Assistant/Engineer/All Around Good Guy to multi-Grammy winner F. Reid Shippen. Originally from Georgetown, KY, after traveling the country for a few years, Brandon landed in Nashville to work with Reid and Infrasonic Immersive. He has Co-Mixed and Assisted on projects for artists including Dierks Bentley, Keke Palmer, Parker McCollum, The Aces, Kenny Chesney, and many more. Outside of music, Brandon loves playing basketball, the Detroit Lions, and very, very short walks on the beach. Thank you to Raelynn Janicke for setting this interview up! THANKS TO OUR SPONSORS! https://UltimateMixingMasterclass.com https://www.native-instruments.com use code ROCK10 to get 10% off! https://lewitt.link/rockstars https://www.Spectra1964.com https://MacSales.com/rockstars https://iZotope.com use code ROCK10 to get 10% off any individual plugin! https://www.adam-audio.com https://RecordingStudioRockstars.com/Academy  https://www.thetoyboxstudio.com/ Listen to these guests' discography on Spotify: Pete Lyman: https://open.spotify.com/playlist/7MjQvecFkWiCvpVubFQ1Xe?si=8a3c8e75085945b1 John Baldwin: https://open.spotify.com/playlist/5Bc7sk7fQyTR4zIGpukczw?si=8e56f9203b114ee8 Brandon Towles: https://open.spotify.com/playlist/5cYne80PW7Q0RJgBHzzNNn?si=b8ca212e598247db If you love the podcast, then please leave a review: https://RSRockstars.com/Review CLICK HERE FOR COMPLETE SHOW NOTES AT: https://RSRockstars.com/434

Delta Green: The Yellow King Sequence
COC LA 1949 - The Strange Case of Susan Wilton and Lara Swann - Episode 5

Delta Green: The Yellow King Sequence

Play Episode Listen Later Dec 27, 2023 10:20


Roger Fitzgerald visits the catatonic Dr Winslow in hospital and finds an interesting notebook. John Baldwin has an unexpected visitor from his showbiz past... 18+ ADULT THEMES

Delta Green: The Yellow King Sequence
Call of Cthulhu - LA 1949 - The Strange Case of Susan Wilton and Lara Swann

Delta Green: The Yellow King Sequence

Play Episode Listen Later Dec 24, 2023 3:00


Private Investigator Gary Krane introduces his strangest ever case file involving a movie siren, the Mob and a Great Old One... 18+ CONTENT - ADULT THEMES This series owes a conceptual debt to James Ellroy's LA Quartet series of novels - 'The Black Dahlia', 'The Big Nowhere', 'LA Confidential' and 'White Jazz' and Chaosium's Call of Cthulhu scenario 'The Curse of Chaugnar Faughn' by Bill Barton originally published in the Curse of the Cthonians supplement in 1984. The Investigators: Eddie Bellows - played by Mr Joe Ewens; Michael Katzenbach - played by Mr Johan Bert; Gary Krane - played by Mr Adrian Joseph; John Baldwin - played by Mr Mikko Lahti; Roger Fitzgerald - played by Mr Neil Randerson.

Sex and Life Advice with Masculine Jason
Porn Star Confessions - John Baldwin (Episode 68)

Sex and Life Advice with Masculine Jason

Play Episode Listen Later Dec 1, 2023 84:53


This time I interview porn star John Baldwin about how he got into the industry, being a companion, tantra, massage, building connections, his marriage, what he is passionate about, and what he is like off camera. Please let us know your thoughts and if you have any questions below. We'll be happy to answer them!#pornstar #sexuality #interview #sex #porn Official merchandise store:https://masculinejasonofficial.comJoin this channel to get access to the perks:https://www.youtube.com/channel/UCB1TqH8fTgss84OwaKj_uQQ/joinMy Social Media :Instagram: https://www.instagram.com/masculinejasonTiktok: https://www.tiktok.com/@masculinejasonFacebook: https://www.facebook.com/masculinejasonLinktree: https://linktr.ee/masculinejasonMy Amazon Wishlist :https://www.amazon.com/hz/wishlist/ls/3E2IMEQGWK2F9?ref_=wl_shareLIKE, SHARE, AND SUBSCRIBE.TURN ON POST NOTIFICATIONS.Support the show

BSD Now
491: Catch the Spammers

BSD Now

Play Episode Listen Later Jan 26, 2023 42:18


Dragonfly BSD 6.4 is out, Running OpenZFS – Choosing Between FreeBSD and Linux, OpenBSD Mastery: Filesystems ebook leaks, catching 71% spam, crazy unix shell prompts, Linux Binary Compatibility: Ubuntu on FreeBSD, Reproducible Builds Summit Venice 2022, and more NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) and the BSDNow Patreon (https://www.patreon.com/bsdnow) Headlines Dragonfly BSD 6.4 is out (https://www.dragonflybsd.org/release64/) Running OpenZFS – Choosing Between FreeBSD and Linux (https://klarasystems.com/articles/running-openzfs-choosing-between-freebsd-and-linux/) News Roundup “OpenBSD Mastery: Filesystems” ebook leaking out (https://mwl.io/archives/22462) Can Your Spam-eater Manage to Catch Seventy-one Percent Like This Other Service? (https://bsdly.blogspot.com/2022/12/can-your-spam-eater-manage-to-catch.html) Crazy unix shell prompts (https://lists.nycbug.org:8443/pipermail/semibug/2022-December/000775.html) Linux Binary Compatibility: Ubuntu on FreeBSD (https://byte--sized-de.translate.goog/linux-unix/linux-binary-compatibility-ubuntu-unter-freebsd/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp) Reproducible Builds Summit Venice 2022 (https://blog.netbsd.org/tnf/entry/reproducible_builds_summit_venice_2022) Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Felix - Managing Jails with ansible (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/491/feedback/Felix%20-%20Managing%20Jails%20with%20ansible.md) John Baldwin - bhyve networking setup article (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/491/feedback/John%20Baldwin%20-%20bhyve%20networking%20setup%20article.md) Welton - bhyve webadmin (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/491/feedback/Welton%20-%20bhyve%20webadmin.md) Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) ***

BSD Now
487: EuroBSDcon Interviews Pt. 2

BSD Now

Play Episode Listen Later Dec 29, 2022 34:19


This year end episode of BSDNow features a trip report to EuroBSDcon by Mr. BSD.tv, as well as an interview with FreeBSD committer John Baldwin. Happy New Year, 2023! NOTES*** This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) and the BSDNow Patreon (https://www.patreon.com/bsdnow) EuroBSDCon 2022 Trip Report (https://freebsdfoundation.org/blog/eurobsdcon-2022-trip-report-patrick-mcevoy/) Interview 3 - John Baldwin - email@email (mailto:email@email) / @twitter (https://twitter.com/user) Interview topic Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) ***

Oral Arguments for the Court of Appeals for the Seventh Circuit

Corrie Wallace v. John Baldwin

The Ancient and Esoteric Order of the Jackalope
Shenandoahs, Part 1: The Sea King [the CSS Shenandoah]

The Ancient and Esoteric Order of the Jackalope

Play Episode Listen Later Sep 5, 2022 56:42


In 1864 the Confederate States of America commissioned a privateer to destroy the American whaling industry. It succeeded beyond their wildest dreams... but not until after the war was over. Whoops. Transcript, sources, links and more at https://order-of-the-jackalope.com/the-sea-king/ Key sources for this episode include Chester G. Hearn's GRAY RAIDERS OF THE SEA: HOW EIGHT CONFEDERATE WARSHIPS DESTROYED THE UNION'S HIGH SEAS COMMERCE; John Baldwin and Ron Powers' LAST FLAG DOWN: THE EPIC JOURNEY OF THE LAST CONFEDERATE WARSHIP; Lynn Schooler's THE LAST SHOT: THE INCREDIBLE STORY OF THE CSS SHENANDOAH AND THE TRUE CONCLUSION OF THE AMERICAN CIVIL WAR; Terry Smyth's AUSTRALIAN CONFEDERATES: HOW 42 AUSTRALIANS JOINED THE REBEL CAUSE AND FIRED THE LAST SHOT IN THE AMERICAN CIVIL WAR; and Tom Chaffin's SEA OF GRAY: THE AROUND-THE-WORLD ODYSSEY OF THE CONFEDERATE RAIDER SHENANDOAH.  Presented by #13 (Dave White) Artist. Lover. Social Media Unfluencer. Acknowledged authority on lucrative bogs. Dave White is all this and more. But most days he's a web developer, graphic designer, and cartoonist. He lives in Pittsburgh with his wife, his two cats, and his crippling obsession with strange trivia. This week we're cross-promoting with The Paranoid Strain (https://play.acast.com/s/the-paranoid-strain), the podcast that explains why so many people believe ridiculous conspiracy theories! Listen as each episode the Fearful Jesuit explores the origins of conspiracy theories like QAnon, 9/11 Truthers, and Sovereign Citizens and then systematically dismantles them! You'll love it! Discord: https://discord.gg/Mbap3UQyCB Facebook: https://www.facebook.com/orderjackalope/ Instagram: https://instagram.com/orderjackalope Reddit: https://www.reddit.com/user/orderjackalope Tumblr: https://orderjackalope.tumblr.com Twitter: https://twitter.com/orderjackalope Email: jackalope@order-of-the-jackalope.com Part of the That's Not Canon Productions podcast network. https://thatsnotcanon.com/

Neurocareers: How to be successful in STEM?
Uncovering the Mystery of Brain Responses to Hidden Messages in Art with John Baldwin

Neurocareers: How to be successful in STEM?

Play Episode Listen Later Jul 25, 2022 59:38


Hidden messages? Hidden responses? Neuroscience? Meet and greet our Neurocareers podcast guest, the artist John Baldwin from Devon, UK! This Sherlock Holmes of Arts works on deciphering the mystery of human responses to art, specifically brain responses to hidden messages in art pieces. But that is not it! John mastered the art of hiding messages himself, and now he invites other people from all over the world to join him on this path in an exhibition, "The Hidden Response," supported by the Arts Council England. During the exhibition, John aims to uncover the hidden viewer's brain responses to hidden messages by using state-of-the-art neurotechnologies! To our knowledge, this is the first exhibition of this kind in the world! John also shares his experience entering the art field after facing a disability and becoming a wheelchair user. John's story inspires all those who started doubting themselves after life presented them with serious challenges. Tune in to this podcast episode to stop feeling isolated and explore new opportunities as John did! Make the impossible possible! Find more about John's work here: https://www.thehiddenresponse.com https://www.crackedpainter.com The podcast is brought to you by The Institute of Neuroapproaches and its founder - Milena Korostenskaja, PhD - a neuroscience educator, neuroscience research consultant, and career coach for people in neuroscience and neurotechnologies: https://www.neuroapproaches.org/ Get in touch with Dr. K. at neuroapproaches@gmail.com

Above the Line with Cruz Hitt

In this episode John and I speak on the importance of teachers within our educational systems, boxing in California, and the lost practice of reading books. This was such an enjoyable episode to record and a big thank you to Mr. Baldwin for this episode. 

Plain-Spoken Grace
A Primer On Spiritual Warfare w/ Pastor John Baldwin | Ep. 114

Plain-Spoken Grace

Play Episode Listen Later Dec 18, 2021 43:14


Ep. 114 | Guest: Pastor John Baldwin Summary: Spiritual warfare is a reality in the life of the follower of Christ. The Bible teaches what it is, why it happens, when it happens, and how to fight. Chip welcomes Pastor John Baldwin back to the "he-shed" for a time of discussion about the topic. In this full-length episode, you'll find valuable information and encouragement to stand against the fiery darts of our adversary. Recorded: Dec. 9, 2021 - live in studio Based in Richmond, VA, Plain-Spoken Grace is a semi-monthly video podcast produced and hosted by Chip Forbes. We focus on encouraging men to live Christ-centered lives in service to God, your family and your community. More at https://www.plainspokengrace.org Show Notes: Follow or message Pastor John Baldwin on Facebook Listen to Additional resources from Andrew Wommack regarding Spiritual Authority and how to pray when engaging in spiritual warfare. Watch this episode on YouTube. Partners: Shoals Coffee Co. | Website | Instagram | Facebook - All proceeds from Shoals Coffee Co. go to fund Shoals Save-A-Life, a faith-based women's health clinic located in Florence, AL. More Episodes

Living in New Bern Now and Beyond
New Bern Now Podsquad – Episode 201

Living in New Bern Now and Beyond

Play Episode Listen Later Nov 2, 2021 60:01


The Podsquad: Pat Drake and Wendy Card were joined by special guests Kaitlyn Penn, Owner of New Bern Baby View; Jill Eberle, New Bern Artists Studio Tour; and John Baldwin, Craven Concerts. We talked about the people, places and happenings in New Bern and Beyond. Let us know if you'd like to be a guest or if you have any questions by emailing info@newbernnow.com.  Wendy Card

Plain-Spoken Grace
Why We Sing: Church Music & Hymns w/ Pastor John Baldwin

Plain-Spoken Grace

Play Episode Listen Later Jun 4, 2021 40:35


Ep. 110 | Guest: John Baldwin Summary: Recorded live from his home studio in Richmond, VA, host Chip Forbes sits down with returning guest John Baldwin, Pastor of Berea Baptist Church in Rockville, VA. They discuss the origins of music in the Church and how sacred hymns still edify the Body Of Christ in modern worship services. This is the first in a music themed mini-series of episodes focusing on worship music and the role music plays in the Christian Church. #howgreatthowart #hymnology #christmascarols   More at: https://www.PlainSpokenGrace.org   Show Notes: More about the origins of “How Great Thou Art.“ More about the origins of “Hark The Heralds Angels Sing.“ More: Music and the Early Church Shoals Coffee Co. | Website | Instagram | Facebook – All proceeds from Shoals Coffee Co. go to fund Shoals Save-A-Life, a crisis pregnancy center located in Florence, AL. More Episodes

The 10Adventures Podcast
Ski Touring the Coast Mountains with John Baldwin

The 10Adventures Podcast

Play Episode Listen Later Apr 5, 2021 30:41


On this episode we talk about ski touring the Coast Mountains of British Columbia with John Baldwin. John narrates his life exploring the mountains and backcountry skiing. Join us as John and our hosts discuss the rewarding experience of adventuring the Coast Mountains and disclose the difficulties of skiing the high country. Learn more about mountaineering and backcountry skiing from a seasoned outdoor enthusiast and fellow adventure traveller. This episode will undoubtedly inspire you to get out into the wilderness and plan your next ski touring adventure into the backcountry.    Guest Profile John Baldwin is a legendary guidebook author and explorer of BC's coast mountains.  Author of "Exploring the CoastMountain on Skis", he also is the publisher of numerous other books and maps to help people explore the outdoors. In 2020 he was awarded an honorary lifetime membership in the Alpine Club of Canada. You can find out more about John here. Check out our favorite backcountry ski tours at 10Adventures.  Follow us on Instagram @10Adventures for more adventure travel inspo

Yoga Minutes
What is Yoga? Part 12: Yoga = Union - A Practical Approach

Yoga Minutes

Play Episode Listen Later Mar 17, 2021 11:12


Yoga means "Union", but is this a belief that is really true? Is it practical to believe? Original music by John Baldwin

Música de Contrabando
MÚSICA DE CONTRABANDO T30C096 La banda murciana Lady Ma Belle pone la banda sonora a #proyecto16familias (12/03/2021)

Música de Contrabando

Play Episode Listen Later Mar 12, 2021 119:18


En Música de Contrabando, revista diaria de música en Onda Regional de Murcia, estrenamos nuevo formato con la incorporación de Terminal Pop, y aumentamos la duración a dos horas (orm.es; 00'00h) para que puedas disfrutar de toda la actualidad musical de la jornada. Warner Music anuncia el lanzamiento de Live at Knebworth 1990, de Pink Floyd, por primera vez en cedé, doble vinilo y plataformas digitales el 30 de abril de 2021. El concierto permaneció inédito hasta que apareció en la caja The later years, publicada en 2019.Pink Floyd encabezó la lista de artistas de este concierto, que incluía a Paul McCartney, Dire Straits, Genesis, Phil Collins, Mark Knopfler, Robert Plant (con Jimmy Page), Cliff Richard, Eric Clapton y Tears For Fears. En un comunicado que acaba de lanzar junto a varias novedades, el festival barcelonés Crüilla ha reafirmado su confianza y compromiso en su celebración en la edición 2021, que está prevista para el fin de semana del 7, 8 y 9 de julio en Barcelona (Morcheeba). Eminem ha lanzado un vídeo de su tema “Tone Deaf” del que habla sobre ciertas polémicas de su pasado en el que hace un repaso de todas las veces que le han intentado cancelar. El sello 4AD cumplió 40 años como sello el año pasado, y como celebración tardía, ha anunciado un recopilatorio especial de versiones llamado Bills & Aches & Blues. La compilación presenta a 18 de sus artistas actuales que versionan una canción del pasado de 4AD: un experimento creativo arraigado en el espíritu de colaboración y una instantánea de 4AD, 41 años después de su inicio . Escuchamos Tkay Maidza con Where Is My Mind? ( Pixies ), The Breeders hacen Dirt Eaters ( His Name Is Alive ) y Maria Somerville se encarga de Seabird ( Air Miami ). Embusteros nos presentan "Prohibido", el nuevo adelanto con el que la banda cordobesa está desgranando su nuevo álbum “Babel”, que verá la luz en mayo del presente año de la mano de Sideral Music. Yarea estrena “Malabares” y continúa así con la publicación de una primera serie de singles en una carrera que apunta a cotas muy altas. En esta ocasión presenta un tema de pop lo-fi con vibraciones de urbana.Nick Waterhouse estrena "b. santa ana, 1986", nuevo adelanto para bailar de Promenade blue, su nuevo disco. Ya Tseen colabora con John Baldwin, de Portugal. The Man en "knives", sofisticado nuevo adelanto de Indian yard . El colectivo californiano Peach Tree Rascals continúa el camino hacia su EP de debut, ‘Camp Nowhere’, que saldrá el día 26 de marzo, con un nuevo single, Leave me. Firmado, Carlota , la joven artista murciana , estrena un nuevo single titulado 'Todo Habrá Cambiado', segundo adelanto de su próximo disco ' Buenas y Malas Decisiones '. "Como si el diablo te llevara" es el nuevo sencillo de Joaquín Talismán. Se publicará en plataformas en próximo 17 de marzo, y es el tercer adelanto del álbum que verá la luz a finales de mayo. AYOHO presenta un tema nuevo el 18 de marzo, "Sin Ti". Emilia Pardo Bazán estrenn 'El paso honroso', una canción que habla de cómo convertimos en nuestro enemigo a quien antes parecía ser importante, incluso necesario. "Vémonos no baño" , lo nuevo de Grande AMORE, tiene esencia de rock and roll. Dos acordes, gritos y una voz que canta alegremente sobre una situación sórdida. A nivel sonoro, está entre la No Wave, el sonido de Ilegales y el minimalismo extremo de Sleaford Mods. ‘Viaje Sin Vuelta’ es su nuevo single, una canción compuesta íntegramente por Paula Mattheus que cuenta con la colaboración y producción de Pol 3.14. El cuarteto neoyorkino Crumb borda la psicodelia pop en "trophy". Axolotes Mexicanos están de vuelta con “:3”, su nuevo disco, un viaje que desborda energía por todos los costados, hasta lo inasumible. La banda murciana Lady Ma Belle pone la banda sonora a #proyecto16familias. Hablamos con Félix y Gabi sobre su proyecto solidario y planes. Y repasamos el programa del Murcia Jazz Festival :Randy Greer, Clarence Bekker Band, del que recuperamos una entrevista hecha hace justo un año , cuando ponía rumbo para participar en el festival que terminó cancelándose por la pandemia._ _ _ _ _

Yoga Minutes
What is Yoga? Part 10: Insights from the Hatha Yoga Pradipika

Yoga Minutes

Play Episode Listen Later Mar 1, 2021 6:24


How does this 600-year old classic yogic text help us to answer the question: What is Yoga? Original music by John Baldwin

Speak Up for Equity
Building Trust in the Healthcare System with John Baldwin

Speak Up for Equity

Play Episode Listen Later Feb 24, 2021 35:20


John Baldwin understands that when healthcare teams are more diverse, they're better equipped to serve patients. John is the chief operating officer of hospitals and clinics for Cancer Treatment Centers of America Atlanta, and in this episode, he explains how healthcare organizations can create more trustful relationships with communities of color. He also discusses the implications of healthcare inequity in terms of the COVID-19 pandemic and vaccine rollout.

Plain-Spoken Grace
Fireside Chat w/ Pastor John Baldwin

Plain-Spoken Grace

Play Episode Listen Later Jan 21, 2021 60:00


Ep. 105 | Guest: John Baldwin Summary: John Baldwin, pastor of Berea Baptist Church in Rockville, VA, joins Chip in this episode of Plain-Spoken Grace. Pastor John grew up in Central, Virginia. He is a graduate of Hampden-Sydney College where he earned a Bachelors in History and Religion. He is also a graduate of Liberty University, where he earned a Masters of Religious Education, a Masters of Art in Religion, and a Masters of Divinity. He is currently pursuing a Masters of Religion in Church History, and a Doctorate of Ministry with an Emphasis on Church Planting and Evangelism. John is married to his wonderful wife Juliet, and they have three sons: Tim, John, and Weston. He has a passion for sharing the Gospel of Christ with everyone he encounters, and embraces the opportunities that each day brings to share the love of Jesus. Chip and Pastor John discuss a variety of topics centered around John's background, his thoughts on dealing with church hurt, and the relevancy of studying the minor prophets in the light of current events. Show Notes: Visit Berea Baptist Church's Website: https://www.berea-baptist-church.org/​ Follow Pastor John on Facebook: https://www.facebook.com/john.baldwin.108 Watch John Baldwin on YouTube: https://www.youtube.com/channel/UCOpiGafI0UFD6KZo6yZpvww Please support our program partners: Shoals Coffee Co. | https://shoalscoffeeco.com/​ – All proceeds from Shoals Coffee Co. go to fund Shoals Save-A-Life, a crisis pregnancy center located in Florence, AL.

Yoga Minutes
What is Yoga? Part 9: Famous Indian Yogi Edition - featuring music by Anoushka Shankar.

Yoga Minutes

Play Episode Listen Later Jan 20, 2021 9:58


What do famous Indian Yogis say Yoga is? Insights from Iyengar, Yogananda, Satchidananda, and more. Original Music by John Baldwin. Guest track "Naked" by Anoushka Shankar. Follow along at www.justbetours.com/yogaminutes

Yoga Minutes
What is Yoga? Part 8: Famous Scholar Edition

Yoga Minutes

Play Episode Listen Later Dec 21, 2020 9:35


What do famous Western Scholars of Eastern ideas say Yoga is? Here we get some direct quotes from Alan Watts, Joseph Campbell, Karen Armstrong and more. Follow along at www.justbetours.com/yogaminutes. Music: Massive Attack's "Teardrop" cover by John Baldwin.

Yoga Minutes
What is Yoga? Part 7: Insights From the Yoga Sutras of Patanjali

Yoga Minutes

Play Episode Listen Later Dec 17, 2020 7:03


What does one of the most revered texts in the world of yogic literature say what yoga is? Here we consider various translations of Patanjali's Yoga Sutras. Readings from Dr. Christopher Chapple's translation - Yoga and the Luminous, Nischala Joy Devi's The Secret Power of Yoga, BKS Iyengar's Light on the Yoga Sutras and more. Follow along at www.justbetours.com/yogaminutes. Music: John Lennon's "Imagine" cover performed by John Baldwin.

Weekly check in
Episode 37

Weekly check in

Play Episode Listen Later Nov 18, 2020 18:27


In conversation with John Baldwin - part 2.

Yoga Minutes
What is Yoga? Part 6: 5 Contemporary Definitions

Yoga Minutes

Play Episode Listen Later Oct 12, 2020 6:39


Here are some insights to the BIG Question - What is Yoga? This time by some yogi and yogini friends of mine: Nicolina Adzic, Fabrizio Ciccone, Tiffany Rae, Caroline Iantosca, and Nancy Jurek. Host: John Baldwin. Music: "Untitled" by John Baldwin

Yoga Minutes
What is Yoga? Part 5: Insights From the Bhagavad Gita

Yoga Minutes

Play Episode Listen Later Sep 24, 2020 7:54


What does this classical Vedic text say about yoga? Read along at www.justbetours.com/blog. Hosted by: John Baldwin. Music by: John Baldwin "Just Breathe" cover by Pearl Jam

Yoga Minutes
What is Yoga? Reference Edition (Part 3)

Yoga Minutes

Play Episode Listen Later Sep 15, 2020 5:28


What does an assortment of dictionaries & encyclopedias say yoga is? Hosted by John Baldwin. Music "Untitled" by John Baldwin

Bike Ride Podcast
Bike Ride Podcast - Episode 7 - John Baldwin - Mainer who rides!

Bike Ride Podcast

Play Episode Listen Later Sep 5, 2020 32:28


Mainer, Husband to Joan Calzone, Father to Vera and Maeve, Race bikes, Fixe, Builder, Jerk of all trades --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app Support this podcast: https://anchor.fm/bikeride/support

Yoga Minutes
What is Yoga? A Literal Definition (Part 2)

Yoga Minutes

Play Episode Listen Later Sep 2, 2020 5:43


Here we look at the very old etymology of the word Yoga to see if it can shine some light on our modern interpretation. Music by John Baldwin - untitled.

Yoga Minutes
What is Yoga? An Introduction (Part 1)

Yoga Minutes

Play Episode Listen Later Aug 31, 2020 3:04


Here is an overview of all the various ways we will attempt to define yoga over the next few episodes. Music: George Harrison's "My Sweet Lord" cover by John Baldwin

Yoga Minutes
John's Bio

Yoga Minutes

Play Episode Listen Later Aug 27, 2020 5:26


Here's a chance for you to learn a bit about me

Yoga Minutes
Yoga Minutes Premier Episode

Yoga Minutes

Play Episode Listen Later Aug 19, 2020 2:55


Podcast Description, Topics, and Purpose. Host: John Baldwin 'Should I?' Original music by John Baldwin

A1A Media Network
Island Time Radio Show- 7-6-20

A1A Media Network

Play Episode Listen Later Jul 8, 2020 159:01


7-6-20 show- Fla. trop rocker John McDonald in studio. John Baldwin interview. Cindy Muir's Trop Rockin' magazine update. Support this show http://supporter.acast.com/The-A1A-Media-Network. See acast.com/privacy for privacy and opt-out information.

The A1A Media Network
Island Time Radio Show- 7-6-20

The A1A Media Network

Play Episode Listen Later Jul 8, 2020 159:01


7-6-20 show- Fla. trop rocker John McDonald in studio. John Baldwin interview. Cindy Muir's Trop Rockin' magazine update. Support this show http://supporter.acast.com/The-A1A-Media-Network. See acast.com/privacy for privacy and opt-out information.

Weekly check in
Episode 9

Weekly check in

Play Episode Listen Later May 29, 2020 24:24


In conversation with John Baldwin

Wings Weekly
#21- The Big Voice- Power Without A Microphone (Guest: Lydia Mae)

Wings Weekly

Play Episode Listen Later Apr 6, 2020 37:55


On this weeks show, vocalist and actress Lydia Mae Scholl speaks about her experience with Summerville, SC's Flowertown Players and singing the National Anthem for some big names! Get to know this outstanding vocalist and where to follow her upcoming works!Subscribe and stay up to date with the newest Wings Weekly releases and get to know the creative artists in your Low Country!-Lydia's Link:  Facebook- https://www.facebook.com/LydiaMaeMusic/                                         -Be sure to FOLLOW Wings Weekly podcast on Spotify: https://open.spotify.com/show/47Eb2WdQuXmrODtzCQJ2VH-Exclusive videos on YouTube: https://www.youtube.com/channel/UCv6XGMW4wZWMjru5cd5QdLg-Wings Weekly intro music by: John Baldwin of Paper Satellite Productions http://johnbaldwinsounds.com/                                                                                               -Hosting, Recording and Tracking by: Joshua Jarman- https://www.facebook.com/joshuajarmanmusic                                                                                     -Mixing and Mastering by: John Baldwin-Pad Samples used in public domain: by Freesound.org

Wings Weekly
#07- The Seasons of Muse- Phases of Creativity (Guest: John Baldwin)

Wings Weekly

Play Episode Listen Later Sep 25, 2019 64:29


On this weeks show, multi-instrumentalist/producer/engineer and music guru John Baldwin talks about the seasons of change as a creative mind. Going from creatively productive to slow and reflective and all of the places in between. John talks about his 2600 mile bicycle ride, his latest move to Colorodo from Ridgeville, South Carolina, building PVC flutes, and whats to come from John Baldwin Sounds.  Be sure to FOLLOW Wings Weekly podcast on SpotifyWings Weekly intro music by: John BaldwinPad Samples used in public domain: by Freesound.org

BSD Now
290: Timestamped Notes

BSD Now

Play Episode Listen Later Mar 21, 2019 50:01


FreeBSD on Cavium ThunderX, looking at NetBSD as an OpenBSD user, taking time-stamped notes in vim, OpenBSD 6.5 has been tagged, FreeBSD and NetBSD in GSoC 2019, SecBSD: an UNIX-like OS for Hackers, and more. ##Headlines ###ARM’d and dangerous: FreeBSD on Cavium ThunderX (aarch64) While I don’t remember for how many years I’ve had an interest in CPU architectures that could be an alternative to AMD64, I know pretty well when I started proposing to test 64-bit ARM at work. It was shortly after the disaster named Spectre / Meltdown that I first dug out server-class ARM hardware and asked whether we should get one such server and run some tests with it. While the answer wasn’t a clear “no” it also wasn’t exactly “yes”. I tried again a few times over the course of 2018 and each time I presented some more points why I thought it might be a good thing to test this. But still I wasn’t able to get a positive answer. Finally in January 2019 year I got a definitive answer – and it was “yes, go ahead”! The fact that Amazon had just presented their Graviton ARM Processor may have helped the decision. ###Looking at NetBSD from an OpenBSD user perspective I use to use NetBSD quite a lot. From 2.0 to 6.99. But for some reasons, I stopped using it about 2012, in favor of OpenBSD. Reading on the new 8 release, I wanted to see if all the things I didn’t like on NetBSD were gone. Here is a personal Pros / Cons list. No Troll, hopefully. Just trying to be objective. What I liked (pros) Things I didn’t like (cons) Conclusion So that was it. I didn’t spend more than 30 minutes of it. But I didn’t want to spend more time on it. I did stop using NetBSD because of the need to compile each and every packages ; it was in the early days of pkgin. I also didn’t like the way system maintenance was to be done. OpenBSD’s 6-months release seemed far more easy to manage. I still think NetBSD is a great OS. But I believe you have to spent more time on it than you would have to do with OpenBSD. That said, I’ll keep using my Puffy OS. ##News Roundup Using Vim to take time-stamped notes I frequently find myself needing to take time-stamped notes. Specifically, I’ll be in a call, meeting, or interview and need to take notes that show how long it’s been since the meeting started. My first thought was that there’s be a plugin to add time stamps, but a quick search didn’t turn anything up. However, I little digging did turn up the fact that vim has the built-in ability to tell time. This means that writing a bit of vimscript to insert a time stamp is pretty easy. After a bit of fiddling, I came up with something that serves my needs, and I decided it might be useful enough to others to be worth sharing. John Baldwin’s notes on bhyve meetings ###OpenBSD 6.5-beta has been tagged It’s that time of year again; Theo (deraadt@) has just tagged 6.5-beta. A good reminder for us all run an extra test install and see if your favorite port still works as you expect. CVSROOT: /cvs Module name: src Changes by: deraadt@cvs.openbsd.org 2019/02/26 15:24:41 Modified files: etc/root : root.mail share/mk : sys.mk sys/conf : newvers.sh sys/sys : ktrace.h param.h usr.bin/signify: signify.1 sys/arch/macppc/stand/tbxidata: bsd.tbxi Log message: crank to 6.5-beta ###The NetBSD Foundation participating in Google Summer of Code 2019 For the 4th year in a row and for the 13th time The NetBSD Foundation will participate in Google Summer of Code 2019! If you are a student and would like to learn more about Google Summer of Code please go to the Google Summer of Code homepage. You can find a list of projects in Google Summer of Code project proposals in the wiki. Do not hesitate to get in touch with us via #netbsd-code IRC channel on Freenode and via NetBSD mailing lists! ###SecBSD: an UNIX-like OS for Hackers SecBSD is an UNIX-like operating system focused on computer security based on OpenBSD. Designed for security testing, hacking and vulnerability assessment, it uses full disk encryption and ProtonVPN + OpenVPN by default. A security BSD enviroment for security researchers, penetration testers, bug hunters and cybersecurity experts. Developed by Dark Intelligence Team for private use and will be public release coming soon. ##Beastie Bits Why OpenBSD Rocks Rich’s sh (POSIX shell) tricks Drinking coffee with AWK Civilisational HTTP Error Codes MidnightBSD Roadmap NetBSD on Nintendo64 From Vimperator to Tridactyl ##Feedback/Questions Russell - BSD Now Question :: ZFS & FreeNAS Alan - Tutorial, install ARM *BSD with no other BSD box pls Johnny - New section to add to the show Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv Your browser does not support the HTML5 video tag.

Historically Thinking: Conversations about historical knowledge and how we achieve it

It's a little surprising, perhaps, but the National Weather Service has some really great historical material on its website: Memorial Web Page for the 1928 Okeechobee Hurricane The Great New England Hurricane of 1938 From the Department of "It's really more interesting than it sounds"–John Baldwin, The Government of Philip Augustus: Foundations of French Royal Power in the Middle Ages Resources from the Library of Congress on Constitution Day  

BSD Now
Episode 255: What Are You Pointing At | BSD Now 255

BSD Now

Play Episode Listen Later Jul 18, 2018 80:27


What ZFS blockpointers are, zero-day rewards offered, KDE on FreeBSD status, new FreeBSD core team, NetBSD WiFi refresh, poor man’s CI, and the power of Ctrl+T. ##Headlines What ZFS block pointers are and what’s in them I’ve mentioned ZFS block pointers in the past; for example, when I wrote about some details of ZFS DVAs, I said that DVAs are embedded in block pointers. But I’ve never really looked carefully at what is in block pointers and what that means and implies for ZFS. The very simple way to describe a ZFS block pointer is that it’s what ZFS uses in places where other filesystems would simply put a block number. Just like block numbers but unlike things like ZFS dnodes, a block pointer isn’t a separate on-disk entity; instead it’s an on disk data format and an in memory structure that shows up in other things. To quote from the (draft and old) ZFS on-disk specification (PDF): A block pointer (blkptr_t) is a 128 byte ZFS structure used to physically locate, verify, and describe blocks of data on disk. Block pointers are embedded in any ZFS on disk structure that points directly to other disk blocks, both for data and metadata. For instance, the dnode for a file contains block pointers that refer to either its data blocks (if it’s small enough) or indirect blocks, as I saw in this entry. However, as I discovered when I paid attention, most things in ZFS only point to dnodes indirectly, by giving their object number (either in a ZFS filesystem or in pool-wide metadata). So what’s in a block pointer itself? You can find the technical details for modern ZFS in spa.h, so I’m going to give a sort of summary. A regular block pointer contains: various metadata and flags about what the block pointer is for and what parts of it mean, including what type of object it points to. Up to three DVAs that say where to actually find the data on disk. There can be more than one DVA because you may have set the copies property to 2 or 3, or this may be metadata (which normally has two copies and may have more for sufficiently important metadata). The logical size (size before compression) and ‘physical’ size (the nominal size after compression) of the disk block. The physical size can do odd things and is not necessarily the asize (allocated size) for the DVA(s). The txgs that the block was born in, both logically and physically (the physical txg is apparently for dva[0]). The physical txg was added with ZFS deduplication but apparently also shows up in vdev removal. The checksum of the data the block pointer describes. This checksum implicitly covers the entire logical size of the data, and as a result you must read all of the data in order to verify it. This can be an issue on raidz vdevs or if the block had to use gang blocks. Just like basically everything else in ZFS, block pointers don’t have an explicit checksum of their contents. Instead they’re implicitly covered by the checksum of whatever they’re embedded in; the block pointers in a dnode are covered by the overall checksum of the dnode, for example. Block pointers must include a checksum for the data they point to because such data is ‘out of line’ for the containing object. (The block pointers in a dnode don’t necessarily point straight to data. If there’s more than a bit of data in whatever the dnode covers, the dnode’s block pointers will instead point to some level of indirect block, which itself has some number of block pointers.) There is a special type of block pointer called an embedded block pointer. Embedded block pointers directly contain up to 112 bytes of data; apart from the data, they contain only the metadata fields and a logical birth txg. As with conventional block pointers, this data is implicitly covered by the checksum of the containing object. Since block pointers directly contain the address of things on disk (in the form of DVAs), they have to change any time that address changes, which means any time ZFS does its copy on write thing. This forces a change in whatever contains the block pointer, which in turn ripples up to another block pointer (whatever points to said containing thing), and so on until we eventually reach the Meta Object Set and the uberblock. How this works is a bit complicated, but ZFS is designed to generally make this a relatively shallow change with not many levels of things involved (as I discovered recently). As far as I understand things, the logical birth txg of a block pointer is the transaction group in which the block pointer was allocated. Because of ZFS’s copy on write principle, this means that nothing underneath the block pointer has been updated or changed since that txg; if something changed, it would have been written to a new place on disk, which would have forced a change in at least one DVA and thus a ripple of updates that would update the logical birth txg. However, this doesn’t quite mean what I used to think it meant because of ZFS’s level of indirection. If you change a file by writing data to it, you will change some of the file’s block pointers, updating their logical birth txg, and you will change the file’s dnode. However, you won’t change any block pointers and thus any logical birth txgs for the filesystem directory the file is in (or anything else up the directory tree), because the directory refers to the file through its object number, not by directly pointing to its dnode. You can still use logical birth txgs to efficiently find changes from one txg to another, but you won’t necessarily get a filesystem level view of these changes; instead, as far as I can see, you will basically get a view of what object(s) in a filesystem changed (effectively, what inode numbers changed). (ZFS has an interesting hack to make things like ‘zfs diff’ work far more efficiently than you would expect in light of this, but that’s going to take yet another entry to cover.) ###Rewards of Up to $500,000 Offered for FreeBSD, OpenBSD, NetBSD, Linux Zero-Days Exploit broker Zerodium is offering rewards of up to $500,000 for zero-days in UNIX-based operating systems like OpenBSD, FreeBSD, NetBSD, but also for Linux distros such as Ubuntu, CentOS, Debian, and Tails. The offer, first advertised via Twitter earlier this week, is available as part of the company’s latest zero-day acquisition drive. Zerodium is known for buying zero-days and selling them to government agencies and law enforcement. The company runs a regular zero-day acquisition program through its website, but it often holds special drives with more substantial rewards when it needs zero-days of a specific category. BSD zero-day rewards will be on par with Linux payouts The US-based company held a previous drive with increased rewards for Linux zero-days in February, with rewards going as high as $45,000. In another zero-day acquisition drive announced on Twitter this week, the company said it was looking again for Linux zero-days, but also for exploits targeting BSD systems. This time around, rewards can go up to $500,000, for the right exploit. Zerodium told Bleeping Computer they’ll be aligning the temporary rewards for BSD systems with their usual payouts for Linux distros. The company’s usual payouts for Linux privilege escalation exploits can range from $10,000 to $30,000. Local privilege escalation (LPE) rewards can even reach $100,000 for “an exploit with an exceptional quality and coverage,” such as, for example, a Linux kernel exploit affecting all major distributions. Payouts for Linux remote code execution (RCE) exploits can bring in from $50,000 to $500,000 depending on the targeted software/service and its market share. The highest rewards are usually awarded for LPEs and RCEs affecting CentOS and Ubuntu distros. Zero-day price varies based on exploitation chain The acquisition price of a submitted zero-day is directly tied to its requirements in terms of user interaction (no click, one click, two clicks, etc.), Zerodium said. Other factors include the exploit reliability, its success rate, the number of vulnerabilities chained together for the final exploit to work (more chained bugs means more chances for the exploit to break unexpectedly), and the OS configuration needed for the exploit to work (exploits are valued more if they work against default OS configs). Zero-days in servers “can reach exceptional amounts” “Price difference between systems is mostly driven by market shares,” Zerodium founder Chaouki Bekrar told Bleeping Computer via email. Asked about the logic behind these acquisition drives that pay increased rewards, Bekrar told Bleeping Computer the following: "Our aim is to always have, at any time, two or more fully functional exploits for every major software, hardware, or operating systems, meaning that from time to time we would promote a specific software/system on our social media to acquire new codes and strengthen our existing capabilities or extend them.” “We may also react to customers’ requests and their operational needs,” Bekrar said. It’s becoming a crowded market Since Zerodium drew everyone’s attention to the exploit brokerage market in 2015, the market has gotten more and more crowded, but also more sleazy, with some companies being accused of selling zero-days to government agencies in countries with oppressive or dictatorial regimes, where they are often used against political oponents, journalists, and dissidents, instead of going after real criminals. The latest company who broke into the zero-day brokerage market is Crowdfense, who recently launched an acquisition program with prizes of $10 million, of which it already paid $4.5 million to researchers. Twitter Announcement Digital Ocean http://do.co/bsdnow ###KDE on FreeBSD – June 2018 The KDE-FreeBSD team (a half-dozen hardy individuals, with varying backgrounds and varying degrees of involvement depending on how employment is doing) has a status message in the #kde-freebsd channel on freenode. Right now it looks like this: http://FreeBSD.kde.org | Bleeding edge http://FreeBSD.kde.org/area51.php | Released: Qt 5.10.1, KDE SC 4.14.3, KF5 5.46.0, Applications 18.04.1, Plasma-5.12.5, Kdevelop-5.2.1, Digikam-5.9.0 It’s been a while since I wrote about KDE on FreeBSD, what with Calamares and third-party software happening as well. We’re better at keeping the IRC topic up-to-date than a lot of other sources of information (e.g. the FreeBSD quarterly reports, or the f.k.o website, which I’ll just dash off and update after writing this). In no particular order: Qt 5.10 is here, in a FrankenEngine incarnation: we still use WebEnging from Qt 5.9 because — like I’ve said before — WebEngine is such a gigantic pain in the butt to update with all the necessary patches to get it to compile. Our collection of downstream patches to Qt 5.10 is growing, slowly. None of them are upstreamable (e.g. libressl support) though. KDE Frameworks releases are generally pushed to ports within a week or two of release. Actually, now that there is a bigger stack of KDE software in FreeBSD ports the updates take longer because we have to do exp-runs. Similarly, Applications and Plasma releases are reasonably up-to-date. We dodged a bullet by not jumping on Plasma 5.13 right away, I see. Tobias is the person doing almost all of the drudge-work of these updates, he deserves a pint of something in Vienna this summer. The freebsd.kde.org website has been slightly updated; it was terribly out-of-date. So we’re mostly-up-to-date, and mostly all packaged up and ready to go. Much of my day is spent in VMs packaged by other people, but it’s good to have a full KDE developer environment outside of them as well. (PS. Gotta hand it to Tomasz for the amazing application for downloading and displaying a flamingo … niche usecases FTW) ##News Roundup New FreeBSD Core Team Elected Active committers to the project have elected your tenth FreeBSD Core Team. Allan Jude (allanjude) Benedict Reuschling (bcr) Brooks Davis (brooks) Hiroki Sato (hrs) Jeff Roberson (jeff) John Baldwin (jhb) Kris Moore (kmoore) Sean Chittenden (seanc) Warner Losh (imp) Let’s extend our gratitude to the outgoing Core Team members: Baptiste Daroussin (bapt) Benno Rice (benno) Ed Maste (emaste) George V. Neville-Neil (gnn) Matthew Seaman (matthew) Matthew, after having served as the Core Team Secretary for the past four years, will be stepping down from that role. The Core Team would also like to thank Dag-Erling Smørgrav for running a flawless election. To read about the responsibilities of the Core Team, refer to https://www.freebsd.org/administration.html#t-core. ###NetBSD WiFi refresh The NetBSD Foundation is pleased to announce a summer 2018 contract with Philip Nelson (phil%NetBSD.org@localhost) to update the IEEE 802.11 stack basing the update on the FreeBSD current code. The goals of the project are: Minimizing the differences between the FreeBSD and NetBSD IEEE 802.11 stack so future updates are easier. Adding support for the newer protocols 801.11/N and 802.11/AC. Improving SMP support in the IEEE 802.11 stack. Adding Virtual Access Point (VAP) support. Updating as many NIC drivers as time permits for the updated IEEE 802.11 stack and VAP changes. Status reports will be posted to tech-net%NetBSD.org@localhost every other week while the contract is active. iXsystems ###Poor Man’s CI - Hosted CI for BSD with shell scripting and duct tape Poor Man’s CI (PMCI - Poor Man’s Continuous Integration) is a collection of scripts that taken together work as a simple CI solution that runs on Google Cloud. While there are many advanced hosted CI systems today, and many of them are free for open source projects, none of them seem to offer a solution for the BSD operating systems (FreeBSD, NetBSD, OpenBSD, etc.) The architecture of Poor Man’s CI is system agnostic. However in the implementation provided in this repository the only supported systems are FreeBSD and NetBSD. Support for additional systems is possible. Poor Man’s CI runs on the Google Cloud. It is possible to set it up so that the service fits within the Google Cloud “Always Free” limits. In doing so the provided CI is not only hosted, but is also free! (Disclaimer: I am not affiliated with Google and do not otherwise endorse their products.) ARCHITECTURE A CI solution listens for “commit” (or more usually “push”) events, builds the associated repository at the appropriate place in its history and reports the results. Poor Man’s CI implements this very basic CI scenario using a simple architecture, which we present in this section. Poor Man’s CI consists of the following components and their interactions: Controller: Controls the overall process of accepting GitHub push events and starting builds. The Controller runs in the Cloud Functions environment and is implemented by the files in the controller source directory. It consists of the following components: Listener: Listens for GitHub push events and posts them as work messages to the workq PubSub. Dispatcher: Receives work messages from the workq PubSub and a free instance name from the Builder Pool. It instantiates a builder instance named name in the Compute Engine environment and passes it the link of a repository to build. Collector: Receives done messages from the doneq PubSub and posts the freed instance name back to the Builder Pool. PubSub Topics: workq: Transports work messages that contain the link of the repository to build. poolq: Implements the Builder Pool, which contains the name’s of available builder instances. To acquire a builder name, pull a message from the poolq. To release a builder name, post it back into the poolq. doneq: Transports done messages (builder instance terminate and delete events). These message contain the name of freed builder instances. builder: A builder is a Compute Engine instance that performs a build of a repository and shuts down when the build is complete. A builder is instantiated from a VM image and a startx (startup-exit) script. Build Logs: A Storage bucket that contains the logs of builds performed by builder instances. Logging Sink: A Logging Sink captures builder instance terminate and delete events and posts them into the doneq. BUGS The Builder Pool is currently implemented as a PubSub; messages in the PubSub contain the names of available builder instances. Unfortunately a PubSub retains its messages for a maximum of 7 days. It is therefore possible that messages will be discarded and that your PMCI deployment will suddenly find itself out of builder instances. If this happens you can reseed the Builder Pool by running the commands below. However this is a serious BUG that should be fixed. For a related discussion see https://tinyurl.com/ybkycuub. $ ./pmci queuepost poolq builder0 # ./pmci queuepost poolq builder1 # ... repeat for as many builders as you want The Dispatcher is implemented as a Retry Background Cloud Function. It accepts work messages from the workq and attempts to pull a free name from the poolq. If that fails it returns an error, which instructs the infrastructure to retry. Because the infrastructure does not provide any retry controls, this currently happens immediately and the Dispatcher spins unproductively. This is currently mitigated by a “sleep” (setTimeout), but the Cloud Functions system still counts the Function as running and charges it accordingly. While this fits within the “Always Free” limits, it is something that should eventually be fixed (perhaps by the PubSub team). For a related discussion see https://tinyurl.com/yb2vbwfd. ###The Power of Ctrl-T Did you know that you can check what a process is doing by pressing CTRL+T? Has it happened to you before that you were waiting for something to be finished that can take a lot of time, but there is no easy way to check the status. Like a dd, cp, mv and many others. All you have to do is press CTRL+T where the process is running. This will output what’s happening and will not interrupt or mess with it in any way. This causes the operating system to output the SIGINFO signal. On FreeBSD it looks like this: ping pingtest.com PING pingtest.com (5.22.149.135): 56 data bytes 64 bytes from 5.22.149.135: icmpseq=0 ttl=51 time=86.232 ms 64 bytes from 5.22.149.135: icmpseq=1 ttl=51 time=85.477 ms 64 bytes from 5.22.149.135: icmpseq=2 ttl=51 time=85.493 ms 64 bytes from 5.22.149.135: icmpseq=3 ttl=51 time=85.211 ms 64 bytes from 5.22.149.135: icmpseq=4 ttl=51 time=86.002 ms load: 1.12 cmd: ping 94371 [select] 4.70r 0.00u 0.00s 0% 2500k 5/5 packets received (100.0%) 85.211 min / 85.683 avg / 86.232 max 64 bytes from 5.22.149.135: icmpseq=5 ttl=51 time=85.725 ms 64 bytes from 5.22.149.135: icmp_seq=6 ttl=51 time=85.510 ms As you can see it not only outputs the name of the running command but the following parameters as well: 94371 – PID 4.70r – since when is the process running 0.00u – user time 0.00s – system time 0% – CPU usage 2500k – resident set size of the process or RSS `` > An even better example is with the following cp command: cp FreeBSD-11.1-RELEASE-amd64-dvd1.iso /dev/null load: 0.99 cmd: cp 94412 [runnable] 1.61r 0.00u 0.39s 3% 3100k FreeBSD-11.1-RELEASE-amd64-dvd1.iso -> /dev/null 15% load: 0.91 cmd: cp 94412 [runnable] 2.91r 0.00u 0.80s 6% 3104k FreeBSD-11.1-RELEASE-amd64-dvd1.iso -> /dev/null 32% load: 0.91 cmd: cp 94412 [runnable] 4.20r 0.00u 1.23s 9% 3104k FreeBSD-11.1-RELEASE-amd64-dvd1.iso -> /dev/null 49% load: 0.91 cmd: cp 94412 [runnable] 5.43r 0.00u 1.64s 11% 3104k FreeBSD-11.1-RELEASE-amd64-dvd1.iso -> /dev/null 64% load: 1.07 cmd: cp 94412 [runnable] 6.65r 0.00u 2.05s 13% 3104k FreeBSD-11.1-RELEASE-amd64-dvd1.iso -> /dev/null 79% load: 1.07 cmd: cp 94412 [runnable] 7.87r 0.00u 2.43s 15% 3104k FreeBSD-11.1-RELEASE-amd64-dvd1.iso -> /dev/null 95% > I prcessed CTRL+T six times. Without that, all the output would have been is the first line. > Another example how the process is changing states: wget https://download.freebsd.org/ftp/releases/amd64/amd64/ISO-IMAGES/11.1/FreeBSD-11.1-RELEASE-amd64-dvd1.iso –2018-06-17 18:47:48– https://download.freebsd.org/ftp/releases/amd64/amd64/ISO-IMAGES/11.1/FreeBSD-11.1-RELEASE-amd64-dvd1.iso Resolving download.freebsd.org (download.freebsd.org)… 96.47.72.72, 2610:1c1:1:606c::15:0 Connecting to download.freebsd.org (download.freebsd.org)|96.47.72.72|:443… connected. HTTP request sent, awaiting response… 200 OK Length: 3348465664 (3.1G) [application/octet-stream] Saving to: ‘FreeBSD-11.1-RELEASE-amd64-dvd1.iso’ FreeBSD-11.1-RELEASE-amd64-dvd1.iso 1%[> ] 41.04M 527KB/s eta 26m 49sload: 4.95 cmd: wget 10152 waiting 0.48u 0.72s FreeBSD-11.1-RELEASE-amd64-dvd1.iso 1%[> ] 49.41M 659KB/s eta 25m 29sload: 12.64 cmd: wget 10152 waiting 0.55u 0.85s FreeBSD-11.1-RELEASE-amd64-dvd1.iso 2%[=> ] 75.58M 6.31MB/s eta 20m 6s load: 11.71 cmd: wget 10152 running 0.73u 1.19s FreeBSD-11.1-RELEASE-amd64-dvd1.iso 2%[=> ] 85.63M 6.83MB/s eta 18m 58sload: 11.71 cmd: wget 10152 waiting 0.80u 1.32s FreeBSD-11.1-RELEASE-amd64-dvd1.iso 14%[==============> ] 460.23M 7.01MB/s eta 9m 0s 1 > The bad news is that CTRl+T doesn’t work with Linux kernel, but you can use it on MacOS/OS-X: —> Fetching distfiles for gmp —> Attempting to fetch gmp-6.1.2.tar.bz2 from https://distfiles.macports.org/gmp —> Verifying checksums for gmp —> Extracting gmp —> Applying patches to gmp —> Configuring gmp load: 2.81 cmd: clang 74287 running 0.31u 0.28s > PS: If I recall correctly Feld showed me CTRL+T, thank you! Beastie Bits Half billion tries for a HAMMER2 bug (http://lists.dragonflybsd.org/pipermail/commits/2018-May/672263.html) OpenBSD with various Desktops OpenBSD 6.3 running twm window manager (https://youtu.be/v6XeC5wU2s4) OpenBSD 6.3 jwm and rox desktop (https://youtu.be/jlSK2oi7CBc) OpenBSD 6.3 cwm youtube video (https://youtu.be/mgqNyrP2CPs) pf: Increase default state table size (https://svnweb.freebsd.org/base?view=revision&revision=336221) *** Tarsnap Feedback/Questions Ben Sims - Full feed? (http://dpaste.com/3XVH91T#wrap) Scott - Questions and Comments (http://dpaste.com/08P34YN#wrap) Troels - Features of FreeBSD 11.2 that deserve a mention (http://dpaste.com/3DDPEC2#wrap) Fred - Show Ideas (http://dpaste.com/296ZA0P#wrap) Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) iXsystems It's all NAS (https://www.ixsystems.com/blog/its-all-nas/)

Field Days
Field Days Podcast - Kevin Kempf and John Baldwin

Field Days

Play Episode Listen Later Oct 24, 2017 32:38


There's no shortage of great leadership in the corrections industry and as a Field Days Podcast listener you'll hear from two in this new episode. Kevin Kempf, executive director of the Association of State Correctional Administrators and former guest on the podcast sings praises about MDOC staff and shares his appreciation for their hard work to champion offender success. Kempf talks about what’s next in terms of moving the needle in elevating the corrections profession. John Baldwin, director of the Illinois Department of Corrections provides us insight into what his state and staff are uniquely doing on the reentry side of corrections in order to achieve and maintain a 25% reduction in prison population. Director Washington also shares a few remarks on employee engagement and future goals.

BSD Now
213: The French CONnection

BSD Now

Play Episode Listen Later Sep 27, 2017 91:00


We recap EuroBSDcon in Paris, tell the story behind a pf PR, and show you how to do screencasting with OpenBSD. This episode was brought to you by Headlines Recap of EuroBSDcon 2017 in Paris, France (https://2017.eurobsdcon.org) EuroBSDcon was held in Paris, France this year, which drew record numbers this year. With over 300 attendees, it was the largest BSD event I have ever attended, and I was encouraged by the higher than expected number of first time attendees. The FreeBSD Foundation held a board meeting on Wednesday afternoon with the members who were in Paris. Topics included future conferences (including a conference kit we can mail to people who want to represent FreeBSD) and planning for next year. The FreeBSD Devsummit started on Thursday at the beautiful Mozilla Office in Paris. After registering and picking up our conference bag, everyone gathered for a morning coffee with lots of handshaking and greeting. We then gathered in the next room which had a podium with microphone, screens as well as tables and chairs. After developers sat down, Benedict opened the devsummit with a small quiz about France for developers to win a Mogics Power Bagel (https://www.mogics.com/?page_id=3824). 45 developers participated and DES won the item in the end. After introductions and collecting topics of interest from everyone, we started with the Work in Progress (WIP) session. The WIP session had different people present a topic they are working on in 7 minute timeslots. Topics ranged from FreeBSD Forwarding Performance, fast booting options, and a GELI patch under review to attach multiple providers. See their slides on the FreeBSD wiki (https://wiki.freebsd.org/DevSummit/201709). After lunch, the FreeBSD Foundation gave a general update on staff and funding, as well as a more focused presentation about our partnership with Intel. People were interested to hear what was done so far and asked a few questions to the Intel representative Glenn Weinberg. After lunch, developers worked quietly on their own projects. The mic remained open and occasionally, people would step forward and gave a short talk without slides or motivated a discussion of common interest. The day concluded with a dinner at a nice restaurant in Paris, which allowed to continue the discussions of the day. The second day of the devsummit began with a talk about the CAM-based SDIO stack by Ilya Bakulin. His work would allow access to wifi cards/modules on embedded boards like the Raspberry Pi Zero W and similar devices as many of these are using SDIO for data transfers. Next up was a discussion and Q&A session with the FreeBSD core team members who were there (missing only Benno Rice, Kris Moore, John Baldwin, and Baptiste Daroussin, the latter being busy with conference preparations). The new FCP (FreeBSD community proposals) were introduced for those who were not at BSDCan this year and the hows and whys about it. Allan and I were asked to describe our experiences as new members of core and we encouraged people to run for core when the next election happens. After a short break, Scott Long gave an overview of the work that's been started on NUMA (Non-Uniform Memory Architecture), what the goals of the project are and who is working on it. Before lunch, Christian Schwarz presented his work on zrepl, a new ZFS replication solution he developed using Go. This sparked interest in developers, a port was started (https://reviews.freebsd.org/D12462) and people suggested to Christian that he should submit his talk to AsiaBSDcon and BSDCan next year. Benedict had to leave before lunch was done to teach his Ansible tutorial (which was well attended) at the conference venue. There were organized dinners, for those two nights, quite a feat of organization to fit over 100 people into a restaurant and serve them quickly. On Saturday, there was a social event, a river cruise down the Seine. This took the form of a ‘standing' dinner, with a wide selection of appetizer type dishes, designed to get people to walk around and converse with many different people, rather than sit at a table with the same 6-8 people. I talked to a much larger group of people than I had managed to at the other dinners. I like having both dinner formats. We would also like to thank all of the BSDNow viewers who attended the conference and made the point of introducing themselves to us. It was nice to meet you all. The recordings of the live video stream from the conference are available immediately, so you can watch the raw versions of the talks now: Auditorium Keynote 1: Software Development in the Age of Heroes (https://youtu.be/4iR8g9-39LM?t=179) by Thomas Pornin (https://twitter.com/BearSSLnews) Tuning FreeBSD for routing and firewalling (https://youtu.be/4iR8g9-39LM?t=1660) by Olivier Cochard-Labbé (https://twitter.com/ocochardlabbe) My BSD sucks less than yours, Act I (https://youtu.be/4iR8g9-39LM?t=7040) by Antoine Jacoutot (https://twitter.com/ajacoutot) and Baptiste Daroussin (https://twitter.com/_bapt_) My BSD sucks less than yours, Act II (https://youtu.be/4iR8g9-39LM?t=14254) by Antoine Jacoutot (https://twitter.com/ajacoutot) and Baptiste Daroussin (https://twitter.com/_bapt_) Reproducible builds on NetBSD (https://youtu.be/4iR8g9-39LM?t=23351) by Christos Zoulas Your scheduler is not the problem (https://youtu.be/4iR8g9-39LM?t=26845) by Martin Pieuchot Keynote 2: A French story on cybercrime (https://youtu.be/4iR8g9-39LM?t=30540) by Éric Freyssinet (https://twitter.com/ericfreyss) Case studies of sandboxing base system with Capsicum (https://youtu.be/jqdHYEH_BQY?t=731) by Mariusz Zaborski (https://twitter.com/oshogbovx) OpenBSD's small steps towards DTrace (a tale about DDB and CTF) (https://youtu.be/jqdHYEH_BQY?t=6030) by Jasper Lievisse Adriaanse The Realities of DTrace on FreeBSD (https://youtu.be/jqdHYEH_BQY?t=13096) by George Neville-Neil (https://twitter.com/gvnn3) OpenSMTPD, current state of affairs (https://youtu.be/jqdHYEH_BQY?t=16818) by Gilles Chehade (https://twitter.com/PoolpOrg) Hoisting: lessons learned integrating pledge into 500 programs (https://youtu.be/jqdHYEH_BQY?t=21764) by Theo de Raadt Keynote 3: System Performance Analysis Methodologies (https://youtu.be/jqdHYEH_BQY?t=25463) by Brendan Gregg (https://twitter.com/brendangregg) Closing Session (https://youtu.be/jqdHYEH_BQY?t=29355) Karnak “Is it done yet ?” The never ending story of pkg tools (https://youtu.be/1hjzleqGRYk?t=71) by Marc Espie (https://twitter.com/espie_openbsd) A Tale of six motherboards, three BSDs and coreboot (https://youtu.be/1hjzleqGRYk?t=7498) by Piotr Kubaj and Katarzyna Kubaj State of the DragonFly's graphics stack (https://youtu.be/1hjzleqGRYk?t=11475) by François Tigeot From NanoBSD to ZFS and Jails – FreeBSD as a Hosting Platform, Revisited (https://youtu.be/1hjzleqGRYk?t=16227) by Patrick M. Hausen Bacula – nobody ever regretted making a backup (https://youtu.be/1hjzleqGRYk?t=20069) by Dan Langille (https://twitter.com/DLangille) Never Lose a Syslog Message (https://youtu.be/qX0BS4P65cQ?t=325) by Alexander Bluhm Running CloudABI applications on a FreeBSD-based Kubernetes cluster (https://youtu.be/qX0BS4P65cQ?t=5647) by Ed Schouten (https://twitter.com/EdSchouten) The OpenBSD web stack (https://youtu.be/qX0BS4P65cQ?t=13255) by Michael W. Lucas (https://twitter.com/mwlauthor) The LLDB Debugger on NetBSD (https://youtu.be/qX0BS4P65cQ?t=16835) by Kamil Rytarowski What's in store for NetBSD 8.0? (https://youtu.be/qX0BS4P65cQ?t=21583) by Alistair Crooks Louxor A Modern Replacement for BSD spell(1) (https://youtu.be/6Nen6a1Xl7I?t=156) by Abhinav Upadhyay (https://twitter.com/abhi9u) Portable Hotplugging: NetBSD's uvm_hotplug(9) API development (https://youtu.be/6Nen6a1Xl7I?t=5874) by Cherry G. Mathew Hardening pkgsrc (https://youtu.be/6Nen6a1Xl7I?t=9343) by Pierre Pronchery (https://twitter.com/khorben) Discovering OpenBSD on AWS (https://youtu.be/6Nen6a1Xl7I?t=14874) by Laurent Bernaille (https://twitter.com/lbernail) OpenBSD Testing Infrastructure Behind bluhm.genua.de (https://youtu.be/6Nen6a1Xl7I?t=18639) by Jan Klemkow The school of hard knocks – PT1 (https://youtu.be/8wuW8lfsVGc?t=276) by Sevan Janiyan (https://twitter.com/sevanjaniyan) 7 years of maintaining firefox, and still looking ahead (https://youtu.be/8wuW8lfsVGc?t=5321) by Landry Breuil Branch VPN solution based on OpenBSD, OSPF, RDomains and Ansible (https://youtu.be/8wuW8lfsVGc?t=12385) by Remi Locherer Running BSD on AWS (https://youtu.be/8wuW8lfsVGc?t=15983) by Julien Simon and Nicolas David Getting started with OpenBSD device driver development (https://youtu.be/8wuW8lfsVGc?t=21491) by Stefan Sperling A huge thanks to the organizers, program committee, and sponsors of EuroBSDCon. Next year, EuroBSDcon will be in Bucharest, Romania. *** The story of PR 219251 (https://www.sigsegv.be//blog/freebsd/PR219251) The actual story I wanted Kristof to tell, the pf bug he fixed at the Essen Hackathon earlier this summer. As I threatened to do in my previous post, I'm going to talk about PR 219251 for a bit. The bug report dates from only a few months ago, but the first report (that I can remeber) actually came from Shawn Webb on Twitter, of all places Despite there being a stacktrace it took quite a while (nearly 6 months in fact) before I figured this one out. It took Reshad Patuck managing to distill the problem down to a small-ish test script to make real progress on this. His testcase meant that I could get core dumps and experiment. It also provided valuable clues because it could be tweaked to see what elements were required to trigger the panic. This test script starts a (vnet) jail, adds an epair interface to it, sets up pf in the jail, and then reloads the pf rules on the host. Interestingly the panic does not seem to occur if that last step is not included. Obviously not the desired behaviour, but it seems strange. The instances of pf in the jails are supposed to be separate. We try to fetch a counter value here, but instead we dereference a bad pointer. There's two here, so already we need more information. Inspection of the core dump reveals that the state pointer is valid, and contains sane information. The rule pointer (rule.ptr) points to a sensible location, but the data is mostly 0xdeadc0de. This is the memory allocator being helpful (in debug mode) and writing garbage over freed memory, to make use-after-free bugs like this one easier to find. In other words: the rule has been free()d while there was still a state pointing to it. Somehow we have a state (describing a connection pf knows about) which points to a rule which no longer exists. The core dump also shows that the problem always occurs with states and rules in the default vnet (i.e. the host pf instance), not one of the pf instances in one of the vnet jails. That matches with the observation that the test script does not trigger the panic unless we also reload the rules on the host. Great, we know what's wrong, but now we need to work out how we can get into this state. At this point we're going to have to learn something about how rules and states get cleaned up in pf. Don't worry if you had no idea, because before this bug I didn't either. The states keep a pointer to the rule they match, so when rules are changed (or removed) we can't just delete them. States get cleaned up when connections are closed or they time out. This means we have to keep old rules around until the states that use them expire. When rules are removed pfunlinkrule() adds then to the Vpfunlinkedrules list (more on that funny V prefix later). From time to time the pf purge thread will run over all states and mark the rules that are used by a state. Once that's done for all states we know that all rules that are not marked as in-use can be removed (because none of the states use it). That can be a lot of work if we've got a lot of states, so pfpurgethread() breaks that up into smaller chuncks, iterating only part of the state table on every run. We iterate over all of our virtual pf instances (VNETFOREACH()), check if it's active (for FreeBSD-EN-17.08, where we've seen this code before) and then check the expired states with pfpurgeexpiredstates(). We start at state 'idx' and only process a certain number (determined by the PFTMINTERVAL setting) states. The pfpurgeexpiredstates() function returns a new idx value to tell us how far we got. So, remember when I mentioned the odd V_ prefix? Those are per-vnet variables. They work a bit like thread-local variables. Each vnet (virtual network stack) keeps its state separate from the others, and the V_ variables use a pointer that's changed whenever we change the currently active vnet (say with CURVNETSET() or CURVNETRESTORE()). That's tracked in the 'curvnet' variable. In other words: there are as many Vpfvnetactive variables as there are vnets: number of vnet jails plus one (for the host system). Why is that relevant here? Note that idx is not a per-vnet variable, but we handle multiple pf instances here. We run through all of them in fact. That means that we end up checking the first X states in the first vnet, then check the second X states in the second vnet, the third X states in the third and so on and so on. That of course means that we think we've run through all of the states in a vnet while we really only checked some of them. So when pfpurgeunlinkedrules() runs it can end up free()ing rules that actually are still in use because pfpurgethread() skipped over the state(s) that actually used the rule. The problem only happened if we reloaded rules in the host, because the active ruleset is never free()d, even if there are no states pointing to the rule. That explains the panic, and the fix is actually quite straightforward: idx needs to be a per-vnet variable, Vpfpurge_idx, and then the problem is gone. As is often the case, the solution to a fairly hard problem turns out to be really simple. As you might expect, finding the problem takes a lot more work that fixing it Thanks to Kristof for writing up this detailed post explaining how the problem was found, and what caused it. *** vBSDcon 2017: BSD at Work (https://www.ixsystems.com/blog/vbsdcon-2017-dexter/) The third biennial vBSDcon hosted by Verisign took place September 7th through 9th with the FreeBSD Developer Summit taking place the first day. vBSDcon and iXsystems' MeetBSD event have been alternating between the East and West coasts of the U.S.A. and these two events play vital roles in reaching Washington, DC-area and Bay Area/Silicon Valley audiences. Where MeetBSD serves many BSD Vendors, vBSDcon attracts a unique government and security industry demographic that isn't found anywhere else. Conference time and travel budgets are always limited and bringing these events to their attendees is a much-appreciated service provided by their hosts. The vBSDcon FreeBSD DevSummit had a strong focus on OpenZFS, the build system and networking with the FreeBSD 12 wish list of features in mind. How to best incorporate the steady flow of new OpenZFS features into FreeBSD such as dataset-level encryption was of particular interest. This feature from a GNU/Linux-based storage vendor is tribute to the growth of the OpenZFS community which is vital in light of the recent “Death of Solaris and ZFS” at Oracle. There has never been more demand for OpenZFS on FreeBSD and the Oracle news further confirms our collective responsibility to meet that demand. The official conference opened with my talk on “Isolated BSD Build Environments” in which I explained how the bhyve hypervisor can be used to effortlessly tour FreeBSD 5.0-onward and build specific source releases on demand to trace regressions to their offending commit. I was followed by a FreeNAS user who made the good point that FreeNAS is an exemplary “entry vector” into Unix and Enterprise Storage fundamentals, given that many of the vectors our generation had are gone. Where many of us discovered Unix and the Internet via console terminals at school or work, smart phones are only delivering the Internet without the Unix. With some irony, both iOS and Android are Unix-based yet offer few opportunities for their users to learn and leverage their Unix environments. The next two talks were The History and Future of Core Dumps in FreeBSD by Sam Gwydir and Using pkgsrc for multi-platform deployments in heterogeneous environments by G. Clifford Williams. I strongly recommend that anyone wanting to speak at AsiaBSDCon read Sam's accompanying paper on core dumps because I consider it the perfect AsiaBSDCon topic and his execution is excellent. Core dumps are one of those things you rarely think about until they are a DROP EVERYTHING! priority. G. Clifford's talk was about what I consider a near-perfect BSD project: pkgsrc, the portable BSD package manager. I put it up there with OpenSSH and mandoc as projects that have provided significant value to other Open Source operating systems. G. Clifford's real-world experiences are perfectly inline with vBSDcon's goal to be more production-oriented than other BSDCons. Of the other talks, any and all Dtrace talks are always appreciated and George Neville-Neil's did not disappoint. He based it on his experiences with the Teach BSD project which is bringing FreeBSD-based computer science education to schools around the world. The security-related talks by John-Mark Gurney, Dean Freeman and Michael Shirk also represented vBSDcon's consideration of the local community and made a convincing point that the BSDs should make concerted efforts to qualify for Common Criteria, FIPS, and other Government security requirements. While some security experts will scoff at these, they are critical to the adoption of BSD-based products by government agencies. BSD Now hosts Allan Jude and Benedict Reuschling hosted an OpenZFS BoF and Ansible talk respectively and I hosted a bhyve hypervisor BoF. The Hallway Track and food at vBSDcon were excellent and both culminated with an after-dinner dramatic reading of Michael W. Lucas' latest book that raised money for the FreeBSD Foundation. A great time was had by all and it was wonderful to see everyone! News Roundup FreeBSD 10.4-RC2 Available (https://lists.freebsd.org/pipermail/freebsd-stable/2017-September/087848.html) FreeBSD 10.4 will be released soon, this is the last chance to find bugs before the official release is cut. Noteworthy Changes Since 10.4-RC1: Given that the amd64 disc1 image was overflowing, more of the base components installed into the disc1 (live) file systems had to be disabled. Most notably, this removed the compiler toolchain from the disc1 images. All disabled tools are still available with the dvd1 images, though. The aesni(4) driver now no longer shares a single FPU context across multiple sessions in multiple threads, addressing problems seen when employing aesni(4) for ipsec(4). Support for netmap(4) by the ixgbe(4) driver has been brought into line with the netmap(4) API present in stable/10. Also, ixgbe(4) now correctly handles VFs in its netmap(4) support again instead of treating these as PFs. During the creation of amd64 and i386 VM images, etcupdate(8) and mergemaster(8) databases now are bootstrapped, akin to what happens along the extraction of base.txz as part of a new installation via bsdinstall(8). This change allows for both of these tools to work out-of-box on the VM images and avoids errors seen when upgrading these images via freebsd-update(8). If you are still on the stable/10 branch, you should test upgrading to 10.4, and make sure there are no problems with your workload Additional testing specifically of the features that have changed since 10.4-BETA1 would also be most helpful This will be the last release from the stable/10 branch *** OpenBSD changes of note 628 (https://www.tedunangst.com/flak/post/openbsd-changes-of-note-628) EuroBSDCon in two weeks. Be sure to attend early and often. Many and various documentation improvements for libcrypto. New man pages, rewrites, expanded bugs sections, and more. Only allow upward migration in vmd. There's a README for the syspatch build system if you want to run your own. Move the kernel relinking code from /etc/rc into a seperate script usable by syspatch. Kernel patches can now be reduced to just the necessary files. Make the callers of sogetopt() responsible for allocating memory. Now allocation and free occur in the same place. Use waitpid() instead of wait() in most programs to avoid accidentally collecting the wrong child. Have cu call isatty() before making assumptions. Switch mandoc rendering of mathematical symbols and greek letters from trying to imitate the characters' graphical shapes, which resulted in unintelligible renderings in many cases, to transliterations conveying the characters' meanings. Update libexpat to 2.2.4. Fix copying partial UTF-8 characters. Sigh, here we go again. Work around bug in F5's handling of the supported elliptic curves extension. RFC 4492 only defines elliptic_curves for ClientHello. However, F5 is sending it in ServerHello. We need to skip over it since our TLS extension parsing code is now more strict. After a first install, run syspatch -c to check for patches. If SMAP is present, clear PSL_AC on kernel entry and interrupt so that only the code in copy{in,out}* that need it run with it set. Panic if it's set on entry to trap() or syscall(). Prompted by Maxime Villard's NetBSD work. Errata. New drivers for arm: rktemp, mvpinctrl, mvmpic, mvneta, mvmdio, mvpxa, rkiic, rkpmic. No need to exec rm from within mandoc. We know there's exactly one file and directory to remove. Similarly with running cmp. Revert to Mesa 13.0.6 to hopefully address rendering issues a handful of people have reported with xpdf/fvwm on ivy bridge with modesetting driver. Rewrite ALPN extension using CBB/CBS and the new extension framework. Rewrite SRTP extension using CBB/CBS and the new extension framework. Revisit 2q queue sizes. Limit the hot queue to 1/20th the cache size up to a max of 4096 pages. Limit the warm and cold queues to half the cache. This allows us to more effectively notice re-interest in buffers instead of losing it in a large hot queue. Add glass console support for arm64. Probably not yet for your machine, though. Replace heaps of hand-written syscall stubs in ld.so with a simpler framework. 65535 is a valid port to listen on. When xinit starts an X server that listens only on UNIX socket, prefer DISPLAY=unix:0 rather than DISPLAY=:0. This will prevent applications from ever falling back to TCP if the UNIX socket connection fails (such as when the X server crashes). Reverted. Add -z and -Z options to apmd to auto suspend or hibernate when low on battery. Remove the original (pre-IETF) chacha20-poly1305 cipher suites. Add urng(4) which supports various USB RNG devices. Instead of adding one driver per device, start bundling them into a single driver. Remove old deactivated pledge path code. A replacement mechanism is being brewed. Fix a bug from the extension parsing rewrite. Always parse ALPN even if no callback has been installed to prevent leaving unprocessed data which leads to a decode error. Clarify what is meant by syslog priorities being ordered, since the numbers and priorities are backwards. Remove a stray setlocale() from ksh, eliminating a lot of extra statically linked code. Unremove some NPN symbols from libssl because ports software thinks they should be there for reasons. Fix saved stack location after resume. Somehow clang changed it. Resume works again on i386. Improve error messages in vmd and vmctl to be more informative. Stop building the miniroot installer for OMAP3 Beagleboards. It hasn't worked in over a year and nobody noticed. Have the callers of sosetopt() free the mbuf for symmetry. On octeon, let the kernel use the hardware FPU even if emulation is compiled in. It's faster. Fix support for 486DX CPUs by not calling cpuid. I used to own a 486. Now I don't. Merge some drm fixes from linux. Defer probing of floppy drives, eliminating delays during boot. Better handling of probes and beacons and timeouts and scans in wifi stack to avoid disconnects. Move mutex, condvar, and thread-specific data routes, pthreadonce, and pthreadexit from libpthread to libc, along with low-level bits to support them. Let's thread aware (but not actually threaded) code work with just libc. New POSIX xlocale implementation. Complete as long as you only use ASCII and UTF-8, as you should. Round and round it goes; when 6.2 stops, nobody knows. A peak at the future? *** Screencasting with OpenBSD (http://eradman.com/posts/screencasting.html) USB Audio Any USB microphone should appear as a new audio device. Here is the dmesg for my mic by ART: uaudio0 at uhub0 port 2 configuration 1 interface 0 "M-One USB" rev 1.10/0.01 addr 2 uaudio0: audio rev 1.00, 8 mixer controls audio1 at uaudio0 audioctl can read off all of the specific characterisitcs of this device $ audioctl -f /dev/audio1 | grep record mode=play,record record.rate=48000 record.channels=1 record.precision=16 record.bps=2 record.msb=1 record.encoding=slinear_le record.pause=0 record.active=0 record.block_size=1960 record.bytes=0 record.errors=0 Now test the recording from the second audio device using aucat(1) aucat -f rsnd/1 -o file.wav If the device also has a headset audio can be played through the same device. aucat -f rsnd/1 -i file.wav Screen Capture using Xvfb The rate at which a framebuffer for your video card is a feature of the hardware and software your using, and it's often very slow. x11vnc will print an estimate of the banwidth for the system your running. x11vnc ... 09/05/2012 22:23:45 fb read rate: 7 MB/sec This is about 4fps. We can do much better by using a virtual framebuffer. Here I'm setting up a new screen, setting the background color, starting cwm and an instance of xterm Xvfb :1 -screen 0 720x540x16 & DISPLAY=:1 xsetroot -solid steelblue & DISPLAY=:1 cwm & DISPLAY=:1 xterm +sb -fa Hermit -fs 14 & Much better! Now we're up around 20fps. x11vnc -display :1 & ... 11/05/2012 18:04:07 fb read rate: 168 MB/sec Make a connection to this virtual screen using raw encoding to eliminate time wasted on compression. vncviewer localhost -encodings raw A test recording with sound then looks like this ffmpeg -f sndio -i snd/1 -y -f x11grab -r 12 -s 800x600 -i :1.0 -vcodec ffv1 ~/out.avi Note: always stop the recording and playback using q, not Ctrl-C so that audio inputs are shut down properly. Screen Capture using Xephyr Xephyr is perhaps the easiest way to run X with a shadow framebuffer. This solution also avoids reading from the video card's RAM, so it's reasonably fast. Xephyr -ac -br -noreset -screen 800x600 :1 & DISPLAY=:1 xsetroot -solid steelblue & DISPLAY=:1 cwm & DISPLAY=:1 xrdb -load ~/.Xdefaults & DISPLAY=:1 xterm +sb -fa "Hermit" -fs 14 & Capture works in exactally the same way. This command tries to maintain 12fps. ffmpeg -f sndio -i snd/1 -y -f x11grab -r 12 -s 800x600 -i :1.0 -vcodec ffv1 -acodec copy ~/out.avi To capture keyboard and mouse input press Ctrl then Shift. This is very handy for using navigating a window manager in the nested X session. Arranging Windows I have sometimes found it helpful to launch applications and arrange them in a specific way. This will open up a web browser listing the current directory and position windows using xdotool DISPLAY=:1 midori "file:///pwd" & sleep 2 DISPLAY=:1 xdotool search --name "xterm" windowmove 0 0 DISPLAY=:1 xdotool search --class "midori" windowmove 400 0 DISPLAY=:1 xdotool search --class "midori" windowsize 400 576 This will position the window precisely so that it appears to be in a tmux window on the right. Audio/Video Sync If you find that the audio is way out of sync with the video, you can ajust the start using the -ss before the audio input to specify the number of seconds to delay. My final recording command line, that delays the audio by 0.5 seconds, writing 12fps ffmpeg -ss 0.5 -f sndio -i snd/1 -y -f x11grab -r 12 -s 800x600 -i :1.0 -vcodec ffv1 -acodec copy ~/out.avi Sharing a Terminal with tmux If you're trying to record a terminal session, tmux is able to share a session. In this way a recording of an X framebuffer can be taken without even using the screen. Start by creating the session. tmux -2 -S /tmp/tmux0 Then on the remote side connect on the same socket tmux -2 -S /tmp/tmux0 attach Taking Screenshots Grabbing a screenshots on Xvfb server is easily accomplished with ImageMagick's import command DISPLAY=:1 import -window root screenshot.png Audio Processing and Video Transcoding The first step is to ensure that the clip begins and ends where you'd like it to. The following will make a copy of the recording starting at time 00:00 and ending at 09:45 ffmpeg -i interactive-sql.avi -vcodec copy -acodec copy -ss 00:00:00 -t 00:09:45 interactive-sql-trimmed.avi mv interactive-sql-trimmed.avi interactive-sql.avi Setting the gain correctly is very important with an analog mixer, but if you're using a USB mic there may not be a gain option; simply record using it's built-in settings and then adjust the levels afterwards using a utility such as normalize. First extact the audio as a raw PCM file and then run normalize ffmpeg -i interactive-sql.avi -c:a copy -vn audio.wav normalize audio.wav Next merge the audio back in again ffmpeg -i interactive-sql.avi -i audio.wav -map 0:0 -map 1:0 -c copy interactive-sql-normalized.avi The final step is to compress the screencast for distribution. Encoding to VP8/Vorbis is easy: ffmpeg -i interactive-sql-normalized.avi -c:v libvpx -b:v 1M -c:a libvorbis -q:a 6 interactive-sql.webm H.264/AAC is tricky. For most video players the color space needs to be set to yuv420p. The -movflags puts the index data at the beginning of the file to enable streaming/partial content requests over HTTP: ffmpeg -y -i interactive-sql-normalized.avi -c:v libx264 -preset slow -crf 14 -pix_fmt yuv420p -movflags +faststart -c:a aac -q:a 6 interactive-sql.mp4 TrueOS @ Ohio Linuxfest '17! (https://www.trueos.org/blog/trueos-ohio-linuxfest-17/) Dru Lavigne and Ken Moore are both giving presentations on Saturday the 30th. Sit in and hear about new developments for the Lumina and FreeNAS projects. Ken is offering Lumina Rising: Challenging Desktop Orthodoxy at 10:15 am in Franklin A. Hear his thoughts about the ideas propelling desktop environment development and how Lumina, especially Lumina 2, is seeking to offer a new model of desktop architecture. Elements discussed include session security, application dependencies, message handling, and operating system integration. Dru is talking about What's New in FreeNAS 11 at 2:00 pm in Franklin D. She'll be providing an overview of some of the new features added in FreeNAS 11.0, including: Alert Services Starting specific services at boot time AD Monitoring to ensure the AD service restarts if disconnected A preview of the new user interface support for S3-compatible storage and the bhyve hypervisor She's also giving a sneak peek of FreeNAS 11.1, which has some neat features: A complete rewrite of the Jails/Plugins system as FreeNAS moves from warden to iocage Writing new plugins with just a few lines of code A brand new asynchronous middleware API Who's going? Attending this year are: Dru Lavigne (dlavigne): Dru leads the technical documentation team at iX, and contributes heavily to open source documentation projects like FreeBSD, FreeNAS, and TrueOS. Ken Moore (beanpole134): Ken is the lead developer of Lumina and a core contributor to TrueOS. He also works on a number of other Qt5 projects for iXsystems. J.T. Pennington (q5sys): Some of you may be familiar with his work on BSDNow, but J.T. also contributes to the TrueOS, Lumina, and SysAdm projects, helping out with development and general bug squashing. *** Beastie Bits Lumina Development Preview: Theme Engine (https://www.trueos.org/blog/lumina-development-preview-theme-engine/) It's happening! Official retro Thinkpad lappy spotted in the wild (https://www.theregister.co.uk/2017/09/04/retro_thinkpad_spotted_in_the_wild/) LLVM libFuzzer and SafeStack ported to NetBSD (https://blog.netbsd.org/tnf/entry/llvm_libfuzzer_and_safestack_ported) Remaining 2017 FreeBSD Events (https://www.freebsdfoundation.org/news-and-events/event-calendar/2017-openzfs-developer-summit/) *** Feedback/Questions Andrew - BSD Teaching Material (http://dpaste.com/0YTT0VP) Seth - Switching to Tarsnap after Crashplan becomes no more (http://dpaste.com/1SK92ZX#wrap) Thomas - Native encryption in ZFS (http://dpaste.com/02KD5FX#wrap) Coding Cowboy - Coding Cowboy - Passwords and clipboards (http://dpaste.com/31K0E40#wrap) ***

BSD Now
198: BSDNorth or You can't handle the libtruth

BSD Now

Play Episode Listen Later Jun 14, 2017 134:06


This episode gives you the full dose of BSDCan 2017 recap as well as a blog post on conference speaking advice. Headlines Pre-conference activities: Goat BoF, FreeBSD Foundation Board Meeting, and FreeBSD Journal Editorial Board Meeting The FreeBSD Foundation has a new President as Justin Gibbs is busy this year with building a house, so George Neville-Neil took up the task to serve as President, with Justin Gibbs as Secretary. Take a look at the updated Board of Directors (https://www.freebsdfoundation.org/about/board-of-directors/). We also have a new staff member (https://www.freebsdfoundation.org/about/staff/): Scott Lamons joined the Foundation team as senior program manager. Scott's work for the Foundation will focus on managing and evangelizing programs for advanced technologies in FreeBSD including preparing project plans, coordinating resources, and facilitating interactions between commercial vendors, the Foundation, and the FreeBSD community. The Foundation also planned various future activities, visits of upcoming conferences, and finding new ways to support and engage the community. The Foundation now has interns in the form of co-op students from the University of Waterloo, Canada. This is described further in the May 2017 Development Projects Update (https://www.freebsdfoundation.org/blog/may-2017-development-projects-update/). Both students (Siva and Charlie) were also the conference, helping out at the Foundation table, demonstrating the tinderbox dashboard. Follow the detailed instructions (https://www.freebsdfoundation.org/news-and-events/blog/blog-post/building-a-physical-freebsd-build-status-dashboard/) to build one of your own. The Foundation put out a call for Project Proposal Solicitation for 2017 (https://www.freebsdfoundation.org/blog/freebsd-foundation-2017-project-proposal-solicitation/). If you think you have a good proposal for work relating to any of the major subsystems or infrastructure for FreeBSD, we'd be happy to review it. Don't miss the deadlines for travel grants to some of the upcoming conferences. You can find the necessary forms and deadlines at the Travel Grant page (https://www.freebsdfoundation.org/what-we-do/travel-grants/travel-grants/) on the Foundation website. Pictures from the Goat BoF can be found on Keltia.net (https://assets.keltia.net/photos/BSDCan-2017/Royal%20Oak/index.html) Overlapping with the GoatBoF, members of the FreeBSD Journal editorial board met in a conference room in the Novotel to plan the upcoming issues. Topics were found, authors identified, and new content was discussed to appeal to even more readers. Check out the FreeBSD Journal website (https://www.freebsdfoundation.org/journal/) and subscribe if you like to support the Foundation in that way. FreeBSD Devsummit Day 1 & 2 (https://wiki.freebsd.org/DevSummit/201706) The first day of the Devsummit began with introductory slides by Gordon Tetlow, who organized the devsummit very well. Benno Rice of the FreeBSD core team presented the work done on the new Code of Conduct, which will become effective soon. A round of Q&A followed, with positive feedback from the other devsummit attendees supporting the new CoC. After that, Allan Jude joined to talk about the new FreeBSD Community Proposal (FCP) (https://github.com/freebsd/fcp) process. Modelled after IETF RFCs, Joyent RFDs, and Python PEP, it is a new way for the project to reach consensus on the design or implementation of new features or processes. The FCP repo contains FCP#0 that describes the process, and a template for writing a proposal. Then, the entire core team (except John Baldwin, who could not make it this year) and core secretary held a core Q&A session, Answering questions, gathering feedback and suggestions. After the coffee break, we had a presentation about Intel's QAT integration in FreeBSD. When the lunch was over, people spread out into working groups about BearSSL, Transport (TCP/IP), and OpenZFS. OpenZFS working group (https://pbs.twimg.com/media/DBu_IMsWAAId2sN.jpg:large): Matt Ahrens lead the group, and spent most of the first session providing a status update about what features have been recently committed, are out for review, on the horizon, or in the design phase. Existing Features Compressed ARC Compressed Send/Recv Recently Upstreamed A recent commit improved RAID-Z write speeds by declaring writes to padding blocks to be optional, and to always write them if they can be aggregated with the next write. Mostly impacts large record sizes. ABD (ARC buffer scatter/gather) Upstreaming In Progress Native Encryption Channel Programs Device Removal (Mirrors and Stripes) Redacted Send/recv Native TRIM Support (FreeBSD has its own, but this is better and applies to all ZFS implementations) Faster (mostly sequential) scrub/resilver DRAID (A great deal of time was spent explaining how this works, with diagrams on the chalk board) vdev metadata classes (store metadata on SSDs with data is on HDDs, or similar setups. Could also be modified to do dedup to SSD) Multi-mount protection (“safe import”, for dual-headed storage shelves) zpool checkpoint (rollback an entire pool, including zfs rename and zfs destroy) Further Out Import improvements Import with missing top-level vdevs (some blocks unreadable, but might let you get some data) Improved allocator performance -- vdev spacemap log ZIL performance Persistent L2ARC ZSTD Compression Day 2 Day two started with the Have/Want/Need session for FreeBSD 12.0. A number of features that various people have or are in the process of building, were discussed with an eye towards upstreaming them. Features we want to have in time for 12.0 (early 2019) were also discussed. After the break was the Vendor summit, which continued the discussion of how FreeBSD and its vendors can work together to make a better operating system, and better products based on it After lunch, the group broke up into various working groups: Testing/CI, Containers, Hardening UFS, and GELI Improvements Allan lead the GELI Improvements session. The main thrust of the discussions was fixing an outstanding bug in GELI when using both key slots with passphrases. To solve this, and make GELI more extensible, the metadata format will be extended to allow it to store more than 512 bytes of data (currently 511 bytes are used). The new format will allow arbitrarily large metadata, defined at creation time by selecting the number of user key slots desired. The new extended metadata format will contain mostly the same fields, except the userkey will no longer be a byte array of IV-key, Data-key, HMAC, but a struct that will contain all data about that key This new format will store the number of pkcs5v2 iterations per key, instead of only having a single location to store this number for all keys (the source of the original bug) A new set of flags per key, to control some aspects of the key (does it require a keyfile, etc), as well as possibly the role of the key. An auxdata field related to the flags, this would allow a specific key with a specific flag set, to boot a different partition, rather than decrypt the main partition. A URI to external key material is also stored per key, allowing GELI to uniquely identify the correct data to load to be able to use a specific decryption key And the three original parts of the key are stored in separate fields now. The HMAC also has a type field, allowing for a different HMAC algorithm to be used in the future. The main metadata is also extended to include a field to store the number of user keys, and to provide an overall HMAC of the metadata, so that it can be verified using the master key (provide any of the user keys) Other topics discussed: Ken Merry presented sedutil, a tool for managing Self Encrypting Drives, as may be required by certain governments and other specific use cases. Creating a deniable version of GELI, where the metadata is also encrypted The work to implemented GELI in the UEFI loader was discussed, and a number of developers volunteered to review and test the code Following the end of the Dev Summit, the “Newcomers orientation and mentorship” session was run by Michael W. Lucas, which attempts to pair up first time attendees with oldtimers, to make sure they always know a few people they can ask if they have questions, or if they need help getting introduced to the right people. News Roundup Conference Day 1 (http://www.bsdcan.org/2017/schedule/day_2017-06-09.en.html) The conference opened with some short remarks from Dan Langille, and then the opening keynote by Dr Michael Geist, a law professor at the University of Ottawa where he holds the Canada Research Chair in Internet and E-commerce Law. The keynote focused on what some of the currently issues are, and how the technical community needs to get involved at all levels. In Canada especially, contacting your representatives is quite effective, and when it does not happen, they only hear the other side of the story, and often end up spouting talking points from lobbyists as if they were facts. The question period for the keynote ran well overtime because of the number of good questions the discussion raised, including how do we fight back against large telcos with teams of lawyers and piles of money. Then the four tracks of talks started up for the day The day wrapped up with the Work In Progress (WIP) session. Allan Jude presented work on ZSTD compression in ZFS Drew Gallatin presented about work at Netflix on larger mbufs, to avoid the need for chaining and to allow more data to be pushed at once. Results in an 8% CPU time reduction when pushing 90 gbps of TLS encrypted traffic Dan Langille presented about letsencrypt (the acme.sh tool specifically), and bacula Samy Al Bahra presented about Concurrency Kit *** Conference Day 2 (http://www.bsdcan.org/2017/schedule/day_2017-06-10.en.html) Because Dan is a merciful soul, BSDCan starts an hour later on the second day Another great round of talks and BoF sessions over lunch The hallway track was great as always, and I spent most of the afternoon just talking with people Then the final set of talks started, and I was torn between all four of them Then there was the auction, and the closing party *** BSDCan 2017 Auction Swag (https://blather.michaelwlucas.com/archives/2962) Groff Fundraiser Pins: During the conference, You could get a unique Groff pin, by donating more than the last person to either the FreeBSD or OpenBSD foundation Michael W. Lucas and his wife Liz donated some interesting home made and local items to the infamous Charity Auction I donated the last remaining copy of the “Canadian Edition” of “FreeBSD Mastery: Advanced ZedFS”, and a Pentium G4400 (Skylake) CPU (Supports ECC or non-ECC) Peter Hessler donated his pen (Have you read “Git Commit Murder” yet?) Theo De Raadt donated his autographed conference badge David Maxwell donated a large print of the group photo from last years FreeBSD Developers Summit, which was purchased by Allan There was also a FreeBSD Dev Summit T-Shirt (with the Slogan: What is Core doing about it?) autographed by all of the attending members of core, with a forged jhb@ signature. Lastly, someone wrote “I

Tour D'oeuvres Podcast
Ep. 11 "All Your Friends are Dead (They're Probably Not Though)" JoJo with John Baldwin @ Walter's in Houston

Tour D'oeuvres Podcast

Play Episode Listen Later Jun 13, 2017


JoJo sits down with John Baldwin, formerly of Wild Moccasins, at Walter's in Houston. They review the timeline of knowing each other and catch up on the Houston music scene, and talk quitting bands, finding success in self-contained creative careers, and the homogenization of American cities. See if you can catch when JoJo accidentally calls Houston "Dallas," as he tends to do.Intro and outro music is "Full-time Fetish" by Wild Moccasins from the album "88 92."

BSD Now
195: I don't WannaCry

BSD Now

Play Episode Listen Later May 24, 2017 75:15


A pledge of love to OpenBSD, combating ransomware like WannaCry with OpenZFS, and using PFsense to maximize your non-gigabit Internet connection This episode was brought to you by Headlines ino64 project committed to FreeBSD 12-CURRENT (https://svnweb.freebsd.org/base?view=revision&revision=318736) The ino64 project has been completed and merged into FreeBSD 12-CURRENT Extend the inot, devt, nlinkt types to 64-bit ints. Modify struct dirent layout to add doff, increase the size of dfileno to 64-bits, increase the size of dnamlen to 16-bits, and change the required alignment. Increase struct statfs fmntfromname[] and fmntonname[] array length MNAMELEN to 1024 This means the length of a mount point (MNAMELEN) has been increased from 88 byte to 1024 bytes. This allows longer ZFS dataset names and more nesting, and generally improves the usefulness of nested jails It also allow more than 4 billion files to be stored in a single file system (both UFS and ZFS). It also deals with a number of NFS problems, such as Amazon's EFS (cloud NFS), which uses 64 bit IDs even with small numbers of files. ABI breakage is mitigated by providing compatibility using versioned symbols, ingenious use of the existing padding in structures, and by employing other tricks. Unfortunately, not everything can be fixed, especially outside the base system. For instance, third-party APIs which pass struct stat around are broken in backward and forward incompatible ways. A bug in poudriere that may cause some packages to not rebuild is being fixed. Many packages like perl will need to be rebuilt after this change Update note: strictly follow the instructions in UPDATING. Build and install the new kernel with COMPAT_FREEBSD11 option enabled, then reboot, and only then install new world. So you need the new GENERIC kernel with the COMPAT_FREEBSD11 option, so that your old userland will work with the new kernel, and you need to build, install, and reboot onto the new kernel before attempting to install world. The usual process of installing both and then rebooting will NOT WORK Credits: The 64-bit inode project, also known as ino64, started life many years ago as a project by Gleb Kurtsou (gleb). Kirk McKusick (mckusick) then picked up and updated the patch, and acted as a flag-waver. Feedback, suggestions, and discussions were carried by Ed Maste (emaste), John Baldwin (jhb), Jilles Tjoelker (jilles), and Rick Macklem (rmacklem). Kris Moore (kmoore) performed an initial ports investigation followed by an exp-run by Antoine Brodin (antoine). Essential and all-embracing testing was done by Peter Holm (pho). The heavy lifting of coordinating all these efforts and bringing the project to completion were done by Konstantin Belousov (kib). Sponsored by: The FreeBSD Foundation (emaste, kib) Why I love OpenBSD (https://medium.com/@h3artbl33d/why-i-love-openbsd-ca760cf53941) Jeroen Janssen writes: I do love open source software. Oh boy, I really do love open source software. It's extendable, auditable, and customizable. What's not to love? I'm astonished by the idea that tens, hundreds, and sometimes even thousands of enthusiastic, passionate developers collaborate on an idea. Together, they make the world a better place, bit by bit. And this leads me to one of my favorite open source projects: the 22-year-old OpenBSD operating system. The origins of my love affair with OpenBSD From Linux to *BSD The advantages of OpenBSD It's extremely secure It's well documented It's open source > It's neat and clean My take on OpenBSD ** DO ** Combating WannaCry and Other Ransomware with OpenZFS Snapshots (https://www.ixsystems.com/blog/combating-ransomware/) Ransomware attacks that hold your data hostage using unauthorized data encryption are spreading rapidly and are particularly nefarious because they do not require any special access privileges to your data. A ransomware attack may be launched via a sophisticated software exploit as was the case with the recent “WannaCry” ransomware, but there is nothing stopping you from downloading and executing a malicious program that encrypts every file you have access to. If you fail to pay the ransom, the result will be indistinguishable from your simply deleting every file on your system. To make matters worse, ransomware authors are expanding their attacks to include just about any storage you have access to. The list is long, but includes network shares, Cloud services like DropBox, and even “shadow copies” of data that allow you to open previous versions of files. To make matters even worse, there is little that your operating system can do to prevent you or a program you run from encrypting files with ransomware just as it can't prevent you from deleting the files you own. Frequent backups are touted as one of the few effective strategies for recovering from ransomware attacks but it is critical that any backup be isolated from the attack to be immune from the same attack. Simply copying your files to a mounted disk on your computer or in the Cloud makes the backup vulnerable to infection by virtue of the fact that you are backing up using your regular permissions. If you can write to it, the ransomware can encrypt it. Like medical workers wearing hazmat suits for isolation when combating an epidemic, you need to isolate your backups from ransomware. OpenZFS snapshots to the rescue OpenZFS is the powerful file system at the heart of every storage system that iXsystems sells and of its many features, snapshots can provide fast and effective recovery from ransomware attacks at both the individual user and enterprise level as I talked about in 2015. As a copy-on-write file system, OpenZFS provides efficient and consistent snapshots of your data at any given point in time. Each snapshot only includes the precise delta of changes between any two points in time and can be cloned to provide writable copies of any previous state without losing the original copy. Snapshots also provide the basis of OpenZFS replication or backing up of your data to local and remote systems. Because an OpenZFS snapshot takes place at the block level of the file system, it is immune to any file-level encryption by ransomware that occurs over it. A carefully-planned snapshot, replication, retention, and restoration strategy can provide the low-level isolation you need to enable your storage infrastructure to quickly recover from ransomware attacks. OpenZFS snapshots in practice While OpenZFS is available on a number of desktop operating systems such as TrueOS and macOS, the most effective way to bring the benefits of OpenZFS snapshots to the largest number of users is with a network of iXsystems TrueNAS, FreeNAS Certified and FreeNAS Mini unified NAS and SAN storage systems. All of these can provide OpenZFS-backed SMB, NFS, AFP, and iSCSI file and block storage to the smallest workgroups up through the largest enterprises and TrueNAS offers available Fibre Channel for enterprise deployments. By sharing your data to your users using these file and block protocols, you can provide them with a storage infrastructure that can quickly recover from any ransomware attack thrown at it. To mitigate ransomware attacks against individual workstations, TrueNAS and FreeNAS can provide snapshotted storage to your VDI or virtualization solution of choice. Best of all, every iXsystems TrueNAS, FreeNAS Certified, and FreeNAS Mini system includes a consistent user interface and the ability to replicate between one another. This means that any topology of individual offices and campuses can exchange backup data to quickly mitigate ransomware attacks on your organization at all levels. Join us for a free webinar (http://www.onlinemeetingnow.com/register/?id=uegudsbc75) with iXsystems Co-Founder Matt Olander and learn more about why businesses everywhere are replacing their proprietary storage platforms with TrueNAS then email us at info@ixsystems.com or call 1-855-GREP-4-IX (1-855-473-7449), or 1-408-493-4100 (outside the US) to discuss your storage needs with one of our solutions architects. Interview - Michael W. Lucas - mwlucas@michaelwlucas.com (mailto:mwlucas@michaelwlucas.com) / @twitter (https://twitter.com/mwlauthor) Books, conferences, and how these two combine + BR: Welcome back. Tell us what you've been up to since the last time we interviewed you regarding books and such. + AJ: Tell us a little bit about relayd and what it can do. + BR: What other books do you have in the pipeline? + AJ: What are your criteria that qualifies a topic for a mastery book? + BR: Can you tell us a little bit about these writing workshops that you attend and what happens there? + AJ: Without spoiling too much: How did you come up with the idea for git commit murder? + BR: Speaking of BSDCan, can you tell the first timers about what to expect in the http://www.bsdcan.org/2017/schedule/events/890.en.html (Newcomers orientation and mentorship) session on Thursday? + AJ: Tell us about the new WIP session at BSDCan. Who had the idea and how much input did you get thus far? + BR: Have you ever thought about branching off into a new genre like children's books or medieval fantasy novels? + AJ: Is there anything else before we let you go? News Roundup Using LLDP on FreeBSD (https://tetragir.com/freebsd/networking/using-lldp-on-freebsd.html) LLDP, or Link Layer Discovery Protocol allows system administrators to easily map the network, eliminating the need to physically run the cables in a rack. LLDP is a protocol used to send and receive information about a neighboring device connected directly to a networking interface. It is similar to Cisco's CDP, Foundry's FDP, Nortel's SONMP, etc. It is a stateless protocol, meaning that an LLDP-enabled device sends advertisements even if the other side cannot do anything with it. In this guide the installation and configuration of the LLDP daemon on FreeBSD as well as on a Cisco switch will be introduced. If you are already familiar with Cisco's CDP, LLDP won't surprise you. It is built for the same purpose: to exchange device information between peers on a network. While CDP is a proprietary solution and can be used only on Cisco devices, LLDP is a standard: IEEE 802.3AB. Therefore it is implemented on many types of devices, such as switches, routers, various desktop operating systems, etc. LLDP helps a great deal in mapping the network topology, without spending hours in cabling cabinets to figure out which device is connected with which switchport. If LLDP is running on both the networking device and the server, it can show which port is connected where. Besides physical interfaces, LLDP can be used to exchange a lot more information, such as IP Address, hostname, etc. In order to use LLDP on FreeBSD, net-mgmt/lldpd has to be installed. It can be installed from ports using portmaster: #portmaster net-mgmt/lldpd Or from packages: #pkg install net-mgmt/lldpd By default lldpd sends and receives all the information it can gather , so it is advisable to limit what we will communicate with the neighboring device. The configuration file for lldpd is basically a list of commands as it is passed to lldpcli. Create a file named lldpd.conf under /usr/local/etc/ The following configuration gives an example of how lldpd can be configured. For a full list of options, see %man lldpcli To check what is configured locally, run #lldpcli show chassis detail To see the neighbors run #lldpcli show neighbors details Check out the rest of the article about enabling LLDP on a Cisco switch experiments with prepledge (http://www.tedunangst.com/flak/post/experiments-with-prepledge) Ted Unangst takes a crack at a system similar to the one being designed for Capsicum, Oblivious Sandboxing (See the presentation at BSDCan), where the application doesn't even know it is in the sandbox MP3 is officially dead, so I figure I should listen to my collection one last time before it vanishes entirely. The provenance of some of these files is a little suspect however, and since I know one shouldn't open files from strangers, I'd like to take some precautions against malicious malarkey. This would be a good use for pledge, perhaps, if we can get it working. At the same time, an occasional feature request for pledge is the ability to specify restrictions before running a program. Given some untrusted program, wrap its execution in a pledge like environment. There are other system call sandbox mechanisms that can do this (systrace was one), but pledge is quite deliberately designed not to support this. But maybe we can bend it to our will. Our pledge wrapper can't be an external program. This leaves us with the option of injecting the wrapper into the target program via LD_PRELOAD. Before main even runs, we'll initialize what needs initializing, then lock things down with a tight pledge set. Our eventual target will be ffplay, but hopefully the design will permit some flexibility and reuse. So the new code is injected to override the open syscall, and reads a list of files from an environment variable. Those files are opened and the path and file descriptor are put into a linked list, and then pledge is used to restrict further access to the file system. The replacement open call now searches just that linked list, returning the already opened file descriptors. So as long as your application only tries to open files that you have preopened, it can function without modification within the sandbox. Or at least that is the goal... ffplay tries to dlopen() some things, and because of the way dlopen() works, it doesn't go via the libc open() wrapper, so it doesn't get overridden ffplay also tries to call a few ioctl's, not allowed After stubbing both of those out, it still doesn't work and it is just getting worse Ted switches to a new strategy, using ffmpeg to convert the .mp3 to a .wav file and then just cat it to /dev/audio A few more stubs for ffmpeg, including access(), and adding tty access to the list of pledges, and it finally works This point has been made from the early days, but I think this exercise reinforces it, that pledge works best with programs where you understand what the program is doing. A generic pledge wrapper isn't of much use because the program is going to do something unexpected and you're going to have a hard time wrangling it into submission. Software is too complex. What in the world is ffplay doing? Even if I were working with the source, how long would it take to rearrange the program into something that could be pledged? One can try using another program, but I would wager that as far as multiformat media players go, ffplay is actually on the lower end of the complexity spectrum. Most of the trouble comes from using SDL as an abstraction layer, which performs a bunch of console operations. On the flip side, all of this early init code is probably the right design. Once SDL finally gets its screen handle setup, we could apply pledge and sandbox the actual media decoder. That would be the right way to things. Is pledge too limiting? Perhaps, but that's what I want. I could have just kept adding permissions until ffplay had full access to my X socket, but what kind of sandbox is that? I don't want naughty MP3s scraping my screen and spying on my keystrokes. The sandbox I created had all the capabilities one needs to convert an MP3 to audible sound, but the tool I wanted to use wasn't designed to work in that environment. And in its defense, these were new post hoc requirements. Other programs, even sed, suffer from less than ideal pledge sets as well. The best summary might be to say that pledge is designed for tomorrow's programs, not yesterday's (and vice versa). There were a few things I could have done better. In particular, I gave up getting audio to work, even though there's a nice description of how to work with pledge in the sio_open manual. Alas, even going back and with a bit more effort I still haven't succeeded. The requirements to use libsndio are more permissive than I might prefer. How I Maximized the Speed of My Non-Gigabit Internet Connection (https://medium.com/speedtest-by-ookla/engineer-maximizes-internet-speed-story-c3ec0e86f37a) We have a new post from Brennen Smith, who is the Lead Systems Engineer at Ookla, the company that runs Speedtest.net, explaining how he used pfSense to maximize his internet connection I spend my time wrangling servers and internet infrastructure. My daily goals range from designing high performance applications supporting millions of users and testing the fastest internet connections in the world, to squeezing microseconds from our stack —so at home, I strive to make sure that my personal internet performance is running as fast as possible. I live in an area with a DOCSIS ISP that does not provide symmetrical gigabit internet — my download and upload speeds are not equal. Instead, I have an asymmetrical plan with 200 Mbps download and 10 Mbps upload — this nuance considerably impacted my network design because asymmetrical service can more easily lead to bufferbloat. We will cover bufferbloat in a later article, but in a nutshell, it's an issue that arises when an upstream network device's buffers are saturated during an upload. This causes immense network congestion, latency to rise above 2,000 ms., and overall poor quality of internet. The solution is to shape the outbound traffic to a speed just under the sending maximum of the upstream device, so that its buffers don't fill up. My ISP is notorious for having bufferbloat issues due to the low upload performance, and it's an issue prevalent even on their provided routers. They walk through a list of router devices you might consider, and what speeds they are capable of handling, but ultimately ended up using a generic low power x86 machine running pfSense 2.3 In my research and testing, I also evaluated IPCop, VyOS, OPNSense, Sophos UTM, RouterOS, OpenWRT x86, and Alpine Linux to serve as the base operating system, but none were as well supported and full featured as PFSense. The main setting to look at is the traffic shaping of uploads, to keep the pipe from getting saturated and having a large buffer build up in the modem and further upstream. This build up is what increases the latency of the connection As with any experiment, any conclusions need to be backed with data. To validate the network was performing smoothly under heavy load, I performed the following experiment: + Ran a ping6 against speedtest.net to measure latency. + Turned off QoS to simulate a “normal router”. + Started multiple simultaneous outbound TCP and UDP streams to saturate my outbound link. + Turned on QoS to the above settings and repeated steps 2 and 3. As you can see from the plot below, without QoS, my connection latency increased by ~1,235%. However with QoS enabled, the connection stayed stable during the upload and I wasn't able to determine a statistically significant delta. That's how I maximized the speed on my non-gigabit internet connection. What have you done with your network? FreeBSD on 11″ MacBook Air (https://www.geeklan.co.uk/?p=2214) Sevan Janiyan writes in his tech blog about his experiences running FreeBSD on an 11'' MacBook Air This tiny machine has been with me for a few years now, It has mostly run OS X though I have tried OpenBSD on it (https://www.geeklan.co.uk/?p=1283). Besides the screen resolution I'm still really happy with it, hardware wise. Software wise, not so much. I use an external disk containing a zpool with my data on it. Among this data are several source trees. CVS on a ZFS filesystem on OS X is painfully slow. I dislike that builds running inside Terminal.app are slow at the expense of a responsive UI. The system seems fragile, at the slightest push the machine will either hang or become unresponsive. Buggy serial drivers which do not implement the break signal and cause instability are frustrating. Last week whilst working on Rump kernel (http://rumpkernel.org/) builds I introduced some new build issues in the process of fixing others, I needed to pick up new changes from CVS by updating my copy of the source tree and run builds to test if issues were still present. I was let down on both counts, it took ages to update source and in the process of cross compiling a NetBSD/evbmips64-el release, the system locked hard. That was it, time to look what was possible elsewhere. While I have been using OS X for many years, I'm not tied to anything exclusive on it, maybe tweetbot, perhaps, but that's it. On the BSDnow podcast they've been covering changes coming in to TrueOS (formerly PC-BSD – a desktop focused distro based on FreeBSD), their experiments seemed interesting, the project now tracks FreeBSD-CURRENT, they've replaced rcng with OpenRC as the init system and it comes with a pre-configured desktop environment, using their own window manager (Lumina). Booting the USB flash image it made it to X11 without any issue. The dock has a widget which states the detected features, no wifi (Broadcom), sound card detected and screen resolution set to 1366×768. I planned to give it a try on the weekend. Friday, I made backups and wiped the system. TrueOS installed without issue, after a short while I had a working desktop, resuming from sleep worked out of the box. I didn't spend long testing TrueOS, switching out NetBSD-HEAD only to realise that I really need ZFS so while I was testing things out, might as well give stock FreeBSD 11-STABLE a try (TrueOS was based on -CURRENT). Turns out sleep doesn't work yet but sound does work out of the box and with a few invocations of pkg(8) I had xorg, dwm, firefox, CVS and virtuabox-ose installed from binary packages. VirtualBox seems to cause the system to panic (bug 219276) but I should be able to survive without my virtual machines over the next few days as I settle in. I'm considering ditching VirtualBox and converting the vdi files to raw images so that they can be written to a new zvol for use with bhyve. As my default keyboard layout is Dvorak, OS X set the EFI settings to this layout. The first time I installed FreeBSD 11-STABLE, I opted for full disk encryption but ran into this odd issue where on boot the keyboard layout was Dvorak and password was accepted, the system would boot and as it went to mount the various filesystems it would switch back to QWERTY. I tried entering my password with both layout but wasn't able to progress any further, no bug report yet as I haven't ruled myself out as the problem. Thunderbolt gigabit adapter –bge(4) (https://www.freebsd.org/cgi/man.cgi?query=bge) and DVI adapter both worked on FreeBSD though the gigabit adapter needs to be plugged in at boot to be detected. The trackpad bind to wsp(4) (https://www.freebsd.org/cgi/man.cgi?query=wsp), left, right and middle clicks are available through single, double and tripple finger tap. Sound card binds to snd_hda(4) (https://www.freebsd.org/cgi/man.cgi?query=snd_hda) and works out of the box. For wifi I'm using a urtw(4) (https://www.freebsd.org/cgi/man.cgi?query=urtw) Alfa adapter which is a bit on the large side but works very reliably. A copy of the dmesg (https://www.geeklan.co.uk/files/macbookair/freebsd-dmesg.txt) is here. Beastie Bits OPNsense - call-for-testing for SafeStack (https://forum.opnsense.org/index.php?topic=5200.0) BSD 4.4: cat (https://www.rewritinghistorycasts.com/screencasts/bsd-4.4:-cat) Continuous Unix commit history from 1970 until today (https://github.com/dspinellis/unix-history-repo) Update on Unix Architecture Evolution Diagrams (https://www.spinellis.gr/blog/20170510/) “Relayd and Httpd Mastery” is out! (https://blather.michaelwlucas.com/archives/2951) Triangle BSD User Group Meeting -- libxo (https://www.meetup.com/Triangle-BSD-Users-Group/events/240247251/) *** Feedback/Questions Carlos - ASUS Tinkerboard (http://dpaste.com/1GJHPNY#wrap) James - Firewall question (http://dpaste.com/0QCW933#wrap) Adam - ZFS books (http://dpaste.com/0GMG5M2#wrap) David - Managing zvols (http://dpaste.com/2GP8H1E#wrap) ***

Let's Talk Teaching
Ep. 025: Teaching and Culture with John Baldwin

Let's Talk Teaching

Play Episode Listen Later Apr 7, 2017 28:00


Culture, globalization, mentoring, and life-long learning: We talk this week with Dr. John Baldwin, a professor in the School of Communication and the 2016 Outstanding University Teaching Award winner for tenured faculty. John shares his insights on those topics and more, as he and Jim explore the link between students’ self-identities and learning. They also discuss the importance of modeling positive behavior in your class—even when the discussion gets difficult.

WJBC Interviews
John Baldwin, Illinois Dept. of Corrections Dir., 9-8-16

WJBC Interviews

Play Episode Listen Later Sep 8, 2016 11:22


Illinois Department of Corrections Director John Baldwin discusses mental health training for its correctional officers.

Book Shambles with Robin and Josie

Songwriter and performer David McAlmont joins Robin and Josie this week as he awaits the final results from his Art History degree, due that very afternoon. They talk of the great books of art as well as the work of John Baldwin, AA Milne, Truman Capote and, of course, Jean Rhys.

BSD Now
148: The place to B...A Robot!

BSD Now

Play Episode Listen Later Jun 29, 2016 104:32


This week on the show, Allan and I are going to be showing you a very interesting interview we did talking about using FreeBSD to drive This episode was brought to you by Headlines FreeBSD Core Team Election (https://www.freebsd.org/administration.html#t-core) Core.9 has been elected, and will officially take over from Core.8 on Wednesday, 6 July 2016 Many thanks to the outgoing members of the core team for their service over the last 2 years 214 out of 325 eligible voters (65.8%) cast their votes in an election counting 14 candidates. The top nine candidates are, in descending order of votes received: 180 84.1% Ed Maste (incumbent) 176 82.2% George V. Neville-Neil (incumbent) 171 79.9% Baptiste Daroussin (incumbent) 168 78.5% John Baldwin 166 77.6% Hiroki Sato (incumbent) 147 68.7% Allan Jude 132 61.7% Kris Moore 121 56.5% Benedict Reuschling 108 50.5% Benno Rice There was no tie for ninth. BSDNow and the entire community would also like to extend their thanks to all those who stood for election to the core team Next week's core meeting will encompass the members of Core.8 and Core.9, as responsibility for any outstanding items will be passed from outgoing members of core to the new incoming members *** Why I run OpenBSD (http://deftly.net/posts/2016-05-31-why-i-run-openbsd.html) This week we have a good article / blog post talking about why the posted has moved to OpenBSD from Linux. “One thing I learned during my travels between OSs: consistency is everything. Most operating systems seem to, at least, keep a consistent interface between themselves and binaries / applications. They do this by keeping consistent APIs (Application Programming Interfaces) and ABIs (Application Binary Interfaces). If you take a binary from a really old version of Linux and run or build it on a brand-spanking new install of Linux, it will likely Just Work™. This is great for applications and developers of applications. Vendors can build binaries for distribution and worry less about their product working when it gets out in the wild (sure this binary built in 2016 will run on RedHat AS2.1!!).“ The author then goes through another important part of the consistency argument, with what he calls “UPI” or “User Program Interfaces”. In other words, while the ABI may be stable, what about the end-user tooling that the user directly has to interact with on a daily basis? “This inconsistency seems to have come to be when Linux started getting wireless support. For some reason someone (vendors, maybe?) decided that ifconfig wasn't a good place to let users interact with their wireless device. Maybe they felt their device was special? Maybe there were technical reasons? The bottom line is, someone decided to create a new utility to manage a wireless device… and then another one came along… pretty soon there was iwconfig(8), iw(8), ifconfig(8), some funky thing that let windows drivers interface with Linux.. and one called ip(8) I am sure there are others I am forgetting, but I prefer to forget. I have moved onto greener pastures and the knowledge of these programs no longer serves me.” The article then goes through the rundown of how he evaluated the various BSD's and ultimately settled on OpenBSD: “OpenBSD won the showdown. It was the most complete, simple, and coherent system. The documentation was thorough, the code was easy to follow and understand. It had one command to configure all of the network interfaces! I didn't have wireless, but I was able to find a cheap USB adapter that worked by simply running man -k wireless and reading about the USB entries. It didn't have some of the applications I use regularly, so I started reading about ports (intuitively, via man ports!).” The ultimate NetBSD Router (http://blog.tbrodel.me/2016/#netbsd-router) “So yesterday I spent the day setting up a new firewall at home here, based off of this BSD Now tutorial. Having set up a couple of OpenBSD routers before, either based on old laptops, bulky old power-sucking desktops or completely over-specced machines like the Intel NUC, I wanted to get some kind of BSD onto a low-powered ARM board and use that instead.” “I've had a couple of Cubietrucks lying around for a while now, I've used them in a couple of art installations, running Debian and Pure Data, but over all they've been a bit disappointing. It's more the manufacturer's fault but they require blobs for the graphics and audio, which Debian won't allow, so as a multimedia board they're dud for video, and only passable for audio work with a usb sound card. So they've been collecting dust.” “Only thing missing is a second NIC, luckily I had an Apple USB->Ethernet dongle lying around, which when I bought it was the cheapest thing I could find on eBay that OpenBSD definitely supported. There, and on NetBSD, it's supported by the axe(4) driver. USB 2.0 works fine for me as I live in Australia and my ISP can only give me 30Mbps, so this should do for the forseeable future.” + The article then walks through installing and configuring NetBSD + Configuration includes: pf, unbound, and dhcpd “This project has been really fun, I started with basically no experience with NetBSD and have finished with a really useful, low-powered and robust appliance. It's a testament to the simplicity of the NetBSD system, and the BSD design principles in general, that such a novice as myself could figure this out. The NetBSD project has easily the most polished experience on Allwinner ARM boards, even Debian doesn't make it this easy. It's been a joy running the system, it has the bits I love from OpenBSD; ksh(1), tmux(1), an http daemon in base and of course, pf(4). This is mixed with some of the pragmatism I see in FreeBSD; a willingness to accept blobs if that really is the only way to boot, or get audio, or a video console.” bhyve-Bootable Boot Environments (http://callfortesting.org/bhyve-boot-environments/) We have a lengthy article also today from our friend Michael Dexter, who asks the basic question “What if multibooting and OS upgrades weren't horrible?” No doubt if you've been a frequent listener to this show, you've heard Allan or Myself talking about ZFS Boot Environments, and how they can “change your life”. Well today Michael goes further into detail on how the BE's work, and how they can be leveraged to do neat things, like installing other versions of an operating system from the original running system. “If you are reading this, you have probably used a personal computer with a BSD or GNU/Linux operating system and at some point attempted to multiboot between multiple operating systems on the same computer. This goal is typically attempted with complex disk partitioning and a BSD or GNU/Linux boot loader like LILO or GRUB, plus several hours of frustrating experimentation and perhaps data loss. While exotic OS experimentation has driven my virtualization work since the late 1990s, there are very pragmatic reasons for multibooting the same OS on the same hardware, notable for updates and failback to "known good" versions. To its credit, FreeBSD has long had various strategies including the NanoBSD embedded system framework with primary and secondary root partitions, plus the nextboot(8) utility for selecting the "next" kernel with various boot parameters. Get everything set correctly and you can multiboot "with impunity". “That's a good start, and over time we have seen ZFS "boot environments" be used by PC-BSD and FreeNAS to allow for system updates that allow one to fall back to previous versions should something go wrong. Hats off to these efforts but they exist in essentially purpose-built appliance environments. I have long sensed that there is more fun to be had here and a wonderful thing happened with FreeBSD 10.3 and 11.0: Allan Jude added a boot environment menu to the FreeBSD loader” From here Michael takes us through the mechanical bits of actually creating a new ZFS dataset (BE) and performing a fresh FreeBSD 10.3 installation into this new boot-environment. The twist comes at the end, where he next sets up the BE to be a root NFS for booting in bhyve! This is interesting and gives you a way to test booting into your new environment via a VM, before rebooting the host directly into it. *** Interview - Edicarla Andrade & Vinícius Zavam - @egypcio (https://twitter.com/egypcio) BSD-Powered Robots News Roundup Tomohiro Kasumi explains what “@@” means, in the context of the Hammer filesystem (http://lists.dragonflybsd.org/pipermail/users/2016-June/249717.html) A post from the Dragonfly users' mailing list about what the @@ construct means in the Hammer filesystem “@@ represents the existence of a PFS which is logically separated pseudo filesystem space within HAMMER's B-Tree” “HAMMER only has 1 large B-Tree per filesystem (not per PFS), so all the PFS exist within that single B-Tree. PFS are separated by localization parameter which is one of the B-Tree keys used to lookup the tree.” Each substring in "@@-1:00001" means: "@@" means it's a PFS or snapshot. "-1" means it's a master. ":" is just a separator. "00001" means it's PFS#1, where PFS#0 is the default PFS created on newfs. There is no "00000" because that's what's mounted on /HAMMER. PFS# is used for localization parameter. “Localization parameter has the highest priority when inserting or looking up B-Tree elements, so fs elements that belong to the same PFS# tend to be localized (clustered) within the B-Tree” There is also a note about how snapshots are named: "@@0x00..." A user points out that having : in the path can confuse some applications, such as in the case of adding the current directory or a relative path to the $PATH environment variable, which is a colon delimited list of paths This seems quite a bit more confusing that the datasets created by ZFS, but they might have other useful properties *** FreeBSD 11.0 nearing RC1 (https://www.freebsd.org/releases/11.0R/schedule.html) We've all been eagerly awaiting the pending release of FreeBSD 11.0, and the schedule has now been updated! The first release candidate is slated for July 29th! If all goes well (and we stick to schedule) there will be another RC2 and possible RC3 release, before 11.0 officially drops near the end of August. Start playing with those builds folks, be sure to send your feedback to the team to make this the best .0 release ever! *** TensorFlow on FreeBSD (http://ecc-comp.blogspot.com/2016/06/tensorflow-on-freebsd.html) Next we have a blog post about the experience of a “new” FreeBSD user trying to deploy some non-ported software to his new system. Specifically he was interested in running TensorFlow, but not doing a port himself, because in his words: “First, I apologize for not supplying a port archive myself. After reading the FreeBSD handbook for creating a port, it's too complex of a task for me right now. I've only been using FreeBSD for two weeks. I would also not like to waste anyone's time giving them a terrible port archive and mess up their system.” First of all, good ports are often born out of bad ports! Don't let the porting framework daunt you, give it a go, since that's the only way you are going to learn how to write “good” ports over time. The porters-handbook is a good first place to start, plus the community usually is very helpful in providing feedback. He then walks us through the changes made to the TensorFlow code (starting with the assumption that OSX was a good “flavor” to begin porting from) and ultimately compiling. This ends up with the creation of a pip package which works! A good tutorial, and also very similar to what goes on in the porting process. With this write-up perhaps somebody will take up creating a port of it… hint hint! *** NetBSD: A New Beginning? (http://jamesdeagle.blogspot.ca/2016/06/netbsd-new-beginning.html) We don't get enough NetBSD news at times, but this post by James Deagle talks about his adventure with NetBSD 7.0 and making it his “new beginning” “After a few months of traipsing around the worlds of SunOS and Linux, I'm back to NetBSD for what I hope will be a lengthy return engagement. And while I'm enamored of NetBSD for all the previously-mentioned reasons, I'm already thinking ahead to some problems to solve, some of which have also been mentioned before.” He then goes through and lists some of the small nits he's still running into during the daily workflow YouTube audio - Specifically he mentions that no audio is playing, but wonders if Flash plays some part. (Ideally you're not using Flash though, in which case you need to check the audio backend FF is using. Try PulseAudio since it seems the best supported. If pulse is already enabled, install ‘pavucontrol' to make sure audio is playing to the correct sound device) Slow gaming performance (TuxKart and Celestia) - Check DRI / Xorg? Or is it CPU bound? Lastly some unspecified Wireless issues, which typically end up being driver related. (Or use another chipset) Beastie Bits Reproducible NetBSD? 77.7% of the way there (https://reproducible.debian.net/netbsd/netbsd.html) Create FreeBSD virtual machine using qemu. Run the VM using xhyve. (https://gist.github.com/zg/38a3afa112ddf7de4912aafc249ec82f) FreeBSD PowerPC 32bit pkg repository (unofficial). ~19,500 packages, more to come (https://joshcummings.net/pub/FreeBSD) NetBSD machines at Open Source Conference 2016 Gunma (http://mail-index.netbsd.org/netbsd-advocacy/2016/05/16/msg000706.html) Adam Leventhal (of ZFS and DTrace) does an analysis of APFS (http://arstechnica.com/apple/2016/06/a-zfs-developers-analysis-of-the-good-and-bad-in-apples-new-apfs-file-system/) SemiBug June meeting summary (http://lists.nycbug.org/pipermail/semibug/2016-June/000106.html) KnoxBug Meeting (http://knoxbug.org/content/2016-07-26) Feedback/Questions Andrew - iocage (http://pastebin.com/nuYTzaG6) Florian - Arm + GitHub (http://pastebin.com/PzY68hNS) Clint - Synth (http://pastebin.com/JESGZjLu) Leonardo - Translations (http://pastebin.com/b4LAiPs4) Zachary - Moving things to VMs (http://pastebin.com/VRc8fvBk) ***

BSD Now
125: DevSummits, Core and the Baldwin

BSD Now

Play Episode Listen Later Jan 20, 2016 133:49


This week on the show, we will be talking to FreeBSD developer and former core-team member John Baldwin about a variety of topics, including running a DevSummit, everything you needed or wanted to know. Coming up right now on BSDNow, the place to B...SD. This episode was brought to you by Headlines FreeBSD server retired after almost 19 years (http://www.theregister.co.uk/2016/01/14/server_retired_after_18_years_and_ten_months_beat_that_readers/) We've heard stories about this kind of thing before, that box that often sits under-appreciated, but refuses to die. Well the UK register has picked up on a story of a FreeBSD server finally being retired after almost 19 years of dedicated service. “In its day, it was a reasonable machine - 200MHz Pentium, 32MB RAM, 4GB SCSI-2 drive,” Ross writes. “And up until recently, it was doing its job fine.” Of late, however the “hard drive finally started throwing errors, it was time to retire it before it gave up the ghost!” The drive's a Seagate, for those of you looking to avoid drives that can't deliver more than 19 years of error-free operations. This system in particular had been running FreeBSD 2.2.1 over the years. Why not upgrade you ask? Ross has an answer for that: “It was heavily firewalled and only very specific services were visible to anyone, and most only visible to our directly connected customers,” Ross told Vulture South. “By the time it was probably due for a review, things had moved so far that all the original code was so tightly bound to the operating system itself, that later versions of the OS would have (and ultimately, did) require substantial rework. While it was running and not showing any signs of stress, it was simply expedient to leave sleeping dogs lie.” All in all, an amazing story of the longevity of a system and its operating system. Do you have a server with a similar or even greater uptime? Let us know so we can try and top this story. *** Roundup of all the BSDs (https://www.linuxvoice.com/group-test-bsd-distros/) The magazine LinuxVoice recently did a group test of a variety of “BSD Distros”. Included in their review were Free/Open/Net/Dragon/Ghost/PC It starts with a pretty good overview of BSD in general, its starts and the various projects / forks that spawned from it, such as FreeNAS / Junos / Playstation / PFSense / etc The review starts with a look at OpenBSD, and the consensus reached is that it is good, but does require a bit more manual work to run as a desktop. (Most of the review focuses on desktop usage). It ends up with a solid ⅘ stars though. Next it moves into GhostBSD, discusses it being a “Live” distro, which can optionally be installed to disk. It loses a few points for lacking a graphical package management utility, and some bugs during the installation, but still earns a respectable ⅗ stars. Dragonfly gets the next spin and gets praise for its very-up to date video driver support and availability of the HAMMER filesystem. It also lands at ⅗ stars, partly due to the reviewer having to use the command-line for management. (Notice a trend here?) NetBSD is up next, and gets special mention for being one of the only “distros” that doesn't do frequent releases. However that doesn't mean you can't have updated packages, since the review mentions pkgsrc and pkg as both available to customize your desktop. The reviewer was slightly haunted by having to edit files in /etc by hand to do wireless, but still gives NetBSD a ⅗ overall. Last up are FreeBSD and PC-BSD, which get a different sort of head-to-head review. FreeBSD goes first, with mention that the text-install is fairly straight-forward and most configuration will require being done by hand. However the reviewer must be getting use to the command-line at this point, because he mentions: “This might sound cumbersome, but is actually pretty straightforward and at the end produces a finely tuned aerodynamic system that does exactly what you want it to do and nothing else.” He does mention that FreeBSD is the ultimate DIY system, even to the point of not having the package management tools provided out of box. PC-BSD ultimately gets a lot of love in this review, again with it being focused on desktop usage this follows. Particularly popular are all the various tools written to make PC-BSD easier to use, such as Life-Preserver, Warden, the graphical installer and more. (slight mistake though, Life-Preserver does not use rsync to backup to FreeNAS, it does ZFS replication) In the end he rates FreeBSD ⅘ and PC-BSD a whopping 5/5 for this roundup. While reviews may be subjective to the particular use-case being evaluated for, it is still nice to see BSD getting some press and more interest from the Linux community in general. *** OpenBSD Laptops (http://www.tedunangst.com/flak/post/openbsd-laptops) Our buddy Ted Unangst has posted a nice “planning ahead” guide for those thinking of new laptops for 2016 and the upcoming OpenBSD 5.9 He starts by giving us a status update on several of the key driver components that will be in 5.9 release“5.9 will be the first release to support the graphics on Broadwell CPUs. This is anything that looks like i5-5xxx. There are a few minor quirks, but generally it works well. There's no support for the new Skylake models, however. They'll probably work with the VESA driver but minus suspend/resume/acceleration (just as 5.8 did with Broadwell).” He then goes on to mention that the IWM driver works well with most of the revisions (7260, 7265, and 3160) that ship with broadwell based laptops, however the newer skylake series ships with the 8260, which is NOT yet supported. He then goes on to list some of the more common makes and models to look for, starting with the broadwell based X1 carbons which work really well (Kris gives +++), but make sure its not the newer skylake model just yet. The macbook gets a mention, but probably should be avoided due to broadcom wifi The Dell XPS he mentions as a good choice for a powerful (portable) desktops *** Significant changes from NetBSD 7.0 to 8.0 (https://www.netbsd.org/changes/changes-8.0.html) Updated to GCC 4.8.5 Imported dhcpcd and replaced rtsol and rtsold gpt(8) utility gained the ability to resize partitions and disks, as well as change the type of a partition OpenSSH 7.1 and OpenSSL 1.0.1q FTP client got support for SNI for https Imported dtrace from FreeBSD Add syscall support Add lockstat support *** Interview - John Baldwin - jhb@freebsd.org (mailto:jhb@freebsd.org) / @BSDHokie (https://twitter.com/BSDHokie) FreeBSD Kernel Debugging News Roundup Dragonfly Mail Agent spreads to FreeBSD and NetBSD (https://www.dragonflydigest.com/2016/01/18/17508.html) DMA, the Dragonfly Mail Agent is now available not only in Dragonfly's dports, but also FreeBSD ports, and NetBSD pkgsrc “dma is a small Mail Transport Agent (MTA), designed for home and office use. It accepts mails from locally installed Mail User Agents (MUA) and delivers the mails either locally or to a remote destination. Remote delivery includes several features like TLS/SSL support and SMTP authentication. dma is not intended as a replacement for real, big MTAs like sendmail(8) or postfix(1). Consequently, dma does not listen on port 25 for incoming connections.” There was a project looking at importing DMA into the FreeBSD base system to replace sendmail, I wonder of the port signals that some of the blockers have been fixed *** ZFS UEFI Support has landed! (https://svnweb.freebsd.org/base?view=revision&revision=294068) Originally started by Eric McCorkle Picked up by Steven Hartland Including modularizing the existing UFS boot code, and adding ZFS boot code General improvements to the EFI loader including using more of libstand instead of containing its own implementations of many common functions Thanks to work by Toomas Soome, there is now a Beastie Menu as part of the EFI loader, similar to the regular loader As soon as this was committed, I added a few lines to it to connect the ZFS BE Menu to it, thanks to all of the above, without whom my work wouldn't be usable It should be relatively easy to hook my GELI boot stuff in as a module, and possibly just stack the UFS and ZFS modules on top of it I might try to redesign the non-EFI boot code to use a similar design instead of what I have now *** How three BSD OSes compare to ten Linux Distros (http://www.phoronix.com/scan.php?page=article&item=3bsd-10linux) After benchmarking 10 of the latest Linux distros, Phoronix took to benchmarking 3 of the big BSDs DragonFlyBSD 4.4.1 - The latest DragonFly release with GCC 5.2.1 and the HAMMER file-system. OpenBSD 5.8 - OpenBSD 5.8 with GCC 4.2.1 as the default compiler and FFS file-system. PC-BSD 10.2 - Derived off FreeBSD 10.2, the defaults were the Clang 3.4.1 compiler and ZFS file-system. In the SQLite test, PCBSD+ZFS won out over all of the Linux distros, including those that were also using ZFS In the first compile benchmark, PCBSD came second only to Intel's Linux distro, Clear Linux. OpenBSD can last, although it is not clear if the benchmark was just comparing the system compiler, which would be unfair to OpenBSD In Disk transaction performance, against ZFS won the day, with PCBSD edging out the Linux distros. OpenBSD's older ffs was hurt by the lack of soft updates, and DragonFly's Hammer did not perform well. Although in an fsync() heavy test, safety is more important that speed As with all benchmarks, these obviously need to be taken with a grain of salt In some of them you can clearly see that the ‘winner' has a much higher standard error, suggesting that the numbers are quite variable *** OPNSense 15.7.24 Released (https://opnsense.org/opnsense-15-7-24-released/) We are just barely into the new year and OPNSense has dropped a new release on us to play with. This new version, 15.7.24 brings a bunch of notable changes, which includes improvements to the firewall UI and a plugin management section of the firmware page. Additionally better signature verification using PKG's internal verification mechanisms was added for kernel and world updates. The announcement contains the full rundown of changes, including the suricata, openvpn and ntp got package bumps as well. *** Beastie Bits A FreeBSD 10 Desktop How-to (https://cooltrainer.org/a-freebsd-desktop-howto/) (A bit old, but still one of the most complete walkthroughs of a desktop FreeBSD setup from scratch) BSD and Scale 14 (http://fossforce.com/2016/01/bsd-ready-scale-14x/) Xen support enabled in OpenBSD -current (http://undeadly.org/cgi?action=article&sid=20160114113445&mode=expanded) Feedback/Questions Matt - Zil Sizes (http://slexy.org/view/s20a0mLaAv) Drin - IPSEC (http://slexy.org/view/s21qpiTF8h) John - ZFS + UEFI (http://slexy.org/view/s2HCq0r0aD) Jake - ZFS Cluster SAN (http://slexy.org/view/s2VORfyqlS) Phillip - Media Server (http://slexy.org/view/s20ycRhUkM) ***