English cricketer
POPULARITY
Joe is joined by Limerick solicitor, Melanie Power, Ken Moore from the St Francis boxing club and Limerick journalist, Meghann Scully for this week's Coffee Break panel Hosted on Acast. See acast.com/privacy for more information.
Navigating the Insurance Industry with Ken Maw: Insights and LeadershipWelcome to FS Brew, where we dive into the world of insurance and Insurtech in the UAE and the broader Middle East. In this episode, hosts Renjit Philip and Vidya Veerapandian interview Ken Moore, Managing Director at Al Futtaim Willis. With over four decades of experience in the #insurance sector, Ken shares his unique journey from working in the food industry to becoming a key figure in insurance. He discusses the evolution of the industry, the role of trust in building client relationships, and the impact of technological advancements like generative AI on the future of insurance. Ken also touches on his leadership style, the importance of regulatory compliance, and his vision for the future of Al Futtaim Willis. Tune in for an insightful conversation packed with #industry wisdom and forward-looking strategies.00:00 Introduction to FSBrew00:49 Meet Ken Moore: Career Journey03:49 Role of an International Insurance Broker06:48 Leadership and Trust in Insurance08:44 Blogging and Banking Insights13:06 Strategic Goals and Insurtech17:22 Generative AI and Future Risks24:40 Regulatory Landscape and Compliance32:35 Advice for Aspiring CEOs36:43 Rapid Fire QuestionsRenjit Philip:Newsletter: https://www.onemorethinginai.comSocials:Twitter / X: @renjitphilipLinkedIn: https://www.linkedin.com/in/renjit-philipVidya Veerapandian:https://www.linkedin.com/in/vidya-veerapandian/
Are we standing on the brink of a technological revolution in commerce? Today, on Tech Talks Daily, we're joined by Ken Moore, Chief Innovation Officer at Mastercard, to delve into the company's "Emerging Technology Trends for 2024" report. This comprehensive analysis outlines the technological strides expected in AI, computing power, and data and the converging forces reshaping how we buy, sell, and interact in the digital economy. In this episode, we'll uncover how AI advancements, such as generative AI, are poised to transform consumer experiences over the next three to five years. Imagine AI assistants responding to your queries and anticipating your needs, making shopping and travel more personalized than ever before. We'll explore the development of Mastercard's Shopping Muse, a new AI tool designed to redefine how consumers discover and purchase products. However, with great technology comes great responsibility. The rise of deepfakes and other digital threats is pushing companies like Mastercard to innovate in cybersecurity, employing AI for robust fraud detection and prevention strategies. We'll discuss the importance of building a security framework that earns consumer trust while safeguarding data. Moreover, we'll dive into how technologies such as tokenization are expanding to cover more than just payments. Ken will explain how this concept extends to tokenize identities, reward points, and even biometric data, paving the way for a more integrated commerce experience that spans both physical and digital realms. Mastercard's vision extends beyond transactions; it aims to facilitate an expansive value exchange among diverse stakeholders. By actively shaping data standards and principles, Mastercard is at the forefront of advocating for responsible data usage and enhanced portability. As we navigate these transformative times, what ethical considerations and challenges must businesses address to ensure these technologies benefit everyone? How can organizations like Mastercard maintain consumer trust while pushing the boundaries of innovation? Join us as we explore these questions and more. And we'd love to hear from you—how do you see these emerging technologies impacting your daily life and business operations? Share your thoughts and join the conversation.
With an election right around the corner, Mayor of Franklin, Ken Moore, sits down with PLA Media President Pam Lewis to reflect on his political career. First elected in 2007 as an alderman at large, Moore began to envision Franklin's future and its challenges. In both 2009 and 2011, Ken was elected Vice-Mayor by his peers. Eventually, in 2011, he was honored to become the 31st Mayor of Franklin and the only second physician to serve in this capacity.
Jess is joined by Carolan Lennon of Salesforce to talk about her move from Eir and the company's new HQ. Ken Moore of Mastercard explains how his team is constantly looking to innovate in the world of payments. Should Gardaí wear facial-recognition-enabled bodycams?
Jess chats with Ken Moore, Chief Innovation Officer at Mastercard about balancing innovation and security, plus what the future of payments will look like in the virtual world.
Titans Off-Season Starts Early w/ Ken Moore
In the midst of the Hollywood culture of encouraging provocative dress, the rose amongst us, Kate Middleton, with her beauty and grace, presents herself to the world in modest fashion and elegance. What do the paparazzi cameras do when the wind blows up her dress (in the midst of a tour) for one moment? What values does this behavior imbue on our society? Is there a way to combat it and reclaim our sense of self worth and modesty? Listen how Ken Moore describes how Asian culture introduces a different level of modesty within their marriages as well. Liked this episode? Give it a 5 star review so others can find it and enjoy it as well! The conversation continues on instagram @sparkedbyhollywood. --- Send in a voice message: https://podcasters.spotify.com/pod/show/devora-goldberg/message
Franklin is the third best place to live in the United States, according to Money. When a company or town is doing something right, much of the credit goes to the head person – the CEO or the mayor. This Thursday we're going to meet Ken Moore who has been mayor of Franklin since 2011. During his tenure the population of Franklin has grown by 1/3, businesses have been added, and yet Franklin has retained its charm. Ken will tell us his story – stories of being an orthopedic surgeon, stories of serving people overseas, stories of Franklin, but most importantly, stories of his relationship with Jesus Christ.
Around the County - Our Silent Heroes - Guest: Dr. Ken Moore & Five Former Franklin Mayors. Hosted by Rogers C. Anderson, Williamson County Mayor. Recorded on January 6th, 2012.
Paddy Donovan and Ken Moore join Kevin Byrne to reflect on the life of Kevin Sheehy. The two were good friends of Sheehy prior to his death and reminisce about the goods they shared both inside and outside the ring. Our GDPR privacy policy was updated on August 8, 2022. Visit acast.com/privacy for more information.
Joe chats to Ken Moore from St Francis Boxing Club about Kevin Sheehy and his legacy here in Limerick See acast.com/privacy for privacy and opt-out information.
Host Jeremy C. Park talks with Dr. Ken Moore, Mayor of Franklin, Tennessee, who highlights some of the recent recognitions for the City and Find Hope Franklin, an initiative to address mental health and substance use issues in Franklin and Williamson County. During the interview, Mayor Moore also discusses the Fuller Story and how a bronze statue of a United States Colored Troops soldier is being erected in the Public Square, what led to launching Unite Williamson and hosting a prayer breakfast, and much more.Learn more:Facebook: https://www.facebook.com/FindHopeFranklin/Instagram: https://www.instagram.com/findhopefranklin/Website: https://www.franklintn.gov/Home/Components/News/News/9835/1071?selectview=1
Remote tank monitoring adoption is growing globally by 37% per year. And while the distributor has generally been the purchaser of the monitors for their own delivery efficiency, bulk fuel buyers now realize that monitoring their own inventory provides a host of benefits not realized otherwise. In this session, we will discuss the technology surrounding remote tank monitoring, and how it can help bulk fuel buyers: receive fewer deliveries with more gallons per delivery; maintain accurate inventories; manage delivery costs; ensure safety; centralize purchasing….and more! This is a do not miss for the fuel buyer who needs to eliminate hidden costs from delivery to consumption. SkyBitz Vice President of Sales, Ken Moore, is joined by FreightWaves Executive Publisher in this fireside chat.Follow FreightWaves on Apple PodcastsFollow FreightWaves on SpotifyMore FreightWaves Podcasts
Remote tank monitoring adoption is growing globally by 37% per year. And while the distributor has generally been the purchaser of the monitors for their own delivery efficiency, bulk fuel buyers now realize that monitoring their own inventory provides a host of benefits not realized otherwise. In this session, we will discuss the technology surrounding remote tank monitoring, and how it can help bulk fuel buyers: receive fewer deliveries with more gallons per delivery; maintain accurate inventories; manage delivery costs; ensure safety; centralize purchasing….and more! This is a do not miss for the fuel buyer who needs to eliminate hidden costs from delivery to consumption. SkyBitz Vice President of Sales, Ken Moore, is joined by FreightWaves Executive Publisher in this fireside chat.Follow FreightWaves on Apple PodcastsFollow FreightWaves on SpotifyMore FreightWaves Podcasts
With an election right around the corner, Mayor of Franklin, Ken Moore, sits down with PLA Media President Pam Lewis to reflect on his political career. First elected in 2007 as an alderman at large, Moore began to envision Franklin's future and its challenges. In both 2009 and 2011, Ken was elected Vice-Mayor by his peers. Eventually, in 2011, he was honored to become the 31st Mayor of Franklin and the only second physician to serve in this capacity. Read more about Ken Moore's initiatives and visions by clicking here. For more episodes of APplaudable Perspectives, head to www.plamedia.com. --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app
Titans/Cardinals recap --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app
About the author: Kenneth James Moore Kenneth James Moore was born in 1949 in Tacoma, Washington. He graduated from Arizona State University and continued his education as a graduate student at Georgetown University. Political science and international relations were his calling. Mentored by a former professor who was a Cold War counter-intelligence officer, Ken spent […]
About the author: Kenneth James Moore Kenneth James Moore was born in 1949 in Tacoma, Washington. He graduated from Arizona State University and continued his education as a graduate student at Georgetown University. Political science and international relations were his calling. Mentored by a former professor who was a Cold War counter-intelligence officer, Ken spent […] The post TMBS E168: Author Ken Moore; Pieces of Wood appeared first on Business RadioX ®.
From 5G to blockchain to quantum computing and more, emerging technologies have the potential to transform almost every aspect of our lives. Ken Moore, Mastercard’s chief innovation officer, is behind the company’s efforts to harness them in new ways, modernizing payments and transforming transactions. On the latest episode of "What's Next In," Moore shares his thoughts on Mastercard's approach to innovation, risk-taking and collaboration. He discusses which emerging tech excites him the most, including the hot topic from CES this year, 5G: “It's ten times faster, responds ten times quicker and can support 300 times more simultaneously-connected products," he says. Hosted by Arthur Baker, each episode of "What's Next In" informally explores big ideas and trends in the world of payments technology and beyond. Hear from Moore about how Mastercard accelerates emerging ideas to create more meaningful digital experiences in everything from 5G to blockchain to quantum computing and artificial intelligence.
The Bears are coming to Nissan Stadium this Sunday to take on the Titans. Listen to Mr.Titan and Ken Moore breakdown both teams stats, injury report and the 3 keys to victory! Listen to our bold predictions as well for this game. Can the titans take care of the bears? Is Adore playing this week? Will we see Desmond King on the field? Listen and find out! Titan up!
Mr. Titan and Ken Moore breakdown the most important game in AFC week 7!!! Both teams coming off victories and are gaining momentum! This game will decide who will be the number 1 in the AFC. We breakdown the injury report, the 3 keys to victory and our picks. Titan UP!
Despite all the talk about fintech disruption - banking, finance, and payments remain highly regulated industries with well-established competitors who are not standing still - even in this moment of rapid change and digital reinvention. Mastercard is one such company. They created Mastercard Labs as a way of co-creating and innovating with their customers. The idea was to turn external signals into opportunities, and in' doing so, de-risk' them for their clients and for the rest of the organization. So, for example, they are working on quantum computing with IBM. They have established their own proprietary blockchain and several AI projects and were behind the Apple Card's tokenization, which allowed it to work without the standard 16 digits. To learn more about how Mastercard manages their innovation portfolio, I spoke with Ken Moore, who is the Chief Innovation Officer at Mastercard and also Head of Mastercard Labs. Ken is responsible for the company's R&D initiatives globally. Prior to joining Mastercard, he was a Director at Citibank, where he established Citi's first Innovation Lab and subsequently expanded it globally to create a network of collaborative innovation centers across the company.
Despite all the talk about fintech disruption - banking, finance, and payments remain highly regulated industries with well-established competitors who are not standing still - even in this moment of rapid change and digital reinvention. Mastercard is one such company. They created Mastercard Labs as a way of co-creating and innovating with their customers. The idea was to turn external signals into opportunities, and in' doing so, de-risk' them for their clients and for the rest of the organization. So, for example, they are working on quantum computing with IBM. They have established their own proprietary blockchain and several AI projects and were behind the Apple Card's tokenization, which allowed it to work without the standard 16 digits. To learn more about how Mastercard manages their innovation portfolio, I spoke with Ken Moore, who is the Chief Innovation Officer at Mastercard and also Head of Mastercard Labs. Ken is responsible for the company's R&D initiatives globally. Prior to joining Mastercard, he was a Director at Citibank, where he established Citi's first Innovation Lab and subsequently expanded it globally to create a network of collaborative innovation centers across the company.
The Commons Good podcast team is sitting down with the All-America City 2020 finalists to learn more about the work and the individuals helping to steward it forward. In this episode of the All-America City podcast mini-series we have the opportunity to connect with Mindy Tate of Franklin Tomorrow and Mayor Ken Moore of Franklin County, Tennessee. The All-America City awards celebrates and recognizes neighborhoods, villages, towns, cities, counties, tribes and regions that engage residents in innovative, inclusive and effective efforts to tackle critical challenges.
Ken Moore from Parkside Hospital and Clinic joins us to bring awareness of suicide and how to help prevent it.
Ken Moore shares his personal experience with the paranormal, including his childhood home. --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app --- Send in a voice message: https://anchor.fm/afraidgood/message Support this podcast: https://anchor.fm/afraidgood/support
Limerick Today pays tribute to local boxing champgion Kevin Sheehy, who was was killed after being knocked down on the Hyde Road in the early hours of July 1st 2019. Joe Nash spoke to Ken Moore from St. Francis Boxing Club about Kevin and his Olympic dreams... See acast.com/privacy for privacy and opt-out information.
Just a couple of weeks away from Conference Tournaments begin. A month away from The Tournament beginning. Key game results from February 5-now including more Top 5 upsets. Ken Moore joins the show fresh off coaching high school ball. Look at the AP Top 25 list and Conference Tournament dates. The state of the Florida Gators will be addressed and a look ahead to Saturday's showcase headline by 3. Kansas at 1. Baylor noon time. We're inching closer to March Madness. --- Send in a voice message: https://anchor.fm/the-playmakerzblog/message
The Playmaker Darnell Sallins is back from a week off along Ken Moore as College Basketball starts Tuesday. Previewing the College Basketball season as 3. Kansas vs. 4. Duke in the State Farm Champs Classic to kickoff the season. Coaches to watch this season as so many changes took place. Discussion on Conference favorites by ESPN. College Basketball is here and this season will be one to remember. --- Send in a voice message: https://anchor.fm/the-playmakerzblog/message
It's the NFL 100th season and Opening Night is tonight. Zeke Elliott & Jared Goff received new contracts. Green Bay & Chicago gets the season kickoff. Look ahead & preview Week 1. Ken Moore is filling for Dallas Glenn. --- Send in a voice message: https://anchor.fm/the-playmakerzblog/message
This week’s AgCast focuses on soybeans. Arkansas soybean growers have faced a lot of challenges in 2019, from weather to trade wars, so we talked to some experts to see where things stand as we enter harvest season. First up, Keith Sutton talks to Derek Haigwood, a soybean farmer from Newport who is chairman of the U.S. Soybean Export Council and member of the United Soybean Board of Directors. Derek talks about the troubled season and the importance of the U.S. Soybean Sustainability Assurance Protocol, or SSAP. Also, Ken Moore speaks with Dr. Jeremy Ross, Extension Soybean Agronomist, about the latest USDA National Agricultural Statistics Service acreage report and the implications of a smaller crop.
Today The Playmaker, Darnell & Dallas are back to talk and preview the NFL divisions for the new season. It's all about the East on this one. AFC East preview with Gabriel Kòtaz from Unfiltered Access. Then the NFC East preview with Ken Moore returning to the podcast. They will finish off with some early Fantasy tips as Fantasy Football is back as well. --- Send in a voice message: https://anchor.fm/the-playmakerzblog/message
The Playmaker, Darnell is back to NBA Finals with Bro.Ken Moore and Justin from Unfiltered Access. The Golden State Warriors take on the Toronto Raptors for the NBA Title. --- Send in a voice message: https://anchor.fm/the-playmakerzblog/message
The Playmaker, Darnell Sallins is back to talk NBA Playoffs. Bro. Ken Moore joins along Unfiltered Access writers, Justin and Gabriel. They talkin Conference Semis between the Bucks/Celtics and Raptors/76ers in the East. Out West is the Warriors/Rockets and Nuggets/Trail Blazers. --- Send in a voice message: https://anchor.fm/the-playmakerzblog/message
We are to the Sweet 16. The first weekend of the tournament was amazing. Upsets happen. Dominant performances was on display. Bro. Ken Moore is back. The Playmaker is always here but this time we had a High School as two of The Playmaker's basketball brothers joined this episode in Bruce Bradley and Trey Winbush. ~Thoughts on the tournament thus far and Duke/UCF talk ~East Region Final Four ~West Region Final Four ~Midwest Region Final Four ~South Region Final Four Unfiltered Access Sweet 16 articles: https://unfilteredaccess.com/2019/03/27/sweet-16-breakdown-east-region/ https://unfilteredaccess.com/2019/03/27/sweet-16-breakdown-west-region/ https://unfilteredaccess.com/2019/03/27/sweet-16-breakdown-midwest-region/ https://unfilteredaccess.com/2019/03/27/sweet-16-breakdown-south-region/ --- Send in a voice message: https://anchor.fm/the-playmakerzblog/message
All-Star Weekend has arrive in the NBA. Teams get to take a much needed break and enjoy the weekend of basketball activities. The Playmaker and Ken Moore get you set and ready for the weekend ahead. ~Intro:Takeaways and MVP talk ~All-Star Weekend Activities ~Best East Team to matchup with the Champs ~Closing: Looking Ahead --- Send in a voice message: https://anchor.fm/the-playmakerzblog/message
It's Super Bowl week! 3 Days away from the big game. Mercedes-Benz Stadium in Atlanta, Georgia New England Patriots vs. Los Angeles Rams, February 3rd on CBS 6:30PM ~Championship Sunday Recap from two weeks ~Missed Call (NFC)and Overtime Rules (AFC) discussions ~Keys to SBLIII ~Super Bowl Predictions The Playmaker, Dallas Glenn, Ken Moore, and Coach Tee are here to talk about it all. Thank You for your support during the 2018-2019 NFL season. Continue to show your support. Read: https://unfilteredaccess.com/2019/01/30/nfl-the-los-angeles-rams-path-to-sbliii/ --- Send in a voice message: https://anchor.fm/the-playmakerzblog/message
Project Trident is a desktop-focused operating system based on TrueOS. It uses the Lumina desktop as well as a number of self-developed utilities to provide an easy-to-use system.
Project Trident is a desktop-focused operating system based on TrueOS. It uses the Lumina desktop as well as a number of self-developed utilities to provide an easy-to-use system.
Project Trident with Ken Moore | Ask Noah Show 111 Project Trident is a desktop-focused operating system based on TrueOS. It uses the Lumina desktop as well as a number of self-developed utilities to provide an easy-to-use system that both BSD beginners and advanced system administrators can feel comfortable running. We give the System76 $250 gift card away, plus your calls! -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/111) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #AskNoahShow on Freenode! -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they’re excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed)
Finally some BASKETBALL talk on the podcast. Darnell Playmaker Sallins along with special guest Bro. Ken Moore previews tomorrow's Christmas Day in the NBA. Milwaukee Buck @ New York Knicks 12PM ESPN Oklahoma City Thunder @ Houston Rockets 3PM ABC Philadelphia 76ers @ Boston Celtics 5:30PM ABC Los Angeles Lakers @ Golden State Warriors 8PM ABC/ESPN Portland Trail Blazers @ Utah Jazz 10:30PM ESPN They will also talk Anthony Davis in trade rumor talk, Dwayne Wade's Career, Carmelo Anthony, and the work of Pop in San Antonio. Merry Christmas!!! --- Send in a voice message: https://anchor.fm/the-playmakerzblog/message
Ken Moore talks about recent controversy in amateur boxing and how it might affect the sport's participation in future olympic games.
OpenBSD 6.4 released, GhostBSD RC2 released, MeetBSD - the ultimate hallway track, DragonflyBSD desktop on a Thinkpad, Porting keybase to NetBSD, OpenSSH 7.9, and draft-ietf-6man-ipv6only-flag in FreeBSD. ##Headlines OpenBSD 6.4 released See a detailed log of changes between the 6.3 and 6.4 releases. See the information on the FTP page for a list of mirror machines. Have a look at the 6.4 errata page for a list of bugs and workarounds. signify(1) pubkeys for this release: base: RWQq6XmS4eDAcQW4KsT5Ka0KwTQp2JMOP9V/DR4HTVOL5Bc0D7LeuPwA fw: RWRoBbjnosJ/39llpve1XaNIrrQND4knG+jSBeIUYU8x4WNkxz6a2K97 pkg: RWRF5TTY+LoN/51QD5kM2hKDtMTzycQBBPmPYhyQEb1+4pff/H6fh/kA ###GhostBSD 18.10 RC2 Announced This second release candidate of GhostBSD 18.10 is the second official release of GhostBSD with TrueOS under the hood. The official desktop of GhostBSD is MATE. However, in the future, there might be an XFCE community release, but for now, there is no community release yet. What has changed since RC1 Removed drm-stable-kmod and we will let users installed the propper drm-*-kmod Douglas Joachin added libva-intel-driver libva-vdpau-driver to supports accelerated some video driver for Intel Issues that got fixed Bug #70 Cannot run Octopi, missing libgksu error. Bug #71 LibreOffice doesn’t start because of missing libcurl.so.4 Bug #72 libarchive is a missing dependency Again thanks to iXsystems, TrueOS, Joe Maloney, Kris Moore, Ken Moore, Martin Wilke, Neville Goddard, Vester “Vic” Thacker, Douglas Joachim, Alex Lyakhov, Yetkin Degirmenci and many more who helped to make the transition from FreeBSD to TrueOS smoother. Updating from RC1 to RC2: sudo pkg update -f sudo pkg install -f libarchive curl libgksu sudo pkg upgrade Where to download: All images checksum, hybrid ISO(DVD, USB) and torrent are available here: https://www.ghostbsd.org/download [ScreenShots] https://www.ghostbsd.org/sites/default/files/Screenshotat2018-10-2013-22-41.png https://www.ghostbsd.org/sites/default/files/Screenshotat2018-10-20_13-27-26.png ###OpenSSH 7.9 has been released and it has support for OpenSSL 1.1 Changes since OpenSSH 7.8 This is primarily a bugfix release. New Features ssh(1), sshd(8): allow most port numbers to be specified using service names from getservbyname(3) (typically /etc/services). ssh(1): allow the IdentityAgent configuration directive to accept environment variable names. This supports the use of multiple agent sockets without needing to use fixed paths. sshd(8): support signalling sessions via the SSH protocol. A limited subset of signals is supported and only for login or command sessions (i.e. not subsystems) that were not subject to a forced command via authorizedkeys or sshdconfig. bz#1424 ssh(1): support "ssh -Q sig" to list supported signature options. Also "ssh -Q help" to show the full set of supported queries. ssh(1), sshd(8): add a CASignatureAlgorithms option for the client and server configs to allow control over which signature formats are allowed for CAs to sign certificates. For example, this allows banning CAs that sign certificates using the RSA-SHA1 signature algorithm. sshd(8), ssh-keygen(1): allow key revocation lists (KRLs) to revoke keys specified by SHA256 hash. ssh-keygen(1): allow creation of key revocation lists directly from base64-encoded SHA256 fingerprints. This supports revoking keys using only the information contained in sshd(8) authentication log messages. Bugfixes ssh(1), ssh-keygen(1): avoid spurious "invalid format" errors when attempting to load PEM private keys while using an incorrect passphrase. bz#2901 sshd(8): when a channel closed message is received from a client, close the stderr file descriptor at the same time stdout is closed. This avoids stuck processes if they were waiting for stderr to close and were insensitive to stdin/out closing. bz#2863 ssh(1): allow ForwardX11Timeout=0 to disable the untrusted X11 forwarding timeout and support X11 forwarding indefinitely. Previously the behaviour of ForwardX11Timeout=0 was undefined. sshd(8): when compiled with GSSAPI support, cache supported method OIDs regardless of whether GSSAPI authentication is enabled in the main section of sshd_config. This avoids sandbox violations if GSSAPI authentication was later enabled in a Match block. bz#2107 sshd(8): do not fail closed when configured with a text key revocation list that contains a too-short key. bz#2897 ssh(1): treat connections with ProxyJump specified the same as ones with a ProxyCommand set with regards to hostname canonicalisation (i.e. don't try to canonicalise the hostname unless CanonicalizeHostname is set to 'always'). bz#2896 ssh(1): fix regression in OpenSSH 7.8 that could prevent public- key authentication using certificates hosted in a ssh-agent(1) or against sshd(8) from OpenSSH
Ken Moore, and JT Pennington join the Ask Noah Show this week to answer the question what does BSD offer to attract Linux users over to their ball park. We discuss the Lumina desktop as well as Project Trident. Your calls as always go to the front of the line. Learn how a law office can convert their practice to Linux with our PDF software recommendation. -- The Cliff Notes -- For links to the articles and material referenced in this week's episode check out this week's page from o our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/75) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they’re excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah asknoah [at] jupiterbroadcasting.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed) Jupiter Broadcasting (https://twitter.com/jbsignal) Special Guest: JT Pennington.
For this episode I spoke with Ken Moore, CEO of Anfield. We discussed how companies that do not train its people consistently underperform companies that do, a case where a lack of training led to a public relations disaster for a major airline, and the art of tactfully telling a client that they are on the wrong path. This episode is brought to you by… us. Connect To Fans does content marketing for businesses. Does your company need a better way to tell its story on its website and social media? Would you like Connect To Fans to run and host a podcast like this one that promotes your business? Find us online at https://www.connecttofans.net/ and turn your customers into fans.
For this episode I spoke with Ken Moore, CEO of Anfield. We discussed how companies that do not train its people consistently underperform companies that do, a case where a lack of training led to a public relations disaster for a major airline, and the art of tactfully telling a client that they are on the wrong path. This episode is brought to you by… us. Connect To Fans does content marketing for businesses. Does your company need a better way to tell its story on its website and social media? Would you like Connect To Fans to run and host a podcast like this one that promotes your business? Find us online at https://www.connecttofans.net/ and turn your customers into fans.
Listen to Jeff as he remembers Ken Moore and discusses the importance of looking beyond success in order to achieve our corporal why.
Listen to Jeff as he remembers Ken Moore and discusses the importance of looking beyond success in order to achieve our corporal why.
Tom and Shannon Olson have been raising water buffalo on their Turkey Creek ranch near Texarkana for almost 30 years and they recently hosted a tour for students from Genoa Central High School. In this edition of Arkansas AgCast, Ken Moore visited with Tom Olson and Kimberly Leigh, FFA Advisor and Vo-Ag instructor at Genoa Central about this unique breed and what the students learned from the visit.
After reaching critically low levels in the 1990s, water table levels in the Sparta Aquifer in south Arkansas are being recharged thanks to a countywide campaign undertaken by the Union County Water Conservation Board, the local Chamber of Commerce and other area organizations. In this edition of Arkansas AgCast, Arkansas Farm Bureau’s Ken Moore sat down with two of the key leaders of the campaign to save the aquifer to discuss their efforts and the results.
“What happens when your strength betrays you?" - Story from Ken Moore Original air date: August 12th, 2017 Podcast Producer: Andrew Warshauer
“What happens when your strength betrays you?" - Story from Ken Moore Original air date: August 12th, 2017 Podcast Producer: Andrew Warshauer
Allan reports on his trip to BSD Taiwan, new versions of Lumina and GhostBSD are here, a bunch of OpenBSD p2k17 hackathon reports. This episode was brought to you by Headlines Allan's Trip Report from BSD Taiwan (https://bsdtw.org/) BSD TW and Taiwan in general was a fun and interesting experience I arrived Thursday night and took the high speed train to Taipei main station, and then got on the Red line subway to the venue. The dorm rooms were on par with BSDCan, except the mattress was better. I spent Friday with a number of other FreeBSD developers doing touristy things. We went to Taipei 101, the world's tallest building from 2004 - 2010. It also features the world's fastest elevator (2004 - 2016), traveling at 60.6 km/h and transporting passengers from the 5th to 89th floor in 37 seconds. We also got to see the “tuned mass damper”, a 660 tonne steel pendulum suspended between the 92nd and 87th floors. This device resists the swaying of the building caused by high winds. There are interesting videos on display beside the damper, of its reaction during recent typhoons and earthquakes. The Taipei 101 building sits just 200 meters from a major fault line. Then we had excellent dumplings for lunch After walking around the city for a few more hours, we retired to a pub to escape the heat of the sunny Friday afternoon. Then came the best part of each day in Taipei, dinner! We continued our efforts to cause a nation wide shortage of dumplings Special thanks to Scott Tsai (https://twitter.com/scottttw) who took detailed notes for each of the presentations Saturday marked the start of the conference: Arun Thomas provided background and then a rundown of what is happening with the RISC-V architecture. Notes (https://docs.google.com/document/d/1yrnhNTHaMDr4DG-iviXN0O9NES9Lmlc7sWVQhnios6g/edit#heading=h.kcm1n3yzl35q) George Neville-Neil talked about using DTrace in distributed systems as an in-depth auditing system (who did what to whom and when). Notes (https://docs.google.com/document/d/1qut6tMVF8NesrGHd6bydLDN-aKBdXMgHx8Vp3_iGKjQ/edit#heading=h.qdghsgk1bgtl) Baptiste Daroussin presented Poudrière image, an extension of everyone's favourite package building system, to build custom images of FreeBSD. There was discussion of making this generate ZFS based images as well, making it mesh very well with my talk the next day. Notes (https://docs.google.com/document/d/1LceXj8IWJeTRHp9KzOYy8tpM00Fzt7fSN0Gw83B9COE/edit#heading=h.incfzi6bnzxr) Brooks Davis presented his work on an API design for a replacement for mmap. It started with a history of address space management in the BSD family of operating systems going all the way back to the beginning. This overview of the feature and how it evolved filled in many gaps for me, and showed why the newer work would be beneficial. The motivation for the work includes further extensions to support the CHERI hardware platform. Notes (https://docs.google.com/document/d/1LceXj8IWJeTRHp9KzOYy8tpM00Fzt7fSN0Gw83B9COE/edit#heading=h.incfzi6bnzxr) Johannes M Dieterich gave an interesting presentation about using FreeBSD and GPU acceleration for high performance computing. One of the slides showed that amd64 has taken almost the entire market for the top 500 super computers, and that linux dominates the list, with only a few remaining non-linux systems. Sadly, at the supercomputing conference the next week, it was announced that linux has achieved 100% saturation of the top 500 super computers list. Johannes detailed the available tools, what ports are missing, what changes should be made to the base system (mostly OpenMP), and generally what FreeBSD needs to do to become a player in the supercomputer OS market. Johannes' perspective is interesting, as he is a computational chemist, not a computer scientist. Those interested in improving the numerical libraries and GPU acceleration frameworks on FreeBSD should join the ports team. Notes (https://docs.google.com/document/d/1uaJiqtPk8WetST6_GnQwIV49bj790qx7ToY2BHC9zO4/edit#heading=h.nvsz1n6w3gyq) The final talk of the day was Peter Grehan, who spoke about how graphics support in bhyve came to be. He provided a history of how the feature evolved, and where it stands today. Notes (https://docs.google.com/document/d/1LqJQJUwdUwWZ0n5KwCH1vNI8jiWGJlI1j0It3mERN80/edit#heading=h.sgeixwgz7bjs) Afterwards, we traveled as a group to a large restaurant for dinner. There was even Mongolian Vodka, provided by Ganbold Tsagaankhuu of the FreeBSD project. Sunday: The first talk of the day Sunday was mine. I presented “ZFS: Advanced Integration”, mostly talking about how boot environments work, and the new libbe and be(1) tools that my GSoC student Kyle Kneitinger created to manage them. I talked about how they can be used for laptop and developer systems, but also how boot environments can be used to replace nanobsd for appliances (as already done in FreeNAS and pfSense). I also presented about zfsbootcfg (zfs nextboot), and some future extensions to it to make it even more useful in appliance type workloads. I also provided a rundown of new developments out of the ZFS developer summit, two weeks previous. Notes (https://docs.google.com/document/d/1Blh3Dulf0O91A0mwv34UnIgxRZaS_0FU2lZ41KRQoOU/edit#heading=h.gypim387e8hy) Theo de Raadt presented “Mitigations and other real Security Features”, and made his case for changing to a ‘fail closed' mode of interoperability. Computer's cannot actually self heal, so lets stop pretending that they can. Notes (https://docs.google.com/document/d/1fFHzlxJjbHPsV9t_Uh3PXZnXmkapAK5RkJsfaHki7kc/edit#heading=h.192e4lmbl70c) Ruslan Bukin talked about doing the port of FreeBSD for RISC-V and writing the Device Drivers. Ruslan walked through the process step by step, leading members of the audience to suggest he turn it into a developer's handbook article, explaining how to do the initial bringup on new hardware. Ruslan also showed off a FreeBSD/MIPS board he designed himself and had manufactured in China. Notes (https://docs.google.com/document/d/1kRhRr3O3lQ-0dS0kYF0oh_S0_zFufEwrdFjG1QLyk8Y/edit#heading=h.293mameym7w1) Mariusz Zaborski presented Case studies on sandboxing the base system with Capsicum. He discussed the challenges encountered as existing programs are modified to sandbox them, and recent advancements in the debugging tools available during that process. Mariusz also discussed the Casper service at length, including the features that are planned for 2018 and onwards. Notes (https://docs.google.com/document/d/1_0BpAE1jGr94taUlgLfSWlJOYU5II9o7Y3ol0ym1eZQ/edit#heading=h.xm9mh7dh6bay) The final presentation of the day was Mark Johnston on Memory Management Improvements in FreeBSD 12.0. This talk provided a very nice overview of the memory management system in FreeBSD, and then detailed some of the recent improvements. Notes (https://docs.google.com/document/d/1gFQXxsHM66GQGMO4-yoeFRTcmOP4NK_ujVFHIQJi82U/edit#heading=h.uirc9jyyti7w) The conference wrapped up with the Work-in-Progress session, including updates on: multi-device-at-once GELI attach, MP-safe networking on NetBSD, pkgsrc, NetBSD in general, BSD on Microsoft Azure, Mothra (send-pr for bugzilla), BSDMizer a machine learning compiler optimizer, Hyperledger Sawtooth (blockchain), and finally VIMAGE and pf testing on FreeBSD. Notes (https://docs.google.com/document/d/1miHZEPrqrpCTh8JONmUKWDPYUmTuG2lbsVrWDtekvLc/edit#heading=h.orhedpjis5po) Group Photo (https://pbs.twimg.com/media/DOh1txnVoAAFKAa.jpg:large) BSDTW was a great conference. They are still considering if it should be an annual thing, trade off every 2nd year with AsiaBSDCon, or something else. In order to continue, BSD Taiwan requires more organizers and volunteers. They have regular meetups in Taipei if you are interested in getting involved. *** Lumina 1.4.0 released (https://lumina-desktop.org/version-1-4-0-released/) The Lumina Theme Engine (and associated configuration utility) The Lumina theme engine is a new component of the “core” desktop, and provides enhanced theming capabilities for the desktop as well as all Qt5 applications. While it started out life as a fork of the “qt5ct” utility, it quickly grew all sorts of new features and functionality such as system-defined color profiles, modular theme components, and built-in editors/creators for all components. The backend of this engine is a standardized theme plugin for the Qt5 toolkit, so that all Qt5 applications will now present a unified appearance (if the application does not enforce a specific appearance/theme of it's own). Users of the Lumina desktop will automatically have this plugin enabled: no special action is required. Please note that the older desktop theme system for Lumina has been rendered obsolete by the new engine, but a settings-conversion path has already been implemented which should transition your current settings to the new engine the first time you login to Lumina 1.4.0. Custom themes for the older system may not be converted though, but it is trivial to copy/paste any custom stylesheets from the old system into the editor for the new theme engine to register/re-apply them as desired. Lumina-Themes Repository I also want to give a shout-out to the trueos/lumina-themes github repository contributors. All of the wallpapers in the 1.4.0 screenshots I posted come from that package, and they are working on making more wallpapers, color palettes, and desktop styles for use with the Lumina Theme Engine. If your operating system does not currently provide a package for lumina-themes, I highly recommend that you make one as soon as possible! The Lumina PDF Viewer (lumina-pdf) This is a new, stand-alone desktop utility for viewing/printing/presenting PDF documents. It uses the poppler-qt5 library in the backend for rendering the document, but uses multi-threading in many ways (such as to speed up the loading of pages) to give the user a nice, streamlined utility for viewing PDF documents. There is also built-in presentation functionality which allows users to easily cast the document to a separate screen without mucking about in system menus or configuration utilities. Lumina PDF Viewer (1.4.0) Important Packaging Changes One significant change of note for people who are packaging Lumina for their particular operating system is that the minimum supported versions of Qt for Lumina have been changed with this release: lumina-core: Qt 5.4+ lumina-mediaplayer: Qt 5.7+ Everything else: Qt 5.2+ Of course, using the latest version of the Qt5 libraries is always recommended. When packaging for Linux distributions, the theme engine also requires the availability of some of the “-dev” packages for Qt itself when compiling the theme plugin. For additional information (specifically regarding Ubuntu builds), please take a look at a recent ticket on the Lumina repository. + The new lumina-pdf utility requires the availability of the “poppler-qt5” library. The includes for this library on Ubuntu 17.10 were found to be installed outside of the normal include directories, so a special rule for it was added to our OS-Detect file in the Lumina source tree. If your particular operating system also places the the poppler include files in a non-standard place, please patch that file or send us the information and we can add more special rules for your particular OS. Other Changes of Note (in no particular order) lumina-config: Add a new page for changing audio theme (login, logout, low battery) Add option to replace fluxbox with some other WM (with appropriate warnings) Have the “themes” page redirect to launching the Lumina theme engine configuration utility. start-lumina-desktop: Auto-detect the active X11 displays and create a new display for the Lumina session (prevent conflict with prior graphical sessions). Add a process-failure counter & restart mechanism. This is particularly useful for restarting Fluxbox from time to time (such as after any monitor addition/removal) lumina-xconfig: Restart fluxbox after making any monitor changes with xrandr. This ensures a more reliable session. Implement a new 2D monitor layout mechanism. This allows for the placement of monitors anywhere in the X/Y plane, with simplification buttons for auto-tiling the monitors in each dimension based on their current location. Add the ability to save/load monitor profiles. Distinguish between the “default” monitor arrangement and the “current” monitor arrangement. Allow the user to set the current arrangement as the new default. lumina-desktop: Completely revamp the icon loading mechanisms so it should auto-update when the theme changes. Speed up the initialization of the desktop quite a bit. Prevent loading/probing files in the “/net/” path for existence (assume they exist in the interest of providing shortcuts). On FreeBSD, these are special paths that actually pause the calling process in order to mount/load a network share before resuming the process, and can cause significant “hangs” in the desktop process. Add the ability to take a directory as a target for the wallpaper. This will open/probe the directory for any existing image files that it can use as a wallpaper and randomly select one. Remove the popup dialog prompting about system updates, and replace it with new “Restart (with updates)” buttons on the appropriate menus/windows instead. If no wallpapers selection is provided, try to use the “lumina-nature” wallpaper directory as the default, otherwise fall back on the original default wallpaper if the “lumina-themes” package is not installed. lumina-open: Make the *.desktop parsing a bit more flexible regarding quoted strings where there should not be any. If selecting which application to use, only overwrite the user-default app if the option is explicitly selected. lumina-fileinfo: Significant cleanup of this utility. Now it can be reliably used for creating/registering XDG application shortcuts. Add a whole host of new ZFS integrations: If a ZFS dataset is being examined, show all the ZFS properties for that dataset. If the file being examined exists within ZFS snapshots, show all the snapshots of the file lumina-fm: Significant use of additional multi-threading. Makes the loading of directories much faster (particularly ones with image files which need thumbnails) Add detection/warning when running as root user. Also add an option to launch a new instance of lumina-fm as the root user. [FreeBSD/TrueOS] Fix up the detection of the “External Devices” list to also list available devices for the autofs system. Fix up some drag and drop functionality. Expose the creation, extraction, and insertion of files into archives (requires lumina-archiver at runtime) Expand the “Open With” option into a menu of application suggestions in addition to the “Other” option which runs “lumina-open” to find an application. Provide an option to set the desktop wallpaper to the selected image file(s). (If the running desktop session is Lumina). lumina-mediaplayer: Enable the ability to playback local video files. (NOTE: If Qt5 is set to use the gstreamer multimedia backend, make sure you have the “GL” plugin installed for smooth video playback). lumina-archiver: Add CLI flags for auto-archive and auto-extract. This allows for programmatic/scriptable interactions with archives. That is not mentioning all of the little bugfixes, performance tweaks, and more that are also included in this release. *** The strongest KASLR, ever? (https://blog.netbsd.org/tnf/entry/the_strongest_kaslr_ever) Re: amd64: kernel aslr support (https://mail-index.netbsd.org/tech-kern/2017/11/14/msg022594.html) So, I did it. Now the kernel sections are split in sub-blocks, and are all randomized independently. See my drawing [1]. What it means in practice, is that Kernel ASLR is much more difficult to defeat: a cache attack will at most allow you to know that a given range is mapped as executable for example, but you don't know which sub-block of .text it is; a kernel pointer leak will at most allow you to reconstruct the layout of one sub-block, but you don't know the layout and address of the remaining blocks, and there can be many. The size and number of these blocks is controlled by the split-by-file parameter in Makefile.amd64. Right now it is set to 2MB, which produces a kernel with ~23 allocatable (ie useful at runtime) sections, which is a third of the total number supported (BTSPACENSEGS = 64). I will probably reduce this parameter a bit in the future, to 1.5MB, or even 1MB. All of that leaves us with about the most advanced KASLR implementation available out there. There are ways to improve it even more, but you'll have to wait a few weeks for that. If you want to try it out you need to make sure you have the latest versions of GENERICKASLR / prekern / bootloader. The instructions are still here, and haven't changed. Initial design As I said in the previous episode, I added in October a Kernel ASLR implementation in NetBSD for 64bit x86 CPUs. This implementation would randomize the location of the kernel in virtual memory as one block: a random VA would be chosen, and the kernel ELF sections would be mapped contiguously starting from there. This design had several drawbacks: one leak, or one successful cache attack, could be enough to reconstruct the layout of the entire kernel and defeat KASLR. NetBSD's new KASLR design significantly improves this situation. New design In the new design, each kernel ELF section is randomized independently. That is to say, the base addresses of .text, .rodata, .data and .bss are not correlated. KASLR is already at this stage more difficult to defeat, since you would need a leak or cache attack on each of the kernel sections in order to reconstruct the in-memory kernel layout. Then, starting from there, several techniques are used to strengthen the implementation even more. Sub-blocks The kernel ELF sections are themselves split in sub-blocks of approximately 1MB. The kernel therefore goes from having: { .text .rodata .data .bss } to having { .text .text.0 .text.1 ... .text.i .rodata .rodata.0 ... .rodata.j ... .data ...etc } As of today, this produces a kernel with ~33 sections, each of which is mapped at a random address and in a random order. This implies that there can be dozens of .text segments. Therefore, even if you are able to conduct a cache attack and determine that a given range of memory is mapped as executable, you don't know which sub-block of .text it is. If you manage to obtain a kernel pointer via a leak, you can at most guess the address of the section it finds itself in, but you don't know the layout of the remaining 32 sections. In other words, defeating this KASLR implementation is much more complicated than in the initial design. Higher entropy Each section is put in a 2MB-sized physical memory chunk. Given that the sections are 1MB in size, this leaves half of the 2MB chunk unused. Once in control, the prekern shifts the section within the chunk using a random offset, aligned to the ELF alignment constraint. This offset has a maximum value of 1MB, so that once shifted the section still resides in its initial 2MB chunk: The prekern then maps these 2MB physical chunks at random virtual addresses; but addresses aligned to 2MB. For example, the two sections in Fig. A will be mapped at two distinct VAs: There is a reason the sections are shifted in memory: it offers higher entropy. If we consider a .text.i section with a 64byte ELF alignment constraint, and give a look at the number of possibilities for the location of the section in memory: The prekern shifts the 1MB section in its 2MB chunk, with an offset aligned to 64 bytes. So there are (2MB-1MB)/(64B)=214 possibilities for the offset. Then, the prekern uses a 2MB-sized 2MB-aligned range of VA, chosen in a 2GB window. So there are (2GB-2MB)/(2MB)=210-1 possibilities for the VA. Therefore, there are 214x(210-1)˜224 possible locations for the section. As a comparison with other systems: OS # of possibilities Linux 2^6 MacOS 2^8 Windows 2^13 NetBSD 2^24 Of course, we are talking about one .text.i section here; the sections that will be mapped afterwards will have fewer location possibilities because some slots will be already occupied. However, this does not alter the fact that the resulting entropy is still higher than that of the other implementations. Note also that several sections have an alignment constraint smaller than 64 bytes, and that in such cases the entropy is even higher. Large pages There is also a reason we chose to use 2MB-aligned 2MB-sized ranges of VAs: when the kernel is in control and initializes itself, it can now use large pages to map the physical 2MB chunks. This greatly improves memory access performance at the CPU level. Countermeasures against TLB cache attacks With the memory shift explained above, randomness is therefore enforced at both the physical and virtual levels: the address of the first page of a section does not equal the address of the section itself anymore. It has, as a side effect, an interesting property: it can mostly mitigate TLB cache attacks. Such attacks operate at the virtual-page level; they will allow you to know that a given large page is mapped as executable, but you don't know where exactly within that page the section actually begins. Strong? This KASLR implementation, which splits the kernel in dozens of sub-blocks, randomizes them independently, while at the same time allowing for higher entropy in a way that offers large page support and some countermeasures against TLB cache attacks, appears to be the most advanced KASLR implementation available publicly as of today. Feel free to prove me wrong, I would be happy to know! WIP Even if it is in a functional state, this implementation is still a work in progress, and some of the issues mentioned in the previous blog post haven't been addressed yet. But feel free to test it and report any issue you encounter. Instructions on how to use this implementation can still be found in the previous blog post, and haven't changed since. See you in the next episode! News Roundup GhostBSD 11.1 Finally Ready and Available! (http://www.ghostbsd.org/11.1_release_announcement) Screenshots (https://imgur.com/a/Mu8xk) After a year of development, testing, debugging and working on our software package repository, we are pleased to announce the release of GhostBSD 11.1 is now available on 64-bit(amd64) architecture with MATE and XFCE Desktop on direct and torrent download. With 11.1 we drop 32-bit i386 supports, and we currently maintain our software packages repository for more stability. What's new on GhostBSD 11.1 GhostBSD software repository Support VMware Workstation Guest Features New UFS full disk mirroring option on the installer New UFS full disk MBR and GPT option on the installer New UFS full disk swap size option on the installer Whisker Menu as default Application menu on XFCE All software developed by GhostBSD is now getting updated ZFS configuration for disk What has been fixed on 11.1? Fix XFCE sound plugin Installer ZFS configuration file setting Installer ZFS setup appears to be incomplete The installer was not listing ZFS disk correctly. The installer The partition list was not deleted when pressing back XFCE and MATE shutdown/suspend/hibernate randomly missing Clicking 'GhostBSD Bugs' item in the Main menu -> 'System Tools' brings up 'Server not found' page XFCE installation - incorrect keyboard layout Locale setting not filling correctly Update Station tray icon The image checksum's, hybrid ISO(DVD, USB) images are available at GhostBSD (http://www.ghostbsd.org/download). *** p2k17 Hackathon Reports p2k17 Hackathon Report: Matthias Kilian on xpdf, haskell, and more (https://undeadly.org/cgi?action=article;sid=20171107034258) p2k17 Hackathon Report: Herzliche grusse vom Berlin (espie@ on mandoc, misc packages progress) (https://undeadly.org/cgi?action=article;sid=20171107185122) p2k17 Hackathon Report: Paul Irofti (pirofti@) on hotplugd(8), math ports, xhci(4) and other kernel advancements (https://undeadly.org/cgi?action=article;sid=20171107225258) p2k17 Hackathon report: Jeremy Evans on ruby progress, postgresql and webdriver work (https://undeadly.org/cgi?action=article;sid=20171108072117) p2k17 Hackathon report: Christian Weisgerber on random devices, build failures and gettext (https://undeadly.org/cgi?action=article;sid=20171109171447) p2k17 Hackathon report: Sebastian Reitenbach on Puppet progress (https://undeadly.org/cgi?action=article;sid=20171110124645) p2k17 Hackathon Report: Anthony J. Bentley on firmware, games and securing pkg_add runs (https://undeadly.org/cgi?action=article;sid=20171110124656) p2k17 Hackathon Report: Landry Breuil on Mozilla things and much more (https://undeadly.org/cgi?action=article;sid=20171113091807) p2k17 Hackathon report: Florian Obser on network stack progress, kernel relinking and more (https://undeadly.org/cgi?action=article;sid=20171113235334) p2k17 Hackathon report: Antoine Jacoutot on ports+packages progress (https://undeadly.org/cgi?action=article;sid=20171120075903) *** TrueOS Talks Tech and Open Source at Pellissippi State (https://www.trueos.org/blog/trueos-talks-tech-open-source-pellissippi-state/) Ken Moore of the TrueOS project presented a talk to the AITP group at Pellissippi State today entitled “It's A Unix(-like) system? An Introduction to TrueOS and Open source”. Joshua Smith of the TrueOS project was also in attendance. We were happy to see a good attendance of about 40 individuals that came to hear more about TrueOS and how we continue to innovate along with the FreeBSD project. Many good questions were raised about development, snapshots, cryptocurrency, and cyber-security. We've included a copy of the slides if you'd like to have a look at the talk on open source. We'd like to offer a sincere thanks to everyone who attended and offer an extended invitation for you to join us at our KnoxBUG group on October 30th @ the iXsystems offices! We hope to see you soon! Open Source Talk – Slideshare PDF (https://web.trueos.org/wp-content/uploads/2017/10/Open-Source-Talk.pdf) KnoxBug - Lumina Rising : Challenging Desktop Orthodoxy (http://knoxbug.org/content/octobers-talk-available-youtube) Ken gave his talk about the new Lumina 2.0 Window Manager that he gave at Ohio LinuxFest 2017 KnoxBUG October 2017 (https://youtu.be/w3ZrqxLTnIU) (OLF 2017) Lumina Rising: Challenging Desktop Orthodoxy (https://www.slideshare.net/beanpole135/olf-2017-lumina-rising-challenging-desktop-orthodoxy) *** Official OpenBSD 6.2 CD set - the only one to be made! (https://undeadly.org/cgi?action=article;sid=20171118190325) Our dear friend Bob Beck (beck@) writes: So, again this release the tradition of making Theo do art has continued! Up for sale by auction to the highest bidder on Ebay is the only OpenBSD 6.2 CD set to be produced. The case and CD's feature the 6.2 artwork, custom drawn and signed by Theo. All proceeds to support OpenBSD Go have a look at the auction As with previous OpenBSD auctions, if you are not the successful bidder, we would like to encourage you to donate the equivalent of you highest bid to the project. The Auction (https://www.ebay.ca/itm/Official-OpenBSD-6-2-CD-Set/253265944606) *** Beastie Bits HAMMER2 userspace on Linux (http://lists.dragonflybsd.org/pipermail/users/2017-October/313646.html) OpenBSD Porting Workshop (now changed to January 3, 2018) (http://www.nycbug.org/index.cgi?action=view&id=10655) Matt Ahrens on when Native Encryption for ZFS will land (https://twitter.com/mahrens1/status/921204908094775296) The first successful build of OpenBSD base system (http://nanxiao.me/en/the-first-successful-build-of-openbsd-base-system/) KnoxBug November Meeting (https://www.meetup.com/KnoxBUG-BSD-Linux-and-FOSS-Users-Unite/events/245291204/) Absolute FreeBSD, 3rd Edition, pre-orders available (https://www.michaelwlucas.com/os/af3e) Feedback/Questions Jon - Jails and Networking (http://dpaste.com/2BEW0HB#wrap) Nathan - bhyve Provisioning (http://dpaste.com/1GHSYJS#wrap) Lian - OpenSSL jumping the Shark (http://dpaste.com/18P8D8C#wrap) Kim - Suggestions (http://dpaste.com/1VE0K9E#wrap) ***
Marcia and Grey interviewed Ken in home in Santa Cruz to discuss the importance of the removal of invasive, non-native plant species. We also learn how one man can create and lead an amazing team of volunteers to do this hard but necessary work. This shows one person can make a BIG difference. I hope you enjoyed Part 1 of Ken Moore’s interview that gave a personal history of how he became the weed warrior and how he fell in love with nature! In today’s show, Part 2, Ken talks more about the creation of the Wildlands Restoration Team. A team that is 100% volunteer based. They literally hand picked invasive species like scotch broom, pampas grass and English ivy until they were no more in areas around the Santa Cruz Area. Ken also emphasizes how this work must continue and offers resources for anyone interested in carrying out this hard, but necessary work. Invasive species are detrimental for the growth of the native grasses that should be growing. Not allowing native plants to get through, affects the entire ecosystem as Ken explains, we lose biodiversity. Please visit Ken’s volunteer page: wildwork.org – maybe you will be the next person to kickstart the weed warrior movement! Other Resources: Invasive Plant Species Council: http://www.invasiveplantcontrol.com/about.html California Invasive Plant Council: http://www.cal-ipc.org/solutions/management/
Marcia and Grey speak with Ken in his beautiful home in Santa Cruz to discuss Ken's 50 years and more involvment with eradicating invasive plant species. He shares some great volunteer stories and his own personal story of how he began to appreciate the natural world. More information on the Wildlands Restoration Team: http://www.wildwork.org Video with Ken showing how to eradicate an invasive acacia properly: https://vimeo.com/96632623
We recap EuroBSDcon in Paris, tell the story behind a pf PR, and show you how to do screencasting with OpenBSD. This episode was brought to you by Headlines Recap of EuroBSDcon 2017 in Paris, France (https://2017.eurobsdcon.org) EuroBSDcon was held in Paris, France this year, which drew record numbers this year. With over 300 attendees, it was the largest BSD event I have ever attended, and I was encouraged by the higher than expected number of first time attendees. The FreeBSD Foundation held a board meeting on Wednesday afternoon with the members who were in Paris. Topics included future conferences (including a conference kit we can mail to people who want to represent FreeBSD) and planning for next year. The FreeBSD Devsummit started on Thursday at the beautiful Mozilla Office in Paris. After registering and picking up our conference bag, everyone gathered for a morning coffee with lots of handshaking and greeting. We then gathered in the next room which had a podium with microphone, screens as well as tables and chairs. After developers sat down, Benedict opened the devsummit with a small quiz about France for developers to win a Mogics Power Bagel (https://www.mogics.com/?page_id=3824). 45 developers participated and DES won the item in the end. After introductions and collecting topics of interest from everyone, we started with the Work in Progress (WIP) session. The WIP session had different people present a topic they are working on in 7 minute timeslots. Topics ranged from FreeBSD Forwarding Performance, fast booting options, and a GELI patch under review to attach multiple providers. See their slides on the FreeBSD wiki (https://wiki.freebsd.org/DevSummit/201709). After lunch, the FreeBSD Foundation gave a general update on staff and funding, as well as a more focused presentation about our partnership with Intel. People were interested to hear what was done so far and asked a few questions to the Intel representative Glenn Weinberg. After lunch, developers worked quietly on their own projects. The mic remained open and occasionally, people would step forward and gave a short talk without slides or motivated a discussion of common interest. The day concluded with a dinner at a nice restaurant in Paris, which allowed to continue the discussions of the day. The second day of the devsummit began with a talk about the CAM-based SDIO stack by Ilya Bakulin. His work would allow access to wifi cards/modules on embedded boards like the Raspberry Pi Zero W and similar devices as many of these are using SDIO for data transfers. Next up was a discussion and Q&A session with the FreeBSD core team members who were there (missing only Benno Rice, Kris Moore, John Baldwin, and Baptiste Daroussin, the latter being busy with conference preparations). The new FCP (FreeBSD community proposals) were introduced for those who were not at BSDCan this year and the hows and whys about it. Allan and I were asked to describe our experiences as new members of core and we encouraged people to run for core when the next election happens. After a short break, Scott Long gave an overview of the work that's been started on NUMA (Non-Uniform Memory Architecture), what the goals of the project are and who is working on it. Before lunch, Christian Schwarz presented his work on zrepl, a new ZFS replication solution he developed using Go. This sparked interest in developers, a port was started (https://reviews.freebsd.org/D12462) and people suggested to Christian that he should submit his talk to AsiaBSDcon and BSDCan next year. Benedict had to leave before lunch was done to teach his Ansible tutorial (which was well attended) at the conference venue. There were organized dinners, for those two nights, quite a feat of organization to fit over 100 people into a restaurant and serve them quickly. On Saturday, there was a social event, a river cruise down the Seine. This took the form of a ‘standing' dinner, with a wide selection of appetizer type dishes, designed to get people to walk around and converse with many different people, rather than sit at a table with the same 6-8 people. I talked to a much larger group of people than I had managed to at the other dinners. I like having both dinner formats. We would also like to thank all of the BSDNow viewers who attended the conference and made the point of introducing themselves to us. It was nice to meet you all. The recordings of the live video stream from the conference are available immediately, so you can watch the raw versions of the talks now: Auditorium Keynote 1: Software Development in the Age of Heroes (https://youtu.be/4iR8g9-39LM?t=179) by Thomas Pornin (https://twitter.com/BearSSLnews) Tuning FreeBSD for routing and firewalling (https://youtu.be/4iR8g9-39LM?t=1660) by Olivier Cochard-Labbé (https://twitter.com/ocochardlabbe) My BSD sucks less than yours, Act I (https://youtu.be/4iR8g9-39LM?t=7040) by Antoine Jacoutot (https://twitter.com/ajacoutot) and Baptiste Daroussin (https://twitter.com/_bapt_) My BSD sucks less than yours, Act II (https://youtu.be/4iR8g9-39LM?t=14254) by Antoine Jacoutot (https://twitter.com/ajacoutot) and Baptiste Daroussin (https://twitter.com/_bapt_) Reproducible builds on NetBSD (https://youtu.be/4iR8g9-39LM?t=23351) by Christos Zoulas Your scheduler is not the problem (https://youtu.be/4iR8g9-39LM?t=26845) by Martin Pieuchot Keynote 2: A French story on cybercrime (https://youtu.be/4iR8g9-39LM?t=30540) by Éric Freyssinet (https://twitter.com/ericfreyss) Case studies of sandboxing base system with Capsicum (https://youtu.be/jqdHYEH_BQY?t=731) by Mariusz Zaborski (https://twitter.com/oshogbovx) OpenBSD's small steps towards DTrace (a tale about DDB and CTF) (https://youtu.be/jqdHYEH_BQY?t=6030) by Jasper Lievisse Adriaanse The Realities of DTrace on FreeBSD (https://youtu.be/jqdHYEH_BQY?t=13096) by George Neville-Neil (https://twitter.com/gvnn3) OpenSMTPD, current state of affairs (https://youtu.be/jqdHYEH_BQY?t=16818) by Gilles Chehade (https://twitter.com/PoolpOrg) Hoisting: lessons learned integrating pledge into 500 programs (https://youtu.be/jqdHYEH_BQY?t=21764) by Theo de Raadt Keynote 3: System Performance Analysis Methodologies (https://youtu.be/jqdHYEH_BQY?t=25463) by Brendan Gregg (https://twitter.com/brendangregg) Closing Session (https://youtu.be/jqdHYEH_BQY?t=29355) Karnak “Is it done yet ?” The never ending story of pkg tools (https://youtu.be/1hjzleqGRYk?t=71) by Marc Espie (https://twitter.com/espie_openbsd) A Tale of six motherboards, three BSDs and coreboot (https://youtu.be/1hjzleqGRYk?t=7498) by Piotr Kubaj and Katarzyna Kubaj State of the DragonFly's graphics stack (https://youtu.be/1hjzleqGRYk?t=11475) by François Tigeot From NanoBSD to ZFS and Jails – FreeBSD as a Hosting Platform, Revisited (https://youtu.be/1hjzleqGRYk?t=16227) by Patrick M. Hausen Bacula – nobody ever regretted making a backup (https://youtu.be/1hjzleqGRYk?t=20069) by Dan Langille (https://twitter.com/DLangille) Never Lose a Syslog Message (https://youtu.be/qX0BS4P65cQ?t=325) by Alexander Bluhm Running CloudABI applications on a FreeBSD-based Kubernetes cluster (https://youtu.be/qX0BS4P65cQ?t=5647) by Ed Schouten (https://twitter.com/EdSchouten) The OpenBSD web stack (https://youtu.be/qX0BS4P65cQ?t=13255) by Michael W. Lucas (https://twitter.com/mwlauthor) The LLDB Debugger on NetBSD (https://youtu.be/qX0BS4P65cQ?t=16835) by Kamil Rytarowski What's in store for NetBSD 8.0? (https://youtu.be/qX0BS4P65cQ?t=21583) by Alistair Crooks Louxor A Modern Replacement for BSD spell(1) (https://youtu.be/6Nen6a1Xl7I?t=156) by Abhinav Upadhyay (https://twitter.com/abhi9u) Portable Hotplugging: NetBSD's uvm_hotplug(9) API development (https://youtu.be/6Nen6a1Xl7I?t=5874) by Cherry G. Mathew Hardening pkgsrc (https://youtu.be/6Nen6a1Xl7I?t=9343) by Pierre Pronchery (https://twitter.com/khorben) Discovering OpenBSD on AWS (https://youtu.be/6Nen6a1Xl7I?t=14874) by Laurent Bernaille (https://twitter.com/lbernail) OpenBSD Testing Infrastructure Behind bluhm.genua.de (https://youtu.be/6Nen6a1Xl7I?t=18639) by Jan Klemkow The school of hard knocks – PT1 (https://youtu.be/8wuW8lfsVGc?t=276) by Sevan Janiyan (https://twitter.com/sevanjaniyan) 7 years of maintaining firefox, and still looking ahead (https://youtu.be/8wuW8lfsVGc?t=5321) by Landry Breuil Branch VPN solution based on OpenBSD, OSPF, RDomains and Ansible (https://youtu.be/8wuW8lfsVGc?t=12385) by Remi Locherer Running BSD on AWS (https://youtu.be/8wuW8lfsVGc?t=15983) by Julien Simon and Nicolas David Getting started with OpenBSD device driver development (https://youtu.be/8wuW8lfsVGc?t=21491) by Stefan Sperling A huge thanks to the organizers, program committee, and sponsors of EuroBSDCon. Next year, EuroBSDcon will be in Bucharest, Romania. *** The story of PR 219251 (https://www.sigsegv.be//blog/freebsd/PR219251) The actual story I wanted Kristof to tell, the pf bug he fixed at the Essen Hackathon earlier this summer. As I threatened to do in my previous post, I'm going to talk about PR 219251 for a bit. The bug report dates from only a few months ago, but the first report (that I can remeber) actually came from Shawn Webb on Twitter, of all places Despite there being a stacktrace it took quite a while (nearly 6 months in fact) before I figured this one out. It took Reshad Patuck managing to distill the problem down to a small-ish test script to make real progress on this. His testcase meant that I could get core dumps and experiment. It also provided valuable clues because it could be tweaked to see what elements were required to trigger the panic. This test script starts a (vnet) jail, adds an epair interface to it, sets up pf in the jail, and then reloads the pf rules on the host. Interestingly the panic does not seem to occur if that last step is not included. Obviously not the desired behaviour, but it seems strange. The instances of pf in the jails are supposed to be separate. We try to fetch a counter value here, but instead we dereference a bad pointer. There's two here, so already we need more information. Inspection of the core dump reveals that the state pointer is valid, and contains sane information. The rule pointer (rule.ptr) points to a sensible location, but the data is mostly 0xdeadc0de. This is the memory allocator being helpful (in debug mode) and writing garbage over freed memory, to make use-after-free bugs like this one easier to find. In other words: the rule has been free()d while there was still a state pointing to it. Somehow we have a state (describing a connection pf knows about) which points to a rule which no longer exists. The core dump also shows that the problem always occurs with states and rules in the default vnet (i.e. the host pf instance), not one of the pf instances in one of the vnet jails. That matches with the observation that the test script does not trigger the panic unless we also reload the rules on the host. Great, we know what's wrong, but now we need to work out how we can get into this state. At this point we're going to have to learn something about how rules and states get cleaned up in pf. Don't worry if you had no idea, because before this bug I didn't either. The states keep a pointer to the rule they match, so when rules are changed (or removed) we can't just delete them. States get cleaned up when connections are closed or they time out. This means we have to keep old rules around until the states that use them expire. When rules are removed pfunlinkrule() adds then to the Vpfunlinkedrules list (more on that funny V prefix later). From time to time the pf purge thread will run over all states and mark the rules that are used by a state. Once that's done for all states we know that all rules that are not marked as in-use can be removed (because none of the states use it). That can be a lot of work if we've got a lot of states, so pfpurgethread() breaks that up into smaller chuncks, iterating only part of the state table on every run. We iterate over all of our virtual pf instances (VNETFOREACH()), check if it's active (for FreeBSD-EN-17.08, where we've seen this code before) and then check the expired states with pfpurgeexpiredstates(). We start at state 'idx' and only process a certain number (determined by the PFTMINTERVAL setting) states. The pfpurgeexpiredstates() function returns a new idx value to tell us how far we got. So, remember when I mentioned the odd V_ prefix? Those are per-vnet variables. They work a bit like thread-local variables. Each vnet (virtual network stack) keeps its state separate from the others, and the V_ variables use a pointer that's changed whenever we change the currently active vnet (say with CURVNETSET() or CURVNETRESTORE()). That's tracked in the 'curvnet' variable. In other words: there are as many Vpfvnetactive variables as there are vnets: number of vnet jails plus one (for the host system). Why is that relevant here? Note that idx is not a per-vnet variable, but we handle multiple pf instances here. We run through all of them in fact. That means that we end up checking the first X states in the first vnet, then check the second X states in the second vnet, the third X states in the third and so on and so on. That of course means that we think we've run through all of the states in a vnet while we really only checked some of them. So when pfpurgeunlinkedrules() runs it can end up free()ing rules that actually are still in use because pfpurgethread() skipped over the state(s) that actually used the rule. The problem only happened if we reloaded rules in the host, because the active ruleset is never free()d, even if there are no states pointing to the rule. That explains the panic, and the fix is actually quite straightforward: idx needs to be a per-vnet variable, Vpfpurge_idx, and then the problem is gone. As is often the case, the solution to a fairly hard problem turns out to be really simple. As you might expect, finding the problem takes a lot more work that fixing it Thanks to Kristof for writing up this detailed post explaining how the problem was found, and what caused it. *** vBSDcon 2017: BSD at Work (https://www.ixsystems.com/blog/vbsdcon-2017-dexter/) The third biennial vBSDcon hosted by Verisign took place September 7th through 9th with the FreeBSD Developer Summit taking place the first day. vBSDcon and iXsystems' MeetBSD event have been alternating between the East and West coasts of the U.S.A. and these two events play vital roles in reaching Washington, DC-area and Bay Area/Silicon Valley audiences. Where MeetBSD serves many BSD Vendors, vBSDcon attracts a unique government and security industry demographic that isn't found anywhere else. Conference time and travel budgets are always limited and bringing these events to their attendees is a much-appreciated service provided by their hosts. The vBSDcon FreeBSD DevSummit had a strong focus on OpenZFS, the build system and networking with the FreeBSD 12 wish list of features in mind. How to best incorporate the steady flow of new OpenZFS features into FreeBSD such as dataset-level encryption was of particular interest. This feature from a GNU/Linux-based storage vendor is tribute to the growth of the OpenZFS community which is vital in light of the recent “Death of Solaris and ZFS” at Oracle. There has never been more demand for OpenZFS on FreeBSD and the Oracle news further confirms our collective responsibility to meet that demand. The official conference opened with my talk on “Isolated BSD Build Environments” in which I explained how the bhyve hypervisor can be used to effortlessly tour FreeBSD 5.0-onward and build specific source releases on demand to trace regressions to their offending commit. I was followed by a FreeNAS user who made the good point that FreeNAS is an exemplary “entry vector” into Unix and Enterprise Storage fundamentals, given that many of the vectors our generation had are gone. Where many of us discovered Unix and the Internet via console terminals at school or work, smart phones are only delivering the Internet without the Unix. With some irony, both iOS and Android are Unix-based yet offer few opportunities for their users to learn and leverage their Unix environments. The next two talks were The History and Future of Core Dumps in FreeBSD by Sam Gwydir and Using pkgsrc for multi-platform deployments in heterogeneous environments by G. Clifford Williams. I strongly recommend that anyone wanting to speak at AsiaBSDCon read Sam's accompanying paper on core dumps because I consider it the perfect AsiaBSDCon topic and his execution is excellent. Core dumps are one of those things you rarely think about until they are a DROP EVERYTHING! priority. G. Clifford's talk was about what I consider a near-perfect BSD project: pkgsrc, the portable BSD package manager. I put it up there with OpenSSH and mandoc as projects that have provided significant value to other Open Source operating systems. G. Clifford's real-world experiences are perfectly inline with vBSDcon's goal to be more production-oriented than other BSDCons. Of the other talks, any and all Dtrace talks are always appreciated and George Neville-Neil's did not disappoint. He based it on his experiences with the Teach BSD project which is bringing FreeBSD-based computer science education to schools around the world. The security-related talks by John-Mark Gurney, Dean Freeman and Michael Shirk also represented vBSDcon's consideration of the local community and made a convincing point that the BSDs should make concerted efforts to qualify for Common Criteria, FIPS, and other Government security requirements. While some security experts will scoff at these, they are critical to the adoption of BSD-based products by government agencies. BSD Now hosts Allan Jude and Benedict Reuschling hosted an OpenZFS BoF and Ansible talk respectively and I hosted a bhyve hypervisor BoF. The Hallway Track and food at vBSDcon were excellent and both culminated with an after-dinner dramatic reading of Michael W. Lucas' latest book that raised money for the FreeBSD Foundation. A great time was had by all and it was wonderful to see everyone! News Roundup FreeBSD 10.4-RC2 Available (https://lists.freebsd.org/pipermail/freebsd-stable/2017-September/087848.html) FreeBSD 10.4 will be released soon, this is the last chance to find bugs before the official release is cut. Noteworthy Changes Since 10.4-RC1: Given that the amd64 disc1 image was overflowing, more of the base components installed into the disc1 (live) file systems had to be disabled. Most notably, this removed the compiler toolchain from the disc1 images. All disabled tools are still available with the dvd1 images, though. The aesni(4) driver now no longer shares a single FPU context across multiple sessions in multiple threads, addressing problems seen when employing aesni(4) for ipsec(4). Support for netmap(4) by the ixgbe(4) driver has been brought into line with the netmap(4) API present in stable/10. Also, ixgbe(4) now correctly handles VFs in its netmap(4) support again instead of treating these as PFs. During the creation of amd64 and i386 VM images, etcupdate(8) and mergemaster(8) databases now are bootstrapped, akin to what happens along the extraction of base.txz as part of a new installation via bsdinstall(8). This change allows for both of these tools to work out-of-box on the VM images and avoids errors seen when upgrading these images via freebsd-update(8). If you are still on the stable/10 branch, you should test upgrading to 10.4, and make sure there are no problems with your workload Additional testing specifically of the features that have changed since 10.4-BETA1 would also be most helpful This will be the last release from the stable/10 branch *** OpenBSD changes of note 628 (https://www.tedunangst.com/flak/post/openbsd-changes-of-note-628) EuroBSDCon in two weeks. Be sure to attend early and often. Many and various documentation improvements for libcrypto. New man pages, rewrites, expanded bugs sections, and more. Only allow upward migration in vmd. There's a README for the syspatch build system if you want to run your own. Move the kernel relinking code from /etc/rc into a seperate script usable by syspatch. Kernel patches can now be reduced to just the necessary files. Make the callers of sogetopt() responsible for allocating memory. Now allocation and free occur in the same place. Use waitpid() instead of wait() in most programs to avoid accidentally collecting the wrong child. Have cu call isatty() before making assumptions. Switch mandoc rendering of mathematical symbols and greek letters from trying to imitate the characters' graphical shapes, which resulted in unintelligible renderings in many cases, to transliterations conveying the characters' meanings. Update libexpat to 2.2.4. Fix copying partial UTF-8 characters. Sigh, here we go again. Work around bug in F5's handling of the supported elliptic curves extension. RFC 4492 only defines elliptic_curves for ClientHello. However, F5 is sending it in ServerHello. We need to skip over it since our TLS extension parsing code is now more strict. After a first install, run syspatch -c to check for patches. If SMAP is present, clear PSL_AC on kernel entry and interrupt so that only the code in copy{in,out}* that need it run with it set. Panic if it's set on entry to trap() or syscall(). Prompted by Maxime Villard's NetBSD work. Errata. New drivers for arm: rktemp, mvpinctrl, mvmpic, mvneta, mvmdio, mvpxa, rkiic, rkpmic. No need to exec rm from within mandoc. We know there's exactly one file and directory to remove. Similarly with running cmp. Revert to Mesa 13.0.6 to hopefully address rendering issues a handful of people have reported with xpdf/fvwm on ivy bridge with modesetting driver. Rewrite ALPN extension using CBB/CBS and the new extension framework. Rewrite SRTP extension using CBB/CBS and the new extension framework. Revisit 2q queue sizes. Limit the hot queue to 1/20th the cache size up to a max of 4096 pages. Limit the warm and cold queues to half the cache. This allows us to more effectively notice re-interest in buffers instead of losing it in a large hot queue. Add glass console support for arm64. Probably not yet for your machine, though. Replace heaps of hand-written syscall stubs in ld.so with a simpler framework. 65535 is a valid port to listen on. When xinit starts an X server that listens only on UNIX socket, prefer DISPLAY=unix:0 rather than DISPLAY=:0. This will prevent applications from ever falling back to TCP if the UNIX socket connection fails (such as when the X server crashes). Reverted. Add -z and -Z options to apmd to auto suspend or hibernate when low on battery. Remove the original (pre-IETF) chacha20-poly1305 cipher suites. Add urng(4) which supports various USB RNG devices. Instead of adding one driver per device, start bundling them into a single driver. Remove old deactivated pledge path code. A replacement mechanism is being brewed. Fix a bug from the extension parsing rewrite. Always parse ALPN even if no callback has been installed to prevent leaving unprocessed data which leads to a decode error. Clarify what is meant by syslog priorities being ordered, since the numbers and priorities are backwards. Remove a stray setlocale() from ksh, eliminating a lot of extra statically linked code. Unremove some NPN symbols from libssl because ports software thinks they should be there for reasons. Fix saved stack location after resume. Somehow clang changed it. Resume works again on i386. Improve error messages in vmd and vmctl to be more informative. Stop building the miniroot installer for OMAP3 Beagleboards. It hasn't worked in over a year and nobody noticed. Have the callers of sosetopt() free the mbuf for symmetry. On octeon, let the kernel use the hardware FPU even if emulation is compiled in. It's faster. Fix support for 486DX CPUs by not calling cpuid. I used to own a 486. Now I don't. Merge some drm fixes from linux. Defer probing of floppy drives, eliminating delays during boot. Better handling of probes and beacons and timeouts and scans in wifi stack to avoid disconnects. Move mutex, condvar, and thread-specific data routes, pthreadonce, and pthreadexit from libpthread to libc, along with low-level bits to support them. Let's thread aware (but not actually threaded) code work with just libc. New POSIX xlocale implementation. Complete as long as you only use ASCII and UTF-8, as you should. Round and round it goes; when 6.2 stops, nobody knows. A peak at the future? *** Screencasting with OpenBSD (http://eradman.com/posts/screencasting.html) USB Audio Any USB microphone should appear as a new audio device. Here is the dmesg for my mic by ART: uaudio0 at uhub0 port 2 configuration 1 interface 0 "M-One USB" rev 1.10/0.01 addr 2 uaudio0: audio rev 1.00, 8 mixer controls audio1 at uaudio0 audioctl can read off all of the specific characterisitcs of this device $ audioctl -f /dev/audio1 | grep record mode=play,record record.rate=48000 record.channels=1 record.precision=16 record.bps=2 record.msb=1 record.encoding=slinear_le record.pause=0 record.active=0 record.block_size=1960 record.bytes=0 record.errors=0 Now test the recording from the second audio device using aucat(1) aucat -f rsnd/1 -o file.wav If the device also has a headset audio can be played through the same device. aucat -f rsnd/1 -i file.wav Screen Capture using Xvfb The rate at which a framebuffer for your video card is a feature of the hardware and software your using, and it's often very slow. x11vnc will print an estimate of the banwidth for the system your running. x11vnc ... 09/05/2012 22:23:45 fb read rate: 7 MB/sec This is about 4fps. We can do much better by using a virtual framebuffer. Here I'm setting up a new screen, setting the background color, starting cwm and an instance of xterm Xvfb :1 -screen 0 720x540x16 & DISPLAY=:1 xsetroot -solid steelblue & DISPLAY=:1 cwm & DISPLAY=:1 xterm +sb -fa Hermit -fs 14 & Much better! Now we're up around 20fps. x11vnc -display :1 & ... 11/05/2012 18:04:07 fb read rate: 168 MB/sec Make a connection to this virtual screen using raw encoding to eliminate time wasted on compression. vncviewer localhost -encodings raw A test recording with sound then looks like this ffmpeg -f sndio -i snd/1 -y -f x11grab -r 12 -s 800x600 -i :1.0 -vcodec ffv1 ~/out.avi Note: always stop the recording and playback using q, not Ctrl-C so that audio inputs are shut down properly. Screen Capture using Xephyr Xephyr is perhaps the easiest way to run X with a shadow framebuffer. This solution also avoids reading from the video card's RAM, so it's reasonably fast. Xephyr -ac -br -noreset -screen 800x600 :1 & DISPLAY=:1 xsetroot -solid steelblue & DISPLAY=:1 cwm & DISPLAY=:1 xrdb -load ~/.Xdefaults & DISPLAY=:1 xterm +sb -fa "Hermit" -fs 14 & Capture works in exactally the same way. This command tries to maintain 12fps. ffmpeg -f sndio -i snd/1 -y -f x11grab -r 12 -s 800x600 -i :1.0 -vcodec ffv1 -acodec copy ~/out.avi To capture keyboard and mouse input press Ctrl then Shift. This is very handy for using navigating a window manager in the nested X session. Arranging Windows I have sometimes found it helpful to launch applications and arrange them in a specific way. This will open up a web browser listing the current directory and position windows using xdotool DISPLAY=:1 midori "file:///pwd" & sleep 2 DISPLAY=:1 xdotool search --name "xterm" windowmove 0 0 DISPLAY=:1 xdotool search --class "midori" windowmove 400 0 DISPLAY=:1 xdotool search --class "midori" windowsize 400 576 This will position the window precisely so that it appears to be in a tmux window on the right. Audio/Video Sync If you find that the audio is way out of sync with the video, you can ajust the start using the -ss before the audio input to specify the number of seconds to delay. My final recording command line, that delays the audio by 0.5 seconds, writing 12fps ffmpeg -ss 0.5 -f sndio -i snd/1 -y -f x11grab -r 12 -s 800x600 -i :1.0 -vcodec ffv1 -acodec copy ~/out.avi Sharing a Terminal with tmux If you're trying to record a terminal session, tmux is able to share a session. In this way a recording of an X framebuffer can be taken without even using the screen. Start by creating the session. tmux -2 -S /tmp/tmux0 Then on the remote side connect on the same socket tmux -2 -S /tmp/tmux0 attach Taking Screenshots Grabbing a screenshots on Xvfb server is easily accomplished with ImageMagick's import command DISPLAY=:1 import -window root screenshot.png Audio Processing and Video Transcoding The first step is to ensure that the clip begins and ends where you'd like it to. The following will make a copy of the recording starting at time 00:00 and ending at 09:45 ffmpeg -i interactive-sql.avi -vcodec copy -acodec copy -ss 00:00:00 -t 00:09:45 interactive-sql-trimmed.avi mv interactive-sql-trimmed.avi interactive-sql.avi Setting the gain correctly is very important with an analog mixer, but if you're using a USB mic there may not be a gain option; simply record using it's built-in settings and then adjust the levels afterwards using a utility such as normalize. First extact the audio as a raw PCM file and then run normalize ffmpeg -i interactive-sql.avi -c:a copy -vn audio.wav normalize audio.wav Next merge the audio back in again ffmpeg -i interactive-sql.avi -i audio.wav -map 0:0 -map 1:0 -c copy interactive-sql-normalized.avi The final step is to compress the screencast for distribution. Encoding to VP8/Vorbis is easy: ffmpeg -i interactive-sql-normalized.avi -c:v libvpx -b:v 1M -c:a libvorbis -q:a 6 interactive-sql.webm H.264/AAC is tricky. For most video players the color space needs to be set to yuv420p. The -movflags puts the index data at the beginning of the file to enable streaming/partial content requests over HTTP: ffmpeg -y -i interactive-sql-normalized.avi -c:v libx264 -preset slow -crf 14 -pix_fmt yuv420p -movflags +faststart -c:a aac -q:a 6 interactive-sql.mp4 TrueOS @ Ohio Linuxfest '17! (https://www.trueos.org/blog/trueos-ohio-linuxfest-17/) Dru Lavigne and Ken Moore are both giving presentations on Saturday the 30th. Sit in and hear about new developments for the Lumina and FreeNAS projects. Ken is offering Lumina Rising: Challenging Desktop Orthodoxy at 10:15 am in Franklin A. Hear his thoughts about the ideas propelling desktop environment development and how Lumina, especially Lumina 2, is seeking to offer a new model of desktop architecture. Elements discussed include session security, application dependencies, message handling, and operating system integration. Dru is talking about What's New in FreeNAS 11 at 2:00 pm in Franklin D. She'll be providing an overview of some of the new features added in FreeNAS 11.0, including: Alert Services Starting specific services at boot time AD Monitoring to ensure the AD service restarts if disconnected A preview of the new user interface support for S3-compatible storage and the bhyve hypervisor She's also giving a sneak peek of FreeNAS 11.1, which has some neat features: A complete rewrite of the Jails/Plugins system as FreeNAS moves from warden to iocage Writing new plugins with just a few lines of code A brand new asynchronous middleware API Who's going? Attending this year are: Dru Lavigne (dlavigne): Dru leads the technical documentation team at iX, and contributes heavily to open source documentation projects like FreeBSD, FreeNAS, and TrueOS. Ken Moore (beanpole134): Ken is the lead developer of Lumina and a core contributor to TrueOS. He also works on a number of other Qt5 projects for iXsystems. J.T. Pennington (q5sys): Some of you may be familiar with his work on BSDNow, but J.T. also contributes to the TrueOS, Lumina, and SysAdm projects, helping out with development and general bug squashing. *** Beastie Bits Lumina Development Preview: Theme Engine (https://www.trueos.org/blog/lumina-development-preview-theme-engine/) It's happening! Official retro Thinkpad lappy spotted in the wild (https://www.theregister.co.uk/2017/09/04/retro_thinkpad_spotted_in_the_wild/) LLVM libFuzzer and SafeStack ported to NetBSD (https://blog.netbsd.org/tnf/entry/llvm_libfuzzer_and_safestack_ported) Remaining 2017 FreeBSD Events (https://www.freebsdfoundation.org/news-and-events/event-calendar/2017-openzfs-developer-summit/) *** Feedback/Questions Andrew - BSD Teaching Material (http://dpaste.com/0YTT0VP) Seth - Switching to Tarsnap after Crashplan becomes no more (http://dpaste.com/1SK92ZX#wrap) Thomas - Native encryption in ZFS (http://dpaste.com/02KD5FX#wrap) Coding Cowboy - Coding Cowboy - Passwords and clipboards (http://dpaste.com/31K0E40#wrap) ***
This week's episode of Travel Today with Peter Greenberg comes from Franklin, Tennessee—one of the best and biggest little small towns in America. Just 17 miles outside of Nashville, Franklin is steeped in American history and culture. Last weekend Franklin played host to Pilgrimage Music Festival, headlined by Justin Timberlake. Joining me is Kevin Griffin, lead singer of Better Than Ezra, and historian J.T. Thompson, Executive Director of the Lotz House Museum. We also hear from Deputy Fire Chief Glenn Johnson and his recent trip with his special rescue team helping out in Houston after Hurricane Harvey. Then, Dr. Ken Moore, Mayor of Franklin, discusses what brought him to Franklin originally, and why he’s stayed. There’s all this and more when Travel Today with Peter Greenberg from Franklin, Tennessee.
This week's episode of Travel Today with Peter Greenberg comes from Franklin, Tennessee—one of the best and biggest little small towns in America. Just 17 miles outside of Nashville, Franklin is steeped in American history and culture. Last weekend Franklin played host to Pilgrimage Music Festival, headlined by Justin Timberlake. Joining me is Kevin Griffin, lead singer of Better Than Ezra, and historian J.T. Thompson, Executive Director of the Lotz House Museum. We also hear from Deputy Fire Chief Glenn Johnson and his recent trip with his special rescue team helping out in Houston after Hurricane Harvey. Then, Dr. Ken Moore, Mayor of Franklin, discusses what brought him to Franklin originally, and why he’s stayed. There’s all this and more when Travel Today with Peter Greenberg from Franklin, Tennessee.
Catching up to BSD, news about the NetBSD project, a BSD Phone, and a bunch of OpenBSD and TrueOS News. This episode was brought to you by Headlines NetBSD 7.1 released (http://www.netbsd.org/releases/formal-7/NetBSD-7.1.html) This update represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements. Kernel compat_linux(8) (http://netbsd.gw.com/cgi-bin/man-cgi?compat_linux+8.i386+NetBSD-7.1): Fully support schedsetaffinity and schedgetaffinity, fixing, e.g., the Intel Math Kernel Library. DTrace: Avoid redefined symbol errors when loading the module. Fix module autoload. IPFilter: Fix matching of ICMP queries when NAT'd through IPF. Fix lookup of original destination address when using a redirect rule. This is required for transparent proxying by squid, for example. ipsec(4) (http://netbsd.gw.com/cgi-bin/man-cgi?ipsec+4.i386+NetBSD-7.1): Fix NAT-T issue with NetBSD being the host behind NAT. Drivers Add vioscsi driver for the Google Compute Engine disk. ichsmb(4) (http://netbsd.gw.com/cgi-bin/man-cgi?ichsmb+4.i386+NetBSD-7.1): Add support for Braswell CPU and Intel 100 Series. wm(4) (http://netbsd.gw.com/cgi-bin/man-cgi?wm+4.i386+NetBSD-7.1): Add C2000 KX and 2.5G support. Add Wake On Lan support. Fixed a lot of bugs Security Fixes NetBSD-SA2017-001 (http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2017-001.txt.asc) Memory leak in the connect system call. NetBSD-SA2017-002 (http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2017-002.txt.asc) Several vulnerabilities in ARP. ARM related Support for Raspberry Pi Zero. ODROID-C1 Ethernet now works. Summary of the preliminary LLDB support project (http://blog.netbsd.org/tnf/entry/summary_of_the_preliminary_lldb) What has been done in NetBSD Verified the full matrix of combinations of wait(2) and ptrace(2) in the following GNU libstdc++ std::call_once bug investigation test-cases Improving documentation and other minor system parts Documentation of ptrace(2) and explanation how debuggers work Introduction of new siginfo(2) codes for SIGTRAP New ptrace(2) interfaces What has been done in LLDB Native Process NetBSD Plugin The MonitorCallback function Other LLDB code, out of the NativeProcessNetBSD Plugin Automated LLDB Test Results Summary Plan for the next milestone fix conflict with system-wide py-six add support for auxv read operation switch resolution of pid -> path to executable from /proc to sysctl(7) recognize Real-Time Signals (SIGRTMIN-SIGRTMAX) upstream !NetBSDProcessPlugin code switch std::callonce to llvm::callonce add new ptrace(2) interface to lock and unlock threads from execution switch the current PTWATCHPOINT interface to PTGETDBREGS and PT_SETDBREGS Actually building a FreeBSD Phone (https://hackaday.io/project/13145-bsd-based-secure-smartphone) There have been a number of different projects that have proposed building a FreeBSD based smart phone This project is a bit different, and I think that gives it a better chance to make progress It uses off-the-shelf parts, so while not as neatly integrated as a regular smartphone device, it makes a much better prototype, and is more readily available. Hardware overview: X86-based, long-lasting (user-replaceable) battery, WWAN Modem (w/LTE), 4-5" LCD Touchscreen (Preferably w/720p resolution, IPS), upgradable storage. Currently targeting the UDOO Ultra platform. It features Intel Pentium N3710 (2.56GHz Quad-core, HD Graphics 405 [16 EUs @ 700MHz], VT-x, AES-NI), 2x4GB DDR3L RAM, 32GB eMMC storage built-in, further expansion w/M.2 SSD & MicroSD slot, lots of connectivity onboard. Software: FreeBSD Hypervisor (bhyve or Xen) to run atop the hardware, hosting two separate hosts. One will run an instance of pfSense, the "World's Most Popular Open Source Firewall" to handle the WWAN connection, routing, and Firewall (as well as Secure VPN if desired). The other instance will run a slimmed down installation of FreeBSD. The UI will be tweaked to work best in this form factor & resources tuned for this platform. There will be a strong reliance on Google Chromium & Google's services (like Google Voice). The project has a detailed log, and it looks like the hardware it is based on will ship in the next few weeks, so we expect to see more activity. *** News Roundup NVME M.2 card road tests (Matt Dillon) (http://lists.dragonflybsd.org/pipermail/users/2017-March/313261.html) DragonFlyBSD's Matt Dillon has posted a rundown of the various M.2 NVMe devices he has tested SAMSUNG 951 SAMSUNG 960 EVO TOSHIBA OCZ RD400 INTEL 600P WD BLACK 256G MYDIGITALSSD PLEXTOR M8Pe It is interesting to see the relative performance of each device, but also how they handle the workload and manage their temperature (or don't in a few cases) The link provides a lot of detail about different block sizes and overall performance *** ZREP ZFS replication and failover (http://www.bolthole.com/solaris/zrep/) "zrep", a robust yet easy to use ZFS based replication and failover solution. It can also serve as the conduit to create a simple backup hub. The tool was originally written for Solaris, and is written in ksh However, it seems people have used it on FreeBSD and even FreeNAS by installing the ksh93 port Has anyone used this? How does it compare to tools like zxfer? There is a FreeBSD port, but it is a few versions behind, someone should update it We would be interested in hearing some feedback *** Catching up on some TrueOS News TrueOS Security and Wikileaks revelations (https://www.trueos.org/blog/trueos-security-wikileaks-revelations/) New Jail management utilities (https://www.trueos.org/blog/new-jail-management-utilities/) Ken Moore's talk about Sysadm from Linuxfest 2016 (https://www.youtube.com/watch?v=PyraePQyCGY) The Basics of using ZFS with TrueOS (https://www.trueos.org/blog/community-spotlight-basics-using-zfs-trueos/) *** Catching up on some OpenBSD News OpenBSD 6.1 coming May 1 (https://www.openbsd.org/61.html) OpenBSD Foundation 2016 Fundraising (goal: $250K actual: $573K) (http://undeadly.org/cgi?action=article&sid=20170223044255) The OpenBSD Foundation 2017 Fundraising Campaign (http://www.openbsdfoundation.org/campaign2017.html) OpenBSD MitM attack against WPA1/WPA2 (https://marc.info/?l=openbsd-announce&m=148839684520133&w=2) OpenBSD vmm/vmd Update (https://www.openbsd.org/papers/asiabsdcon2017-vmm-slides.pdf) *** Beastie Bits HardenedBSD News: Introducing CFI (https://hardenedbsd.org/article/shawn-webb/2017-03-02/introducing-cfi) New version of Iocage (Python 3) on FreshPorts (https://www.freshports.org/sysutils/py3-iocage/) DragonFly BSD Network performance comparison as of today (https://leaf.dragonflybsd.org/~sephe/perf_cmp.pdf) KnoxBUG recap (http://knoxbug.org/content/knoxbug-wants-you) *** Feedback/Questions Noel asks about moving to bhyve/jails (https://pastebin.com/7B47nuC0) ***
This week on BSDNow, reports from AsiaBSDcon, TrueOS and FreeBSD news, Optimizing IllumOS Kernel, your questions and more. This episode was brought to you by Headlines AsiaBSDcon Reports and Reviews () AsiaBSDcon schedule (https://2017.asiabsdcon.org/program.html.en) Schedule and slides from the 4th bhyvecon (http://bhyvecon.org/) Michael Dexter's trip report on the iXsystems blog (https://www.ixsystems.com/blog/ixsystems-attends-asiabsdcon-2017) NetBSD AsiaBSDcon booth report (http://mail-index.netbsd.org/netbsd-advocacy/2017/03/13/msg000729.html) *** TrueOS Community Guidelines are here! (https://www.trueos.org/blog/trueos-community-guidelines/) TrueOS has published its new Community Guidelines The TrueOS Project has existed for over ten years. Until now, there was no formally defined process for interested individuals in the TrueOS community to earn contributor status as an active committer to this long-standing project. The current core TrueOS developers (Kris Moore, Ken Moore, and Joe Maloney) want to provide the community more opportunities to directly impact the TrueOS Project, and wish to formalize the process for interested people to gain full commit access to the TrueOS repositories. These describe what is expected of community members and committers They also describe the process of getting commit access to the TrueOS repo: Previously, Kris directly handed out commit bits. Now, the Core developers have provided a small list of requirements for gaining a TrueOS commit bit: Create five or more pull requests in a TrueOS Project repository within a single six month period. Stay active in the TrueOS community through at least one of the available community channels (Gitter, Discourse, IRC, etc.). Request commit access from the core developers via core@trueos.org OR Core developers contact you concerning commit access. Pull requests can be any contribution to the project, from minor documentation tweaks to creating full utilities. At the end of every month, the core developers review the commit logs, removing elements that break the Project or deviate too far from its intended purpose. Additionally, outstanding pull requests with no active dissension are immediately merged, if possible. For example, a user submits a pull request which adds a little-used OpenRC script. No one from the community comments on the request or otherwise argues against its inclusion, resulting in an automatic merge at the end of the month. In this manner, solid contributions are routinely added to the project and never left in a state of “limbo”. The page also describes the perks of being a TrueOS committer: Contributors to the TrueOS Project enjoy a number of benefits, including: A personal TrueOS email alias: @trueos.org Full access for managing TrueOS issues on GitHub. Regular meetings with the core developers and other contributors. Access to private chat channels with the core developers. Recognition as part of an online Who's Who of TrueOS developers. The eternal gratitude of the core developers of TrueOS. A warm, fuzzy feeling. Intel Donates 250.000 $ to the FreeBSD Foundation (https://www.freebsdfoundation.org/news-and-events/latest-news/new-uranium-level-donation-and-collaborative-partnership-with-intel/) More details about the deal: Systems Thinking: Intel and the FreeBSD Project (https://www.freebsdfoundation.org/blog/systems-thinking-intel-and-the-freebsd-project/) Intel will be more actively engaging with the FreeBSD Foundation and the FreeBSD Project to deliver more timely support for Intel products and technologies in FreeBSD. Intel has contributed code to FreeBSD for individual device drivers (i.e. NICs) in the past, but is now seeking a more holistic “systems thinking” approach. Intel Blog Post (https://01.org/blogs/imad/2017/intel-increases-support-freebsd-project) We will work closely with the FreeBSD Foundation to ensure the drivers, tools, and applications needed on Intel® SSD-based storage appliances are available to the community. This collaboration will also provide timely support for future Intel® 3D XPoint™ products. Thank you very much, Intel! *** Applied FreeBSD: Basic iSCSI (https://globalengineer.wordpress.com/2017/03/05/applied-freebsd-basic-iscsi/) iSCSI is often touted as a low-cost replacement for fibre-channel (FC) Storage Area Networks (SANs). Instead of having to setup a separate fibre-channel network for the SAN, or invest in the infrastructure to run Fibre-Channel over Ethernet (FCoE), iSCSI runs on top of standard TCP/IP. This means that the same network equipment used for routing user data on a network could be utilized for the storage as well. This article will cover a very basic setup where a FreeBSD server is configured as an iSCSI Target, and another FreeBSD server is configured as the iSCSI Initiator. The iSCSI Target will export a single disk drive, and the initiator will create a filesystem on this disk and mount it locally. Advanced topics, such as multipath, ZFS storage pools, failover controllers, etc. are not covered. The real magic is the /etc/ctl.conf file, which contains all of the information necessary for ctld to share disk drives on the network. Check out the man page for /etc/ctl.conf for more details; below is the configuration file that I created for this test setup. Note that on a system that has never had iSCSI configured, there will be no existing configuration file, so go ahead and create it. Then, enable ctld and start it: sysrc ctld_enable=”YES” service ctld start You can use the ctladm command to see what is going on: root@bsdtarget:/dev # ctladm lunlist (7:0:0/0): Fixed Direct Access SPC-4 SCSI device (7:0:1/1): Fixed Direct Access SPC-4 SCSI device root@bsdtarget:/dev # ctladm devlist LUN Backend Size (Blocks) BS Serial Number Device ID 0 block 10485760 512 MYSERIAL 0 MYDEVID 0 1 block 10485760 512 MYSERIAL 1 MYDEVID 1 Now, let's configure the client side: In order for a FreeBSD host to become an iSCSI Initiator, the iscsd daemon needs to be started. sysrc iscsid_enable=”YES” service iscsid start Next, the iSCSI Initiator can manually connect to the iSCSI target using the iscsictl tool. While setting up a new iSCSI session, this is probably the best option. Once you are sure the configuration is correct, add the configuration to the /etc/iscsi.conf file (see man page for this file). For iscsictl, pass the IP address of the target as well as the iSCSI IQN for the session: + iscsictl -A -p 192.168.22.128 -t iqn.2017-02.lab.testing:basictarget You should now have a new device (check dmesg), in this case, da1 The guide them walks through partitioning the disk, and laying down a UFS file system, and mounting it This it walks through how to disconnect iscsi, incase you don't want it anymore This all looked nice and easy, and it works very well. Now lets see what happens when you try to mount the iSCSI from Windows Ok, that wasn't so bad. Now, instead of sharing an entire space disk on the host via iSCSI, share a zvol. Now your windows machine can be backed by ZFS. All of your problems are solved. Interview - Philipp Buehler - pbuehler@sysfive.com (mailto:pbuehler@sysfive.com) Technical Lead at SysFive, and Former OpenBSD Committer News Roundup Half a dozen new features in mandoc -T html (http://undeadly.org/cgi?action=article&sid=20170316080827) mandoc (http://man.openbsd.org/mandoc.1)'s HTML output mode got some new features Even though mdoc(7) is a semantic markup language, traditionally none of the semantic annotations were communicated to the reader. [...] Now, at least in -T html output mode, you can see the semantic function of marked-up words by hovering your mouse over them. In terminal output modes, we have the ctags(1)-like internal search facility built around the less(1) tag jump (:t) feature for quite some time now. We now have a similar feature in -T html output mode. To jump to (almost) the same places in the text, go to the address bar of the browser, type a hash mark ('#') after the URI, then the name of the option, command, variable, error code etc. you want to jump to, and hit enter. Check out the full report by Ingo Schwarze (schwarze@) and try out these new features *** Optimizing IllumOS Kernel Crypto (http://zfs-create.blogspot.com/2014/05/optimizing-illumos-kernel-crypto.html) Sašo Kiselkov, of ZFS fame, looked into the performance of the OpenSolaris kernel crypto framework and found it lacking. The article also spends a few minutes on the different modes and how they work. Recently I've had some motivation to look into the KCF on Illumos and discovered that, unbeknownst to me, we already had an AES-NI implementation that was automatically enabled when running on Intel and AMD CPUs with AES-NI support. This work was done back in 2010 by Dan Anderson.This was great news, so I set out to test the performance in Illumos in a VM on my Mac with a Core i5 3210M (2.5GHz normal, 3.1GHz turbo). The initial tests of “what the hardware can do” were done in OpenSSL So now comes the test for the KCF. I wrote a quick'n'dirty crypto test module that just performed a bunch of encryption operations and timed the results. KCF got around 100 MB/s for each algorithm, except half that for AES-GCM OpenSSL had done over 3000 MB/s for CTR mode, 500 MB/s for CBC, and 1000 MB/s for GCM What the hell is that?! This is just plain unacceptable. Obviously we must have hit some nasty performance snag somewhere, because this is comical. And sure enough, we did. When looking around in the AES-NI implementation I came across this bit in aes_intel.s that performed the CLTS instruction. This is a problem: 3.1.2 Instructions That Cause VM Exits ConditionallyCLTS. The CLTS instruction causes a VM exit if the bits in position 3 (corresponding to CR0.TS) are set in both the CR0 guest/host mask and the CR0 read shadow. The CLTS instruction signals to the CPU that we're about to use FPU registers (which is needed for AES-NI), which in VMware causes an exit into the hypervisor. And we've been doing it for every single AES block! Needless to say, performing the equivalent of a very expensive context switch every 16 bytes is going to hurt encryption performance a bit. The reason why the kernel is issuing CLTS is because for performance reasons, the kernel doesn't save and restore FPU register state on kernel thread context switches. So whenever we need to use FPU registers inside the kernel, we must disable kernel thread preemption via a call to kpreemptdisable() and kpreemptenable() and save and restore FPU register state manually. During this time, we cannot be descheduled (because if we were, some other thread might clobber our FPU registers), so if a thread does this for too long, it can lead to unexpected latency bubbles The solution was to restructure the AES and KCF block crypto implementations in such a way that we execute encryption in meaningfully small chunks. I opted for 32k bytes, for reasons which I'll explain below. Unfortunately, doing this restructuring work was a bit more complicated than one would imagine, since in the KCF the implementation of the AES encryption algorithm and the block cipher modes is separated into two separate modules that interact through an internal API, which wasn't really conducive to high performance (we'll get to that later). Anyway, having fixed the issue here and running the code at near native speed, this is what I get: AES-128/CTR: 439 MB/s AES-128/CBC: 483 MB/s AES-128/GCM: 252 MB/s Not disastrous anymore, but still, very, very bad. Of course, you've got keep in mind, the thing we're comparing it to, OpenSSL, is no slouch. It's got hand-written highly optimized inline assembly implementations of most of these encryption functions and their specific modes, for lots of platforms. That's a ton of code to maintain and optimize, but I'll be damned if I let this kind of performance gap persist. Fixing this, however, is not so trivial anymore. It pertains to how the KCF's block cipher mode API interacts with the cipher algorithms. It is beautifully designed and implemented in a fashion that creates minimum code duplication, but this also means that it's inherently inefficient. ECB, CBC and CTR gained the ability to pass an algorithm-specific "fastpath" implementation of the block cipher mode, because these functions benefit greatly from pipelining multiple cipher calls into a single place. ECB, CTR and CBC decryption benefit enormously from being able to exploit the wide XMM register file on Intel to perform encryption/decryption operations on 8 blocks at the same time in a non-interlocking manner. The performance gains here are on the order of 5-8x.CBC encryption benefits from not having to copy the previously encrypted ciphertext blocks into memory and back into registers to XOR them with the subsequent plaintext blocks, though here the gains are more modest, around 1.3-1.5x. After all of this work, this is how the results now look on Illumos, even inside of a VM: Algorithm/Mode 128k ops AES-128/CTR: 3121 MB/s AES-128/CBC: 691 MB/s AES-128/GCM: 1053 MB/s So the CTR and GCM speeds have actually caught up to OpenSSL, and CBC is actually faster than OpenSSL. On the decryption side of things, CBC decryption also jumped from 627 MB/s to 3011 MB/s. Seeing these performance numbers, you can see why I chose 32k for the operation size in between kernel preemption barriers. Even on the slowest hardware with AES-NI, we can expect at least 300-400 MB/s/core of throughput, so even in the worst case, we'll be hogging the CPU for at most ~0.1ms per run. Overall, we're even a little bit faster than OpenSSL in some tests, though that's probably down to us encrypting 128k blocks vs 8k in the "openssl speed" utility. Anyway, having fixed this monstrous atrocity of a performance bug, I can now finally get some sleep. To made these tests repeatable, and to ensure that the changes didn't break the crypto algorithms, Saso created a crypto_test kernel module. I have recently created a FreeBSD version of crypto_test.ko, for much the same purposes Initial performance on FreeBSD is not as bad, if you have the aesni.ko module loaded, but it is not up to speed with OpenSSL. You cannot directly compare to the benchmarks Saso did, because the CPUs are vastly different. Performance results (https://wiki.freebsd.org/OpenCryptoPerformance) I hope to do some more tests on a range of different sized CPUs in order to determine how the algorithms scale across different clock speeds. I also want to look at, or get help and have someone else look at, implementing some of the same optimizations that Saso did. It currently seems like there isn't a way to perform addition crypto operations in the same session without regenerating the key table. Processing additional buffers in an existing session might offer a number of optimizations for bulk operations, although in many cases, each block is encrypted with a different key and/or IV, so it might not be very useful. *** Brendan Gregg's special freeware tools for sysadmins (http://www.brendangregg.com/specials.html) These tools need to be in every (not so) serious sysadmins toolbox. Triple ROT13 encryption algorithm (beware: export restrictions may apply) /usr/bin/maybe, in case true and false don't provide too little choice... The bottom command lists you all the processes using the least CPU cycles. Check out the rest of the tools. You wrote similar tools and want us to cover them in the show? Send us an email to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) *** A look at 2038 (http://www.lieberbiber.de/2017/03/14/a-look-at-the-year-20362038-problems-and-time-proofness-in-various-systems/) I remember the Y2K problem quite vividly. The world was going crazy for years, paying insane amounts of money to experts to fix critical legacy systems, and there was a neverending stream of predictions from the media on how it's all going to fail. Most didn't even understand what the problem was, and I remember one magazine writing something like the following: Most systems store the current year as a two-digit value to save space. When the value rolls over on New Year's Eve 1999, those two digits will be “00”, and “00” means “halt operation” in the machine language of many central processing units. If you're in an elevator at this time, it will stop working and you may fall to your death. I still don't know why they thought a computer would suddenly interpret data as code, but people believed them. We could see a nearby hydropower plant from my parents' house, and we expected it to go up in flames as soon as the clock passed midnight, while at least two airplanes crashed in our garden at the same time. Then nothing happened. I think one of the most “severe” problems was the police not being able to open their car garages the next day because their RFID tokens had both a start and end date for validity, and the system clock had actually rolled over to 1900, so the tokens were “not yet valid”. That was 17 years ago. One of the reasons why Y2K wasn't as bad as it could have been is that many systems had never used the “two-digit-year” representation internally, but use some form of “timestamp” relative to a fixed date (the “epoch”). The actual problem with time and dates rolling over is that systems calculate timestamp differences all day. Since a timestamp derived from the system clock seemingly only increases with each query, it is very common to just calculate diff = now - before and never care about the fact that now could suddenly be lower than before because the system clock has rolled over. In this case diff is suddenly negative, and if other parts of the code make further use of the suddenly negative value, things can go horribly wrong. A good example was a bug in the generator control units (GCUs) aboard Boeing 787 “Dreamliner” aircrafts, discovered in 2015. An internal timestamp counter would overflow roughly 248 days after the system had been powered on, triggering a shut down to “safe mode”. The aircraft has four generator units, but if all were powered up at the same time, they would all fail at the same time. This sounds like an overflow caused by a signed 32-bit counter counting the number of centiseconds since boot, overflowing after 248.55 days, and luckily no airline had been using their Boing 787 models for such a long time between maintenance intervals. The “obvious” solution is to simply switch to 64-Bit values and call it day, which would push overflow dates far into the future (as long as you don't do it like the IBM S/370 mentioned before). But as we've learned from the Y2K problem, you have to assume that computer systems, computer software and stored data (which often contains timestamps in some form) will stay with us for much longer than we might think. The years 2036 and 2038 might be far in the future, but we have to assume that many of the things we make and sell today are going to be used and supported for more than just 19 years. Also many systems have to store dates which are far in the future. A 30 year mortgage taken out in 2008 could have already triggered the bug, and for some banks it supposedly did. sysgettimeofday() is one of the most used system calls on a generic Linux system and returns the current time in form of an UNIX timestamp (timet data type) plus fraction (susecondst data type). Many applications have to know the current time and date to do things, e.g. displaying it, using it in game timing loops, invalidating caches after their lifetime ends, perform an action after a specific moment has passed, etc. In a 32-Bit UNIX system, timet is usually defined as a signed 32-Bit Integer. When kernel, libraries and applications are compiled, the compiler will turn this assumption machine code and all components later have to match each other. So a 32-Bit Linux application or library still expects the kernel to return a 32-Bit value even if the kernel is running on a 64-Bit architecture and has 32-Bit compatibility. The same holds true for applications calling into libraries. This is a major problem, because there will be a lot of legacy software running in 2038. Systems which used an unsigned 32-Bit Integer for timet push the problem back to 2106, but I don't know about many of those. The developers of the GNU C library (glibc), the default standard C library for many GNU/Linux systems, have come up with a design for year 2038 proofness for their library. Besides the timet data type itself, a number of other data structures have fields based on timet or the combined struct timespec and struct timeval types. Many methods beside those intended for setting and querying the current time use timestamps 32-Bit Windows applications, or Windows applications defining _USE32BITTIMET, can be hit by the year 2038 problem too if they use the timet data type. The _time64t data type had been available since Visual C 7.1, but only Visual C 8 (default with Visual Studio 2015) expanded timet to 64 bits by default. The change will only be effective after a recompilation, legacy applications will continue to be affected. If you live in a 64-Bit world and use a 64-Bit kernel with 64-Bit only applications, you might think you can just ignore the problem. In such a constellation all instances of the standard time_t data type for system calls, libraries and applications are signed 64-Bit Integers which will overflow in around 292 billion years. But many data formats, file systems and network protocols still specify 32-Bit time fields, and you might have to read/write this data or talk to legacy systems after 2038. So solving the problem on your side alone is not enough. Then the article goes on to describe how all of this will break your file systems. Not to mention your databases and other file formats. Also see Theo De Raadt's EuroBSDCon 2013 Presentation (https://www.openbsd.org/papers/eurobsdcon_2013_time_t/mgp00001.html) *** Beastie Bits Michael Lucas: Get your name in “Absolute FreeBSD 3rd Edition” (https://blather.michaelwlucas.com/archives/2895) ZFS compressed ARC stats to top (https://svnweb.freebsd.org/base?view=revision&revision=r315435) Matthew Dillon discovered HAMMER was repeating itself when writing to disk. Fixing that issue doubled write speeds (https://www.dragonflydigest.com/2017/03/14/19452.html) TedU on Meaningful Short Names (http://www.tedunangst.com/flak/post/shrt-nms-fr-clrty) vBSDcon and EuroBSDcon Call for Papers are open (https://www.freebsdfoundation.org/blog/submit-your-work-vbsdcon-and-eurobsdcon-cfps-now-open/) Feedback/Questions Craig asks about BSD server management (http://pastebin.com/NMshpZ7n) Michael asks about jails as a router between networks (http://pastebin.com/UqRwMcRk) Todd asks about connecting jails (http://pastebin.com/i1ZD6eXN) Dave writes in with an interesting link (http://pastebin.com/QzW5c9wV) > applications crash more often due to errors than corruptions. In the case of corruption, a few applications (e.g., Log-Cabin, ZooKeeper) can use checksums and redundancy to recover, leading to a correct behavior; however, when the corruption is transformed into an error, these applications crash, resulting in reduced availability. ***
This week on BSDNow, we are going to be talking to Ken Moore about the Lumina desktop environment, where it stands now & looking ahead. Then Allan turns the tables & interviews both Kris & Ken about new ongoings in PC-BSD land. Stay tuned, lots of exciting show is coming your way right now on BSDNow, the place to B...SD! This episode was brought to you by Headlines Linuxvoice reviews six NAS designed OSes and states that FreeNAS has the largest amount of features (https://www.linuxvoice.com/group-test-nas-distros/) The review compares the features of: FreeNAS, NAS4Free, Open Media Vault, Openfiler Community Edition, EasyNAS, and Turnkey Linux File Server “Many NAS solutions can do a lot more than just back up and restore files – you can extend them with plugins to do a variety of tasks. Some enable you to stream media to computers and others devices. Others can hook up with apps and services and allow them to use the NAS for storing and retrieving data” Open Media Vault: 4/5, “A feature-rich NAS distro that's easy to deploy and manage”. Many plugins, good UI Turnkey Linux File Server: 2/5, “A no-fuss distro that'll set up a fully functional file sharing server in no time”. No RAID, LVM must be down manually Openfiler Community Edition: 1/5, “There is a target segment for Openfiler, but we can't spot it”. In the middle of rebasing on CentOS, lacking documentation, confusing UI EasyNAS: 3/5, “A simple NAS distro that balances the availability of features with reasonable assumptions”. Major updates require reinstall, lacks advanced features and advanced protocols FreeNAS: 3/5, “FreeNAS The most feature-rich NAS distribution requires some getting used to”. Best documentation, best snapshot management, most plugins, jailed plugins, most enterprise features NAS4Free: 3/5, “NAS4Free An advanced NAS distro that's designed for advanced users”, additional flexibility with disk layout (partition the first disk to install the OS there, use remaining space for data storage) “If we had to award this group test to the distro with the biggest number of features then the top two challengers would have been FreeNAS and its protegée NAS4Free. While both of these solutions pitch themselves to users outside the corporate environment, they'd simply be overkill for most home users. Furthermore, their FreeBSD base and the ZFS filesystem, while a boon to enterprise users, virtually makes them alien technology to the average Linux household.” It is not clear why they gave NAS4Free and FreeNAS the same score when they wrote a list of reasons why FreeNAS was better. It seems the goal of their rundown was to find the best Linux NAS, not the best NAS. *** FreeBSD based Snort IPS (http://www.unixmen.com/freebsd-snort-ips/) UnixMen.com provides a new tutorial on setting up Snort, the IPS (Intrusion Prevention system) on FreeBSD Install Apache, PHP, and MySQL, then Snort Download the latest Snort rules from the official website Disable the Packet Filter on the USB interfaces to avoid issues with Snort Install oinkmaster and barnyard2, and configure them Then install the Snorby WEB interface, which will give you a nice overview of the data generated by the IPS Then install SnortSAM, and connect it to ipfw Now when Snort detects a potential intrusion, it will be displayed in Snorby, and automatically blocked with IPFW *** Opensource.com features two BSD developers as examples of how open source can help your career (https://opensource.com/life/16/1/3-new-open-source-contributors-share-their-experiences) “When contributing to open source projects and communities, one of the many benefits is that you can improve your tech skills. In this article, hear from three contributors on how their open source helped them get a job or improved their career.” Alexander Yurchenko, an OpenBSD developer who now works at Yandex says: “Participating in such a project yields colossal experience. A good, large open source project has everything that is typically required from a developer at job interviews: good planning, good coding, use of versioning systems and bug trackers, peer reviews, teamwork, and such. So, after stewing in such an environment for a year or two, you have a good opportunity to grow to a senior developer level.” “That is, in fact, what happened to me. I was hired as a senior developer without having any formal work experience on my service record. After the first week, my probation period was reduced from three months to zero.” While you may not have “formal work experience”, you do have a body of work, a (code/documentation/etc) portfolio, you can point to Having spent a year working somewhere may say something about you, but showing some code you wrote that other people use every day, is usually more valuable Alexander Polyakov, a DragonFly contributor, worked on updating support for other languages and on ACPI. “I even made some money in the process—a customer found me via git log. He wanted to use DragonFlyBSD in production and needed better ACPI support and some RAID driver or something.” “In a nutshell, contributing to various open source projects is how you gain great experience. Don't be afraid to send in bad code (happens to the best of us), keep calm (while being scolded for sending in that bad code), and choose projects you are really interested in. Then you'll both gain experience and have fun while you doing it.” Kirill Gorkunov talks about his experience with turning open source into a career: “For a few years, I've been fixing the code, sending patches, getting scolded for bad code and complimented for good code. That experience was priceless. And you can be sure that as soon as you get good at it, job offers will follow. This is, in fact, how I met the kernel developers working on OpenVZ. Together, we decided to continue working on the OpenVZ kernel and related stuff as well” When you contribute to open source, you end up being the person who wrote “Foo”, and this can often turn into work, when someone wants to build something with “Foo”, or like “Foo” This same point was focus of a panel the FreeBSD Foundation organized at the womENcourage conference in Sweden last year: Open Source as a Career Path (https://www.youtube.com/watch?v=p7PW1E3IJvY) *** FreeBSD, LibreSSL and LetsEncrypt oh my! (https://wiki.freebsd.org/BernardSpil/LetsEncrypt) Over on the FreeBSD Wiki, Bernard Spil (whom we've interviewed before) has started a walkthrough talking about how he uses LibreSSL and LetsEncrypt, without using the heavy python client The article provides detailed instructions on prepping the system and automating the process of updating the SSL certificates If you've used the “official” letsencrypt client in the past, you'll note some differences in his method, which keeps all the ‘acme-challenge' files in a single-directory, which is aliased into domains. Using this method also drops the requirement to run the letsencrypt auth as root, and allows you to run it as the unprivileged “letsencrypt” user instead. He mentions that the bash/zsh scripts used may be added to ports at some point as well *** Interview - Ken Moore & Kris Moore - ken@pcbsd.org (mailto:ken@pcbsd.org) / @pcbsdkris (https://twitter.com/pcbsdkris) PC-BSD's new SysAdm Project and Lumina Update *** News Roundup DragonFly Intel i915 support to match what's in the Linux 4.1 kernel (http://lists.dragonflybsd.org/pipermail/commits/2016-January/459241.html) In DragonFly's ongoing quest for DRM awesomeness, they have now merged changes to bring them up to Linux 4.1 kernel features. Some of the notables include that “Valleyview” support is greatly improved, and not considered preliminary anymore Skylake got some support improvements as well, including runtime power management, and that turbo and sleep states should be functional. Some great improvements to power usage have been added, such as setting GPU frequencies to hardware minimum and enabling of DRRS (Dynamic Refresh Rate Switching) being enabled by default They've even begun importing some of the prelim work for Broxton, the upcoming Atom SOC *** FreeNAS Home Server Build (https://ramsdenj.github.io/server/2016/01/01/FreeNAS-Server-Build.html) We have a nice article to share with you this week by John Ramsden, which walks us through his home-brew FreeNAS server setup. As is typical with most home users, he will be using the system to both serve media, and as a backup target for other systems. His hardware setup is pretty impressive for a home-brew, made up of the following: Fractal Design Node 804 Chassis Supermicro X10SL7-F Motherboard Xeon E3-1231 v3 CPU 4x Samsung DDR3 1.35v-1600 M391B1G73QH0 RAM 2x 32GB SATA III SMC DOM Boot Drive SeaSonic G-550 Power Supply Cyberpower CP1500PFCLCD 1500VA 900W PFC UPS 6x Western Digital 6TB Red HDD 2 x ENERMAX T.B. Silence UCTB12P Case Fan 3x Noctua NF-P14s redux-1200 Case Fan The SATA DOM was neat to see in use, in his case in a mirror He then walks us through his burn-in process, which involved memory testing for 46 hours, and then disk testing with the smartctl long tests. There is even details on how the fan thresholds were set up, which may be of use to other DiY'ers out there. The SATA DOM was neat to see in use, in his case in a mirror He then walks us through his burn-in process, which involved memory testing for 46 hours, and then disk testing with the smartctl long tests. There is even details on how the fan thresholds were set up, which may be of use to other DiY'ers out there. claviger manages your SSH authorized_keys files for you (https://github.com/bwesterb/claviger) An application to manage your SSH authorized_keys files for you Make a list of your keys (laptop, desktop, work) Then a list of your ssh accounts List which keys should be present, and which should be absent Optional setting to keep all “other” keys, such as those added by other users Optional list of specific “other” keys to allow (does not add them, but does not remove them if they are present) You say say ‘server2 like server1', and it will inherit all of the settings from that server There is a “default” server, that all others inherit *** FreeBSD 9.2 x64 OpenVPN AD authentication with crypt (http://www.unixmen.com/openvpn-ad-authentication-with-crypt/) A few days back unixmen.com posted a nice tutorial walkthrough of a OpenVPN setup on FreeBSD 9.2 using Active Directory for auth In this particular setup, FreeBSD is running the gateway / OpenVPN server, the client desktops are running Windows 7 and domain controller on Windows 2008 The setup on FreeBSD pretty straightforward, thanks to the openvpn-auth-ldap port. (Unknown why they didn't use the package) In addition to showing the details on how configuration was done on BSD, what makes this walkthrough nice is the addition of so many screenshots of how the windows configuration was done. Part of the walkthrough will also detail how they created their .ovpn files for importing on the OpenVPN clients. *** Beastie Bits dtrace included by default in NetBSD (http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.own.mk.diff?r1=1.883&r2=1.884&only_with_tag=MAIN&f=h) FOSDEM16 is approaching, get ready to follow the BSD devroom (https://fosdem.org/2016/schedule/track/bsd/) Call for testing: Concurrent: malloc(3) calls (to speed up Firefox) (http://undeadly.org/cgi?action=article&sid=20160123165549) "With the PV drivers in -CURRENT, it is now possible to run OpenBSD within AWS." (http://daemonforums.org/showthread.php?p=57767) PC-BSD Handbook in Spanish (http://www.pcbsd.org/doc-archive/10.2/html-es/pcbsd.html) Feedback/Questions Clint - ZIL on Partition (http://pastebin.com/WLpHzz3F) Federico - LibreSSL and DMA (http://pastebin.com/1QFZU2Bz) Ghislain - FreeBSD vs Linux vs Illumos (http://pastebin.com/aesVaKG4) Cary - ZFS - Caching - Replication (http://pastebin.com/x4DRHP0i) ***
An interview with Ken Moore about the Lumina Desktop Environment.File Info: 28Min, 14MB.Ogg Link: https://archive.org/download/bsdtalk244/bsdtalk244.ogg
Jeff Simmons sits down with Franklin, TN Mayor Ken Moore to talk about having integrity at work in this broadcast of MLN.
It's our one year anniversary episode, and we'll be talking with Reyk Floeter about the new OpenBSD webserver - why it was created and where it's going. After that, we'll show you the ins and outs of DragonFly's HAMMER FS. Answers to viewer-submitted questions and the latest headlines, on a very special BSD Now - the place to B.. SD. This episode was brought to you by Headlines FreeBSD foundation's new IPSEC project (http://freebsdfoundation.blogspot.com/2014/08/freebsd-foundation-announces-ipsec.html) The FreeBSD foundation, along with Netgate, is sponsoring some new work on the IPSEC code With bandwidth in the 10-40 gigabit per second range, the IPSEC stack needs to be brought up to modern standards in terms of encryption and performance This new work will add AES-CTR and AES-GCM modes to FreeBSD's implementation, borrowing some code from OpenBSD The updated stack will also support AES-NI for hardware-based encryption speed ups It's expected to be completed by the end of September, and will also be in pfSense 2.2 *** NetBSD at Shimane Open Source Conference 2014 (http://mail-index.netbsd.org/netbsd-advocacy/2014/08/31/msg000667.html) The Japanese NetBSD users group held a NetBSD booth at the Open Source Conference 2014 in Shimane on August 23 One of the developers has gathered a bunch of pictures from the event and wrote a fairly lengthy summary They had NetBSD running on all sorts of devices, from Raspberry Pis to Sun Java Stations Some visitors said that NetBSD had the most chaotic booth at the conference *** pfSense 2.1.5 released (https://blog.pfsense.org/?p=1401) A new version of the pfSense 2.1 branch is out Mostly a security-focused release, including three web UI fixes and the most recent OpenSSL fix (which FreeBSD has still not patched (https://lists.freebsd.org/pipermail/freebsd-security/2014-August/007875.html) in -RELEASE after nearly a month) It also includes many other bug fixes, check the blog post for the full list *** Systems, Science and FreeBSD (http://msrvideo.vo.msecnd.net/rmcvideos/227133/dl/227133.mp4) Our friend George Neville-Neil (http://www.bsdnow.tv/episodes/2014_01_29-journaled_news_updates) gave a presentation at Microsoft Research It's mainly about using FreeBSD as a platform for research, inside and outside of universities The talk describes the OS and its features, ports, developer community, documentation, who uses BSD and much more *** Interview - Reyk Floeter - reyk@openbsd.org (mailto:reyk@openbsd.org) / @reykfloeter (https://twitter.com/reykfloeter) OpenBSD's HTTP daemon Tutorial A crash course on HAMMER FS (http://www.bsdnow.tv/tutorials/hammer) News Roundup OpenBSD's rcctl tool usage (http://brynet.biz.tm/article-rcctl.html) OpenBSD recently got a new tool (http://undeadly.org/cgi?action=article&sid=20140820090351) for managing /etc/rc.conf.local in -current Similar to FreeBSD's "sysrc" tool, it eliminates the need to manually edit rc.conf.local to enable or disable services This blog post - from a BSD Now viewer - shows the typical usage of the new tool to alter the startup services It won't make it to 5.6, but will be in 5.7 (next May) *** pfSense mini-roundup (http://mateh.id.au/2014/08/stream-netflix-chromecast-using-pfsense/) We found five interesting pfSense articles throughout the week and wanted to quickly mention them The first item in our pfSense mini-roundup details how you can stream Netflix to in non-US countries using a "smart" DNS service The second post (http://theosquest.com/2014/08/28/ipv6-with-comcast-and-pfsense/) talks about setting ip IPv6, in particular if Comcast is your ISP The third one (http://news.softpedia.com/news/PfSense-2-1-5-Is-Free-and-Powerful-FreeBSD-based-Firewall-Operating-System-457097.shtml) features pfSense on Softpedia, a more mainstream tech site The fourth post (http://sichent.wordpress.com/2014/02/22/filtering-https-traffic-with-squid-on-pfsense-2-1/) describes how to filter HTTPS traffic with Squid and pfSense The last article (http://pfsensesetup.com/vpn-tunneling-with-tinc/) describes setting up a VPN using the "tinc (https://en.wikipedia.org/wiki/Tinc_%28protocol%29)" daemon and pfSense It seems to be lesser known, compared to things like OpenVPN or SSH tunnels, so it's interesting to read about This pfSense HQ website seems to have lots of other cool pfSense items, check it out *** OpenBSD's new buffer cache (http://www.tedunangst.com/flak/post/2Q-buffer-cache-algorithm) OpenBSD has traditionally used the tried-and-true LRU algorithm for buffer cache, but it has a few problems Ted Unangst (http://www.bsdnow.tv/episodes/2014_02_05-time_signatures) has just switched to a new algorithm in -current, partially based on 2Q, and details some of his work Initial tests show positive results in terms of cache responsiveness Check the post for all the fine details *** BSDTalk episode 244 (http://bsdtalk.blogspot.com/2014/08/bsdtalk244-lumina-desktop-environment.html) Another new BSDTalk is up and, this time around, Will Backman (http://www.bsdnow.tv/episodes/2014_03_05-bsd_now_vs_bsdtalk) interviews Ken Moore, the developer of the new BSD desktop environment They discuss the history of development, differences between it and other DEs, lots of topics If you're more of a visual person, fear not, because... We'll have Ken on next week, including a full "virtual walkthrough" of Lumina and its applications *** Feedback/Questions Ghislain writes in (http://slexy.org/view/s21G3KL6lv) Raynold writes in (http://slexy.org/view/s21USZdk2D) Van writes in (http://slexy.org/view/s2IWAfkDfX) Sean writes in (http://slexy.org/view/s2OBhezoDV) Stefan writes in (http://slexy.org/view/s22h9RhXUy) ***
On this week's episode we'll show you how to securely run graphical applications in a jail, we sit down and chat with OpenBSD founder Theo de Raadt and, as always, get you caught up on all the latest news. All that and more, this week on BSD Now - the place to B.. SD. Headlines HAMMER2 GSOC improvements merged (http://lists.dragonflybsd.org/pipermail/commits/2013-September/198111.html) A student from the Google Summer of Code's patches were committed to upstream Dragonfly It focuses mainly on compression and updating the I/O infrastructure to work with compression The ability to boot from (http://lists.dragonflybsd.org/pipermail/commits/2013-September/198166.html) HAMMER2 volumes was also added Check the show notes for a full list of additions and improvements We'll have someone on the show to talk about HAMMER FS in the future *** OSNews starts a "BSD family" segment (http://www.osnews.com/story/27348/The_BSD_family_pt_1_FreeBSD_9_1) An OSNews reader decided to share some info about the BSDs He's writing a three-part series covering FreeBSD, OpenBSD and NetBSD Pretty good info for Linux switchers *** pkgsrc-2013Q3 branch announcement (http://mail-index.netbsd.org/tech-pkg/2013/10/04/msg012093.html) pkgsrc is similar to the ports concept, but for 21 different OSes The pkgsrc developers make a new release every three months. 13184 total packages for AMD64 If there's any interest, we'll try to get a pkgsrc tutorial written in the future *** PCBSD 9.2 released (http://lists.pcbsd.org/pipermail/announce/2013-October/000055.html) Shortly after the official FreeBSD 9.2 release, PCBSD follows up Highlights include bootable ZFS boot environments, a rewritten life-preserver utility for backups, improved pkgng support, updated appcafe, major improvements to warden, a GUI pkgng management system, filesystem-based encryption for home directories and much more *** Interview - Theo de Raadt - deraadt@openbsd.org (mailto:deraadt@openbsd.org) The OpenBSD project Tutorial Jailed VNC sessions (http://www.bsdnow.tv/tutorials/jailedvnc) News Roundup Curve25519 patch for OpenSSH (https://lists.mindrot.org/pipermail/openssh-unix-dev/2013-September/031659.html) Because of recent NSA news, someone implemented an alternative key exchange mechanism It uses Curve25519 instead of the traditional Diffie-Hellman Comes from the developer of libssh and is already implemented there *** FreeBSD 10-ALPHA5 is out (https://lists.freebsd.org/pipermail/freebsd-current/2013-October/045097.html) Includes the big removal of BIND More GNU stuff removed Bhyve and XEN improvements Some LLVM fixes *** M:Tier offering "Long Time Support" for OpenBSD ports (http://www.mtier.org/index.php/news/openbsd-ports-lt-support/) Starting with 5.4, M:Tier will be offering a subscription for LTS support, in addition to their free 6 month version OpenBSD releases are only supported for 1 year normally (5.2 becomes unsupported when 5.4 comes out, etc.) This model makes it easier to keep your ports patched for security in a corporate environment *** Ohio Linuxfest talks uploaded (https://ia801008.us.archive.org/7/items/OhioLinuxfest2013/) The OLF 2013 talks have been uploaded Includes Kirk Mckusick's keynote about building an open source community and Ken Moore's talk about lots of new PCBSD stuff *** Theo's absence and other updates (http://marc.info/?l=openbsd-misc&m=138110694921068&w=2) In an uncharacteristic manner, Theo started a thread on misc@ instead of finishing it For the last year, he's not been as involved in OpenBSD development He's been busy with setting up an Internet Exchange in Calgary Also mentions some troubles with an imposter Twitter account *** Feedback/Questions Kenneth writes in (http://slexy.org/view/s24yODHGaW) Jason writes in (http://slexy.org/view/s21SbqaOPi) Alex writes in (http://slexy.org/view/s2yY3vHoIo) Henson writes in (http://slexy.org/view/s20fT5VHBC) ***